From fccbe405db1b39e4b580b9a9759c58c3761656d8 Mon Sep 17 00:00:00 2001
From: Khushboo Verma <43381712+vermakhushboo@users.noreply.github.com>
Date: Thu, 16 Nov 2023 23:04:38 +0530
Subject: [PATCH] Add chunkId to abuse key to prevent rate limit for SDKs

---
 app/controllers/api/storage.php | 2 +-
 app/controllers/shared/api.php  | 5 ++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/app/controllers/api/storage.php b/app/controllers/api/storage.php
index f22249e5d2..1fae48dae0 100644
--- a/app/controllers/api/storage.php
+++ b/app/controllers/api/storage.php
@@ -339,7 +339,7 @@ App::post('/v1/storage/buckets/:bucketId/files')
     ->label('audits.resource', 'file/{response.$id}')
     ->label('usage.metric', 'files.{scope}.requests.create')
     ->label('usage.params', ['bucketId:{request.bucketId}'])
-    ->label('abuse-key', 'ip:{ip},method:{method},url:{url},userId:{userId}')
+    ->label('abuse-key', 'ip:{ip},method:{method},url:{url},userId:{userId},chunkId:{chunkId}')
     ->label('abuse-limit', APP_LIMIT_WRITE_RATE_DEFAULT)
     ->label('abuse-time', APP_LIMIT_WRITE_RATE_PERIOD_DEFAULT)
     ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_KEY, APP_AUTH_TYPE_JWT])
diff --git a/app/controllers/shared/api.php b/app/controllers/shared/api.php
index b37d76a816..4ea122e3c5 100644
--- a/app/controllers/shared/api.php
+++ b/app/controllers/shared/api.php
@@ -121,13 +121,16 @@ App::init()
         $abuseKeyLabel = (!is_array($abuseKeyLabel)) ? [$abuseKeyLabel] : $abuseKeyLabel;
 
         foreach ($abuseKeyLabel as $abuseKey) {
+            $start = $request->getContentRangeStart();
+            $end = $request->getContentRangeEnd();
             $timeLimit = new TimeLimit($abuseKey, $route->getLabel('abuse-limit', 0), $route->getLabel('abuse-time', 3600), $dbForProject);
             $timeLimit
                 ->setParam('{userId}', $user->getId())
                 ->setParam('{userAgent}', $request->getUserAgent(''))
                 ->setParam('{ip}', $request->getIP())
                 ->setParam('{url}', $request->getHostname() . $route->getPath())
-                ->setParam('{method}', $request->getMethod());
+                ->setParam('{method}', $request->getMethod())
+                ->setParam('{chunkId}', (int) ($start / ($end + 1 - $start)));
             $timeLimitArray[] = $timeLimit;
         }