Merge pull request #7 from jerlio/feat/set-ratelimit-by-route-in-yaml

feat: set ratelimit values by route in yaml files

Author: nalscher

README.md

@@ -75,6 +75,9 @@ Update your _config/services.yml_ like this:
 You can also create your own rate limit modifier by implementing `RateLimitModifierInterface` and tagging your service accordingly.
 
 ### Configure your routes
+
+#### With annotations
+
 Add the `@RateLimit()` annotation to your controller methods (by default, the limit will be 1000 requests per minute).
 This annotation accepts parameters to customize the rate limit. The following example shows how to limit requests on a route at the rate of 10 requests max every 2 minutes.
 :warning: This customization only works if the `limit_by_route` parameter is `true`
@@ -101,3 +104,21 @@ This annotation requires a list of endpoints and accepts parameters to customize
 * )
 */
 ```
+
+#### In YAML
+
+You also may add your rate limits in configuration files (Yaml) with the route name. If `period` or `limit` is not
+defined for a route, the bundle will take the common option.
+
+```yaml
+bedrock_rate_limit:
+    limit: 1000
+    period: 60
+
+    routes:
+        get_foobar:
+            limit: 500
+            period: 10
+        post_foobar:
+            period: 10
+```

phpunit.xml.dist

@@ -8,6 +8,7 @@
   </coverage>
   <php>
     <ini name="error_reporting" value="-1"/>
+    <ini name="date.timezone" value="UTC" />
     <server name="SHELL_VERBOSITY" value="-1"/>
     <env name="APP_ENV" value="test" />
   </php>

src/DependencyInjection/BedrockRateLimitExtension.php

@@ -31,6 +31,7 @@ public function load(array $configs, ContainerBuilder $container): void
         $container->setParameter('bedrock_rate_limit.period', $config['period']);
         $container->setParameter('bedrock_rate_limit.limit_by_route', $config['limit_by_route']);
         $container->setParameter('bedrock_rate_limit.display_headers', $config['display_headers']);
+        $container->setParameter('bedrock_rate_limit.routes', $config['routes']);
 
         $loader = new YamlFileLoader(
             $container,

src/DependencyInjection/Configuration.php

@@ -32,6 +32,14 @@ public function getConfigTreeBuilder(): TreeBuilder
                 ->booleanNode('display_headers')
                     ->defaultValue(false)
                 ->end()
+                ->arrayNode('routes')
+                    ->arrayPrototype()
+                        ->children()
+                            ->integerNode('limit')->end()
+                            ->integerNode('period')->end()
+                        ->end()
+                    ->end()
+                ->end()
             ->end()
         ;
 

src/EventListener/ReadRateLimitConfigurationListener.php

@@ -0,0 +1,73 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Bedrock\Bundle\RateLimitBundle\EventListener;
+
+use Bedrock\Bundle\RateLimitBundle\Model\RateLimit;
+use Bedrock\Bundle\RateLimitBundle\RateLimitModifier\RateLimitModifierInterface;
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+use Symfony\Component\HttpKernel\Event\ControllerEvent;
+
+class ReadRateLimitConfigurationListener implements EventSubscriberInterface
+{
+    /** @var iterable<RateLimitModifierInterface> */
+    private $rateLimitModifiers;
+    private int $limit;
+    private int $period;
+    /** @var array<string, array<string, int>> */
+    private array $routes;
+
+    /**
+     * @param RateLimitModifierInterface[]      $rateLimitModifiers
+     * @param array<string, array<string, int>> $routes
+     */
+    public function __construct(iterable $rateLimitModifiers, int $limit, int $period, array $routes)
+    {
+        foreach ($rateLimitModifiers as $rateLimitModifier) {
+            if (!($rateLimitModifier instanceof RateLimitModifierInterface)) {
+                throw new \InvalidArgumentException(('$rateLimitModifiers must be instance of '.RateLimitModifierInterface::class));
+            }
+        }
+
+        $this->rateLimitModifiers = $rateLimitModifiers;
+        $this->limit = $limit;
+        $this->period = $period;
+        $this->routes = $routes;
