Commit Graph

26 Commits

Author SHA1 Message Date
reivilibre 6a6e1e8c07
Fix room creation being rate limited too aggressively since Synapse v1.69.0. ()
* Introduce a test for the old behaviour which we want to restore

* Reintroduce the old behaviour in a simpler way

* Newsfile

Signed-off-by: Olivier Wilkinson (reivilibre) <oliverw@matrix.org>

* Use 1 credit instead of 2 for creating a room: be more lenient than before

Notably, the UI in Element Web was still broken after restoring to prior behaviour.

After discussion, we agreed that it would be sensible to increase the limit.

Signed-off-by: Olivier Wilkinson (reivilibre) <oliverw@matrix.org>
2022-10-28 11:53:34 +01:00
Dirk Klimpel d6e94ad9d9
Rename `RateLimitConfig` to `RatelimitSettings` () 2022-08-03 10:40:20 +01:00
David Robertson 599c403d99
Allow rate limiters to passively record actions they cannot limit ()
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
2022-07-13 19:09:42 +00:00
reivilibre 0dbdc39940
Fix a long-standing bug which meant that rate limiting was not restrictive enough in some cases. () 2022-06-15 14:11:55 +00:00
Patrick Cloke 3ab55d43bd
Add missing type hints to synapse.api. ()
* Convert UserPresenceState to attrs.
* Remove args/kwargs from error classes and explicitly pass msg/errorcode.
2021-10-18 15:01:10 -04:00
Patrick Cloke eb9ddc8c2e
Remove the deprecated BaseHandler. ()
The shared ratelimit function was replaced with a dedicated
RequestRatelimiter class (accessible from the HomeServer
object).

Other properties were copied to each sub-class that inherited
from BaseHandler.
2021-10-08 07:44:43 -04:00
reivilibre 524b8ead77
Add types to synapse.util. () 2021-09-10 17:03:18 +01:00
Jonathan de Jong bf72d10dbf
Use inline type hints in various other places (in `synapse/`) () 2021-07-15 11:02:43 +01:00
Brendan Abolivier a683028d81
Correctly ratelimit invites when creating a room ()
* Correctly ratelimit invites when creating a room

Also allow ratelimiting for more than one action at a time.
2021-05-12 16:05:28 +02:00
Erik Johnston 963f4309fe
Make RateLimiter class check for ratelimit overrides ()
This should fix a class of bug where we forget to check if e.g. the appservice shouldn't be ratelimited.

We also check the `ratelimit_override` table to check if the user has ratelimiting disabled. That table is really only meant to override the event sender ratelimiting, so we don't use any values from it (as they might not make sense for different rate limits), but we do infer that if ratelimiting is disabled for the user we should disabled all ratelimits.

Fixes 
2021-03-30 12:06:09 +01:00
Patrick Cloke fc8b3d8809
Ratelimit cross-user key sharing requests. () 2021-02-19 13:20:34 -05:00
Patrick Cloke c619253db8
Stop sub-classing object () 2020-09-04 06:54:56 -04:00
Will Hunt cbbf9126cb
Do not apply ratelimiting on joins to appservices ()
Add new method ratelimiter.can_requester_do_action and ensure that appservices are exempt from being ratelimited.

Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
Co-authored-by: Erik Johnston <erik@matrix.org>
2020-08-21 15:07:56 +01:00
Andrew Morgan f4e6495b5d
Performance improvements and refactor of Ratelimiter ()
While working on https://github.com/matrix-org/synapse/issues/5665 I found myself digging into the `Ratelimiter` class and seeing that it was both:

* Rather undocumented, and
* causing a *lot* of config checks

This PR attempts to refactor and comment the `Ratelimiter` class, as well as encourage config file accesses to only be done at instantiation. 

Best to be reviewed commit-by-commit.
2020-06-05 10:47:20 +01:00
Erik Johnston 0f6e525be3
Fixup synapse.api to pass mypy () 2020-01-20 17:34:13 +00:00
Amber Brown 32e7c9e7f2
Run Black. () 2019-06-20 19:32:02 +10:00
Brendan Abolivier 899e523d6d
Add ratelimiting on login ()
Add two ratelimiters on login (per-IP address and per-userID).
2019-03-15 17:46:16 +00:00
Brendan Abolivier a4c3a361b7
Add rate-limiting on registration ()
* Rate-limiting for registration

* Add unit test for registration rate limiting

* Add config parameters for rate limiting on auth endpoints

* Doc

* Fix doc of rate limiting function

Co-Authored-By: babolivier <contact@brendanabolivier.com>

* Incorporate review

* Fix config parsing

* Fix linting errors

* Set default config for auth rate limiting

* Fix tests

* Add changelog

* Advance reactor instead of mocked clock

* Move parameters to registration specific config and give them more sensible default values

* Remove unused config options

* Don't mock the rate limiter un MAU tests

* Rename _register_with_store into register_with_store

* Make CI happy

* Remove unused import

* Update sample config

* Fix ratelimiting test for py2

* Add non-guest test
2019-03-05 14:25:33 +00:00
Amber Brown 324525f40c
Port over enough to get some sytests running on Python 3 () 2018-08-20 23:54:49 +10:00
Erik Johnston 550308c7a1 Check whether to ratelimit sooner to avoid work 2016-10-19 10:45:24 +01:00
Matthew Hodgson 6c28ac260c copyrights 2016-01-07 04:26:29 +00:00
Mark Haines adb04b1e57 Update copyright notices 2015-01-06 13:21:39 +00:00
Matthew Hodgson 8a7c1d6a00 fix the copyright holder from matrix.org to OpenMarket Ltd, as matrix.org hasn't been incorporated in time for launch. 2014-09-03 17:31:57 +01:00
Mark Haines c6eafdfbaf Add copyright notices and fix pyflakes errors 2014-09-03 09:43:11 +01:00
Mark Haines dd2cd9312a Test ratelimiter 2014-09-02 15:16:26 +01:00
Mark Haines 436b3c7d0c Ratelimiter object 2014-09-02 11:16:21 +01:00