Merge branch 'develop' of https://git.pleroma.social/pleroma/pleroma into develop
commit
922c25d9c7
@ -0,0 +1,16 @@
|
||||
import Config
|
||||
|
||||
config_path = System.get_env("PLEROMA_CONFIG_PATH") || "/etc/pleroma/config.exs"
|
||||
|
||||
if File.exists?(config_path) do
|
||||
import_config config_path
|
||||
else
|
||||
warning = [
|
||||
IO.ANSI.red(),
|
||||
IO.ANSI.bright(),
|
||||
"!!! #{config_path} not found! Please ensure it exists and that PLEROMA_CONFIG_PATH is unset or points to an existing file",
|
||||
IO.ANSI.reset()
|
||||
]
|
||||
|
||||
IO.puts(warning)
|
||||
end
|
@ -1,36 +0,0 @@
|
||||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Plugs.RateLimitPlug do
|
||||
import Phoenix.Controller, only: [json: 2]
|
||||
import Plug.Conn
|
||||
|
||||
def init(opts), do: opts
|
||||
|
||||
def call(conn, opts) do
|
||||
enabled? = Pleroma.Config.get([:app_account_creation, :enabled])
|
||||
|
||||
case check_rate(conn, Map.put(opts, :enabled, enabled?)) do
|
||||
{:ok, _count} -> conn
|
||||
{:error, _count} -> render_error(conn)
|
||||
%Plug.Conn{} = conn -> conn
|
||||
end
|
||||
end
|
||||
|
||||
defp check_rate(conn, %{enabled: true} = opts) do
|
||||
max_requests = opts[:max_requests]
|
||||
bucket_name = conn.remote_ip |> Tuple.to_list() |> Enum.join(".")
|
||||
|
||||
ExRated.check_rate(bucket_name, opts[:interval] * 1000, max_requests)
|
||||
end
|
||||
|
||||
defp check_rate(conn, _), do: conn
|
||||
|
||||
defp render_error(conn) do
|
||||
conn
|
||||
|> put_status(:forbidden)
|
||||
|> json(%{error: "Rate limit exceeded."})
|
||||
|> halt()
|
||||
end
|
||||
end
|
@ -0,0 +1,87 @@
|
||||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Plugs.RateLimiter do
|
||||
@moduledoc """
|
||||
|
||||
## Configuration
|
||||
|
||||
A keyword list of rate limiters where a key is a limiter name and value is the limiter configuration. The basic configuration is a tuple where:
|
||||
|
||||
* The first element: `scale` (Integer). The time scale in milliseconds.
|
||||
* The second element: `limit` (Integer). How many requests to limit in the time scale provided.
|
||||
|
||||
It is also possible to have different limits for unauthenticated and authenticated users: the keyword value must be a list of two tuples where the first one is a config for unauthenticated users and the second one is for authenticated.
|
||||
|
||||
### Example
|
||||
|
||||
config :pleroma, :rate_limit,
|
||||
one: {1000, 10},
|
||||
two: [{10_000, 10}, {10_000, 50}]
|
||||
|
||||
Here we have two limiters: `one` which is not over 10req/1s and `two` which has two limits 10req/10s for unauthenticated users and 50req/10s for authenticated users.
|
||||
|
||||
## Usage
|
||||
|
||||
Inside a controller:
|
||||
|
||||
plug(Pleroma.Plugs.RateLimiter, :one when action == :one)
|
||||
plug(Pleroma.Plugs.RateLimiter, :two when action in [:two, :three])
|
||||
|
||||
or inside a router pipiline:
|
||||
|
||||
pipeline :api do
|
||||
...
|
||||
plug(Pleroma.Plugs.RateLimiter, :one)
|
||||
...
|
||||
end
|
||||
"""
|
||||
|
||||
import Phoenix.Controller, only: [json: 2]
|
||||
import Plug.Conn
|
||||
|
||||
alias Pleroma.User
|
||||
|
||||
def init(limiter_name) do
|
||||
case Pleroma.Config.get([:rate_limit, limiter_name]) do
|
||||
nil -> nil
|
||||
config -> {limiter_name, config}
|
||||
end
|
||||
end
|
||||
|
||||
# do not limit if there is no limiter configuration
|
||||
def call(conn, nil), do: conn
|
||||
|
||||
def call(conn, opts) do
|
||||
case check_rate(conn, opts) do
|
||||
{:ok, _count} -> conn
|
||||
{:error, _count} -> render_error(conn)
|
||||
end
|
||||
end
|
||||
|
||||
defp check_rate(%{assigns: %{user: %User{id: user_id}}}, {limiter_name, [_, {scale, limit}]}) do
|
||||
ExRated.check_rate("#{limiter_name}:#{user_id}", scale, limit)
|
||||
end
|
||||
|
||||
defp check_rate(conn, {limiter_name, [{scale, limit} | _]}) do
|
||||
ExRated.check_rate("#{limiter_name}:#{ip(conn)}", scale, limit)
|
||||
end
|
||||
|
||||
defp check_rate(conn, {limiter_name, {scale, limit}}) do
|
||||
check_rate(conn, {limiter_name, [{scale, limit}]})
|
||||
end
|
||||
|
||||
def ip(%{remote_ip: remote_ip}) do
|
||||
remote_ip
|
||||
|> Tuple.to_list()
|
||||
|> Enum.join(".")
