Pages ratelimit middleware
parent
beafdf29fb
commit
c465fbfdf4
|
|
@ -0,0 +1,49 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
require_once __DIR__ . '/../classes/ratelimiter.php';
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Rate limit middleware for page requests
|
||||||
|
*
|
||||||
|
* @param Database $database Database connection
|
||||||
|
* @param string $endpoint The endpoint being accessed
|
||||||
|
* @param int|null $userId Current user ID if authenticated
|
||||||
|
* @return bool True if request is allowed, false if rate limited
|
||||||
|
*/
|
||||||
|
function checkRateLimit($database, $endpoint, $userId = null) {
|
||||||
|
$rateLimiter = new RateLimiter($database);
|
||||||
|
$ipAddress = $_SERVER['REMOTE_ADDR'];
|
||||||
|
|
||||||
|
// Check if request is allowed
|
||||||
|
if (!$rateLimiter->isPageRequestAllowed($ipAddress, $endpoint, $userId)) {
|
||||||
|
// Get remaining requests for error message
|
||||||
|
$remaining = $rateLimiter->getRemainingPageRequests($ipAddress, $endpoint, $userId);
|
||||||
|
|
||||||
|
// Set rate limit headers
|
||||||
|
header('X-RateLimit-Remaining: ' . $remaining);
|
||||||
|
header('X-RateLimit-Reset: ' . (time() + 60)); // Reset in 1 minute
|
||||||
|
|
||||||
|
// Return 429 Too Many Requests
|
||||||
|
http_response_code(429);
|
||||||
|
|
||||||
|
// If AJAX request, return JSON
|
||||||
|
if (!empty($_SERVER['HTTP_X_REQUESTED_WITH']) &&
|
||||||
|
strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
|
||||||
|
header('Content-Type: application/json');
|
||||||
|
echo json_encode([
|
||||||
|
'success' => false,
|
||||||
|
'message' => 'Too many requests. Please try again in a minute.',
|
||||||
|
'messageData' => Feedback::getMessageData('ERROR', 'DEFAULT', 'Too many requests. Please try again in a minute.', true)
|
||||||
|
]);
|
||||||
|
} else {
|
||||||
|
// For regular requests, set flash message and redirect
|
||||||
|
Feedback::flash('ERROR', 'DEFAULT', 'Too many requests. Please try again in a minute.', true);
|
||||||
|
header('Location: ' . htmlspecialchars($app_root));
|
||||||
|
}
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Record this request
|
||||||
|
$rateLimiter->recordPageRequest($ipAddress, $endpoint);
|
||||||
|
return true;
|
||||||
|
}
|
||||||
Loading…
Reference in New Issue