From 8dcf04897ac063983bae60225ade7c094a05ff3a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=94=D0=B0=D0=BC=D1=8F=D0=BD=20=D0=9C=D0=B8=D0=BD=D0=BA?= =?UTF-8?q?=D0=BE=D0=B2?= Date: Tue, 22 Sep 2020 10:53:43 -0500 Subject: [PATCH] feat: Throttle out call attempts to the max number per minute (#7742) * feat: Make possible to reload config for filter rayo iq. * feat: Throttle out call attempts to the max number per minute * squash: Updates comment about config --- .../prosody-plugins/mod_filter_iq_rayo.lua | 37 +++++++++++++------ 1 file changed, 26 insertions(+), 11 deletions(-) diff --git a/resources/prosody-plugins/mod_filter_iq_rayo.lua b/resources/prosody-plugins/mod_filter_iq_rayo.lua index a71af06925..b40b77e35f 100644 --- a/resources/prosody-plugins/mod_filter_iq_rayo.lua +++ b/resources/prosody-plugins/mod_filter_iq_rayo.lua @@ -1,3 +1,4 @@ +local new_throttle = require "util.throttle".create; local st = require "util.stanza"; local token_util = module:require "token/util".new(module); @@ -10,12 +11,19 @@ if token_util == nil then return; end --- configuration to limit number of outgoing calls -local LIMIT_OUTGOING_CALLS = module:get_option_number("max_number_outgoing_calls", -1); +-- The maximum number of simultaneous calls, +-- and also the maximum number of new calls per minute that a session is allowed to create. +local limit_outgoing_calls; +local function load_config() + limit_outgoing_calls = module:get_option_number("max_number_outgoing_calls", -1); +end +load_config(); -- Header names to use to push extra data extracted from token, if any local OUT_INITIATOR_USER_ATTR_NAME = "X-outbound-call-initiator-user"; local OUT_INITIATOR_GROUP_ATTR_NAME = "X-outbound-call-initiator-group"; +local OUTGOING_CALLS_THROTTLE_INTERVAL = 60; -- if max_number_outgoing_calls is enabled it will be + -- the max number of outgoing calls a user can try for a minute -- filters rayo iq in case of requested from not jwt authenticated sessions -- or if the session has features in user context and it doesn't mention @@ -53,15 +61,21 @@ module:hook("pre-iq/full", function(event) end -- now lets check any limits if configured - if LIMIT_OUTGOING_CALLS > 0 - and get_concurrent_outgoing_count( - session.jitsi_meet_context_user["id"], - session.jitsi_meet_context_group) >= LIMIT_OUTGOING_CALLS - then - module:log("warn", - "Filtering stanza dial, stanza:%s, outgoing calls limit reached", tostring(stanza)); - session.send(st.error_reply(stanza, "cancel", "resource-constraint")); - return true; + if limit_outgoing_calls > 0 then + if not session.dial_out_throttle then + module:log("debug", "Enabling dial-out throttle session=%s.", session); + session.dial_out_throttle = new_throttle(limit_outgoing_calls, OUTGOING_CALLS_THROTTLE_INTERVAL); + end + + if not session.dial_out_throttle:poll(1) -- we first check the throttle so we can mark one incoming dial for the balance + or get_concurrent_outgoing_count(session.jitsi_meet_context_user["id"], session.jitsi_meet_context_group) + >= limit_outgoing_calls + then + module:log("warn", + "Filtering stanza dial, stanza:%s, outgoing calls limit reached", tostring(stanza)); + session.send(st.error_reply(stanza, "cancel", "resource-constraint")); + return true; + end end -- now lets insert token information if any @@ -163,3 +177,4 @@ function get_concurrent_outgoing_count(context_user, context_group) return count; end +module:hook_global('config-reloaded', load_config);