Commit 33d99ee8 authored by Stefano Sanfilippo's avatar Stefano Sanfilippo

Rate limiting roster updates.

parent 4436990a
......@@ -86,3 +86,6 @@ This is also a valid Python file, but don't abuse that.
## Authentication token for live presence updates
#mac_update_password = "default"
## Minimum number of seconds between two successive MAC updates.
mac_update_interval = 0
......@@ -152,4 +152,10 @@ define("mac_update_password",
default="default",
help="Authentication token for live presence updates",
group="Networking"
)
\ No newline at end of file
)
define("mac_update_interval",
default=0,
help="Minimum number of seconds between two successive MAC updates.",
group="Networking"
)
......@@ -13,7 +13,7 @@ HTTP requests handlers.
import json
import markdown
import datetime
from datetime import datetime, timedelta
from sqlalchemy import distinct
from sqlalchemy.exc import IntegrityError
......@@ -362,15 +362,23 @@ class MessagePageHandler(BaseHandler):
class RTCHandler(BaseHandler):
def get(self):
now = datetime.datetime.now()
now = datetime.now()
self.write(now.strftime("%Y-%m-%d %H:%M:%S"))
self.finish()
class MACUpdateHandler(BaseHandler):
ROSTER = []
LAST_ATTEMPT = datetime.now()
def post(self):
now = datetime.now()
if (now - MACUpdateHandler.LAST_ATTEMPT) < timedelta(seconds=options.mac_update_interval):
LOG.warning("Too frequent attempts to update, remote IP address is {}".format(self.request.remote_ip))
raise HTTPError(403, "Too frequent")
else:
MACUpdateHandler.LAST_ATTEMPT = now
try:
password = self.get_argument("password")
macs = self.get_argument("macs")
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment