Add rate limits for API too

Disallow API access to banned users
lmao??
2025-07-07 00:09:48 +03:00 · 2023-02-08 13:20:50 +02:00 · 2023-02-08 13:14:47 +02:00
9 changed files with 39 additions and 0 deletions
--- a/VKAPI/Handlers/Account.php
+++ b/VKAPI/Handlers/Account.php
@ -80,6 +80,8 @@ final class Account extends VKAPIRequestHandler
    function saveProfileInfo(string $first_name = "", string $last_name = "", string $screen_name = "", int $sex = -1, int $relation = -1, string $bdate = "", int $bdate_visibility = -1, string $home_town = "", string $status = ""): object 
    {
        $this->requireUser();
        $this->willExecuteWriteAction();
        $user = $this->getUser();
        $output = [
--- a/VKAPI/Handlers/Friends.php
+++ b/VKAPI/Handlers/Friends.php
@ -66,6 +66,7 @@ final class Friends extends VKAPIRequestHandler
 	function add(string $user_id): int
 	{
 		$this->requireUser();
        $this->willExecuteWriteAction();
 		$users = new UsersRepo;
 		$user  = $users->get(intval($user_id));
@ -96,6 +97,7 @@ final class Friends extends VKAPIRequestHandler
 	function delete(string $user_id): int
 	{
 		$this->requireUser();
        $this->willExecuteWriteAction();
 		$users = new UsersRepo;
--- a/VKAPI/Handlers/Groups.php
+++ b/VKAPI/Handlers/Groups.php
@ -237,6 +237,7 @@ final class Groups extends VKAPIRequestHandler
    function join(int $group_id)
    {
        $this->requireUser();
        $this->willExecuteWriteAction();
        $club = (new ClubsRepo)->get($group_id);
@ -251,6 +252,7 @@ final class Groups extends VKAPIRequestHandler
    function leave(int $group_id)
    {
        $this->requireUser();
        $this->willExecuteWriteAction();
        $club = (new ClubsRepo)->get($group_id);
--- a/VKAPI/Handlers/Likes.php
+++ b/VKAPI/Handlers/Likes.php
@ -8,6 +8,7 @@ final class Likes extends VKAPIRequestHandler
 	function add(string $type, int $owner_id, int $item_id): object
 	{
 		$this->requireUser();
        $this->willExecuteWriteAction();
        switch($type) {
            case "post":
@ -28,6 +29,7 @@ final class Likes extends VKAPIRequestHandler
 	function delete(string $type, int $owner_id, int $item_id): object
 	{
 		$this->requireUser();
        $this->willExecuteWriteAction();
        switch($type) {
            case "post":
--- a/VKAPI/Handlers/Messages.php
+++ b/VKAPI/Handlers/Messages.php
@ -68,6 +68,7 @@ final class Messages extends VKAPIRequestHandler
    function send(int $user_id = -1, int $peer_id = -1, string $domain = "", int $chat_id = -1, string $user_ids = "", string $message = "", int $sticker_id = -1)
    {
        $this->requireUser();
        $this->willExecuteWriteAction();
        if($chat_id !== -1)
            $this->fail(946, "Chats are not implemented");
@ -117,6 +118,7 @@ final class Messages extends VKAPIRequestHandler
    function delete(string $message_ids, int $spam = 0, int $delete_for_all = 0): object
    {
        $this->requireUser();
        $this->willExecuteWriteAction();
        $msgs  = new MSGRepo;
        $ids   = preg_split("%, ?%", $message_ids);
@ -136,6 +138,7 @@ final class Messages extends VKAPIRequestHandler
    function restore(int $message_id): int
    {
        $this->requireUser();
        $this->willExecuteWriteAction();
        $msg = (new MSGRepo)->get($message_id);
        if(!$msg)
--- a/VKAPI/Handlers/Polls.php
+++ b/VKAPI/Handlers/Polls.php
@ -66,6 +66,7 @@ final class Polls extends VKAPIRequestHandler
    function addVote(int $poll_id, string $answers_ids) 
    {
        $this->requireUser();
