[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-anastasis] 02/02: fix rate limiting
|
From: |
gnunet |
|
Subject: |
[taler-anastasis] 02/02: fix rate limiting |
|
Date: |
Mon, 29 Mar 2021 10:25:46 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository anastasis.
commit 35637de34924ab92ceee8cde9cc5ae771d8faa21
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Mon Mar 29 10:25:42 2021 +0200
fix rate limiting
---
src/backend/anastasis-httpd_truth.c | 10 ++++++++--
src/stasis/plugin_anastasis_postgres.c | 13 +++++++++++--
2 files changed, 19 insertions(+), 4 deletions(-)
diff --git a/src/backend/anastasis-httpd_truth.c
b/src/backend/anastasis-httpd_truth.c
index 0e3987d..7a348e4 100644
--- a/src/backend/anastasis-httpd_truth.c
+++ b/src/backend/anastasis-httpd_truth.c
@@ -973,7 +973,7 @@ AH_handler_truth_get (
TALER_EC_GENERIC_DB_FETCH_FAILED,
"create_challenge_code (for rate
limiting)");
}
- if (0 != rt.abs_value_us)
+ if (0 == qs)
{
GNUNET_free (decrypted_truth);
GNUNET_free (truth_mime);
@@ -1090,13 +1090,19 @@ AH_handler_truth_get (
{
case GNUNET_DB_STATUS_HARD_ERROR:
case GNUNET_DB_STATUS_SOFT_ERROR:
- case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS:
GNUNET_break (0);
GNUNET_free (decrypted_truth);
return TALER_MHD_reply_with_error (gc->connection,
MHD_HTTP_INTERNAL_SERVER_ERROR,
TALER_EC_GENERIC_DB_FETCH_FAILED,
"store_challenge_code");
+ case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS:
+ /* 0 == retry_counter of existing challenge => rate limit exceeded */
+ GNUNET_free (decrypted_truth);
+ return TALER_MHD_reply_with_error (connection,
+ MHD_HTTP_TOO_MANY_REQUESTS,
+ TALER_EC_ANASTASIS_TRUTH_RATE_LIMITED,
+ NULL);
case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT:
/* challenge code was stored successfully*/
break;
diff --git a/src/stasis/plugin_anastasis_postgres.c
b/src/stasis/plugin_anastasis_postgres.c
index bd4b2b8..4a759ce 100644
--- a/src/stasis/plugin_anastasis_postgres.c
+++ b/src/stasis/plugin_anastasis_postgres.c
@@ -1598,6 +1598,7 @@ postgres_create_challenge_code (
}
{
+ uint32_t retry_counter;
struct GNUNET_PQ_QueryParam params[] = {
GNUNET_PQ_query_param_auto_from_type (truth_uuid),
TALER_PQ_query_param_absolute_time (&now),
@@ -1607,6 +1608,8 @@ postgres_create_challenge_code (
struct GNUNET_PQ_ResultSpec rs[] = {
GNUNET_PQ_result_spec_uint64 ("code",
code),
+ GNUNET_PQ_result_spec_uint32 ("retry_counter",
+ &retry_counter),
GNUNET_PQ_result_spec_absolute_time ("retransmission_date",
retransmission_date),
GNUNET_PQ_result_spec_end
@@ -1626,8 +1629,14 @@ postgres_create_challenge_code (
case GNUNET_DB_STATUS_SOFT_ERROR:
goto retry;
case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS:
+ /* no active challenge, create fresh one (below) */
break;
case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT:
+ if (0 == retry_counter)
+ {
+ rollback (pg);
+ return GNUNET_DB_STATUS_SUCCESS_NO_RESULTS;
+ }
rollback (pg);
return qs;
}
@@ -1990,7 +1999,7 @@ libanastasis_plugin_db_postgres_init (void *cls)
5),
GNUNET_PQ_make_prepare ("challengecode_select",
"SELECT "
- " code "
+ " code"
" FROM anastasis_challengecode"
" WHERE truth_uuid=$1"
" AND expiration_date > $2"
@@ -1999,12 +2008,12 @@ libanastasis_plugin_db_postgres_init (void *cls)
GNUNET_PQ_make_prepare ("challengecode_select_meta",
"SELECT "
" code"
+ ",retry_counter"
",retransmission_date"
" FROM anastasis_challengecode"
" WHERE truth_uuid=$1"
" AND expiration_date > $2"
" AND creation_date > $3"
- " AND retry_counter > 0"
" ORDER BY creation_date DESC"
" LIMIT 1;",
2),
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.