utopia-php / abuse
A simple abuse library to manage application usage limits
Installs: 87 186
Dependents: 1
Suggesters: 0
Security: 0
Stars: 26
Watchers: 8
Forks: 23
Open Issues: 3
Requires
- php: >=8.0
- ext-curl: *
- ext-pdo: *
- ext-redis: *
- utopia-php/database: 0.53.200
Requires (Dev)
- laravel/pint: 1.5.*
- phpbench/phpbench: ^1.2
- phpstan/phpstan: ^1.9
- phpunit/phpunit: ^9.4
- dev-main
- 0.45.0
- 0.44.0
- 0.43.x-dev
- 0.43.2
- 0.43.1
- 0.43.0
- 0.42.0
- 0.41.0
- 0.40.0
- 0.39.0
- 0.38.0
- 0.37.1
- 0.37.0
- 0.36.0
- 0.35.0
- 0.34.x-dev
- 0.34.1
- 0.34.0
- 0.33.0
- 0.32.0
- 0.31.1
- 0.31.0
- 0.30.0
- 0.29.0
- 0.28.0
- 0.27.0
- 0.26.0
- 0.25.0
- 0.24.0
- 0.23.0
- 0.22.1
- 0.22.0
- 0.21.0
- 0.20.0
- 0.19.0
- 0.18.0
- 0.17.0
- 0.16.0
- 0.15.0
- 0.14.0
- 0.13.1
- 0.13.0
- 0.12.0
- 0.11.0
- 0.10.0
- 0.9.0
- 0.8.0
- 0.7.0
- 0.6.3
- 0.6.2
- 0.6.1
- 0.6.0
- 0.5.0
- 0.4.2
- 0.4.1
- 0.4.0
- 0.3.1
- 0.3.0
- 0.2.2
- 0.2.1
- 0.2.0
- v0.1.0
- dev-add-support-for-sharding-adapter
- dev-chore-update-database
- dev-feat-redis-adapter
- dev-ver-bump
- dev-feat-use-utopia-base-for-tests
- dev-add-key-attribute
- dev-query-merge
- dev-refactor-permissions
This package is auto-updated.
Last update: 2024-12-20 16:19:25 UTC
README
Utopia framework abuse library is simple and lite library for managing application usage limits. This library is aiming to be as simple and easy to learn and use. This library is maintained by the Appwrite team.
Although this library is part of the Utopia Framework project it is dependency free, and can be used as standalone with any other PHP project or framework.
Getting Started
Install using composer:
composer require utopia-php/abuse
Time Limit Abuse
The time limit abuse allow each key (action) to be performed [X] times in given time frame. This adapter uses a MySQL / MariaDB to store usage attempts. Before using it create the table schema as documented in this repository (./data/schema.sql)
<?php require_once __DIR__ . '/../../vendor/autoload.php'; use Utopia\Abuse\Abuse; use Utopia\Abuse\Adapters\TimeLimit; use Utopia\Cache\Adapter\None as NoCache; use Utopia\Cache\Cache; use Utopia\Database\Adapter\MySQL; use Utopia\Database\Database; $dbHost = '127.0.0.1'; $dbUser = 'travis'; $dbPass = ''; $dbPort = '3306'; $pdo = new PDO("mysql:host={$dbHost};port={$dbPort};charset=utf8mb4", $dbUser, $dbPass, [ PDO::ATTR_TIMEOUT => 3, // Seconds PDO::ATTR_PERSISTENT => true, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_EMULATE_PREPARES => true, PDO::ATTR_STRINGIFY_FETCHES => true, ]); $db = new Database(new MySQL($pdo), new Cache(new NoCache())); $db->setNamespace('namespace'); // Limit login attempts to 10 time in 5 minutes time frame $adapter = new TimeLimit('login-attempt-from-{{ip}}', 10, (60 * 5), $db); $adapter->setup(); //setup database as required $adapter->setParam('{{ip}}', '127.0.0.1') ; $abuse = new Abuse($adapter); // Use vars to resolve adapter key if($abuse->check()) { throw new Exception('Service was abused!'); // throw error and return X-Rate limit headers here }
ReCaptcha Abuse
The ReCaptcha abuse controller is using Google ReCaptcha service to detect when service is being abused by bots. To use this adapter you need to create an API key from the Google ReCaptcha service admin console.
<?php require_once __DIR__ . '/../../vendor/autoload.php'; use Utopia\Abuse\Abuse; use Utopia\Abuse\Adapters\ReCaptcha; // Limit login attempts to 10 time in 5 minutes time frame $adapter = new ReCaptcha('secret-api-key', $_POST['g-recaptcha-response'], $_SERVER['REMOTE_ADDR']); $abuse = new Abuse($adapter); if($abuse->check()) { throw new Exception('Service was abused!'); // throw error and return X-Rate limit headers here }
Notice: The code above is for example purpose only. It is always recommended to validate user input before using it in your code. If you are using a load balancer or any proxy server you might need to get user IP from the HTTP_X_FORWARDED_FOR header.
System Requirements
Utopia Framework requires PHP 8.0 or later. We recommend using the latest PHP version whenever possible.
Copyright and license
The MIT License (MIT) http://www.opensource.org/licenses/mit-license.php