Add rate limiting to /messages

2026-01-09 23:23:10 -06:00 · 2023-07-11 13:08:24 +02:00 · 2023-07-11 13:08:24 +02:00 · a0070867cb
parent fa655837a3
commit a0070867cb
3 changed files with 9 additions and 0 deletions
--- a/syncapi/routing/routing.go
+++ b/syncapi/routing/routing.go
@ -43,6 +43,7 @@ func Setup(
 	cfg *config.SyncAPI,
 	lazyLoadCache caching.LazyLoadCache,
 	fts fulltext.Indexer,
+	rateLimits *httputil.RateLimits,
 ) {
 	v1unstablemux := csMux.PathPrefix("/{apiversion:(?:v1|unstable)}/").Subrouter()
 	v3mux := csMux.PathPrefix("/{apiversion:(?:r0|v3)}/").Subrouter()
@ -53,6 +54,10 @@ func Setup(
 	}, httputil.WithAllowGuests())).Methods(http.MethodGet, http.MethodOptions)

 	v3mux.Handle("/rooms/{roomID}/messages", httputil.MakeAuthAPI("room_messages", userAPI, func(req *http.Request, device *userapi.Device) util.JSONResponse {
+		// not specced, but ensure we're rate limiting requests to this endpoint
+		if r := rateLimits.Limit(req, device); r != nil {
+			return *r
+		}
 		vars, err := httputil.URLDecodeMapValues(mux.Vars(req))
 		if err != nil {
 			return util.ErrorResponse(err)
--- a/syncapi/syncapi.go
+++ b/syncapi/syncapi.go
@ -144,8 +144,11 @@ func AddPublicRoutes(
 		logrus.WithError(err).Panicf("failed to start receipts consumer")
 	}

+	rateLimits := httputil.NewRateLimits(&dendriteCfg.ClientAPI.RateLimiting)
+
 	routing.Setup(
 		routers.Client, requestPool, syncDB, userAPI,
 		rsAPI, &dendriteCfg.SyncAPI, caches, fts,
+		rateLimits,
 	)
 }
--- a/syncapi/syncapi_test.go
+++ b/syncapi/syncapi_test.go
@ -433,6 +433,7 @@ func testHistoryVisibility(t *testing.T, dbType test.DBType) {
 		}

 		cfg, processCtx, close := testrig.CreateConfig(t, dbType)
+		cfg.ClientAPI.RateLimiting = config.RateLimiting{Enabled: false}
 		routers := httputil.NewRouters()
 		cm := sqlutil.NewConnectionManager(processCtx, cfg.Global.DatabaseOptions)
 		caches := caching.NewRistrettoCache(128*1024*1024, time.Hour, caching.DisableMetrics)