Add rate limiting to unknown device list path
This commit is contained in:
parent
89840b9e0b
commit
7f633a0298
21
src/Olm.cpp
21
src/Olm.cpp
@ -1112,6 +1112,8 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s
|
|||||||
const mtx::events::collections::DeviceEvents &event,
|
const mtx::events::collections::DeviceEvents &event,
|
||||||
bool force_new_session)
|
bool force_new_session)
|
||||||
{
|
{
|
||||||
|
static QMap<QPair<std::string, std::string>, qint64> rateLimit;
|
||||||
|
|
||||||
nlohmann::json ev_json = std::visit([](const auto &e) { return json(e); }, event);
|
nlohmann::json ev_json = std::visit([](const auto &e) { return json(e); }, event);
|
||||||
|
|
||||||
std::map<std::string, std::vector<std::string>> keysToQuery;
|
std::map<std::string, std::vector<std::string>> keysToQuery;
|
||||||
@ -1164,7 +1166,6 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s
|
|||||||
|
|
||||||
auto session = cache::getLatestOlmSession(device_curve);
|
auto session = cache::getLatestOlmSession(device_curve);
|
||||||
if (!session || force_new_session) {
|
if (!session || force_new_session) {
|
||||||
static QMap<QPair<std::string, std::string>, qint64> rateLimit;
|
|
||||||
auto currentTime = QDateTime::currentSecsSinceEpoch();
|
auto currentTime = QDateTime::currentSecsSinceEpoch();
|
||||||
if (rateLimit.value(QPair(user, device)) + 60 * 60 * 10 <
|
if (rateLimit.value(QPair(user, device)) + 60 * 60 * 10 <
|
||||||
currentTime) {
|
currentTime) {
|
||||||
@ -1320,6 +1321,7 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
if (!claims.one_time_keys.empty())
|
||||||
http::client()->claim_keys(claims, BindPks(pks));
|
http::client()->claim_keys(claims, BindPks(pks));
|
||||||
|
|
||||||
if (!keysToQuery.empty()) {
|
if (!keysToQuery.empty()) {
|
||||||
@ -1397,16 +1399,33 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s
|
|||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
auto currentTime = QDateTime::currentSecsSinceEpoch();
|
||||||
|
if (rateLimit.value(QPair(user.first, device_id.get())) +
|
||||||
|
60 * 60 * 10 <
|
||||||
|
currentTime) {
|
||||||
deviceKeys[user_id].emplace(device_id, pks);
|
deviceKeys[user_id].emplace(device_id, pks);
|
||||||
claim_keys.one_time_keys[user.first][device_id] =
|
claim_keys.one_time_keys[user.first][device_id] =
|
||||||
mtx::crypto::SIGNED_CURVE25519;
|
mtx::crypto::SIGNED_CURVE25519;
|
||||||
|
|
||||||
|
rateLimit.insert(
|
||||||
|
QPair(user.first, device_id.get()),
|
||||||
|
currentTime);
|
||||||
|
} else {
|
||||||
|
nhlog::crypto()->warn(
|
||||||
|
"Not creating new session with {}:{} "
|
||||||
|
"because of rate limit",
|
||||||
|
user.first,
|
||||||
|
device_id.get());
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
nhlog::net()->info("{}", device_id.get());
|
nhlog::net()->info("{}", device_id.get());
|
||||||
nhlog::net()->info(" curve25519 {}", pks.curve25519);
|
nhlog::net()->info(" curve25519 {}", pks.curve25519);
|
||||||
nhlog::net()->info(" ed25519 {}", pks.ed25519);
|
nhlog::net()->info(" ed25519 {}", pks.ed25519);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!claim_keys.one_time_keys.empty())
|
||||||
http::client()->claim_keys(claim_keys, BindPks(deviceKeys));
|
http::client()->claim_keys(claim_keys, BindPks(deviceKeys));
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user