mirror of
https://github.com/strukturag/nextcloud-spreed-signaling
synced 2024-06-17 05:06:14 +02:00
Add bruteforce detection to backend server room handler.
This commit is contained in:
Joachim Bauch
parent
31b8c74d1c
commit
7f8e44b3b5
|
|
@ -761,6 +761,16 @@ func (b *BackendServer) startDialout(roomid string, backend *Backend, backendUrl
|
|||
}
|
||||
|
||||
func (b *BackendServer) roomHandler(w http.ResponseWriter, r *http.Request, body []byte) {
|
||||
throttle, err := b.hub.throttler.CheckBruteforce(r.Context(), b.hub.getRealUserIP(r), "BackendRoomAuth")
|
||||
if err == ErrBruteforceDetected {
|
||||
http.Error(w, "Too many requests", http.StatusTooManyRequests)
|
||||
return
|
||||
} else if err != nil {
|
||||
log.Printf("Error checking for bruteforce: %s", err)
|
||||
http.Error(w, "Could not check for bruteforce", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
v := mux.Vars(r)
|
||||
roomid := v["roomid"]
|
||||
|
||||
|
|
@ -773,6 +783,7 @@ func (b *BackendServer) roomHandler(w http.ResponseWriter, r *http.Request, body
|
|||
|
||||
if backend == nil {
|
||||
// Unknown backend URL passed, return immediately.
|
||||
throttle(r.Context())
|
||||
http.Error(w, "Authentication check failed", http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
|
|
@ -794,12 +805,14 @@ func (b *BackendServer) roomHandler(w http.ResponseWriter, r *http.Request, body
|
|||
}
|
||||
|
||||
if backend == nil {
|
||||
throttle(r.Context())
|
||||
http.Error(w, "Authentication check failed", http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
if !ValidateBackendChecksum(r, body, backend.Secret()) {
|
||||
throttle(r.Context())
|
||||
http.Error(w, "Authentication check failed", http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
|
|
@ -814,7 +827,6 @@ func (b *BackendServer) roomHandler(w http.ResponseWriter, r *http.Request, body
|
|||
request.ReceivedTime = time.Now().UnixNano()
|
||||
|
||||
var response any
|
||||
var err error
|
||||
switch request.Type {
|
||||
case "invite":
|
||||
b.sendRoomInvite(roomid, backend, request.Invite.UserIds, request.Invite.Properties)
|
||||
|
|
|
|||
10
hub.go
10
hub.go
|
|
@ -173,6 +173,8 @@ type Hub struct {
|
|||
|
||||
rpcServer *GrpcServer
|
||||
rpcClients *GrpcClients
|
||||
|
||||
throttler Throttler
|
||||
}
|
||||
|
||||
func NewHub(config *goconf.ConfigFile, events AsyncEvents, rpcServer *GrpcServer, rpcClients *GrpcClients, etcdClient *EtcdClient, r *mux.Router, version string) (*Hub, error) {
|
||||
|
|
@ -328,6 +330,11 @@ func NewHub(config *goconf.ConfigFile, events AsyncEvents, rpcServer *GrpcServer
|
|||
}
|
||||
}
|
||||
|
||||
throttler, err := NewMemoryThrottler()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
hub := &Hub{
|
||||
events: events,
|
||||
upgrader: websocket.Upgrader{
|
||||
|
|
@ -376,6 +383,8 @@ func NewHub(config *goconf.ConfigFile, events AsyncEvents, rpcServer *GrpcServer
|
|||
|
||||
rpcServer: rpcServer,
|
||||
rpcClients: rpcClients,
|
||||
|
||||
throttler: throttler,
|
||||
}
|
||||
hub.setWelcomeMessage(&ServerMessage{
|
||||
Type: "welcome",
|
||||
|
|
@ -498,6 +507,7 @@ loop:
|
|||
|
||||
func (h *Hub) Stop() {
|
||||
h.closer.Close()
|
||||
h.throttler.Close()
|
||||
}
|
||||
|
||||
func (h *Hub) Reload(config *goconf.ConfigFile) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue