Add rate limiting to unknown device list path
This commit is contained in:
parent
89840b9e0b
commit
7f633a0298
31
src/Olm.cpp
31
src/Olm.cpp
@ -1112,6 +1112,8 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s
|
||||
const mtx::events::collections::DeviceEvents &event,
|
||||
bool force_new_session)
|
||||
{
|
||||
static QMap<QPair<std::string, std::string>, qint64> rateLimit;
|
||||
|
||||
nlohmann::json ev_json = std::visit([](const auto &e) { return json(e); }, event);
|
||||
|
||||
std::map<std::string, std::vector<std::string>> keysToQuery;
|
||||
@ -1164,7 +1166,6 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s
|
||||
|
||||
auto session = cache::getLatestOlmSession(device_curve);
|
||||
if (!session || force_new_session) {
|
||||
static QMap<QPair<std::string, std::string>, qint64> rateLimit;
|
||||
auto currentTime = QDateTime::currentSecsSinceEpoch();
|
||||
if (rateLimit.value(QPair(user, device)) + 60 * 60 * 10 <
|
||||
currentTime) {
|
||||
@ -1320,7 +1321,8 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s
|
||||
};
|
||||
};
|
||||
|
||||
http::client()->claim_keys(claims, BindPks(pks));
|
||||
if (!claims.one_time_keys.empty())
|
||||
http::client()->claim_keys(claims, BindPks(pks));
|
||||
|
||||
if (!keysToQuery.empty()) {
|
||||
mtx::requests::QueryKeys req;
|
||||
@ -1397,9 +1399,25 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s
|
||||
continue;
|
||||
}
|
||||
|
||||
deviceKeys[user_id].emplace(device_id, pks);
|
||||
claim_keys.one_time_keys[user.first][device_id] =
|
||||
mtx::crypto::SIGNED_CURVE25519;
|
||||
auto currentTime = QDateTime::currentSecsSinceEpoch();
|
||||
if (rateLimit.value(QPair(user.first, device_id.get())) +
|
||||
60 * 60 * 10 <
|
||||
currentTime) {
|
||||
deviceKeys[user_id].emplace(device_id, pks);
|
||||
claim_keys.one_time_keys[user.first][device_id] =
|
||||
mtx::crypto::SIGNED_CURVE25519;
|
||||
|
||||
rateLimit.insert(
|
||||
QPair(user.first, device_id.get()),
|
||||
currentTime);
|
||||
} else {
|
||||
nhlog::crypto()->warn(
|
||||
"Not creating new session with {}:{} "
|
||||
"because of rate limit",
|
||||
user.first,
|
||||
device_id.get());
|
||||
continue;
|
||||
}
|
||||
|
||||
nhlog::net()->info("{}", device_id.get());
|
||||
nhlog::net()->info(" curve25519 {}", pks.curve25519);
|
||||
@ -1407,7 +1425,8 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s
|
||||
}
|
||||
}
|
||||
|
||||
http::client()->claim_keys(claim_keys, BindPks(deviceKeys));
|
||||
if (!claim_keys.one_time_keys.empty())
|
||||
http::client()->claim_keys(claim_keys, BindPks(deviceKeys));
|
||||
});
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user