diff options
| author | Andrew Morgan <andrew@amorgan.xyz> | 2021-04-22 18:32:44 +0100 |
|---|---|---|
| committer | Andrew Morgan <andrew@amorgan.xyz> | 2021-04-22 18:32:44 +0100 |
| commit | 27fd9474ae171712a9048b47fabef906f5f50d8f (patch) | |
| tree | b39a7727abcd93226a922ffc8d60182a92c4f263 /synapse/handlers/identity.py | |
| parent | Merge commit 'a78016dad' into anoa/dinsic_release_1_31_0 (diff) | |
| parent | Fix Debian builds on Xenial (#9254) (diff) | |
| download | synapse-27fd9474ae171712a9048b47fabef906f5f50d8f.tar.xz | |
Merge commit 'e19396d62' into anoa/dinsic_release_1_31_0
Diffstat (limited to 'synapse/handlers/identity.py')
| -rw-r--r-- | synapse/handlers/identity.py | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/synapse/handlers/identity.py b/synapse/handlers/identity.py index 95ffcc8707..8dbf9bef3f 100644 --- a/synapse/handlers/identity.py +++ b/synapse/handlers/identity.py @@ -29,9 +29,11 @@ from synapse.api.errors import ( ProxiedRequestError, SynapseError, ) +from synapse.api.ratelimiting import Ratelimiter from synapse.config.emailconfig import ThreepidBehaviour from synapse.http import RequestTimedOutError from synapse.http.client import SimpleHttpClient +from synapse.http.site import SynapseRequest from synapse.types import JsonDict, Requester from synapse.util import json_decoder from synapse.util.hash import sha256_and_url_safe_base64 @@ -60,6 +62,32 @@ class IdentityHandler(BaseHandler): self._web_client_location = hs.config.invite_client_location + # Ratelimiters for `/requestToken` endpoints. + self._3pid_validation_ratelimiter_ip = Ratelimiter( + clock=hs.get_clock(), + rate_hz=hs.config.ratelimiting.rc_3pid_validation.per_second, + burst_count=hs.config.ratelimiting.rc_3pid_validation.burst_count, + ) + self._3pid_validation_ratelimiter_address = Ratelimiter( + clock=hs.get_clock(), + rate_hz=hs.config.ratelimiting.rc_3pid_validation.per_second, + burst_count=hs.config.ratelimiting.rc_3pid_validation.burst_count, + ) + + def ratelimit_request_token_requests( + self, request: SynapseRequest, medium: str, address: str, + ): + """Used to ratelimit requests to `/requestToken` by IP and address. + + Args: + request: The associated request + medium: The type of threepid, e.g. "msisdn" or "email" + address: The actual threepid ID, e.g. the phone number or email address + """ + + self._3pid_validation_ratelimiter_ip.ratelimit((medium, request.getClientIP())) + self._3pid_validation_ratelimiter_address.ratelimit((medium, address)) + async def threepid_from_creds( self, id_server_url: str, creds: Dict[str, str] ) -> Optional[JsonDict]: |