⚡ comment anti flood policy
This commit is contained in:
parent
6969ff9818
commit
d8b745a1d1
|
@ -1 +1 @@
|
||||||
Subproject commit 0730d4a6ac8d5daccbb877a885b02f0305402906
|
Subproject commit 47adf12bc89e48914c8b801e34b261c23b827fd2
|
|
@ -3,6 +3,7 @@
|
||||||
namespace App\Controller;
|
namespace App\Controller;
|
||||||
|
|
||||||
use App\Entity\Choice;
|
use App\Entity\Choice;
|
||||||
|
use App\Entity\Comment;
|
||||||
use App\Entity\Owner;
|
use App\Entity\Owner;
|
||||||
use App\Entity\Poll;
|
use App\Entity\Poll;
|
||||||
use App\Entity\StackOfVotes;
|
use App\Entity\StackOfVotes;
|
||||||
|
@ -360,6 +361,39 @@ class DefaultController extends AbstractController {
|
||||||
->setEmail( $data[ 'owner' ][ 'email' ] )
|
->setEmail( $data[ 'owner' ][ 'email' ] )
|
||||||
->setModifierToken( uniqid() );
|
->setModifierToken( uniqid() );
|
||||||
}
|
}
|
||||||
|
// anti flood
|
||||||
|
$seconds_limit_lastpost = 5;
|
||||||
|
$emComment = $this->getDoctrine()->getRepository( Comment::class );
|
||||||
|
$lastCommentOfOwner = $emComment->findBy( [ 'owner' => $foundOwner ], [ 'id' => 'desc' ] );
|
||||||
|
|
||||||
|
// TODO anti flood by session / IP
|
||||||
|
|
||||||
|
if ( $lastCommentOfOwner ) {
|
||||||
|
|
||||||
|
|
||||||
|
// check time of last comment
|
||||||
|
$now = new \DateTime();
|
||||||
|
$now = $now->format( 'Y-m-d H:i:s' );
|
||||||
|
$date_first = strtotime( $lastCommentOfOwner[ 0 ]->getCreatedAt()->format( 'Y-m-d H:i:s' ) );
|
||||||
|
$date_second = strtotime( $now );
|
||||||
|
|
||||||
|
if ( ( $date_second - $date_first ) < $seconds_limit_lastpost ) {
|
||||||
|
return $this->json( [
|
||||||
|
'message' => 'anti flood déclenché',
|
||||||
|
'details' => 'votre deriner commentaire a été envoyé il y a moins de ' . $seconds_limit_lastpost . ' secondes',
|
||||||
|
],
|
||||||
|
403 );
|
||||||
|
}
|
||||||
|
|
||||||
|
// check similar text content
|
||||||
|
if ( $lastCommentOfOwner[ 0 ]->getText() == $comment->getText() ) {
|
||||||
|
return $this->json( [
|
||||||
|
'message' => 'anti flood déclenché',
|
||||||
|
'details' => 'votre deriner commentaire a exactement le même contenu que celui ci, il n\'a donc pas été créé',
|
||||||
|
],
|
||||||
|
403 );
|
||||||
|
}
|
||||||
|
}
|
||||||
$comment->setOwner( $foundOwner )
|
$comment->setOwner( $foundOwner )
|
||||||
->setCreatedAt( new \DateTime() )
|
->setCreatedAt( new \DateTime() )
|
||||||
->setPoll( $poll );
|
->setPoll( $poll );
|
||||||
|
@ -373,7 +407,7 @@ class DefaultController extends AbstractController {
|
||||||
return $this->json( [
|
return $this->json( [
|
||||||
'message' => 'you created a comment',
|
'message' => 'you created a comment',
|
||||||
'data' => [
|
'data' => [
|
||||||
'your_comment' => $comment,
|
'your_comment' => $comment->display(),
|
||||||
'poll_comments' => $poll->getComments(),
|
'poll_comments' => $poll->getComments(),
|
||||||
],
|
],
|
||||||
],
|
],
|
||||||
|
@ -381,7 +415,7 @@ class DefaultController extends AbstractController {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* add a comment on a poll
|
* add a vote on a poll
|
||||||
* @Post(
|
* @Post(
|
||||||
* path = "/poll/{id}/vote",
|
* path = "/poll/{id}/vote",
|
||||||
* name = "new_vote_stack",
|
* name = "new_vote_stack",
|
||||||
|
|
|
@ -46,6 +46,15 @@ class Comment {
|
||||||
*/
|
*/
|
||||||
private $poll;
|
private $poll;
|
||||||
|
|
||||||
|
function display() {
|
||||||
|
return [
|
||||||
|
'id' => $this->getId(),
|
||||||
|
'poll' => $this->getPoll(),
|
||||||
|
'text' => $this->getText(),
|
||||||
|
'token' => $this->getOwner()->getModifierToken(),
|
||||||
|
];
|
||||||
|
}
|
||||||
|
|
||||||
function __construct() {
|
function __construct() {
|
||||||
$this->setCreatedAt( new \DateTime() );
|
$this->setCreatedAt( new \DateTime() );
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue