Automattic\WooCommerce\StoreApi
Authentication::apply_rate_limiting()
Applies Rate Limiting to the request, and passes through any errors from other authentication methods used before this one.
Method of the class: Authentication{}
Hooks from the method
Return
\WP_Error|null|true|false.
Usage
// protected - for code of main (parent) or child class $result = $this->apply_rate_limiting( $result );
- $result(\WP_Error|mixed) (required)
- Error from another authentication handler, null if we should handle it, or another value if not.
Authentication::apply_rate_limiting() Authentication::apply rate limiting code WC 8.7.0
protected function apply_rate_limiting( $result ) {
$rate_limiting_options = RateLimits::get_options();
if ( $rate_limiting_options->enabled ) {
$action_id = 'store_api_request_';
if ( is_user_logged_in() ) {
$action_id .= get_current_user_id();
} else {
$ip_address = self::get_ip_address( $rate_limiting_options->proxy_support );
$action_id .= md5( $ip_address );
}
$retry = RateLimits::is_exceeded_retry_after( $action_id );
$server = rest_get_server();
$server->send_header( 'RateLimit-Limit', $rate_limiting_options->limit );
if ( false !== $retry ) {
$server->send_header( 'RateLimit-Retry-After', $retry );
$server->send_header( 'RateLimit-Remaining', 0 );
$server->send_header( 'RateLimit-Reset', time() + $retry );
$ip_address = $ip_address ?? self::get_ip_address( $rate_limiting_options->proxy_support );
/**
* Fires when the rate limit is exceeded.
*
* @since 8.9.0
*
* @param string $ip_address The IP address of the request.
*/
do_action( 'woocommerce_store_api_rate_limit_exceeded', $ip_address );
return new \WP_Error(
'rate_limit_exceeded',
sprintf(
'Too many requests. Please wait %d seconds before trying again.',
$retry
),
array( 'status' => 400 )
);
}
$rate_limit = RateLimits::update_rate_limit( $action_id );
$server->send_header( 'RateLimit-Remaining', $rate_limit->remaining );
$server->send_header( 'RateLimit-Reset', $rate_limit->reset );
}
return $result;
}