        $this->willExecuteWriteAction();
        $poll = (new PollsRepo)->get($poll_id);
@ -87,6 +88,7 @@ final class Polls extends VKAPIRequestHandler
    function deleteVote(int $poll_id) 
    {
        $this->requireUser();
        $this->willExecuteWriteAction();
        $poll = (new PollsRepo)->get($poll_id);
--- a/VKAPI/Handlers/VKAPIRequestHandler.php
+++ b/VKAPI/Handlers/VKAPIRequestHandler.php
@ -1,7 +1,9 @@
 <?php declare(strict_types=1);
 namespace openvk\VKAPI\Handlers;
 use openvk\VKAPI\Exceptions\APIErrorException;
 use openvk\Web\Models\Entities\IP;
 use openvk\Web\Models\Entities\User;
 use openvk\Web\Models\Repositories\IPs;
 abstract class VKAPIRequestHandler
 {
@ -39,4 +41,19 @@ abstract class VKAPIRequestHandler
        if(!$this->userAuthorized())
            $this->fail(5, "User authorization failed: no access_token passed.");
    }
    protected function willExecuteWriteAction(): void
    {
        $ip  = (new IPs)->get(CONNECTING_IP);
        $res = $ip->rateLimit();
        if(!($res === IP::RL_RESET || $res === IP::RL_CANEXEC)) {
            if($res === IP::RL_BANNED && OPENVK_ROOT_CONF["openvk"]["preferences"]["security"]["rateLimits"]["autoban"]) {
                $this->user->ban("User account has been suspended for breaking API terms of service", false);
                $this->fail(18, "User account has been suspended due to repeated violation of API rate limits.");
            }
            $this->fail(29, "You have been rate limited.");
        }
    }
 }
--- a/VKAPI/Handlers/Wall.php
+++ b/VKAPI/Handlers/Wall.php
@ -432,6 +432,7 @@ final class Wall extends VKAPIRequestHandler
    function post(string $owner_id, string $message = "", int $from_group = 0, int $signed = 0): object
    {
        $this->requireUser();
        $this->willExecuteWriteAction();
        $owner_id  = intval($owner_id);
@ -516,6 +517,7 @@ final class Wall extends VKAPIRequestHandler
    function repost(string $object, string $message = "") {
        $this->requireUser();
        $this->willExecuteWriteAction();
        $postArray;
        if(preg_match('/wall((?:-?)[0-9]+)_([0-9]+)/', $object, $postArray) == 0)
@ -679,6 +681,9 @@ final class Wall extends VKAPIRequestHandler
    }
    function createComment(int $owner_id, int $post_id, string $message, int $from_group = 0) {
        $this->requireUser();
        $this->willExecuteWriteAction();
        $post = (new PostsRepo)->getPostById($owner_id, $post_id);
        if(!$post || $post->isDeleted()) $this->fail(100, "One of the parameters specified was missing or invalid");
@ -714,6 +719,7 @@ final class Wall extends VKAPIRequestHandler
    function deleteComment(int $comment_id) {
        $this->requireUser();
        $this->willExecuteWriteAction();
        $comment = (new CommentsRepo)->get($comment_id);
        if(!$comment) $this->fail(100, "One of the parameters specified was missing or invalid");;
--- a/Web/Presenters/VKAPIPresenter.php
+++ b/Web/Presenters/VKAPIPresenter.php
@ -204,6 +204,9 @@ final class VKAPIPresenter extends OpenVKPresenter
            }
        }
        if(!is_null($identity) && $identity->isBanned())
            $this->fail(18, "User account is deactivated", $object, $method);
        $object       = ucfirst(strtolower($object));
        $handlerClass = "openvk\\VKAPI\\Handlers\\$object";
        if(!class_exists($handlerClass))
Author	SHA1	Message	Date
celestora	0f2a88aa68	Add rate limits for API too	2023-02-08 13:20:50 +02:00
celestora	01bd8f938c	Disallow API access to banned users lmao??	2023-02-08 13:14:47 +02:00