From 969168e53a389548af56a2be80b4e4434b41caf4 Mon Sep 17 00:00:00 2001 From: mrilyew <99399973+mrilyew@users.noreply.github.com> Date: Mon, 9 Jun 2025 15:18:49 +0300 Subject: [PATCH 1/3] new table openvk-eventdb.user-events --- VKAPI/Handlers/Wall.php | 5 +- Web/Util/EventRateLimiter.php | 59 +++++++++++++++++++++++ install/sqls/eventdb/00001-events-log.sql | 8 +++ openvk-example.yml | 9 ++++ 4 files changed, 80 insertions(+), 1 deletion(-) create mode 100644 Web/Util/EventRateLimiter.php create mode 100644 install/sqls/eventdb/00001-events-log.sql diff --git a/VKAPI/Handlers/Wall.php b/VKAPI/Handlers/Wall.php index 9113eb6e..9e4d9180 100644 --- a/VKAPI/Handlers/Wall.php +++ b/VKAPI/Handlers/Wall.php @@ -21,6 +21,7 @@ use openvk\Web\Models\Entities\Note; use openvk\Web\Models\Repositories\Notes as NotesRepo; use openvk\Web\Models\Repositories\Polls as PollsRepo; use openvk\Web\Models\Repositories\Audios as AudiosRepo; +use openvk\Web\Util\EventRateLimiter; final class Wall extends VKAPIRequestHandler { @@ -723,9 +724,11 @@ final class Wall extends VKAPIRequestHandler } if ($owner_id > 0 && $owner_id !== $this->getUser()->getId()) { - (new WallPostNotification($wallOwner, $post, $this->user->identity))->emit(); + (new WallPostNotification($wallOwner, $post, $this->getUser()->getId()))->emit(); } + EventRateLimiter::i()->writeEvent("wall.post", $this->getUser(), $wallOwner); + return (object) ["post_id" => $post->getVirtualId()]; } diff --git a/Web/Util/EventRateLimiter.php b/Web/Util/EventRateLimiter.php new file mode 100644 index 00000000..80fea28a --- /dev/null +++ b/Web/Util/EventRateLimiter.php @@ -0,0 +1,59 @@ +data = $data; + } + + public function write($edb): bool + { + $edb->getConnection()->query("INSERT INTO `user-events` VALUES (?, ?, ?, ?, ?)", ...array_values($this->data)); + + return true; + } +} + +class EventRateLimiter +{ + use TSimpleSingleton; + + public function writeEvent(string $event_name, User $initiator, ?User $reciever = null): bool + { + $eventsConfig = OPENVK_ROOT_CONF["openvk"]["preferences"]["security"]["rateLimits"]["eventsLimit"]; + if (!$eventsConfig['enable']) { + return false; + } + + if (!($e = eventdb())) { + return false; + } + + $data = [ + 'initiatorId' => $initiator->getId(), + 'initiatorIp' => null, + 'receiverId' => null, + 'eventType' => $event_name, + 'eventTime' => time() + ]; + + if ($reciever) { + $data['receiverId'] = $reciever->getId(); + } + + $newEvent = new UserEvent($data); + $newEvent->write($e); + + return true; + } +} diff --git a/install/sqls/eventdb/00001-events-log.sql b/install/sqls/eventdb/00001-events-log.sql new file mode 100644 index 00000000..dc972bec --- /dev/null +++ b/install/sqls/eventdb/00001-events-log.sql @@ -0,0 +1,8 @@ +CREATE TABLE `user-events` +( + `initiatorId` BIGINT(20) NOT NULL, + `initiatorIp` VARBINARY(16) NULL DEFAULT NULL, + `receiverId` BIGINT(20) NOT NULL, + `eventType` CHAR(25) NOT NULL, + `eventTime` BIGINT(20) NOT NULL +) ENGINE = InnoDB; diff --git a/openvk-example.yml b/openvk-example.yml index 6f26803b..784711ba 100644 --- a/openvk-example.yml +++ b/openvk-example.yml @@ -41,6 +41,15 @@ openvk: maxViolations: 50 maxViolationsAge: 120 autoban: true + eventsLimit: + enable: true + restrictionTime: 86400 + list: + groups.create: 5 + groups.sub: 50 + friends.outgoing_sub: 25 + wall.post: 500 + gifts.send: 20 blacklists: limit: 100 applyToAdmins: true From b180a28b468dc139d22276c0002a6714e031478e Mon Sep 17 00:00:00 