Send 508 status code for legacy clients that produce rate limit challenges

2026-04-20 11:38:06 +01:00 · 2021-08-10 10:10:59 -05:00
parent d29764d11f
commit b3e6a50dee
11 changed files with 126 additions and 66 deletions
--- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/KeysController.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/KeysController.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2013-2020 Signal Messenger, LLC
+ * Copyright 2013-2021 Signal Messenger, LLC
 * SPDX-License-Identifier: AGPL-3.0-only
 */
 package org.whispersystems.textsecuregcm.controllers;
@@ -116,12 +116,12 @@ public class KeysController {
  @GET
  @Path("/{identifier}/{device_id}")
  @Produces(MediaType.APPLICATION_JSON)
-  public Response getDeviceKeys(@Auth                                     Optional<Account> account,
-                                @HeaderParam(OptionalAccess.UNIDENTIFIED) Optional<Anonymous> accessKey,
-                                @PathParam("identifier")                  AmbiguousIdentifier targetName,
-                                @PathParam("device_id")                   String deviceId,
-                                @HeaderParam("User-Agent")                String userAgent)
-      throws RateLimitExceededException, RateLimitChallengeException {
+  public Response getDeviceKeys(@Auth Optional<Account> account,
+      @HeaderParam(OptionalAccess.UNIDENTIFIED) Optional<Anonymous> accessKey,
+      @PathParam("identifier") AmbiguousIdentifier targetName,
+      @PathParam("device_id") String deviceId,
+      @HeaderParam("User-Agent") String userAgent)
+      throws RateLimitExceededException, RateLimitChallengeException, ServerRejectedException {

    targetName.incrementRequestCounter("getDeviceKeys", userAgent);

@@ -152,16 +152,17 @@ public class KeysController {
        preKeyRateLimiter.validate(account.get());
      } catch (RateLimitExceededException e) {

-        final boolean enforceLimit = rateLimitChallengeManager.shouldIssueRateLimitChallenge(userAgent);
+        final boolean legacyClient = rateLimitChallengeManager.isClientBelowMinimumVersion(userAgent);

        Metrics.counter(RATE_LIMITED_GET_PREKEYS_COUNTER_NAME,
-            SOURCE_COUNTRY_TAG_NAME, Util.getCountryCode(account.get().getNumber()),
-            "enforced", String.valueOf(enforceLimit))
+                SOURCE_COUNTRY_TAG_NAME, Util.getCountryCode(account.get().getNumber()),
+                "legacyClient", String.valueOf(legacyClient))
            .increment();

-        if (enforceLimit) {
-          throw new RateLimitChallengeException(account.get(), e.getRetryDuration());
+        if (legacyClient) {
+          throw new ServerRejectedException();
        }
+        throw new RateLimitChallengeException(account.get(), e.getRetryDuration());
      }
    }

--- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/MessageController.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/MessageController.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2013-2020 Signal Messenger, LLC
+ * Copyright 2013-2021 Signal Messenger, LLC
 * SPDX-License-Identifier: AGPL-3.0-only
 */
 package org.whispersystems.textsecuregcm.controllers;
@@ -19,6 +19,7 @@ import io.dropwizard.util.DataSize;
 import io.lettuce.core.ScriptOutputType;
 import io.micrometer.core.instrument.Metrics;
 import io.micrometer.core.instrument.Tag;
+import io.micrometer.core.instrument.Tags;
 import java.io.IOException;
 import java.security.MessageDigest;
 import java.time.Duration;
@@ -56,7 +57,6 @@ import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.Response.Status;
-import io.micrometer.core.instrument.Tags;
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -265,20 +265,18 @@ public class MessageController {
          unsealedSenderRateLimiter.validate(source.get(), destination.get());
        } catch (final RateLimitExceededException e) {

-          final boolean enforceLimit = rateLimitChallengeManager.shouldIssueRateLimitChallenge(userAgent);
+          final boolean legacyClient = rateLimitChallengeManager.isClientBelowMinimumVersion(userAgent);

          Metrics.counter(REJECT_UNSEALED_SENDER_COUNTER_NAME,
-              SENDER_COUNTRY_TAG_NAME, senderCountryCode,
-              "enforced", String.valueOf(enforceLimit))
+                  SENDER_COUNTRY_TAG_NAME, senderCountryCode,
+                  "legacyClient", String.valueOf(legacyClient))
              .increment();

-          if (enforceLimit) {
-            logger.debug("Rejected unsealed sender limit from: {}", source.get().getNumber());
-
-            throw new RateLimitChallengeException(source.get(), e.getRetryDuration());
-          } else {
+          if (legacyClient) {
            throw e;
          }
+
+          throw new RateLimitChallengeException(source.get(), e.getRetryDuration());
        }

        final String destinationCountryCode = Util.getCountryCode(destination.get().getNumber());
--- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/ServerRejectedException.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/ServerRejectedException.java
@@ -0,0 +1,10 @@
+/*
+ * Copyright 2021 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.controllers;
+
+public class ServerRejectedException extends Exception {
+
+}