2016-01-07 05:26:29 +01:00
|
|
|
# Copyright 2014-2016 OpenMarket Ltd
|
2014-09-03 10:43:11 +02:00
|
|
|
#
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
# you may not use this file except in compliance with the License.
|
|
|
|
# You may obtain a copy of the License at
|
|
|
|
#
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
#
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
# See the License for the specific language governing permissions and
|
|
|
|
# limitations under the License.
|
|
|
|
|
2022-04-11 18:07:23 +02:00
|
|
|
from typing import Any, Dict, Optional
|
2020-06-05 11:47:20 +02:00
|
|
|
|
2021-09-10 18:03:18 +02:00
|
|
|
import attr
|
|
|
|
|
2022-04-11 18:07:23 +02:00
|
|
|
from synapse.types import JsonDict
|
|
|
|
|
2014-09-02 19:00:15 +02:00
|
|
|
from ._base import Config
|
|
|
|
|
2014-10-30 12:10:17 +01:00
|
|
|
|
2022-08-03 11:40:20 +02:00
|
|
|
class RatelimitSettings:
|
2020-06-05 11:47:20 +02:00
|
|
|
def __init__(
|
|
|
|
self,
|
|
|
|
config: Dict[str, float],
|
2021-04-08 23:38:54 +02:00
|
|
|
defaults: Optional[Dict[str, float]] = None,
|
2020-06-05 11:47:20 +02:00
|
|
|
):
|
2021-04-08 23:38:54 +02:00
|
|
|
defaults = defaults or {"per_second": 0.17, "burst_count": 3.0}
|
|
|
|
|
2019-05-15 19:06:04 +02:00
|
|
|
self.per_second = config.get("per_second", defaults["per_second"])
|
2021-01-28 18:39:21 +01:00
|
|
|
self.burst_count = int(config.get("burst_count", defaults["burst_count"]))
|
2019-03-15 18:46:16 +01:00
|
|
|
|
|
|
|
|
2021-09-10 18:03:18 +02:00
|
|
|
@attr.s(auto_attribs=True)
|
2022-08-03 11:40:20 +02:00
|
|
|
class FederationRatelimitSettings:
|
2021-09-10 18:03:18 +02:00
|
|
|
window_size: int = 1000
|
|
|
|
sleep_limit: int = 10
|
|
|
|
sleep_delay: int = 500
|
|
|
|
reject_limit: int = 50
|
|
|
|
concurrent: int = 3
|
2019-05-15 19:06:04 +02:00
|
|
|
|
2014-09-02 19:00:15 +02:00
|
|
|
|
2019-05-15 19:06:04 +02:00
|
|
|
class RatelimitConfig(Config):
|
2019-10-10 10:39:35 +02:00
|
|
|
section = "ratelimiting"
|
|
|
|
|
2022-04-11 18:07:23 +02:00
|
|
|
def read_config(self, config: JsonDict, **kwargs: Any) -> None:
|
2019-05-15 19:06:04 +02:00
|
|
|
|
|
|
|
# Load the new-style messages config if it exists. Otherwise fall back
|
|
|
|
# to the old method.
|
|
|
|
if "rc_message" in config:
|
2022-08-03 11:40:20 +02:00
|
|
|
self.rc_message = RatelimitSettings(
|
2019-05-15 19:06:04 +02:00
|
|
|
config["rc_message"], defaults={"per_second": 0.2, "burst_count": 10.0}
|
|
|
|
)
|
|
|
|
else:
|
2022-08-03 11:40:20 +02:00
|
|
|
self.rc_message = RatelimitSettings(
|
2019-05-15 19:06:04 +02:00
|
|
|
{
|
|
|
|
"per_second": config.get("rc_messages_per_second", 0.2),
|
|
|
|
"burst_count": config.get("rc_message_burst_count", 10.0),
|
|
|
|
}
|
|
|
|
)
