mirror of
https://github.com/nextcloud/server.git
synced 2025-02-06 01:20:16 +00:00
86 lines
2.5 KiB
PHP
86 lines
2.5 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
/*
|
|
* SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
|
|
* SPDX-License-Identifier: AGPL-3.0-or-later
|
|
*/
|
|
|
|
namespace OCA\DAV\CardDAV\Security;
|
|
|
|
use OC\Security\RateLimiting\Exception\RateLimitExceededException;
|
|
use OC\Security\RateLimiting\Limiter;
|
|
use OCA\DAV\CardDAV\CardDavBackend;
|
|
use OCA\DAV\Connector\Sabre\Exception\TooManyRequests;
|
|
use OCP\IAppConfig;
|
|
use OCP\IUserManager;
|
|
use Psr\Log\LoggerInterface;
|
|
use Sabre\DAV;
|
|
use Sabre\DAV\Exception\Forbidden;
|
|
use Sabre\DAV\ServerPlugin;
|
|
use function count;
|
|
use function explode;
|
|
|
|
class CardDavRateLimitingPlugin extends ServerPlugin {
|
|
public function __construct(
|
|
private Limiter $limiter,
|
|
private IUserManager $userManager,
|
|
private CardDavBackend $cardDavBackend,
|
|
private LoggerInterface $logger,
|
|
private IAppConfig $config,
|
|
private ?string $userId,
|
|
) {
|
|
$this->limiter = $limiter;
|
|
$this->userManager = $userManager;
|
|
$this->cardDavBackend = $cardDavBackend;
|
|
$this->config = $config;
|
|
$this->logger = $logger;
|
|
}
|
|
|
|
public function initialize(DAV\Server $server): void {
|
|
$server->on('beforeBind', [$this, 'beforeBind'], 1);
|
|
}
|
|
|
|
public function beforeBind(string $path): void {
|
|
if ($this->userId === null) {
|
|
// We only care about authenticated users here
|
|
return;
|
|
}
|
|
$user = $this->userManager->get($this->userId);
|
|
if ($user === null) {
|
|
// We only care about authenticated users here
|
|
return;
|
|
}
|
|
|
|
$pathParts = explode('/', $path);
|
|
if (count($pathParts) === 4 && $pathParts[0] === 'addressbooks') {
|
|
// Path looks like addressbooks/users/username/addressbooksname so a new addressbook is created
|
|
try {
|
|
$this->limiter->registerUserRequest(
|
|
'carddav-create-address-book',
|
|
$this->config->getValueInt('dav', 'rateLimitAddressBookCreation', 10),
|
|
$this->config->getValueInt('dav', 'rateLimitPeriodAddressBookCreation', 3600),
|
|
$user
|
|
);
|
|
} catch (RateLimitExceededException $e) {
|
|
throw new TooManyRequests('Too many addressbooks created', 0, $e);
|
|
}
|
|
|
|
$addressBookLimit = $this->config->getValueInt('dav', 'maximumAdressbooks', 10);
|
|
if ($addressBookLimit === -1) {
|
|
return;
|
|
}
|
|
$numAddressbooks = $this->cardDavBackend->getAddressBooksForUserCount('principals/users/' . $user->getUID());
|
|
|
|
if ($numAddressbooks >= $addressBookLimit) {
|
|
$this->logger->warning('Maximum number of address books reached', [
|
|
'addressbooks' => $numAddressbooks,
|
|
'addressBookLimit' => $addressBookLimit,
|
|
]);
|
|
throw new Forbidden('AddressBook limit reached', 0);
|
|
}
|
|
}
|
|
}
|
|
|
|
}
|