54 lines
1.6 KiB
PHP
54 lines
1.6 KiB
PHP
<?php
|
|
/**
|
|
* Simple Rate Limiting Middleware
|
|
*/
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Middleware;
|
|
|
|
final class RateLimitMiddleware
|
|
{
|
|
/**
|
|
* Basic file-based rate limiter to keep dependencies zero.
|
|
* In a production multi-server setup, switch this to Redis/DB.
|
|
*/
|
|
public static function check(int $maxRequests = 60, int $timeWindow = 60): void
|
|
{
|
|
$ip = $_SERVER['REMOTE_ADDR'] ?? 'unknown';
|
|
$cacheDir = STORAGE_PATH . '/cache';
|
|
$cacheFile = $cacheDir . '/rate_limit_' . md5($ip) . '.json';
|
|
|
|
// Ensure cache directory exists
|
|
if (!is_dir($cacheDir)) {
|
|
mkdir($cacheDir, 0755, true);
|
|
}
|
|
|
|
$now = time();
|
|
$requests = [];
|
|
|
|
// Read existing requests if file exists and is writable
|
|
if (file_exists($cacheFile)) {
|
|
$content = file_get_contents($cacheFile);
|
|
if ($content !== false) {
|
|
$data = json_decode($content, true);
|
|
if (is_array($data)) {
|
|
// Filter out requests older than the time window
|
|
$requests = array_filter($data, fn($timestamp) => $timestamp > ($now - $timeWindow));
|
|
}
|
|
}
|
|
}
|
|
|
|
// Check limit
|
|
if (count($requests) >= $maxRequests) {
|
|
json_error('Too Many Requests. Please try again later.', 429);
|
|
}
|
|
|
|
// Add current request
|
|
$requests[] = $now;
|
|
|
|
// Save back to file
|
|
file_put_contents($cacheFile, json_encode(array_values($requests)));
|
|
}
|
|
}
|