Add: Rate Limiting to Comments

app/Http/Controllers/CommentController.php

@@ -37,6 +37,7 @@ use App\Notifications\NewComment;
 use App\Repositories\ChatRepository;
 use App\Repositories\TaggedUserRepository;
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\RateLimiter;
 
 /**
  * @see \Tests\Feature\Http\Controllers\CommentControllerTest
@@ -62,8 +63,15 @@ class CommentController extends Controller
     public function collection(Request $request, $id)
     {
         $collection = Collection::findOrFail($id);
-        $user = \auth()->user();
+        $user = $request->user();
 
+        if (RateLimiter::tooManyAttempts('collection-comment:'.$user->id, \config('unit3d.comment-rate-limit'))) {
+            return \redirect()->route('collection.show', ['id' => $id])
+                ->withErrors('Slow Down - Too Many Comments!');
+        }
+        RateLimiter::hit('collection-comment:'.$user->id);
+        
+        
         if ($user->can_comment == 0) {
             return \redirect()->route('collection.show', ['id' => $collection->id])
                 ->withErrors('Your Comment Rights Have Been Revoked!');
@@ -160,6 +168,12 @@ class CommentController extends Controller
         $article = Article::findOrFail($id);
         $user = $request->user();
 
+        if (RateLimiter::tooManyAttempts('article-comment:'.$user->id, \config('unit3d.comment-rate-limit'))) {
+            return \redirect()->route('articles.show', ['id' => $id])
+                ->withErrors('Slow Down - Too Many Comments!');
+        }
+        RateLimiter::hit('article-comment:'.$user->id);
+        
         if ($user->can_comment == 0) {
             return \redirect()->route('articles.show', ['id' => $article->id])
                 ->withErrors('Your Comment Rights Have Been Revoked!');
@@ -250,8 +264,14 @@ class CommentController extends Controller
     public function playlist(Request $request, $id)
     {
         $playlist = Playlist::findOrFail($id);
-        $user = \auth()->user();
+        $user = $request->user();
 
+        if (RateLimiter::tooManyAttempts('playlist-comment:'.$user->id, \config('unit3d.comment-rate-limit'))) {
+            return \redirect()->route('playlists.show', ['id' => $id])
+                ->withErrors('Slow Down - Too Many Comments!');
+        }
+        RateLimiter::hit('playlist-comment:'.$user->id);
+        
         if ($user->can_comment == 0) {
             return \redirect()->route('playlists.show', ['id' => $playlist->id])
                 ->withErrors('Your Comment Rights Have Been Revoked!');
@@ -341,9 +361,16 @@ class CommentController extends Controller
      */
     public function torrent(Request $request, $id)
     {
+
         $torrent = Torrent::findOrFail($id);
         $user = $request->user();
 
+        if (RateLimiter::tooManyAttempts('torrent-comment:'.$user->id, \config('unit3d.comment-rate-limit'))) {
+            return \redirect()->route('torrent', ['id' => $torrent->id])
+                ->withErrors('Slow Down - Too Many Comments!');
+        }
+        RateLimiter::hit('torrent-comment:'.$user->id);
+
         if ($user->can_comment == 0) {
             return \redirect()->route('torrent', ['id' => $torrent->id])
                 ->withErrors('Your Comment Rights Have Been Revoked!');
@@ -440,6 +467,12 @@ class CommentController extends Controller
         $tr = TorrentRequest::findOrFail($id);
         $user = $request->user();
 
+        if (RateLimiter::tooManyAttempts('request-comment:'.$user->id, \config('unit3d.comment-rate-limit'))) {
+            return \redirect()->route('request', ['id' => $id])
+                ->withErrors('Slow Down - Too Many Comments!');
+        }
+        RateLimiter::hit('request-comment:'.$user->id);
+
         if ($user->can_comment == 0) {
             return \redirect()->route('request', ['id' => $tr->id])
                 ->withErrors('Your Comment Rights Have Been Revoked!');
@@ -536,6 +569,12 @@ class CommentController extends Controller
         $ticket = Ticket::findOrFail($id);
         $user = $request->user();
 
+        if (RateLimiter::tooManyAttempts('ticket-comment:'.$user->id, \config('unit3d.comment-rate-limit'))) {
+            return \redirect()->route('tickets.show', ['id' => $id])
+                ->withErrors('Slow Down - Too Many Comments!');
+        }
+        RateLimiter::hit('ticket-comment:'.$user->id);
+
         $comment = new Comment();
         $comment->content = $request->input('content');
         $comment->anon = 0;
@@ -550,7 +589,7 @@ class CommentController extends Controller
         ]);
 
         if ($v->fails()) {
-            return \redirect()->route('request', ['id' => $tr->id])
+            return \redirect()->route('tickets.show', ['id' => $id])
                 ->withErrors($v->errors());
         }
 
@@ -579,6 +618,12 @@ class CommentController extends Controller
         $torrent = Torrent::findOrFail($id);
         $user = $request->user();
 
+        if (RateLimiter::tooManyAttempts('torrent-comment:'.$user->id, \config('unit3d.comment-rate-limit'))) {
+            return \redirect()->route('torrent', ['id' => $torrent->id])
+                ->withErrors('Slow Down - Too Many Comments!');
+        }
+        RateLimiter::hit('torrent-comment:'.$user->id);
+
         if ($user->can_comment == 0) {
             return \redirect()->route('torrent', ['id' => $torrent->id])
                 ->withErrors('Your Comment Rights Have Been Revoked!');