Add connection rate limiting to collaboration server

2023-06-25 22:46:07 -04:00
parent 453bbb3b25
commit 94882d4d3a
4 changed files with 26 additions and 1 deletions
--- a/package.json
+++ b/package.json
@@ -59,6 +59,7 @@
    "@dnd-kit/modifiers": "^6.0.0",
    "@dnd-kit/sortable": "^7.0.1",
    "@getoutline/y-prosemirror": "^1.0.18",
+    "@hocuspocus/extension-throttle": "1.1.2",
    "@hocuspocus/provider": "1.1.2",
    "@hocuspocus/server": "1.1.2",
    "@joplin/turndown-plugin-gfm": "^1.0.47",
--- a/server/env.ts
+++ b/server/env.ts
@@ -540,6 +540,16 @@ export class Environment {
  public RATE_LIMITER_REQUESTS =
    this.toOptionalNumber(process.env.RATE_LIMITER_REQUESTS) ?? 1000;

+  /**
+   * Set max allowed realtime connections in a minute before throttling. Defaults
+   * to 50 requests/ip/min.
+   */
+  @IsOptional()
+  @IsNumber()
+  public RATE_LIMITER_COLLABORATION_REQUESTS =
+    this.toOptionalNumber(process.env.RATE_LIMITER_COLLABORATION_REQUESTS) ??
+    50;
+
  /**
   * Set fixed duration window(in secs) for default rate limiter, elapsing which
   * the request quota is reset (the bucket is refilled with tokens).
--- a/server/services/collaboration.ts
+++ b/server/services/collaboration.ts
@@ -1,12 +1,14 @@
 import http, { IncomingMessage } from "http";
 import { Duplex } from "stream";
 import url from "url";
+import { Throttle } from "@hocuspocus/extension-throttle";
 import { Server } from "@hocuspocus/server";
 import Koa from "koa";
 import WebSocket from "ws";
 import { DocumentValidation } from "@shared/validations";
 import { ConnectionLimitExtension } from "@server/collaboration/ConnectionLimitExtension";
 import { ViewsExtension } from "@server/collaboration/ViewsExtension";
+import env from "@server/env";
 import Logger from "@server/logging/Logger";
 import ShutdownHelper, { ShutdownOrder } from "@server/utils/ShutdownHelper";
 import AuthenticationExtension from "../collaboration/AuthenticationExtension";
@@ -30,6 +32,11 @@ export default function init(
    timeout: 30000,
    maxDebounce: 10000,
    extensions: [
+      new Throttle({
+        throttle: env.RATE_LIMITER_COLLABORATION_REQUESTS,
+        // Ban time is defined in minutes
+        banTime: 5,
+      }),
      new ConnectionLimitExtension(),
      new AuthenticationExtension(),
      new PersistenceExtension(),
--- a/yarn.lock
+++ b/yarn.lock
@@ -1626,6 +1626,13 @@
  dependencies:
    lib0 "^0.2.47"

+"@hocuspocus/extension-throttle@1.1.2":
+  version "1.1.2"
+  resolved "https://registry.yarnpkg.com/@hocuspocus/extension-throttle/-/extension-throttle-1.1.2.tgz#4b07a72c11775931e740ea83a13ea11def5025e3"
+  integrity sha512-L5lE4lu7+jm2fOSxiVASjD9PB4A7u4UaqzZQAlNWz4uunsa7Cwy596tyKZtpNXZXoC0C103yn+FeT0TOWMeBIg==
+  dependencies:
+    "@hocuspocus/server" "^1.1.2"
+
 "@hocuspocus/provider@1.1.2":
  version "1.1.2"
  resolved "https://registry.yarnpkg.com/@hocuspocus/provider/-/provider-1.1.2.tgz#6b20c2446555a602919f0a94d7750adef00e8b16"
@@ -1635,7 +1642,7 @@
    "@lifeomic/attempt" "^3.0.2"
    lib0 "^0.2.46"

-"@hocuspocus/server@1.1.2":
+"@hocuspocus/server@1.1.2", "@hocuspocus/server@^1.1.2":
  version "1.1.2"
  resolved "https://registry.yarnpkg.com/@hocuspocus/server/-/server-1.1.2.tgz#c2ceab9938d4ff679ba22446e70fa3ce71fd6600"
  integrity sha512-L6YHENRSyXDbYyFGt3S1etJq62XZEj6Z9QUmhqzOjlxQYHC/eaGtrCbAxi5dLKXORl3AY4CVtTfFN+3asmmT6w==