[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-anastasis] branch master updated (1c5be01 -> 35637de)
|
From: |
gnunet |
|
Subject: |
[taler-anastasis] branch master updated (1c5be01 -> 35637de) |
|
Date: |
Mon, 29 Mar 2021 10:25:44 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a change to branch master
in repository anastasis.
from 1c5be01 implement rate limiting error handling
new ceb03af GONE is actually too many requests
new 35637de fix rate limiting
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
src/backend/anastasis-httpd_truth.c | 19 +++++++++++++------
src/reducer/anastasis_api_recovery_redux.c | 1 -
src/stasis/plugin_anastasis_postgres.c | 13 +++++++++++--
3 files changed, 24 insertions(+), 9 deletions(-)
diff --git a/src/backend/anastasis-httpd_truth.c
b/src/backend/anastasis-httpd_truth.c
index 7001018..7a348e4 100644
--- a/src/backend/anastasis-httpd_truth.c
+++ b/src/backend/anastasis-httpd_truth.c
@@ -973,7 +973,7 @@ AH_handler_truth_get (
TALER_EC_GENERIC_DB_FETCH_FAILED,
"create_challenge_code (for rate
limiting)");
}
- if (0 != rt.abs_value_us)
+ if (0 == qs)
{
GNUNET_free (decrypted_truth);
GNUNET_free (truth_mime);
@@ -1032,11 +1032,12 @@ AH_handler_truth_get (
TALER_EC_GENERIC_DB_FETCH_FAILED,
"verify_challenge_code");
case ANASTASIS_DB_CODE_STATUS_NO_RESULTS:
- GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
- "No challenge known\n");
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "No challenge known (challenge is invalidated after %u
requests)\n",
+ INITIAL_RETRY_COUNTER);
return TALER_MHD_reply_with_error (connection,
- MHD_HTTP_GONE,
-
TALER_EC_ANASTASIS_TRUTH_CHALLENGE_UNKNOWN,
+ MHD_HTTP_TOO_MANY_REQUESTS,
+ TALER_EC_ANASTASIS_TRUTH_RATE_LIMITED,
NULL);
case ANASTASIS_DB_CODE_STATUS_VALID_CODE_STORED:
return return_key_share (&gc->truth_uuid,
@@ -1089,13 +1090,19 @@ AH_handler_truth_get (
{
case GNUNET_DB_STATUS_HARD_ERROR:
case GNUNET_DB_STATUS_SOFT_ERROR:
- case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS:
GNUNET_break (0);
GNUNET_free (decrypted_truth);
return TALER_MHD_reply_with_error (gc->connection,
MHD_HTTP_INTERNAL_SERVER_ERROR,
TALER_EC_GENERIC_DB_FETCH_FAILED,
"store_challenge_code");
+ case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS:
+ /* 0 == retry_counter of existing challenge => rate limit exceeded */
+ GNUNET_free (decrypted_truth);
+ return TALER_MHD_reply_with_error (connection,
+ MHD_HTTP_TOO_MANY_REQUESTS,
+ TALER_EC_ANASTASIS_TRUTH_RATE_LIMITED,
+ NULL);
case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT:
/* challenge code was stored successfully*/
break;
diff --git a/src/reducer/anastasis_api_recovery_redux.c
b/src/reducer/anastasis_api_recovery_redux.c
index 78b1de0..ff60f76 100644
--- a/src/reducer/anastasis_api_recovery_redux.c
+++ b/src/reducer/anastasis_api_recovery_redux.c
@@ -572,7 +572,6 @@ answer_feedback_cb (
uuid,
err));
}
- GNUNET_break_op (0);
set_state (sctx->state,
ANASTASIS_GENERIC_STATE_ERROR);
sctx->cb (sctx->cb_cls,
diff --git a/src/stasis/plugin_anastasis_postgres.c
b/src/stasis/plugin_anastasis_postgres.c
index bd4b2b8..4a759ce 100644
--- a/src/stasis/plugin_anastasis_postgres.c
+++ b/src/stasis/plugin_anastasis_postgres.c
@@ -1598,6 +1598,7 @@ postgres_create_challenge_code (
}
{
+ uint32_t retry_counter;
struct GNUNET_PQ_QueryParam params[] = {
GNUNET_PQ_query_param_auto_from_type (truth_uuid),
TALER_PQ_query_param_absolute_time (&now),
@@ -1607,6 +1608,8 @@ postgres_create_challenge_code (
struct GNUNET_PQ_ResultSpec rs[] = {
GNUNET_PQ_result_spec_uint64 ("code",
code),
+ GNUNET_PQ_result_spec_uint32 ("retry_counter",
+ &retry_counter),
GNUNET_PQ_result_spec_absolute_time ("retransmission_date",
retransmission_date),
GNUNET_PQ_result_spec_end
@@ -1626,8 +1629,14 @@ postgres_create_challenge_code (
case GNUNET_DB_STATUS_SOFT_ERROR:
goto retry;
case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS:
+ /* no active challenge, create fresh one (below) */
break;
case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT:
+ if (0 == retry_counter)
+ {
+ rollback (pg);
+ return GNUNET_DB_STATUS_SUCCESS_NO_RESULTS;
+ }
rollback (pg);
return qs;
}
@@ -1990,7 +1999,7 @@ libanastasis_plugin_db_postgres_init (void *cls)
5),
GNUNET_PQ_make_prepare ("challengecode_select",
"SELECT "
- " code "
+ " code"
" FROM anastasis_challengecode"
" WHERE truth_uuid=$1"
" AND expiration_date > $2"
@@ -1999,12 +2008,12 @@ libanastasis_plugin_db_postgres_init (void *cls)
GNUNET_PQ_make_prepare ("challengecode_select_meta",
"SELECT "
" code"
+ ",retry_counter"
",retransmission_date"
" FROM anastasis_challengecode"
" WHERE truth_uuid=$1"
" AND expiration_date > $2"
" AND creation_date > $3"
- " AND retry_counter > 0"
" ORDER BY creation_date DESC"
" LIMIT 1;",
2),
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [taler-anastasis] branch master updated (1c5be01 -> 35637de),
gnunet <=