Rate Limit

bigreja · 21 September 2023 21:33

**Silverstripe Version: 4.13 **

Rate limit implementation on a PageController

Tried to follow the developer guide to implement a rate limit on a form submission, following

using

SilverStripe\Core\Injector\Injector:
  MyRateLimitMiddleware:
    class: SilverStripe\Control\Middleware\RateLimitMiddleware
    properties:
      ExtraKey: 'mylimiter' # this isolates your rate limiter from others
      MaxAttempts: 10 # how many attempts are allowed in a decay period
      Decay: 1 # how long the decay period is in minutes 

SilverStripe\Core\Injector\Injector:
  MyRateLimitedController:
    class: SilverStripe\Control\Middleware\RequestHandlerMiddlewareAdapter
    properties:
      RequestHandler: '%$PageController' # the fully qualified class name of your controller
      Middlewares:
        - '%$MyRateLimitMiddleware' # the rate limiter we just defined in the last step

I’ve set the RequestHandler: '%$PageController' where PageController is where I have the form submission handling, the for is submited to an action on that controller.

I’ve also tried to apply the middleware to a specific route, but without success.
Also I’ve put a debug::show under RateLimitMiddleware, and it does not get called.

Did anyone use it?
I’ve manage to develop a rate limit inside the form handling, but it’s not the best solution.

Thanks in advance

GuySartorelli · 22 September 2023 02:28

I think the key part you’re probably missing is that you need to set your page to use the newly defined MyRateLimitedController.

If you want this to be for all pages, you should be able to define that in your Page class like so:

private static $controller_name = 'MyRateLimitedController';

bigreja · 15 October 2023 15:44

This yml config creates a new class MyRateLimitMiddleware, extending RateLimitMiddleware, and injects it has a middleware to PageController.

Or do I need to have a new php file with the class MyRateLimitMiddleware?

I’ve put
private static $controller_name = ‘MyRateLimitedController’;

with no success, getting an error MyRateLimitedController class does not exist.

I’m missing something, but i can’t figure what.

bigreja · 16 October 2023 12:16

Solved it, using only yml config files, also site needs to be on live mode to apply rate limit.

---
Name: myrateLimit
---
SilverStripe\Core\Injector\Injector:
  myRateLimitMiddleware:
    class: SilverStripe\Control\Middleware\RateLimitMiddleware
    properties:
      ExtraKey: 'myRateLimit'
      MaxAttempts: 10
      Decay: 1
      Exclude:
        - '/login'
        - '/admin'
        - '/register'

---
Name: myrequestprocessors
After:
  - requestprocessors
---
SilverStripe\Core\Injector\Injector:
  SilverStripe\Control\Director:
    properties:
      Middlewares:
        myRateMiddleware: '%$myRateLimitMiddleware'