forked from cybrespace/mastodon
Reduce connect timeout limit and limit signature failures by source IP (#9236)
* Reduce connect timeout from 10s to 1s * Limit failing signature verifications per source IP
This commit is contained in:
parent
dd00cd19d2
commit
4615512285
|
@ -43,7 +43,12 @@ module SignatureVerification
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
|
||||||
account = account_from_key_id(signature_params['keyId'])
|
account_stoplight = Stoplight("source:#{request.ip}") { account_from_key_id(signature_params['keyId']) }
|
||||||
|
.with_fallback { nil }
|
||||||
|
.with_threshold(1)
|
||||||
|
.with_cool_off_time(5.minutes.seconds)
|
||||||
|
|
||||||
|
account = account_stoplight.run
|
||||||
|
|
||||||
if account.nil?
|
if account.nil?
|
||||||
@signature_verification_failure_reason = "Public key not found for key #{signature_params['keyId']}"
|
@signature_verification_failure_reason = "Public key not found for key #{signature_params['keyId']}"
|
||||||
|
|
|
@ -94,7 +94,7 @@ class Request
|
||||||
end
|
end
|
||||||
|
|
||||||
def timeout
|
def timeout
|
||||||
{ write: 10, connect: 10, read: 10 }
|
{ connect: 1, read: 10, write: 10 }
|
||||||
end
|
end
|
||||||
|
|
||||||
def http_client
|
def http_client
|
||||||
|
|
Loading…
Reference in New Issue