Merge branch 'release/42.0.0'

einpraegsam · einpraegsam · commit 10c78f72ab42 · 2026-01-12T13:44:58.000+01:00
diff --git a/.gitignore b/.gitignore
@@ -1,31 +1,32 @@
-msi.iws
-.idea/
-nbproject/
+.Build/
 .DS_Store
 .DS_Store?
-._*
 .Spotlight-V100
 .Trashes
-ehthumbs.db
-Thumbs.db
-.svn
+._*
+.idea/
+.php_cs.cache
+.phpunit.result.cache
 .sass-cache
 .sass-cache/
-npm-debug.log
-dynamicReturnTypeMeta.json
-Resources/Private/Build/node_modules/
-node_modules/
-.Build/
-composer.lock
-package-lock.json
-.php_cs.cache
+.svn
+/.config/
+/.env.local
 /.php-cs-fixer.cache
-.phpunit.result.cache
-var/
-/docker-compose.yml
-/config/
 /.phpunit.cache/
-/.env.local
+/CLAUDE.md
 /Tests/Acceptance/_output/*
 /Tests/Acceptance/_support/_generated/
-/CLAUDE.md
+/config/
+/docker-compose.yml
+Resources/Private/Build/node_modules/
+Thumbs.db
+composer.lock
+dynamicReturnTypeMeta.json
+ehthumbs.db
+msi.iws
+nbproject/
+node_modules/
+npm-debug.log
+package-lock.json
+var/
diff --git a/Classes/Domain/Cache/RateLimiterCache.php b/Classes/Domain/Cache/RateLimiterCache.php
@@ -0,0 +1,62 @@
+<?php
+
+declare(strict_types=1);
+namespace In2code\Lux\Domain\Cache;
+
+use TYPO3\CMS\Core\Cache\Frontend\FrontendInterface;
+
+/**
+ * Cache layer for rate limiting
+ *
+ * Stores request counters per fingerprint with 60-second TTL
+ * Uses TYPO3 cache framework for automatic expiration and backend flexibility
+ */
+class RateLimiterCache
+{
+    public const CACHE_KEY = 'luxratelimiter';
+    public const TTL = 60; // 60 seconds = 1 minute window
+
+    protected FrontendInterface $cache;
+
+    public function __construct(FrontendInterface $cache)
+    {
+        $this->cache = $cache;
+    }
+
+    public function getCount(string $fingerprintHash): int
+    {
+        $cacheIdentifier = $this->getCacheIdentifier($fingerprintHash);
+        $data = $this->cache->get($cacheIdentifier);
+        return (int)($data['count'] ?? 0);
+    }
+
+    public function incrementAndGet(string $fingerprintHash): int
+    {
+        $cacheIdentifier = $this->getCacheIdentifier($fingerprintHash);
+        $currentCount = $this->getCount($fingerprintHash);
+        $newCount = $currentCount + 1;
+
+        // Store with 60-second TTL
+        $this->cache->set(
+            $cacheIdentifier,
+            ['count' => $newCount, 'timestamp' => time()],
+            [self::CACHE_KEY],
+            self::TTL
+        );
+
+        return $newCount;
+    }
+
+    /**
+     * Generate cache identifier from fingerprint hash
+     * Format: ratelimit_[first-16-chars-of-hash]
+     *
+     * @param string $fingerprintHash
+     * @return string
+     */
+    protected function getCacheIdentifier(string $fingerprintHash): string
+    {
+        $shortHash = substr($fingerprintHash, 0, 16);
+        return 'ratelimit_' . $shortHash;
+    }
+}
diff --git a/Classes/Domain/Tracker/RateLimiter.php b/Classes/Domain/Tracker/RateLimiter.php
@@ -0,0 +1,75 @@
+<?php
+
+declare(strict_types=1);
+namespace In2code\Lux\Domain\Tracker;
+
+use In2code\Lux\Domain\Cache\RateLimiterCache;
+use In2code\Lux\Events\StopAnyProcessBeforePersistenceEvent;
+use In2code\Lux\Exception\RateLimitException;
+use In2code\Lux\Utility\ConfigurationUtility;
+use Psr\Log\LoggerInterface;
+use TYPO3\CMS\Core\Configuration\Exception\ExtensionConfigurationExtensionNotConfiguredException;
+use TYPO3\CMS\Core\Configuration\Exception\ExtensionConfigurationPathDoesNotExistException;
+
+class RateLimiter
+{
+    protected RateLimiterCache $cache;
+    protected LoggerInterface $logger;
+
+    public function __construct(
+        RateLimiterCache $cache,
+        LoggerInterface $logger
+    ) {
+        $this->cache = $cache;
+        $this->logger = $logger;
+    }
+
+    public function __invoke(StopAnyProcessBeforePersistenceEvent $event)
+    {
+        if ($this->isRateLimitingEnabled()) {
+            $fingerprint = $event->getFingerprint();
+            $fingerprintHash = $fingerprint->getValue();
+
+            if ($fingerprintHash !== '') {
+                $currentCount = $this->cache->incrementAndGet($fingerprintHash);
+                if ($currentCount > $this->getRateLimit()) {
+                    $this->logRateLimitExceeded($fingerprintHash, $currentCount, $this->getRateLimit());
+                    throw new RateLimitException(
+                        'Rate limit exceeded: ' . $currentCount . ' requests in last minute',
+                        1768214806
+                    );
+                }
+            }
+        }
+    }
+
+    protected function isRateLimitingEnabled(): bool
+    {
+        try {
+            return ConfigurationUtility::isRateLimitingEnabled();
+        } catch (ExtensionConfigurationExtensionNotConfiguredException | ExtensionConfigurationPathDoesNotExistException $exception) {
+            return true;
+        }
+    }
+
+    protected function getRateLimit(): int
+    {
+        try {
+            return ConfigurationUtility::getRateLimitRequestsPerMinute();
+        } catch (ExtensionConfigurationExtensionNotConfiguredException | ExtensionConfigurationPathDoesNotExistException $exception) {
+            return ConfigurationUtility::RATE_LIMIT;
+        }
+    }
+
+    protected function logRateLimitExceeded(string $fingerprintHash, int $currentCount, int $limit): void
+    {
+        if (ConfigurationUtility::isExceptionLoggingActivated()) {
+            $this->logger->warning('Rate limit exceeded', [
+                'fingerprint' => $fingerprintHash,
+                'count' => $currentCount,
+                'limit' => $limit,
+                'component' => 'RateLimiter',
+            ]);
+        }
+    }
+}
diff --git a/Classes/Exception/RateLimitException.php b/Classes/Exception/RateLimitException.php
@@ -0,0 +1,10 @@
+<?php
+
+declare(strict_types=1);
+namespace In2code\Lux\Exception;
+
+use Exception;
+
+class RateLimitException extends Exception
+{
+}
diff --git a/Classes/Utility/ConfigurationUtility.php b/Classes/Utility/ConfigurationUtility.php
@@ -12,6 +12,8 @@
 
