From c465fbfdf48ed12305d25c2862048a2338965cb3 Mon Sep 17 00:00:00 2001
From: Yasen Pramatarov <yasen@lindeas.com>
Date: Mon, 17 Feb 2025 15:05:44 +0200
Subject: [PATCH] Pages ratelimit middleware

---
 app/includes/rate_limit_middleware.php | 49 ++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 app/includes/rate_limit_middleware.php

diff --git a/app/includes/rate_limit_middleware.php b/app/includes/rate_limit_middleware.php
new file mode 100644
index 0000000..9e45d29
--- /dev/null
+++ b/app/includes/rate_limit_middleware.php
@@ -0,0 +1,49 @@
+<?php
+
+require_once __DIR__ . '/../classes/ratelimiter.php';
+
+/**
+ * Rate limit middleware for page requests
+ * 
+ * @param Database $database Database connection
+ * @param string $endpoint The endpoint being accessed
+ * @param int|null $userId Current user ID if authenticated
+ * @return bool True if request is allowed, false if rate limited
+ */
+function checkRateLimit($database, $endpoint, $userId = null) {
+    $rateLimiter = new RateLimiter($database);
+    $ipAddress = $_SERVER['REMOTE_ADDR'];
+
+    // Check if request is allowed
+    if (!$rateLimiter->isPageRequestAllowed($ipAddress, $endpoint, $userId)) {
+        // Get remaining requests for error message
+        $remaining = $rateLimiter->getRemainingPageRequests($ipAddress, $endpoint, $userId);
+
+        // Set rate limit headers
+        header('X-RateLimit-Remaining: ' . $remaining);
+        header('X-RateLimit-Reset: ' . (time() + 60)); // Reset in 1 minute
+
+        // Return 429 Too Many Requests
+        http_response_code(429);
+
+        // If AJAX request, return JSON
+        if (!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && 
+            strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
+            header('Content-Type: application/json');
+            echo json_encode([
+                'success' => false,
+                'message' => 'Too many requests. Please try again in a minute.',
+                'messageData' => Feedback::getMessageData('ERROR', 'DEFAULT', 'Too many requests. Please try again in a minute.', true)
+            ]);
+        } else {
+            // For regular requests, set flash message and redirect
+            Feedback::flash('ERROR', 'DEFAULT', 'Too many requests. Please try again in a minute.', true);
+            header('Location: ' . htmlspecialchars($app_root));
+        }
+        exit;
+    }
+
+    // Record this request
+    $rateLimiter->recordPageRequest($ipAddress, $endpoint);
+    return true;
+}