mirror of https://gitlab.com/bashrc2/epicyon
Don't send bounce messages too frequently
Otherwise an adversary can tie up your instance with sending bouncesmerge-requests/30/head
parent
cc35f03170
commit
a0a800c980
36
inbox.py
36
inbox.py
|
|
@ -2062,13 +2062,25 @@ def _bounceDM(senderPostId: str, session, httpPrefix: str,
|
||||||
sendingHandle: str, federationList: [],
|
sendingHandle: str, federationList: [],
|
||||||
sendThreads: [], postLog: [],
|
sendThreads: [], postLog: [],
|
||||||
cachedWebfingers: {}, personCache: {},
|
cachedWebfingers: {}, personCache: {},
|
||||||
translate: {}, debug: bool) -> None:
|
translate: {}, debug: bool,
|
||||||
|
lastBounceMessage: []) -> bool:
|
||||||
"""Sends a bounce message back to the sending handle
|
"""Sends a bounce message back to the sending handle
|
||||||
if a DM has been rejected
|
if a DM has been rejected
|
||||||
"""
|
"""
|
||||||
print(nickname + '@' + domain +
|
print(nickname + '@' + domain +
|
||||||
' cannot receive DM from ' + sendingHandle +
|
' cannot receive DM from ' + sendingHandle +
|
||||||
' because they do not follow them')
|
' because they do not follow them')
|
||||||
|
|
||||||
|
# Don't send out bounce messages too frequently.
|
||||||
|
# Otherwise an adversary could try to DoS your instance
|
||||||
|
# by continuously sending DMs to you
|
||||||
|
currTime = int(time.time())
|
||||||
|
if currTime - lastBounceMessage[0] < 60:
|
||||||
|
return False
|
||||||
|
|
||||||
|
# record the last time that a bounce was generated
|
||||||
|
lastBounceMessage[0] = currTime
|
||||||
|
|
||||||
senderNickname = sendingHandle.split('@')[0]
|
senderNickname = sendingHandle.split('@')[0]
|
||||||
senderDomain = sendingHandle.split('@')[1]
|
senderDomain = sendingHandle.split('@')[1]
|
||||||
senderPort = port
|
senderPort = port
|
||||||
|
|
@ -2107,7 +2119,7 @@ def _bounceDM(senderPostId: str, session, httpPrefix: str,
|
||||||
eventDate, eventTime, location)
|
eventDate, eventTime, location)
|
||||||
if not postJsonObject:
|
if not postJsonObject:
|
||||||
print('WARN: unable to create bounce message to ' + sendingHandle)
|
print('WARN: unable to create bounce message to ' + sendingHandle)
|
||||||
return
|
return False
|
||||||
# bounce DM goes back to the sender
|
# bounce DM goes back to the sender
|
||||||
print('Sending bounce DM to ' + sendingHandle)
|
print('Sending bounce DM to ' + sendingHandle)
|
||||||
sendSignedJson(postJsonObject, session, baseDir,
|
sendSignedJson(postJsonObject, session, baseDir,
|
||||||
|
|
@ -2116,6 +2128,7 @@ def _bounceDM(senderPostId: str, session, httpPrefix: str,
|
||||||
httpPrefix, False, False, federationList,
|
httpPrefix, False, False, federationList,
|
||||||
sendThreads, postLog, cachedWebfingers,
|
sendThreads, postLog, cachedWebfingers,
|
||||||
personCache, debug, __version__)
|
personCache, debug, __version__)
|
||||||
|
return True
|
||||||
|
|
||||||
|
|
||||||
def _inboxAfterInitial(recentPostsCache: {}, maxRecentPosts: int,
|
def _inboxAfterInitial(recentPostsCache: {}, maxRecentPosts: int,
|
||||||
|
|
@ -2132,7 +2145,8 @@ def _inboxAfterInitial(recentPostsCache: {}, maxRecentPosts: int,
|
||||||
unitTest: bool, YTReplacementDomain: str,
|
unitTest: bool, YTReplacementDomain: str,
|
||||||
showPublishedDateOnly: bool,
|
showPublishedDateOnly: bool,
|
||||||
allowLocalNetworkAccess: bool,
|
allowLocalNetworkAccess: bool,
|
||||||
peertubeInstances: []) -> bool:
|
peertubeInstances: [],
|
||||||
|
lastBounceMessage: []) -> bool:
|
||||||
""" Anything which needs to be done after initial checks have passed
|
""" Anything which needs to be done after initial checks have passed
|
||||||
"""
|
"""
|
||||||
actor = keyId
|
actor = keyId
|
||||||
|
|
@ -2377,12 +2391,14 @@ def _inboxAfterInitial(recentPostsCache: {}, maxRecentPosts: int,
|
||||||
_bounceDM(senderPostId,
|
_bounceDM(senderPostId,
|
||||||
session, httpPrefix,
|
session, httpPrefix,
|
||||||
baseDir,
|
baseDir,
|
||||||
nickname, domain, port,
|
nickname, domain,
|
||||||
sendH, federationList,
|
port, sendH,
|
||||||
|
federationList,
|
||||||
sendThreads, postLog,
|
sendThreads, postLog,
|
||||||
cachedWebfingers,
|
cachedWebfingers,
|
||||||
personCache,
|
personCache,
|
||||||
translate, debug)
|
translate, debug,
|
||||||
|
lastBounceMessage)
|
||||||
return False
|
return False
|
||||||
|
|
||||||
# dm index will be updated
|
# dm index will be updated
|
||||||
|
|
@ -2600,6 +2616,11 @@ def runInboxQueue(recentPostsCache: {}, maxRecentPosts: int,
|
||||||
heartBeatCtr = 0
|
heartBeatCtr = 0
|
||||||
queueRestoreCtr = 0
|
queueRestoreCtr = 0
|
||||||
|
|
||||||
|
# time when the last DM bounce message was sent
|
||||||
|
# This is in a list so that it can be changed by reference
|
||||||
|
# within _bounceDM
|
||||||
|
lastBounceMessage = [int(time.time())]
|
||||||
|
|
||||||
while True:
|
while True:
|
||||||
time.sleep(1)
|
time.sleep(1)
|
||||||
|
|
||||||
|
|
@ -3056,7 +3077,8 @@ def runInboxQueue(recentPostsCache: {}, maxRecentPosts: int,
|
||||||
YTReplacementDomain,
|
YTReplacementDomain,
|
||||||
showPublishedDateOnly,
|
showPublishedDateOnly,
|
||||||
allowLocalNetworkAccess,
|
allowLocalNetworkAccess,
|
||||||
peertubeInstances)
|
peertubeInstances,
|
||||||
|
lastBounceMessage)
|
||||||
if debug:
|
if debug:
|
||||||
pprint(queueJson['post'])
|
pprint(queueJson['post'])
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue