refactor: rate limit service

Anankke · Apr 10, 2024 · 2d74597 · 2d74597
1 parent af468fb
commit 2d74597
Show file tree

Hide file tree

Showing 9 changed files with 167 additions and 145 deletions.
diff --git a/app/predefine.php b/app/predefine.php
@@ -2,9 +2,6 @@
 
 declare(strict_types=1);
 
-/**
- * To define global variable
- */
-
+// Global constants
 const BASE_PATH = __DIR__ . '/..';
 const VERSION = '2024.1';
diff --git a/composer.lock b/composer.lock
diff --git a/config/.config.example.php b/config/.config.example.php
@@ -45,13 +45,17 @@
 $_ENV['redis_ssl_context'] = [];      // 使用SSL时的上下文选项，参考 https://www.php.net/manual/zh/context.ssl.php
 
 //Rate Limit 设置--------------------------------------------------------------------------------------------------------
-$_ENV['enable_rate_limit'] = true;  // 是否开启请求限制
-$_ENV['rate_limit_ip'] = 120;       // 每分钟每个IP的全局请求限制
-$_ENV['rate_limit_sub'] = 30;       // 每分钟每个用户的订阅链接请求限制
-$_ENV['rate_limit_webapi'] = 1200;  // 每分钟WebAPI全局请求限制
-$_ENV['rate_limit_user_api'] = 60;  // 每分钟每个用户的API请求限制
-$_ENV['rate_limit_admin_api'] = 60; // 每分钟每个管理员的API请求限制
-$_ENV['rate_limit_node_api'] = 120; // 每分钟每个节点的API请求限制
+$_ENV['enable_rate_limit'] = true;     // 是否开启请求限制
+$_ENV['rate_limit_sub_ip'] = 10;       // 每分钟每个IP的订阅链接请求限制
+$_ENV['rate_limit_sub'] = 10;          // 每分钟每个用户的订阅链接请求限制
+$_ENV['rate_limit_webapi_ip'] = 120;   // 每分钟每个IP的WebAPI请求限制
+$_ENV['rate_limit_webapi'] = 1200;     // 每分钟WebAPI全局请求限制
+$_ENV['rate_limit_user_api_ip'] = 60;  // 每分钟每个IP的用户API请求限制
+$_ENV['rate_limit_user_api'] = 60;     // 每分钟每个用户的API请求限制
+$_ENV['rate_limit_admin_api_ip'] = 60; // 每分钟每个管理员的API请求限制
+$_ENV['rate_limit_admin_api'] = 60;    // 每分钟每个管理员的API请求限制
+$_ENV['rate_limit_node_api_ip'] = 60;  // 每分钟每个IP的节点API请求限制
+$_ENV['rate_limit_node_api'] = 60;     // 每分钟每个节点的API请求限制
 
 //邮件设置----------------------------------------------------------------------------------------------------------------
 $_ENV['mail_filter'] = 0;        // 0: 关闭; 1: 白名单模式; 2; 黑名单模式;

diff --git a/src/Controllers/AuthController.php b/src/Controllers/AuthController.php
@@ -157,8 +157,8 @@ public function sendVerify(ServerRequest $request, Response $response, $next): R
                 return ResponseHelper::error($response, '无效的邮箱');
             }
 
-            if (! RateLimit::checkEmailIpLimit($request->getServerParam('REMOTE_ADDR')) ||
-                ! RateLimit::checkEmailAddressLimit($email)
+            if (! (new RateLimit())->checkRateLimit('email_request_ip', $request->getServerParam('REMOTE_ADDR')) ||
+                ! (new RateLimit())->checkRateLimit('email_request_address', $email)
             ) {
                 return ResponseHelper::error($response, '你的请求过于频繁，请稍后再试');
             }

diff --git a/src/Controllers/PasswordController.php b/src/Controllers/PasswordController.php
@@ -56,8 +56,8 @@ public function handleReset(ServerRequest $request, Response $response, array $a
             return ResponseHelper::error($response, '未填写邮箱');
         }
 
-        if (! RateLimit::checkEmailIpLimit($request->getServerParam('REMOTE_ADDR')) ||
-            ! RateLimit::checkEmailAddressLimit($email)
+        if (! (new RateLimit())->checkRateLimit('email_request_ip', $request->getServerParam('REMOTE_ADDR')) ||
+            ! (new RateLimit())->checkRateLimit('email_request_address', $email)
         ) {
             return ResponseHelper::error($response, '你的请求过于频繁，请稍后再试');
         }

diff --git a/src/Controllers/SubController.php b/src/Controllers/SubController.php
@@ -42,8 +42,8 @@ public function index($request, $response, $args): ResponseInterface
         $token = $this->antiXss->xss_clean($args['token']);
 
         if ($_ENV['enable_rate_limit'] &&
-            (! RateLimit::checkIPLimit($request->getServerParam('REMOTE_ADDR')) ||
-            ! RateLimit::checkSubLimit($token))
+            (! (new RateLimit())->checkRateLimit('sub_ip', $request->getServerParam('REMOTE_ADDR')) ||
+            ! (new RateLimit())->checkRateLimit('sub_token', $token))
         ) {
             return ResponseHelper::error($response, $err_msg);
         }

diff --git a/src/Controllers/User/TicketController.php b/src/Controllers/User/TicketController.php
@@ -64,7 +64,7 @@ public function add(ServerRequest $request, Response $response, array $args): Re
 
         if (! Config::obtain('enable_ticket') ||
             $this->user->is_shadow_banned ||
-            ! RateLimit::checkTicketLimit($this->user->id) ||
+            ! (new RateLimit())->checkRateLimit('ticket', (string) $this->user->id) ||
             $title === '' ||
             $comment === '' ||
             $type === ''

diff --git a/src/Middleware/NodeToken.php b/src/Middleware/NodeToken.php
@@ -33,8 +33,8 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
         $antiXss = new AntiXSS();
 
         if ($_ENV['enable_rate_limit'] &&
-            (! RateLimit::checkIPLimit($request->getServerParam('REMOTE_ADDR')) ||
-                ! RateLimit::checkWebAPILimit($antiXss->xss_clean($key)))
+            (! (new RateLimit())->checkRateLimit('webapi_ip', $request->getServerParam('REMOTE_ADDR')) ||
+                ! (new RateLimit())->checkRateLimit('webapi_key', $antiXss->xss_clean($key)))
         ) {
             return AppFactory::determineResponseFactory()->createResponse(401)->withJson([
                 'ret' => 0,