src/Eccube/EventListener/RateLimiterListener.php line 41

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of EC-CUBE
  5.  *
  6.  * Copyright(c) EC-CUBE CO.,LTD. All Rights Reserved.
  7.  *
  8.  * http://www.ec-cube.co.jp/
  9.  *
  10.  * For the full copyright and license information, please view the LICENSE
  11.  * file that was distributed with this source code.
  12.  */
  14. namespace Eccube\EventListener;
  16. use Eccube\Common\EccubeConfig;
  17. use Eccube\Entity\Customer;
  18. use Eccube\Entity\Member;
  19. use Eccube\Request\Context;
  20. use Psr\Container\ContainerInterface;
  21. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  22. use Symfony\Component\HttpKernel\Event\ControllerEvent;
  23. use Symfony\Component\HttpKernel\Exception\TooManyRequestsHttpException;
  24. use Symfony\Component\HttpKernel\KernelEvents;
  25. use Symfony\Component\RateLimiter\RateLimiterFactory;
  26. use Symfony\Component\Security\Core\User\UserInterface;
  28. class RateLimiterListener implements EventSubscriberInterface
  29. {
  30.     private ContainerInterface $locator;
  31.     private EccubeConfig $eccubeConfig;
  32.     private Context $requestContext;
  34.     public function __construct(ContainerInterface $locatorEccubeConfig $eccubeConfigContext $requestContext)
  35.     {
  36.         $this->locator $locator;
  37.         $this->eccubeConfig $eccubeConfig;
  38.         $this->requestContext $requestContext;
  39.     }
  41.     public function onController(ControllerEvent $event)
  42.     {
  43.         if (!$event->isMainRequest()) {
  44.             return;
  45.         }
  47.         $request $event->getRequest();
  48.         $route $request->attributes->get('_route');
  49.         $limiterConfigs $this->eccubeConfig['eccube_rate_limiter_configs'];
  51.         if (!isset($limiterConfigs[$route])) {
  52.             return;
  53.         }
  54.         $method $request->getMethod();
  56.         foreach ($limiterConfigs[$route] as $id => $config) {
  57.             $methods array_filter($config['method'], fn ($m) => $m === $method);
  58.             if (empty($methods)) {
  59.                 // http methodが不一致であればスキップ
  60.                 continue;
  61.             }
  63.             if (!empty($config['params'])) {
  64.                 $matchParams array_filter($config['params'], function ($value$key) use ($request) {
  65.                     return $request->get($key) === $value;
  66.                 }, ARRAY_FILTER_USE_BOTH);
  68.                 if (count($config['params']) !== count($matchParams)) {
  69.                     // パラメータが不一致であればスキップ
  70.                     continue;
  71.                 }
  72.             }
  74.             $limiterId 'limiter.'.$id;
  75.             if (!$this->locator->has($limiterId)) {
  76.                 continue;
  77.             }
  78.             /** @var RateLimiterFactory $factory */
  79.             $factory $this->locator->get($limiterId);
  80.             if (in_array('customer'$config['type']) || in_array('user'$config['type'])) {
  81.                 $User $this->requestContext->getCurrentUser();
  82.                 if ($User instanceof UserInterface) {
  83.                     $limiter $factory->create($User->getId());
  84.                     if (!$limiter->consume()->isAccepted()) {
  85.                         throw new TooManyRequestsHttpException();
  86.                     }
  87.                 }
  88.             }
  89.             if (in_array('ip'$config['type'])) {
  90.                 $limiter $factory->create($request->getClientIp());
  91.                 if (!$limiter->consume()->isAccepted()) {
  92.                     throw new TooManyRequestsHttpException();
  93.                 }
  94.             }
  95.         }
  96.     }
  98.     /**
  99.      * {@inheritdoc}
  100.      */
  101.     public static function getSubscribedEvents()
  102.     {
  103.         return [
  104.             KernelEvents::CONTROLLER => ['onController'0],
  105.         ];
  106.     }
  107. }