Add bruteforce detection to backend server room handler.

This commit is contained in:
Joachim Bauch 2024-05-14 12:02:36 +02:00
parent 31b8c74d1c
commit 7f8e44b3b5
No known key found for this signature in database
GPG key ID: 77C1D22D53E15F02
2 changed files with 23 additions and 1 deletions

View file

@ -761,6 +761,16 @@ func (b *BackendServer) startDialout(roomid string, backend *Backend, backendUrl
}
func (b *BackendServer) roomHandler(w http.ResponseWriter, r *http.Request, body []byte) {
throttle, err := b.hub.throttler.CheckBruteforce(r.Context(), b.hub.getRealUserIP(r), "BackendRoomAuth")
if err == ErrBruteforceDetected {
http.Error(w, "Too many requests", http.StatusTooManyRequests)
return
} else if err != nil {
log.Printf("Error checking for bruteforce: %s", err)
http.Error(w, "Could not check for bruteforce", http.StatusInternalServerError)
return
}
v := mux.Vars(r)
roomid := v["roomid"]
@ -773,6 +783,7 @@ func (b *BackendServer) roomHandler(w http.ResponseWriter, r *http.Request, body
if backend == nil {
// Unknown backend URL passed, return immediately.
throttle(r.Context())
http.Error(w, "Authentication check failed", http.StatusForbidden)
return
}
@ -794,12 +805,14 @@ func (b *BackendServer) roomHandler(w http.ResponseWriter, r *http.Request, body
}
if backend == nil {
throttle(r.Context())
http.Error(w, "Authentication check failed", http.StatusForbidden)
return
}
}
if !ValidateBackendChecksum(r, body, backend.Secret()) {
throttle(r.Context())
http.Error(w, "Authentication check failed", http.StatusForbidden)
return
}
@ -814,7 +827,6 @@ func (b *BackendServer) roomHandler(w http.ResponseWriter, r *http.Request, body
request.ReceivedTime = time.Now().UnixNano()
var response any
var err error
switch request.Type {
case "invite":
b.sendRoomInvite(roomid, backend, request.Invite.UserIds, request.Invite.Properties)

10
hub.go
View file

@ -173,6 +173,8 @@ type Hub struct {
rpcServer *GrpcServer
rpcClients *GrpcClients
throttler Throttler
}
func NewHub(config *goconf.ConfigFile, events AsyncEvents, rpcServer *GrpcServer, rpcClients *GrpcClients, etcdClient *EtcdClient, r *mux.Router, version string) (*Hub, error) {
@ -328,6 +330,11 @@ func NewHub(config *goconf.ConfigFile, events AsyncEvents, rpcServer *GrpcServer
}
}
throttler, err := NewMemoryThrottler()
if err != nil {
return nil, err
}
hub := &Hub{
events: events,
upgrader: websocket.Upgrader{
@ -376,6 +383,8 @@ func NewHub(config *goconf.ConfigFile, events AsyncEvents, rpcServer *GrpcServer
rpcServer: rpcServer,
rpcClients: rpcClients,
throttler: throttler,
}
hub.setWelcomeMessage(&ServerMessage{
Type: "welcome",
@ -498,6 +507,7 @@ loop:
func (h *Hub) Stop() {
h.closer.Close()
h.throttler.Close()
}
func (h *Hub) Reload(config *goconf.ConfigFile) {