diff --git a/synapse/federation/federation_server.py b/synapse/federation/federation_server.py
index 5dfdc86740..ae550d3f4d 100644
--- a/synapse/federation/federation_server.py
+++ b/synapse/federation/federation_server.py
@@ -118,6 +118,7 @@ class FederationServer(FederationBase):
self._federation_event_handler = hs.get_federation_event_handler()
self.state = hs.get_state_handler()
self._event_auth_handler = hs.get_event_auth_handler()
+ self._room_member_handler = hs.get_room_member_handler()
self._state_storage_controller = hs.get_storage_controllers().state
@@ -621,6 +622,15 @@ class FederationServer(FederationBase):
)
raise IncompatibleRoomVersionError(room_version=room_version)
+ # Refuse the request if that room has seen too many joins recently.
+ # This is in addition to the HS-level rate limiting applied by
+ # BaseFederationServlet.
+ # type-ignore: mypy doesn't seem able to deduce the type of the limiter(!?)
+ await self._room_member_handler._join_rate_per_room_limiter.ratelimit( # type: ignore[has-type]
+ requester=None,
+ key=room_id,
+ update=False,
+ )
pdu = await self.handler.on_make_join_request(origin, room_id, user_id)
return {"event": pdu.get_templated_pdu_json(), "room_version": room_version}
@@ -655,6 +665,12 @@ class FederationServer(FederationBase):
room_id: str,
caller_supports_partial_state: bool = False,
) -> Dict[str, Any]:
+ await self._room_member_handler._join_rate_per_room_limiter.ratelimit( # type: ignore[has-type]
+ requester=None,
+ key=room_id,
+ update=False,
+ )
+
event, context = await self._on_send_membership_event(
origin, content, Membership.JOIN, room_id
)
|
