mirror of
https://github.com/matrix-org/synapse.git
synced 2025-01-14 20:26:52 +00:00
Rate limiting invites per issuer (#13125)
Co-authored-by: reivilibre <oliverw@matrix.org>
This commit is contained in:
parent
4d3b8fb23f
commit
80c7a06777
1
changelog.d/13125.feature
Normal file
1
changelog.d/13125.feature
Normal file
@ -0,0 +1 @@
|
|||||||
|
Add a rate limit for local users sending invites.
|
@ -136,6 +136,11 @@ class RatelimitConfig(Config):
|
|||||||
defaults={"per_second": 0.003, "burst_count": 5},
|
defaults={"per_second": 0.003, "burst_count": 5},
|
||||||
)
|
)
|
||||||
|
|
||||||
|
self.rc_invites_per_issuer = RateLimitConfig(
|
||||||
|
config.get("rc_invites", {}).get("per_issuer", {}),
|
||||||
|
defaults={"per_second": 0.3, "burst_count": 10},
|
||||||
|
)
|
||||||
|
|
||||||
self.rc_third_party_invite = RateLimitConfig(
|
self.rc_third_party_invite = RateLimitConfig(
|
||||||
config.get("rc_third_party_invite", {}),
|
config.get("rc_third_party_invite", {}),
|
||||||
defaults={
|
defaults={
|
||||||
|
@ -101,19 +101,33 @@ class RoomMemberHandler(metaclass=abc.ABCMeta):
|
|||||||
burst_count=hs.config.ratelimiting.rc_joins_remote.burst_count,
|
burst_count=hs.config.ratelimiting.rc_joins_remote.burst_count,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
# Ratelimiter for invites, keyed by room (across all issuers, all
|
||||||
|
# recipients).
|
||||||
self._invites_per_room_limiter = Ratelimiter(
|
self._invites_per_room_limiter = Ratelimiter(
|
||||||
store=self.store,
|
store=self.store,
|
||||||
clock=self.clock,
|
clock=self.clock,
|
||||||
rate_hz=hs.config.ratelimiting.rc_invites_per_room.per_second,
|
rate_hz=hs.config.ratelimiting.rc_invites_per_room.per_second,
|
||||||
burst_count=hs.config.ratelimiting.rc_invites_per_room.burst_count,
|
burst_count=hs.config.ratelimiting.rc_invites_per_room.burst_count,
|
||||||
)
|
)
|
||||||
self._invites_per_user_limiter = Ratelimiter(
|
|
||||||
|
# Ratelimiter for invites, keyed by recipient (across all rooms, all
|
||||||
|
# issuers).
|
||||||
|
self._invites_per_recipient_limiter = Ratelimiter(
|
||||||
store=self.store,
|
store=self.store,
|
||||||
clock=self.clock,
|
clock=self.clock,
|
||||||
rate_hz=hs.config.ratelimiting.rc_invites_per_user.per_second,
|
rate_hz=hs.config.ratelimiting.rc_invites_per_user.per_second,
|
||||||
burst_count=hs.config.ratelimiting.rc_invites_per_user.burst_count,
|
burst_count=hs.config.ratelimiting.rc_invites_per_user.burst_count,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
# Ratelimiter for invites, keyed by issuer (across all rooms, all
|
||||||
|
# recipients).
|
||||||
|
self._invites_per_issuer_limiter = Ratelimiter(
|
||||||
|
store=self.store,
|
||||||
|
clock=self.clock,
|
||||||
|
rate_hz=hs.config.ratelimiting.rc_invites_per_issuer.per_second,
|
||||||
|
burst_count=hs.config.ratelimiting.rc_invites_per_issuer.burst_count,
|
||||||
|
)
|
||||||
|
|
||||||
self._third_party_invite_limiter = Ratelimiter(
|
self._third_party_invite_limiter = Ratelimiter(
|
||||||
store=self.store,
|
store=self.store,
|
||||||
clock=self.clock,
|
clock=self.clock,
|
||||||
@ -258,7 +272,9 @@ class RoomMemberHandler(metaclass=abc.ABCMeta):
|
|||||||
if room_id:
|
if room_id:
|
||||||
await self._invites_per_room_limiter.ratelimit(requester, room_id)
|
await self._invites_per_room_limiter.ratelimit(requester, room_id)
|
||||||
|
|
||||||
await self._invites_per_user_limiter.ratelimit(requester, invitee_user_id)
|
await self._invites_per_recipient_limiter.ratelimit(requester, invitee_user_id)
|
||||||
|
if requester is not None:
|
||||||
|
await self._invites_per_issuer_limiter.ratelimit(requester)
|
||||||
|
|
||||||
async def _local_membership_update(
|
async def _local_membership_update(
|
||||||
self,
|
self,
|
||||||
|
Loading…
Reference in New Issue
Block a user