From b2ceb8ea966258c3ccf39350ec033b77d4bbcf1e Mon Sep 17 00:00:00 2001 From: kentanakayrglm Date: Sun, 10 Sep 2023 18:35:51 +0900 Subject: [PATCH 1/6] =?UTF-8?q?-=20yaml=E3=81=AB=E7=AE=A1=E7=90=86?= =?UTF-8?q?=E7=94=BB=E9=9D=A2=E4=BA=8C=E6=AE=B5=E9=9A=8E=E8=AA=8D=E8=A8=BC?= =?UTF-8?q?(=E3=83=88=E3=83=BC=E3=82=AF=E3=83=B3=E5=85=A5=E5=8A=9B?= =?UTF-8?q?=E7=94=BB=E9=9D=A2)=E3=81=AE=E8=A8=AD=E5=AE=9A=E3=82=92?= =?UTF-8?q?=E8=BF=BD=E5=8A=A0=20-=20=E7=AE=A1=E7=90=86=E7=94=BB=E9=9D=A2?= =?UTF-8?q?=E3=83=A6=E3=83=BC=E3=82=B6=E3=81=A7=E3=82=B9=E3=83=AD=E3=83=83?= =?UTF-8?q?=E3=83=88=E3=83=AA=E3=83=B3=E3=82=B0=E3=81=99=E3=82=8B=E7=82=BA?= =?UTF-8?q?=E3=81=AB=E3=80=81=E3=82=A4=E3=83=99=E3=83=B3=E3=83=88=E3=83=AA?= =?UTF-8?q?=E3=82=B9=E3=83=8A=E3=81=A7Member=E3=82=A8=E3=83=B3=E3=83=86?= =?UTF-8?q?=E3=82=A3=E3=83=86=E3=82=A3=E3=81=AE=E5=88=A4=E5=AE=9A=E3=82=92?= =?UTF-8?q?=E8=BF=BD=E5=8A=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/config/eccube/packages/prod/eccube_rate_limiter.yaml | 6 ++++++ src/Eccube/EventListener/RateLimiterListener.php | 7 +++++++ 2 files changed, 13 insertions(+) diff --git a/app/config/eccube/packages/prod/eccube_rate_limiter.yaml b/app/config/eccube/packages/prod/eccube_rate_limiter.yaml index a86553f75d5..a8a790bea46 100644 --- a/app/config/eccube/packages/prod/eccube_rate_limiter.yaml +++ b/app/config/eccube/packages/prod/eccube_rate_limiter.yaml @@ -74,3 +74,9 @@ eccube: route: ~ limit: 10 interval: '30 minutes' + admin_two_factor_auth: + route: admin_two_factor_auth + method: [ 'POST' ] + type: [ ip, customer ] + limit: 5 + interval: '30 minutes' diff --git a/src/Eccube/EventListener/RateLimiterListener.php b/src/Eccube/EventListener/RateLimiterListener.php index 7d5241608d3..f1fe91dec82 100644 --- a/src/Eccube/EventListener/RateLimiterListener.php +++ b/src/Eccube/EventListener/RateLimiterListener.php @@ -15,6 +15,7 @@ use Eccube\Common\EccubeConfig; use Eccube\Entity\Customer; +use Eccube\Entity\Member; use Eccube\Request\Context; use Psr\Container\ContainerInterface; use Symfony\Component\EventDispatcher\EventSubscriberInterface; @@ -85,6 +86,12 @@ public function onController(ControllerEvent $event) throw new TooManyRequestsHttpException(); } } + if ($User instanceof Member) { + $limiter = $factory->create($User->getId()); + if (!$limiter->consume()->isAccepted()) { + throw new TooManyRequestsHttpException(); + } + } } if (in_array('ip', $config['type'])) { $limiter = $factory->create($request->getClientIp()); From 818bb2ffba4b27c740c15a19cbac8184fce9d325 Mon Sep 17 00:00:00 2001 From: kentanakayrglm Date: Wed, 13 Sep 2023 12:36:03 +0900 Subject: [PATCH 2/6] =?UTF-8?q?-=20ip,=20customer=20=E3=82=88=E3=82=8A?= =?UTF-8?q?=E3=82=82=20customer(=E3=81=93=E3=81=93=E3=81=A7=E3=81=AFmember?= =?UTF-8?q?)=E3=81=AE=E6=96=B9=E3=81=8C=E3=82=88=E3=82=8A=E3=82=BB?= =?UTF-8?q?=E3=82=AD=E3=83=A5=E3=83=AA=E3=83=86=E3=82=A3=E7=9A=84=E3=81=AB?= =?UTF-8?q?=E3=81=AF=E5=BC=B7=E3=81=84=E3=81=A8=E8=80=83=E3=81=88=E3=82=8B?= =?UTF-8?q?=E3=81=9F=E3=82=81=E5=A4=89=E6=9B=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/config/eccube/packages/prod/eccube_rate_limiter.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/config/eccube/packages/prod/eccube_rate_limiter.yaml b/app/config/eccube/packages/prod/eccube_rate_limiter.yaml index a8a790bea46..73f09eda252 100644 --- a/app/config/eccube/packages/prod/eccube_rate_limiter.yaml +++ b/app/config/eccube/packages/prod/eccube_rate_limiter.yaml @@ -77,6 +77,6 @@ eccube: admin_two_factor_auth: route: admin_two_factor_auth method: [ 'POST' ] - type: [ ip, customer ] + type: [ customer ] limit: 5 interval: '30 minutes' From 882ecb159c0e02ea2e1ffca0e2b22100fa08e1c4 Mon Sep 17 00:00:00 2001 From: kentanakayrglm Date: Fri, 15 Sep 2023 11:34:28 +0900 Subject: [PATCH 3/6] =?UTF-8?q?