Edit File by line

<?php

[0] Fix | Delete

namespace Automattic\WooCommerce\StoreApi\Utilities;

[1] Fix | Delete

[2] Fix | Delete

use WC_Rate_Limiter;

[3] Fix | Delete

use WC_Cache_Helper;

[4] Fix | Delete

[5] Fix | Delete

/**

[6] Fix | Delete

* RateLimits class.

[7] Fix | Delete

[8] Fix | Delete

class RateLimits extends WC_Rate_Limiter {

[9] Fix | Delete

[10] Fix | Delete

/**

[11] Fix | Delete

* Cache group.

[12] Fix | Delete

[13] Fix | Delete

const CACHE_GROUP = 'store_api_rate_limit';

[14] Fix | Delete

[15] Fix | Delete

/**

[16] Fix | Delete

* Rate limiting enabled default value.

[17] Fix | Delete

[18] Fix | Delete

* @var boolean

[19] Fix | Delete

[20] Fix | Delete

const ENABLED = false;

[21] Fix | Delete

[22] Fix | Delete

/**

[23] Fix | Delete

* Proxy support enabled default value.

[24] Fix | Delete

[25] Fix | Delete

* @var boolean

[26] Fix | Delete

[27] Fix | Delete

const PROXY_SUPPORT = false;

[28] Fix | Delete

[29] Fix | Delete

/**

[30] Fix | Delete

* Default amount of max requests allowed for the defined timeframe.

[31] Fix | Delete

[32] Fix | Delete

* @var int

[33] Fix | Delete

[34] Fix | Delete

const LIMIT = 25;

[35] Fix | Delete

[36] Fix | Delete

/**

[37] Fix | Delete

* Default time in seconds before rate limits are reset.

[38] Fix | Delete

[39] Fix | Delete

* @var int

[40] Fix | Delete

[41] Fix | Delete

const SECONDS = 10;

[42] Fix | Delete

[43] Fix | Delete

/**

[44] Fix | Delete

* Gets a cache prefix.

[45] Fix | Delete

[46] Fix | Delete

* @param string $action_id Identifier of the action.

[47] Fix | Delete

* @return string

[48] Fix | Delete

[49] Fix | Delete

protected static function get_cache_key( $action_id ): string {

[50] Fix | Delete

return WC_Cache_Helper::get_cache_prefix( 'store_api_rate_limit' . $action_id );

[51] Fix | Delete

}

[52] Fix | Delete

[53] Fix | Delete

/**

[54] Fix | Delete

* Get current rate limit row from DB and normalize types. This query is not cached, and returns

[55] Fix | Delete

* a new rate limit row if none exists.

[56] Fix | Delete

[57] Fix | Delete

* @param string $action_id Identifier of the action.

[58] Fix | Delete

[59] Fix | Delete

* @return object Object containing reset and remaining.

[60] Fix | Delete

[61] Fix | Delete

protected static function get_rate_limit_row( string $action_id ): object {

[62] Fix | Delete

global $wpdb;

[63] Fix | Delete

[64] Fix | Delete

$time = time();

[65] Fix | Delete

[66] Fix | Delete

$row = $wpdb->get_row(

[67] Fix | Delete

$wpdb->prepare(

[68] Fix | Delete

[69] Fix | Delete

SELECT rate_limit_expiry as reset, rate_limit_remaining as remaining

[70] Fix | Delete

FROM {$wpdb->prefix}wc_rate_limits

[71] Fix | Delete

WHERE rate_limit_key = %s

[72] Fix | Delete

AND rate_limit_expiry > %s

[73] Fix | Delete

[74] Fix | Delete

$action_id,

[75] Fix | Delete

$time

[76] Fix | Delete

[77] Fix | Delete

'OBJECT'

[78] Fix | Delete

);

[79] Fix | Delete

[80] Fix | Delete

if ( empty( $row ) ) {

[81] Fix | Delete

$options = self::get_options();

[82] Fix | Delete

[83] Fix | Delete

return (object) [

[84] Fix | Delete

'reset' => (int) $options->seconds + $time,

[85] Fix | Delete

'remaining' => (int) $options->limit,

[86] Fix | Delete

];

[87] Fix | Delete

}

[88] Fix | Delete

[89] Fix | Delete

return (object) [

[90] Fix | Delete

'reset' => (int) $row->reset,

[91] Fix | Delete

'remaining' => (int) $row->remaining,

[92] Fix | Delete

];

[93] Fix | Delete

}

[94] Fix | Delete

[95] Fix | Delete

/**

[96] Fix | Delete

* Returns current rate limit values using cache where possible.

