AC-1271: Add rate limiting for payment information endpoint and mutation

Author: arhiopterecs

app/code/Magento/Quote/Model/Backpressure/Config/LimitValue.php

@@ -12,12 +12,14 @@
 use Magento\Framework\Exception\LocalizedException;
 
 /**
- * Handles backpressure limit config value.
+ * Handles backpressure limit config value
  */
 class LimitValue extends Value
 {
     /**
      * @inheritDoc
+     *
+     * @throws LocalizedException
      */
     public function beforeSave()
     {

app/code/Magento/Quote/Model/Backpressure/Config/PeriodSource.php

@@ -11,7 +11,7 @@
 use Magento\Framework\Data\OptionSourceInterface;
 
 /**
- * Provides selection of limited periods.
+ * Provides selection of limited periods
  */
 class PeriodSource implements OptionSourceInterface
 {

app/code/Magento/Quote/Model/Backpressure/Config/PeriodValue.php

@@ -8,12 +8,17 @@
 
 namespace Magento\Quote\Model\Backpressure\Config;
 
+use Magento\Framework\App\Cache\TypeListInterface;
 use Magento\Framework\App\Config\ScopeConfigInterface;
 use Magento\Framework\App\Config\Value;
+use Magento\Framework\Data\Collection\AbstractDb;
 use Magento\Framework\Exception\LocalizedException;
+use Magento\Framework\Model\Context;
+use Magento\Framework\Model\ResourceModel\AbstractResource;
+use Magento\Framework\Registry;
 
 /**
- * Handles backpressure "period" config value.
+ * Handles backpressure "period" config value
  */
 class PeriodValue extends Value
 {
@@ -23,24 +28,23 @@ class PeriodValue extends Value
     private PeriodSource $source;
 
     /**
-     * PeriodValue constructor.
-     * @param \Magento\Framework\Model\Context $context
-     * @param \Magento\Framework\Registry $registry
+     * @param Context $context
+     * @param Registry $registry
      * @param ScopeConfigInterface $config
-     * @param \Magento\Framework\App\Cache\TypeListInterface $cacheTypeList
+     * @param TypeListInterface $cacheTypeList
      * @param PeriodSource $source
-     * @param \Magento\Framework\Model\ResourceModel\AbstractResource|null $resource
-     * @param \Magento\Framework\Data\Collection\AbstractDb|null $resourceCollection
+     * @param AbstractResource|null $resource
+     * @param AbstractDb|null $resourceCollection
      * @param array $data
      */
     public function __construct(
-        \Magento\Framework\Model\Context $context,
-        \Magento\Framework\Registry $registry,
+        Context $context,
+        Registry $registry,
         ScopeConfigInterface $config,
-        \Magento\Framework\App\Cache\TypeListInterface $cacheTypeList,
+        TypeListInterface $cacheTypeList,
         PeriodSource $source,
-        \Magento\Framework\Model\ResourceModel\AbstractResource $resource = null,
-        \Magento\Framework\Data\Collection\AbstractDb $resourceCollection = null,
+        AbstractResource $resource = null,
+        AbstractDb $resourceCollection = null,
         array $data = []
     ) {
         parent::__construct($context, $registry, $config, $cacheTypeList, $resource, $resourceCollection, $data);
@@ -55,7 +59,7 @@ public function __construct(
     public function beforeSave()
     {
         if ($this->isValueChanged()) {
-            $value = (string) $this->getValue();
+            $value = (string)$this->getValue();
             if (!array_key_exists($value, $this->source->toOptionArray())) {
                 throw new LocalizedException(__('Please select a valid rate limit period'));
             }

app/code/Magento/Quote/Model/Backpressure/OrderLimitConfigManager.php

@@ -12,10 +12,12 @@
 use Magento\Framework\App\Backpressure\SlidingWindow\LimitConfig;
 use Magento\Framework\App\Backpressure\SlidingWindow\LimitConfigManagerInterface;
 use Magento\Framework\App\Config\ScopeConfigInterface;
+use Magento\Framework\App\ObjectManager;
+use Magento\Framework\Exception\RuntimeException;
 use Magento\Store\Model\ScopeInterface;
 
 /**
- * Provides backpressure limits for ordering.
+ * Provides backpressure limits for ordering
  */
 class OrderLimitConfigManager implements LimitConfigManagerInterface
 {
@@ -36,20 +38,34 @@ public function __construct(ScopeConfigInterface $config)
 
     /**
      * @inheritDoc
+     *
+     * @throws RuntimeException
      */
     public function readLimit(ContextInterface $context): LimitConfig
     {
-        if ($context->getIdentityType() === ContextInterface::IDENTITY_TYPE_IP) {
-            $limit = $this->fetchGuestLimit();
-        } else {
-            $limit = $this->fetchAuthenticatedLimit();
+        switch ($context->getIdentityType()) {
+            case ContextInterface::IDENTITY_TYPE_ADMIN:
+            case ContextInterface::IDENTITY_TYPE_CUSTOMER:
+                $limit = $this->fetchAuthenticatedLimit();
+                break;
+            case ContextInterface::IDENTITY_TYPE_IP:
+                $limit = $this->fetchGuestLimit();
+                break;
+            default:
+                throw new RuntimeException(__("Identity type not found"));
         }
 
-        return new LimitConfig($limit, $this->fetchPeriod());
+        return ObjectManager::getInstance()->create(
+            LimitConfig::class,
+            [
+                $limit,
+                $this->fetchPeriod()
+            ]
+        );
     }
 
