gitlord
/
synapse
mirror of https://github.com/matrix-org/synapse.git
1
0
Fork 0
Code Issues 0 Releases 671 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
22257 Commits
842 Branches
432 MiB
 
 
 
 
 
 
Tree: 9bb2eac719
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9bb2eac719'
${ noResults }
synapse/synapse/config/ratelimiting.py

163 lines
6.1 KiB
Raw Blame History 

  1. # Copyright 2014-2016 OpenMarket Ltd

  2. #

  3. # Licensed under the Apache License, Version 2.0 (the "License");

  4. # you may not use this file except in compliance with the License.

  5. # You may obtain a copy of the License at

  6. #

  7. #     http://www.apache.org/licenses/LICENSE-2.0

  8. #

  9. # Unless required by applicable law or agreed to in writing, software

  10. # distributed under the License is distributed on an "AS IS" BASIS,

  11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  12. # See the License for the specific language governing permissions and

  13. # limitations under the License.

  14. 

  15. from typing import Any, Dict, Optional

  16. 

  17. import attr

  18. 

  19. from synapse.types import JsonDict

  20. 

  21. from ._base import Config

  22. 

  23. 

  24. class RatelimitSettings:

  25.     def __init__(

  26.         self,

  27.         config: Dict[str, float],

  28.         defaults: Optional[Dict[str, float]] = None,

  29.     ):

  30.         defaults = defaults or {"per_second": 0.17, "burst_count": 3.0}

  31. 

  32.         self.per_second = config.get("per_second", defaults["per_second"])

  33.         self.burst_count = int(config.get("burst_count", defaults["burst_count"]))

  34. 

  35. 

  36. @attr.s(auto_attribs=True)

  37. class FederationRatelimitSettings:

  38.     window_size: int = 1000

  39.     sleep_limit: int = 10

  40.     sleep_delay: int = 500

  41.     reject_limit: int = 50

  42.     concurrent: int = 3

  43. 

  44. 

  45. class RatelimitConfig(Config):

  46.     section = "ratelimiting"

  47. 

  48.     def read_config(self, config: JsonDict, **kwargs: Any) -> None:

  49.         # Load the new-style messages config if it exists. Otherwise fall back

  50.         # to the old method.

  51.         if "rc_message" in config:

  52.             self.rc_message = RatelimitSettings(

  53.                 config["rc_message"], defaults={"per_second": 0.2, "burst_count": 10.0}

  54.             )

  55.         else:

  56.             self.rc_message = RatelimitSettings(

  57.                 {

  58.                     "per_second": config.get("rc_messages_per_second", 0.2),

  59.                     "burst_count": config.get("rc_message_burst_count", 10.0),

  60.                 }

  61.             )

  62. 

  63.         # Load the new-style federation config, if it exists. Otherwise, fall

  64.         # back to the old method.

  65.         if "rc_federation" in config:

  66.             self.rc_federation = FederationRatelimitSettings(**config["rc_federation"])

  67.         else:

  68.             self.rc_federation = FederationRatelimitSettings(

  69.                 **{

  70.                     k: v

  71.                     for k, v in {

  72.                         "window_size": config.get("federation_rc_window_size"),

  73.                         "sleep_limit": config.get("federation_rc_sleep_limit"),

  74.                         "sleep_delay": config.get("federation_rc_sleep_delay"),

  75.                         "reject_limit": config.get("federation_rc_reject_limit"),

  76.                         "concurrent": config.get("federation_rc_concurrent"),

  77.                     }.items()

  78.                     if v is not None

  79.                 }

  80.             )

  81. 

  82.         self.rc_registration = RatelimitSettings(config.get("rc_registration", {}))

  83. 

  84.         self.rc_registration_token_validity = RatelimitSettings(

  85.             config.get("rc_registration_token_validity", {}),

  86.             defaults={"per_second": 0.1, "burst_count": 5},

  87.         )

  88. 

  89.         # It is reasonable to login with a bunch of devices at once (i.e. when

  90.         # setting up an account), but it is *not* valid to continually be

  91.         # logging into new devices.

  92.         rc_login_config = config.get("rc_login", {})

  93.         self.rc_login_address = RatelimitSettings(

  94.             rc_login_config.get("address", {}),

  95.             defaults={"per_second": 0.003, "burst_count": 5},

  96.         )

  97.         self.rc_login_account = RatelimitSettings(

  98.             rc_login_config.get("account", {}),

  99.             defaults={"per_second": 0.003, "burst_count": 5},

  100.         )

  101.         self.rc_login_failed_attempts = RatelimitSettings(

  102.             rc_login_config.get("failed_attempts", {})

  103.         )

  104. 

  105.         self.federation_rr_transactions_per_room_per_second = config.get(

  106.             "federation_rr_transactions_per_room_per_second", 50

  107.         )

  108. 

  109.         rc_admin_redaction = config.get("rc_admin_redaction")

  110.         self.rc_admin_redaction = None

  111.         if rc_admin_redaction:

  112.             self.rc_admin_redaction = RatelimitSettings(rc_admin_redaction)

  113. 

  114.         self.rc_joins_local = RatelimitSettings(

  115.             config.get("rc_joins", {}).get("local", {}),

  116.             defaults={"per_second": 0.1, "burst_count": 10},

  117.         )

  118.         self.rc_joins_remote = RatelimitSettings(

  119.             config.get("rc_joins", {}).get("remote", {}),

  120.             defaults={"per_second": 0.01, "burst_count": 10},

  121.         )

  122. 

  123.         # Track the rate of joins to a given room. If there are too many, temporarily

  124.         # prevent local joins and remote joins via this server.

  125.         self.rc_joins_per_room = RatelimitSettings(

  126.             config.get("rc_joins_per_room", {}),

  127.             defaults={"per_second": 1, "burst_count": 10},

  128.         )

  129. 

  130.         # Ratelimit cross-user key requests:

  131.         # * For local requests this is keyed by the sending device.

  132.         # * For requests received over federation this is keyed by the origin.

  133.         #

  134.         # Note that this isn't exposed in the configuration as it is obscure.

  135.         self.rc_key_requests = RatelimitSettings(

  136.             config.get("rc_key_requests", {}),

  137.             defaults={"per_second": 20, "burst_count": 100},

  138.         )

  139. 

  140.         self.rc_3pid_validation = RatelimitSettings(

  141.             config.get("rc_3pid_validation") or {},

  142.             defaults={"per_second": 0.003, "burst_count": 5},

  143.         )

  144. 

  145.         self.rc_invites_per_room = RatelimitSettings(

  146.             config.get("rc_invites", {}).get("per_room", {}),

  147.             defaults={"per_second": 0.3, "burst_count": 10},

  148.         )

  149.         self.rc_invites_per_user = RatelimitSettings(

  150.             config.get("rc_invites", {}).get("per_user", {}),

  151.             defaults={"per_second": 0.003, "burst_count": 5},

  152.         )

  153. 

  154.         self.rc_invites_per_issuer = RatelimitSettings(

  155.             config.get("rc_invites", {}).get("per_issuer", {}),

  156.             defaults={"per_second": 0.3, "burst_count": 10},

  157.         )

  158. 

  159.         self.rc_third_party_invite = RatelimitSettings(

  160.             config.get("rc_third_party_invite", {}),

  161.             defaults={"per_second": 0.0025, "burst_count": 5},

  162.         )