mirror of
https://github.com/invoiceninja/invoiceninja.git
synced 2024-11-13 22:54:25 +01:00
Rate limit new payments
This commit is contained in:
parent
ba9178c670
commit
24a662f920
@ -11,6 +11,7 @@
|
||||
|
||||
namespace App\Http\Requests\Payment;
|
||||
|
||||
use App\Exceptions\DuplicatePaymentException;
|
||||
use App\Http\Requests\Request;
|
||||
use App\Http\ValidationRules\Credit\CreditsSumRule;
|
||||
use App\Http\ValidationRules\Credit\ValidCreditsRules;
|
||||
@ -78,7 +79,13 @@ class StorePaymentRequest extends Request
|
||||
|
||||
/** @var \App\Models\User $user */
|
||||
$user = auth()->user();
|
||||
|
||||
|
||||
if(\Illuminate\Support\Facades\Cache::has($this->ip()."|".$this->input('amount', 0)."|".$this->input('client_id', '')."|".$user->company()->company_key))
|
||||
throw new DuplicatePaymentException('Duplicate request.', 429);
|
||||
|
||||
\Illuminate\Support\Facades\Cache::put(($this->ip()."|".$this->input('amount', 0)."|".$this->input('client_id', '')."|".$user->company()->company_key), true, 1);
|
||||
|
||||
$input = $this->all();
|
||||
|
||||
$invoices_total = 0;
|
||||
|
@ -92,8 +92,7 @@ class RouteServiceProvider extends ServiceProvider
|
||||
RateLimiter::for('portal', function (Request $request) {
|
||||
return Limit::perMinute(15)->by($request->ip());
|
||||
});
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -75,6 +75,7 @@ class PaymentTest extends TestCase
|
||||
],
|
||||
],
|
||||
'date' => '2020/12/11',
|
||||
'idempotency_key' => 'xx',
|
||||
];
|
||||
|
||||
$response = $this->withHeaders([
|
||||
@ -83,7 +84,9 @@ class PaymentTest extends TestCase
|
||||
])->postJson('/api/v1/payments/', $data);
|
||||
|
||||
$response->assertStatus(200);
|
||||
|
||||
|
||||
sleep(1);
|
||||
|
||||
$response = $this->withHeaders([
|
||||
'X-API-SECRET' => config('ninja.api_secret'),
|
||||
'X-API-TOKEN' => $this->token,
|
||||
@ -1877,6 +1880,8 @@ class PaymentTest extends TestCase
|
||||
|
||||
$response->assertStatus(200);
|
||||
|
||||
sleep(1);
|
||||
|
||||
$response = $this->withHeaders([
|
||||
'X-API-SECRET' => config('ninja.api_secret'),
|
||||
'X-API-TOKEN' => $this->token,
|
||||
|
Loading…
Reference in New Issue
Block a user