[PLA-1700] Add API generic rate limit (#144)

enjin · Mar 28, 2024 · cf8c231 · cf8c231
1 parent cf0b5e7
commit cf8c231
Show file tree

Hide file tree

Showing 4 changed files with 77 additions and 2 deletions.
diff --git a/config/enjin-platform.php b/config/enjin-platform.php
@@ -234,9 +234,23 @@
     | Prune blocks
     |--------------------------------------------------------------------------
     |
-    | Here, you can specify the number of days to retain blocks data before pruning.
+    | Here you can specify the number of days to retain blocks data before pruning.
     | If set to null or zero, blocks will not be pruned.
     |
     */
     'prune_blocks' => env('PRUNE_BLOCKS', 7),
+
+    /*
+    |--------------------------------------------------------------------------
+    | API Rate Limiting
+    |--------------------------------------------------------------------------
+    |
+    | Here you may set the rate limiting for the APIs
+    |
+    */
+    'rate_limit' => [
+        'enabled' => env('RATE_LIMIT_ENABLED', false),
+        'attempts' => env('RATE_LIMIT_ATTEMPTS', 500),
+        'time' => env('RATE_LIMIT_TIME', 1), // minutes
+    ],
 ];
diff --git a/src/Http/Controllers/GraphQLController.php b/src/Http/Controllers/GraphQLController.php
@@ -16,6 +16,15 @@
 
 class GraphQLController extends GraphQLGraphQLController
 {
+    public function __construct()
+    {
+        if (config('enjin-platform.rate_limit.enabled')) {
+            $this->middleware(
+                'throttle:' . config('enjin-platform.rate_limit.attempts') . ',' . config('enjin-platform.rate_limit.time')
+            );
+        }
+    }
+
     /**
      * Handle graphql query.
      */

diff --git a/testbench.yaml b/testbench.yaml
@@ -14,4 +14,4 @@ env:
   - DAEMON_ACCOUNT="0x68b427dda4f3894613e113b570d5878f3eee981196133e308c0a82584cf2e160"
 
 providers:
-  - Enjin\Platform\CoreServiceProvider
+  - Enjin\Platform\CoreServiceProvider
diff --git a/tests/Feature/GraphQL/Middleware/RateLimit.php b/tests/Feature/GraphQL/Middleware/RateLimit.php
@@ -0,0 +1,52 @@
+<?php
+
+namespace Enjin\Platform\Tests\Feature\GraphQL\Mutations;
+
+use Enjin\Platform\Models\Collection;
+use Enjin\Platform\Tests\Feature\GraphQL\TestCaseGraphQL;
+use Enjin\Platform\Tests\Feature\GraphQL\Traits\HasHttp;
+use Illuminate\Support\Arr;
+
+class RateLimit extends TestCaseGraphQL
+{
+    use HasHttp;
+
+    public function test_it_can_rate_limit(): void
+    {
+        config()->set('enjin-platform.rate_limit.attempts', 1);
+        Collection::factory()->create();
+        $this->json(
+            'POST',
+            '/graphql',
+            ['query' => static::$queries['GetCollections']],
+        );
+        $response = $this->json(
+            'POST',
+            '/graphql',
+            ['query' => static::$queries['GetCollections']],
+        );
+        $result = $response->getData(true);
+        $this->assertStringContainsString('Too Many Attempts.', Arr::get($result, 'message'));
+    }
+
+    public function test_it_will_not_rate_limit(): void
+    {
+        config()->set('enjin-platform.rate_limit.attempts', 1);
+        config()->set('enjin-platform.rate_limit.enabled', false);
+        Collection::factory()->create();
+        $response = $this->json(
+            'POST',
+            '/graphql',
+            ['query' => static::$queries['GetCollections']],
+        );
+        $result = $response->getData(true);
+        $this->assertNotEmpty(Arr::get($result, 'data.GetCollections.edges'));
+        $response = $this->json(
+            'POST',
+            '/graphql',
+            ['query' => static::$queries['GetCollections']],
+        );
+        $result = $response->getData(true);
+        $this->assertNotEmpty(Arr::get($result, 'data.GetCollections.edges'));
+    }
+}