AgenticCheckoutUtils.php
4 months ago
ArrayUtils.php
2 years ago
CartController.php
1 month ago
CartTokenUtils.php
1 year ago
CheckoutTrait.php
1 month ago
DraftOrderTrait.php
1 year ago
JsonWebToken.php
11 months ago
LocalPickupUtils.php
5 months ago
NoticeHandler.php
1 year ago
OrderAuthorizationTrait.php
6 months ago
OrderController.php
1 month ago
Pagination.php
2 years ago
PaymentUtils.php
1 year ago
ProductItemTrait.php
1 month ago
ProductLinksTrait.php
3 months ago
ProductQuery.php
2 months ago
ProductQueryFilters.php
11 months ago
QuantityLimits.php
11 months ago
RateLimits.php
1 year ago
SanitizationUtils.php
2 years ago
ValidationUtils.php
2 years ago
RateLimits.php
253 lines
| 1 | <?php |
| 2 | namespace Automattic\WooCommerce\StoreApi\Utilities; |
| 3 | |
| 4 | use WC_Rate_Limiter; |
| 5 | use WC_Cache_Helper; |
| 6 | |
| 7 | /** |
| 8 | * RateLimits class. |
| 9 | */ |
| 10 | class RateLimits extends WC_Rate_Limiter { |
| 11 | |
| 12 | /** |
| 13 | * Cache group. |
| 14 | */ |
| 15 | const CACHE_GROUP = 'store_api_rate_limit'; |
| 16 | |
| 17 | /** |
| 18 | * Rate limiting enabled default value. |
| 19 | * |
| 20 | * @var boolean |
| 21 | */ |
| 22 | const ENABLED = false; |
| 23 | |
| 24 | /** |
| 25 | * Proxy support enabled default value. |
| 26 | * |
| 27 | * @var boolean |
| 28 | */ |
| 29 | const PROXY_SUPPORT = false; |
| 30 | |
| 31 | /** |
| 32 | * Default amount of max requests allowed for the defined timeframe. |
| 33 | * |
| 34 | * @var int |
| 35 | */ |
| 36 | const LIMIT = 25; |
| 37 | |
| 38 | /** |
| 39 | * Default time in seconds before rate limits are reset. |
| 40 | * |
| 41 | * @var int |
| 42 | */ |
| 43 | const SECONDS = 10; |
| 44 | |
| 45 | /** |
| 46 | * Gets a cache prefix. |
| 47 | * |
| 48 | * @param string $action_id Identifier of the action. |
| 49 | * @return string |
| 50 | */ |
| 51 | protected static function get_cache_key( $action_id ): string { |
| 52 | return WC_Cache_Helper::get_cache_prefix( 'store_api_rate_limit' . $action_id ); |
| 53 | } |
| 54 | |
| 55 | /** |
| 56 | * Get current rate limit row from DB and normalize types. This query is not cached, and returns |
| 57 | * a new rate limit row if none exists. |
| 58 | * |
| 59 | * @param string $action_id Identifier of the action. |
| 60 | * |
| 61 | * @return object Object containing reset and remaining. |
| 62 | */ |
| 63 | protected static function get_rate_limit_row( string $action_id ): object { |
| 64 | global $wpdb; |
| 65 | |
| 66 | $time = time(); |
| 67 | |
| 68 | $row = $wpdb->get_row( |
| 69 | $wpdb->prepare( |
| 70 | " |
| 71 | SELECT rate_limit_expiry as reset, rate_limit_remaining as remaining |
| 72 | FROM {$wpdb->prefix}wc_rate_limits |
| 73 | WHERE rate_limit_key = %s |
| 74 | AND rate_limit_expiry > %s |
| 75 | ", |
| 76 | $action_id, |
| 77 | $time |
| 78 | ), |
| 79 | 'OBJECT' |
| 80 | ); |
| 81 | |
| 82 | if ( empty( $row ) ) { |
| 83 | $options = self::get_options(); |
| 84 | |
| 85 | return (object) [ |
| 86 | 'reset' => (int) $options->seconds + $time, |
| 87 | 'remaining' => (int) $options->limit, |
| 88 | ]; |
| 89 | } |
| 90 | |
| 91 | return (object) [ |
| 92 | 'reset' => (int) $row->reset, |
| 93 | 'remaining' => (int) $row->remaining, |
| 94 | ]; |
| 95 | } |
| 96 | |
| 97 | /** |
| 98 | * Returns current rate limit values using cache where possible. |
| 99 | * |
| 100 | * @param string $action_id Identifier of the action. |
| 101 | * |
| 102 | * @return object |
| 103 | */ |
| 104 | public static function get_rate_limit( string $action_id ): object { |
| 105 | $current_limit = self::get_cached( $action_id ); |
| 106 | |
| 107 | if ( false === $current_limit ) { |
| 108 | $current_limit = self::get_rate_limit_row( $action_id ); |
| 109 | self::set_cache( $action_id, $current_limit ); |
| 110 | } |
| 111 | |
| 112 | return $current_limit; |
| 113 | } |
| 114 | |
| 115 | /** |
| 116 | * If exceeded, seconds until reset. |
| 117 | * |
| 118 | * @param string $action_id Identifier of the action. |
| 119 | * |
| 120 | * @return bool|int |
| 121 | */ |
| 122 | public static function is_exceeded_retry_after( string $action_id ) { |
| 123 | $current_limit = self::get_rate_limit( $action_id ); |
| 124 | $time = time(); |
| 125 | // Before the next run is allowed, retry forbidden. |
| 126 | if ( $time <= (int) $current_limit->reset && 0 === (int) $current_limit->remaining ) { |
