projects / akkoma / blob
? search:


9c362a392c3663b0d542310e04f3b1d5df7931f3
[akkoma] / lib / pleroma / plugs / rate_limiter / rate_limiter.ex
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Plugs.RateLimiter do
6 @moduledoc """
7
8 ## Configuration
9
10 A keyword list of rate limiters where a key is a limiter name and value is the limiter configuration.
11 The basic configuration is a tuple where:
12
13 * The first element: `scale` (Integer). The time scale in milliseconds.
14 * The second element: `limit` (Integer). How many requests to limit in the time scale provided.
15
16 It is also possible to have different limits for unauthenticated and authenticated users: the keyword value must be a
17 list of two tuples where the first one is a config for unauthenticated users and the second one is for authenticated.
18
19 To disable a limiter set its value to `nil`.
20
21 ### Example
22
23 config :pleroma, :rate_limit,
24 one: {1000, 10},
25 two: [{10_000, 10}, {10_000, 50}],
26 foobar: nil
27
28 Here we have three limiters:
29
30 * `one` which is not over 10req/1s
31 * `two` which has two limits: 10req/10s for unauthenticated users and 50req/10s for authenticated users
32 * `foobar` which is disabled
33
34 ## Usage
35
36 AllowedSyntax:
37
38 plug(Pleroma.Plugs.RateLimiter, name: :limiter_name)
39 plug(Pleroma.Plugs.RateLimiter, options) # :name is a required option
40
41 Allowed options:
42
43 * `name` required, always used to fetch the limit values from the config
44 * `bucket_name` overrides name for counting purposes (e.g. to have a separate limit for a set of actions)
45 * `params` appends values of specified request params (e.g. ["id"]) to bucket name
46
47 Inside a controller:
48
49 plug(Pleroma.Plugs.RateLimiter, [name: :one] when action == :one)
50 plug(Pleroma.Plugs.RateLimiter, [name: :two] when action in [:two, :three])
51
52 plug(
53 Pleroma.Plugs.RateLimiter,
54 [name: :status_id_action, bucket_name: "status_id_action:fav_unfav", params: ["id"]]
55 when action in ~w(fav_status unfav_status)a
56 )
57
58 or inside a router pipeline:
59
60 pipeline :api do
61 ...
62 plug(Pleroma.Plugs.RateLimiter, name: :one)
63 ...
64 end
65 """
66 import Pleroma.Web.TranslationHelpers
67 import Plug.Conn
68
69 alias Pleroma.Config
70 alias Pleroma.Plugs.RateLimiter.LimiterSupervisor
71 alias Pleroma.User
72
73 require Logger
74
75 @doc false
76 def init(plug_opts) do
77 plug_opts
78 end
79
80 def call(conn, plug_opts) do
81 if disabled?() do
82 handle_disabled(conn)
83 else
84 action_settings = action_settings(plug_opts)
85 handle(conn, action_settings)
86 end
87 end
88
89 defp handle_disabled(conn) do
90 if Config.get(:env) == :prod do
91 Logger.warn("Rate limiter is disabled for localhost/socket")
92 end
93
94 conn
95 end
96
97 defp handle(conn, nil), do: conn
98
99 defp handle(conn, action_settings) do
100 action_settings
101 |> incorporate_conn_info(conn)
102 |> check_rate()
103 |> case do
104 {:ok, _count} ->
105 conn
106
107 {:error, _count} ->
108 render_throttled_error(conn)
109 end
110 end
111
112 def disabled? do
113 localhost_or_socket =
114 Config.get([Pleroma.Web.Endpoint, :http, :ip])
115 |> Tuple.to_list()
116 |> Enum.join(".")
