mirror of
https://github.com/strukturag/nextcloud-spreed-signaling
synced 2024-06-29 02:40:03 +02:00
Throttle resume / internal hello.
This commit is contained in:
parent
e862392872
commit
4c807c86e8
27
hub.go
27
hub.go
|
@ -63,6 +63,7 @@ var (
|
||||||
NoSuchSession = NewError("no_such_session", "The session to resume does not exist.")
|
NoSuchSession = NewError("no_such_session", "The session to resume does not exist.")
|
||||||
TokenNotValidYet = NewError("token_not_valid_yet", "The token is not valid yet.")
|
TokenNotValidYet = NewError("token_not_valid_yet", "The token is not valid yet.")
|
||||||
TokenExpired = NewError("token_expired", "The token is expired.")
|
TokenExpired = NewError("token_expired", "The token is expired.")
|
||||||
|
TooManyRequests = NewError("too_many_requests", "Too many requests.")
|
||||||
|
|
||||||
// Maximum number of concurrent requests to a backend.
|
// Maximum number of concurrent requests to a backend.
|
||||||
defaultMaxConcurrentRequestsPerHost = 8
|
defaultMaxConcurrentRequestsPerHost = 8
|
||||||
|
@ -1134,8 +1135,19 @@ func (h *Hub) tryProxyResume(c HandlerClient, resumeId string, message *ClientMe
|
||||||
}
|
}
|
||||||
|
|
||||||
func (h *Hub) processHello(client HandlerClient, message *ClientMessage) {
|
func (h *Hub) processHello(client HandlerClient, message *ClientMessage) {
|
||||||
|
ctx := context.TODO()
|
||||||
resumeId := message.Hello.ResumeId
|
resumeId := message.Hello.ResumeId
|
||||||
if resumeId != "" {
|
if resumeId != "" {
|
||||||
|
throttle, err := h.throttler.CheckBruteforce(ctx, client.RemoteAddr(), "HelloResume")
|
||||||
|
if err == ErrBruteforceDetected {
|
||||||
|
client.SendMessage(message.NewErrorServerMessage(TooManyRequests))
|
||||||
|
return
|
||||||
|
} else if err != nil {
|
||||||
|
log.Printf("Error checking for bruteforce: %s", err)
|
||||||
|
client.SendMessage(message.NewWrappedErrorServerMessage(err))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
data := h.decodeSessionId(resumeId, privateSessionName)
|
data := h.decodeSessionId(resumeId, privateSessionName)
|
||||||
if data == nil {
|
if data == nil {
|
||||||
statsHubSessionResumeFailed.Inc()
|
statsHubSessionResumeFailed.Inc()
|
||||||
|
@ -1143,6 +1155,7 @@ func (h *Hub) processHello(client HandlerClient, message *ClientMessage) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
throttle(ctx)
|
||||||
client.SendMessage(message.NewErrorServerMessage(NoSuchSession))
|
client.SendMessage(message.NewErrorServerMessage(NoSuchSession))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -1156,6 +1169,7 @@ func (h *Hub) processHello(client HandlerClient, message *ClientMessage) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
throttle(ctx)
|
||||||
client.SendMessage(message.NewErrorServerMessage(NoSuchSession))
|
client.SendMessage(message.NewErrorServerMessage(NoSuchSession))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -1376,18 +1390,31 @@ func (h *Hub) processHelloInternal(client HandlerClient, message *ClientMessage)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ctx := context.TODO()
|
||||||
|
throttle, err := h.throttler.CheckBruteforce(ctx, client.RemoteAddr(), "HelloInternal")
|
||||||
|
if err == ErrBruteforceDetected {
|
||||||
|
client.SendMessage(message.NewErrorServerMessage(TooManyRequests))
|
||||||
|
return
|
||||||
|
} else if err != nil {
|
||||||
|
log.Printf("Error checking for bruteforce: %s", err)
|
||||||
|
client.SendMessage(message.NewWrappedErrorServerMessage(err))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
// Validate internal connection.
|
// Validate internal connection.
|
||||||
rnd := message.Hello.Auth.internalParams.Random
|
rnd := message.Hello.Auth.internalParams.Random
|
||||||
mac := hmac.New(sha256.New, h.internalClientsSecret)
|
mac := hmac.New(sha256.New, h.internalClientsSecret)
|
||||||
mac.Write([]byte(rnd)) // nolint
|
mac.Write([]byte(rnd)) // nolint
|
||||||
check := hex.EncodeToString(mac.Sum(nil))
|
check := hex.EncodeToString(mac.Sum(nil))
|
||||||
if len(rnd) < minTokenRandomLength || check != message.Hello.Auth.internalParams.Token {
|
if len(rnd) < minTokenRandomLength || check != message.Hello.Auth.internalParams.Token {
|
||||||
|
throttle(ctx)
|
||||||
client.SendMessage(message.NewErrorServerMessage(InvalidToken))
|
client.SendMessage(message.NewErrorServerMessage(InvalidToken))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
backend := h.backend.GetBackend(message.Hello.Auth.internalParams.parsedBackend)
|
backend := h.backend.GetBackend(message.Hello.Auth.internalParams.parsedBackend)
|
||||||
if backend == nil {
|
if backend == nil {
|
||||||
|
throttle(ctx)
|
||||||
client.SendMessage(message.NewErrorServerMessage(InvalidBackendUrl))
|
client.SendMessage(message.NewErrorServerMessage(InvalidBackendUrl))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue