From 6104c71ee4dd293ad7c81fb20527f1da0994c158 Mon Sep 17 00:00:00 2001
From: Nathanael Jourdane <nathanael.jourdane@irap.omp.eu>
Date: Tue, 14 Nov 2017 17:40:24 +0100
Subject: [PATCH] Replace function rateLimitReached() by webservice function auth()

---
 php/classes/WebServer.php | 68 ++++++++++++++++++--------------------------------------------------
 php/rest/auth.php         | 24 ++++++++++++++++++++++++
 2 files changed, 42 insertions(+), 50 deletions(-)
 create mode 100644 php/rest/auth.php

diff --git a/php/classes/WebServer.php b/php/classes/WebServer.php
index c1e0ab8..3c05fce 100644
--- a/php/classes/WebServer.php
+++ b/php/classes/WebServer.php
@@ -83,9 +83,7 @@ class WebServer
   private $wsUserMgr;
   private $resultMgr, $myParamsInfoMgr;
   private $dataFileName;
-	private $QUERY_TIME_INTERVAL;
-	private $MAX_QUERIES;
-	private $CLIENTS_ACCESS_PATH;
+  private $timeLimitQuery; // Time interval between 2 queries before to ask for a new authentification, in seconds.
 
   function __construct() {
     $this->userID  = 'impex';
@@ -93,9 +91,7 @@ class WebServer
     $this->sessionID = $this->userID;
     $this->myParamsInfoMgr =  new ParamsInfoMgr();
     $this->resultMgr = new WebResultMgr();
-	  $this->QUERY_TIME_INTERVAL = 30; // Time interval to limit access, in seconds.
-	  $this->MAX_QUERIES = 3;  // Number of queries allowed in one time interval, per IP.
-	  $this->CLIENTS_ACCESS_PATH = './clients'; // Path of the file containing clients access counters.
+	$this->timeLimitQuery = 30;
   }
  
   protected function init($data) {
@@ -123,44 +119,6 @@ class WebServer
     return array('success' => true, 'vars' => $vars);
   }
 
-  	// Returns true if the user reached its query limit.
-	private function isRateLimitReached() {
-		$currentTime = (int)(((new DateTime())->getTimestamp())/$this->QUERY_TIME_INTERVAL);
-		$ip = $_SERVER['REMOTE_ADDR'];
-		error_log("Client IP: $ip ; Current time: $currentTime\n");
-
-		if(file_exists($this->CLIENTS_ACCESS_PATH)) {
-			$clients = file_get_contents($this->CLIENTS_ACCESS_PATH);
-			$matches = array();
-			if(preg_match("/($ip) (\d*) (\d*)/", $clients, $matches, PREG_OFFSET_CAPTURE)) {
-				error_log("Found an entry for this IP (". $matches[0][0] . ")\n");
-				$lastTime = (int)($matches[2][0]);
-				if($currentTime == $lastTime) {
-					$count = (int)($matches[3][0]);
-					if($count >= $this->MAX_QUERIES) {
-						error_log("Same time range and max count value reached: please wait a moment and try again.\n");
-						return true;
-					} else {
-						$count++;
-						error_log("Same time range, but max count value not reached yet: incrementing counter (" . ($this->MAX_QUERIES-$count) . "/$this->MAX_QUERIES).\n");
-						$clients = substr_replace($clients, $count, $matches[3][1], strlen($matches[3][0]));
-					}
-				} else {
-					error_log("New time range: resetting time entry.");
-					$clients = substr_replace($clients, "$ip $currentTime 1", $matches[0][1], strlen($matches[0][0]));
-				}
-			} else {
-				error_log("IP $ip not found: creating new time entry\n");
-				$clients = "$clients$ip $currentTime 1\n";
-			}
-		} else {
-			error_log("File not created yet: creating file and new time entry\n");
-			$clients = "$ip $currentTime 1\n";
-		}
-		file_put_contents($this->CLIENTS_ACCESS_PATH, $clients);
-		return false;
-	}
-
   private function setID(){
 
                    $nb_min = 10000;
@@ -590,17 +548,19 @@ class WebServer
 
     return  array('success' => true,'ParameterList' => array("UserDefinedParameters"=>$wsParamResult, "LocalDataBaseParameters"=>$locParamResult, "RemoteDataBaseParameters"=>$remoteParamResult));
   }
+
+  public function getNewToken() {
+	  $timeStamp = (new DateTime())->getTimestamp();
+	  $newToken = md5((int)($timeStamp/30));
+  	return array('success' => true, 'token' => $newToken);
+  }
+
 ///////////////////////////////////////START GET DATASET   ///////////////////////////////
   public function getParameter($data) {
 
-	  if($this->isRateLimitReached()) {
-		  return array('success' => false, 'message' => 'Rate limit reached. Please try again later.');
-	  }
-
 	  $multiParam = false;
 
     $res = $this->init($data);
-    
     $resMgr = $this->initUserMgr();
 
     if (!$res['success']){
@@ -610,7 +570,15 @@ class WebServer
 
     $vars = $res['vars'];
 
-    if ((strtotime($vars["stopTime"]) - strtotime($vars["startTime"])) < 0){
+	if (!$vars["token"]) {
+		return array('success' => false, 'message' => "E01\nAuthentication is required for this webservice.");
+	}
+
+	  if($this->getNewToken()['token'] != $vars["token"]) {
+		  return array('success' => false, 'message' => "E02\nToken expired. Please authenticate again.");
+	  }
+
+	if ((strtotime($vars["stopTime"]) - strtotime($vars["startTime"])) < 0){
       if ($this->isSoap)  throw new SoapFault("request01","Start time must be higher than stop time"); 
       else return array('success' => false, 'message' => "Start time must be higher than stop time");
     }
diff --git a/php/rest/auth.php b/php/rest/auth.php
new file mode 100644
index 0000000..515a2ce
--- /dev/null
+++ b/php/rest/auth.php
@@ -0,0 +1,24 @@
+
+<?php
+
+/**
+ *   @file getParameter.php
+ *   @brief  REST interface for service getParameter
+ *
+ *
+ *   @version $Id:  $
+ */
+
+  require_once '../config.php';
+
+  $amda_ws = new WebServer();
+  $result = $amda_ws->auth($_GET);
+
+ if ($result['success']){
+	 echo $result['token'];
+ }
+ else {
+	 echo $result['message'];
+ }
+
+?>
\ No newline at end of file
--
libgit2 0.21.2