Reduce connect timeout limit and limit signature failures by source IP (#9236)

author Eugen Rochko <eugen@zeonfederated.com>

Thu, 8 Nov 2018 20:35:58 +0000 (21:35 +0100)

committer GitHub <noreply@github.com>

Thu, 8 Nov 2018 20:35:58 +0000 (21:35 +0100)
author Eugen Rochko <eugen@zeonfederated.com>
Thu, 8 Nov 2018 20:35:58 +0000 (21:35 +0100)
committer GitHub <noreply@github.com>
Thu, 8 Nov 2018 20:35:58 +0000 (21:35 +0100)
diff --git a/app/controllers/concerns/signature_verification.rb b/app/controllers/concerns/signature_verification.rb

index e5d5e2ca61914a0ab4fd56e16db16d29aae77d1f..7e491641b3322a4b40a4448731da475cb34a0c51 100644 (file)
--- a/app/controllers/concerns/signature_verification.rb
+++ b/app/controllers/concerns/signature_verification.rb
@@ -43,7 +43,12 @@ module SignatureVerification
        return
      end
  
-    account = account_from_key_id(signature_params['keyId'])
+    account_stoplight = Stoplight("source:#{request.ip}") { account_from_key_id(signature_params['keyId']) }
+      .with_fallback { nil }
+      .with_threshold(1)
+      .with_cool_off_time(5.minutes.seconds)
+
+    account = account_stoplight.run
  
      if account.nil?
        @signature_verification_failure_reason = "Public key not found for key #{signature_params['keyId']}"
diff --git a/app/lib/request.rb b/app/lib/request.rb

index 36c211dbfe50107d54fdb40630f9169929bb3051..73b495ce19f68a946c3dffb4ec2d88e22ae884da 100644 (file)
--- a/app/lib/request.rb
+++ b/app/lib/request.rb
@@ -94,7 +94,7 @@ class Request
    end
  
    def timeout
-    { write: 10, connect: 10, read: 10 }
+    { connect: 1, read: 10, write: 10 }
    end
  
    def http_client
author	Eugen Rochko <eugen@zeonfederated.com>
	Thu, 8 Nov 2018 20:35:58 +0000 (21:35 +0100)
committer	GitHub <noreply@github.com>
	Thu, 8 Nov 2018 20:35:58 +0000 (21:35 +0100)
app/controllers/concerns/signature_verification.rb		patch \| blob \| history
app/lib/request.rb		patch \| blob \| history