From 1f71919f0b79738d8ff963da2154be4782a99d80 Mon Sep 17 00:00:00 2001
From: Graham Campbell <graham@mineuk.com>
Date: Mon, 29 Dec 2014 21:58:30 +0000
Subject: [PATCH 1/3] Added login throttling

---
 app/config/app.php                            |  6 +-
 app/config/packages/.gitkeep                  |  0
 .../graham-campbell/throttle/config.php       | 35 ++++++++++++
 app/controllers/AuthController.php            |  1 +
 app/filters.php                               |  1 +
 app/filters/LoginThrottlingFilter.php         | 16 ++++++
 app/routes/auth.php                           |  2 +-
 composer.json                                 |  1 +
 composer.lock                                 | 56 ++++++++++++++++++-
 9 files changed, 114 insertions(+), 4 deletions(-)
 delete mode 100644 app/config/packages/.gitkeep
 create mode 100644 app/config/packages/graham-campbell/throttle/config.php
 create mode 100644 app/filters/LoginThrottlingFilter.php

diff --git a/app/config/app.php b/app/config/app.php
index abbc4d15..9ccd9b63 100644
--- a/app/config/app.php
+++ b/app/config/app.php
@@ -123,6 +123,7 @@ return [
         'Illuminate\Workbench\WorkbenchServiceProvider',
 
         'Dingo\Api\Provider\ApiServiceProvider',
+        'GrahamCampbell\Throttle\ThrottleServiceProvider',
         'Thujohn\Rss\RssServiceProvider',
 
         'CachetHQ\Cachet\Support\ServiceProviders\RepositoryServiceProvider',
@@ -196,8 +197,9 @@ return [
         'Validator'         => 'Illuminate\Support\Facades\Validator',
         'View'              => 'Illuminate\Support\Facades\View',
 
-        'API' => 'Dingo\Api\Facade\API',
-        'RSS' => 'Thujohn\Rss\RssFacade',
+        'API'      => 'Dingo\Api\Facade\API',
+        'Throttle' => 'GrahamCampbell\Throttle\Facades\Throttle',
+        'RSS'      => 'Thujohn\Rss\RssFacade',
 
     ],
 
diff --git a/app/config/packages/.gitkeep b/app/config/packages/.gitkeep
deleted file mode 100644
index e69de29b..00000000
diff --git a/app/config/packages/graham-campbell/throttle/config.php b/app/config/packages/graham-campbell/throttle/config.php
new file mode 100644
index 00000000..cc8241a8
--- /dev/null
+++ b/app/config/packages/graham-campbell/throttle/config.php
@@ -0,0 +1,35 @@
+<?php
+
+/*
+ * This file is part of Laravel Throttle by Graham Campbell.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at http://bit.ly/UWsjkb.
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+return [
+
+    /*
+    |--------------------------------------------------------------------------
+    | Cache Driver
+    |--------------------------------------------------------------------------
+    |
+    | This defines the cache driver to be used. It may be the name of any
+    | driver set in app/config/cache.php. Setting it to null will use the
+    | driver you have set as default in app/config/cache.php. Please note that
+    | a driver that supports cache tags is required.
+    |
+    | Default: null
+    |
+    */
+
+    'driver' => null,
+
+];
diff --git a/app/controllers/AuthController.php b/app/controllers/AuthController.php
index 900536a8..ff873a76 100644
--- a/app/controllers/AuthController.php
+++ b/app/controllers/AuthController.php
@@ -23,6 +23,7 @@ class AuthController extends Controller
         if (Auth::attempt(Input::only(['email', 'password']))) {
             return Redirect::intended('dashboard');
         } else {
+            Throttle::hit(Request::instance(), 10, 10);
             return Redirect::back()
                            ->withInput(Input::except('password'))
                            ->with('error', 'Invalid email or password');
diff --git a/app/filters.php b/app/filters.php
index e864343f..5092c7a6 100644
--- a/app/filters.php
+++ b/app/filters.php
@@ -4,6 +4,7 @@ Route::filter('is_setup', 'IsSetupFilter');
 Route::filter('has_setting', 'HasSettingFilter');
 Route::filter('cors', 'CORSFilter');
 Route::filter('allowed_domains', 'AllowedDomainsFilter');
+Route::filter('login_throttling', 'LoginThrottlingFilter');
 
