Reduce connect timeout limit and limit signature failures by source IP (#9236)

* Reduce connect timeout from 10s to 1s * Limit failing signature verifications per source IP
author: Eugen Rochko <eugen@zeonfederated.com> 2018-11-08 21:35:58 +0100
committer: GitHub <noreply@github.com> 2018-11-08 21:35:58 +0100
commit: 46155122859657e674a0fab097c6812349c35274 (patch)
tree: 1a6eb9e1fcdabab8f0a08f245d759f9523b459f1
parent: dd00cd19d2536ce70442d74d72986721427691a5 (diff)
2 files changed, 7 insertions, 2 deletions
diff --git a/app/controllers/concerns/signature_verification.rb b/app/controllers/concerns/signature_verification.rb
index e5d5e2ca6..7e491641b 100644
--- a/app/controllers/concerns/signature_verification.rb
+++ b/app/controllers/concerns/signature_verification.rb
@@ -43,7 +43,12 @@ module SignatureVerification
       return
     end
 
-    account = account_from_key_id(signature_params['keyId'])
+    account_stoplight = Stoplight("source:#{request.ip}") { account_from_key_id(signature_params['keyId']) }
+      .with_fallback { nil }
+      .with_threshold(1)
+      .with_cool_off_time(5.minutes.seconds)
+
+    account = account_stoplight.run
 
     if account.nil?
       @signature_verification_failure_reason = "Public key not found for key #{signature_params['keyId']}"
diff --git a/app/lib/request.rb b/app/lib/request.rb
index 36c211dbf..73b495ce1 100644
--- a/app/lib/request.rb
+++ b/app/lib/request.rb
@@ -94,7 +94,7 @@ class Request
   end
 
   def timeout
-    { write: 10, connect: 10, read: 10 }
+    { connect: 1, read: 10, write: 10 }
   end
 
   def http_client
author	Eugen Rochko <eugen@zeonfederated.com>	2018-11-08 21:35:58 +0100
committer	GitHub <noreply@github.com>	2018-11-08 21:35:58 +0100
commit	46155122859657e674a0fab097c6812349c35274 (patch)
tree	1a6eb9e1fcdabab8f0a08f245d759f9523b459f1
parent	dd00cd19d2536ce70442d74d72986721427691a5 (diff)