Skip to content

Commit

Permalink
Merge pull request #46446 from nextcloud/update-app-api-rate-limit-key
Browse files Browse the repository at this point in the history
use "app_api" session key in rate limit middleware, "app_api_system" is deprecated
  • Loading branch information
bigcat88 authored Jul 18, 2024
2 parents 55dbf39 + 40f8204 commit a5fdd1c
Showing 1 changed file with 3 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
use OC\AppFramework\Utility\ControllerMethodReflector;
use OC\Security\RateLimiting\Exception\RateLimitExceededException;
use OC\Security\RateLimiting\Limiter;
use OC\User\Session;
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http\Attribute\AnonRateLimit;
use OCP\AppFramework\Http\Attribute\ARateLimit;
Expand Down Expand Up @@ -63,8 +64,8 @@ public function beforeController(Controller $controller, string $methodName): vo
parent::beforeController($controller, $methodName);
$rateLimitIdentifier = get_class($controller) . '::' . $methodName;

if ($this->session->exists('app_api_system')) {
// Bypass rate limiting for app_api
if ($this->userSession instanceof Session && $this->userSession->getSession()->get('app_api') === true && $this->userSession->getUser() === null) {
// if userId is not specified and the request is authenticated by AppAPI, we skip the rate limit
return;
}

Expand Down

0 comments on commit a5fdd1c

Please sign in to comment.