YunoHost/check-http
1
0
Fork 0
mirror of https://github.com/YunoHost/check-http.git synced 2024-09-03 19:56:42 +02:00
Code Issues Projects Releases Packages Wiki Activity

Switch to a max request per time-window rate limit, 'cause having to wait 4 seconds between requests is too complicated for the client side

Browse source
This commit is contained in:
Alexandre Aubin 2019-07-31 14:41:21 +00:00
parent 1445a12ab6
commit 5bc02ab1c4
1 changed files with 22 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
server.py
View file

@ -17,15 +17,19 @@ app = Sanic()
RATE_LIMIT_DB = {} RATE_LIMIT_DB = {}
# to prevent DDoS or bounce attack attempt or something like that # to prevent DDoS or bounce attack attempt or something like that
RATE_LIMIT_SECONDS = 5 # Can't do more than 10 requests in a 300-seconds window
RATE_LIMIT_SECONDS = 300
RATE_LIMIT_NB_REQUESTS = 10
def clear_rate_limit_db(now): def clear_rate_limit_db(now):
to_delete = [] to_delete = []
"Remove too old rate limit values" "Remove too old rate limit values"
for key, value in RATE_LIMIT_DB.items(): for key, times in RATE_LIMIT_DB.items():
if now - value > RATE_LIMIT_SECONDS: # Remove values older RATE_LIMIT_SECONDS
RATE_LIMIT_DB[key] = [t for t in times if now - t < RATE_LIMIT_SECONDS]
# If list is empty, remove the key
if RATE_LIMIT_DB[key] == []:
# a dictionnary can't be modified during iteration so delegate this # a dictionnary can't be modified during iteration so delegate this
# operation # operation
to_delete.append(key) to_delete.append(key)
@ -36,17 +40,21 @@ def clear_rate_limit_db(now):
def check_rate_limit(key, now): def check_rate_limit(key, now):
if key in RATE_LIMIT_DB: # If there are more recent attempts than allowed
since_last_attempt = now - RATE_LIMIT_DB[key] if key in RATE_LIMIT_DB and len(RATE_LIMIT_DB[key]) > RATE_LIMIT_NB_REQUESTS:
if since_last_attempt < RATE_LIMIT_SECONDS: oldest_attempt = RATE_LIMIT_DB[key][0]
logger.info(f"Rate limit reached for {key}, can retry in {int(RATE_LIMIT_SECONDS - since_last_attempt)} seconds") logger.info(f"Rate limit reached for {key}, can retry in {int(RATE_LIMIT_SECONDS - now + oldest_attempt)} seconds")
return json_response({ return json_response({
"status": "error", "status": "error",
"code": "error_rate_limit", "code": "error_rate_limit",
"content": f"Rate limit reached for this domain or ip, retry in {int(RATE_LIMIT_SECONDS - since_last_attempt)} seconds", "content": f"Rate limit reached for this domain or ip, retry in {int(RATE_LIMIT_SECONDS - now + oldest_attempt)} seconds",
}, status=400) }, status=400)
RATE_LIMIT_DB[key] = time.time() # In any case, add this attempt to the DB
if key not in RATE_LIMIT_DB:
RATE_LIMIT_DB[key] = [now]
else:
RATE_LIMIT_DB[key].append(now)
async def check_port_is_open(ip, port): async def check_port_is_open(ip, port):