CardDavRateLimitingPlugin.php 2.5 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586
  1. <?php
  2. declare(strict_types=1);
  3. /*
  4. * SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
  5. * SPDX-License-Identifier: AGPL-3.0-or-later
  6. */
  7. namespace OCA\DAV\CardDAV\Security;
  8. use OC\Security\RateLimiting\Exception\RateLimitExceededException;
  9. use OC\Security\RateLimiting\Limiter;
  10. use OCA\DAV\CardDAV\CardDavBackend;
  11. use OCA\DAV\Connector\Sabre\Exception\TooManyRequests;
  12. use OCP\IAppConfig;
  13. use OCP\IUserManager;
  14. use Psr\Log\LoggerInterface;
  15. use Sabre\DAV;
  16. use Sabre\DAV\Exception\Forbidden;
  17. use Sabre\DAV\ServerPlugin;
  18. use function count;
  19. use function explode;
  20. class CardDavRateLimitingPlugin extends ServerPlugin {
  21. public function __construct(
  22. private Limiter $limiter,
  23. private IUserManager $userManager,
  24. private CardDavBackend $cardDavBackend,
  25. private LoggerInterface $logger,
  26. private IAppConfig $config,
  27. private ?string $userId,
  28. ) {
  29. $this->limiter = $limiter;
  30. $this->userManager = $userManager;
  31. $this->cardDavBackend = $cardDavBackend;
  32. $this->config = $config;
  33. $this->logger = $logger;
  34. }
  35. public function initialize(DAV\Server $server): void {
  36. $server->on('beforeBind', [$this, 'beforeBind'], 1);
  37. }
  38. public function beforeBind(string $path): void {
  39. if ($this->userId === null) {
  40. // We only care about authenticated users here
  41. return;
  42. }
  43. $user = $this->userManager->get($this->userId);
  44. if ($user === null) {
  45. // We only care about authenticated users here
  46. return;
  47. }
  48. $pathParts = explode('/', $path);
  49. if (count($pathParts) === 4 && $pathParts[0] === 'addressbooks') {
  50. // Path looks like addressbooks/users/username/addressbooksname so a new addressbook is created
  51. try {
  52. $this->limiter->registerUserRequest(
  53. 'carddav-create-address-book',
  54. $this->config->getValueInt('dav', 'rateLimitAddressBookCreation', 10),
  55. $this->config->getValueInt('dav', 'rateLimitPeriodAddressBookCreation', 3600),
  56. $user
  57. );
  58. } catch (RateLimitExceededException $e) {
  59. throw new TooManyRequests('Too many addressbooks created', 0, $e);
  60. }
  61. $addressBookLimit = $this->config->getValueInt('dav', 'maximumAdressbooks', 10);
  62. if ($addressBookLimit === -1) {
  63. return;
  64. }
  65. $numAddressbooks = $this->cardDavBackend->getAddressBooksForUserCount('principals/users/' . $user->getUID());
  66. if ($numAddressbooks >= $addressBookLimit) {
  67. $this->logger->warning('Maximum number of address books reached', [
  68. 'addressbooks' => $numAddressbooks,
  69. 'addressBookLimit' => $addressBookLimit,
  70. ]);
  71. throw new Forbidden('AddressBook limit reached', 0);
  72. }
  73. }
  74. }
  75. }