[97] Fix | Delete

[98] Fix | Delete

* @param string $action_id Identifier of the action.

[99] Fix | Delete

[100] Fix | Delete

* @return object

[101] Fix | Delete

[102] Fix | Delete

public static function get_rate_limit( string $action_id ): object {

[103] Fix | Delete

$current_limit = self::get_cached( $action_id );

[104] Fix | Delete

[105] Fix | Delete

if ( false === $current_limit ) {

[106] Fix | Delete

$current_limit = self::get_rate_limit_row( $action_id );

[107] Fix | Delete

self::set_cache( $action_id, $current_limit );

[108] Fix | Delete

}

[109] Fix | Delete

[110] Fix | Delete

return $current_limit;

[111] Fix | Delete

}

[112] Fix | Delete

[113] Fix | Delete

/**

[114] Fix | Delete

* If exceeded, seconds until reset.

[115] Fix | Delete

[116] Fix | Delete

* @param string $action_id Identifier of the action.

[117] Fix | Delete

[118] Fix | Delete

* @return bool|int

[119] Fix | Delete

[120] Fix | Delete

public static function is_exceeded_retry_after( string $action_id ) {

[121] Fix | Delete

$current_limit = self::get_rate_limit( $action_id );

[122] Fix | Delete

$time = time();

[123] Fix | Delete

// Before the next run is allowed, retry forbidden.

[124] Fix | Delete

if ( $time <= (int) $current_limit->reset && 0 === (int) $current_limit->remaining ) {

[125] Fix | Delete

return (int) $current_limit->reset - $time;

[126] Fix | Delete

}

[127] Fix | Delete

[128] Fix | Delete

// After the next run is allowed, retry allowed.

[129] Fix | Delete

return false;

[130] Fix | Delete

}

[131] Fix | Delete

[132] Fix | Delete

/**

[133] Fix | Delete

* Sets the rate limit delay in seconds for action with identifier $id.

[134] Fix | Delete

[135] Fix | Delete

* @param string $action_id Identifier of the action.

[136] Fix | Delete

[137] Fix | Delete

* @return object Current rate limits.

[138] Fix | Delete

[139] Fix | Delete

public static function update_rate_limit( string $action_id ): object {

[140] Fix | Delete

global $wpdb;

[141] Fix | Delete

[142] Fix | Delete

$options = self::get_options();

[143] Fix | Delete

$time = time();

[144] Fix | Delete

$rate_limit_expiry = $time + (int) $options->seconds;

[145] Fix | Delete

[146] Fix | Delete

$wpdb->query(

[147] Fix | Delete

$wpdb->prepare(

[148] Fix | Delete

"INSERT INTO {$wpdb->prefix}wc_rate_limits

[149] Fix | Delete

(`rate_limit_key`, `rate_limit_expiry`, `rate_limit_remaining`)

[150] Fix | Delete

VALUES

[151] Fix | Delete

(%s, %d, %d)

[152] Fix | Delete

ON DUPLICATE KEY UPDATE

[153] Fix | Delete

`rate_limit_remaining` = IF(`rate_limit_expiry` < %d, VALUES(`rate_limit_remaining`), GREATEST(`rate_limit_remaining` - 1, 0)),

[154] Fix | Delete

`rate_limit_expiry` = IF(`rate_limit_expiry` < %d, VALUES(`rate_limit_expiry`), `rate_limit_expiry`);

[155] Fix | Delete

[156] Fix | Delete

$action_id,

[157] Fix | Delete

$rate_limit_expiry,

[158] Fix | Delete

(int) $options->limit - 1,

[159] Fix | Delete

$time,

[160] Fix | Delete

$time

[161] Fix | Delete

)

[162] Fix | Delete

);

[163] Fix | Delete

[164] Fix | Delete

$current_limit = self::get_rate_limit_row( $action_id );

[165] Fix | Delete

[166] Fix | Delete

self::set_cache( $action_id, $current_limit );

[167] Fix | Delete

[168] Fix | Delete

return $current_limit;

[169] Fix | Delete

}

[170] Fix | Delete

[171] Fix | Delete

/**

[172] Fix | Delete

* Retrieve a cached store api rate limit.

