gitlord
/
synapse
zrcadlo https://github.com/matrix-org/synapse.git
1
0
Rozštěpit 0
Zdrojový kód Úkoly 0 Vydání 671 Wiki Aktivita
Nelze vybrat více než 25 témat Téma musí začínat písmenem nebo číslem, může obsahovat pomlčky („-“) a může být dlouhé až 35 znaků.
23441 Revize
842 Větve
428 MiB
 
 
 
 
 
 
Větev: develop
Větve Značky
${ item.name }
Vytvořit větev ${ searchTerm }
z „develop“
${ noResults }
synapse/synapse/config/ratelimiting.py

214 řádky
7.3 KiB
Surový Trvalý odkaz Blame Historie 

  1. # Copyright 2014-2016 OpenMarket Ltd

  2. #

  3. # Licensed under the Apache License, Version 2.0 (the "License");

  4. # you may not use this file except in compliance with the License.

  5. # You may obtain a copy of the License at

  6. #

  7. #     http://www.apache.org/licenses/LICENSE-2.0

  8. #

  9. # Unless required by applicable law or agreed to in writing, software

  10. # distributed under the License is distributed on an "AS IS" BASIS,

  11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  12. # See the License for the specific language governing permissions and

  13. # limitations under the License.

  14. 

  15. from typing import Any, Dict, Optional, cast

  16. 

  17. import attr

  18. 

  19. from synapse.types import JsonDict

  20. 

  21. from ._base import Config

  22. 

  23. 

  24. @attr.s(slots=True, frozen=True, auto_attribs=True)

  25. class RatelimitSettings:

  26.     key: str

  27.     per_second: float

  28.     burst_count: int

  29. 

  30.     @classmethod

  31.     def parse(

  32.         cls,

  33.         config: Dict[str, Any],

  34.         key: str,

  35.         defaults: Optional[Dict[str, float]] = None,

  36.     ) -> "RatelimitSettings":

  37.         """Parse config[key] as a new-style rate limiter config.

  38. 

  39.         The key may refer to a nested dictionary using a full stop (.) to separate

  40.         each nested key. For example, use the key "a.b.c" to parse the following:

  41. 

  42.         a:

  43.           b:

  44.             c:

  45.               per_second: 10

  46.               burst_count: 200

  47. 

  48.         If this lookup fails, we'll fallback to the defaults.

  49.         """

  50.         defaults = defaults or {"per_second": 0.17, "burst_count": 3.0}

  51. 

  52.         rl_config = config

  53.         for part in key.split("."):

  54.             rl_config = rl_config.get(part, {})

  55. 

  56.         # By this point we should have hit the rate limiter parameters.

  57.         # We don't actually check this though!

  58.         rl_config = cast(Dict[str, float], rl_config)

  59. 

  60.         return cls(

  61.             key=key,

  62.             per_second=rl_config.get("per_second", defaults["per_second"]),

  63.             burst_count=int(rl_config.get("burst_count", defaults["burst_count"])),

  64.         )

  65. 

  66. 

  67. @attr.s(auto_attribs=True)

  68. class FederationRatelimitSettings:

  69.     window_size: int = 1000

  70.     sleep_limit: int = 10

  71.     sleep_delay: int = 500

  72.     reject_limit: int = 50

  73.     concurrent: int = 3

  74. 

  75. 

  76. class RatelimitConfig(Config):

  77.     section = "ratelimiting"

  78. 

  79.     def read_config(self, config: JsonDict, **kwargs: Any) -> None:

  80.         # Load the new-style messages config if it exists. Otherwise fall back

  81.         # to the old method.

  82.         if "rc_message" in config:

  83.             self.rc_message = RatelimitSettings.parse(

  84.                 config, "rc_message", defaults={"per_second": 0.2, "burst_count": 10.0}

  85.             )

  86.         else:

  87.             self.rc_message = RatelimitSettings(

  88.                 key="rc_messages",

  89.                 per_second=config.get("rc_messages_per_second", 0.2),

  90.                 burst_count=config.get("rc_message_burst_count", 10.0),

  91.             )

  92. 

  93.         # Load the new-style federation config, if it exists. Otherwise, fall

  94.         # back to the old method.

