src/EventSubscriber/RateLimitSubscriber.php line 27

Open in your IDE?
  1. <?php
  3. namespace App\EventSubscriber;
  5. use App\Service\SimpleRateLimiter;
  6. use Psr\Log\LoggerInterface;
  7. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  8. use Symfony\Component\HttpFoundation\JsonResponse;
  9. use Symfony\Component\HttpKernel\Event\RequestEvent;
  10. use Symfony\Component\HttpKernel\KernelEvents;
  12. class RateLimitSubscriber implements EventSubscriberInterface
  13. {
  14.     public function __construct(
  15.         private readonly SimpleRateLimiter $limiter,
  16.         private readonly LoggerInterface $logger,
  17.     ) {
  18.     }
  20.     public static function getSubscribedEvents(): array
  21.     {
  22.         return [
  23.             KernelEvents::REQUEST => ['onKernelRequest'50],
  24.         ];
  25.     }
  27.     public function onKernelRequest(RequestEvent $event): void
  28.     {
  29.         if (!$event->isMainRequest()) {
  30.             return;
  31.         }
  33.         $request $event->getRequest();
  34.         $path $request->getPathInfo();
  35.         $method strtoupper($request->getMethod());
  37.         $rules = [
  38.             ['pattern' => '#^/api/identity/requests$#''methods' => ['POST'], 'limit' => 5'window' => 3600],
  39.             ['pattern' => '#^/api/identity/requests/\d+/proofs$#''methods' => ['POST'], 'limit' => 10'window' => 3600],
  40.             ['pattern' => '#^/api/hyper-contact/consent$#''methods' => ['POST'], 'limit' => 30'window' => 3600],
  41.             ['pattern' => '#^/api/hyper-contact/nearby$#''methods' => ['GET'], 'limit' => 120'window' => 3600],
  42.             ['pattern' => '#^/api/public-places/nearby$#''methods' => ['GET'], 'limit' => 180'window' => 3600],
  43.             ['pattern' => '#^/w1/scoring/contest$#''methods' => ['POST'], 'limit' => 20'window' => 3600],
  44.         ];
  46.         foreach ($rules as $rule) {
  47.             if (!preg_match($rule['pattern'], $path)) {
  48.                 continue;
  49.             }
  50.             if (!in_array($method$rule['methods'], true)) {
  51.                 continue;
  52.             }
  54.             $ip $request->getClientIp() ?? '0.0.0.0';
  55.             $key sprintf('%s:%s:%s'$ip$method$path);
  56.             $result $this->limiter->hit($key, (int) $rule['limit'], (int) $rule['window']);
  58.             if (!$result['allowed']) {
  59.                 $retryAfter max(1$result['reset_at'] - time());
  60.                 $response = new JsonResponse([
  61.                     'error' => 'rate_limited',
  62.                     'retry_after' => $retryAfter,
  63.                 ], 429);
  64.                 $response->headers->set('Retry-After', (string) $retryAfter);
  66.                 $this->logger->warning('rate_limited', [
  67.                     'path' => $path,
  68.                     'method' => $method,
  69.                     'ip' => $ip,
  70.                 ]);
  72.                 $event->setResponse($response);
  73.                 return;
  74.             }
  75.         }
  76.     }
  77. }