1
0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2024-11-13 22:54:25 +01:00

Rate limit new payments

This commit is contained in:
David Bomba 2024-06-18 11:24:55 +10:00
parent ba9178c670
commit 24a662f920
3 changed files with 14 additions and 3 deletions

View File

@ -11,6 +11,7 @@
namespace App\Http\Requests\Payment;
use App\Exceptions\DuplicatePaymentException;
use App\Http\Requests\Request;
use App\Http\ValidationRules\Credit\CreditsSumRule;
use App\Http\ValidationRules\Credit\ValidCreditsRules;
@ -78,7 +79,13 @@ class StorePaymentRequest extends Request
/** @var \App\Models\User $user */
$user = auth()->user();
if(\Illuminate\Support\Facades\Cache::has($this->ip()."|".$this->input('amount', 0)."|".$this->input('client_id', '')."|".$user->company()->company_key))
throw new DuplicatePaymentException('Duplicate request.', 429);
\Illuminate\Support\Facades\Cache::put(($this->ip()."|".$this->input('amount', 0)."|".$this->input('client_id', '')."|".$user->company()->company_key), true, 1);
$input = $this->all();
$invoices_total = 0;

View File

@ -92,8 +92,7 @@ class RouteServiceProvider extends ServiceProvider
RateLimiter::for('portal', function (Request $request) {
return Limit::perMinute(15)->by($request->ip());
});
}
/**

View File

@ -75,6 +75,7 @@ class PaymentTest extends TestCase
],
],
'date' => '2020/12/11',
'idempotency_key' => 'xx',
];
$response = $this->withHeaders([
@ -83,7 +84,9 @@ class PaymentTest extends TestCase
])->postJson('/api/v1/payments/', $data);
$response->assertStatus(200);
sleep(1);
$response = $this->withHeaders([
'X-API-SECRET' => config('ninja.api_secret'),
'X-API-TOKEN' => $this->token,
@ -1877,6 +1880,8 @@ class PaymentTest extends TestCase
$response->assertStatus(200);
sleep(1);
$response = $this->withHeaders([
'X-API-SECRET' => config('ninja.api_secret'),
'X-API-TOKEN' => $this->token,