Fix/shotgun limits

.circleci/config.yml

@@ -10,6 +10,7 @@ jobs:
             MYSQL_DATABASE: upont
             MYSQL_USER: upont
             MYSQL_PASSWORD: upont
+      - image: redis:5-alpine
     working_directory: ~/upont
     steps:
       - run: sudo apt update && sudo apt install -y libfreetype6-dev libjpeg62-turbo-dev libmcrypt-dev libpng-dev zlib1g-dev

.env.dist

@@ -43,3 +43,8 @@ APP_SECRET=c97499ba41de9fe24ad8d2ab083a7e66
 #TRUSTED_PROXIES=127.0.0.1,127.0.0.2
 #TRUSTED_HOSTS=localhost,example.com
 ###< symfony/framework-bundle ###
+
+###> snc/redis-bundle ###
+# passwords that contain special characters (@, %, :, +) must be urlencoded
+REDIS_URL=redis://localhost
+###< snc/redis-bundle ###

back/composer.json

@@ -37,7 +37,10 @@
         "nesbot/carbon": "^2.11",
         "sensio/framework-extra-bundle": "^5.2",
         "sensiolabs/security-checker": "^5.0",
+        "noxlogic/ratelimit-bundle": "^1.14",
+        "predis/predis": "^1.1",
         "sentry/sentry-symfony": "~2.0",
+        "snc/redis-bundle": "^2.1",
         "stof/doctrine-extensions-bundle": "~1.1",
         "symfony/asset": "^4.2",
         "symfony/console": "^4.2",

back/config/bundles.php

@@ -20,4 +20,6 @@
     Sentry\SentryBundle\SentryBundle::class => ['prod' => true],
     Stof\DoctrineExtensionsBundle\StofDoctrineExtensionsBundle::class => ['all' => true],
     Symfony\Bundle\WebServerBundle\WebServerBundle::class => ['dev' => true],
+    Noxlogic\RateLimitBundle\NoxlogicRateLimitBundle::class => ['all' => true],
+    Snc\RedisBundle\SncRedisBundle::class => ['all' => true],
 ];

back/config/packages/noxlogic_rate_limit.yaml

@@ -0,0 +1,4 @@
+noxlogic_rate_limit:
+  storage_engine: redis
+  display_headers: false
+  rate_response_message: null

back/config/packages/snc_redis.yaml

@@ -0,0 +1,6 @@
+snc_redis:
+    clients:
+        default:
+            type: predis
+            alias: default
+            dsn: "%env(REDIS_URL)%"

back/config/services.yaml

@@ -283,4 +283,6 @@ services:
         tags:
             - { name: form.type, alias: user }
 
-    BOMO\IcalBundle\Provider\IcsProvider: '@bomo_ical.ics_provider'
+    App\Listener\RateLimitGenerateKeyListener:
+        tags:
+            - { name: kernel.event_listener, event: ratelimit.generate.key, method: onGenerateKey }

back/phpunit.xml.circle

@@ -24,6 +24,11 @@
         <env name="DATABASE_USER" value="upont" />
         <env name="DATABASE_PASSWORD" value="upont" />
         <env name="SYMFONY_DEPRECATIONS_HELPER" value="weak_vendors" />
+
+        <!-- ###+ snc/redis-bundle ### -->
+        <!-- passwords that contain special characters (@, %, :, +) must be urlencoded -->
+        <env name="REDIS_URL" value="redis://127.0.0.1"/>
+        <!-- ###- snc/redis-bundle ### -->
     </php>
 
     <logging>

back/phpunit.xml.dist

@@ -23,6 +23,11 @@
         <env name="DATABASE_NAME" value="upont" />
         <env name="DATABASE_USER" value="upont" />
         <env name="DATABASE_PASSWORD" value="upont" />
+
+        <!-- ###+ snc/redis-bundle ### -->
+        <!-- passwords that contain special characters (@, %, :, +) must be urlencoded -->
+        <env name="REDIS_URL" value="redis://localhost"/>
+        <!-- ###- snc/redis-bundle ### -->
     </php>
 
     <testsuites>

back/src/Controller/CoreController.php

@@ -99,17 +99,25 @@ public function dirtyAction()
      * @Operation(
      *     tags={"Général"},
      *     summary="Se loger et recevoir un JSON Web Token",
+     *     @SWG\Parameter(
+     *         name="username",
+     *         in="formData",
+     *         required=true,
+     *         type="string"
+     *     ),
+     *     @SWG\Parameter(
+     *         name="password",
+     *         in="formData",
+     *         required=true,
+     *         type="string"
+     *     ),
      *     @SWG\Response(
      *         response="200",
      *         description="Requête traitée avec succès"
      *     ),
      *     @SWG\Response(
      *         response="401",
      *         description="Mauvaise combinaison username/password ou champ nom rempli"
-     *     ),
-     *     @SWG\Response(
-     *         response="502",
-     *         description="Erreur Proxy : l'utilisateur se connecte pour la première fois, mais le proxy DSI n'est pas configuré"
      *     )
      * )
      *

back/src/Controller/Publications/EventsController.php

@@ -12,6 +12,7 @@
 use App\Service\NotifyService;
 use Carbon\Carbon;
 use Nelmio\ApiDocBundle\Annotation\Operation;
+use Noxlogic\RateLimitBundle\Annotation\RateLimit;
 use Swagger\Annotations as SWG;
 use Symfony\Component\DependencyInjection\ContainerInterface;
 use Symfony\Component\HttpFoundation\Request;
@@ -374,6 +375,12 @@ public function deleteEventAction($slug)
      * @Operation(
      *     tags={"Publications"},
      *     summary="Shotgunne un événement",
+     *     @SWG\Parameter(
+     *         name="motivation",
+     *         in="formData",
+     *         required=true,
+     *         type="string",
+     *     ),
      *     @SWG\Response(
      *         response="201",
      *         description="Requête traitée avec succès avec création d’un document"
@@ -392,6 +399,7 @@ public function deleteEventAction($slug)
      *     )
      * )
      *
+     * @RateLimit(limit=3, period=10)
      * @Route("/events/{slug}/shotgun", methods={"POST"})
      */
     public function postEventUserAction(Request $request, $slug)
@@ -412,7 +420,7 @@ public function postEventUserAction(Request $request, $slug)
         if (count($userEvent) != 0)
             throw new BadRequestHttpException('Tu es déjà inscrit !');
 
-        //S'il est l'heure, on accepte le shotgun
+        // S'il est l'heure, on accepte le shotgun
         if (Carbon::now() >= $event->getShotgunDate()) {
             $userEvent = new EventUser();
             $userEvent->setEvent($event);

back/src/Listener/RateLimitGenerateKeyListener.php

@@ -0,0 +1,29 @@
+<?php
+
+namespace App\Listener;
+
+use Noxlogic\RateLimitBundle\Events\GenerateKeyEvent;
+use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
+
+class RateLimitGenerateKeyListener
+{
+    protected $tokenStorage;
+
+    /**
+     * @param $tokenStorage
+     */
+    public function __construct(TokenStorageInterface $tokenStorage)
+    {
+        $this->tokenStorage = $tokenStorage;
+    }
+
+    /**
+     * @param GenerateKeyEvent $event
+     */
+    public function onGenerateKey(GenerateKeyEvent $event)
+    {
+        $token = $this->tokenStorage->getToken();
+
+        $event->addToKey($token->getUsername());
+    }
+}