mirror of
https://github.com/strukturag/nextcloud-spreed-signaling
synced 2024-06-26 09:20:14 +02:00
Add bruteforce detection to backend server room handler.
This commit is contained in:
parent
31b8c74d1c
commit
7f8e44b3b5
|
@ -761,6 +761,16 @@ func (b *BackendServer) startDialout(roomid string, backend *Backend, backendUrl
|
||||||
}
|
}
|
||||||
|
|
||||||
func (b *BackendServer) roomHandler(w http.ResponseWriter, r *http.Request, body []byte) {
|
func (b *BackendServer) roomHandler(w http.ResponseWriter, r *http.Request, body []byte) {
|
||||||
|
throttle, err := b.hub.throttler.CheckBruteforce(r.Context(), b.hub.getRealUserIP(r), "BackendRoomAuth")
|
||||||
|
if err == ErrBruteforceDetected {
|
||||||
|
http.Error(w, "Too many requests", http.StatusTooManyRequests)
|
||||||
|
return
|
||||||
|
} else if err != nil {
|
||||||
|
log.Printf("Error checking for bruteforce: %s", err)
|
||||||
|
http.Error(w, "Could not check for bruteforce", http.StatusInternalServerError)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
v := mux.Vars(r)
|
v := mux.Vars(r)
|
||||||
roomid := v["roomid"]
|
roomid := v["roomid"]
|
||||||
|
|
||||||
|
@ -773,6 +783,7 @@ func (b *BackendServer) roomHandler(w http.ResponseWriter, r *http.Request, body
|
||||||
|
|
||||||
if backend == nil {
|
if backend == nil {
|
||||||
// Unknown backend URL passed, return immediately.
|
// Unknown backend URL passed, return immediately.
|
||||||
|
throttle(r.Context())
|
||||||
http.Error(w, "Authentication check failed", http.StatusForbidden)
|
http.Error(w, "Authentication check failed", http.StatusForbidden)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -794,12 +805,14 @@ func (b *BackendServer) roomHandler(w http.ResponseWriter, r *http.Request, body
|
||||||
}
|
}
|
||||||
|
|
||||||
if backend == nil {
|
if backend == nil {
|
||||||
|
throttle(r.Context())
|
||||||
http.Error(w, "Authentication check failed", http.StatusForbidden)
|
http.Error(w, "Authentication check failed", http.StatusForbidden)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if !ValidateBackendChecksum(r, body, backend.Secret()) {
|
if !ValidateBackendChecksum(r, body, backend.Secret()) {
|
||||||
|
throttle(r.Context())
|
||||||
http.Error(w, "Authentication check failed", http.StatusForbidden)
|
http.Error(w, "Authentication check failed", http.StatusForbidden)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -814,7 +827,6 @@ func (b *BackendServer) roomHandler(w http.ResponseWriter, r *http.Request, body
|
||||||
request.ReceivedTime = time.Now().UnixNano()
|
request.ReceivedTime = time.Now().UnixNano()
|
||||||
|
|
||||||
var response any
|
var response any
|
||||||
var err error
|
|
||||||
switch request.Type {
|
switch request.Type {
|
||||||
case "invite":
|
case "invite":
|
||||||
b.sendRoomInvite(roomid, backend, request.Invite.UserIds, request.Invite.Properties)
|
b.sendRoomInvite(roomid, backend, request.Invite.UserIds, request.Invite.Properties)
|
||||||
|
|
10
hub.go
10
hub.go
|
@ -173,6 +173,8 @@ type Hub struct {
|
||||||
|
|
||||||
rpcServer *GrpcServer
|
rpcServer *GrpcServer
|
||||||
rpcClients *GrpcClients
|
rpcClients *GrpcClients
|
||||||
|
|
||||||
|
throttler Throttler
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewHub(config *goconf.ConfigFile, events AsyncEvents, rpcServer *GrpcServer, rpcClients *GrpcClients, etcdClient *EtcdClient, r *mux.Router, version string) (*Hub, error) {
|
func NewHub(config *goconf.ConfigFile, events AsyncEvents, rpcServer *GrpcServer, rpcClients *GrpcClients, etcdClient *EtcdClient, r *mux.Router, version string) (*Hub, error) {
|
||||||
|
@ -328,6 +330,11 @@ func NewHub(config *goconf.ConfigFile, events AsyncEvents, rpcServer *GrpcServer
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
throttler, err := NewMemoryThrottler()
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
hub := &Hub{
|
hub := &Hub{
|
||||||
events: events,
|
events: events,
|
||||||
upgrader: websocket.Upgrader{
|
upgrader: websocket.Upgrader{
|
||||||
|
@ -376,6 +383,8 @@ func NewHub(config *goconf.ConfigFile, events AsyncEvents, rpcServer *GrpcServer
|
||||||
|
|
||||||
rpcServer: rpcServer,
|
rpcServer: rpcServer,
|
||||||
rpcClients: rpcClients,
|
rpcClients: rpcClients,
|
||||||
|
|
||||||
|
throttler: throttler,
|
||||||
}
|
}
|
||||||
hub.setWelcomeMessage(&ServerMessage{
|
hub.setWelcomeMessage(&ServerMessage{
|
||||||
Type: "welcome",
|
Type: "welcome",
|
||||||
|
@ -498,6 +507,7 @@ loop:
|
||||||
|
|
||||||
func (h *Hub) Stop() {
|
func (h *Hub) Stop() {
|
||||||
h.closer.Close()
|
h.closer.Close()
|
||||||
|
h.throttler.Close()
|
||||||
}
|
}
|
||||||
|
|
||||||
func (h *Hub) Reload(config *goconf.ConfigFile) {
|
func (h *Hub) Reload(config *goconf.ConfigFile) {
|
||||||
|
|
Loading…
Reference in a new issue