 class ConfigurationUtility
 {
+    public const RATE_LIMIT = 20;
+
     /**
      * @return string
      * @throws ExtensionConfigurationExtensionNotConfiguredException
@@ -217,6 +219,32 @@ public static function isExceptionLoggingActivated(): bool
         return ($extensionConfig['enableExceptionLogging'] ?? '0') === '1';
     }
 
+    /**
+     * Check if rate limiting is enabled
+     *
+     * @return bool
+     * @throws ExtensionConfigurationExtensionNotConfiguredException
+     * @throws ExtensionConfigurationPathDoesNotExistException
+     */
+    public static function isRateLimitingEnabled(): bool
+    {
+        $extensionConfig = self::getExtensionConfiguration();
+        return ($extensionConfig['enableRateLimiting'] ?? '1') === '1';
+    }
+
+    /**
+     * Get rate limit (requests per minute)
+     *
+     * @return int
+     * @throws ExtensionConfigurationExtensionNotConfiguredException
+     * @throws ExtensionConfigurationPathDoesNotExistException
+     */
+    public static function getRateLimitRequestsPerMinute(): int
+    {
+        $extensionConfig = self::getExtensionConfiguration();
+        return (int)($extensionConfig['rateLimitRequestsPerMinute'] ?? self::RATE_LIMIT);
+    }
+
     /**
      * @return bool
      * @throws ExtensionConfigurationExtensionNotConfiguredException
diff --git a/Configuration/Services.yaml b/Configuration/Services.yaml
@@ -17,6 +17,16 @@ services:
     arguments:
       $cache: '@cache.luxcachelayer'
 
+  cache.luxratelimiter:
+    class: TYPO3\CMS\Core\Cache\Frontend\FrontendInterface
+    factory: [ '@TYPO3\CMS\Core\Cache\CacheManager', 'getCache' ]
+    arguments: [ 'luxratelimiter' ]
+
+  In2code\Lux\Domain\Cache\RateLimiterCache:
+    public: true
+    arguments:
+      $cache: '@cache.luxratelimiter'
+
   In2code\Lux\Command\LuxAnonymizeCommand:
     tags:
       - name: 'console.command'
@@ -243,6 +253,12 @@ services:
         identifier: 'lux/stopTracking'
         event: In2code\Lux\Events\StopAnyProcessBeforePersistenceEvent
 
