Add rate limiting to unknown device list path

This commit is contained in:
Nicolas Werner 2021-08-09 20:52:54 +02:00
parent 89840b9e0b
commit 7f633a0298
No known key found for this signature in database
GPG key ID: C8D75E610773F2D9

View file

@ -1112,6 +1112,8 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s
const mtx::events::collections::DeviceEvents &event, const mtx::events::collections::DeviceEvents &event,
bool force_new_session) bool force_new_session)
{ {
static QMap<QPair<std::string, std::string>, qint64> rateLimit;
nlohmann::json ev_json = std::visit([](const auto &e) { return json(e); }, event); nlohmann::json ev_json = std::visit([](const auto &e) { return json(e); }, event);
std::map<std::string, std::vector<std::string>> keysToQuery; std::map<std::string, std::vector<std::string>> keysToQuery;
@ -1164,7 +1166,6 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s
auto session = cache::getLatestOlmSession(device_curve); auto session = cache::getLatestOlmSession(device_curve);
if (!session || force_new_session) { if (!session || force_new_session) {
static QMap<QPair<std::string, std::string>, qint64> rateLimit;
auto currentTime = QDateTime::currentSecsSinceEpoch(); auto currentTime = QDateTime::currentSecsSinceEpoch();
if (rateLimit.value(QPair(user, device)) + 60 * 60 * 10 < if (rateLimit.value(QPair(user, device)) + 60 * 60 * 10 <
currentTime) { currentTime) {
@ -1320,6 +1321,7 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s
}; };
}; };
if (!claims.one_time_keys.empty())
http::client()->claim_keys(claims, BindPks(pks)); http::client()->claim_keys(claims, BindPks(pks));
if (!keysToQuery.empty()) { if (!keysToQuery.empty()) {
@ -1397,16 +1399,33 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s
continue; continue;
} }
auto currentTime = QDateTime::currentSecsSinceEpoch();
if (rateLimit.value(QPair(user.first, device_id.get())) +
60 * 60 * 10 <
currentTime) {
deviceKeys[user_id].emplace(device_id, pks); deviceKeys[user_id].emplace(device_id, pks);
claim_keys.one_time_keys[user.first][device_id] = claim_keys.one_time_keys[user.first][device_id] =
mtx::crypto::SIGNED_CURVE25519; mtx::crypto::SIGNED_CURVE25519;
rateLimit.insert(
QPair(user.first, device_id.get()),
currentTime);
} else {
nhlog::crypto()->warn(
"Not creating new session with {}:{} "
"because of rate limit",
user.first,
device_id.get());
continue;
}
nhlog::net()->info("{}", device_id.get()); nhlog::net()->info("{}", device_id.get());
nhlog::net()->info(" curve25519 {}", pks.curve25519); nhlog::net()->info(" curve25519 {}", pks.curve25519);
nhlog::net()->info(" ed25519 {}", pks.ed25519); nhlog::net()->info(" ed25519 {}", pks.ed25519);
} }
} }
if (!claim_keys.one_time_keys.empty())
http::client()->claim_keys(claim_keys, BindPks(deviceKeys)); http::client()->claim_keys(claim_keys, BindPks(deviceKeys));
}); });
} }