From e2b7823f6d81bb508ece551414646f4351990ef2 Mon Sep 17 00:00:00 2001 From: kamathmanu Date: Fri, 19 Feb 2021 09:44:27 -0500 Subject: [PATCH 1/2] Added RATE_LIMITED flags for handlers --- modules/client/account/3pid.cc | 3 ++- modules/client/account/deactivate.cc | 3 ++- modules/client/account/password.cc | 3 ++- modules/client/account/whoami.cc | 3 ++- modules/client/join.cc | 3 ++- modules/client/login.cc | 10 ++++++++-- modules/client/presence.cc | 3 ++- modules/client/profile.cc | 3 ++- modules/client/pushers.cc | 3 ++- modules/client/pushrules.cc | 3 ++- modules/client/register.cc | 5 ++++- modules/client/register_available.cc | 5 ++++- modules/client/room_keys/keys.cc | 9 ++++++--- modules/client/room_keys/version.cc | 12 ++++++++---- modules/client/rooms/rooms.cc | 6 ++++-- modules/client/search.cc | 5 +++-- 16 files changed, 55 insertions(+), 24 deletions(-) diff --git a/modules/client/account/3pid.cc b/modules/client/account/3pid.cc index 23481bff3..7287e457c 100644 --- a/modules/client/account/3pid.cc +++ b/modules/client/account/3pid.cc @@ -64,6 +64,7 @@ post_3pid { account_3pid, "POST", post__3pid, { - post_3pid.REQUIRES_AUTH + post_3pid.REQUIRES_AUTH | + post_3pid.RATE_LIMITED // revisit this? some of these require rate limiting, some don't } }; diff --git a/modules/client/account/deactivate.cc b/modules/client/account/deactivate.cc index 372ac12a7..aad69f70b 100644 --- a/modules/client/account/deactivate.cc +++ b/modules/client/account/deactivate.cc @@ -61,6 +61,7 @@ post_deactivate { account_deactivate, "POST", post__deactivate, { - post_deactivate.REQUIRES_AUTH + post_deactivate.REQUIRES_AUTH | + post_deactivate.RATE_LIMITED } }; diff --git a/modules/client/account/password.cc b/modules/client/account/password.cc index 268d885ee..e36ffe205 100644 --- a/modules/client/account/password.cc +++ b/modules/client/account/password.cc @@ -76,6 +76,7 @@ post_password { account_password, "POST", post__password, { - post_password.REQUIRES_AUTH + post_password.REQUIRES_AUTH | + post_password.RATE_LIMITED } }; diff --git a/modules/client/account/whoami.cc b/modules/client/account/whoami.cc index 448ee45f8..4c5401b7b 100644 --- a/modules/client/account/whoami.cc +++ b/modules/client/account/whoami.cc @@ -39,6 +39,7 @@ get_whoami { account_whoami, "GET", get__whoami, { - get_whoami.REQUIRES_AUTH + get_whoami.REQUIRES_AUTH | + get_whoami.RATE_LIMITED } }; diff --git a/modules/client/join.cc b/modules/client/join.cc index 7716cfb1e..d341c59bb 100644 --- a/modules/client/join.cc +++ b/modules/client/join.cc @@ -92,7 +92,8 @@ method_post { join_resource, "POST", post__join, { - method_post.REQUIRES_AUTH + method_post.REQUIRES_AUTH | + method_post.RATE_LIMITED } }; diff --git a/modules/client/login.cc b/modules/client/login.cc index 6e27e367e..dae401c3e 100644 --- a/modules/client/login.cc +++ b/modules/client/login.cc @@ -204,7 +204,10 @@ post__login(client &client, resource::method method_post { - login_resource, "POST", post__login + login_resource, "POST", post__login, + { + method_post.RATE_LIMITED + } }; resource::response @@ -233,5 +236,8 @@ get__login(client &client, resource::method method_get { - login_resource, "GET", get__login + login_resource, "GET", get__login, + { + method_get.RATE_LIMITED + } }; diff --git a/modules/client/presence.cc b/modules/client/presence.cc index a04a75ef2..59eaca124 100644 --- a/modules/client/presence.cc +++ b/modules/client/presence.cc @@ -153,7 +153,8 @@ method_put { presence_resource, "PUT", put__presence, { - method_put.REQUIRES_AUTH + method_put.REQUIRES_AUTH | + method_put.RATE_LIMITED } }; diff --git a/modules/client/profile.cc b/modules/client/profile.cc index 2064db004..9a3a64888 100644 --- a/modules/client/profile.cc +++ b/modules/client/profile.cc @@ -48,7 +48,8 @@ method_put { profile_resource, "PUT", put__profile, { - method_put.REQUIRES_AUTH + method_put.REQUIRES_AUTH | + method_put.RATE_LIMITED } }; diff --git a/modules/client/pushers.cc b/modules/client/pushers.cc index 673d2241d..f7e18914e 100644 --- a/modules/client/pushers.cc +++ b/modules/client/pushers.cc @@ -43,7 +43,8 @@ ircd::m::push::pushers_set_post { pushers_set_resource, "POST", handle_pushers_set, { - pushers_set_post.REQUIRES_AUTH + pushers_set_post.REQUIRES_AUTH | + pushers_set_post.RATE_LIMITED } }; diff --git a/modules/client/pushrules.cc b/modules/client/pushrules.cc index 8e5603bc3..10f7a9b9e 100644 --- a/modules/client/pushrules.cc +++ b/modules/client/pushrules.cc @@ -226,7 +226,8 @@ ircd::m::push::method_put { resource, "PUT", handle_put, { - method_put.REQUIRES_AUTH + method_put.REQUIRES_AUTH | + method_put.RATE_LIMITED // review this! } }; diff --git a/modules/client/register.cc b/modules/client/register.cc index f5f463809..774b9d3a6 100644 --- a/modules/client/register.cc +++ b/modules/client/register.cc @@ -43,7 +43,10 @@ register_resource m::resource::method method_post { - register_resource, "POST", post__register + register_resource, "POST", post__register, + { + method_post.RATE_LIMITED + } }; ircd::conf::item diff --git a/modules/client/register_available.cc b/modules/client/register_available.cc index 48c7c5ad2..a87d90e73 100644 --- a/modules/client/register_available.cc +++ b/modules/client/register_available.cc @@ -31,7 +31,10 @@ register_available_resource resource::method method_get { - register_available_resource, "GET", get__register_available + register_available_resource, "GET", get__register_available, + { + method_get.RATE_LIMITED + } }; mods::import diff --git a/modules/client/room_keys/keys.cc b/modules/client/room_keys/keys.cc index cec962e36..ffc45f5fc 100644 --- a/modules/client/room_keys/keys.cc +++ b/modules/client/room_keys/keys.cc @@ -48,7 +48,8 @@ ircd::m::room_keys_keys_delete { room_keys_keys, "DELETE", delete_room_keys_keys, { - room_keys_keys_delete.REQUIRES_AUTH + room_keys_keys_delete.REQUIRES_AUTH | + room_keys_keys_delete.RATE_LIMITED } }; @@ -73,7 +74,8 @@ ircd::m::room_keys_keys_put room_keys_keys, "PUT", put_room_keys_keys, { // Flags - room_keys_keys_put.REQUIRES_AUTH, + room_keys_keys_put.REQUIRES_AUTH | + room_keys_keys_put.RATE_LIMITED, // timeout //TODO: XXX designated 30s, @@ -198,7 +200,8 @@ ircd::m::room_keys_keys_get { room_keys_keys, "GET", get_room_keys_keys, { - room_keys_keys_get.REQUIRES_AUTH + room_keys_keys_get.REQUIRES_AUTH | + room_keys_keys_get.RATE_LIMITED } }; diff --git a/modules/client/room_keys/version.cc b/modules/client/room_keys/version.cc index 823e61e63..40298f8e7 100644 --- a/modules/client/room_keys/version.cc +++ b/modules/client/room_keys/version.cc @@ -50,7 +50,8 @@ ircd::m::room_keys_version_post { room_keys_version, "POST", post_room_keys_version, { - room_keys_version_post.REQUIRES_AUTH + room_keys_version_post.REQUIRES_AUTH | + room_keys_version_post.RATE_LIMITED } }; @@ -119,7 +120,8 @@ ircd::m::room_keys_version_delete { room_keys_version, "DELETE", delete_room_keys_version, { - room_keys_version_delete.REQUIRES_AUTH + room_keys_version_delete.REQUIRES_AUTH | + room_keys_version_delete.RATE_LIMITED } }; @@ -175,7 +177,8 @@ ircd::m::room_keys_version_put { room_keys_version, "PUT", put_room_keys_version, { - room_keys_version_put.REQUIRES_AUTH + room_keys_version_put.REQUIRES_AUTH | + room_keys_version_put.RATE_LIMITED } }; @@ -199,7 +202,8 @@ ircd::m::room_keys_version_get { room_keys_version, "GET", get_room_keys_version, { - room_keys_version_get.REQUIRES_AUTH + room_keys_version_get.REQUIRES_AUTH | + room_keys_version_get.RATE_LIMITED } }; diff --git a/modules/client/rooms/rooms.cc b/modules/client/rooms/rooms.cc index 5a7e95235..89934b873 100644 --- a/modules/client/rooms/rooms.cc +++ b/modules/client/rooms/rooms.cc @@ -146,7 +146,8 @@ method_put { rooms_resource, "PUT", put_rooms, { - method_put.REQUIRES_AUTH + method_put.REQUIRES_AUTH | + method_put.RATE_LIMITED } }; @@ -217,6 +218,7 @@ method_post { rooms_resource, "POST", post_rooms, { - method_post.REQUIRES_AUTH + method_post.REQUIRES_AUTH | + method_post.RATE_LIMITED } }; diff --git a/modules/client/search.cc b/modules/client/search.cc index 018785e2b..2aa40219c 100644 --- a/modules/client/search.cc +++ b/modules/client/search.cc @@ -55,8 +55,9 @@ ircd::m::search::search_post { search_resource, "POST", search_post_handle, { - search_post.REQUIRES_AUTH, - + search_post.REQUIRES_AUTH | + search_post.RATE_LIMITED, + // Some queries can take a really long time, especially under // development. We don't need the default request timer getting // in the way for now. From 229fcf6ef9ac30529e6b8f5c3ebe0f9e0eb37937 Mon Sep 17 00:00:00 2001 From: kamathmanu Date: Fri, 19 Feb 2021 10:25:35 -0500 Subject: [PATCH 2/2] Ignore rate limiting for pushrules handler --- modules/client/pushrules.cc | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/client/pushrules.cc b/modules/client/pushrules.cc index 10f7a9b9e..8e5603bc3 100644 --- a/modules/client/pushrules.cc +++ b/modules/client/pushrules.cc @@ -226,8 +226,7 @@ ircd::m::push::method_put { resource, "PUT", handle_put, { - method_put.REQUIRES_AUTH | - method_put.RATE_LIMITED // review this! + method_put.REQUIRES_AUTH } };