2001 From: mrilyew <99399973+mrilyew@users.noreply.github.com> Date: Mon, 9 Jun 2025 16:15:21 +0300 Subject: [PATCH 2/3] set up common events --- VKAPI/Handlers/Wall.php | 3 +- Web/Models/Entities/Traits/TSubscribable.php | 9 ++++++ Web/Models/Entities/User.php | 3 ++ Web/Presenters/GroupPresenter.php | 3 ++ Web/Presenters/WallPresenter.php | 2 ++ Web/Util/EventRateLimiter.php | 30 +++++++++++++++++--- install/sqls/eventdb/00001-events-log.sql | 6 ++-- 7 files changed, 47 insertions(+), 9 deletions(-) diff --git a/VKAPI/Handlers/Wall.php b/VKAPI/Handlers/Wall.php index 9e4d9180..a29fc754 100644 --- a/VKAPI/Handlers/Wall.php +++ b/VKAPI/Handlers/Wall.php @@ -21,7 +21,6 @@ use openvk\Web\Models\Entities\Note; use openvk\Web\Models\Repositories\Notes as NotesRepo; use openvk\Web\Models\Repositories\Polls as PollsRepo; use openvk\Web\Models\Repositories\Audios as AudiosRepo; -use openvk\Web\Util\EventRateLimiter; final class Wall extends VKAPIRequestHandler { @@ -727,7 +726,7 @@ final class Wall extends VKAPIRequestHandler (new WallPostNotification($wallOwner, $post, $this->getUser()->getId()))->emit(); } - EventRateLimiter::i()->writeEvent("wall.post", $this->getUser(), $wallOwner); + \openvk\Web\Util\EventRateLimiter::i()->writeEvent("wall.post", $this->getUser(), $wallOwner); return (object) ["post_id" => $post->getVirtualId()]; } diff --git a/Web/Models/Entities/Traits/TSubscribable.php b/Web/Models/Entities/Traits/TSubscribable.php index 898f33a8..654ae4ac 100644 --- a/Web/Models/Entities/Traits/TSubscribable.php +++ b/Web/Models/Entities/Traits/TSubscribable.php @@ -37,6 +37,15 @@ trait TSubscribable if (!($sub->fetch())) { $ctx->table("subscriptions")->insert($data); + + # todo change + + if (str_contains(static::class, "Club")) { + \openvk\Web\Util\EventRateLimiter::i()->writeEvent("groups.sub", $user, $this); + } else { + \openvk\Web\Util\EventRateLimiter::i()->writeEvent("friends.outgoing_sub", $user, $this); + } + return true; } diff --git a/Web/Models/Entities/User.php b/Web/Models/Entities/User.php index df4da4d0..71946b34 100644 --- a/Web/Models/Entities/User.php +++ b/Web/Models/Entities/User.php @@ -114,6 +114,7 @@ class User extends RowModel public function getChandlerUser(): ChandlerUser { + # TODO cache this function return new ChandlerUser($this->getRecord()->ref("ChandlerUsers", "user")); } @@ -1043,6 +1044,8 @@ class User extends RowModel "anonymous" => $anonymous, "sent" => time(), ]); + + \openvk\Web\Util\EventRateLimiter::i()->writeEvent("gifts.send", $sender, $this); } public function ban(string $reason, bool $deleteSubscriptions = true, $unban_time = null, ?int $initiator = null): void diff --git a/Web/Presenters/GroupPresenter.php b/Web/Presenters/GroupPresenter.php index a38dacaa..088dfc9d 100644 --- a/Web/Presenters/GroupPresenter.php +++ b/Web/Presenters/GroupPresenter.php @@ -79,6 +79,9 @@ final class GroupPresenter extends OpenVKPresenter } $club->toggleSubscription($this->user->identity); + + \openvk\Web\Util\EventRateLimiter::i()->writeEvent("groups.create", $this->user->identity, $club); + $this->redirect("/club" . $club->getId()); } else { $this->flashFail("err", tr("error"), tr("error_no_group_name")); diff --git a/Web/Presenters/WallPresenter.php b/Web/Presenters/WallPresenter.php index dbdfdde0..3311c777 100644 --- a/Web/Presenters/WallPresenter.php +++ b/Web/Presenters/WallPresenter.php @@ -432,6 +432,8 @@ final class WallPresenter extends OpenVKPresenter } } + \openvk\Web\Util\EventRateLimiter::i()->writeEvent("wall.post", $this->user->identity, $wallOwner); + if ($should_be_suggested) { $this->redirect("/club" . $wallOwner->getId() . "/suggested"); } else { diff --git a/Web/Util/EventRateLimiter.php b/Web/Util/EventRateLimiter.php index 80fea28a..e39e3c61 100644 --- a/Web/Util/EventRateLimiter.php +++ b/Web/Util/EventRateLimiter.php @@ -5,6 +5,7 @@ declare(strict_types=1); namespace openvk\Web\Util; use openvk\Web\Models\Entities\User; +use openvk\Web\Models\RowModel; use Chandler\Patterns\TSimpleSingleton; class UserEvent @@ -28,10 +29,31 @@ class EventRateLimiter { use TSimpleSingleton; - public function writeEvent(string $event_name, User $initiator, ?User $reciever = null): bool + private $config; + private $availableFields; + + public function __construct() { - $eventsConfig = OPENVK_ROOT_CONF["openvk"]["preferences"]["security"]["rateLimits"]["eventsLimit"]; - if (!$eventsConfig['enable']) { + $this->config = OPENVK_ROOT_CONF["openvk"]["preferences"]["security"]["rateLimits"]["eventsLimit"]; + $this->availableFields = array_keys($this->config['list']); + } + + public function tryToLimit(?User $user): bool + { + if (!$this->config['enable']) { + return false; + } + + if ($user->isAdmin()) { + return false; + } + + return true; + } + + public function writeEvent(string $event_name, User $initiator, ?RowModel $reciever = null): bool + { + if (!$this->config['enable']) { return false; } @@ -48,7 +70,7 @@ class EventRateLimiter ]; if ($reciever) { - $data['receiverId'] = $reciever->getId(); + $data['receiverId'] = $reciever->getRealId(); } $newEvent = new UserEvent($data); diff --git a/install/sqls/eventdb/00001-events-log.sql b/install/sqls/eventdb/00001-events-log.sql index dc972bec..3b7c4b4c 100644 --- a/install/sqls/eventdb/00001-events-log.sql +++ b/install/sqls/eventdb/00001-events-log.sql @@ -1,8 +1,8 @@ CREATE TABLE `user-events` ( - `initiatorId` BIGINT(20) NOT NULL, + `initiatorId` BIGINT(20) UNSIGNED NOT NULL, `initiatorIp` VARBINARY(16) NULL DEFAULT NULL, - `receiverId` BIGINT(20) NOT NULL, + `receiverId` BIGINT(20) NULL DEFAULT NULL, `eventType` CHAR(25) NOT NULL, - `eventTime` BIGINT(20) NOT NULL + `eventTime` BIGINT(20) UNSIGNED NOT NULL ) ENGINE = InnoDB; From 2333924089906dfc71dd1907658e3a291eca5b82 Mon Sep 17 00:00:00 2001 From: mrilyew <99399973+mrilyew@users.noreply.github.com> Date: Mon, 9 Jun 2025 17:29:18 +0300 Subject: [PATCH 3/3] add limitation errors to api --- VKAPI/Handlers/Friends.php | 4 ++++ VKAPI/Handlers/Gifts.php | 4 ++++ VKAPI/Handlers/Groups.php | 4 ++++ VKAPI/Handlers/VKAPIRequestHandler.php | 5 +++++ VKAPI/Handlers/Wall.php | 6 ++++- Web/Presenters/GiftsPresenter.php | 4 ++++ Web/Presenters/GroupPresenter.php | 4 ++++ Web/Util/EventRateLimiter.php | 31 +++++++++++++++++++++----- locales/en.strings | 2 ++ locales/ru.strings | 2 ++ openvk-example.yml | 3 ++- 11 files changed, 62 insertions(+), 7 deletions(-) diff --git a/VKAPI/Handlers/Friends.php b/VKAPI/Handlers/Friends.php index 77de7d9d..4c109e13 100644 --- a/VKAPI/Handlers/Friends.php +++ b/VKAPI/Handlers/Friends.php @@ -98,6 +98,10 @@ final class Friends extends VKAPIRequestHandler switch ($user->getSubscriptionStatus($this->getUser())) { case 0: + if (\openvk\Web\Util\EventRateLimiter::i()->tryToLimit($this->getUser(), "friends.outgoing_sub")) { + $this->failTooOften(); + } + $user->toggleSubscription($this->getUser()); return 1; diff --git a/VKAPI/Handlers/Gifts.php b/VKAPI/Handlers/Gifts.php index 9ee5d222..460f11df 100644 --- a/VKAPI/Handlers/Gifts.php +++ b/VKAPI/Handlers/Gifts.php @@ -61,6 +61,10 @@ final class Gifts extends VKAPIRequestHandler $this->fail(-105, "Commerce is disabled on this instance"); } + if (\openvk\Web\Util\EventRateLimiter::i()->tryToLimit($this->getUser(), "gifts.send", false)) { + $this->failTooOften(); + } + $user = (new UsersRepo())->get((int) $user_ids); # FAKE прогноз погоды (в данном случае user_ids) if (!