d3v1l/matrixion
1
0
Fork 0
mirror of https://github.com/Nheko-Reborn/nheko.git synced 2024-11-22 11:00:48 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add rate limiting to unknown device list path

Browse source
This commit is contained in:
Nicolas Werner 2021-08-09 20:52:54 +02:00
parent 89840b9e0b
commit 7f633a0298
No known key found for this signature in database
GPG key ID: C8D75E610773F2D9
1 changed files with 25 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
src/Olm.cpp
View file

@ -1112,6 +1112,8 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s
const mtx::events::collections::DeviceEvents &event,
bool force_new_session)
{
static QMap<QPair<std::string, std::string>, qint64> rateLimit;
nlohmann::json ev_json = std::visit([](const auto &e) { return json(e); }, event);
std::map<std::string, std::vector<std::string>> keysToQuery;
@ -1164,7 +1166,6 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s
auto session = cache::getLatestOlmSession(device_curve);
if (!session || force_new_session) {
static QMap<QPair<std::string, std::string>, qint64> rateLimit;
auto currentTime = QDateTime::currentSecsSinceEpoch();
if (rateLimit.value(QPair(user, device)) + 60 * 60 * 10 <
currentTime) {
@ -1320,7 +1321,8 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s
};
};
http::client()->claim_keys(claims, BindPks(pks));
if (!claims.one_time_keys.empty())
http::client()->claim_keys(claims, BindPks(pks));
if (!keysToQuery.empty()) {
mtx::requests::QueryKeys req;
@ -1397,9 +1399,25 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s
continue;
}
deviceKeys[user_id].emplace(device_id, pks);
claim_keys.one_time_keys[user.first][device_id] =
mtx::crypto::SIGNED_CURVE25519;
auto currentTime = QDateTime::currentSecsSinceEpoch();
if (rateLimit.value(QPair(user.first, device_id.get())) +
60 * 60 * 10 <
currentTime) {
deviceKeys[user_id].emplace(device_id, pks);
claim_keys.one_time_keys[user.first][device_id] =
mtx::crypto::SIGNED_CURVE25519;
rateLimit.insert(
QPair(user.first, device_id.get()),
currentTime);
} else {
nhlog::crypto()->warn(
"Not creating new session with {}:{} "
"because of rate limit",
user.first,
device_id.get());
continue;
}
nhlog::net()->info("{}", device_id.get());
nhlog::net()->info(" curve25519 {}", pks.curve25519);
@ -1407,7 +1425,8 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s
}
}
http::client()->claim_keys(claim_keys, BindPks(deviceKeys));
if (!claim_keys.one_time_keys.empty())
http::client()->claim_keys(claim_keys, BindPks(deviceKeys));
});
}
}