⚡ comment anti flood policy

funky-framadate-front

@@ -1 +1 @@
-Subproject commit 0730d4a6ac8d5daccbb877a885b02f0305402906
+Subproject commit 47adf12bc89e48914c8b801e34b261c23b827fd2

src/Controller/DefaultController.php

@@ -3,6 +3,7 @@
 namespace App\Controller;
 
 use App\Entity\Choice;
+use App\Entity\Comment;
 use App\Entity\Owner;
 use App\Entity\Poll;
 use App\Entity\StackOfVotes;
@@ -360,6 +361,39 @@ class DefaultController extends AbstractController {
 			           ->setEmail( $data[ 'owner' ][ 'email' ] )
 			           ->setModifierToken( uniqid() );
 		}
+		// anti flood
+		$seconds_limit_lastpost = 5;
+		$emComment              = $this->getDoctrine()->getRepository( Comment::class );
+		$lastCommentOfOwner     = $emComment->findBy( [ 'owner' => $foundOwner ], [ 'id' => 'desc' ] );
+
+		// TODO anti flood by session / IP
+
+		if ( $lastCommentOfOwner ) {
+
+
+			// check time of last comment
+			$now         = new \DateTime();
+			$now         = $now->format( 'Y-m-d H:i:s' );
+			$date_first  = strtotime( $lastCommentOfOwner[ 0 ]->getCreatedAt()->format( 'Y-m-d H:i:s' ) );
+			$date_second = strtotime( $now );
+
+			if ( ( $date_second - $date_first ) < $seconds_limit_lastpost ) {
+				return $this->json( [
+					'message' => 'anti flood déclenché',
+					'details' => 'votre deriner commentaire a été envoyé il y a moins de ' . $seconds_limit_lastpost . ' secondes',
+				],
+					403 );
+			}
+
+			// check similar text content
+			if ( $lastCommentOfOwner[ 0 ]->getText() == $comment->getText() ) {
+				return $this->json( [
+					'message' => 'anti flood déclenché',
+					'details' => 'votre deriner commentaire a exactement le même contenu que celui ci, il n\'a donc pas été créé',
+				],
+					403 );
+			}
+		}
 		$comment->setOwner( $foundOwner )
 		        ->setCreatedAt( new \DateTime() )
 		        ->setPoll( $poll );
@@ -373,7 +407,7 @@ class DefaultController extends AbstractController {
 		return $this->json( [
 			'message' => 'you created a comment',
 			'data'    => [
-				'your_comment'  => $comment,
+				'your_comment'  => $comment->display(),
 				'poll_comments' => $poll->getComments(),
 			],
 		],
@@ -381,7 +415,7 @@ class DefaultController extends AbstractController {
 	}
 
 	/**
-	 * add a comment on a poll
+	 * add a vote on a poll
 	 * @Post(
 	 *     path = "/poll/{id}/vote",
 	 *     name = "new_vote_stack",

src/Entity/Comment.php

@@ -46,6 +46,15 @@ class Comment {
 	 */
 	private $poll;
 
+	function display() {
+		return [
+			'id'    => $this->getId(),
+			'poll'  => $this->getPoll(),
+			'text'  => $this->getText(),
+			'token' => $this->getOwner()->getModifierToken(),
+		];
+	}
+
 	function __construct() {
 		$this->setCreatedAt( new \DateTime() );
 	}