Add connection rate limiting to collaboration server
This commit is contained in:
Tom Moor
@@ -59,6 +59,7 @@
|
|||||||
"@dnd-kit/modifiers": "^6.0.0",
|
"@dnd-kit/modifiers": "^6.0.0",
|
||||||
"@dnd-kit/sortable": "^7.0.1",
|
"@dnd-kit/sortable": "^7.0.1",
|
||||||
"@getoutline/y-prosemirror": "^1.0.18",
|
"@getoutline/y-prosemirror": "^1.0.18",
|
||||||
|
"@hocuspocus/extension-throttle": "1.1.2",
|
||||||
"@hocuspocus/provider": "1.1.2",
|
"@hocuspocus/provider": "1.1.2",
|
||||||
"@hocuspocus/server": "1.1.2",
|
"@hocuspocus/server": "1.1.2",
|
||||||
"@joplin/turndown-plugin-gfm": "^1.0.47",
|
"@joplin/turndown-plugin-gfm": "^1.0.47",
|
||||||
|
|||||||
@@ -540,6 +540,16 @@ export class Environment {
|
|||||||
public RATE_LIMITER_REQUESTS =
|
public RATE_LIMITER_REQUESTS =
|
||||||
this.toOptionalNumber(process.env.RATE_LIMITER_REQUESTS) ?? 1000;
|
this.toOptionalNumber(process.env.RATE_LIMITER_REQUESTS) ?? 1000;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Set max allowed realtime connections in a minute before throttling. Defaults
|
||||||
|
* to 50 requests/ip/min.
|
||||||
|
*/
|
||||||
|
@IsOptional()
|
||||||
|
@IsNumber()
|
||||||
|
public RATE_LIMITER_COLLABORATION_REQUESTS =
|
||||||
|
this.toOptionalNumber(process.env.RATE_LIMITER_COLLABORATION_REQUESTS) ??
|
||||||
|
50;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Set fixed duration window(in secs) for default rate limiter, elapsing which
|
* Set fixed duration window(in secs) for default rate limiter, elapsing which
|
||||||
* the request quota is reset (the bucket is refilled with tokens).
|
* the request quota is reset (the bucket is refilled with tokens).
|
||||||
|
|||||||
@@ -1,12 +1,14 @@
|
|||||||
import http, { IncomingMessage } from "http";
|
import http, { IncomingMessage } from "http";
|
||||||
import { Duplex } from "stream";
|
import { Duplex } from "stream";
|
||||||
import url from "url";
|
import url from "url";
|
||||||
|
import { Throttle } from "@hocuspocus/extension-throttle";
|
||||||
import { Server } from "@hocuspocus/server";
|
import { Server } from "@hocuspocus/server";
|
||||||
import Koa from "koa";
|
import Koa from "koa";
|
||||||
import WebSocket from "ws";
|
import WebSocket from "ws";
|
||||||
import { DocumentValidation } from "@shared/validations";
|
import { DocumentValidation } from "@shared/validations";
|
||||||
import { ConnectionLimitExtension } from "@server/collaboration/ConnectionLimitExtension";
|
import { ConnectionLimitExtension } from "@server/collaboration/ConnectionLimitExtension";
|
||||||
import { ViewsExtension } from "@server/collaboration/ViewsExtension";
|
import { ViewsExtension } from "@server/collaboration/ViewsExtension";
|
||||||
|
import env from "@server/env";
|
||||||
import Logger from "@server/logging/Logger";
|
import Logger from "@server/logging/Logger";
|
||||||
import ShutdownHelper, { ShutdownOrder } from "@server/utils/ShutdownHelper";
|
import ShutdownHelper, { ShutdownOrder } from "@server/utils/ShutdownHelper";
|
||||||
import AuthenticationExtension from "../collaboration/AuthenticationExtension";
|
import AuthenticationExtension from "../collaboration/AuthenticationExtension";
|
||||||
@@ -30,6 +32,11 @@ export default function init(
|
|||||||
timeout: 30000,
|
timeout: 30000,
|
||||||
maxDebounce: 10000,
|
maxDebounce: 10000,
|
||||||
extensions: [
|
extensions: [
|
||||||
|
new Throttle({
|
||||||
|
throttle: env.RATE_LIMITER_COLLABORATION_REQUESTS,
|
||||||
|
// Ban time is defined in minutes
|
||||||
|
banTime: 5,
|
||||||
|
}),
|
||||||
new ConnectionLimitExtension(),
|
new ConnectionLimitExtension(),
|
||||||
new AuthenticationExtension(),
|
new AuthenticationExtension(),
|
||||||
new PersistenceExtension(),
|
new PersistenceExtension(),
|
||||||
|
|||||||
@@ -1626,6 +1626,13 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
lib0 "^0.2.47"
|
lib0 "^0.2.47"
|
||||||
|
|
||||||
|
"@hocuspocus/extension-throttle@1.1.2":
|
||||||
|
version "1.1.2"
|
||||||
|
resolved "https://registry.yarnpkg.com/@hocuspocus/extension-throttle/-/extension-throttle-1.1.2.tgz#4b07a72c11775931e740ea83a13ea11def5025e3"
|
||||||
|
integrity sha512-L5lE4lu7+jm2fOSxiVASjD9PB4A7u4UaqzZQAlNWz4uunsa7Cwy596tyKZtpNXZXoC0C103yn+FeT0TOWMeBIg==
|
||||||
|
dependencies:
|
||||||
|
"@hocuspocus/server" "^1.1.2"
|
||||||
|
|
||||||
"@hocuspocus/provider@1.1.2":
|
"@hocuspocus/provider@1.1.2":
|
||||||
version "1.1.2"
|
version "1.1.2"
|
||||||
resolved "https://registry.yarnpkg.com/@hocuspocus/provider/-/provider-1.1.2.tgz#6b20c2446555a602919f0a94d7750adef00e8b16"
|
resolved "https://registry.yarnpkg.com/@hocuspocus/provider/-/provider-1.1.2.tgz#6b20c2446555a602919f0a94d7750adef00e8b16"
|
||||||
@@ -1635,7 +1642,7 @@
|
|||||||
"@lifeomic/attempt" "^3.0.2"
|
"@lifeomic/attempt" "^3.0.2"
|
||||||
lib0 "^0.2.46"
|
lib0 "^0.2.46"
|
||||||
|
|
||||||
"@hocuspocus/server@1.1.2":
|
"@hocuspocus/server@1.1.2", "@hocuspocus/server@^1.1.2":
|
||||||
version "1.1.2"
|
version "1.1.2"
|
||||||
resolved "https://registry.yarnpkg.com/@hocuspocus/server/-/server-1.1.2.tgz#c2ceab9938d4ff679ba22446e70fa3ce71fd6600"
|
resolved "https://registry.yarnpkg.com/@hocuspocus/server/-/server-1.1.2.tgz#c2ceab9938d4ff679ba22446e70fa3ce71fd6600"
|
||||||
integrity sha512-L6YHENRSyXDbYyFGt3S1etJq62XZEj6Z9QUmhqzOjlxQYHC/eaGtrCbAxi5dLKXORl3AY4CVtTfFN+3asmmT6w==
|
integrity sha512-L6YHENRSyXDbYyFGt3S1etJq62XZEj6Z9QUmhqzOjlxQYHC/eaGtrCbAxi5dLKXORl3AY4CVtTfFN+3asmmT6w==
|
||||||
|
|||||||
Reference in New Issue
Block a user