about summary refs log tree commit diff
path: root/app/controllers
diff options
context:
space:
mode:
authorEugen Rochko <eugen@zeonfederated.com>2018-11-08 21:35:58 +0100
committerGitHub <noreply@github.com>2018-11-08 21:35:58 +0100
commit46155122859657e674a0fab097c6812349c35274 (patch)
tree1a6eb9e1fcdabab8f0a08f245d759f9523b459f1 /app/controllers
parentdd00cd19d2536ce70442d74d72986721427691a5 (diff)
Reduce connect timeout limit and limit signature failures by source IP (#9236)
* Reduce connect timeout from 10s to 1s

* Limit failing signature verifications per source IP
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/concerns/signature_verification.rb7
1 files changed, 6 insertions, 1 deletions
diff --git a/app/controllers/concerns/signature_verification.rb b/app/controllers/concerns/signature_verification.rb
index e5d5e2ca6..7e491641b 100644
--- a/app/controllers/concerns/signature_verification.rb
+++ b/app/controllers/concerns/signature_verification.rb
@@ -43,7 +43,12 @@ module SignatureVerification
       return
     end
 
-    account = account_from_key_id(signature_params['keyId'])
+    account_stoplight = Stoplight("source:#{request.ip}") { account_from_key_id(signature_params['keyId']) }
+      .with_fallback { nil }
+      .with_threshold(1)
+      .with_cool_off_time(5.minutes.seconds)
+
+    account = account_stoplight.run
 
     if account.nil?
       @signature_verification_failure_reason = "Public key not found for key #{signature_params['keyId']}"