From 889dc17abd95bd1f414646e54d7e3cdadd9afbc9 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Tue, 16 Jul 2019 19:18:30 +0300 Subject: [PATCH 1/2] [#1094] Rate-limited follow & unfollow actions. --- config/config.exs | 2 ++ docs/config.md | 2 ++ lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 8 ++++++++ 3 files changed, 12 insertions(+) diff --git a/config/config.exs b/config/config.exs index 7d539f994..03e0341c8 100644 --- a/config/config.exs +++ b/config/config.exs @@ -528,6 +528,8 @@ config :pleroma, :rate_limit, search: [{1000, 10}, {1000, 30}], app_account_creation: {1_800_000, 25}, + relations_actions: {10_000, 10}, + relation_id_action: {60_000, 2}, statuses_actions: {10_000, 15}, status_id_action: {60_000, 3} diff --git a/docs/config.md b/docs/config.md index 9a64f0ed7..f595caba5 100644 --- a/docs/config.md +++ b/docs/config.md @@ -647,5 +647,7 @@ Supported rate limiters: * `:search` for the search requests (account & status search etc.) * `:app_account_creation` for registering user accounts from the same IP address +* `:relations_actions` for actions on relations with other users (follow, unfollow) +* `:relation_id_action` for actions on relation with specific another user (follow, unfollow) * `:statuses_actions` for create / delete / fav / unfav / reblog / unreblog actions on any statuses * `:status_id_action` for fav / unfav or reblog / unreblog actions on the same status by the same user diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index f4aa576f7..a732a6990 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -47,6 +47,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do require Logger + @rate_limited_relations_actions ~w(follow unfollow)a + @rate_limited_status_actions ~w(reblog_status unreblog_status fav_status unfav_status post_status delete_status)a @@ -62,6 +64,12 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do when action in ~w(fav_status unfav_status)a ) + plug( + RateLimiter, + {:relations_id_action, params: ["id", "uri"]} when action in @rate_limited_relations_actions + ) + + plug(RateLimiter, :relations_actions when action in @rate_limited_relations_actions) plug(RateLimiter, :statuses_actions when action in @rate_limited_status_actions) plug(RateLimiter, :app_account_creation when action == :account_register) plug(RateLimiter, :search when action in [:search, :search2, :account_search]) From 2ba07b63f4557554cd4acc63dc8e0424612554a0 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Tue, 16 Jul 2019 16:59:02 +0000 Subject: [PATCH 2/2] Apply suggestion to docs/config.md --- docs/config.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/config.md b/docs/config.md index f595caba5..346b8cda2 100644 --- a/docs/config.md +++ b/docs/config.md @@ -647,7 +647,7 @@ Supported rate limiters: * `:search` for the search requests (account & status search etc.) * `:app_account_creation` for registering user accounts from the same IP address -* `:relations_actions` for actions on relations with other users (follow, unfollow) -* `:relation_id_action` for actions on relation with specific another user (follow, unfollow) +* `:relations_actions` for actions on relations with all users (follow, unfollow) +* `:relation_id_action` for actions on relation with a specific user (follow, unfollow) * `:statuses_actions` for create / delete / fav / unfav / reblog / unreblog actions on any statuses * `:status_id_action` for fav / unfav or reblog / unreblog actions on the same status by the same user