Skip to content

Commit

Permalink
Enforce per-IP rate limits
Browse files Browse the repository at this point in the history
  • Loading branch information
@jkt-signal @ravi-signal
jkt-signal authored and ravi-signal committed Oct 7, 2024
1 parent 087e192 commit d550c69
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 15 deletions.
4 changes: 2 additions & 2 deletions service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1003,7 +1003,7 @@ protected void configureServer(final ServerBuilder<?> serverBuilder) {

environment.jersey().register(new BufferingInterceptor());
environment.jersey().register(new VirtualExecutorServiceProvider("managed-async-virtual-thread-"));
environment.jersey().register(new RateLimitByIpFilter(rateLimiters, true));
environment.jersey().register(new RateLimitByIpFilter(rateLimiters));
environment.jersey().register(new RequestStatisticsFilter(TrafficSource.HTTP));
environment.jersey().register(MultiRecipientMessageProvider.class);
environment.jersey().register(new AuthDynamicFeature(accountAuthFilter));
Expand All @@ -1022,7 +1022,7 @@ protected void configureServer(final ServerBuilder<?> serverBuilder) {
clientReleaseManager, messageDeliveryLoopMonitor));
webSocketEnvironment.jersey()
.register(new WebsocketRefreshApplicationEventListener(accountsManager, clientPresenceManager));
webSocketEnvironment.jersey().register(new RateLimitByIpFilter(rateLimiters, true));
webSocketEnvironment.jersey().register(new RateLimitByIpFilter(rateLimiters));
webSocketEnvironment.jersey().register(new RequestStatisticsFilter(TrafficSource.WEBSOCKET));
webSocketEnvironment.jersey().register(MultiRecipientMessageProvider.class);
webSocketEnvironment.jersey().register(new MetricsApplicationEventListener(TrafficSource.WEBSOCKET, clientReleaseManager));
Expand Down
16 changes: 3 additions & 13 deletions service/src/main/java/org/whispersystems/textsecuregcm/limits/RateLimitByIpFilter.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,15 +41,9 @@ public class RateLimitByIpFilter implements ContainerRequestFilter {
private static final String NO_IP_COUNTER_NAME = MetricsUtil.name(RateLimitByIpFilter.class, "noIpAddress");

private final RateLimiters rateLimiters;
private final boolean softEnforcement;

public RateLimitByIpFilter(final RateLimiters rateLimiters, final boolean softEnforcement) {
this.rateLimiters = requireNonNull(rateLimiters);
this.softEnforcement = softEnforcement;
}

public RateLimitByIpFilter(final RateLimiters rateLimiters) {
this(rateLimiters, false);
this.rateLimiters = requireNonNull(rateLimiters);
}

@Override
Expand Down Expand Up @@ -87,9 +81,7 @@ public void filter(final ContainerRequestContext requestContext) throws IOExcept
// checking if annotation is configured to fail when the most recent IP is not resolved
if (annotation.failOnUnresolvedIp()) {
logger.error("Remote address was null");
if (!softEnforcement) {
throw INVALID_HEADER_EXCEPTION;
}
throw INVALID_HEADER_EXCEPTION;
}
// otherwise, allow request
return;
Expand All @@ -99,9 +91,7 @@ public void filter(final ContainerRequestContext requestContext) throws IOExcept
rateLimiter.validate(remoteAddress.get());
} catch (RateLimitExceededException e) {
final Response response = EXCEPTION_MAPPER.toResponse(e);
if (!softEnforcement) {
throw new ClientErrorException(response);
}
throw new ClientErrorException(response);
}
}
}

0 comments on commit d550c69

Please sign in to comment.