From 5ff952e4c84a2dc28eee277d3367b390b0f59dbf Mon Sep 17 00:00:00 2001 From: Rodrigo Nascimento Date: Tue, 5 Feb 2019 14:12:09 -0200 Subject: [PATCH] [FIX] Rate Limiter was limiting communication between instances (#13326) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [FIX] Rate Limiter was limiting communication between instances * Split calls to stream in method’s names for prometheus --- packages/rocketchat-lib/server/lib/debug.js | 2 +- .../server/startup/rateLimiter.js | 20 +++++++++++++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/packages/rocketchat-lib/server/lib/debug.js b/packages/rocketchat-lib/server/lib/debug.js index ca32e6a9f1e..1af00e6b7be 100644 --- a/packages/rocketchat-lib/server/lib/debug.js +++ b/packages/rocketchat-lib/server/lib/debug.js @@ -50,7 +50,7 @@ const wrapMethods = function(name, originalHandler, methodsMap) { methodsMap[name] = function(...originalArgs) { traceConnection(Log_Trace_Methods, Log_Trace_Methods_Filter, 'method', name, this.connection, this.userId); const end = RocketChat.metrics.meteorMethods.startTimer({ - method: name, + method: name === 'stream' ? `${ name }:${ originalArgs[0] }` : name, has_connection: this.connection != null, has_user: this.userId != null, }); diff --git a/packages/rocketchat-lib/server/startup/rateLimiter.js b/packages/rocketchat-lib/server/startup/rateLimiter.js index 8e936f827cc..7e3272ee91e 100644 --- a/packages/rocketchat-lib/server/startup/rateLimiter.js +++ b/packages/rocketchat-lib/server/startup/rateLimiter.js @@ -20,9 +20,22 @@ DDPRateLimiter.addRule = (matcher, calls, time, callback) => { return addRule.call(DDPRateLimiter, matcher, calls, time, callback); }; +const { _increment } = DDPRateLimiter; +DDPRateLimiter._increment = function(input) { + const session = Meteor.server.sessions[input.connectionId]; + input.broadcastAuth = session && session.connectionHandle && session.connectionHandle.broadcastAuth === true; + + return _increment.call(DDPRateLimiter, input); +}; + // Need to override the meteor's code duo to a problem with the callback reply // being shared among all matchs RateLimiter.prototype.check = function(input) { + // ==== BEGIN OVERRIDE ==== + const session = Meteor.server.sessions[input.connectionId]; + input.broadcastAuth = session && session.connectionHandle && session.connectionHandle.broadcastAuth === true; + // ==== END OVERRIDE ==== + const self = this; const reply = { allowed: true, @@ -136,29 +149,34 @@ const reconfigureLimit = Meteor.bindEnvironment((name, rules, factor = 1) => { const configIP = _.debounce(() => { reconfigureLimit('IP', { + broadcastAuth: false, clientAddress: (clientAddress) => clientAddress !== '127.0.0.1', }); }, 1000); const configUser = _.debounce(() => { reconfigureLimit('User', { + broadcastAuth: false, userId: (userId) => userId != null, }); }, 1000); const configConnection = _.debounce(() => { reconfigureLimit('Connection', { + broadcastAuth: false, connectionId: () => true, }); }, 1000); const configUserByMethod = _.debounce(() => { reconfigureLimit('User_By_Method', { + broadcastAuth: false, type: () => true, name: checkNameNonStream, userId: (userId) => userId != null, }); reconfigureLimit('User_By_Method', { + broadcastAuth: false, type: () => true, name: checkNameForStream, userId: (userId) => userId != null, @@ -167,11 +185,13 @@ const configUserByMethod = _.debounce(() => { const configConnectionByMethod = _.debounce(() => { reconfigureLimit('Connection_By_Method', { + broadcastAuth: false, type: () => true, name: checkNameNonStream, connectionId: () => true, }); reconfigureLimit('Connection_By_Method', { + broadcastAuth: false, type: () => true, name: checkNameForStream, connectionId: () => true,