Skip to content

Commit 4fd6e57

Browse files
lucasalva87lucasalva87
committed
feat: introdotti limiti API distinti per autenticati e non autenticati con chiavi dedicate
1 parent 76cedd1 commit 4fd6e57

3 files changed

Lines changed: 20 additions & 31 deletions

File tree

api/index.php

Lines changed: 1 addition & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -40,12 +40,7 @@ function serverError()
4040

4141
// Rate limiting per API (se abilitato)
4242
if (($config['rate_limiting']['enabled'] ?? false)) {
43-
[$ok, $retry] = \Security\LaravelRateLimiter::enforce('api', $config, [
44-
'key_parts' => [
45-
'resource' => get('resource'),
46-
'token' => get('token'),
47-
],
48-
]);
43+
[$ok] = \Security\LaravelRateLimiter::enforce('api', $config);
4944
if (!$ok) {
5045
http_response_code(429);
5146
exit('Too Many Requests');

config.example.php

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -78,9 +78,12 @@
7878
$rate_limiting = [
7979
'enabled' => false,
8080
'store_path' => __DIR__.'/files/cache/ratelimiter',
81-
'strategy' => 'user', // 'user' | 'ip' | 'ip_user'
81+
// Limiti distinti per autenticati e non autenticati
8282
'limits' => [
83-
'api' => ['max' => 60, 'decay' => 60],
83+
'api' => [
84+
'authenticated' => ['max' => 300, 'decay' => 60],
85+
'unauthenticated' => ['max' => 60, 'decay' => 300],
86+
],
8487
],
8588
'whitelist_ips' => [],
8689
'blacklist_ips' => [],

src/Security/LaravelRateLimiter.php

Lines changed: 14 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -77,17 +77,14 @@ class_exists('Illuminate\\Filesystem\\Filesystem')
7777
}
7878

7979
/**
80-
* Costruisce chiave, limiti e percorso store.
80+
* Costruisce chiave, limiti e percorso store (schema authenticated/unauthenticated).
8181
*/
8282
private static function buildKeyAndLimits(string $area, array $cfg, string $ip, array $opts): array
8383
{
84-
$limits = (array)($cfg['limits'][$area] ?? []);
85-
$max = (int)($limits['max'] ?? 60);
86-
$decay = (int)($limits['decay'] ?? 60);
8784

88-
// Strategia chiave: 'user' | 'ip' | 'ip_user'
89-
$strategy = (string)($cfg['strategy'] ?? 'user');
85+
$__unused = $opts; unset($__unused);
9086

87+
// Determina utente autenticato (se presente)
9188
$userId = null;
9289
if (class_exists('Auth')) {
9390
try {
@@ -100,25 +97,19 @@ private static function buildKeyAndLimits(string $area, array $cfg, string $ip,
10097
}
10198
}
10299

103-
$idParts = [$area, $strategy];
104-
if ($strategy === 'user') {
105-
$idParts[] = $userId ?: ('ip:'.$ip);
106-
} elseif ($strategy === 'ip') {
107-
$idParts[] = 'ip:'.$ip;
108-
} else { // ip_user
109-
$idParts[] = 'u:'.($userId ?? 0);
110-
$idParts[] = 'ip:'.$ip;
100+
$limitsArea = (array)($cfg['limits'][$area] ?? []);
101+
102+
// Limiti distinti per authenticated/unauthenticated
103+
if ($userId) {
104+
$max = (int)($limitsArea['authenticated']['max'] ?? 300);
105+
$decay = (int)($limitsArea['authenticated']['decay'] ?? 60);
106+
$key = 'osm:rate:'.$area.':user:'.$userId;
107+
} else {
108+
$max = (int)($limitsArea['unauthenticated']['max'] ?? 60);
109+
$decay = (int)($limitsArea['unauthenticated']['decay'] ?? 300);
110+
$key = 'osm:rate:'.$area.':ip:'.$ip;
111111
}
112112

113-
// Ulteriori parti opzionali di chiave (per granularità)
114-
foreach ((array)($opts['key_parts'] ?? []) as $k => $v) {
115-
if (!empty($v)) {
116-
$idParts[] = $k.':'.$v;
117-
}
118-
}
119-
120-
$key = 'osm:rate:'.sha1(implode('|', $idParts));
121-
122113
$storePath = (string)($cfg['store_path'] ?? (function_exists('base_dir') ? base_dir().'/files/cache/ratelimiter' : __DIR__.'/../../files/cache/ratelimiter'));
123114

124115
return [$key, $max, $decay, $storePath];

0 commit comments

Comments
 (0)