appwrite/app/controllers/shared/api.php

<?php

use Utopia\Exception;
use Utopia\Abuse\Abuse;
use Utopia\Abuse\Adapters\TimeLimit;

global $utopia, $request, $response, $register, $user, $project;

$utopia->init(function () use ($utopia, $request, $response, $register, $user, $project) {
    $route = $utopia->match($request);

    if (empty($project->getId()) && $route->getLabel('abuse-limit', 0) > 0) { // Abuse limit requires an active project scope
        throw new Exception('Missing or unknown project ID', 400);
    }

    /*
     * Abuse Check
     */
    $timeLimit = new TimeLimit($route->getLabel('abuse-key', 'url:{url},ip:{ip}'), $route->getLabel('abuse-limit', 0), $route->getLabel('abuse-time', 3600), function () use ($register) {
        return $register->get('db');
    });
    $timeLimit->setNamespace('app_'.$project->getId());
    $timeLimit
        ->setParam('{userId}', $user->getId())
        ->setParam('{userAgent}', $request->getServer('HTTP_USER_AGENT', ''))
        ->setParam('{ip}', $request->getIP())
        ->setParam('{url}', $request->getServer('HTTP_HOST', '').$route->getURL())
    ;

    //TODO make sure we get array here

    foreach ($request->getParams() as $key => $value) { // Set request params as potential abuse keys
        $timeLimit->setParam('{param-'.$key.'}', (\is_array($value)) ? \json_encode($value) : $value);
    }

    $abuse = new Abuse($timeLimit);

    if ($timeLimit->limit()) {
        $response
            ->addHeader('X-RateLimit-Limit', $timeLimit->limit())
            ->addHeader('X-RateLimit-Remaining', $timeLimit->remaining())
            ->addHeader('X-RateLimit-Reset', $timeLimit->time() + $route->getLabel('abuse-time', 3600))
        ;
    }

    if ($abuse->check() && $request->getServer('_APP_OPTIONS_ABUSE', 'enabled') !== 'disabled') {
        throw new Exception('Too many requests', 429);
    }
}, 'api');
Added source code 2019-05-09 18:54:39 +12:00			`<?php`
Updated PHP coding standards 2019-10-01 17:57:41 +13:00
Apply rate limiting only on API calls 2019-11-30 07:23:29 +13:00			`use Utopia\Exception;`
			`use Utopia\Abuse\Abuse;`
			`use Utopia\Abuse\Adapters\TimeLimit;`

			`global $utopia, $request, $response, $register, $user, $project;`

			`$utopia->init(function () use ($utopia, $request, $response, $register, $user, $project) {`
			`$route = $utopia->match($request);`

Updated coding standards 2020-06-25 08:59:04 +12:00			`if (empty($project->getId()) && $route->getLabel('abuse-limit', 0) > 0) { // Abuse limit requires an active project scope`
Fix error message when abuse is missing project ID 2020-06-18 08:08:55 +12:00			`throw new Exception('Missing or unknown project ID', 400);`
			`}`

Apply rate limiting only on API calls 2019-11-30 07:23:29 +13:00			`/*`
			`* Abuse Check`
			`*/`
			`$timeLimit = new TimeLimit($route->getLabel('abuse-key', 'url:{url},ip:{ip}'), $route->getLabel('abuse-limit', 0), $route->getLabel('abuse-time', 3600), function () use ($register) {`
			`return $register->get('db');`
			`});`
Updated $uid to $id 2020-02-17 20:16:11 +13:00			`$timeLimit->setNamespace('app_'.$project->getId());`
Apply rate limiting only on API calls 2019-11-30 07:23:29 +13:00			`$timeLimit`
Updated $uid to $id 2020-02-17 20:16:11 +13:00			`->setParam('{userId}', $user->getId())`
Apply rate limiting only on API calls 2019-11-30 07:23:29 +13:00			`->setParam('{userAgent}', $request->getServer('HTTP_USER_AGENT', ''))`
			`->setParam('{ip}', $request->getIP())`
			`->setParam('{url}', $request->getServer('HTTP_HOST', '').$route->getURL())`
			`;`

			`//TODO make sure we get array here`

			`foreach ($request->getParams() as $key => $value) { // Set request params as potential abuse keys`
Same for app directory 2020-06-20 23:20:49 +12:00			`$timeLimit->setParam('{param-'.$key.'}', (\is_array($value)) ? \json_encode($value) : $value);`
Apply rate limiting only on API calls 2019-11-30 07:23:29 +13:00			`}`

			`$abuse = new Abuse($timeLimit);`

			`if ($timeLimit->limit()) {`
			`$response`
			`->addHeader('X-RateLimit-Limit', $timeLimit->limit())`
			`->addHeader('X-RateLimit-Remaining', $timeLimit->remaining())`
			`->addHeader('X-RateLimit-Reset', $timeLimit->time() + $route->getLabel('abuse-time', 3600))`
			`;`
			`}`

			`if ($abuse->check() && $request->getServer('_APP_OPTIONS_ABUSE', 'enabled') !== 'disabled') {`
			`throw new Exception('Too many requests', 429);`
			`}`
Adding group support, upgraded FW 2020-06-26 06:32:12 +12:00			`}, 'api');`