Skip to content

Commit

Permalink
Merge pull request #6035 from KenTanaka/feature/add_rate_limit_for_ad…
Browse files Browse the repository at this point in the history 
…min_tfa

2要素認証におけるブルートフォース対策の実装
  • Loading branch information
@ji-eunsoo
ji-eunsoo committed Sep 29, 2023
2 parents f8095c6 + 9eece6d commit 3b0883e
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 11 deletions.
18 changes: 12 additions & 6 deletions app/config/eccube/packages/prod/eccube_rate_limiter.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,37 +17,37 @@ eccube:
mypage_change:
route: mypage_change
method: [ 'POST' ]
type: customer
type: user
limit: 10
interval: '30 minutes'
mypage_delivery_new:
route: mypage_delivery_new
method: [ 'POST' ]
type: customer
type: user
limit: 10
interval: '30 minutes'
mypage_delivery_edit:
route: mypage_delivery_edit
method: [ 'POST' ]
type: customer
type: user
limit: 10
interval: '30 minutes'
mypage_delivery_delete:
route: mypage_delivery_delete
method: [ 'DELETE' ]
type: customer
type: user
limit: 10
interval: '30 minutes'
shopping_shipping_multiple_edit_customer:
route: shopping_shipping_multiple_edit
method: [ 'POST' ]
type: customer
type: user
limit: 10
interval: '30 minutes'
shopping_shipping_edit_customer:
route: shopping_shipping_edit
method: [ 'POST' ]
type: customer
type: user
limit: 10
interval: '30 minutes'
contact:
Expand All @@ -74,3 +74,9 @@ eccube:
route: ~
limit: 10
interval: '30 minutes'
admin_two_factor_auth:
route: admin_two_factor_auth
method: [ 'POST' ]
type: user
limit: 5
interval: '30 minutes'
2 changes: 1 addition & 1 deletion src/Eccube/DependencyInjection/Configuration.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ public function addRateLimiterSection(ArrayNodeDefinition $rootNode): void
->ifArray()
->then(fn (array $v) => \array_map(fn ($method) => \strtolower($method), $v))
->end()
->enumPrototype()->values(['ip', 'customer'])->end()
->enumPrototype()->values(['ip', 'customer', 'user'])->end()
->defaultValue([])
->end()
->arrayNode('method')
Expand Down
8 changes: 4 additions & 4 deletions src/Eccube/EventListener/RateLimiterListener.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,13 +15,15 @@

use Eccube\Common\EccubeConfig;
use Eccube\Entity\Customer;
use Eccube\Entity\Member;
use Eccube\Request\Context;
use Psr\Container\ContainerInterface;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpKernel\Event\ControllerEvent;
use Symfony\Component\HttpKernel\Exception\TooManyRequestsHttpException;
use Symfony\Component\HttpKernel\KernelEvents;
use Symfony\Component\RateLimiter\RateLimiterFactory;
use Symfony\Component\Security\Core\User\UserInterface;

class RateLimiterListener implements EventSubscriberInterface
{
Expand Down Expand Up @@ -49,7 +51,6 @@ public function onController(ControllerEvent $event)
if (!isset($limiterConfigs[$route])) {
return;
}

$method = $request->getMethod();

foreach ($limiterConfigs[$route] as $id => $config) {
Expand All @@ -74,12 +75,11 @@ public function onController(ControllerEvent $event)
if (!$this->locator->has($limiterId)) {
continue;
}

/** @var RateLimiterFactory $factory */
$factory = $this->locator->get($limiterId);
if (in_array('customer', $config['type'])) {
if (in_array('customer', $config['type']) || in_array('user', $config['type'])) {
$User = $this->requestContext->getCurrentUser();
if ($User instanceof Customer) {
if ($User instanceof UserInterface) {
$limiter = $factory->create($User->getId());
if (!$limiter->consume()->isAccepted()) {
throw new TooManyRequestsHttpException();
Expand Down

0 comments on commit 3b0883e

Please sign in to comment.