     /**
-     * Is enforcement enabled for current store?
+     * Checks if enforcement enabled for the current store
      *
      * @return bool
      */
@@ -64,53 +80,59 @@ public function isEnforcementEnabled(): bool
             $this->fetchPeriod();
             $this->fetchAuthenticatedLimit();
             $this->fetchGuestLimit();
-        } catch (\RuntimeException $ex) {
+        } catch (RuntimeException $ex) {
             return false;
         }
 
         return true;
     }
 
     /**
-     * Limit for authenticated customers.
+     * Limit for authenticated customers
      *
      * @return int
+     * @throws RuntimeException
      */
     private function fetchAuthenticatedLimit(): int
     {
-        $value = (int) $this->config->getValue('sales/backpressure/limit', ScopeInterface::SCOPE_STORE);
+        $value = (int)$this->config->getValue('sales/backpressure/limit', ScopeInterface::SCOPE_STORE);
         if ($value <= 0) {
-            throw new \RuntimeException("Invalid order backpressure config");
+            throw new RuntimeException(__("Invalid order backpressure limit config"));
         }
 
         return $value;
     }
 
     /**
-     * Limit for guests.
+     * Limit for guests
      *
      * @return int
+     * @throws RuntimeException
      */
     private function fetchGuestLimit(): int
     {
-        $value = (int) $this->config->getValue('sales/backpressure/guest_limit', ScopeInterface::SCOPE_STORE);
+        $value = (int)$this->config->getValue(
+            'sales/backpressure/guest_limit',
+            ScopeInterface::SCOPE_STORE
+        );
         if ($value <= 0) {
-            throw new \RuntimeException("Invalid order backpressure config");
+            throw new RuntimeException(__("Invalid order backpressure guest limit config"));
         }
 
         return $value;
     }
 
     /**
-     * Counter reset preiod.
+     * Counter reset period
      *
      * @return int
+     * @throws RuntimeException
      */
     private function fetchPeriod(): int
     {
-        $value = (int) $this->config->getValue('sales/backpressure/period', ScopeInterface::SCOPE_STORE);
+        $value = (int)$this->config->getValue('sales/backpressure/period', ScopeInterface::SCOPE_STORE);
         if ($value <= 0) {
-            throw new \RuntimeException("Invalid order backpressure config");
+            throw new RuntimeException(__("Invalid order backpressure counter reset period config"));
         }
 
         return $value;

app/code/Magento/Quote/Model/Backpressure/WebapiRequestTypeExtractor.php

@@ -13,10 +13,12 @@
 use Magento\Quote\Api\GuestCartManagementInterface;
 
 /**
- * Identifies which checkout related functionality needs backpressure management.
+ * Identifies which checkout related functionality needs backpressure management
  */
 class WebapiRequestTypeExtractor implements BackpressureRequestTypeExtractorInterface
 {
+    private const METHOD = 'placeOrder';
+
     /**
      * @var OrderLimitConfigManager
      */
@@ -35,8 +37,8 @@ public function __construct(OrderLimitConfigManager $config)
      */
     public function extract(string $service, string $method, string $endpoint): ?string
     {
-        if (($service === CartManagementInterface::class || $service === GuestCartManagementInterface::class)
-            && $method === 'placeOrder'
+        if (in_array($service, [CartManagementInterface::class, GuestCartManagementInterface::class])
+            && $method === self::METHOD
             && $this->config->isEnforcementEnabled()
         ) {
             return OrderLimitConfigManager::REQUEST_TYPE_ID;

app/code/Magento/Quote/etc/adminhtml/system.xml

@@ -27,15 +27,24 @@
                 <field id="limit" translate="label" type="text" sortOrder="2" showInDefault="1" showInWebsite="1" showInStore="1" canRestore="1">
                     <label>Requests limit per authenticated customer</label>
                     <backend_model>Magento\Quote\Model\Backpressure\Config\LimitValue</backend_model>
+                    <depends>
+                        <field id="enabled">1</field>
+                    </depends>
                 </field>
                 <field id="guest_limit" translate="label" type="text" sortOrder="3" showInDefault="1" showInWebsite="1" showInStore="1" canRestore="1">
                     <label>Requests limit per guest</label>
                     <backend_model>Magento\Quote\Model\Backpressure\Config\LimitValue</backend_model>
+                    <depends>
+                        <field id="enabled">1</field>
+                    </depends>
                 </field>
                 <field id="period" translate="label" type="select" sortOrder="4" showInDefault="1" showInWebsite="1" showInStore="1" canRestore="1">
                     <label>Counter resets in a ...</label>
                     <source_model>Magento\Quote\Model\Backpressure\Config\PeriodSource</source_model>
                     <backend_model>Magento\Quote\Model\Backpressure\Config\PeriodValue</backend_model>
+                    <depends>
+                        <field id="enabled">1</field>
+                    </depends>
                 </field>
             </group>
         </section>

app/code/Magento/Quote/i18n/en_US.csv

@@ -69,3 +69,7 @@ Carts,Carts
 "Validated Country Code","Validated Country Code"
 "Validated Vat Number","Validated Vat Number"
 "Invalid Quote Item id %1","Invalid Quote Item id %1"
+"Number above 0 is required for the limit","Number above 0 is required for the limit"
+"Please select a valid rate limit period","Please select a valid rate limit period"
+"Identity type not found","Identity type not found"
+"Invalid order backpressure limit config","Invalid order backpressure limit config"