+    }
+
+    public function onKernelController(ControllerEvent $event): void
+    {
+        $request = $event->getRequest();
+        $routeName = strval($request->attributes->get('_route'));
+
+        if (!array_key_exists($routeName, $this->routes)) {
+            return;
+        }
+
+        $rateLimit = new RateLimit(
+            $this->routes[$routeName]['limit'] ?? $this->limit,
+            $this->routes[$routeName]['period'] ?? $this->period
+        );
+
+        $rateLimit->varyHashOn('_route', $routeName);
+
+        foreach ($this->rateLimitModifiers as $hashKeyVarier) {
+            if ($hashKeyVarier->support($request)) {
+                $hashKeyVarier->modifyRateLimit($request, $rateLimit);
+            }
+        }
+
+        $request->attributes->set('_rate_limit', $rateLimit);
+    }
+
+    /**
+     * @return array<string, string>
+     */
+    public static function getSubscribedEvents(): array
+    {
+        return [
+            ControllerEvent::class => 'onKernelController',
+        ];
+    }
+}

src/Resources/config/services.yml

@@ -13,6 +13,13 @@ services:
       $limitByRoute: '%bedrock_rate_limit.limit_by_route%'
       $rateLimitModifiers: !tagged rate_limit.modifiers
 
+  Bedrock\Bundle\RateLimitBundle\EventListener\ReadRateLimitConfigurationListener:
+    arguments:
+      $limit: '%bedrock_rate_limit.limit%'
+      $period: '%bedrock_rate_limit.period%'
+      $rateLimitModifiers: !tagged rate_limit.modifiers
+      $routes: '%bedrock_rate_limit.routes%'
+
   Bedrock\Bundle\RateLimitBundle\EventListener\ReadGraphQLRateLmitAnnotationListener:
     arguments:
       $limit: '%bedrock_rate_limit.limit%'

tests/EventListener/ReadRateLimitConfigurationListenerTest.php

@@ -0,0 +1,160 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Bedrock\Bundle\RateLimitBundle\Tests\EventListener;
+
+use Bedrock\Bundle\RateLimitBundle\EventListener\ReadRateLimitConfigurationListener;
+use Bedrock\Bundle\RateLimitBundle\Model\RateLimit;
+use Bedrock\Bundle\RateLimitBundle\RateLimitModifier\RateLimitModifierInterface;
+use PHPUnit\Framework\MockObject\MockObject;
+use PHPUnit\Framework\TestCase;
+use Symfony\Component\HttpFoundation\ParameterBag;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpKernel\Event\ControllerEvent;
+use Symfony\Component\HttpKernel\HttpKernelInterface;
+
+class ReadRateLimitConfigurationListenerTest extends TestCase
+{
+    private ReadRateLimitConfigurationListener $readRateLimitConfigurationListener;
+
+    /** @var array<RateLimitModifierInterface|MockObject> */
+    private $rateLimitModifiers;
+
+    private int $limitDefaultValue = 1000;
+
+    private int $periodDefaultValue = 60;
+
+    /**
+     * @param array<array<string, int>> $routes
+     */
+    public function createReadRateLimitConfigurationListener(array $routes): void
+    {
+        $this->readRateLimitConfigurationListener = new ReadRateLimitConfigurationListener(
+            $this->rateLimitModifiers = [
+                $this->createMock(RateLimitModifierInterface::class),
+                $this->createMock(RateLimitModifierInterface::class),
+            ],
+            $this->limitDefaultValue,
+            $this->periodDefaultValue,
+            $routes
+        );
+    }
+
+    public function testItDoesNotSetRateLimitIfNoConfigurationProvided(): void
+    {
+        $this->createReadRateLimitConfigurationListener([]);
+        $event = $this->createEvent();
+
+        $this->rateLimitModifiers[0]->expects($this->never())->method('support');
+        $this->rateLimitModifiers[1]->expects($this->never())->method('support');
+
+        $this->readRateLimitConfigurationListener->onKernelController($event);
+        $this->assertFalse($event->getRequest()->attributes->has('_rate_limit'));
+    }
+
+    public function testItSetsRateLimitIfConfigurationProvidedWithDefaultValue(): void
+    {
+        $this->createReadRateLimitConfigurationListener(['some_route_name' => []]);
+        $request = $this->createMock(Request::class);
+        $request->attributes = new ParameterBag();
+        $event = $this->createEvent($request);
