Merge pull request #9 from xtrime-ru/access_control

Independent media rmp control.

Author: xtrime-ru

.env.docker.example

@@ -25,26 +25,28 @@ MAX_MEDIA_SIZE=31457280
 #   -1 - disable RPM check.
 #   0 - deny all request
 #   15 - 15 requests per last 60 seconds.
-DEFAULT_RPM=15
+RPM=15
+MEDIA_RPM=45
 
 # Allowed number of errors per minute
 # Examples:
 #   -1 - allow any number of errors
 #   0 - ban after first error
 #   2 - allow 2 errors per minute: ban on 3rd error.
-DEFAULT_ERRORS_LIMIT=0;
+ERRORS_LIMIT=0;
+MEDIA_ERRORS_LIMIT=2;
 
 # Json list of addresses with custom RPM and errors limits.
 # Its a WHITELIST and a BLACKLIST at same time.
 # Override DEDAULT_RPM and DEFAULT_ERRORS_LIMIT for individual IPs.
 # Example:
 #   {
-#       \"127.0.0.1\": {\"rpm\":-1, \"errorsLimit\":-1},
-#       \"1.1.1.1\": {\"rpm\":0,  \"errorsLimit\":0},
-#       \"8.8.8.8\": {\"rpm\":0,  \"errorsLimit\":0}
+#       \"127.0.0.1\": {\"rpm\":-1, \"errors_limit\":-1},
+#       \"1.1.1.1\": {\"rpm\":0, \"media_rpm\":1, \"errors_limit\":0, \"media_errors_limit\":2,},
+#       \"8.8.8.8\": {\"rpm\":0, \"errors_limit\":0}
 #   }
 CLIENTS_SETTINGS="{
-    \"127.0.0.1\": {\"rpm\":-1, \"errorsLimit\":-1}
+    \"127.0.0.1\": {\"rpm\":-1, \"errors_limit\":-1}
 }"
 
 # LOGS

.env.example

@@ -25,26 +25,28 @@ MAX_MEDIA_SIZE=31457280
 #   -1 - disable RPM check.
 #   0 - deny all request
 #   15 - 15 requests per last 60 seconds.
-DEFAULT_RPM=15
+RPM=15
+MEDIA_RPM=45
 
 # Allowed number of errors per minute
 # Examples:
 #   -1 - allow any number of errors
 #   0 - ban after first error
 #   2 - allow 2 errors per minute: ban on 3rd error.
-DEFAULT_ERRORS_LIMIT=0;
+ERRORS_LIMIT=0;
+MEDIA_ERRORS_LIMIT=2;
 
 # Json list of addresses with custom RPM and errors limits.
 # Its a WHITELIST and a BLACKLIST at same time.
 # Override DEDAULT_RPM and DEFAULT_ERRORS_LIMIT for individual IPs.
 # Example:
 #   {
-#       \"127.0.0.1\": {\"rpm\":-1, \"errorsLimit\":-1},
-#       \"1.1.1.1\": {\"rpm\":0,  \"errorsLimit\":0},
-#       \"8.8.8.8\": {\"rpm\":0,  \"errorsLimit\":0}
+#       \"127.0.0.1\": {\"rpm\":-1, \"errors_limit\":-1},
+#       \"1.1.1.1\": {\"rpm\":0, \"media_rpm\":1, \"errors_limit\":0, \"media_errors_limit\":2,},
+#       \"8.8.8.8\": {\"rpm\":0, \"errors_limit\":0}
 #   }
 CLIENTS_SETTINGS="{
-    \"127.0.0.1\": {\"rpm\":-1, \"errorsLimit\":-1}
+    \"127.0.0.1\": {\"rpm\":-1, \"errors_limit\":-1}
 }"
 
 # Set to 0 if you need to output any channels, chats, etc.

app/AccessControl/AccessControl.php

@@ -9,18 +9,28 @@ class AccessControl
 {
     /** @var User[] */
     private array $users = [];
+    /** @var User[] */
+    private array $mediaUsers = [];
 
     /** @var int Interval to remove old clients: 60 seconds */
     private const CLEANUP_INTERVAL_MS = 60*1000;
     private int $rpmLimit;
     private int $errorsLimit;
+
+    private int $mediaRpmLimit;
+    private int $mediaErrorsLimit;
+
     /** @var int[]  */
     private array $clientsSettings;
 
     public function __construct()
     {
-        $this->rpmLimit = (int) Config::getInstance()->get('access.default_rpm');
-        $this->errorsLimit = (int) Config::getInstance()->get('access.default_errors_limit');
+        $this->rpmLimit = (int) Config::getInstance()->get('access.rpm');
+        $this->errorsLimit = (int) Config::getInstance()->get('access.errors_limit');
+
+        $this->mediaRpmLimit = (int) Config::getInstance()->get('access.media_rpm');
+        $this->mediaErrorsLimit = (int) Config::getInstance()->get('access.media_errors_limit');
+
         $this->clientsSettings = (array) Config::getInstance()->get('access.clients_settings');
 
         Timer::tick(static::CLEANUP_INTERVAL_MS, function () {
@@ -33,26 +43,38 @@ private function removeOldUsers(): void
         $now = time();
         foreach ($this->users as $ip => $user) {
             if ($user->isOld($now)) {
-                $this->removeUser($ip);
+                unset($this->users[$ip]);
+            }
+        }
+        foreach ($this->mediaUsers as $ip => $user) {
+            if ($user->isOld($now)) {
+                unset($this->mediaUsers[$ip]);
             }
         }
     }
 
