Add client challenges for prekey and message rate limiters

2026-04-20 21:28:02 +01:00 · 2021-05-11 17:21:32 -04:00
parent 5752853bba
commit 46110d4d65
46 changed files with 2289 additions and 255 deletions
--- a/service/src/main/java/org/whispersystems/textsecuregcm/configuration/RateLimitsConfiguration.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/configuration/RateLimitsConfiguration.java
@@ -165,16 +165,12 @@ public class RateLimitsConfiguration {
    @JsonProperty
    private Duration ttl;

-    @JsonProperty
-    private Duration ttlJitter;
-
    public CardinalityRateLimitConfiguration() {
    }

-    public CardinalityRateLimitConfiguration(int maxCardinality, Duration ttl, Duration ttlJitter) {
+    public CardinalityRateLimitConfiguration(int maxCardinality, Duration ttl) {
      this.maxCardinality = maxCardinality;
      this.ttl = ttl;
-      this.ttlJitter = ttlJitter;
    }

    public int getMaxCardinality() {
@@ -184,9 +180,5 @@ public class RateLimitsConfiguration {
    public Duration getTtl() {
      return ttl;
    }
-
-    public Duration getTtlJitter() {
-      return ttlJitter;
-    }
  }
 }
--- a/service/src/main/java/org/whispersystems/textsecuregcm/configuration/dynamic/DynamicConfiguration.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/configuration/dynamic/DynamicConfiguration.java
@@ -47,6 +47,10 @@ public class DynamicConfiguration {
  @JsonProperty
  private DynamicAccountsDynamoDbMigrationConfiguration accountsDynamoDbMigration = new DynamicAccountsDynamoDbMigrationConfiguration();

+  @JsonProperty
+  @Valid
+  private DynamicRateLimitChallengeConfiguration rateLimitChallenge = new DynamicRateLimitChallengeConfiguration();
+
  public Optional<DynamicExperimentEnrollmentConfiguration> getExperimentEnrollmentConfiguration(
      final String experimentName) {
    return Optional.ofNullable(experiments.get(experimentName));
@@ -93,4 +97,8 @@ public class DynamicConfiguration {
  public DynamicAccountsDynamoDbMigrationConfiguration getAccountsDynamoDbMigrationConfiguration() {
    return accountsDynamoDbMigration;
  }
+
+  public DynamicRateLimitChallengeConfiguration getRateLimitChallengeConfiguration() {
+    return rateLimitChallenge;
+  }
 }
--- a/service/src/main/java/org/whispersystems/textsecuregcm/configuration/dynamic/DynamicMessageRateConfiguration.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/configuration/dynamic/DynamicMessageRateConfiguration.java
@@ -36,6 +36,7 @@ public class DynamicMessageRateConfiguration {
  @JsonProperty
  private double receiptProbability = 0.82;

+
  public boolean isEnforceUnsealedSenderRateLimit() {
    return enforceUnsealedSenderRateLimit;
  }
--- a/service/src/main/java/org/whispersystems/textsecuregcm/configuration/dynamic/DynamicRateLimitChallengeConfiguration.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/configuration/dynamic/DynamicRateLimitChallengeConfiguration.java
@@ -0,0 +1,40 @@
+package org.whispersystems.textsecuregcm.configuration.dynamic;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.google.common.annotations.VisibleForTesting;
+import com.vdurmont.semver4j.Semver;
+import java.util.Collections;
+import java.util.Map;
+import java.util.Optional;
+import org.whispersystems.textsecuregcm.util.ua.ClientPlatform;
+import javax.validation.constraints.NotNull;
+
+public class DynamicRateLimitChallengeConfiguration {
+
+  @JsonProperty
+  private boolean preKeyLimitEnforced = false;
+
+  @JsonProperty
+  boolean unsealedSenderLimitEnforced = false;
+
+  @JsonProperty
+  @NotNull
+  private Map<ClientPlatform, Semver> clientSupportedVersions = Collections.emptyMap();
+
+  @VisibleForTesting
+  Map<ClientPlatform, Semver> getClientSupportedVersions() {
+    return clientSupportedVersions;
+  }
+
+  public Optional<Semver> getMinimumSupportedVersion(final ClientPlatform platform) {
+    return Optional.ofNullable(clientSupportedVersions.get(platform));
+  }
+
+  public boolean isPreKeyLimitEnforced() {
+    return preKeyLimitEnforced;
+  }
+
+  public boolean isUnsealedSenderLimitEnforced() {
+    return unsealedSenderLimitEnforced;
+  }
+}
--- a/service/src/main/java/org/whispersystems/textsecuregcm/configuration/dynamic/DynamicRateLimitsConfiguration.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/configuration/dynamic/DynamicRateLimitsConfiguration.java
@@ -8,11 +8,35 @@ import java.time.Duration;
 public class DynamicRateLimitsConfiguration {