+
+        $this->rateLimitModifiers[0]->expects($this->once())->method('support')->willReturn(true);
+        $rateLimit = new RateLimit($this->limitDefaultValue, $this->periodDefaultValue);
+        $rateLimit->varyHashOn('_route', 'some_route_name');
+        $this->rateLimitModifiers[0]->expects($this->once())->method('modifyRateLimit')->with($request, $rateLimit);
+
+        $this->rateLimitModifiers[1]->expects($this->once())->method('support')->willReturn(false);
+        $this->rateLimitModifiers[1]->expects($this->never())->method('modifyRateLimit');
+
+        $this->readRateLimitConfigurationListener->onKernelController($event);
+        $this->assertTrue($event->getRequest()->attributes->has('_rate_limit'));
+
+        $this->assertEquals(
+            $rateLimit,
+            $event->getRequest()->attributes->get('_rate_limit')
+        );
+    }
+
+    public function testItSetsRateLimitIfConfigurationProvidedWithCustomValue(): void
+    {
+        $this->createReadRateLimitConfigurationListener([
+            'some_route_name' => [
+                'limit' => 10,
+                'period' => 5,
+            ],
+        ]);
+        $request = $this->createMock(Request::class);
+        $request->attributes = new ParameterBag();
+        $event = $this->createEvent($request);
+
+        $this->rateLimitModifiers[0]->expects($this->once())->method('support')->willReturn(true);
+        $rateLimit = new RateLimit(10, 5);
+        $rateLimit->varyHashOn('_route', 'some_route_name');
+        $this->rateLimitModifiers[0]->expects($this->once())->method('modifyRateLimit')->with($request, $rateLimit);
+
+        $this->rateLimitModifiers[1]->expects($this->once())->method('support')->willReturn(false);
+        $this->rateLimitModifiers[1]->expects($this->never())->method('modifyRateLimit');
+
+        $this->readRateLimitConfigurationListener->onKernelController($event);
+        $this->assertTrue($event->getRequest()->attributes->has('_rate_limit'));
+
+        $this->assertEquals(
+            $rateLimit,
+            $event->getRequest()->attributes->get('_rate_limit')
+        );
+    }
+
+    public function testItSetsRateLimitIfConfigurationProvidedWithCustomValueOnMoreThanOneRoute(): void
+    {
+        $this->createReadRateLimitConfigurationListener([
+            'some_route_name' => [
+                'limit' => 100,
+            ],
+            'an_other_route' => [
+                'period' => 15,
+            ],
+        ]);
+        $request = $this->createMock(Request::class);
+        $request->attributes = new ParameterBag();
+        $event = $this->createEvent($request);
+
+        $this->rateLimitModifiers[0]->expects($this->once())->method('support')->willReturn(true);
+        $rateLimit = new RateLimit(100, $this->periodDefaultValue);
+        $rateLimit->varyHashOn('_route', 'some_route_name');
+        $this->rateLimitModifiers[0]->expects($this->once())->method('modifyRateLimit')->with($request, $rateLimit);
+
+        $this->rateLimitModifiers[1]->expects($this->once())->method('support')->willReturn(false);
+        $this->rateLimitModifiers[1]->expects($this->never())->method('modifyRateLimit');
+
+        $this->readRateLimitConfigurationListener->onKernelController($event);
+        $this->assertTrue($event->getRequest()->attributes->has('_rate_limit'));
+
+        $this->assertEquals(
+            $rateLimit,
+            $event->getRequest()->attributes->get('_rate_limit')
+        );
+    }
+
+    protected function createEvent(Request $request = null, string $serviceId = null): ControllerEvent
+    {
+        $request = $request ?? new Request();
+        $request->attributes->set('_controller', $serviceId ?? FakeInvokableClass::class);
+        $request->attributes->set('_route', 'some_route_name');
+
+        return new ControllerEvent(
+            $this->createMock(HttpKernelInterface::class),
+            new FakeInvokableClass(),
+            $request,
+            HttpKernelInterface::MASTER_REQUEST
+        );
+    }
+}
+
+class FakeInvokableClass
+{
+    public function __invoke(): void
+    {
+    }
+}