bigbuffet/pleroma
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add rate limiting for events actions

Browse source 
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
This commit is contained in:
marcin mikołajczak 2022-12-02 23:11:08 +01:00
parent f21ec80ea2
commit a9da110ac6
4 changed files with 20 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
config/config.exs
View file

@ -691,6 +691,7 @@
relation_id_action: {60_000, 2}, relation_id_action: {60_000, 2},
statuses_actions: {10_000, 15}, statuses_actions: {10_000, 15},
status_id_action: {60_000, 3}, status_id_action: {60_000, 3},
events_actions: {10_000, 15},
password_reset: {1_800_000, 5}, password_reset: {1_800_000, 5},
account_confirmation_resend: {8_640_000, 5}, account_confirmation_resend: {8_640_000, 5},
ap_routes: {60_000, 15} ap_routes: {60_000, 15}

7
config/description.exs
View file

@ -2621,6 +2621,13 @@
"For fav / unfav or reblog / unreblog actions on the same status by the same user", "For fav / unfav or reblog / unreblog actions on the same status by the same user",
suggestions: [{1000, 10}, [{10_000, 10}, {10_000, 50}]] suggestions: [{1000, 10}, [{10_000, 10}, {10_000, 50}]]
}, },
%{
key: :events_actions,
type: [:tuple, {:list, :tuple}],
description:
"For create / update / join / leave actions on any statuses",
suggestions: [{1000, 10}, [{10_000, 10}, {10_000, 50}]]
},
%{ %{
key: :authentication, key: :authentication,
type: [:tuple, {:list, :tuple}], type: [:tuple, {:list, :tuple}],

1
docs/configuration/cheatsheet.md
View file

@ -477,6 +477,7 @@ Supported rate limiters:
* `:relation_id_action` - Following/Unfollowing for a specific user. * `:relation_id_action` - Following/Unfollowing for a specific user.
* `:statuses_actions` - Status actions such as: (un)repeating, (un)favouriting, creating, deleting. * `:statuses_actions` - Status actions such as: (un)repeating, (un)favouriting, creating, deleting.
* `:status_id_action` - (un)Repeating/(un)Favouriting a particular status. * `:status_id_action` - (un)Repeating/(un)Favouriting a particular status.
* `:events_actions` - Events actions such as: creating, joining, leaving.
* `:authentication` - Authentication actions, i.e getting an OAuth token. * `:authentication` - Authentication actions, i.e getting an OAuth token.
* `:password_reset` - Requesting password reset emails. * `:password_reset` - Requesting password reset emails.
* `:account_confirmation_resend` - Requesting resending account confirmation emails. * `:account_confirmation_resend` - Requesting resending account confirmation emails.

11
lib/pleroma/web/pleroma_api/controllers/event_controller.ex
View file

@ -22,6 +22,7 @@ defmodule Pleroma.Web.PleromaAPI.EventController do
alias Pleroma.Web.MastodonAPI.StatusView alias Pleroma.Web.MastodonAPI.StatusView
alias Pleroma.Web.PleromaAPI.EventView alias Pleroma.Web.PleromaAPI.EventView
alias Pleroma.Web.Plugs.OAuthScopesPlug alias Pleroma.Web.Plugs.OAuthScopesPlug
alias Pleroma.Web.Plugs.RateLimiter
plug(Pleroma.Web.ApiSpec.CastAndValidate) plug(Pleroma.Web.ApiSpec.CastAndValidate)
@ -68,6 +69,16 @@ defmodule Pleroma.Web.PleromaAPI.EventController do
when action in [:export_ics] when action in [:export_ics]
) )
@rate_limited_event_actions ~w(create update join leave)a
plug(
RateLimiter,
[name: :status_id_action, bucket_name: "status_id_action:join_leave", params: [:id]]
when action in ~w(join leave)a
)
plug(RateLimiter, [name: :events_actions] when action in @rate_limited_event_actions)
plug(Pleroma.Web.Plugs.SetApplicationPlug, [] when action in [:create, :update]) plug(Pleroma.Web.Plugs.SetApplicationPlug, [] when action in [:create, :update])
action_fallback(Pleroma.Web.MastodonAPI.FallbackController) action_fallback(Pleroma.Web.MastodonAPI.FallbackController)