  @JsonProperty
-  private CardinalityRateLimitConfiguration unsealedSenderNumber = new CardinalityRateLimitConfiguration(100, Duration.ofDays(1), Duration.ofDays(1));
+  private CardinalityRateLimitConfiguration unsealedSenderNumber = new CardinalityRateLimitConfiguration(100, Duration.ofDays(1));
+
+  @JsonProperty
+  private int unsealedSenderDefaultCardinalityLimit = 100;
+
+  @JsonProperty
+  private int unsealedSenderPermitIncrement = 50;

  @JsonProperty
  private RateLimitConfiguration unsealedSenderIp = new RateLimitConfiguration(120, 2.0 / 60);

+  @JsonProperty
+  private RateLimitConfiguration rateLimitReset = new RateLimitConfiguration(2, 2.0 / (60 * 24));
+
+  @JsonProperty
+  private RateLimitConfiguration recaptchaChallengeAttempt = new RateLimitConfiguration(10, 10.0 / (60 * 24));
+
+  @JsonProperty
+  private RateLimitConfiguration recaptchaChallengeSuccess = new RateLimitConfiguration(2, 2.0 / (60 * 24));
+
+  @JsonProperty
+  private RateLimitConfiguration pushChallengeAttempt = new RateLimitConfiguration(10, 10.0 / (60 * 24));
+
+  @JsonProperty
+  private RateLimitConfiguration pushChallengeSuccess = new RateLimitConfiguration(2, 2.0 / (60 * 24));
+
+  @JsonProperty
+  private RateLimitConfiguration dailyPreKeys = new RateLimitConfiguration(50, 50.0 / (24.0 * 60));
+
  public RateLimitConfiguration getUnsealedSenderIp() {
    return unsealedSenderIp;
  }
@@ -20,4 +44,36 @@ public class DynamicRateLimitsConfiguration {
  public CardinalityRateLimitConfiguration getUnsealedSenderNumber() {
    return unsealedSenderNumber;
  }
+
+  public RateLimitConfiguration getRateLimitReset() {
+    return rateLimitReset;
+  }
+
+  public RateLimitConfiguration getRecaptchaChallengeAttempt() {
+    return recaptchaChallengeAttempt;
+  }
+
+  public RateLimitConfiguration getRecaptchaChallengeSuccess() {
+    return recaptchaChallengeSuccess;
+  }
+
+  public RateLimitConfiguration getPushChallengeAttempt() {
+    return pushChallengeAttempt;
+  }
+
+  public RateLimitConfiguration getPushChallengeSuccess() {
+    return pushChallengeSuccess;
+  }
+
+  public int getUnsealedSenderDefaultCardinalityLimit() {
+    return unsealedSenderDefaultCardinalityLimit;
+  }
+
+  public int getUnsealedSenderPermitIncrement() {
+    return unsealedSenderPermitIncrement;
+  }
+
+  public RateLimitConfiguration getDailyPreKeys() {
+    return dailyPreKeys;
+  }
 }