 /*
 |--------------------------------------------------------------------------
diff --git a/app/filters/LoginThrottlingFilter.php b/app/filters/LoginThrottlingFilter.php
new file mode 100644
index 00000000..b7839e11
--- /dev/null
+++ b/app/filters/LoginThrottlingFilter.php
@@ -0,0 +1,16 @@
+<?php
+
+class LoginThrottlingFilter
+{
+    public function filter($route, $request, $response)
+    {
+        // check if we've reached the rate limit, but don't hit the throttle yet
+        // we can hit the throttle later on in the if validation passes
+        if (!Throttle::check($request, 10, 10)) {
+            return Redirect::back()
+                ->with('error', 'You have made too many login requests.');
+        }
+
+        return $response;
+    }
+}
diff --git a/app/routes/auth.php b/app/routes/auth.php
index 8b495a2c..520a0d28 100644
--- a/app/routes/auth.php
+++ b/app/routes/auth.php
@@ -2,7 +2,7 @@
 
 Route::group(['before' => 'has_setting:app_name'], function () {
     Route::get('/auth/login', ['before' => 'guest', 'as' => 'login', 'uses' => 'AuthController@showLogin']);
-    Route::post('/auth/login', ['before' => 'guest|csrf', 'as' => 'logout', 'uses' => 'AuthController@postLogin']);
+    Route::post('/auth/login', ['before' => 'guest|csrf|login_throttling', 'as' => 'logout', 'uses' => 'AuthController@postLogin']);
 });
 
 Route::get('/auth/logout', ['before' => 'auth', 'as' => 'logout', 'uses' => 'AuthController@logoutAction']);
diff --git a/composer.json b/composer.json
index c3011c37..f484b87f 100644
--- a/composer.json
+++ b/composer.json
@@ -13,6 +13,7 @@
         "laravel/framework": "4.2.*",
         "guzzlehttp/guzzle": "~5.0",
         "dingo/api": "0.8.*",
+        "graham-campbell/throttle": "~2.0",
         "watson/validating": "0.10.*",
         "thujohn/rss": "~1.0",
         "doctrine/dbal": "2.5.*",
diff --git a/composer.lock b/composer.lock
index 1f2f7007..c6227b5f 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at http://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
         "This file is @generated automatically"
     ],
-    "hash": "2b05058fab4b2fa831e500985b506c1f",
+    "hash": "def3f0fcb615467e21e9eccf44a39a73",
     "packages": [
         {
             "name": "classpreloader/classpreloader",
@@ -768,6 +768,59 @@
             ],
             "time": "2014-10-26 09:05:09"
         },
+        {
+            "name": "graham-campbell/throttle",
+            "version": "v2.0.1",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/GrahamCampbell/Laravel-Throttle.git",
+                "reference": "0c75b729efa7dea6ec8e4182bf3f5ebe0cb9f003"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/GrahamCampbell/Laravel-Throttle/zipball/0c75b729efa7dea6ec8e4182bf3f5ebe0cb9f003",
+                "reference": "0c75b729efa7dea6ec8e4182bf3f5ebe0cb9f003",
+                "shasum": ""
+            },
+            "require": {
+                "illuminate/cache": "~4.1",
+                "illuminate/http": "~4.1",
+                "illuminate/support": "~4.1",
+                "php": ">=5.4.7"
+            },
+            "require-dev": {
+                "graham-campbell/testbench": "~1.0"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "GrahamCampbell\\Throttle\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "Apache-2.0"
+            ],
+            "authors": [
+                {
+                    "name": "Graham Campbell",
+                    "email": "graham@mineuk.com"
+                }
+            ],
+            "description": "Throttle Is A Rate Limiter For Laravel 4.1/4.2",
+            "keywords": [
+                "Graham Campbell",
+                "GrahamCampbell",
+                "Laravel Throttle",
+                "Laravel-Throttle",
+                "framework",
+                "laravel",
+                "rate limit",
+                "throttle",
+                "throttling"
+            ],
+            "time": "2014-10-30 13:45:51"
+        },
         {
             "name": "guzzlehttp/guzzle",
             "version": "5.1.0",
@@ -3477,6 +3530,7 @@
     "minimum-stability": "stable",
     "stability-flags": [],
     "prefer-stable": false,
+    "prefer-lowest": false,
     "platform": {
         "php": ">=5.4"
     },

From 4d1246dcf6092b473628dfc4cccec41c5f7f33d0 Mon Sep 17 00:00:00 2001
From: Graham Campbell <graham@mineuk.com>
Date: Mon, 29 Dec 2014 23:02:19 +0000
Subject: [PATCH 2/3] Use apc for caching by default

---
 app/config/cache.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/config/cache.php b/app/config/cache.php
index ee54b62d..4ad3f23f 100644
--- a/app/config/cache.php
+++ b/app/config/cache.php
@@ -15,7 +15,7 @@ return [
     |
     */
 
-    'driver' => 'file',
+    'driver' => 'apc',
 
     /*
     |--------------------------------------------------------------------------

From 15861fbf5e647c659ef1b57796bf4c40527132c0 Mon Sep 17 00:00:00 2001
From: Graham Campbell <graham@mineuk.com>
Date: Mon, 29 Dec 2014 23:07:46 +0000
Subject: [PATCH 3/3] CS fixes

---
 app/controllers/AuthController.php          |  6 +++++-
 app/controllers/DashComponentController.php | 14 ++++++++++++--
 app/controllers/DashIncidentController.php  |  9 ++++++++-
 app/controllers/DashSettingsController.php  |  2 ++
 app/controllers/DashUserController.php      |  2 ++
 app/controllers/DashboardController.php     |  3 +++
 app/controllers/HomeController.php          | 12 +++++++++++-
 app/controllers/RSSController.php           | 19 +++++++++----------
 app/controllers/SetupController.php         |  7 +++++++
 9 files changed, 59 insertions(+), 15 deletions(-)

diff --git a/app/controllers/AuthController.php b/app/controllers/AuthController.php
index ff873a76..688b4ccb 100644
--- a/app/controllers/AuthController.php
+++ b/app/controllers/AuthController.php
@@ -1,12 +1,13 @@
 <?php
 
 /**
- * Logs users into their account
+ * Logs users into their account.
  */
 class AuthController extends Controller
 {
     /**
      * Shows the login view.
+     *
      * @return \Illuminate\View\View
      */
     public function showLogin()
@@ -16,6 +17,7 @@ class AuthController extends Controller
 
     /**
      * Logs the user in.
+     *
      * @return \Illuminate\Http\RedirectResponse
      */
     public function postLogin()
@@ -24,6 +26,7 @@ class AuthController extends Controller
             return Redirect::intended('dashboard');
         } else {
             Throttle::hit(Request::instance(), 10, 10);
+
             return Redirect::back()
                            ->withInput(Input::except('password'))
                            ->with('error', 'Invalid email or password');
@@ -32,6 +35,7 @@ class AuthController extends Controller
 
     /**
      * Logs the user out, deleting their session etc.
+     *
      * @return \Illuminate\Http\RedirectResponse
      */
     public function logoutAction()
diff --git a/app/controllers/DashComponentController.php b/app/controllers/DashComponentController.php
index 157113df..19d06e3b 100644
--- a/app/controllers/DashComponentController.php
+++ b/app/controllers/DashComponentController.php
@@ -4,6 +4,7 @@ class DashComponentController extends Controller
 {
     /**
      * Shows the components view.
+     *
      * @return \Illuminate\View\View
      */
     public function showComponents()
@@ -18,7 +19,9 @@ class DashComponentController extends Controller
 