$user || $user->isDeleted()) { diff --git a/VKAPI/Handlers/Groups.php b/VKAPI/Handlers/Groups.php index 8933ca5a..707dc0f4 100644 --- a/VKAPI/Handlers/Groups.php +++ b/VKAPI/Handlers/Groups.php @@ -312,6 +312,10 @@ final class Groups extends VKAPIRequestHandler $isMember = !is_null($this->getUser()) ? (int) $club->getSubscriptionStatus($this->getUser()) : 0; if ($isMember == 0) { + if (\openvk\Web\Util\EventRateLimiter::i()->tryToLimit($this->getUser(), "groups.sub")) { + $this->failTooOften(); + } + $club->toggleSubscription($this->getUser()); } diff --git a/VKAPI/Handlers/VKAPIRequestHandler.php b/VKAPI/Handlers/VKAPIRequestHandler.php index 4804a8dd..1f40fceb 100644 --- a/VKAPI/Handlers/VKAPIRequestHandler.php +++ b/VKAPI/Handlers/VKAPIRequestHandler.php @@ -25,6 +25,11 @@ abstract class VKAPIRequestHandler throw new APIErrorException($message, $code); } + protected function failTooOften(): never + { + $this->fail(9, "Rate limited"); + } + protected function getUser(): ?User { return $this->user; diff --git a/VKAPI/Handlers/Wall.php b/VKAPI/Handlers/Wall.php index a29fc754..5309f025 100644 --- a/VKAPI/Handlers/Wall.php +++ b/VKAPI/Handlers/Wall.php @@ -620,6 +620,10 @@ final class Wall extends VKAPIRequestHandler return (object) ["post_id" => $post->getVirtualId()]; } + if (\openvk\Web\Util\EventRateLimiter::i()->tryToLimit($this->getUser(), "wall.post", false)) { + $this->failTooOften(); + } + $anon = OPENVK_ROOT_CONF["openvk"]["preferences"]["wall"]["anonymousPosting"]["enable"]; if ($wallOwner instanceof Club && $from_group == 1 && $signed != 1 && $anon) { $manager = $wallOwner->getManager($this->getUser()); @@ -723,7 +727,7 @@ final class Wall extends VKAPIRequestHandler } if ($owner_id > 0 && $owner_id !== $this->getUser()->getId()) { - (new WallPostNotification($wallOwner, $post, $this->getUser()->getId()))->emit(); + (new WallPostNotification($wallOwner, $post, $this->getUser()))->emit(); } \openvk\Web\Util\EventRateLimiter::i()->writeEvent("wall.post", $this->getUser(), $wallOwner); diff --git a/Web/Presenters/GiftsPresenter.php b/Web/Presenters/GiftsPresenter.php index 007be976..f945c342 100644 --- a/Web/Presenters/GiftsPresenter.php +++ b/Web/Presenters/GiftsPresenter.php @@ -106,6 +106,10 @@ final class GiftsPresenter extends OpenVKPresenter return; } + if (\openvk\Web\Util\EventRateLimiter::i()->tryToLimit($this->user->identity, "gifts.send", false)) { + $this->flashFail("err", tr("error"), tr("limit_exceed_exception")); + } + $comment = empty($c = $this->postParam("comment")) ? null : $c; $notification = new GiftNotification($user, $this->user->identity, $gift, $comment); $notification->emit(); diff --git a/Web/Presenters/GroupPresenter.php b/Web/Presenters/GroupPresenter.php index 088dfc9d..57bdd8fd 100644 --- a/Web/Presenters/GroupPresenter.php +++ b/Web/Presenters/GroupPresenter.php @@ -63,6 +63,10 @@ final class GroupPresenter extends OpenVKPresenter if ($_SERVER["REQUEST_METHOD"] === "POST") { if (!empty($this->postParam("name")) && mb_strlen(trim($this->postParam("name"))) > 0) { + if (\openvk\Web\Util\EventRateLimiter::i()->tryToLimit($this->user->identity, "groups.create")) { + $this->flashFail("err", tr("error"), tr("limit_exceed_exception")); + } + $club = new Club(); $club->setName($this->postParam("name")); $club->setAbout(empty($this->postParam("about")) ? null : $this->postParam("about")); diff --git a/Web/Util/EventRateLimiter.php b/Web/Util/EventRateLimiter.php index e39e3c61..4cce791d 100644 --- a/Web/Util/EventRateLimiter.php +++ b/Web/Util/EventRateLimiter.php @@ -38,20 +38,41 @@ class EventRateLimiter $this->availableFields = array_keys($this->config['list']); } - public function tryToLimit(?User $user): bool + /* + Checks count of actions for last x seconds, returns true if limit has exceed + + x is OPENVK_ROOT_CONF["openvk"]["preferences"]["security"]["rateLimits"]["eventsLimit"]["restrictionTime"] + */ + public function tryToLimit(?User $user, string $event_type, bool $distinct = true): bool { if (!$this->config['enable']) { return false; } - if ($user->isAdmin()) { + if (!($e = eventdb())) { return false; } - return true; + if ($this->config['ignoreForAdmins'] && $user->isAdmin()) { + return false; + } + + $limitForThisEvent = $this->config['list'][$event_type]; + $compareTime = time() - $this->config['restrictionTime']; + + $query = "SELECT COUNT(".($distinct ? "DISTINCT(`receiverId`)" : "*").") as `cnt` FROM `user-events` WHERE `initiatorId` = ? AND `eventType` = ? AND `eventTime` > ?"; + + $result = $e->getConnection()->query($query, ...[$user->getId(), $event_type, $compareTime]); + $count = $result->fetch()->cnt; + #bdump($count); exit(); + + return $count > $limitForThisEvent; } - public function writeEvent(string $event_name, User $initiator, ?RowModel $reciever = null): bool + /* + Writes new event to `openvk-eventdb`.`user-events` + */ + public function writeEvent(string $event_type, User $initiator, ?RowModel $reciever = null): bool { if (!$this->config['enable']) { return false; @@ -65,7 +86,7 @@ class EventRateLimiter 'initiatorId' => $initiator->getId(), 'initiatorIp' => null, 'receiverId' => null, - 'eventType' => $event_name, + 'eventType' => $event_type, 'eventTime' => time() ]; diff --git a/locales/en.strings b/locales/en.strings index 1632b165..48576550 100644 --- a/locales/en.strings +++ b/locales/en.strings @@ -1657,6 +1657,8 @@ "error_geolocation" = "Error while trying to pin geolocation"; "error_no_geotag" = "There is no geo-tag pinned in this post"; +"limit_exceed_exception" = "You're doing this action too often. Try again later."; + /* Admin actions */ "login_as" = "Login as $1"; diff --git a/locales/ru.strings b/locales/ru.strings index 6366b747..9d116554 100644 --- a/locales/ru.strings +++ b/locales/ru.strings @@ -1561,6 +1561,8 @@ "error_geolocation" = "Ошибка при прикреплении геометки"; "error_no_geotag" = "У поста не указана гео-метка"; +"limit_exceed_exception" = "Вы совершаете это действие слишком часто. Повторите позже."; + /* Admin actions */ "login_as" = "Войти как $1"; diff --git a/openvk-example.yml b/openvk-example.yml index 784711ba..c92d0e2f 100644 --- a/openvk-example.yml +++ b/openvk-example.yml @@ -43,12 +43,13 @@ openvk: autoban: true eventsLimit: enable: true + ignoreForAdmins: true restrictionTime: 86400 list: groups.create: 5 groups.sub: 50 friends.outgoing_sub: 25 - wall.post: 500 + wall.post: 5000 gifts.send: 20 blacklists: limit: 100