-=20=E3=82=B9=E3=83=AD=E3=83=83=E3=83=88?= =?UTF-8?q?=E3=83=AA=E3=83=B3=E3=82=B0=E8=BB=B8=E3=81=AB=20user=20(custome?= =?UTF-8?q?r=20or=20member)=20=E3=82=92=E8=BF=BD=E5=8A=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/config/eccube/packages/prod/eccube_rate_limiter.yaml | 2 +- src/Eccube/DependencyInjection/Configuration.php | 2 +- src/Eccube/EventListener/RateLimiterListener.php | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/config/eccube/packages/prod/eccube_rate_limiter.yaml b/app/config/eccube/packages/prod/eccube_rate_limiter.yaml index 73f09eda252..22122150765 100644 --- a/app/config/eccube/packages/prod/eccube_rate_limiter.yaml +++ b/app/config/eccube/packages/prod/eccube_rate_limiter.yaml @@ -77,6 +77,6 @@ eccube: admin_two_factor_auth: route: admin_two_factor_auth method: [ 'POST' ] - type: [ customer ] + type: user limit: 5 interval: '30 minutes' diff --git a/src/Eccube/DependencyInjection/Configuration.php b/src/Eccube/DependencyInjection/Configuration.php index 21f45bccc16..9e799928058 100644 --- a/src/Eccube/DependencyInjection/Configuration.php +++ b/src/Eccube/DependencyInjection/Configuration.php @@ -61,7 +61,7 @@ public function addRateLimiterSection(ArrayNodeDefinition $rootNode): void ->ifArray() ->then(fn (array $v) => \array_map(fn ($method) => \strtolower($method), $v)) ->end() - ->enumPrototype()->values(['ip', 'customer'])->end() + ->enumPrototype()->values(['ip', 'customer', 'user'])->end() ->defaultValue([]) ->end() ->arrayNode('method') diff --git a/src/Eccube/EventListener/RateLimiterListener.php b/src/Eccube/EventListener/RateLimiterListener.php index f1fe91dec82..3d50eeee7eb 100644 --- a/src/Eccube/EventListener/RateLimiterListener.php +++ b/src/Eccube/EventListener/RateLimiterListener.php @@ -78,7 +78,7 @@ public function onController(ControllerEvent $event) /** @var RateLimiterFactory $factory */ $factory = $this->locator->get($limiterId); - if (in_array('customer', $config['type'])) { + if (in_array('customer', $config['type']) || in_array('user', $config['type'])) { $User = $this->requestContext->getCurrentUser(); if ($User instanceof Customer) { $limiter = $factory->create($User->getId()); From fd333d328c005dd1ed1883123f82847861db5574 Mon Sep 17 00:00:00 2001 From: kentanakayrglm Date: Fri, 15 Sep 2023 14:50:48 +0900 Subject: [PATCH 4/6] =?UTF-8?q?-=20=E3=82=B9=E3=83=AD=E3=83=83=E3=83=88?= =?UTF-8?q?=E3=83=AA=E3=83=B3=E3=82=B0=E3=82=BF=E3=82=A4=E3=83=97=20=3D=20?= =?UTF-8?q?customer=20>=20user=E3=81=AB=E5=A4=89=E6=9B=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../eccube/packages/prod/eccube_rate_limiter.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/app/config/eccube/packages/prod/eccube_rate_limiter.yaml b/app/config/eccube/packages/prod/eccube_rate_limiter.yaml index 22122150765..2605faa3423 100644 --- a/app/config/eccube/packages/prod/eccube_rate_limiter.yaml +++ b/app/config/eccube/packages/prod/eccube_rate_limiter.yaml @@ -17,37 +17,37 @@ eccube: mypage_change: route: mypage_change method: [ 'POST' ] - type: customer + type: user limit: 10 interval: '30 minutes' mypage_delivery_new: route: mypage_delivery_new method: [ 'POST' ] - type: customer + type: user limit: 10 interval: '30 minutes' mypage_delivery_edit: route: mypage_delivery_edit method: [ 