YunoHost/check-http
1
0
Fork 0
mirror of https://github.com/YunoHost/check-http.git synced 2024-09-03 19:56:42 +02:00
Code Issues Projects Releases Packages Wiki Activity

[enh] implement rate limit and finish project

Browse source
This commit is contained in:
Laurent Peuch 2019-01-19 09:58:39 +01:00
parent 2a1af42a79
commit d6e23ceabe
1 changed files with 49 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

63
server.py
View file

@ -1,3 +1,4 @@
import time
import asyncio import asyncio
import aiodns import aiodns
import aiohttp import aiohttp
@ -10,6 +11,26 @@ from sanic.exceptions import InvalidUsage
app = Sanic() app = Sanic()
# keep that in memory
RATE_LIMIT_DB = {}
# to prevent DDoS or bounce attack attempt or something like that
RATE_LIMIT_SECONDS = 5
def clear_rate_limit_db(now):
to_delete = []
"Remove too old rate limit values"
for key, value in RATE_LIMIT_DB.items():
if now - value > RATE_LIMIT_SECONDS:
# a dictionnary can't be modified during iteration so delegate this
# operation
to_delete.append(key)
for key in to_delete:
del RATE_LIMIT_DB[key]
async def query_dns(host, dns_entry_type): async def query_dns(host, dns_entry_type):
loop = asyncio.get_event_loop() loop = asyncio.get_event_loop()
@ -27,8 +48,24 @@ async def query_dns(host, dns_entry_type):
@app.route("/check/", methods=["POST"]) @app.route("/check/", methods=["POST"])
async def check_http(request): async def check_http(request):
# this is supposed to be a fast operation if run enough
now = time.time()
clear_rate_limit_db(now)
ip = request.ip ip = request.ip
if ip in RATE_LIMIT_DB:
since_last_attempt = now - RATE_LIMIT_DB[ip]
if since_last_attempt < RATE_LIMIT_SECONDS:
logger.info(f"Rate limite {ip}, can retry in {int(RATE_LIMIT_SECONDS - since_last_attempt)} seconds")
return json_response({
"status": "error",
"code": "error_rate_limit",
"content": f"Rate limit on ip, retry in {int(RATE_LIMIT_SECONDS - since_last_attempt)} seconds",
})
RATE_LIMIT_DB[ip] = time.time()
try: try:
data = request.json data = request.json
except InvalidUsage: except InvalidUsage:
@ -49,6 +86,18 @@ async def check_http(request):
domain = data["domain"] domain = data["domain"]
if domain in RATE_LIMIT_DB:
since_last_attempt = now - RATE_LIMIT_DB[domain]
if since_last_attempt < RATE_LIMIT_SECONDS:
logger.info(f"Rate limite {domain}, can retry in {int(RATE_LIMIT_SECONDS - since_last_attempt)} seconds")
return json_response({
"status": "error",
"code": "error_rate_limit",
"content": f"Rate limit on domain, retry in {int(RATE_LIMIT_SECONDS - since_last_attempt)} seconds",
})
RATE_LIMIT_DB[domain] = time.time()
if not validators.domain(domain): if not validators.domain(domain):
logger.info(f"Invalid request, is not in the right format (domain is : {domain})") logger.info(f"Invalid request, is not in the right format (domain is : {domain})")
return json_response({ return json_response({
@ -128,20 +177,6 @@ async def check_http(request):
"content": "an error happen while trying to get your domain, it's very likely unreachable", "content": "an error happen while trying to get your domain, it's very likely unreachable",
}) })
# [x] - get ip
# [x] - get request json
# [x] - in request json get domain target
# [x] - validate domain is in correct format
# [x] - check dns that domain == ip
# [x] - if not, complain
# [x] - handle ipv6
# [x] - if everything is ok, try to get with http
# [x] - ADD TIMEOUT
# [x] - try/catch, if everything is ok → response ok
# [x] - otherwise reponse with exception
# [x] - create error codes
# [ ] - rate limit
return json_response({"status": "ok"}) return json_response({"status": "ok"})