diff options
author | Erik Johnston <erik@matrix.org> | 2017-10-27 11:57:27 +0100 |
---|---|---|
committer | Erik Johnston <erik@matrix.org> | 2017-10-27 11:57:27 +0100 |
commit | ca571b0ec3674cd477e9da5f8e9d20c4dfcaf58b (patch) | |
tree | 6fd821e23dee30920e61801009120a52cef217ed /synapse/groups/attestations.py | |
parent | Merge branch 'release-v0.24.1' of github.com:matrix-org/synapse (diff) | |
download | synapse-ca571b0ec3674cd477e9da5f8e9d20c4dfcaf58b.tar.xz |
Add jitter to validity period of attestations
This helps ensure that the renewals of attestations are spread out more evenly.
Diffstat (limited to 'synapse/groups/attestations.py')
-rw-r--r-- | synapse/groups/attestations.py | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/synapse/groups/attestations.py b/synapse/groups/attestations.py index b751cf5e43..fc5f92121e 100644 --- a/synapse/groups/attestations.py +++ b/synapse/groups/attestations.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +import random + from twisted.internet import defer from synapse.api.errors import SynapseError @@ -25,6 +27,11 @@ from signedjson.sign import sign_json # Default validity duration for new attestations we create DEFAULT_ATTESTATION_LENGTH_MS = 3 * 24 * 60 * 60 * 1000 +# We add some jitter to the validity duration of attestations so that if we +# add lots of users at once we don't need to renew them all at once. +# The jitter is a multiplier picked randomly between the first and second number +DEFAULT_ATTESTATION_JITTER = (0.9, 1.3) + # Start trying to update our attestations when they come this close to expiring UPDATE_ATTESTATION_TIME_MS = 1 * 24 * 60 * 60 * 1000 @@ -73,10 +80,14 @@ class GroupAttestationSigning(object): """Create an attestation for the group_id and user_id with default validity length. """ + validity_period = DEFAULT_ATTESTATION_LENGTH_MS + validity_period *= random.uniform(*DEFAULT_ATTESTATION_JITTER) + valid_until_ms = int(self.clock.time_msec() + validity_period) + return sign_json({ "group_id": group_id, "user_id": user_id, - "valid_until_ms": self.clock.time_msec() + DEFAULT_ATTESTATION_LENGTH_MS, + "valid_until_ms": valid_until_ms, }, self.server_name, self.signing_key) |