'POST' ] - type: customer + type: user limit: 10 interval: '30 minutes' mypage_delivery_delete: route: mypage_delivery_delete method: [ 'DELETE' ] - type: customer + type: user limit: 10 interval: '30 minutes' shopping_shipping_multiple_edit_customer: route: shopping_shipping_multiple_edit method: [ 'POST' ] - type: customer + type: user limit: 10 interval: '30 minutes' shopping_shipping_edit_customer: route: shopping_shipping_edit method: [ 'POST' ] - type: customer + type: user limit: 10 interval: '30 minutes' contact: From 41da6672a947b63bcb3c264425567cbf05cdf67b Mon Sep 17 00:00:00 2001 From: shinya Date: Fri, 22 Sep 2023 14:24:08 +0900 Subject: [PATCH 5/6] =?UTF-8?q?=E5=86=97=E9=95=B7=E3=81=AAif=E6=96=87?= =?UTF-8?q?=E3=82=92=E7=B5=B1=E5=90=88?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/Eccube/EventListener/RateLimiterListener.php | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/src/Eccube/EventListener/RateLimiterListener.php b/src/Eccube/EventListener/RateLimiterListener.php index 3d50eeee7eb..e932de1952f 100644 --- a/src/Eccube/EventListener/RateLimiterListener.php +++ b/src/Eccube/EventListener/RateLimiterListener.php @@ -80,13 +80,7 @@ public function onController(ControllerEvent $event) $factory = $this->locator->get($limiterId); if (in_array('customer', $config['type']) || in_array('user', $config['type'])) { $User = $this->requestContext->getCurrentUser(); - if ($User instanceof Customer) { - $limiter = $factory->create($User->getId()); - if (!$limiter->consume()->isAccepted()) { - throw new TooManyRequestsHttpException(); - } - } - if ($User instanceof Member) { + if ($User instanceof Customer || $User instanceof Member) { $limiter = $factory->create($User->getId()); if (!$limiter->consume()->isAccepted()) { throw new TooManyRequestsHttpException(); From 9eece6d469f8bc99463e8c10db4ffef842d3b670 Mon Sep 17 00:00:00 2001 From: shinya Date: Thu, 28 Sep 2023 15:02:17 +0900 Subject: [PATCH 6/6] =?UTF-8?q?=E5=88=A4=E6=96=AD=E5=9F=BA=E6=BA=96?= =?UTF-8?q?=E3=82=92UserInterface=E3=81=B8=E5=A4=89=E6=9B=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/Eccube/EventListener/RateLimiterListener.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/Eccube/EventListener/RateLimiterListener.php b/src/Eccube/EventListener/RateLimiterListener.php index e932de1952f..a15a0ea39f2 100644 --- a/src/Eccube/EventListener/RateLimiterListener.php +++ b/src/Eccube/EventListener/RateLimiterListener.php @@ -23,6 +23,7 @@ use Symfony\Component\HttpKernel\Exception\TooManyRequestsHttpException; use Symfony\Component\HttpKernel\KernelEvents; use Symfony\Component\RateLimiter\RateLimiterFactory; +use Symfony\Component\Security\Core\User\UserInterface; class RateLimiterListener implements EventSubscriberInterface { @@ -50,7 +51,6 @@ public function onController(ControllerEvent $event) if (!isset($limiterConfigs[$route])) { return; } - $method = $request->getMethod(); foreach ($limiterConfigs[$route] as $id => $config) { @@ -75,12 +75,11 @@ public function onController(ControllerEvent $event) if (!$this->locator->has($limiterId)) { continue; } - /** @var RateLimiterFactory $factory */ $factory = $this->locator->get($limiterId); if (in_array('customer', $config['type']) || in_array('user', $config['type'])) { $User = $this->requestContext->getCurrentUser(); - if ($User instanceof Customer || $User instanceof Member) { + if ($User instanceof UserInterface) { $limiter = $factory->create($User->getId()); if (!$limiter->consume()->isAccepted()) { throw new TooManyRequestsHttpException();