AC-1271: Add rate limiting for payment information endpoint and mutation

Author: arhiopterecs

app/code/Magento/Quote/Model/Backpressure/OrderLimitConfigManager.php

@@ -11,8 +11,10 @@
 use Magento\Framework\App\Backpressure\ContextInterface;
 use Magento\Framework\App\Backpressure\SlidingWindow\LimitConfig;
 use Magento\Framework\App\Backpressure\SlidingWindow\LimitConfigManagerInterface;
+use Magento\Framework\App\Backpressure\SlidingWindow\RequestLoggerInterface;
 use Magento\Framework\App\Config\ScopeConfigInterface;
-use Magento\Framework\App\ObjectManager;
+use Magento\Framework\App\DeploymentConfig;
+use Magento\Framework\Exception\FileSystemException;
 use Magento\Framework\Exception\RuntimeException;
 use Magento\Store\Model\ScopeInterface;
 
@@ -28,12 +30,21 @@ class OrderLimitConfigManager implements LimitConfigManagerInterface
      */
     private ScopeConfigInterface $config;
 
+    /**
+     * @var DeploymentConfig
+     */
+    private DeploymentConfig $deploymentConfig;
+
     /**
      * @param ScopeConfigInterface $config
+     * @param DeploymentConfig $deploymentConfig
      */
-    public function __construct(ScopeConfigInterface $config)
-    {
+    public function __construct(
+        ScopeConfigInterface $config,
+        DeploymentConfig $deploymentConfig
+    ) {
         $this->config = $config;
+        $this->deploymentConfig = $deploymentConfig;
     }
 
     /**
@@ -62,73 +73,50 @@ public function readLimit(ContextInterface $context): LimitConfig
      * Checks if enforcement enabled for the current store
      *
      * @return bool
+     * @throws RuntimeException
+     * @throws FileSystemException
      */
     public function isEnforcementEnabled(): bool
     {
+        $loggerType = $this->deploymentConfig->get(RequestLoggerInterface::CONFIG_PATH_BACKPRESSURE_LOGGER);
         $enabled = $this->config->isSetFlag('sales/backpressure/enabled', ScopeInterface::SCOPE_STORE);
-        if (!$enabled) {
-            return false;
-        }
-
-        try {
-            $this->fetchPeriod();
-            $this->fetchAuthenticatedLimit();
-            $this->fetchGuestLimit();
-        } catch (RuntimeException $ex) {
-            return false;
+        if ($loggerType && $enabled) {
+            return true;
         }
 
-        return true;
+        return false;
     }
 
     /**
      * Limit for authenticated customers
      *
      * @return int
-     * @throws RuntimeException
      */
     private function fetchAuthenticatedLimit(): int
     {
-        $value = (int)$this->config->getValue('sales/backpressure/limit', ScopeInterface::SCOPE_STORE);
-        if ($value <= 0) {
-            throw new RuntimeException(__("Invalid order backpressure limit config"));
-        }
-
-        return $value;
+        return (int)$this->config->getValue('sales/backpressure/limit', ScopeInterface::SCOPE_STORE);
     }
 
     /**
      * Limit for guests
      *
      * @return int
-     * @throws RuntimeException
      */
     private function fetchGuestLimit(): int
     {
-        $value = (int)$this->config->getValue(
+        return (int)$this->config->getValue(
             'sales/backpressure/guest_limit',
             ScopeInterface::SCOPE_STORE
         );
-        if ($value <= 0) {
-            throw new RuntimeException(__("Invalid order backpressure guest limit config"));
-        }
-
-        return $value;
     }
 
     /**
      * Counter reset period
      *
      * @return int
-     * @throws RuntimeException
      */
     private function fetchPeriod(): int
     {
-        $value = (int)$this->config->getValue('sales/backpressure/period', ScopeInterface::SCOPE_STORE);
-        if ($value <= 0) {
-            throw new RuntimeException(__("Invalid order backpressure counter reset period config"));
-        }
-
-        return $value;
+       return (int)$this->config->getValue('sales/backpressure/period', ScopeInterface::SCOPE_STORE);
     }
 }

app/etc/di.xml

@@ -1980,8 +1980,8 @@
     </type>
     <preference for="Magento\Framework\App\BackpressureEnforcerInterface"
                 type="Magento\Framework\App\Backpressure\SlidingWindow\SlidingWindowEnforcer"/>
-    <preference for="Magento\Framework\App\Backpressure\SlidingWindow\RequestLoggerInterface"
-                type="Magento\Framework\App\Backpressure\SlidingWindow\CacheRequestLogger"/>
+    <preference for="Magento\Framework\App\Backpressure\SlidingWindow\RequestLoggerFactoryInterface"
+                type="Magento\Framework\App\Backpressure\SlidingWindow\RequestLoggerFactory"/>
     <preference for="Magento\Framework\App\Backpressure\SlidingWindow\LimitConfigManagerInterface"
                 type="Magento\Framework\App\Backpressure\SlidingWindow\CompositeLimitConfigManager"/>
     <preference for="Magento\Framework\App\Request\Backpressure\RequestTypeExtractorInterface"
@@ -1993,9 +1993,11 @@
             <argument name="extractors" xsi:type="array" />
         </arguments>
     </type>
-    <type name="Magento\Framework\App\Backpressure\SlidingWindow\CacheRequestLogger">
+    <type name="Magento\Framework\App\Backpressure\SlidingWindow\RequestLoggerFactory">
         <arguments>
-            <argument name="cache" xsi:type="object">Magento\Framework\App\Cache\Type\Config</argument>
+            <argument name="types" xsi:type="array">
+                <item name="redis" xsi:type="string">\Magento\Framework\App\Backpressure\SlidingWindow\RedisRequestLogger</item>
+            </argument>
         </arguments>
     </type>
     <preference for="Magento\Framework\Filter\Input\PurifierInterface" type="Magento\Framework\Filter\Input\Purifier"/>

dev/tests/integration/testsuite/Magento/Framework/App/Backpressure/SlidingWindow/CacheRequestLoggerTest.php

@@ -19,7 +19,7 @@
 class CacheRequestLoggerTest extends TestCase
 {
     /**
-     * @var CacheRequestLogger
+     * @var RedisRequestLogger
      */
     private $model;
 
@@ -35,7 +35,7 @@ protected function setUp(): void
     {
         parent::setUp();
 
-        $this->model = Bootstrap::getObjectManager()->get(CacheRequestLogger::class);
+        $this->model = Bootstrap::getObjectManager()->get(RedisRequestLogger::class);
     }
 
     /**