+  In2code\Lux\Domain\Tracker\RateLimiter:
+    tags:
+      - name: 'event.listener'
+        identifier: 'lux/rateLimiter'
+        event: In2code\Lux\Events\StopAnyProcessBeforePersistenceEvent
+
   In2code\Lux\Domain\Tracker\UtmTracker:
     public: true
     tags:
diff --git a/Documentation/Technical/Changelog/Index.md b/Documentation/Technical/Changelog/Index.md
@@ -9,6 +9,7 @@
 
 | Version    | Date       | State    | TYPO3         | Description                                                                                                                                                                                           |
 |------------|------------|----------|---------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| 42.0.0     | 2026-01-12 | Task     | `12.4 + 13.4` | Add ratelimit functionality against bot request flooding                                                                                                                                              |
 | 41.1.1     | 2026-01-06 | Bugfix   | `12.4 + 13.4` | Fix pagebrowser on some detail views in backend, don't create pagevisit entries for non-existing pages                                                                                                |
 | 41.1.0     | 2025-12-23 | Task     | `12.4 + 13.4` | CSS update for a better campaign layout                                                                                                                                                               |
 | 41.0.0     | 2025-12-18 | Task     | `12.4 + 13.4` | IP services were replaced (iplist.cc + ipapi.com with ipapi.is + ipapi.co) see for more details [IpAddresses.md](../../Privacy/IpAddresses.md)                                                        |
diff --git a/Documentation/Technical/Installation/Index.md b/Documentation/Technical/Installation/Index.md
@@ -20,7 +20,7 @@ Example composer.json file:
   "require": {
     "php": "^8.1",
     "typo3/cms": "^13.4",
-    "in2code/lux": "^38.0",
+    "in2code/lux": "^42.0",
   }
 }
 ```
@@ -66,6 +66,8 @@ If you click on the settings symbol for extension lux, you can change some basic
 | Advanced: Lead picture                        | Decide if TYPO3 should try to find an image of a lead by searching on gravatar.com (with hashed email) or on bing image search by given email domain (not full address).                                                                                                                                    |
 | Advanced: Show render time                    | For an easier debugging all views in backend can be shown with render times. This is only visible for backend administrators.                                                                                                                                                                               |
 | Advanced: Use cache layer                     | If you are facing performance issues with lux backend modules or with the page overview view (quick analysis), you can cache views (e.g. for 24h) when turning the feature on. In addition there is a command that can be executed via scheduler task to warmup caches (e.g. every night).                  |
+| Advanced: Enable rate limiting                | Protect tracking endpoints from abuse by limiting requests per fingerprint. Recommended to keep enabled.                                                                                                                                                                                                    |
+| Advanced: Rate limit requests per minute      | Maximum number of tracking requests allowed per fingerprint per minute. Default is 100.                                                                                                                                                                                                                     |
 
 #### 3. Add TypoScript
 
diff --git a/Makefile b/Makefile
@@ -73,6 +73,17 @@ composer-install:
 	mkdir -p $(SQLDUMPSDIR)
 	mkdir -p $(WEBROOT)/$(TYPO3_CACHE_DIR)
 
+## Create .config/claude-code directory and download latest claude-code-instructions
+.create-claude-config-dir:
+	echo "$(EMOJI_dividers) Creating .config/claude-code directory"
+	mkdir -p .config/claude-code
+	echo "$(EMOJI_receive) Downloading latest claude-code-instructions from GitHub"
+	curl -L https://github.com/in2code-de/claude-code-instructions/archive/refs/heads/main.zip -o /tmp/claude-code-instructions.zip
+	unzip -o /tmp/claude-code-instructions.zip -d /tmp/
+	cp -r /tmp/claude-code-instructions-main/* .config/claude-code/
+	rm -rf /tmp/claude-code-instructions.zip /tmp/claude-code-instructions-main
+	echo "$(EMOJI_thumbsup) Claude Code instructions installed"
+
 ## Install mkcert on this computer, skips installation if already present
 .install-mkcert:
 	if [[ "$$OSTYPE" == "linux-gnu" ]]; then \
@@ -174,7 +185,7 @@ typo3-clearcache:
 	tar xvfz ../../.project/data/fileadmin.tar.gz
 
 ## To start an existing project incl. rsync from fileadmin, uploads and database dump
-install-project: .lfs-fetch .link-compose-file destroy .add-hosts-entry .init-docker .fix-mount-perms composer-install .typo3-add-site .typo3-add-dockerconfig .provision-fileadmin mysql-restore typo3-comparedb typo3-clearcache .typo3-setupinstall lux-demodata
+install-project: .lfs-fetch .link-compose-file destroy .add-hosts-entry .init-docker .fix-mount-perms .create-claude-config-dir composer-install .typo3-add-site .typo3-add-dockerconfig .provision-fileadmin mysql-restore typo3-comparedb typo3-clearcache .typo3-setupinstall lux-demodata
 	echo "---------------------"
 	echo ""
 	echo "The project is online $(EMOJI_thumbsup)"
diff --git a/Tests/Unit/Domain/Tracker/RateLimiterTest.php b/Tests/Unit/Domain/Tracker/RateLimiterTest.php
diff --git a/ext_conf_template.txt b/ext_conf_template.txt
diff --git a/ext_emconf.php b/ext_emconf.php
diff --git a/ext_localconf.php b/ext_localconf.php
