src/EventListener/ApiRateLimitGenerateKeyListener.php line 35

Open in your IDE?
  1. <?php
  3. namespace App\EventListener;
  5. use App\Manager\System\CustomerApiManager;
  6. use App\Service\EnvironmentService;
  7. use Noxlogic\RateLimitBundle\Annotation\RateLimit;
  8. use Noxlogic\RateLimitBundle\Events\CheckedRateLimitEvent;
  9. use Noxlogic\RateLimitBundle\Events\GenerateKeyEvent;
  10. use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
  12. class ApiRateLimitGenerateKeyListener
  13. {
  14. private CustomerApiManager $customerApiManager;
  16. private bool $apiSandbox;
  18. private EnvironmentService $environmentService;
  20. public function __construct(
  21. CustomerApiManager $customerApiManager,
  22. ParameterBagInterface $parameterBag,
  23. EnvironmentService $environmentService,
  24. ) {
  25. $this->customerApiManager = $customerApiManager;
  26. $this->apiSandbox = $parameterBag->get('api_sandbox');
  27. $this->environmentService = $environmentService;
  28. }
  30. public function onGenerateKey(GenerateKeyEvent $event): void
  31. {
  32. $event->addToKey($this->getBearerToken());
  33. }
  35. public function setRateLimit(CheckedRateLimitEvent $checkedRateLimitEvent): void
  36. {
  37. if (!$this->environmentService->isApi()) {
  38. return;
  39. }
  41. if (!empty($checkedRateLimitEvent->getRequest()->query->get('parentTaxonomy'))) {
  42. $checkedRateLimitEvent->setRateLimit(
  43. new RateLimit([
  44. 'limit' => 30,
  45. 'period' => 60,
  46. 'methods' => ['*'],
  47. ])
  48. );
  50. return;
  51. }
  53. if (!$this->getBearerToken()) {
  54. return;
  55. }
  57. $customerApi = $this->customerApiManager->findCustomerApi($this->getBearerToken(), $this->apiSandbox);
  58. $roles = $customerApi ? $customerApi->getCustomer()->getRoles() : [];
  60. if ($roles && in_array('ROLE_API_SYS', $roles, true)) {
  61. $checkedRateLimitEvent->setRateLimit(
  62. new RateLimit([
  63. 'limit' => 100000,
  64. 'period' => 60,
  65. 'methods' => ['*'],
  66. ])
  67. );
  68. }
  69. }
  71. public function getBearerToken(): ?string
  72. {
  73. $headers = $this->getAuthorizationHeader();
  74. // HEADER: Get the access token from the header
  75. if (!empty($headers) && preg_match('/Bearer\s(\S+)/', $headers, $matches)) {
  76. return $matches[1];
  77. }
  79. return null;
  80. }
  82. public function getAuthorizationHeader(): ?string
  83. {
  84. $headers = null;
  85. if (isset($_SERVER['Authorization'])) {
  86. $headers = trim($_SERVER['Authorization']);
  87. } elseif (isset($_SERVER['HTTP_AUTHORIZATION'])) { // Nginx or fast CGI
  88. $headers = trim($_SERVER['HTTP_AUTHORIZATION']);
  89. } elseif (function_exists('apache_request_headers')) {
  90. $requestHeaders = getallheaders();
  91. // Server-side fix for bug in old Android versions (a nice side-effect of this fix means we don't care about capitalization for Authorization)
  92. $requestHeaders = array_combine(
  93. array_map('ucwords', array_keys($requestHeaders)),
  94. array_values($requestHeaders)
  95. );
  96. if (isset($requestHeaders['Authorization'])) {
  97. $headers = trim($requestHeaders['Authorization']);
  98. }
  99. }
  101. return $headers;
  102. }
  103. }