Signal/Signal-Server
1
0
Fork 0
mirror of https://github.com/signalapp/Signal-Server synced 2026-04-20 13:58:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Allow RateLimiterConfig to accept either a leak rate per minute or a permit regeneration duration

Browse Source
This commit is contained in:
Jon Chambers
2023-05-22 10:22:12 -04:00
committed by Jon Chambers
parent 1534f1aa6a
commit 184969336e
6 changed files with 137 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
service/src/main/java/org/whispersystems/textsecuregcm/limits/RateLimiterConfig.java
View File

@@ -5,14 +5,29 @@
package org.whispersystems.textsecuregcm.limits;
public record RateLimiterConfig(int bucketSize, double leakRatePerMinute) {
public RateLimiterConfig {
if (leakRatePerMinute <= 0) {
throw new IllegalArgumentException("leakRatePerMinute cannot be less than or equal to zero");
import javax.validation.constraints.AssertTrue;
import java.time.Duration;
import java.util.Optional;
import java.util.OptionalDouble;
public record RateLimiterConfig(int bucketSize, OptionalDouble leakRatePerMinute, Optional<Duration> permitRegenerationDuration) {
public double leakRatePerMillis() {
if (leakRatePerMinute.isPresent()) {
return leakRatePerMinute.getAsDouble() / (60.0 * 1000.0);
} else {
return permitRegenerationDuration.map(duration -> 1.0 / duration.toMillis())
.orElseThrow(() -> new AssertionError("Configuration must have leak rate per minute or permit regeneration duration"));
}
}
public double leakRatePerMillis() {
return leakRatePerMinute / (60.0 * 1000.0);
@AssertTrue
public boolean hasExactlyOneRegenerationRate() {
return leakRatePerMinute.isPresent() ^ permitRegenerationDuration().isPresent();
}
@AssertTrue
public boolean hasPositiveRegenerationRate() {
return leakRatePerMillis() > 0;
}
}

65
service/src/main/java/org/whispersystems/textsecuregcm/limits/RateLimiters.java
View File