  95.         if "rc_federation" in config:

  96.             self.rc_federation = FederationRatelimitSettings(**config["rc_federation"])

  97.         else:

  98.             self.rc_federation = FederationRatelimitSettings(

  99.                 **{

  100.                     k: v

  101.                     for k, v in {

  102.                         "window_size": config.get("federation_rc_window_size"),

  103.                         "sleep_limit": config.get("federation_rc_sleep_limit"),

  104.                         "sleep_delay": config.get("federation_rc_sleep_delay"),

  105.                         "reject_limit": config.get("federation_rc_reject_limit"),

  106.                         "concurrent": config.get("federation_rc_concurrent"),

  107.                     }.items()

  108.                     if v is not None

  109.                 }

  110.             )

  111. 

  112.         self.rc_registration = RatelimitSettings.parse(config, "rc_registration", {})

  113. 

  114.         self.rc_registration_token_validity = RatelimitSettings.parse(

  115.             config,

  116.             "rc_registration_token_validity",

  117.             defaults={"per_second": 0.1, "burst_count": 5},

  118.         )

  119. 

  120.         # It is reasonable to login with a bunch of devices at once (i.e. when

  121.         # setting up an account), but it is *not* valid to continually be

  122.         # logging into new devices.

  123.         self.rc_login_address = RatelimitSettings.parse(

  124.             config,

  125.             "rc_login.address",

  126.             defaults={"per_second": 0.003, "burst_count": 5},

  127.         )

  128.         self.rc_login_account = RatelimitSettings.parse(

  129.             config,

  130.             "rc_login.account",

  131.             defaults={"per_second": 0.003, "burst_count": 5},

  132.         )

  133.         self.rc_login_failed_attempts = RatelimitSettings.parse(

  134.             config,

  135.             "rc_login.failed_attempts",

  136.             {},

  137.         )

  138. 

  139.         self.federation_rr_transactions_per_room_per_second = config.get(

  140.             "federation_rr_transactions_per_room_per_second", 50

  141.         )

  142. 

  143.         self.rc_admin_redaction = None

  144.         if "rc_admin_redaction" in config:

  145.             self.rc_admin_redaction = RatelimitSettings.parse(

  146.                 config, "rc_admin_redaction", {}

  147.             )

  148. 

  149.         self.rc_joins_local = RatelimitSettings.parse(

  150.             config,

  151.             "rc_joins.local",

  152.             defaults={"per_second": 0.1, "burst_count": 10},

  153.         )

  154.         self.rc_joins_remote = RatelimitSettings.parse(

  155.             config,

  156.             "rc_joins.remote",

  157.             defaults={"per_second": 0.01, "burst_count": 10},

  158.         )

  159. 

  160.         # Track the rate of joins to a given room. If there are too many, temporarily

  161.         # prevent local joins and remote joins via this server.

  162.         self.rc_joins_per_room = RatelimitSettings.parse(

  163.             config,

  164.             "rc_joins_per_room",

  165.             defaults={"per_second": 1, "burst_count": 10},

  166.         )

  167. 

  168.         # Ratelimit cross-user key requests:

  169.         # * For local requests this is keyed by the sending device.

  170.         # * For requests received over federation this is keyed by the origin.

  171.         #

  172.         # Note that this isn't exposed in the configuration as it is obscure.

  173.         self.rc_key_requests = RatelimitSettings.parse(

  174.             config,

  175.             "rc_key_requests",

  176.             defaults={"per_second": 20, "burst_count": 100},

  177.         )

  178. 

  179.         self.rc_3pid_validation = RatelimitSettings.parse(

  180.             config,

  181.             "rc_3pid_validation",

  182.             defaults={"per_second": 0.003, "burst_count": 5},

  183.         )

  184. 

  185.         self.rc_invites_per_room = RatelimitSettings.parse(

  186.             config,

  187.             "rc_invites.per_room",

  188.             defaults={"per_second": 0.3, "burst_count": 10},

  189.         )

  190.         self.rc_invites_per_user = RatelimitSettings.parse(

  191.             config,

  192.             "rc_invites.per_user",

  193.             defaults={"per_second": 0.003, "burst_count": 5},

  194.         )

  195. 

  196.         self.rc_invites_per_issuer = RatelimitSettings.parse(

  197.             config,

  198.             "rc_invites.per_issuer",

  199.             defaults={"per_second": 0.3, "burst_count": 10},

  200.         )

  201. 

  202.         self.rc_third_party_invite = RatelimitSettings.parse(

  203.             config,

  204.             "rc_third_party_invite",

  205.             defaults={"per_second": 0.0025, "burst_count": 5},

  206.         )

  207. 

  208.         # Ratelimit create media requests:

  209.         self.rc_media_create = RatelimitSettings.parse(

  210.             config,

  211.             "rc_media_create",

  212.             defaults={"per_second": 10, "burst_count": 50},

  213.         )