Skip to content
This repository was archived by the owner on Apr 26, 2024. It is now read-only.

Rate limiting invites per issuer#13125

Merged
reivilibre merged 4 commits intodevelopfrom
yoric/throttling-invites
Jun 30, 2022
Merged

Rate limiting invites per issuer#13125
reivilibre merged 4 commits intodevelopfrom
yoric/throttling-invites

Conversation

@Yoric
Copy link
Contributor

@Yoric Yoric commented Jun 28, 2022
edited
Loading

We already have mechanisms for throttling (local) invites by room and by recipient but not by issuer. This PR adds it, along with a few lines of documentation.

Pull Request Checklist

  • Pull request is based on the develop branch
  • Pull request includes a changelog file. The entry should:
    • Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from EventStore to EventWorkerStore.".
    • Use markdown where necessary, mostly for code blocks.
    • End with either a period (.) or an exclamation mark (!).
    • Start with a capital letter.
    • Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry.
  • Pull request includes a sign off
  • Code style is correct
    (run the linters)

@Yoric Yoric requested a review from a team as a code owner June 28, 2022 12:03
@Yoric
WIP: ChangeLog
cb37541 
Signed-off-by: David Teller <davidt@element.io>
@Yoric Yoric force-pushed the yoric/throttling-invites branch from 821ffa4 to cb37541 Compare June 28, 2022 12:05
reivilibre
reivilibre suggested changes Jun 29, 2022
View reviewed changes
synapse/handlers/room_member.py Outdated
await self._invites_per_user_limiter.ratelimit(requester, invitee_user_id)
await self._invites_per_recipient_limiter.ratelimit(requester, invitee_user_id)
if requester is not None:
await self._invites_per_issuer_limiter.ratelimit(requester, requester.user)
Copy link
Contributor

@reivilibre reivilibre Jun 29, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
await self._invites_per_issuer_limiter.ratelimit(requester, requester.user)
await self._invites_per_issuer_limiter.ratelimit(requester)

No point having a key in the ratelimiter if it's always the same as the requester, I think.

synapse/config/ratelimiting.py
Comment on lines +139 to +142
self.rc_invites_per_issuer = RateLimitConfig(
config.get("rc_invites", {}).get("per_issuer", {}),
defaults={"per_second": 0.003, "burst_count": 5},
)
Copy link
Contributor

@reivilibre reivilibre Jun 29, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These defaults seem very harsh for someone creating a new room or upgrading a room (if that counts here?).

e.g. if I'm making a group chat with 10 friends, then the first 5 will be invited by the burst count, but the next 5 will take me 1666 seconds to invite — that's almost half an hour!!!

I don't know what's best here; maybe the burst count should be quite a bit higher (obviously this is kinder to spammers, but I think the current number definitely will obstruct normal usage of the service. I've invited more than 5 people to a new room before.)

Copy link
Contributor Author

@Yoric Yoric Jun 30, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You're right. Moving to same default rate limits as rc_invites_per_room.

@Yoric Yoric requested a review from reivilibre June 30, 2022 05:46
reivilibre
reivilibre reviewed Jun 30, 2022
View reviewed changes
@reivilibre reivilibre enabled auto-merge (squash) June 30, 2022 09:21
@reivilibre reivilibre merged commit 80c7a06 into develop Jun 30, 2022
@reivilibre reivilibre deleted the yoric/throttling-invites branch June 30, 2022 09:44
@richvdh richvdh mentioned this pull request Jul 19, 2022
Closed
richvdh
richvdh reviewed Jul 19, 2022
View reviewed changes
synapse/config/ratelimiting.py
defaults={"per_second": 0.003, "burst_count": 5},
)

self.rc_invites_per_issuer = RateLimitConfig(
Copy link
Member

@richvdh richvdh Jul 19, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Yoric, @reivilibre: please do remember to add new config settings to the documentation, otherwise people get angry.

Copy link
Member

@richvdh richvdh Jul 19, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see #13330

DMRobertson pushed a commit that referenced this pull request Jul 21, 2022
@Yoric
Document rc_invites.per_issuer, added in v1.63.
b909d53 
Resolves #13330.
Missed in #13125.

Signed-off-by: David Teller <davidt@element.io>
This was referenced Jan 9, 2025
Merged
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

2 more reviewers

@richvdh richvdh richvdh left review comments

@reivilibre reivilibre reivilibre approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Yoric @richvdh @reivilibre