     /**
      * Shows the edit component view.
-     * @param  Component             $component
+     *
+     * @param \Component $component
+     *
      * @return \Illuminate\View\View
      */
     public function showEditComponent(Component $component)
@@ -31,6 +34,9 @@ class DashComponentController extends Controller
 
     /**
      * Updates a component.
+     *
+     * @param \Component $component
+     *
      * @return \Illuminate\Http\RedirectResponse
      */
     public function updateComponentAction(Component $component)
@@ -43,6 +49,7 @@ class DashComponentController extends Controller
 
     /**
      * Shows the add component view.
+     *
      * @return \Illuminate\View\View
      */
     public function showAddComponent()
@@ -54,6 +61,7 @@ class DashComponentController extends Controller
 
     /**
      * Creates a new component.
+     *
      * @return \Illuminate\Http\RedirectResponse
      */
     public function createComponentAction()
@@ -66,7 +74,9 @@ class DashComponentController extends Controller
 
     /**
      * Deletes a given component.
-     * @param  Component                         $component
+     *
+     * @param \Component $component
+     *
      * @return \Illuminate\Http\RedirectResponse
      */
     public function deleteComponentAction(Component $component)
diff --git a/app/controllers/DashIncidentController.php b/app/controllers/DashIncidentController.php
index acf8008b..8ea2a7ac 100644
--- a/app/controllers/DashIncidentController.php
+++ b/app/controllers/DashIncidentController.php
@@ -4,6 +4,7 @@ class DashIncidentController extends Controller
 {
     /**
      * Shows the incidents view.
+     *
      * @return \Illuminate\View\View
      */
     public function showIncidents()
@@ -18,6 +19,7 @@ class DashIncidentController extends Controller
 
     /**
      * Shows the add incident view.
+     *
      * @return \Illuminate\View\View
      */
     public function showAddIncident()
@@ -29,6 +31,7 @@ class DashIncidentController extends Controller
 
     /**
      * Shows the add incident template view.
+     *
      * @return \Illuminate\View\View
      */
     public function showAddIncidentTemplate()
@@ -40,6 +43,7 @@ class DashIncidentController extends Controller
 
     /**
      * Creates a new incident template.
+     *
      * @return \Illuminate\Http\RedirectResponse
      */
     public function createIncidentTemplateAction()
@@ -52,6 +56,7 @@ class DashIncidentController extends Controller
 
     /**
      * Creates a new incident.
+     *
      * @return \Illuminate\Http\RedirectResponse
      */
     public function createIncidentAction()
@@ -64,7 +69,9 @@ class DashIncidentController extends Controller
 
     /**
      * Deletes a given incident.
-     * @param  Incident                          $incident
+     *
+     * @param \Incident $incident
+     *
      * @return \Illuminate\Http\RedirectResponse
      */
     public function deleteIncidentAction(Incident $incident)
diff --git a/app/controllers/DashSettingsController.php b/app/controllers/DashSettingsController.php
index 2cac37a9..c5091699 100644
--- a/app/controllers/DashSettingsController.php
+++ b/app/controllers/DashSettingsController.php
@@ -4,6 +4,7 @@ class DashSettingsController extends Controller
 {
     /**
      * Shows the settings view.
+     *
      * @return \Illuminate\View\View
      */
     public function showSettings()
@@ -15,6 +16,7 @@ class DashSettingsController extends Controller
 
     /**
      * Updates the statsu page settings.
+     *
      * @return \Illuminate\View\View
      */
     public function postSettings()
diff --git a/app/controllers/DashUserController.php b/app/controllers/DashUserController.php
index 1b068285..4e18a0d4 100644
--- a/app/controllers/DashUserController.php
+++ b/app/controllers/DashUserController.php
@@ -4,6 +4,7 @@ class DashUserController extends Controller
 {
     /**
      * Shows the user view.
+     *
      * @return \Illuminate\View\View
      */
     public function showUser()
@@ -15,6 +16,7 @@ class DashUserController extends Controller
 
     /**
      * Updates the current user.
+     *
      * @return \Illuminate\View\View
      */
     public function postUser()
diff --git a/app/controllers/DashboardController.php b/app/controllers/DashboardController.php
index d78e2622..ffd9b641 100644
--- a/app/controllers/DashboardController.php
+++ b/app/controllers/DashboardController.php
@@ -4,6 +4,7 @@ class DashboardController extends Controller
 {
     /**
      * Shows the dashboard view.
+     *
      * @return \Illuminate\View\View
      */
     public function showDashboard()
@@ -14,6 +15,7 @@ class DashboardController extends Controller
 
     /**
      * Shows the metrics view.
+     *
      * @return \Illuminate\View\View
      */
     public function showMetrics()
@@ -25,6 +27,7 @@ class DashboardController extends Controller
 
     /**
      * Shows the notifications view.
+     *
      * @return \Illuminate\View\View
      */
     public function showNotifications()
diff --git a/app/controllers/HomeController.php b/app/controllers/HomeController.php
index 53ad9064..65925ae5 100644
--- a/app/controllers/HomeController.php
+++ b/app/controllers/HomeController.php
@@ -3,10 +3,19 @@
 class HomeController extends Controller
 {
     /**
-     * @var Component $component
+     * The component instance.
+     *
+     * @var \Component $component
      */
     protected $component;
 
+    /**
+     * Create a new home controller instance.
+     *
+     * @param \Component $component
+     *
+     * @return void
+     */
     public function __construct(Component $component)
     {
         $this->component = $component;
@@ -14,6 +23,7 @@ class HomeController extends Controller
 
     /**
      * Returns the rendered Blade templates.
+     *
      * @return \Illuminate\View\View
      */
     public function showIndex()
diff --git a/app/controllers/RSSController.php b/app/controllers/RSSController.php
index 53c4fe41..83188dc4 100644
--- a/app/controllers/RSSController.php
+++ b/app/controllers/RSSController.php
@@ -4,22 +4,23 @@ class RSSController extends Controller
 {
     /**
      * Generates an RSS feed of all incidents.
+     *
      * @return \Illuminate\Http\Response
      */
     public function feedAction()
     {
         $feed = RSS::feed('2.0', 'UTF-8');
         $feed->channel([
-            'title'         => Setting::get('app_name'),
-            'description'   => 'Status Feed',
-            'link'          => Setting::get('app_domain'),
+            'title'       => Setting::get('app_name'),
+            'description' => 'Status Feed',
+            'link'        => Setting::get('app_domain'),
         ]);
 
         Incident::get()->map(function ($incident) use ($feed) {
-            $componentName = null;
-            $component = $incident->component;
-            if ($component) {
-                $componentName = $component->name;
+            if ($incident->component) {
+                $componentName = $incident->component->name;
+            } else {
+                $componentName = null;
             }
 
             $feed->item([
@@ -32,8 +33,6 @@ class RSSController extends Controller
             ]);
         });
 
-        return Response::make($feed, 200, [
-            'Content-Type' => 'text/xml'
-        ]);
+        return Response::make($feed, 200, ['Content-Type' => 'text/xml']);
     }
 }
diff --git a/app/controllers/SetupController.php b/app/controllers/SetupController.php
index 4d33825d..5b54f14d 100644
--- a/app/controllers/SetupController.php
+++ b/app/controllers/SetupController.php
@@ -2,6 +2,11 @@
 
 class SetupController extends Controller
 {
+    /**
+     * Create a new setup controller instance.
+     *
+     * @return void
+     */
     public function __construct()
     {
         $this->beforeFilter('csrf', ['only' => ['postCachet']]);
@@ -9,6 +14,7 @@ class SetupController extends Controller
 
     /**
      * Returns the setup page.
+     *
      * @return \Illuminate\View\View
      */
     public function getIndex()
@@ -20,6 +26,7 @@ class SetupController extends Controller
 
     /**
      * Handles the actual app setup.
+     *
      * @return \Illuminate\Http\RedirectResponse
      */
     public function postIndex()