117 |> String.match?(~r/^local|^127.0.0.1/)
118
119 remote_ip_disabled = not Config.get([Pleroma.Plugs.RemoteIp, :enabled])
120
121 localhost_or_socket and remote_ip_disabled
122 end
123
124 @inspect_bucket_not_found {:error, :not_found}
125
126 def inspect_bucket(conn, bucket_name_root, plug_opts) do
127 with %{name: _} = action_settings <- action_settings(plug_opts) do
128 action_settings = incorporate_conn_info(action_settings, conn)
129 bucket_name = make_bucket_name(%{action_settings | name: bucket_name_root})
130 key_name = make_key_name(action_settings)
131 limit = get_limits(action_settings)
132
133 case Cachex.get(bucket_name, key_name) do
134 {:error, :no_cache} ->
135 @inspect_bucket_not_found
136
137 {:ok, nil} ->
138 {0, limit}
139
140 {:ok, value} ->
141 {value, limit - value}
142 end
143 else
144 _ -> @inspect_bucket_not_found
145 end
146 end
147
148 def action_settings(plug_opts) do
149 with limiter_name when is_atom(limiter_name) <- plug_opts[:name],
150 limits when not is_nil(limits) <- Config.get([:rate_limit, limiter_name]) do
151 bucket_name_root = Keyword.get(plug_opts, :bucket_name, limiter_name)
152
153 %{
154 name: bucket_name_root,
155 limits: limits,
156 opts: plug_opts
157 }
158 end
159 end
160
161 defp check_rate(action_settings) do
162 bucket_name = make_bucket_name(action_settings)
163 key_name = make_key_name(action_settings)
164 limit = get_limits(action_settings)
165
166 case Cachex.get_and_update(bucket_name, key_name, &increment_value(&1, limit)) do
167 {:commit, value} ->
168 {:ok, value}
169
170 {:ignore, value} ->
171 {:error, value}
172
173 {:error, :no_cache} ->
174 initialize_buckets(action_settings)
175 check_rate(action_settings)
176 end
177 end
178
179 defp increment_value(nil, _limit), do: {:commit, 1}
180
181 defp increment_value(val, limit) when val >= limit, do: {:ignore, val}
182
183 defp increment_value(val, _limit), do: {:commit, val + 1}
184
185 defp incorporate_conn_info(action_settings, %{
186 assigns: %{user: %User{id: user_id}},
187 params: params
188 }) do
189 Map.merge(action_settings, %{
190 mode: :user,
191 conn_params: params,
192 conn_info: "#{user_id}"
193 })
194 end
195
196 defp incorporate_conn_info(action_settings, %{params: params} = conn) do
197 Map.merge(action_settings, %{
198 mode: :anon,
199 conn_params: params,
200 conn_info: "#{ip(conn)}"
201 })
202 end
203
204 defp ip(%{remote_ip: remote_ip}) do
205 remote_ip
206 |> Tuple.to_list()
207 |> Enum.join(".")
208 end
209
210 defp render_throttled_error(conn) do
211 conn
212 |> render_error(:too_many_requests, "Throttled")
213 |> halt()
214 end
215
216 defp make_key_name(action_settings) do
217 ""
218 |> attach_selected_params(action_settings)
219 |> attach_identity(action_settings)
220 end
221
222 defp get_scale(_, {scale, _}), do: scale
223
224 defp get_scale(:anon, [{scale, _}, {_, _}]), do: scale
225
226 defp get_scale(:user, [{_, _}, {scale, _}]), do: scale
227
228 defp get_limits(%{limits: {_scale, limit}}), do: limit
229
230 defp get_limits(%{mode: :user, limits: [_, {_, limit}]}), do: limit
231
232 defp get_limits(%{limits: [{_, limit}, _]}), do: limit
233
234 defp make_bucket_name(%{mode: :user, name: bucket_name_root}),
235 do: user_bucket_name(bucket_name_root)
236
237 defp make_bucket_name(%{mode: :anon, name: bucket_name_root}),
238 do: anon_bucket_name(bucket_name_root)
239
240 defp attach_selected_params(input, %{conn_params: conn_params, opts: plug_opts}) do
241 params_string =
242 plug_opts
243 |> Keyword.get(:params, [])
244 |> Enum.sort()
245 |> Enum.map(&Map.get(conn_params, &1, ""))
246 |> Enum.join(":")
247
248 [input, params_string]
249 |> Enum.join(":")
250 |> String.replace_leading(":", "")
251 end
252
253 defp initialize_buckets(%{name: _name, limits: nil}), do: :ok
254
255 defp initialize_buckets(%{name: name, limits: limits}) do
256 LimiterSupervisor.add_limiter(anon_bucket_name(name), get_scale(:anon, limits))
257 LimiterSupervisor.add_limiter(user_bucket_name(name), get_scale(:user, limits))
258 end
259
260 defp attach_identity(base, %{mode: :user, conn_info: conn_info}),
261 do: "user:#{base}:#{conn_info}"
262
263 defp attach_identity(base, %{mode: :anon, conn_info: conn_info}),
264 do: "ip:#{base}:#{conn_info}"
265
266 defp user_bucket_name(bucket_name_root), do: "user:#{bucket_name_root}" |> String.to_atom()
267 defp anon_bucket_name(bucket_name_root), do: "anon:#{bucket_name_root}" |> String.to_atom()
268 end
Fork of https://akkoma.dev/AkkomaGang/akkoma.git