-    private function removeUser(string $ip): void
+    public function getOrCreateUser(string $ip, string $type = 'default'): User
     {
-        unset($this->users[$ip]);
-    }
+        if ($type === 'media') {
+            if (!isset($this->mediaUsers[$ip])) {
+                $this->mediaUsers[$ip] = new User(
+                    $this->clientsSettings[$ip]['media_rpm'] ?? $this->clientsSettings[$ip]['rpm'] ?? $this->mediaRpmLimit,
+                    $this->clientsSettings[$ip]['media_errors_limit'] ?? $this->clientsSettings[$ip]['errors_limit'] ?? $this->mediaErrorsLimit
+                );
+            }
 
-    public function getOrCreateUser($ip)
-    {
-        if (!isset($this->users[$ip])) {
-            $user = $this->users[$ip] = new User(
-                $this->clientsSettings[$ip]['rpm'] ?? $this->rpmLimit,
-                $this->clientsSettings[$ip]['errorsLimit'] ?? $this->errorsLimit
-            );
+            return $this->mediaUsers[$ip];
+        } else {
+            if (!isset($this->users[$ip])) {
+                $this->users[$ip] = new User(
+                    $this->clientsSettings[$ip]['rpm'] ?? $this->rpmLimit,
+                    $this->clientsSettings[$ip]['errors_limit'] ?? $this->errorsLimit
+                );
+            }
+
+            return $this->users[$ip];
         }
 
-        return $this->users[$ip];
     }
 
 }

app/Controller.php

@@ -72,20 +72,21 @@ class Controller {
     /**
      * Controller constructor.
      *
-     * @param Request $request
-     * @param Response $response
-     * @param Client $client
      * @param AccessControl $accessControl
      */
-    public function __construct(
-        Request $request,
-        Response $response,
-        Client $client,
-        AccessControl $accessControl
-    ) {
-        //Parse request and generate response
+    public function __construct(AccessControl $accessControl)
+    {
         $this->accessControl = $accessControl;
+    }
 
+    /**
+     * Parse request and generate response
+     *
+     * @param Request $request
+     * @param Response $response
+     * @param Client $client
+     */
+    public function process(Request $request, Response $response, Client $client) {
         $this
             ->route($request)
             ->validate()
@@ -105,7 +106,6 @@ public function __construct(
         }
 
         $response->close();
-
     }
 
     /**
@@ -123,7 +123,16 @@ private function route(Request $request): self {
             $request->server['remote_addr']
         ;
         $this->request['url'] = $request->server['request_uri'] ?? $request->server['path_info'] ?? '';
-        $this->user = $this->accessControl->getOrCreateUser($this->request['ip']);
+        $path = array_values(array_filter(explode('/', $request->server['request_uri'])));
+        $type = $path[0] ?? '';
+
+        if ($type === 'media') {
+            $accessType = 'media';
+        } else {
+            $accessType = 'default';
+        }
+
+        $this->user = $this->accessControl->getOrCreateUser($this->request['ip'], $accessType);
 
         Log::getInstance()->add([
             'remote_addr' => $this->request['ip'],
@@ -137,9 +146,6 @@ private function route(Request $request): self {
             'errors_limit' => $this->user->errorsLimit,
         ]);
 
-        $path = array_values(array_filter(explode('/', $request->server['request_uri'])));
-        $type = $path[0] ?? '';
-
         switch (true) {
             case $type === 'favicon.ico':
                 $this->response['type'] = $type;

app/Server.php

@@ -39,7 +39,7 @@ static function (Request $request, Response $response) use ($client, $accessCont
                 //иначе их данные будут в области видимости всех запросов.
 
                 //Телеграм клиент инициализируется 1 раз и используется во всех запросах.
-                new Controller($request, $response, $client, $accessControl);
+                (new Controller($accessControl))->process($request, $response, $client);
                 if (++$counter % 100 === 0) {
                 	gc_collect_cycles();
 					$counter = 0;

composer.lock

@@ -1,8 +1,8 @@
 <?php
 global $options;
 if (
-    getenv('DEFAULT_RPM') === false
-    || getenv('DEFAULT_ERRORS_LIMIT') === false
+    getenv('RPM') === false
+    || getenv('ERRORS_LIMIT') === false
     || getenv('CLIENTS_SETTINGS') === false
 ) {
     throw new RuntimeException(
@@ -40,8 +40,10 @@
         'max_size' => (int) getenv('MAX_MEDIA_SIZE'),
     ],
     'access' => [
-        'default_rpm' => (int) getenv('DEFAULT_RPM'),
-        'default_errors_limit' => (int) getenv('DEFAULT_ERRORS_LIMIT'),
+        'rpm' => (int) getenv('RPM'),
+        'errors_limit' => (int) getenv('ERRORS_LIMIT'),
+        'media_rpm' => (int) getenv('MEDIA_RPM'),
+        'media_errors_limit' => (int) getenv('MEDIA_ERRORS_LIMIT'),
         'clients_settings' => $clientsSettings,
         'only_public_channels' => (bool) getenv('ONLY_PUBLIC_CHANNELS'),
     ],