|
||||
end
|
||||
|
||||
defp render_error(conn) do
|
||||
conn
|
||||
|> put_status(:too_many_requests)
|
||||
|> json(%{error: "Throttled"})
|
||||
|> halt()
|
||||
end
|
||||
end
|
@ -0,0 +1,64 @@
|
||||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.ReleaseTasks do
|
||||
@repo Pleroma.Repo
|
||||
|
||||
def run(args) do
|
||||
Mix.Tasks.Pleroma.Common.start_pleroma()
|
||||
[task | args] = String.split(args)
|
||||
|
||||
case task do
|
||||
"migrate" -> migrate()
|
||||
"create" -> create()
|
||||
"rollback" -> rollback(String.to_integer(Enum.at(args, 0)))
|
||||
task -> mix_task(task, args)
|
||||
end
|
||||
end
|
||||
|
||||
defp mix_task(task, args) do
|
||||
{:ok, modules} = :application.get_key(:pleroma, :modules)
|
||||
|
||||
module =
|
||||
Enum.find(modules, fn module ->
|
||||
module = Module.split(module)
|
||||
|
||||
match?(["Mix", "Tasks", "Pleroma" | _], module) and
|
||||
String.downcase(List.last(module)) == task
|
||||
end)
|
||||
|
||||
if module do
|
||||
module.run(args)
|
||||
else
|
||||
IO.puts("The task #{task} does not exist")
|
||||
end
|
||||
end
|
||||
|
||||
def migrate do
|
||||
{:ok, _, _} = Ecto.Migrator.with_repo(@repo, &Ecto.Migrator.run(&1, :up, all: true))
|
||||
end
|
||||
|
||||
def rollback(version) do
|
||||
{:ok, _, _} = Ecto.Migrator.with_repo(@repo, &Ecto.Migrator.run(&1, :down, to: version))
|
||||
end
|
||||
|
||||
def create do
|
||||
case @repo.__adapter__.storage_up(@repo.config) do
|
||||
:ok ->
|
||||
IO.puts("The database for #{inspect(@repo)} has been created")
|
||||
|
||||
{:error, :already_up} ->
|
||||
IO.puts("The database for #{inspect(@repo)} has already been created")
|
||||
|
||||
{:error, term} when is_binary(term) ->
|
||||
IO.puts(:stderr, "The database for #{inspect(@repo)} couldn't be created: #{term}")
|
||||
|
||||
{:error, term} ->
|
||||
IO.puts(
|
||||
:stderr,
|
||||
"The database for #{inspect(@repo)} couldn't be created: #{inspect(term)}"
|
||||
)
|
||||
end
|
||||
end
|
||||
end
|
@ -0,0 +1,12 @@
|
||||
#!/bin/sh
|
||||
|
||||
# Sets and enables heart (recommended only in daemon mode)
|
||||
# if [ "$RELEASE_COMMAND" = "daemon" ] || [ "$RELEASE_COMMAND" = "daemon_iex" ]; then
|
||||
# HEART_COMMAND="$RELEASE_ROOT/bin/$RELEASE_NAME $RELEASE_COMMAND"
|
||||
# export HEART_COMMAND
|
||||
# export ELIXIR_ERL_OPTIONS="-heart"
|
||||
# fi
|
||||
|
||||
# Set the release to work across nodes
|
||||
export RELEASE_DISTRIBUTION=name
|
||||
export RELEASE_NODE=<%= @release.name %>@127.0.0.1
|
@ -0,0 +1,19 @@
|
||||
#!/bin/sh
|
||||
# XXX: This should be removed when elixir's releases get custom command support
|
||||
if [ -z "$1" ] || [ "$1" == "help" ]; then
|
||||
echo "Usage: $(basename "$0") COMMAND [ARGS]
|
||||
|
||||
The known commands are:
|
||||
|
||||
create Create database schema (needs to be executed only once)
|
||||
migrate Execute database migrations (needs to be done after updates)
|
||||
rollback [VERSION] Rollback database migrations (needs to be done before downgrading)
|
||||
|
||||
and any mix tasks under Pleroma namespace, for example \`mix pleroma.user COMMAND\` is
|
