From 34ecc885320810abdfe1720d072c3eef96071848 Mon Sep 17 00:00:00 2001 From: Roberto Nittolo Date: Fri, 28 Jan 2022 20:31:59 -0500 Subject: [PATCH 1/7] feat: #240 Add unlimited request limit for when environment variable is in load --- app/Providers/RouteServiceProvider.php | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/app/Providers/RouteServiceProvider.php b/app/Providers/RouteServiceProvider.php index affd6daa7..6c401c0ca 100644 --- a/app/Providers/RouteServiceProvider.php +++ b/app/Providers/RouteServiceProvider.php @@ -2,9 +2,11 @@ namespace App\Providers; +use App\Models\User; use Illuminate\Cache\RateLimiting\Limit; use Illuminate\Foundation\Support\Providers\RouteServiceProvider as ServiceProvider; use Illuminate\Http\Request; +use Illuminate\Support\Facades\App; use Illuminate\Support\Facades\RateLimiter; use Illuminate\Support\Facades\Route; @@ -56,8 +58,14 @@ public function boot() */ protected function configureRateLimiting() { - RateLimiter::for('api', function (Request $request) { - return Limit::perMinute(60)->by(optional($request->user())->id ?: $request->ip()); - }); + if (App::environment('load')) { + RateLimiter::for('*', function (Request $request) { + return Limit::none()->by(optional(User::where('password', 'DOESNTMATTER'))->id ?: $request->ip()); + }); + } else { + RateLimiter::for('api', function (Request $request) { + return Limit::perMinute(60)->by(optional($request->user())->id ?: $request->ip()); + }); + } } } From efa43464f00831e208d503b11f3cf740ee5817ce Mon Sep 17 00:00:00 2001 From: Roberto Nittolo Date: Fri, 28 Jan 2022 20:37:19 -0500 Subject: [PATCH 2/7] Revert "feat: #240 Add unlimited request limit for when environment variable is in load" This reverts commit 34ecc885320810abdfe1720d072c3eef96071848. --- app/Providers/RouteServiceProvider.php | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/app/Providers/RouteServiceProvider.php b/app/Providers/RouteServiceProvider.php index 6c401c0ca..affd6daa7 100644 --- a/app/Providers/RouteServiceProvider.php +++ b/app/Providers/RouteServiceProvider.php @@ -2,11 +2,9 @@ namespace App\Providers; -use App\Models\User; use Illuminate\Cache\RateLimiting\Limit; use Illuminate\Foundation\Support\Providers\RouteServiceProvider as ServiceProvider; use Illuminate\Http\Request; -use Illuminate\Support\Facades\App; use Illuminate\Support\Facades\RateLimiter; use Illuminate\Support\Facades\Route; @@ -58,14 +56,8 @@ public function boot() */ protected function configureRateLimiting() { - if (App::environment('load')) { - RateLimiter::for('*', function (Request $request) { - return Limit::none()->by(optional(User::where('password', 'DOESNTMATTER'))->id ?: $request->ip()); - }); - } else { - RateLimiter::for('api', function (Request $request) { - return Limit::perMinute(60)->by(optional($request->user())->id ?: $request->ip()); - }); - } + RateLimiter::for('api', function (Request $request) { + return Limit::perMinute(60)->by(optional($request->user())->id ?: $request->ip()); + }); } } From f251275bd1326b5e85078dc40e202b9258fee359 Mon Sep 17 00:00:00 2001 From: Roberto Nittolo Date: Fri, 28 Jan 2022 20:53:01 -0500 Subject: [PATCH 3/7] fix: #240 add middleware to allow unlimited requests when environment is set in load mode --- app/Http/Middleware/Throttle.php | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 app/Http/Middleware/Throttle.php diff --git a/app/Http/Middleware/Throttle.php b/app/Http/Middleware/Throttle.php new file mode 100644 index 000000000..c35d1cbd2 --- /dev/null +++ b/app/Http/Middleware/Throttle.php @@ -0,0 +1,27 @@ + Date: Fri, 28 Jan 2022 20:59:31 -0500 Subject: [PATCH 4/7] feat: #240 change ThrottleRequests middleware in kernal to the Throttle middleware --- app/Http/Kernel.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index a0c4e4857..fdd04bcbd 100644 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -62,7 +62,8 @@ class Kernel extends HttpKernel 'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class, 'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class, 'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class, - 'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class, + //'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class, + 'throttle' => \App\Http\Middleware\Throttle::class, 'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class, ]; } From 594926773333d4f8b3b28c3473788a9836cb5ddf Mon Sep 17 00:00:00 2001 From: Roberto Nittolo Date: Fri, 28 Jan 2022 21:07:26 -0500 Subject: [PATCH 5/7] feat: #240 add api routes for character create and delete --- routes/api.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/routes/api.php b/routes/api.php index eb6fa48c2..f199ee281 100644 --- a/routes/api.php +++ b/routes/api.php @@ -17,3 +17,9 @@ Route::middleware('auth:sanctum')->get('/user', function (Request $request) { return $request->user(); }); + +Route::post('/character', [App\Http\Controllers\CharacterController::class, 'create']) + ->name("character.create"); + +Route::delete('/character/{character?}', [App\Http\Controllers\CharacterController::class, 'destroy']) + ->name("character.destroy"); From 42b095527322fc89c8a2f31b0599c72f1fa87051 Mon Sep 17 00:00:00 2001 From: Roberto Nittolo Date: Sat, 29 Jan 2022 15:25:45 -0500 Subject: [PATCH 6/7] feat: #240 add LocustAuthController and api routes --- app/Http/Controllers/LocustAuthController.php | 41 +++++++++++++++++++ composer.json | 2 +- composer.lock | 20 ++++----- routes/api.php | 15 ++++--- 4 files changed, 59 insertions(+), 19 deletions(-) create mode 100644 app/Http/Controllers/LocustAuthController.php diff --git a/app/Http/Controllers/LocustAuthController.php b/app/Http/Controllers/LocustAuthController.php new file mode 100644 index 000000000..53c375b3b --- /dev/null +++ b/app/Http/Controllers/LocustAuthController.php @@ -0,0 +1,41 @@ +bearerToken() == config('app.key') && App::environment('load')) { + $user = User::where('password', 'DOESNTMATTER')->get(); + $token = $user->first()->createToken('bearer')->plainTextToken; + + return [ + 'token' => $token + ]; + } + } + + public function deleteCharacters() + { + if (App::environment('load')) { + $user = User::where('password', 'DOESNTMATTER')->get(); + + if ($user->first()->email == 'load@test.com') { + $characters = Character::where('user_id', $user->first()->id); + $characters->delete(); + } + } + } +} diff --git a/composer.json b/composer.json index 78170eff2..ded2def57 100644 --- a/composer.json +++ b/composer.json @@ -11,7 +11,7 @@ "guzzlehttp/guzzle": "^7.0.1", "inertiajs/inertia-laravel": "^0.4.0", "laravel/framework": "^8.54", - "laravel/sanctum": "^2.6", + "laravel/sanctum": "^2.14", "laravel/tinker": "^2.5", "lorisleiva/laravel-actions": "^2.1", "tightenco/ziggy": "^1.0" diff --git a/composer.lock b/composer.lock index a21d92f43..42d253c2f 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "040bf8ac955f38bd40737bc8d8d450ea", + "content-hash": "cfa3fe908f05e802a882b4d77c58ad98", "packages": [ { "name": "asm89/stack-cors", @@ -1774,28 +1774,28 @@ }, { "name": "laravel/sanctum", - "version": "v2.12.1", + "version": "v2.14.0", "source": { "type": "git", "url": "https://github.com/laravel/sanctum.git", - "reference": "e610647b04583ace6b30c8eb74cee0a866040420" + "reference": "0647a87140c7522e75826cffcadb3ad6e01f71e9" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/laravel/sanctum/zipball/e610647b04583ace6b30c8eb74cee0a866040420", - "reference": "e610647b04583ace6b30c8eb74cee0a866040420", + "url": "https://api.github.com/repos/laravel/sanctum/zipball/0647a87140c7522e75826cffcadb3ad6e01f71e9", + "reference": "0647a87140c7522e75826cffcadb3ad6e01f71e9", "shasum": "" }, "require": { "ext-json": "*", - "illuminate/contracts": "^6.9|^7.0|^8.0", - "illuminate/database": "^6.9|^7.0|^8.0", - "illuminate/support": "^6.9|^7.0|^8.0", + "illuminate/contracts": "^6.9|^7.0|^8.0|^9.0", + "illuminate/database": "^6.9|^7.0|^8.0|^9.0", + "illuminate/support": "^6.9|^7.0|^8.0|^9.0", "php": "^7.2|^8.0" }, "require-dev": { "mockery/mockery": "^1.0", - "orchestra/testbench": "^4.0|^5.0|^6.0", + "orchestra/testbench": "^4.0|^5.0|^6.0|^7.0", "phpunit/phpunit": "^8.0|^9.3" }, "type": "library", @@ -1834,7 +1834,7 @@ "issues": "https://github.com/laravel/sanctum/issues", "source": "https://github.com/laravel/sanctum" }, - "time": "2021-10-26T18:23:26+00:00" + "time": "2022-01-12T15:07:43+00:00" }, { "name": "laravel/serializable-closure", diff --git a/routes/api.php b/routes/api.php index f199ee281..71baeb0b5 100644 --- a/routes/api.php +++ b/routes/api.php @@ -2,6 +2,7 @@ use Illuminate\Http\Request; use Illuminate\Support\Facades\Route; +use App\Http\Controllers\LocustAuthController; /* |-------------------------------------------------------------------------- @@ -13,13 +14,11 @@ | is assigned the "api" middleware group. Enjoy building your API! | */ +Route::get('/locust', [App\Http\Controllers\LocustAuthController::class, 'getToken']); -Route::middleware('auth:sanctum')->get('/user', function (Request $request) { - return $request->user(); -}); - -Route::post('/character', [App\Http\Controllers\CharacterController::class, 'create']) - ->name("character.create"); +Route::group(['middleware' => ['auth:sanctum']], function () { + Route::delete('/locust', [App\Http\Controllers\LocustAuthController::class, 'deleteCharacters']); -Route::delete('/character/{character?}', [App\Http\Controllers\CharacterController::class, 'destroy']) - ->name("character.destroy"); + Route::post('/character', [App\Http\Controllers\CharacterController::class, 'store']) + ->name("character.store"); +}); From 705a2189b009cfcf7a1470f33010dc98aeefb627 Mon Sep 17 00:00:00 2001 From: Roberto Nittolo Date: Sat, 29 Jan 2022 19:36:15 -0500 Subject: [PATCH 7/7] test: #240 add tests for LocustAuthController --- .../Controllers/LocustAuthControllerTest.php | 42 +++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 tests/Feature/Http/Controllers/LocustAuthControllerTest.php diff --git a/tests/Feature/Http/Controllers/LocustAuthControllerTest.php b/tests/Feature/Http/Controllers/LocustAuthControllerTest.php new file mode 100644 index 000000000..10d04c6ae --- /dev/null +++ b/tests/Feature/Http/Controllers/LocustAuthControllerTest.php @@ -0,0 +1,42 @@ +detectEnvironment(function () { + return 'load'; + }); + + $this->withHeaders(['Authorization' => 'Bearer '.$token])->get(route('character.index')); + $response = $this->withHeaders(['Authorization' => 'Bearer '.$token])->get('api/locust'); + + $response->assertStatus(200); + } + + /** + * @test + */ + public function test_delete_characters_with_locust_api_key() + { + $token = config('app.key'); + + app()->detectEnvironment(function () { + return 'load'; + }); + + $this->withHeaders(['Authorization' => 'Bearer '.$token])->get(route('character.index')); + $response = $this->withHeaders(['Authorization' => 'Bearer '.$token])->delete('api/locust'); + + $response->assertStatus(200); + } +}