Throttle.php

Go to the documentation of this file.

<?php

namespace Rsi\Fred\Security\Check;

class Throttle extends \Rsi\Fred\Security\Check{

  public $mask = '/(\\.\\d+|(:\\d+){4})$/'; //!< IP address subnet mask (part to remove).
  public $ext = '.tht'; //!< Extension for throttle registration file.
  public $checkTtl = 300; //!< Re-use throttle info for this amount of time (seconds).
  public $logPrio = \Rsi\Fred\Log::WARNING; //!< Log prio for the warning message.
  public $limitLog = 3600; //!< Number of requests after which the subnet is added to the log.
  public $limitBan = 7200; //!< Number of requests after which the subnet is banned.
  public $interval = 3600; //!< Number of seconds after which the counter gets reset.
  public $sleep = []; //!< Extra sleep time (value, milliseconds) if the counter gets above a certain value (key, ascending).

  protected $_path = null;
  protected $_purgeLimit = null;

  protected function subnet($addr = null){
    return preg_replace($this->mask,'',$addr ?: $this->component('security')->remoteAddr);
  }

  protected function filename($addr = null){
    return $this->path . str_replace(['.',':'],'-',$this->subnet($addr)) . $this->ext;
  }

  protected function timeLine($filename){
    $f = fopen($filename,'r');
    $time = fgets($f);
    fclose($f);
    return $time;
  }

  protected function purge(){
    foreach((new \GlobIterator($this->path . '*' . $this->ext)) as $filename => $file)
      if(trim($this->timeLine($filename)) < $this->purgeLimit) \Rsi\File::unlink($filename);
  }

  protected function checkLimits($time,$count,$prev){
    if($time < $this->purgeLimit){
      $this->purge();
      return null;
    }
    if($count > $this->limitBan) return false;
    if($prev === null ? $count == $this->limitLog : ($count >= $this->limitLog) && ($prev < $this->limitLog))
      $this->component('log')->add($this->logPrio,'Subnet ' . $this->subnet() . ' getting close to ban limit',__FILE__,__LINE__);
    $sleep = null;
    foreach($this->sleep as $limit => $time){
      if($count < $limit) break;
      $sleep = $time;
    }
    if($sleep) usleep($sleep * 1000);
    return true;
  }

  public function check($expected = false){
    if(!$expected) try{
      if($exists = is_file($filename = $this->filename())){
        if((($result = $this->session->lastResult) === null) || ($this->session->lastCheck < $this->_fred->startTime - $this->checkTtl)){
          $time = $this->timeLine($filename);
          $this->session->lastResult = $result = $this->checkLimits(trim($time),$count = filesize($filename) - strlen($time),$this->session->prevCount);
          $this->session->lastCheck = $this->_fred->startTime;
          $this->session->prevCount = $count;
          if($result === null) $exists = false;
        }
        if($result === false) return false;
      }
      $f = fopen($filename,$exists ? 'a' : 'w');
      if(!$exists) fwrite($f,time() . "\n");
      fwrite($f,substr($char = date('s'),0,1) == '0' ? substr($char,1,1) : chr($char + ($char < 35 ? 87 : 30)));
      fclose($f);
      if(!$exists) chmod($filename,0666);
    }
    catch(\Exception $e){
      if($this->_fred->debug) throw $e;
    }
    return true;
  }

  public function unBan($addr){
    return \Rsi\File::unlink($this->filename($addr));
  }

  protected function getPurgeLimit(){
    if(!$this->_purgeLimit) $this->_purgeLimit = time() - $this->interval;
    return $this->_purgeLimit;
  }

  protected function getPath(){
    if(!$this->_path) $this->_path = $this->component('security')->path;
    return $this->_path;
  }

}