Add a ratelimiter for 3pid invite (#11892)

2022-02-03 14:28:15 +01:00 · 2022-02-03 14:28:15 +01:00 · d80d39b035
parent 833247553f
commit d80d39b035
4 changed files with 31 additions and 1 deletions
--- a/changelog.d/11892.feature
+++ b/changelog.d/11892.feature
@ -0,0 +1 @@
+Use a dedicated configurable rate limiter for 3PID invites.
--- a/docs/sample_config.yaml
+++ b/docs/sample_config.yaml
@ -857,6 +857,9 @@ log_config: "CONFDIR/SERVERNAME.log.config"
 #   - one for ratelimiting how often a user or IP can attempt to validate a 3PID.
 #   - two for ratelimiting how often invites can be sent in a room or to a
 #     specific user.
+#   - one for ratelimiting 3PID invites (i.e. invites sent to a third-party ID
+#     such as an email address or a phone number) based on the account that's
+#     sending the invite.
 #
 # The defaults are as shown below.
 #
@ -906,6 +909,10 @@ log_config: "CONFDIR/SERVERNAME.log.config"
 #  per_user:
 #    per_second: 0.003
 #    burst_count: 5
+#
+#rc_third_party_invite:
+#  per_second: 0.2
+#  burst_count: 10

 # Ratelimiting settings for incoming federation
 #
--- a/synapse/config/ratelimiting.py
+++ b/synapse/config/ratelimiting.py
@ -134,6 +134,14 @@ class RatelimitConfig(Config):
            defaults={"per_second": 0.003, "burst_count": 5},
        )

+        self.rc_third_party_invite = RateLimitConfig(
+            config.get("rc_third_party_invite", {}),
+            defaults={
+                "per_second": self.rc_message.per_second,
+                "burst_count": self.rc_message.burst_count,
+            },
+        )
+
    def generate_config_section(self, **kwargs):
        return """\
        ## Ratelimiting ##
@ -168,6 +176,9 @@ class RatelimitConfig(Config):
        #   - one for ratelimiting how often a user or IP can attempt to validate a 3PID.
        #   - two for ratelimiting how often invites can be sent in a room or to a
        #     specific user.
+        #   - one for ratelimiting 3PID invites (i.e. invites sent to a third-party ID
+        #     such as an email address or a phone number) based on the account that's
+        #     sending the invite.
        #
        # The defaults are as shown below.
        #
@ -217,6 +228,10 @@ class RatelimitConfig(Config):
        #  per_user:
        #    per_second: 0.003
        #    burst_count: 5
+        #
+        #rc_third_party_invite:
+        #  per_second: 0.2
+        #  burst_count: 10

        # Ratelimiting settings for incoming federation
        #
--- a/synapse/handlers/room_member.py
+++ b/synapse/handlers/room_member.py
@ -116,6 +116,13 @@ class RoomMemberHandler(metaclass=abc.ABCMeta):
            burst_count=hs.config.ratelimiting.rc_invites_per_user.burst_count,
        )

+        self._third_party_invite_limiter = Ratelimiter(
+            store=self.store,
+            clock=self.clock,
+            rate_hz=hs.config.ratelimiting.rc_third_party_invite.per_second,
+            burst_count=hs.config.ratelimiting.rc_third_party_invite.burst_count,
+        )
+
        self.request_ratelimiter = hs.get_request_ratelimiter()

    @abc.abstractmethod
@ -1295,7 +1302,7 @@ class RoomMemberHandler(metaclass=abc.ABCMeta):

        # We need to rate limit *before* we send out any 3PID invites, so we
        # can't just rely on the standard ratelimiting of events.
-        await self.request_ratelimiter.ratelimit(requester)
+        await self._third_party_invite_limiter.ratelimit(requester)

        can_invite = await self.third_party_event_rules.check_threepid_can_be_invited(
            medium, address, room_id
				`@ -0,0 +1 @@`
				`Use a dedicated configurable rate limiter for 3PID invites.`