mirror of
https://github.com/openvk/openvk
synced 2024-12-22 16:42:32 +03:00
Disallow API access to banned users
lmao??
This commit is contained in:
parent
cbec4b549f
commit
01bd8f938c
2 changed files with 20 additions and 0 deletions
|
@ -1,7 +1,9 @@
|
|||
<?php declare(strict_types=1);
|
||||
namespace openvk\VKAPI\Handlers;
|
||||
use openvk\VKAPI\Exceptions\APIErrorException;
|
||||
use openvk\Web\Models\Entities\IP;
|
||||
use openvk\Web\Models\Entities\User;
|
||||
use openvk\Web\Models\Repositories\IPs;
|
||||
|
||||
abstract class VKAPIRequestHandler
|
||||
{
|
||||
|
@ -39,4 +41,19 @@ abstract class VKAPIRequestHandler
|
|||
if(!$this->userAuthorized())
|
||||
$this->fail(5, "User authorization failed: no access_token passed.");
|
||||
}
|
||||
|
||||
protected function willExecuteWriteAction(): void
|
||||
{
|
||||
$ip = (new IPs)->get(CONNECTING_IP);
|
||||
$res = $ip->rateLimit();
|
||||
|
||||
if(!($res === IP::RL_RESET || $res === IP::RL_CANEXEC)) {
|
||||
if($res === IP::RL_BANNED && OPENVK_ROOT_CONF["openvk"]["preferences"]["security"]["rateLimits"]["autoban"]) {
|
||||
$this->user->ban("User account has been suspended for breaking API terms of service", false);
|
||||
$this->fail(18, "User account has been suspended due to repeated violation of API rate limits.");
|
||||
}
|
||||
|
||||
$this->fail(29, "You have been rate limited.");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -204,6 +204,9 @@ final class VKAPIPresenter extends OpenVKPresenter
|
|||
}
|
||||
}
|
||||
|
||||
if(!is_null($identity) && $identity->isBanned())
|
||||
$this->fail(18, "User account is deactivated", $object, $method);
|
||||
|
||||
$object = ucfirst(strtolower($object));
|
||||
$handlerClass = "openvk\\VKAPI\\Handlers\\$object";
|
||||
if(!class_exists($handlerClass))
|
||||
|
|
Loading…
Reference in a new issue