@@ -8,6 +8,8 @@ package org.whispersystems.textsecuregcm.limits;
import com.google.common.annotations.VisibleForTesting;
import java.time.Clock;
import java.util.Map;
import java.util.Optional;
import java.util.OptionalDouble;
import org.whispersystems.textsecuregcm.configuration.dynamic.DynamicConfiguration;
import org.whispersystems.textsecuregcm.redis.ClusterLuaScript;
import org.whispersystems.textsecuregcm.redis.FaultTolerantRedisCluster;
@@ -16,65 +18,68 @@ import org.whispersystems.textsecuregcm.storage.DynamicConfigurationManager;
public class RateLimiters extends BaseRateLimiters<RateLimiters.For> {
public enum For implements RateLimiterDescriptor {
BACKUP_AUTH_CHECK("backupAuthCheck", false, new RateLimiterConfig(100, 100 / (24.0 * 60.0))),
BACKUP_AUTH_CHECK("backupAuthCheck", false, new RateLimiterConfig(100, OptionalDouble.of(100 / (24.0 * 60.0)), Optional.empty())),
SMS_DESTINATION("smsDestination", false, new RateLimiterConfig(2, 2)),
SMS_DESTINATION("smsDestination", false, new RateLimiterConfig(2, OptionalDouble.of(2), Optional.empty())),
VOICE_DESTINATION("voxDestination", false, new RateLimiterConfig(2, 1.0 / 2.0)),
VOICE_DESTINATION("voxDestination", false, new RateLimiterConfig(2, OptionalDouble.of(1.0 / 2.0), Optional.empty())),
VOICE_DESTINATION_DAILY("voxDestinationDaily", false, new RateLimiterConfig(10, 10.0 / (24.0 * 60.0))),
VOICE_DESTINATION_DAILY("voxDestinationDaily", false, new RateLimiterConfig(10, OptionalDouble.of(10.0 / (24.0 * 60.0)),
Optional.empty())),
SMS_VOICE_IP("smsVoiceIp", false, new RateLimiterConfig(1000, 1000)),
SMS_VOICE_IP("smsVoiceIp", false, new RateLimiterConfig(1000, OptionalDouble.of(1000), Optional.empty())),
SMS_VOICE_PREFIX("smsVoicePrefix", false, new RateLimiterConfig(1000, 1000)),
SMS_VOICE_PREFIX("smsVoicePrefix", false, new RateLimiterConfig(1000, OptionalDouble.of(1000), Optional.empty())),
VERIFY("verify", false, new RateLimiterConfig(6, 2)),
VERIFY("verify", false, new RateLimiterConfig(6, OptionalDouble.of(2), Optional.empty())),
PIN("pin", false, new RateLimiterConfig(10, 1 / (24.0 * 60.0))),
PIN("pin", false, new RateLimiterConfig(10, OptionalDouble.of(1 / (24.0 * 60.0)), Optional.empty())),
ATTACHMENT("attachmentCreate", false, new RateLimiterConfig(50, 50)),
ATTACHMENT("attachmentCreate", false, new RateLimiterConfig(50, OptionalDouble.of(50), Optional.empty())),
PRE_KEYS("prekeys", false, new RateLimiterConfig(6, 1.0 / 10.0)),
PRE_KEYS("prekeys", false, new RateLimiterConfig(6, OptionalDouble.of(1.0 / 10.0), Optional.empty())),
MESSAGES("messages", false, new RateLimiterConfig(60, 60)),
MESSAGES("messages", false, new RateLimiterConfig(60, OptionalDouble.of(60), Optional.empty())),
ALLOCATE_DEVICE("allocateDevice", false, new RateLimiterConfig(2, 1.0 / 2.0)),
ALLOCATE_DEVICE("allocateDevice", false, new RateLimiterConfig(2, OptionalDouble.of(1.0 / 2.0), Optional.empty())),
VERIFY_DEVICE("verifyDevice", false, new RateLimiterConfig(6, 1.0 / 10.0)),
VERIFY_DEVICE("verifyDevice", false, new RateLimiterConfig(6, OptionalDouble.of(1.0 / 10.0), Optional.empty())),
TURN("turnAllocate", false, new RateLimiterConfig(60, 60)),
TURN("turnAllocate", false, new RateLimiterConfig(60, OptionalDouble.of(60), Optional.empty())),
PROFILE("profile", false, new RateLimiterConfig(4320, 3)),
PROFILE("profile", false, new RateLimiterConfig(4320, OptionalDouble.of(3), Optional.empty())),
STICKER_PACK("stickerPack", false, new RateLimiterConfig(50, 20 / (24.0 * 60.0))),
STICKER_PACK("stickerPack", false, new RateLimiterConfig(50, OptionalDouble.of(20 / (24.0 * 60.0)), Optional.empty())),
ART_PACK("artPack", false, new RateLimiterConfig(50, 20 / (24.0 * 60.0))),
ART_PACK("artPack", false, new RateLimiterConfig(50, OptionalDouble.of(20 / (24.0 * 60.0)), Optional.empty())),
USERNAME_LOOKUP("usernameLookup", false, new RateLimiterConfig(100, 100 / (24.0 * 60.0))),
USERNAME_LOOKUP("usernameLookup", false, new RateLimiterConfig(100, OptionalDouble.of(100 / (24.0 * 60.0)), Optional.empty())),
USERNAME_SET("usernameSet", false, new RateLimiterConfig(100, 100 / (24.0 * 60.0))),
USERNAME_SET("usernameSet", false, new RateLimiterConfig(100, OptionalDouble.of(100 / (24.0 * 60.0)), Optional.empty())),
USERNAME_RESERVE("usernameReserve", false, new RateLimiterConfig(100, 100 / (24.0 * 60.0))),
USERNAME_RESERVE("usernameReserve", false, new RateLimiterConfig(100, OptionalDouble.of(100 / (24.0 * 60.0)), Optional.empty())),
CHECK_ACCOUNT_EXISTENCE("checkAccountExistence", false, new RateLimiterConfig(1_000, 1_000 / 60.0)),
CHECK_ACCOUNT_EXISTENCE("checkAccountExistence", false, new RateLimiterConfig(1_000, OptionalDouble.of(1_000 / 60.0), Optional.empty())),
REGISTRATION("registration", false, new RateLimiterConfig(6, 2)),
REGISTRATION("registration", false, new RateLimiterConfig(6, OptionalDouble.of(2), Optional.empty())),
VERIFICATION_PUSH_CHALLENGE("verificationPushChallenge", false, new RateLimiterConfig(5, 2)),
VERIFICATION_PUSH_CHALLENGE("verificationPushChallenge", false, new RateLimiterConfig(5, OptionalDouble.of(2), Optional.empty())),
VERIFICATION_CAPTCHA("verificationCaptcha", false, new RateLimiterConfig(10, 2)),
VERIFICATION_CAPTCHA("verificationCaptcha", false, new RateLimiterConfig(10, OptionalDouble.of(2), Optional.empty())),
RATE_LIMIT_RESET("rateLimitReset", true, new RateLimiterConfig(2, 2.0 / (60 * 24))),
RATE_LIMIT_RESET("rateLimitReset", true, new RateLimiterConfig(2, OptionalDouble.of(2.0 / (60 * 24)), Optional.empty())),
RECAPTCHA_CHALLENGE_ATTEMPT("recaptchaChallengeAttempt", true, new RateLimiterConfig(10, 10.0 / (60 * 24))),
RECAPTCHA_CHALLENGE_ATTEMPT("recaptchaChallengeAttempt", true, new RateLimiterConfig(10, OptionalDouble.of(10.0 / (60 * 24)),
Optional.empty())),
RECAPTCHA_CHALLENGE_SUCCESS("recaptchaChallengeSuccess", true, new RateLimiterConfig(2, 2.0 / (60 * 24))),
RECAPTCHA_CHALLENGE_SUCCESS("recaptchaChallengeSuccess", true, new RateLimiterConfig(2, OptionalDouble.of(2.0 / (60 * 24)),
Optional.empty())),
PUSH_CHALLENGE_ATTEMPT("pushChallengeAttempt", true, new RateLimiterConfig(10, 10.0 / (60 * 24))),
PUSH_CHALLENGE_ATTEMPT("pushChallengeAttempt", true, new RateLimiterConfig(10, OptionalDouble.of(10.0 / (60 * 24)), Optional.empty())),
PUSH_CHALLENGE_SUCCESS("pushChallengeSuccess", true, new RateLimiterConfig(2, 2.0 / (60 * 24))),
PUSH_CHALLENGE_SUCCESS("pushChallengeSuccess", true, new RateLimiterConfig(2, OptionalDouble.of(2.0 / (60 * 24)), Optional.empty())),
CREATE_CALL_LINK("createCallLink", false, new RateLimiterConfig(100, 100.0 / (60 * 24)));
CREATE_CALL_LINK("createCallLink", false, new RateLimiterConfig(100, OptionalDouble.of(100.0 / (60 * 24)), Optional.empty()));
;
private final String id;