vendor/ibexa/corporate-account/src/bundle/EventSubscriber/ApplicationRateLimitSubscriber.php line 60

Open in your IDE?
  1. <?php
  3. /**
  4. * @copyright Copyright (C) Ibexa AS. All rights reserved.
  5. * @license For full copyright and license information view LICENSE file distributed with this source code.
  6. */
  7. declare(strict_types=1);
  9. namespace Ibexa\Bundle\CorporateAccount\EventSubscriber;
  11. use Ibexa\Contracts\Core\Repository\Events\Content\BeforeCreateContentEvent;
  12. use Ibexa\Contracts\Core\Repository\PermissionResolver;
  13. use Ibexa\Contracts\Core\Repository\Values\Content\ContentCreateStruct;
  14. use Ibexa\Contracts\Core\Repository\Values\User\UserReference;
  15. use Ibexa\Contracts\Core\SiteAccess\ConfigResolverInterface;
  16. use Ibexa\Contracts\CorporateAccount\Exception\ApplicationRateLimitExceededException;
  17. use Ibexa\CorporateAccount\Configuration\CorporateAccountConfiguration;
  18. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  19. use Symfony\Component\HttpFoundation\RequestStack;
  20. use Symfony\Component\RateLimiter\RateLimiterFactory;
  22. /**
  23. * @internal
  24. */
  25. final class ApplicationRateLimitSubscriber implements EventSubscriberInterface
  26. {
  27. private const RATE_LIMITER_KEY_PATTERN = 'user_%d_ip_%s';
  29. private RequestStack $requestStack;
  31. private PermissionResolver $permissionResolver;
  33. private CorporateAccountConfiguration $configuration;
  35. private ConfigResolverInterface $configResolver;
  37. private RateLimiterFactory $corporateAccountApplicationLimiter;
  39. public function __construct(
  40. RequestStack $requestStack,
  41. PermissionResolver $permissionResolver,
  42. ConfigResolverInterface $configResolver,
  43. CorporateAccountConfiguration $configuration,
  44. RateLimiterFactory $corporateAccountApplicationLimiter
  45. ) {
  46. $this->requestStack = $requestStack;
  47. $this->permissionResolver = $permissionResolver;
  48. $this->configResolver = $configResolver;
  49. $this->configuration = $configuration;
  50. $this->corporateAccountApplicationLimiter = $corporateAccountApplicationLimiter;
  51. }
  53. public static function getSubscribedEvents(): array
  54. {
  55. return [
  56. BeforeCreateContentEvent::class => ['onBeforeCreateContent', 100],
  57. ];
  58. }
  60. public function onBeforeCreateContent(BeforeCreateContentEvent $event): void
  61. {
  62. $contentCreateStruct = $event->getContentCreateStruct();
  63. $currentUser = $this->permissionResolver->getCurrentUserReference();
  65. if ($this->isApplicationCreateStruct($contentCreateStruct) && $this->isAnonymousUser($currentUser)) {
  66. $mainRequest = $this->requestStack->getMainRequest();
  68. if ($mainRequest !== null) {
  69. $limiter = $this->corporateAccountApplicationLimiter->create(
  70. sprintf(
  71. self::RATE_LIMITER_KEY_PATTERN,
  72. $currentUser->getUserId(),
  73. $mainRequest->getClientIp()
  74. )
  75. );
  77. if (!$limiter->consume()->isAccepted()) {
  78. throw new ApplicationRateLimitExceededException($limiter);
  79. }
  80. }
  81. }
  82. }
  84. private function isApplicationCreateStruct(ContentCreateStruct $contentCreateStruct): bool
  85. {
  86. return $contentCreateStruct->contentType->identifier
  87. === $this->configuration->getApplicationContentTypeIdentifier();
  88. }
  90. private function isAnonymousUser(UserReference $userReference): bool
  91. {
  92. return $userReference->getUserId()
  93. === $this->configResolver->getParameter('anonymous_user_id');
  94. }
  95. }