1
0
Fork 1
forked from fedi/mastodon

Reduce connect timeout limit and limit signature failures by source IP (#9236)

* Reduce connect timeout from 10s to 1s

* Limit failing signature verifications per source IP
This commit is contained in:
Eugen Rochko 2018-11-08 21:35:58 +01:00 committed by GitHub
parent dd00cd19d2
commit 4615512285
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 2 deletions

View file

@ -43,7 +43,12 @@ module SignatureVerification
return
end
account = account_from_key_id(signature_params['keyId'])
account_stoplight = Stoplight("source:#{request.ip}") { account_from_key_id(signature_params['keyId']) }
.with_fallback { nil }
.with_threshold(1)
.with_cool_off_time(5.minutes.seconds)
account = account_stoplight.run
if account.nil?
@signature_verification_failure_reason = "Public key not found for key #{signature_params['keyId']}"

View file

@ -94,7 +94,7 @@ class Request
end
def timeout
{ write: 10, connect: 10, read: 10 }
{ connect: 1, read: 10, write: 10 }
end
def http_client