| 127 | return (int) $current_limit->reset - $time; |
| 128 | } |
| 129 | |
| 130 | // After the next run is allowed, retry allowed. |
| 131 | return false; |
| 132 | } |
| 133 | |
| 134 | /** |
| 135 | * Sets the rate limit delay in seconds for action with identifier $id. |
| 136 | * |
| 137 | * @param string $action_id Identifier of the action. |
| 138 | * |
| 139 | * @return object Current rate limits. |
| 140 | */ |
| 141 | public static function update_rate_limit( string $action_id ): object { |
| 142 | global $wpdb; |
| 143 | |
| 144 | $options = self::get_options(); |
| 145 | $time = time(); |
| 146 | $rate_limit_expiry = $time + (int) $options->seconds; |
| 147 | |
| 148 | $wpdb->query( |
| 149 | $wpdb->prepare( |
| 150 | "INSERT INTO {$wpdb->prefix}wc_rate_limits |
| 151 | (`rate_limit_key`, `rate_limit_expiry`, `rate_limit_remaining`) |
| 152 | VALUES |
| 153 | (%s, %d, %d) |
| 154 | ON DUPLICATE KEY UPDATE |
| 155 | `rate_limit_remaining` = IF(`rate_limit_expiry` < %d, VALUES(`rate_limit_remaining`), GREATEST(`rate_limit_remaining` - 1, 0)), |
| 156 | `rate_limit_expiry` = IF(`rate_limit_expiry` < %d, VALUES(`rate_limit_expiry`), `rate_limit_expiry`); |
| 157 | ", |
| 158 | $action_id, |
| 159 | $rate_limit_expiry, |
| 160 | (int) $options->limit - 1, |
| 161 | $time, |
| 162 | $time |
| 163 | ) |
| 164 | ); |
| 165 | |
| 166 | $current_limit = self::get_rate_limit_row( $action_id ); |
| 167 | |
| 168 | self::set_cache( $action_id, $current_limit ); |
| 169 | |
| 170 | return $current_limit; |
| 171 | } |
| 172 | |
| 173 | /** |
| 174 | * Retrieve a cached store api rate limit. |
| 175 | * |
| 176 | * @param string $action_id Identifier of the action. |
| 177 | * @return false|object |
| 178 | */ |
| 179 | protected static function get_cached( $action_id ) { |
| 180 | return wp_cache_get( self::get_cache_key( $action_id ), self::CACHE_GROUP ); |
| 181 | } |
| 182 | |
| 183 | /** |
| 184 | * Cache a rate limit. |
| 185 | * |
| 186 | * @param string $action_id Identifier of the action. |
| 187 | * @param object $current_limit Current limit object with expiry and retries remaining. |
| 188 | * @return bool |
| 189 | */ |
| 190 | protected static function set_cache( $action_id, $current_limit ): bool { |
| 191 | return wp_cache_set( self::get_cache_key( $action_id ), $current_limit, self::CACHE_GROUP ); |
| 192 | } |
| 193 | |
| 194 | /** |
| 195 | * Return options for Rate Limits, to be returned by the "woocommerce_store_api_rate_limit_options" filter. |
| 196 | * |
| 197 | * @return object Default options. |
| 198 | */ |
| 199 | public static function get_options(): object { |
| 200 | $default_options = [ |
| 201 | /** |
| 202 | * Filters the Store API rate limit check, which is disabled by default. |
| 203 | * |
| 204 | * This can be used also to disable the rate limit check when testing API endpoints via a REST API client. |
| 205 | */ |
| 206 | 'enabled' => self::ENABLED, |
| 207 | |
| 208 | /** |
| 209 | * Filters whether proxy support is enabled for the Store API rate limit check. This is disabled by default. |
| 210 | * |
| 211 | * If the store is behind a proxy, load balancer, CDN etc. the user can enable this to properly obtain |
| 212 | * the client's IP address through standard transport headers. |
| 213 | */ |
| 214 | 'proxy_support' => self::PROXY_SUPPORT, |
| 215 | |
| 216 | 'limit' => self::LIMIT, |
| 217 | 'seconds' => self::SECONDS, |
| 218 | ]; |
| 219 | |
| 220 | return (object) array_merge( // By using array_merge we ensure we get a properly populated options object. |
| 221 | $default_options, |
| 222 | /** |
| 223 | * Filters options for Rate Limits. |
| 224 | * |
| 225 | * @param array $rate_limit_options Array of option values. |
| 226 | * @return array |
| 227 | * |
| 228 | * @since 8.9.0 |
| 229 | */ |
| 230 | apply_filters( |
| 231 | 'woocommerce_store_api_rate_limit_options', |
| 232 | $default_options |
| 233 | ) |
| 234 | ); |
| 235 | } |
| 236 | |
| 237 | /** |
| 238 | * Gets a single option through provided name. |
| 239 | * |
| 240 | * @param string $option Option name. |
| 241 | * |
| 242 | * @return mixed |
| 243 | */ |
| 244 | public static function get_option( $option ) { |
| 245 | |
| 246 | if ( ! is_string( $option ) || ! defined( 'RateLimits::' . strtoupper( $option ) ) ) { |
| 247 | return null; |
| 248 | } |
| 249 | |
| 250 | return self::get_options()[ $option ]; |
| 251 | } |
| 252 | } |
| 253 |