Skip to content

Navigation Menu

Sign in

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

[RateLimiter] [WIP] add attribute for controllers methods #59920

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: 7.3
Choose a base branch
Loading
from
Open

[RateLimiter] [WIP] add attribute for controllers methods #59920

wants to merge 5 commits into from

Conversation

RazielRodrigues
Copy link

@RazielRodrigues RazielRodrigues commented Mar 5, 2025
edited by kbond
Loading

Q A
Branch? 7.3
Bug fix? no
New feature? yes
Deprecations? no
Issues Fix #52518
License MIT

@carsonbot carsonbot added this to the 7.3 milestone Mar 5, 2025
@carsonbot
Copy link

Hey!

I see that this is your first PR. That is great! Welcome!

Symfony has a contribution guide which I suggest you to read.

In short:

  • Always add tests
  • Keep backward compatibility (see https://symfony.com/bc).
  • Bug fixes must be submitted against the lowest maintained branch where they apply (see https://symfony.com/releases)
  • Features and deprecations must be submitted against the 7.3 branch.

Review the GitHub status checks of your pull request and try to solve the reported issues. If some tests are failing, try to see if they are failing because of this change.

When two Symfony core team members approve this change, it will be merged and you will become an official Symfony contributor!
If this PR is merged in a lower version branch, it will be merged up to all maintained branches within a few days.

I am going to sit back now and wait for the reviews.

Cheers!

Carsonbot

@carsonbot

This comment was marked as resolved.

Sign in to view
@RazielRodrigues RazielRodrigues mentioned this pull request Mar 5, 2025
Open
@alexandre-daubois
Copy link
Member

Hello, first of all thank you for your interest in contributing to Symfony!

It seems the PR is incomplete. The new attribute is indeed created, but it lacks the mechanism to register it and actually rate limit methods, right?

kbond
kbond reviewed Mar 6, 2025
View reviewed changes
Copy link
Member

@kbond kbond left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @RazielRodrigues, thanks for getting this started!

This will work very similar to IsGranted and IsGrantedAttributeListener so check out the code around these.

src/Symfony/Component/RateLimiter/Attribute/RateLimitAttribute.php Outdated
* @author Raziel Rodrigues <raziel.rodrigues@outlook.pt>
*/
#[\Attribute(\Attribute::IS_REPEATABLE | \Attribute::TARGET_METHOD)]
final class RateLimit
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You'll need to rename this file to match the class name: RateLimit.php

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

src/Symfony/Component/RateLimiter/Attribute/RateLimitAttribute.php Outdated
*/
public function __construct(
public string $limiter,
public array $methods
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
public array $methods
public array $methods = [],

My thinking is: [] === all methods (the default)

src/Symfony/Component/RateLimiter/Attribute/RateLimitAttribute.php Outdated
Comment on lines 25 to 26
* @param string $limiter The name of the limiter to use
* @param array $methods Methods to apply the rate limit
Copy link
Member

@kbond kbond Mar 6, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* @param string $limiter The name of the limiter to use
* @param array $methods Methods to apply the rate limit
* @param string $limiter The configured limiter name
* @param string[] $methods Request methods to apply the rate limit (`[]` for all)

src/Symfony/Component/RateLimiter/Attribute/RateLimitAttribute.php Outdated
namespace Symfony\Component\RateLimiter\Attribute;

/**
* Add the hability to rate limit a method from a controller
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Add the hability to rate limit a method from a controller
* Rate limit the controller.

@kbond kbond changed the title [RateLimiter] add attribute for controllers methods [WIP][RateLimiter] add attribute for controllers methods Mar 6, 2025
@kbond kbond changed the title [WIP][RateLimiter] add attribute for controllers methods [RateLimiter] [WIP] add attribute for controllers methods Mar 6, 2025
@yceruto
Copy link
Member

yceruto commented Mar 6, 2025

Question: should the #[RateLimit] attribute point to an implementation of RequestRateLimiterInterface? From the linked proposal, it looks like it's referencing the factory configuration, which seems incorrect.

@kbond
Copy link
Member

kbond commented Mar 6, 2025
edited
Loading

Question: should the #[RateLimit] attribute point to an implementation of RequestRateLimiterInterface?

I'd actually forgotten about RequestRateLimiterInterface. My thinking of this features was indeed: #RateLimit('name') would use the configured rate limiter factory name. By default, the limiter would be created for a key with url, method, client ip. This could be customized with an expression - maybe even having the user available?

#[RateLimit('my_limiter', key: 'url~method~request.getClientIp()~user?.getUsername()')

But now, remembering the RequestRateLimiterInterface, I wonder if it could be leveraged...

@RazielRodrigues
Copy link
Author

Question: should the #[RateLimit] attribute point to an implementation of RequestRateLimiterInterface?

I'd actually forgotten about RequestRateLimiterInterface. My thinking of this features was indeed: #RateLimit('name') would use the configured rate limiter factory name. By default, the limiter would be created for a key with url, method, client ip. This could be customized with an expression - maybe even having the user available?

#[RateLimit('my_limiter', key: 'url~method~request.getClientIp()~user?.getUsername()')

But now, remembering the RequestRateLimiterInterface, I wonder if it could be leveraged...

Thanks for all the comments guys, I will work on this MR this week, I was a bit busy but now I am totally free to work on this merge request, ASAP I will commit the changes

@RazielRodrigues
Copy link
Author

Hello, first of all thank you for your interest in contributing to Symfony!

It seems the PR is incomplete. The new attribute is indeed created, but it lacks the mechanism to register it and actually rate limit methods, right?

Hi do you know how can I test the stuff I have done? Because I implemented the event and so on but now I need to test it and I don't know how

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kbond kbond kbond left review comments

Assignees
No one assigned
Labels
Feature RateLimiter Status: Needs Review
Projects
None yet
Milestone
7.3
Development

Successfully merging this pull request may close these issues.

[RateLimiter] controller attribute
5 participants
@RazielRodrigues @carsonbot @alexandre-daubois @yceruto @kbond
Morty Proxy This is a proxified and sanitized view of the page, visit original site.