src/Eccube/EventListener/RateLimiterListener.php line 39

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of EC-CUBE
  5.  *
  6.  * Copyright(c) EC-CUBE CO.,LTD. All Rights Reserved.
  7.  *
  8.  * http://www.ec-cube.co.jp/
  9.  *
  10.  * For the full copyright and license information, please view the LICENSE
  11.  * file that was distributed with this source code.
  12.  */
  14. namespace Eccube\EventListener;
  16. use Eccube\Common\EccubeConfig;
  17. use Eccube\Entity\Customer;
  18. use Eccube\Request\Context;
  19. use Psr\Container\ContainerInterface;
  20. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  21. use Symfony\Component\HttpKernel\Event\ControllerEvent;
  22. use Symfony\Component\HttpKernel\Exception\TooManyRequestsHttpException;
  23. use Symfony\Component\HttpKernel\KernelEvents;
  24. use Symfony\Component\RateLimiter\RateLimiterFactory;
  26. class RateLimiterListener implements EventSubscriberInterface
  27. {
  28.     private ContainerInterface $locator;
  29.     private EccubeConfig $eccubeConfig;
  30.     private Context $requestContext;
  32.     public function __construct(ContainerInterface $locatorEccubeConfig $eccubeConfigContext $requestContext)
  33.     {
  34.         $this->locator $locator;
  35.         $this->eccubeConfig $eccubeConfig;
  36.         $this->requestContext $requestContext;
  37.     }
  39.     public function onController(ControllerEvent $event)
  40.     {
  41.         if (!$event->isMainRequest()) {
  42.             return;
  43.         }
  45.         $request $event->getRequest();
  46.         $route $request->attributes->get('_route');
  47.         $limiterConfigs $this->eccubeConfig['eccube_rate_limiter_configs'];
  49.         if (!isset($limiterConfigs[$route])) {
  50.             return;
  51.         }
  53.         $method $request->getMethod();
  55.         foreach ($limiterConfigs[$route] as $id => $config) {
  56.             $methods array_filter($config['method'], fn ($m) => $m === $method);
  57.             if (empty($methods)) {
  58.                 // http methodが不一致であればスキップ
  59.                 continue;
  60.             }
  62.             if (!empty($config['params'])) {
  63.                 $matchParams array_filter($config['params'], function ($value$key) use ($request) {
  64.                     return $request->get($key) === $value;
  65.                 }, ARRAY_FILTER_USE_BOTH);
  67.                 if (count($config['params']) !== count($matchParams)) {
  68.                     // パラメータが不一致であればスキップ
  69.                     continue;
  70.                 }
  71.             }
  73.             $limiterId 'limiter.'.$id;
  74.             if (!$this->locator->has($limiterId)) {
  75.                 continue;
  76.             }
  78.             /** @var RateLimiterFactory $factory */
  79.             $factory $this->locator->get($limiterId);
  80.             if (in_array('customer'$config['type'])) {
  81.                 $User $this->requestContext->getCurrentUser();
  82.                 if ($User instanceof Customer) {
  83.                     $limiter $factory->create($User->getId());
  84.                     if (!$limiter->consume()->isAccepted()) {
  85.                         throw new TooManyRequestsHttpException();
  86.                     }
  87.                 }
  88.             }
  89.             if (in_array('ip'$config['type'])) {
  90.                 $limiter $factory->create($request->getClientIp());
  91.                 if (!$limiter->consume()->isAccepted()) {
  92.                     throw new TooManyRequestsHttpException();
  93.                 }
  94.             }
  95.         }
  96.     }
  98.     /**
  99.      * {@inheritdoc}
  100.      */
  101.     public static function getSubscribedEvents()
  102.     {
  103.         return [
  104.             KernelEvents::CONTROLLER => ['onController'0],
  105.         ];
  106.     }
  107. }