diff options
author | Eugen Rochko <eugen@zeonfederated.com> | 2018-11-08 21:35:58 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-11-08 21:35:58 +0100 |
commit | 46155122859657e674a0fab097c6812349c35274 (patch) | |
tree | 1a6eb9e1fcdabab8f0a08f245d759f9523b459f1 /app/controllers | |
parent | dd00cd19d2536ce70442d74d72986721427691a5 (diff) |
Reduce connect timeout limit and limit signature failures by source IP (#9236)
* Reduce connect timeout from 10s to 1s * Limit failing signature verifications per source IP
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/concerns/signature_verification.rb | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/app/controllers/concerns/signature_verification.rb b/app/controllers/concerns/signature_verification.rb index e5d5e2ca6..7e491641b 100644 --- a/app/controllers/concerns/signature_verification.rb +++ b/app/controllers/concerns/signature_verification.rb @@ -43,7 +43,12 @@ module SignatureVerification return end - account = account_from_key_id(signature_params['keyId']) + account_stoplight = Stoplight("source:#{request.ip}") { account_from_key_id(signature_params['keyId']) } + .with_fallback { nil } + .with_threshold(1) + .with_cool_off_time(5.minutes.seconds) + + account = account_stoplight.run if account.nil? @signature_verification_failure_reason = "Public key not found for key #{signature_params['keyId']}" |