|
|
|
|
|
|
|
|
# Load the new-style federation config, if it exists. Otherwise, fall
|
|
|
|
# back to the old method.
|
2019-07-05 12:10:19 +02:00
|
|
|
if "rc_federation" in config:
|
2022-08-03 11:40:20 +02:00
|
|
|
self.rc_federation = FederationRatelimitSettings(**config["rc_federation"])
|
2019-05-15 19:06:04 +02:00
|
|
|
else:
|
2022-08-03 11:40:20 +02:00
|
|
|
self.rc_federation = FederationRatelimitSettings(
|
2019-05-15 19:06:04 +02:00
|
|
|
**{
|
2021-09-10 18:03:18 +02:00
|
|
|
k: v
|
|
|
|
for k, v in {
|
|
|
|
"window_size": config.get("federation_rc_window_size"),
|
|
|
|
"sleep_limit": config.get("federation_rc_sleep_limit"),
|
|
|
|
"sleep_delay": config.get("federation_rc_sleep_delay"),
|
|
|
|
"reject_limit": config.get("federation_rc_reject_limit"),
|
|
|
|
"concurrent": config.get("federation_rc_concurrent"),
|
|
|
|
}.items()
|
|
|
|
if v is not None
|
2019-05-15 19:06:04 +02:00
|
|
|
}
|
|
|
|
)
|
2014-09-02 19:00:15 +02:00
|
|
|
|
2022-08-03 11:40:20 +02:00
|
|
|
self.rc_registration = RatelimitSettings(config.get("rc_registration", {}))
|
2019-03-15 18:46:16 +01:00
|
|
|
|
2022-08-03 11:40:20 +02:00
|
|
|
self.rc_registration_token_validity = RatelimitSettings(
|
2021-08-21 23:14:43 +02:00
|
|
|
config.get("rc_registration_token_validity", {}),
|
|
|
|
defaults={"per_second": 0.1, "burst_count": 5},
|
|
|
|
)
|
|
|
|
|
2019-03-15 18:46:16 +01:00
|
|
|
rc_login_config = config.get("rc_login", {})
|
2022-08-03 11:40:20 +02:00
|
|
|
self.rc_login_address = RatelimitSettings(rc_login_config.get("address", {}))
|
|
|
|
self.rc_login_account = RatelimitSettings(rc_login_config.get("account", {}))
|
|
|
|
self.rc_login_failed_attempts = RatelimitSettings(
|
2019-05-15 19:06:04 +02:00
|
|
|
rc_login_config.get("failed_attempts", {})
|
2019-03-18 13:57:20 +01:00
|
|
|
)
|
2019-03-15 18:46:16 +01:00
|
|
|
|
2019-03-20 17:02:25 +01:00
|
|
|
self.federation_rr_transactions_per_room_per_second = config.get(
|
2019-05-15 19:06:04 +02:00
|
|
|
"federation_rr_transactions_per_room_per_second", 50
|
2019-03-20 17:02:25 +01:00
|
|
|
)
|
|
|
|
|
2019-09-11 11:46:38 +02:00
|
|
|
rc_admin_redaction = config.get("rc_admin_redaction")
|
2019-12-12 16:21:12 +01:00
|
|
|
self.rc_admin_redaction = None
|
2019-09-11 11:46:38 +02:00
|
|
|
if rc_admin_redaction:
|
2022-08-03 11:40:20 +02:00
|
|
|
self.rc_admin_redaction = RatelimitSettings(rc_admin_redaction)
|
2019-09-11 11:46:38 +02:00
|
|
|
|
2022-08-03 11:40:20 +02:00
|
|
|
self.rc_joins_local = RatelimitSettings(
|
2020-07-31 15:34:42 +02:00
|
|
|
config.get("rc_joins", {}).get("local", {}),
|
2021-03-23 15:52:20 +01:00
|
|
|
defaults={"per_second": 0.1, "burst_count": 10},
|
2020-07-31 15:34:42 +02:00
|
|
|
)
|
2022-08-03 11:40:20 +02:00
|
|
|
self.rc_joins_remote = RatelimitSettings(
|
2020-07-31 15:34:42 +02:00
|
|
|
config.get("rc_joins", {}).get("remote", {}),
|
2021-03-23 15:52:20 +01:00
|
|
|
defaults={"per_second": 0.01, "burst_count": 10},
|
2020-07-31 15:34:42 +02:00
|
|
|
)
|
|
|
|
|
2022-07-19 13:45:17 +02:00
|
|
|
# Track the rate of joins to a given room. If there are too many, temporarily
|
|
|
|
# prevent local joins and remote joins via this server.
|
2022-08-03 11:40:20 +02:00
|
|
|
self.rc_joins_per_room = RatelimitSettings(
|
2022-07-19 13:45:17 +02:00
|
|
|
config.get("rc_joins_per_room", {}),
|
|
|
|
defaults={"per_second": 1, "burst_count": 10},
|
|
|
|
)
|
|
|
|
|
2021-02-19 19:20:34 +01:00
|
|
|
# Ratelimit cross-user key requests:
|
|
|
|
# * For local requests this is keyed by the sending device.
|
|
|
|
# * For requests received over federation this is keyed by the origin.
|
|
|
|
#
|
|
|
|
# Note that this isn't exposed in the configuration as it is obscure.
|
2022-08-03 11:40:20 +02:00
|
|
|
self.rc_key_requests = RatelimitSettings(
|
2021-02-19 19:20:34 +01:00
|
|
|
config.get("rc_key_requests", {}),
|
|
|
|
defaults={"per_second": 20, "burst_count": 100},
|
|
|
|
)
|
|
|
|
|
2022-08-03 11:40:20 +02:00
|
|
|
self.rc_3pid_validation = RatelimitSettings(
|
2021-01-28 18:39:21 +01:00
|
|
|
config.get("rc_3pid_validation") or {},
|
|
|
|
defaults={"per_second": 0.003, "burst_count": 5},
|
|
|
|
)
|
|
|
|
|
2022-08-03 11:40:20 +02:00
|
|
|
self.rc_invites_per_room = RatelimitSettings(
|
2021-01-29 17:38:29 +01:00
|
|
|
config.get("rc_invites", {}).get("per_room", {}),
|
|
|
|
defaults={"per_second": 0.3, "burst_count": 10},
|
|
|
|
)
|
2022-08-03 11:40:20 +02:00
|
|
|
self.rc_invites_per_user = RatelimitSettings(
|
2021-01-29 17:38:29 +01:00
|
|
|
config.get("rc_invites", {}).get("per_user", {}),
|
|
|
|
defaults={"per_second": 0.003, "burst_count": 5},
|
|
|
|
)
|
|
|
|
|
2022-08-03 11:40:20 +02:00
|
|
|
self.rc_invites_per_issuer = RatelimitSettings(
|
2022-06-30 11:44:47 +02:00
|
|
|
config.get("rc_invites", {}).get("per_issuer", {}),
|
|
|
|
defaults={"per_second": 0.3, "burst_count": 10},
|
|
|
|
)
|
|
|
|
|
2022-08-03 11:40:20 +02:00
|
|
|
self.rc_third_party_invite = RatelimitSettings(
|
2022-02-03 14:28:15 +01:00
|
|
|
config.get("rc_third_party_invite", {}),
|
2022-11-18 19:10:01 +01:00
|
|
|
defaults={"per_second": 0.0025, "burst_count": 5},
|
2022-02-03 14:28:15 +01:00
|
|
|
)
|