From 01bd8f938c605f0201d519d3725500ff766a7a22 Mon Sep 17 00:00:00 2001 From: celestora Date: Wed, 8 Feb 2023 13:14:47 +0200 Subject: [PATCH] Disallow API access to banned users lmao?? --- VKAPI/Handlers/VKAPIRequestHandler.php | 17 +++++++++++++++++ Web/Presenters/VKAPIPresenter.php | 3 +++ 2 files changed, 20 insertions(+) diff --git a/VKAPI/Handlers/VKAPIRequestHandler.php b/VKAPI/Handlers/VKAPIRequestHandler.php index e9413c12..d2fcfc74 100644 --- a/VKAPI/Handlers/VKAPIRequestHandler.php +++ b/VKAPI/Handlers/VKAPIRequestHandler.php @@ -1,7 +1,9 @@ userAuthorized()) $this->fail(5, "User authorization failed: no access_token passed."); } + + protected function willExecuteWriteAction(): void + { + $ip = (new IPs)->get(CONNECTING_IP); + $res = $ip->rateLimit(); + + if(!($res === IP::RL_RESET || $res === IP::RL_CANEXEC)) { + if($res === IP::RL_BANNED && OPENVK_ROOT_CONF["openvk"]["preferences"]["security"]["rateLimits"]["autoban"]) { + $this->user->ban("User account has been suspended for breaking API terms of service", false); + $this->fail(18, "User account has been suspended due to repeated violation of API rate limits."); + } + + $this->fail(29, "You have been rate limited."); + } + } } diff --git a/Web/Presenters/VKAPIPresenter.php b/Web/Presenters/VKAPIPresenter.php index 7c8ed39f..4cf6e050 100644 --- a/Web/Presenters/VKAPIPresenter.php +++ b/Web/Presenters/VKAPIPresenter.php @@ -204,6 +204,9 @@ final class VKAPIPresenter extends OpenVKPresenter } } + if(!is_null($identity) && $identity->isBanned()) + $this->fail(18, "User account is deactivated", $object, $method); + $object = ucfirst(strtolower($object)); $handlerClass = "openvk\\VKAPI\\Handlers\\$object"; if(!class_exists($handlerClass))