[173] Fix | Delete

[174] Fix | Delete

* @param string $action_id Identifier of the action.

[175] Fix | Delete

* @return false|object

[176] Fix | Delete

[177] Fix | Delete

protected static function get_cached( $action_id ) {

[178] Fix | Delete

return wp_cache_get( self::get_cache_key( $action_id ), self::CACHE_GROUP );

[179] Fix | Delete

}

[180] Fix | Delete

[181] Fix | Delete

/**

[182] Fix | Delete

* Cache a rate limit.

[183] Fix | Delete

[184] Fix | Delete

* @param string $action_id Identifier of the action.

[185] Fix | Delete

* @param object $current_limit Current limit object with expiry and retries remaining.

[186] Fix | Delete

* @return bool

[187] Fix | Delete

[188] Fix | Delete

protected static function set_cache( $action_id, $current_limit ): bool {

[189] Fix | Delete

return wp_cache_set( self::get_cache_key( $action_id ), $current_limit, self::CACHE_GROUP );

[190] Fix | Delete

}

[191] Fix | Delete

[192] Fix | Delete

/**

[193] Fix | Delete

* Return options for Rate Limits, to be returned by the "woocommerce_store_api_rate_limit_options" filter.

[194] Fix | Delete

[195] Fix | Delete

* @return object Default options.

[196] Fix | Delete

[197] Fix | Delete

public static function get_options(): object {

[198] Fix | Delete

$default_options = [

[199] Fix | Delete

/**

[200] Fix | Delete

* Filters the Store API rate limit check, which is disabled by default.

[201] Fix | Delete

[202] Fix | Delete

* This can be used also to disable the rate limit check when testing API endpoints via a REST API client.

[203] Fix | Delete

[204] Fix | Delete

'enabled' => self::ENABLED,

[205] Fix | Delete

[206] Fix | Delete

/**

[207] Fix | Delete

* Filters whether proxy support is enabled for the Store API rate limit check. This is disabled by default.

[208] Fix | Delete

[209] Fix | Delete

* If the store is behind a proxy, load balancer, CDN etc. the user can enable this to properly obtain

[210] Fix | Delete

* the client's IP address through standard transport headers.

[211] Fix | Delete

[212] Fix | Delete

'proxy_support' => self::PROXY_SUPPORT,

[213] Fix | Delete

[214] Fix | Delete

'limit' => self::LIMIT,

[215] Fix | Delete

'seconds' => self::SECONDS,

[216] Fix | Delete

];

[217] Fix | Delete

[218] Fix | Delete

return (object) array_merge( // By using array_merge we ensure we get a properly populated options object.

[219] Fix | Delete

$default_options,

[220] Fix | Delete

/**

[221] Fix | Delete

* Filters options for Rate Limits.

[222] Fix | Delete

[223] Fix | Delete

* @param array $rate_limit_options Array of option values.

[224] Fix | Delete

* @return array

[225] Fix | Delete

[226] Fix | Delete

* @since 8.9.0

[227] Fix | Delete

[228] Fix | Delete

apply_filters(

[229] Fix | Delete

'woocommerce_store_api_rate_limit_options',

[230] Fix | Delete

$default_options

[231] Fix | Delete

)

[232] Fix | Delete

);

[233] Fix | Delete

}

[234] Fix | Delete

[235] Fix | Delete

/**

[236] Fix | Delete

* Gets a single option through provided name.

[237] Fix | Delete

[238] Fix | Delete

* @param string $option Option name.

[239] Fix | Delete

[240] Fix | Delete

* @return mixed

[241] Fix | Delete

[242] Fix | Delete

public static function get_option( $option ) {

[243] Fix | Delete

[244] Fix | Delete

if ( ! is_string( $option ) || ! defined( 'RateLimits::' . strtoupper( $option ) ) ) {

[245] Fix | Delete

return null;

[246] Fix | Delete

}

[247] Fix | Delete

[248] Fix | Delete

return self::get_options()[ $option ];

[249] Fix | Delete

}

[250] Fix | Delete

}

[251] Fix | Delete

[252] Fix | Delete