From 4a4da10bcedb5fa43862f9e5c1e121adb8556207 Mon Sep 17 00:00:00 2001 From: Maccabee Levine Date: Mon, 16 Dec 2024 17:59:20 +0000 Subject: [PATCH 1/2] Disable turnstile globally, or if redis is selected for storage --- config/vufind/RateLimiter.yaml | 2 ++ .../VuFind/RateLimiter/RateLimiterManager.php | 23 ++++++++++++++++--- .../RateLimiter/RateLimiterManagerFactory.php | 13 +++++++++-- 3 files changed, 33 insertions(+), 5 deletions(-) diff --git a/config/vufind/RateLimiter.yaml b/config/vufind/RateLimiter.yaml index 7940673a659..7c8af90f4ef 100644 --- a/config/vufind/RateLimiter.yaml +++ b/config/vufind/RateLimiter.yaml @@ -158,6 +158,8 @@ Policies: # - storage settings for the result cache # And see the required config in contentsecuritypolicy.ini if CSP is used. #Turnstile: + #enabled: false + # These two keys are required. See also values they can be set to for testing purposes: # https://developers.cloudflare.com/turnstile/troubleshooting/testing/ #siteKey: 0x1234567890 diff --git a/module/VuFind/src/VuFind/RateLimiter/RateLimiterManager.php b/module/VuFind/src/VuFind/RateLimiter/RateLimiterManager.php index 67114c0e332..a8ede1364c3 100644 --- a/module/VuFind/src/VuFind/RateLimiter/RateLimiterManager.php +++ b/module/VuFind/src/VuFind/RateLimiter/RateLimiterManager.php @@ -56,6 +56,13 @@ class RateLimiterManager implements LoggerAwareInterface, TranslatorAwareInterfa use LoggerAwareTrait; use TranslatorAwareTrait; + /** + * Turnstile service + * + * @var Turnstile + */ + protected $turnstile = null; + /** * Current event description for logging * @@ -77,7 +84,6 @@ class RateLimiterManager implements LoggerAwareInterface, TranslatorAwareInterfa * @param string $clientIp Client's IP address * @param ?int $userId User ID or null if not logged in * @param Closure $rateLimiterFactoryCallback Rate limiter factory callback - * @param Turnstile $turnstile Turnstile service * @param IpAddressUtils $ipUtils IP address utilities */ public function __construct( @@ -85,7 +91,6 @@ public function __construct( protected string $clientIp, protected ?int $userId, protected Closure $rateLimiterFactoryCallback, - protected Turnstile $turnstile, protected IpAddressUtils $ipUtils ) { $this->clientLogDetails = "ip:$clientIp"; @@ -94,6 +99,18 @@ public function __construct( } } + /** + * Set the turnstile service instance. + * + * @param Turnstile $turnstile Turnstile service + * + * @return void + */ + public function setTurnstile(Turnstile $turnstile) + { + $this->turnstile = $turnstile; + } + /** * Check if rate limiter is enabled * @@ -152,7 +169,7 @@ public function check(EventInterface $event): array if ( $limit->isAccepted() && ($this->config['Policies'][$policyId]['turnstileRateLimiterSettings'] ?? false) && - $this->turnstile->isChallengeAllowed($event) + $this->turnstile?->isChallengeAllowed($event) ) { $turnstileLimiter = ($this->rateLimiterFactoryCallback)( $this->config, diff --git a/module/VuFind/src/VuFind/RateLimiter/RateLimiterManagerFactory.php b/module/VuFind/src/VuFind/RateLimiter/RateLimiterManagerFactory.php index bffe2f84078..e281e864dee 100644 --- a/module/VuFind/src/VuFind/RateLimiter/RateLimiterManagerFactory.php +++ b/module/VuFind/src/VuFind/RateLimiter/RateLimiterManagerFactory.php @@ -87,14 +87,23 @@ public function __invoke( $authManager = $container->get(\VuFind\Auth\Manager::class); $request = $container->get('Request'); - return new $requestedName( + $rateLimiterManager = new $requestedName( $config, $request->getServer('REMOTE_ADDR'), $authManager->getUserObject()?->getId(), Closure::fromCallable([$this, 'getRateLimiter']), - $container->get(\VuFind\RateLimiter\Turnstile\Turnstile::class), $container->get(\VuFind\Net\IpAddressUtils::class) ); + + if ( + ($config['Turnstile']['enabled'] ?? false) + && (strtolower($config['Storage']['adapter']) != 'redis') + ) { + $turnstile = $container->get(\VuFind\RateLimiter\Turnstile\Turnstile::class); + $rateLimiterManager->setTurnstile($turnstile); + } + + return $rateLimiterManager; } /** From 8ecee2326bbe722fd75b3ab1fc64bd82bfb13444 Mon Sep 17 00:00:00 2001 From: Demian Katz Date: Mon, 16 Dec 2024 13:56:43 -0500 Subject: [PATCH 2/2] Update module/VuFind/src/VuFind/RateLimiter/RateLimiterManager.php --- module/VuFind/src/VuFind/RateLimiter/RateLimiterManager.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/module/VuFind/src/VuFind/RateLimiter/RateLimiterManager.php b/module/VuFind/src/VuFind/RateLimiter/RateLimiterManager.php index a8ede1364c3..6bd4d46bd64 100644 --- a/module/VuFind/src/VuFind/RateLimiter/RateLimiterManager.php +++ b/module/VuFind/src/VuFind/RateLimiter/RateLimiterManager.php @@ -59,7 +59,7 @@ class RateLimiterManager implements LoggerAwareInterface, TranslatorAwareInterfa /** * Turnstile service * - * @var Turnstile + * @var ?Turnstile */ protected $turnstile = null;