From d8b745a1d1b1174376d75924d35298016b274a16 Mon Sep 17 00:00:00 2001 From: Baptiste Lemoine Date: Tue, 21 Jan 2020 10:32:56 +0100 Subject: [PATCH] :zap: comment anti flood policy --- funky-framadate-front | 2 +- src/Controller/DefaultController.php | 38 ++++++++++++++++++++++++++-- src/Entity/Comment.php | 9 +++++++ 3 files changed, 46 insertions(+), 3 deletions(-) diff --git a/funky-framadate-front b/funky-framadate-front index 0730d4a..47adf12 160000 --- a/funky-framadate-front +++ b/funky-framadate-front @@ -1 +1 @@ -Subproject commit 0730d4a6ac8d5daccbb877a885b02f0305402906 +Subproject commit 47adf12bc89e48914c8b801e34b261c23b827fd2 diff --git a/src/Controller/DefaultController.php b/src/Controller/DefaultController.php index 3e56280..6c05a09 100644 --- a/src/Controller/DefaultController.php +++ b/src/Controller/DefaultController.php @@ -3,6 +3,7 @@ namespace App\Controller; use App\Entity\Choice; +use App\Entity\Comment; use App\Entity\Owner; use App\Entity\Poll; use App\Entity\StackOfVotes; @@ -360,6 +361,39 @@ class DefaultController extends AbstractController { ->setEmail( $data[ 'owner' ][ 'email' ] ) ->setModifierToken( uniqid() ); } + // anti flood + $seconds_limit_lastpost = 5; + $emComment = $this->getDoctrine()->getRepository( Comment::class ); + $lastCommentOfOwner = $emComment->findBy( [ 'owner' => $foundOwner ], [ 'id' => 'desc' ] ); + + // TODO anti flood by session / IP + + if ( $lastCommentOfOwner ) { + + + // check time of last comment + $now = new \DateTime(); + $now = $now->format( 'Y-m-d H:i:s' ); + $date_first = strtotime( $lastCommentOfOwner[ 0 ]->getCreatedAt()->format( 'Y-m-d H:i:s' ) ); + $date_second = strtotime( $now ); + + if ( ( $date_second - $date_first ) < $seconds_limit_lastpost ) { + return $this->json( [ + 'message' => 'anti flood déclenché', + 'details' => 'votre deriner commentaire a été envoyé il y a moins de ' . $seconds_limit_lastpost . ' secondes', + ], + 403 ); + } + + // check similar text content + if ( $lastCommentOfOwner[ 0 ]->getText() == $comment->getText() ) { + return $this->json( [ + 'message' => 'anti flood déclenché', + 'details' => 'votre deriner commentaire a exactement le même contenu que celui ci, il n\'a donc pas été créé', + ], + 403 ); + } + } $comment->setOwner( $foundOwner ) ->setCreatedAt( new \DateTime() ) ->setPoll( $poll ); @@ -373,7 +407,7 @@ class DefaultController extends AbstractController { return $this->json( [ 'message' => 'you created a comment', 'data' => [ - 'your_comment' => $comment, + 'your_comment' => $comment->display(), 'poll_comments' => $poll->getComments(), ], ], @@ -381,7 +415,7 @@ class DefaultController extends AbstractController { } /** - * add a comment on a poll + * add a vote on a poll * @Post( * path = "/poll/{id}/vote", * name = "new_vote_stack", diff --git a/src/Entity/Comment.php b/src/Entity/Comment.php index 0730efe..02e5cd0 100644 --- a/src/Entity/Comment.php +++ b/src/Entity/Comment.php @@ -46,6 +46,15 @@ class Comment { */ private $poll; + function display() { + return [ + 'id' => $this->getId(), + 'poll' => $this->getPoll(), + 'text' => $this->getText(), + 'token' => $this->getOwner()->getModifierToken(), + ]; + } + function __construct() { $this->setCreatedAt( new \DateTime() ); }