Pages ratelimit middleware

2025-02-17 15:05:44 +02:00 · 2025-02-17 15:05:44 +02:00 · c465fbfdf4
parent beafdf29fb
commit c465fbfdf4
1 changed files with 49 additions and 0 deletions
--- a/app/includes/rate_limit_middleware.php
+++ b/app/includes/rate_limit_middleware.php
@ -0,0 +1,49 @@
+<?php
+
+require_once __DIR__ . '/../classes/ratelimiter.php';
+
+/**
+ * Rate limit middleware for page requests
+ * 
+ * @param Database $database Database connection
+ * @param string $endpoint The endpoint being accessed
+ * @param int|null $userId Current user ID if authenticated
+ * @return bool True if request is allowed, false if rate limited
+ */
+function checkRateLimit($database, $endpoint, $userId = null) {
+    $rateLimiter = new RateLimiter($database);
+    $ipAddress = $_SERVER['REMOTE_ADDR'];
+
+    // Check if request is allowed
+    if (!$rateLimiter->isPageRequestAllowed($ipAddress, $endpoint, $userId)) {
+        // Get remaining requests for error message
+        $remaining = $rateLimiter->getRemainingPageRequests($ipAddress, $endpoint, $userId);
+
+        // Set rate limit headers
+        header('X-RateLimit-Remaining: ' . $remaining);
+        header('X-RateLimit-Reset: ' . (time() + 60)); // Reset in 1 minute
+
+        // Return 429 Too Many Requests
+        http_response_code(429);
+
+        // If AJAX request, return JSON
+        if (!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && 
+            strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
+            header('Content-Type: application/json');
+            echo json_encode([
+                'success' => false,
+                'message' => 'Too many requests. Please try again in a minute.',
+                'messageData' => Feedback::getMessageData('ERROR', 'DEFAULT', 'Too many requests. Please try again in a minute.', true)
+            ]);
+        } else {
+            // For regular requests, set flash message and redirect
+            Feedback::flash('ERROR', 'DEFAULT', 'Too many requests. Please try again in a minute.', true);
+            header('Location: ' . htmlspecialchars($app_root));
+        }
+        exit;
+    }
+
+    // Record this request
+    $rateLimiter->recordPageRequest($ipAddress, $endpoint);
+    return true;
+}