prosody
87dd8639f08f
util/throttle.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

File

util/throttle.lua @ 13843:87dd8639f08f 13.0

mod_invites_register: Stricter validation of registration events This fixes two problems: 1) Account invites that were created with a specific username were not in fact restricted to that username. 2) Password reset invites were not restricted to resetting passwords, but could be used to create an arbitrary new account if the client or registration frontend (e.g. mod_invites_register_web) doesn't handle/enforce the username. This new validation ensures that registrations and resets are always for the username specified in the invitation.
author Matthew Wild <mwild1@gmail.com>
date Thu, 10 Apr 2025 16:07:32 +0100
parent 12975:d10957394a3c
line wrap: on
line source


local gettime = require "prosody.util.time".now
local setmetatable = setmetatable;

local _ENV = nil;
-- luacheck: std none

local throttle = {};
local throttle_mt = { __index = throttle };

function throttle:update()
	local newt = gettime();
	local elapsed = newt - self.t;
	self.t = newt;
	local balance = (self.rate * elapsed) + self.balance;
	if balance > self.max then
		self.balance = self.max;
	else
		self.balance = balance;
	end
	return self.balance;
end

function throttle:peek(cost)
	cost = cost or 1;
	return self.balance >= cost or self:update() >= cost;
end

function throttle:poll(cost, split)
	if self:peek(cost) then
		self.balance = self.balance - cost;
		return true;
	else
		local balance = self.balance;
		if split then
			self.balance = 0;
		end
		return false, balance, (cost-balance);
	end
end

local function create(max, period)
	return setmetatable({ rate = max / period, max = max, t = gettime(), balance = max }, throttle_mt);
end

return {
	create = create;
};