From 70a28f0766879243729df5edf41a260644ae1eb9 Mon Sep 17 00:00:00 2001
From: Ambroise Maupate <ambroise@rezo-zero.com>
Date: Thu, 17 Feb 2022 12:37:36 +0100
Subject: [PATCH] feat: Rate limiters for contact and custom form submissions

---
 .env                           |  2 +-
 config/packages/cache.yaml     |  4 +++-
 config/packages/framework.yaml | 12 +++++++++++-
 config/packages/security.yaml  |  2 ++
 4 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/.env b/.env
index bbdabedd..cce2e5a5 100644
--- a/.env
+++ b/.env
@@ -50,7 +50,7 @@ DEFAULT_GATEWAY=172.58.0.1
 ###> symfony/lock ###
 # Choose one of the stores below
 # postgresql+advisory://db_user:db_password@localhost/db_name
-LOCK_DSN=semaphore
+LOCK_DSN=flock
 ###< symfony/lock ###
 
 ###> rezozero/intervention-request-bundle ###
diff --git a/config/packages/cache.yaml b/config/packages/cache.yaml
index 6899b720..1d521b45 100644
--- a/config/packages/cache.yaml
+++ b/config/packages/cache.yaml
@@ -15,5 +15,7 @@ framework:
         #app: cache.adapter.apcu
 
         # Namespaced pools use the above "app" backend by default
-        #pools:
+        pools:
+            cache.contact_form_limiter: ~
+            cache.custom_form_limiter: ~
             #my.dedicated.cache: null
diff --git a/config/packages/framework.yaml b/config/packages/framework.yaml
index 233f5d62..55d1c61e 100644
--- a/config/packages/framework.yaml
+++ b/config/packages/framework.yaml
@@ -18,7 +18,17 @@ framework:
     php_errors:
         log: true
 
-    rate_limiter: ~
+    rate_limiter:
+        contact_form:
+            policy: 'token_bucket'
+            limit: 10
+            rate: { interval: '1 minutes', amount: 5 }
+            cache_pool: 'cache.contact_form_limiter'
+        custom_form:
+            policy: 'token_bucket'
+            limit: 10
+            rate: { interval: '1 minutes', amount: 5 }
+            cache_pool: 'cache.custom_form_limiter'
 
     csrf_protection:
         enabled: true
diff --git a/config/packages/security.yaml b/config/packages/security.yaml
index ee7f90ef..dc15d4c9 100644
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -60,5 +60,7 @@ security:
         - { path: ^/rz-admin/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: ^/rz-admin, roles: ROLE_BACKEND_USER }
         - { path: ^/api/token, roles: IS_AUTHENTICATED_ANONYMOUSLY }
+        # Allow posting custom_forms
+        - { path: ^/api/custom_forms/(?:[0-9]+)/post, methods: [ POST ], roles: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: ^/api, roles: ROLE_BACKEND_USER, methods: [ POST, PUT, PATCH, DELETE ] }
         # - { path: ^/profile, roles: ROLE_USER }