⚡ comment anti flood policy
This commit is contained in:
parent
6969ff9818
commit
d8b745a1d1
|
|
@ -1 +1 @@
|
|||
Subproject commit 0730d4a6ac8d5daccbb877a885b02f0305402906
|
||||
Subproject commit 47adf12bc89e48914c8b801e34b261c23b827fd2
|
||||
|
|
@ -3,6 +3,7 @@
|
|||
namespace App\Controller;
|
||||
|
||||
use App\Entity\Choice;
|
||||
use App\Entity\Comment;
|
||||
use App\Entity\Owner;
|
||||
use App\Entity\Poll;
|
||||
use App\Entity\StackOfVotes;
|
||||
|
|
@ -360,6 +361,39 @@ class DefaultController extends AbstractController {
|
|||
->setEmail( $data[ 'owner' ][ 'email' ] )
|
||||
->setModifierToken( uniqid() );
|
||||
}
|
||||
// anti flood
|
||||
$seconds_limit_lastpost = 5;
|
||||
$emComment = $this->getDoctrine()->getRepository( Comment::class );
|
||||
$lastCommentOfOwner = $emComment->findBy( [ 'owner' => $foundOwner ], [ 'id' => 'desc' ] );
|
||||
|
||||
// TODO anti flood by session / IP
|
||||
|
||||
if ( $lastCommentOfOwner ) {
|
||||
|
||||
|
||||
// check time of last comment
|
||||
$now = new \DateTime();
|
||||
$now = $now->format( 'Y-m-d H:i:s' );
|
||||
$date_first = strtotime( $lastCommentOfOwner[ 0 ]->getCreatedAt()->format( 'Y-m-d H:i:s' ) );
|
||||
$date_second = strtotime( $now );
|
||||
|
||||
if ( ( $date_second - $date_first ) < $seconds_limit_lastpost ) {
|
||||
return $this->json( [
|
||||
'message' => 'anti flood déclenché',
|
||||
'details' => 'votre deriner commentaire a été envoyé il y a moins de ' . $seconds_limit_lastpost . ' secondes',
|
||||
],
|
||||
403 );
|
||||
}
|
||||
|
||||
// check similar text content
|
||||
if ( $lastCommentOfOwner[ 0 ]->getText() == $comment->getText() ) {
|
||||
return $this->json( [
|
||||
'message' => 'anti flood déclenché',
|
||||
'details' => 'votre deriner commentaire a exactement le même contenu que celui ci, il n\'a donc pas été créé',
|
||||
],
|
||||
403 );
|
||||
}
|
||||
}
|
||||
$comment->setOwner( $foundOwner )
|
||||
->setCreatedAt( new \DateTime() )
|
||||
->setPoll( $poll );
|
||||
|
|
@ -373,7 +407,7 @@ class DefaultController extends AbstractController {
|
|||
return $this->json( [
|
||||
'message' => 'you created a comment',
|
||||
'data' => [
|
||||
'your_comment' => $comment,
|
||||
'your_comment' => $comment->display(),
|
||||
'poll_comments' => $poll->getComments(),
|
||||
],
|
||||
],
|
||||
|
|
@ -381,7 +415,7 @@ class DefaultController extends AbstractController {
|
|||
}
|
||||
|
||||
/**
|
||||
* add a comment on a poll
|
||||
* add a vote on a poll
|
||||
* @Post(
|
||||
* path = "/poll/{id}/vote",
|
||||
* name = "new_vote_stack",
|
||||
|
|
|
|||
|
|
@ -46,6 +46,15 @@ class Comment {
|
|||
*/
|
||||
private $poll;
|
||||
|
||||
function display() {
|
||||
return [
|
||||
'id' => $this->getId(),
|
||||
'poll' => $this->getPoll(),
|
||||
'text' => $this->getText(),
|
||||
'token' => $this->getOwner()->getModifierToken(),
|
||||
];
|
||||
}
|
||||
|
||||
function __construct() {
|
||||
$this->setCreatedAt( new \DateTime() );
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue