rnhmjoj
/
nheko
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add rate limiting to unknown device list path

This commit is contained in:
Nicolas Werner 2021-08-09 20:52:54 +02:00
parent 89840b9e0b
commit 7f633a0298
No known key found for this signature in database
GPG Key ID: C8D75E610773F2D9
1 changed files with 25 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
src/Olm.cpp
View File

@ -1112,6 +1112,8 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s
const mtx::events::collections::DeviceEvents &event, const mtx::events::collections::DeviceEvents &event,
bool force_new_session) bool force_new_session)
{ {
static QMap<QPair<std::string, std::string>, qint64> rateLimit;
nlohmann::json ev_json = std::visit([](const auto &e) { return json(e); }, event); nlohmann::json ev_json = std::visit([](const auto &e) { return json(e); }, event);
std::map<std::string, std::vector<std::string>> keysToQuery; std::map<std::string, std::vector<std::string>> keysToQuery;
@ -1164,7 +1166,6 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s
auto session = cache::getLatestOlmSession(device_curve); auto session = cache::getLatestOlmSession(device_curve);
if (!session || force_new_session) { if (!session || force_new_session) {
static QMap<QPair<std::string, std::string>, qint64> rateLimit;
auto currentTime = QDateTime::currentSecsSinceEpoch(); auto currentTime = QDateTime::currentSecsSinceEpoch();
if (rateLimit.value(QPair(user, device)) + 60 * 60 * 10 < if (rateLimit.value(QPair(user, device)) + 60 * 60 * 10 <
currentTime) { currentTime) {
@ -1320,7 +1321,8 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s
}; };
}; };
http::client()->claim_keys(claims, BindPks(pks)); if (!claims.one_time_keys.empty())
http::client()->claim_keys(claims, BindPks(pks));
if (!keysToQuery.empty()) { if (!keysToQuery.empty()) {
mtx::requests::QueryKeys req; mtx::requests::QueryKeys req;
@ -1397,9 +1399,25 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s
continue; continue;
} }
deviceKeys[user_id].emplace(device_id, pks); auto currentTime = QDateTime::currentSecsSinceEpoch();
claim_keys.one_time_keys[user.first][device_id] = if (rateLimit.value(QPair(user.first, device_id.get())) +
mtx::crypto::SIGNED_CURVE25519; 60 * 60 * 10 <
currentTime) {
deviceKeys[user_id].emplace(device_id, pks);
claim_keys.one_time_keys[user.first][device_id] =
mtx::crypto::SIGNED_CURVE25519;
rateLimit.insert(
QPair(user.first, device_id.get()),
currentTime);
} else {
nhlog::crypto()->warn(
"Not creating new session with {}:{} "
"because of rate limit",
user.first,
device_id.get());
continue;
}
nhlog::net()->info("{}", device_id.get()); nhlog::net()->info("{}", device_id.get());
nhlog::net()->info(" curve25519 {}", pks.curve25519); nhlog::net()->info(" curve25519 {}", pks.curve25519);
@ -1407,7 +1425,8 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s
} }
} }
http::client()->claim_keys(claim_keys, BindPks(deviceKeys)); if (!claim_keys.one_time_keys.empty())
http::client()->claim_keys(claim_keys, BindPks(deviceKeys));
}); });
} }
} }