prosody-modules
460f78654864
mod_c2s_conn_throttle/mod_c2s_conn_throttle.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

File

mod_c2s_conn_throttle/mod_c2s_conn_throttle.lua @ 5173:460f78654864

mod_muc_rtbl: also filter messages This was a bit tricky because we don't want to run the JIDs through SHA256 on each message. Took a while to come up with this simple plan of just caching the SHA256 of the JIDs on the occupants. This will leave some dirt in the occupants after unloading the module, but that should be ok; once they cycle the room, the hashes will be gone. This is direly needed, otherwise, there is a tight race between the moderation activities and the actors joining the room.
author Jonas Schäfer <jonas@wielicki.name>
date Tue, 21 Feb 2023 21:37:27 +0100
parent 1343:7dbde05b48a9
child 5810:e79f9dec35c0
line wrap: on
line source

-- Clients Connection Throttler.
-- (C) 2012-2013, Marco Cirillo (LW.Org)

local time = os.time
local in_count = {}
local logins_count = module:get_option_number("cthrottler_logins_count", 3)
local throttle_time = module:get_option_number("cthrottler_time", 60)

local function handle_sessions(event)
	local session = event.origin

	if not in_count[session.ip] and session.type == "c2s_unauthed" then
		in_count[session.ip] = { t = time(), c = 1 }
	elseif in_count[session.ip] and session.type == "c2s_unauthed" then
		if in_count[session.ip].starttls_c then in_count[session.ip].c = in_count[session.ip].starttls_c else in_count[session.ip].c = in_count[session.ip].c + 1 end

		if in_count[session.ip].c > logins_count and time() - in_count[session.ip].t < throttle_time then
			module:log("error", "Exceeded login count for %s, closing connection", session.ip)
			session:close{ condition = "policy-violation", text = "You exceeded the number of connections/logins allowed in "..throttle_time.." seconds, good bye." }
			return true
		elseif time() - in_count[session.ip].t > throttle_time then
			in_count[session.ip] = nil ; return
		end
	end
end

local function check_starttls(event)
	local session = event.origin

	if in_count[session.ip] and type(in_count[session.ip].starttls_c) ~= "number" and session.type == "c2s_unauthed" then
		in_count[session.ip].starttls_c = 1
	elseif in_count[session.ip] and type(in_count[session.ip].starttls_c) == "number" and session.type == "c2s_unauthed" then
		in_count[session.ip].starttls_c = in_count[session.ip].starttls_c + 1
	end
end

module:hook("stream-features", handle_sessions, 100)
module:hook("stanza/urn:ietf:params:xml:ns:xmpp-tls:starttls", check_starttls, 100)