@Api\Security\CheckLocked

Check if IP was locked

This annotation will check, if the current IP was blocked by a previous security check.

Use this annotation like this:

@Api\Security\CheckLocked()

(Un)locking an IP manually

The \nn\rest::Security()-Helper has many useful methods in case you would like to lock the users manually.

Have a look at \Nng\Nnrestapi\Utilities\Security for more details.

// manually lock an IP for 5 minutes
\nn\rest::Security( $this->request )->lockIp( 300, 'Reason why...' );

// unlock the IP
\nn\rest::Security( $this->request )->unlockIp();

Important

The @Api\Security\CheckLocked() Annotation is typically used in combination with other Security-Annotations.

One on them is the ApiSecurityCheckLocked() Annotation which will automatically lock an IP if an SQL injection was attempted.

In order to not need to add @Api\Security\CheckLocked() to every endpoint manually, you can set up a global check which will block all requests from locked IPs.

Here is the TypoScript setup that will always first check for SQL-injections and then check for locked users.

plugin.tx_nnrestapi {
   settings {
      security {
         defaults {
            10 = \Nng\Nnrestapi\Utilities\Security->checkInjections
            20 = \Nng\Nnrestapi\Utilities\Security->checkLocked
         }
      }
   }
}

<?php

namespace My\Extension\Api;

use Nng\Nnrestapi\Annotations as Api;
use Nng\Nnrestapi\Api\AbstractApi;

/**
 * @Api\Endpoint()
 */
class Example extends AbstractApi
{
   /**
    * @Api\Security\CheckLocked()
    * @Api\Access("public")
    *
    * @return array
    */
   public function getSettingsAction()
   {
      return ['nice'=>'result'];
   }

}