||||
equivalent to \`$(basename "$0") user COMMAND\`
|
||||
"
|
||||
else
|
||||
SCRIPT=$(readlink -f "$0")
|
||||
SCRIPTPATH=$(dirname "$SCRIPT")
|
||||
$SCRIPTPATH/pleroma eval 'Pleroma.ReleaseTasks.run("'"$*"'")'
|
||||
fi
|
@ -0,0 +1,11 @@
|
||||
## Customize flags given to the VM: http://erlang.org/doc/man/erl.html
|
||||
## -mode/-name/-sname/-setcookie are configured via env vars, do not set them here
|
||||
|
||||
## Number of dirty schedulers doing IO work (file, sockets, etc)
|
||||
##+SDio 5
|
||||
|
||||
## Increase number of concurrent ports/sockets
|
||||
##+Q 65536
|
||||
|
||||
## Tweak GC to run more often
|
||||
##-env ERL_FULLSWEEP_AFTER 10
|
@ -1,50 +0,0 @@
|
||||
defmodule Pleroma.Plugs.RateLimitPlugTest do
|
||||
use ExUnit.Case, async: true
|
||||
use Plug.Test
|
||||
|
||||
alias Pleroma.Plugs.RateLimitPlug
|
||||
|
||||
@opts RateLimitPlug.init(%{max_requests: 5, interval: 1})
|
||||
|
||||
setup do
|
||||
enabled = Pleroma.Config.get([:app_account_creation, :enabled])
|
||||
|
||||
Pleroma.Config.put([:app_account_creation, :enabled], true)
|
||||
|
||||
on_exit(fn ->
|
||||
Pleroma.Config.put([:app_account_creation, :enabled], enabled)
|
||||
end)
|
||||
|
||||
:ok
|
||||
end
|
||||
|
||||
test "it restricts by opts" do
|
||||
conn = conn(:get, "/")
|
||||
bucket_name = conn.remote_ip |> Tuple.to_list() |> Enum.join(".")
|
||||
ms = 1000
|
||||
|
||||
conn = RateLimitPlug.call(conn, @opts)
|
||||
{1, 4, _, _, _} = ExRated.inspect_bucket(bucket_name, ms, 5)
|
||||
conn = RateLimitPlug.call(conn, @opts)
|
||||
{2, 3, _, _, _} = ExRated.inspect_bucket(bucket_name, ms, 5)
|
||||
conn = RateLimitPlug.call(conn, @opts)
|
||||
{3, 2, _, _, _} = ExRated.inspect_bucket(bucket_name, ms, 5)
|
||||
conn = RateLimitPlug.call(conn, @opts)
|
||||
{4, 1, _, _, _} = ExRated.inspect_bucket(bucket_name, ms, 5)
|
||||
conn = RateLimitPlug.call(conn, @opts)
|
||||
{5, 0, to_reset, _, _} = ExRated.inspect_bucket(bucket_name, ms, 5)
|
||||
conn = RateLimitPlug.call(conn, @opts)
|
||||
assert conn.status == 403
|
||||
assert conn.halted
|
||||
assert conn.resp_body == "{\"error\":\"Rate limit exceeded.\"}"
|
||||
|
||||
Process.sleep(to_reset)
|
||||
|
||||
conn = conn(:get, "/")
|
||||
conn = RateLimitPlug.call(conn, @opts)
|
||||
{1, 4, _, _, _} = ExRated.inspect_bucket(bucket_name, ms, 5)
|
||||
refute conn.status == 403
|
||||
refute conn.halted
|
||||
refute conn.resp_body
|
||||
end
|
||||
end
|
@ -0,0 +1,108 @@
|
||||
defmodule Pleroma.Plugs.RateLimiterTest do
|
||||
use ExUnit.Case, async: true
|
||||
use Plug.Test
|
||||
|
||||
alias Pleroma.Plugs.RateLimiter
|
||||
|
||||
import Pleroma.Factory
|
||||
|
||||
@limiter_name :testing
|
||||
|
||||
test "init/1" do
|
||||
Pleroma.Config.put([:rate_limit, @limiter_name], {1, 1})
|
||||
|
||||
assert {@limiter_name, {1, 1}} == RateLimiter.init(@limiter_name)
|
||||
assert nil == RateLimiter.init(:foo)
|
||||
end
|
||||
|
||||
test "ip/1" do
|
||||
assert "127.0.0.1" == RateLimiter.ip(%{remote_ip: {127, 0, 0, 1}})
|
||||
end
|
||||
|
||||
test "it restricts by opts" do
|
||||
scale = 100
|
||||
limit = 5
|
||||
|
||||
Pleroma.Config.put([:rate_limit, @limiter_name], {scale, limit})
|
||||
|
||||
opts = RateLimiter.init(@limiter_name)
|
||||
conn = conn(:get, "/")
|
||||
bucket_name = "#{@limiter_name}:#{RateLimiter.ip(conn)}"
|
||||
|
||||
conn = RateLimiter.call(conn, opts)
|
||||
assert {1, 4, _, _, _} = ExRated.inspect_bucket(bucket_name, scale, limit)
|
||||
|
||||
conn = RateLimiter.call(conn, opts)
|
||||
assert {2, 3, _, _, _} = ExRated.inspect_bucket(bucket_name, scale, limit)
|
||||
|
||||
conn = RateLimiter.call(conn, opts)
|
||||
assert {3, 2, _, _, _} = ExRated.inspect_bucket(bucket_name, scale, limit)
|
||||
|
||||
conn = RateLimiter.call(conn, opts)
|
||||
assert {4, 1, _, _, _} = ExRated.inspect_bucket(bucket_name, scale, limit)
|
||||
|
||||
conn = RateLimiter.call(conn, opts)
|
||||
assert {5, 0, to_reset, _, _} = ExRated.inspect_bucket(bucket_name, scale, limit)
|
||||
|
||||
conn = RateLimiter.call(conn, opts)
|
||||
|
||||
assert %{"error" => "Throttled"} = Phoenix.ConnTest.json_response(conn, :too_many_requests)
|
||||
assert conn.halted
|
||||
|
||||
Process.sleep(to_reset)
|
||||
|
||||
conn = conn(:get, "/")
|
||||
|
||||
conn = RateLimiter.call(conn, opts)
|
||||
assert {1, 4, _, _, _} = ExRated.inspect_bucket(bucket_name, scale, limit)
|
||||
|
||||
refute conn.status == Plug.Conn.Status.code(:too_many_requests)
|
||||
refute conn.resp_body
|
||||
refute conn.halted
|
||||
end
|
||||
|
||||
test "optional limits for authenticated users" do
|
||||
Ecto.Adapters.SQL.Sandbox.checkout(Pleroma.Repo)
|
||||
|
||||
scale = 100
|
||||
limit = 5
|
||||
Pleroma.Config.put([:rate_limit, @limiter_name], [{1, 10}, {scale, limit}])
|
||||
|
||||
opts = RateLimiter.init(@limiter_name)
|
||||
|
||||
user = insert(:user)
|
||||
conn = conn(:get, "/") |> assign(:user, user)
|
||||
bucket_name = "#{@limiter_name}:#{user.id}"
|
||||
|
||||
conn = RateLimiter.call(conn, opts)
|
||||
assert {1, 4, _, _, _} = ExRated.inspect_bucket(bucket_name, scale, limit)
|
||||
|
||||
conn = RateLimiter.call(conn, opts)
|
||||
assert {2, 3, _, _, _} = ExRated.inspect_bucket(bucket_name, scale, limit)
|
||||
|
||||
conn = RateLimiter.call(conn, opts)
|
||||
assert {3, 2, _, _, _} = ExRated.inspect_bucket(bucket_name, scale, limit)
|
||||
|
||||
conn = RateLimiter.call(conn, opts)
|
||||
assert {4, 1, _, _, _} = ExRated.inspect_bucket(bucket_name, scale, limit)
|
||||
|
||||
conn = RateLimiter.call(conn, opts)
|
||||
assert {5, 0, to_reset, _, _} = ExRated.inspect_bucket(bucket_name, scale, limit)
|
||||
|
||||
conn = RateLimiter.call(conn, opts)
|
||||
|
||||
assert %{"error" => "Throttled"} = Phoenix.ConnTest.json_response(conn, :too_many_requests)
|
||||
assert conn.halted
|
||||
|
||||
Process.sleep(to_reset)
|
||||
|
||||
conn = conn(:get, "/") |> assign(:user, user)
|
||||
|
||||
conn = RateLimiter.call(conn, opts)
|
||||
assert {1, 4, _, _, _} = ExRated.inspect_bucket(bucket_name, scale, limit)
|
||||
|
||||
refute conn.status == Plug.Conn.Status.code(:too_many_requests)
|
||||
refute conn.resp_body
|
||||
refute conn.halted
|
||||
end
|
||||
end
|
Loading…
Reference in new issue