Skip to content

fix: rate limit migration assistant routes#198

Open
Jozsef Damokos (jozsefdamokos) wants to merge 2 commits into
trunkfrom
fix/migration-assistant-rate-limits
Open

fix: rate limit migration assistant routes#198
Jozsef Damokos (jozsefdamokos) wants to merge 2 commits into
trunkfrom
fix/migration-assistant-rate-limits

Conversation

@jozsefdamokos

@jozsefdamokos Jozsef Damokos (jozsefdamokos) commented Jun 10, 2026
edited
Loading

Copy link
Copy Markdown
Member
  • add dedicated rate limiting to migration assistant log access and download endpoints
  • keep the limiter definitions inside the plugin by registering them through a compiler pass
  • cover the new limiter behavior with focused controller and unit tests

Fixes: shopware/shopware#16571

@jozsefdamokos Jozsef Damokos (jozsefdamokos) marked this pull request as draft June 10, 2026 14:02
@jozsefdamokos Jozsef Damokos (jozsefdamokos) marked this pull request as ready for review June 11, 2026 10:46
larskemper
Lars Kemper (larskemper) approved these changes Jun 12, 2026
View reviewed changes
Comment thread src/RateLimiter/MigrationApiRateLimiter.php
Comment on lines +27 to +35
public function ensureLogAccessAccepted(Request $request): void
{
$this->rateLimiter->ensureAccepted(self::LOG_ACCESS, $this->resolveKey($request));
}

public function ensureDownloadAccepted(Request $request): void
{
$this->rateLimiter->ensureAccepted(self::DOWNLOAD, $this->resolveKey($request));
}

@larskemper Lars Kemper (larskemper) Jun 12, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this per limit, one method a platform thing? I would rather go with a single method that takes request and limiter key

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@larskemper Lars Kemper (larskemper) larskemper approved these changes

@jc-sw-git Juri Himmelreich (jc-sw-git) jc-sw-git approved these changes

@DennisGarding Dennis Garding (DennisGarding) Awaiting requested review from DennisGarding DennisGarding was automatically assigned from shopware/product-cc-after-sales

@vintagesucks Nikolas Evers (vintagesucks) Awaiting requested review from vintagesucks vintagesucks was automatically assigned from shopware/product-cc-after-sales

@MalteJanz Malte Janz (MalteJanz) Awaiting requested review from MalteJanz MalteJanz was automatically assigned from shopware/product-cc-after-sales

At least 2 approving reviews are required to merge this pull request.

Assignees

@jozsefdamokos Jozsef Damokos (jozsefdamokos)

Labels

qi/candidate

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add rate limits to migration assistant routes

3 participants

@jozsefdamokos @larskemper @jc-sw-git