Kaloyan/prestashop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
16b3ff94245fa0872775765de24e1ed237ff6a38
prestashop/vendor/symfony/security-http/RateLimiter/DefaultLoginRateLimiter.php
Kaloyan 16b3ff9424 Subida del módulo y tema de PrestaShop
2026-04-09 18:31:51 +02:00

64 lines
2.1 KiB
PHP
Raw Blame History

<?php
/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Symfony\Component\Security\Http\RateLimiter;
use Symfony\Component\HttpFoundation\RateLimiter\AbstractRequestRateLimiter;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\RateLimiter\RateLimiterFactory;
use Symfony\Component\Security\Core\Exception\InvalidArgumentException;
use Symfony\Component\Security\Http\SecurityRequestAttributes;
/**
* A default login throttling limiter.
*
* This limiter prevents breadth-first attacks by enforcing
* a limit on username+IP and a (higher) limit on IP.
*
* @author Wouter de Jong <wouter@wouterj.nl>
*/
final class DefaultLoginRateLimiter extends AbstractRequestRateLimiter
{
private RateLimiterFactory $globalFactory;
private RateLimiterFactory $localFactory;
private string $secret;
/**
* @param non-empty-string $secret A secret to use for hashing the IP address and username
*/
public function __construct(RateLimiterFactory $globalFactory, RateLimiterFactory $localFactory, #[\SensitiveParameter] string $secret)
{
if (!$secret) {
throw new InvalidArgumentException('A non-empty secret is required.');
}
$this->globalFactory = $globalFactory;
$this->localFactory = $localFactory;
$this->secret = $secret;
}
protected function getLimiters(Request $request): array
{
$username = $request->attributes->get(SecurityRequestAttributes::LAST_USERNAME, '');
$username = preg_match('//u', $username) ? mb_strtolower($username, 'UTF-8') : strtolower($username);
return [
$this->globalFactory->create($this->hash($request->getClientIp())),
$this->localFactory->create($this->hash($username.'-'.$request->getClientIp())),
];
}
private function hash(string $data): string
{
return strtr(substr(base64_encode(hash_hmac('sha256', $data, $this->secret, true)), 0, 8), '/+', '._');
}
}
Reference in New Issue View Git Blame Copy Permalink