Release v1.5.1

core/services/RateLimiter.php

@@ -0,0 +1,80 @@
+<?php
+declare(strict_types=1);
+
+namespace Core\Services;
+
+use PDO;
+use Throwable;
+
+class RateLimiter
+{
+    private static bool $tableEnsured = false;
+
+    public static function tooMany(string $action, string $subjectKey, int $limit, int $windowSeconds): bool
+    {
+        if ($limit < 1 || $windowSeconds < 1) {
+            return false;
+        }
+
+        $db = Database::get();
+        if (!($db instanceof PDO)) {
+            return false;
+        }
+
+        self::ensureTable($db);
+
+        try {
+            $cutoff = date('Y-m-d H:i:s', time() - $windowSeconds);
+            $countStmt = $db->prepare("
+                SELECT COUNT(*) AS c
+                FROM ac_rate_limits
+                WHERE action_name = :action_name
+                  AND subject_key = :subject_key
+                  AND created_at >= :cutoff
+            ");
+            $countStmt->execute([
+                ':action_name' => $action,
+                ':subject_key' => $subjectKey,
+                ':cutoff' => $cutoff,
+            ]);
+            $count = (int)(($countStmt->fetch(PDO::FETCH_ASSOC)['c'] ?? 0));
+            if ($count >= $limit) {
+                return true;
+            }
+
+            $insertStmt = $db->prepare("
+                INSERT INTO ac_rate_limits (action_name, subject_key, created_at)
+                VALUES (:action_name, :subject_key, NOW())
+            ");
+            $insertStmt->execute([
+                ':action_name' => $action,
+                ':subject_key' => $subjectKey,
+            ]);
+
+            $db->exec("DELETE FROM ac_rate_limits WHERE created_at < (NOW() - INTERVAL 2 DAY)");
+        } catch (Throwable $e) {
+            return false;
+        }
+
+        return false;
+    }
+
+    private static function ensureTable(PDO $db): void
+    {
+        if (self::$tableEnsured) {
+            return;
+        }
+
+        $db->exec("
+            CREATE TABLE IF NOT EXISTS ac_rate_limits (
+                id INT UNSIGNED AUTO_INCREMENT PRIMARY KEY,
+                action_name VARCHAR(80) NOT NULL,
+                subject_key VARCHAR(191) NOT NULL,
+                created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+                KEY idx_rate_limits_lookup (action_name, subject_key, created_at)
+            ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci
+        ");
+
+        self::$tableEnsured = true;
+    }
+}