Exports: Added rate limits for UI exports

Just as a measure to prevent potential abuse of these potentially longer-running endpoints. Adds test to cover for ZIP exports, but applied to all formats.
2025-07-31 15:24:31 +03:00 · 2025-01-01 15:42:59 +00:00
parent 7e31725d48
commit 1ff2826678
5 changed files with 32 additions and 0 deletions
--- a/app/App/Providers/RouteServiceProvider.php
+++ b/app/App/Providers/RouteServiceProvider.php
@ -85,5 +85,12 @@ class RouteServiceProvider extends ServiceProvider
        RateLimiter::for('public', function (Request $request) {
            return Limit::perMinute(10)->by($request->ip());
        });
+
+        RateLimiter::for('exports', function (Request $request) {
+            $user = user();
+            $attempts = $user->isGuest() ? 4 : 10;
+            $key = $user->isGuest() ? $request->ip() : $user->id;
+            return Limit::perMinute($attempts)->by($key);
+        });
    }
 }
--- a/app/Exports/Controllers/BookExportController.php
+++ b/app/Exports/Controllers/BookExportController.php
@ -16,6 +16,7 @@ class BookExportController extends Controller
        protected ExportFormatter $exportFormatter,
    ) {
        $this->middleware('can:content-export');
+        $this->middleware('throttle:exports');
    }

    /**
--- a/app/Exports/Controllers/ChapterExportController.php
+++ b/app/Exports/Controllers/ChapterExportController.php
@ -16,6 +16,7 @@ class ChapterExportController extends Controller
        protected ExportFormatter $exportFormatter,
    ) {
        $this->middleware('can:content-export');
+        $this->middleware('throttle:exports');
    }

    /**
--- a/app/Exports/Controllers/PageExportController.php
+++ b/app/Exports/Controllers/PageExportController.php
@ -17,6 +17,7 @@ class PageExportController extends Controller
        protected ExportFormatter $exportFormatter,
    ) {
        $this->middleware('can:content-export');
+        $this->middleware('throttle:exports');
    }

    /**