Add a ratelimiter for 3pid invite (#11892)
parent
833247553f
commit
d80d39b035
|
@ -0,0 +1 @@
|
||||||
|
Use a dedicated configurable rate limiter for 3PID invites.
|
|
@ -857,6 +857,9 @@ log_config: "CONFDIR/SERVERNAME.log.config"
|
||||||
# - one for ratelimiting how often a user or IP can attempt to validate a 3PID.
|
# - one for ratelimiting how often a user or IP can attempt to validate a 3PID.
|
||||||
# - two for ratelimiting how often invites can be sent in a room or to a
|
# - two for ratelimiting how often invites can be sent in a room or to a
|
||||||
# specific user.
|
# specific user.
|
||||||
|
# - one for ratelimiting 3PID invites (i.e. invites sent to a third-party ID
|
||||||
|
# such as an email address or a phone number) based on the account that's
|
||||||
|
# sending the invite.
|
||||||
#
|
#
|
||||||
# The defaults are as shown below.
|
# The defaults are as shown below.
|
||||||
#
|
#
|
||||||
|
@ -906,6 +909,10 @@ log_config: "CONFDIR/SERVERNAME.log.config"
|
||||||
# per_user:
|
# per_user:
|
||||||
# per_second: 0.003
|
# per_second: 0.003
|
||||||
# burst_count: 5
|
# burst_count: 5
|
||||||
|
#
|
||||||
|
#rc_third_party_invite:
|
||||||
|
# per_second: 0.2
|
||||||
|
# burst_count: 10
|
||||||
|
|
||||||
# Ratelimiting settings for incoming federation
|
# Ratelimiting settings for incoming federation
|
||||||
#
|
#
|
||||||
|
|
|
@ -134,6 +134,14 @@ class RatelimitConfig(Config):
|
||||||
defaults={"per_second": 0.003, "burst_count": 5},
|
defaults={"per_second": 0.003, "burst_count": 5},
|
||||||
)
|
)
|
||||||
|
|
||||||
|
self.rc_third_party_invite = RateLimitConfig(
|
||||||
|
config.get("rc_third_party_invite", {}),
|
||||||
|
defaults={
|
||||||
|
"per_second": self.rc_message.per_second,
|
||||||
|
"burst_count": self.rc_message.burst_count,
|
||||||
|
},
|
||||||
|
)
|
||||||
|
|
||||||
def generate_config_section(self, **kwargs):
|
def generate_config_section(self, **kwargs):
|
||||||
return """\
|
return """\
|
||||||
## Ratelimiting ##
|
## Ratelimiting ##
|
||||||
|
@ -168,6 +176,9 @@ class RatelimitConfig(Config):
|
||||||
# - one for ratelimiting how often a user or IP can attempt to validate a 3PID.
|
# - one for ratelimiting how often a user or IP can attempt to validate a 3PID.
|
||||||
# - two for ratelimiting how often invites can be sent in a room or to a
|
# - two for ratelimiting how often invites can be sent in a room or to a
|
||||||
# specific user.
|
# specific user.
|
||||||
|
# - one for ratelimiting 3PID invites (i.e. invites sent to a third-party ID
|
||||||
|
# such as an email address or a phone number) based on the account that's
|
||||||
|
# sending the invite.
|
||||||
#
|
#
|
||||||
# The defaults are as shown below.
|
# The defaults are as shown below.
|
||||||
#
|
#
|
||||||
|
@ -217,6 +228,10 @@ class RatelimitConfig(Config):
|
||||||
# per_user:
|
# per_user:
|
||||||
# per_second: 0.003
|
# per_second: 0.003
|
||||||
# burst_count: 5
|
# burst_count: 5
|
||||||
|
#
|
||||||
|
#rc_third_party_invite:
|
||||||
|
# per_second: 0.2
|
||||||
|
# burst_count: 10
|
||||||
|
|
||||||
# Ratelimiting settings for incoming federation
|
# Ratelimiting settings for incoming federation
|
||||||
#
|
#
|
||||||
|
|
|
@ -116,6 +116,13 @@ class RoomMemberHandler(metaclass=abc.ABCMeta):
|
||||||
burst_count=hs.config.ratelimiting.rc_invites_per_user.burst_count,
|
burst_count=hs.config.ratelimiting.rc_invites_per_user.burst_count,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
self._third_party_invite_limiter = Ratelimiter(
|
||||||
|
store=self.store,
|
||||||
|
clock=self.clock,
|
||||||
|
rate_hz=hs.config.ratelimiting.rc_third_party_invite.per_second,
|
||||||
|
burst_count=hs.config.ratelimiting.rc_third_party_invite.burst_count,
|
||||||
|
)
|
||||||
|
|
||||||
self.request_ratelimiter = hs.get_request_ratelimiter()
|
self.request_ratelimiter = hs.get_request_ratelimiter()
|
||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
|
@ -1295,7 +1302,7 @@ class RoomMemberHandler(metaclass=abc.ABCMeta):
|
||||||
|
|
||||||
# We need to rate limit *before* we send out any 3PID invites, so we
|
# We need to rate limit *before* we send out any 3PID invites, so we
|
||||||
# can't just rely on the standard ratelimiting of events.
|
# can't just rely on the standard ratelimiting of events.
|
||||||
await self.request_ratelimiter.ratelimit(requester)
|
await self._third_party_invite_limiter.ratelimit(requester)
|
||||||
|
|
||||||
can_invite = await self.third_party_event_rules.check_threepid_can_be_invited(
|
can_invite = await self.third_party_event_rules.check_threepid_can_be_invited(
|
||||||
medium, address, room_id
|
medium, address, room_id
|
||||||
|
|
Loading…
Reference in New Issue