Enforce per-IP rate limits

2024-09-23 10:20:43 -07:00 · 2024-09-23 10:20:43 -07:00 · d550c69f7f
parent 087e192fac
commit d550c69f7f
2 changed files with 5 additions and 15 deletions
--- a/service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java
@ -1003,7 +1003,7 @@ public class WhisperServerService extends Application<WhisperServerConfiguration

    environment.jersey().register(new BufferingInterceptor());
    environment.jersey().register(new VirtualExecutorServiceProvider("managed-async-virtual-thread-"));
-    environment.jersey().register(new RateLimitByIpFilter(rateLimiters, true));
+    environment.jersey().register(new RateLimitByIpFilter(rateLimiters));
    environment.jersey().register(new RequestStatisticsFilter(TrafficSource.HTTP));
    environment.jersey().register(MultiRecipientMessageProvider.class);
    environment.jersey().register(new AuthDynamicFeature(accountAuthFilter));
@ -1022,7 +1022,7 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
            clientReleaseManager, messageDeliveryLoopMonitor));
    webSocketEnvironment.jersey()
        .register(new WebsocketRefreshApplicationEventListener(accountsManager, clientPresenceManager));
-    webSocketEnvironment.jersey().register(new RateLimitByIpFilter(rateLimiters, true));
+    webSocketEnvironment.jersey().register(new RateLimitByIpFilter(rateLimiters));
    webSocketEnvironment.jersey().register(new RequestStatisticsFilter(TrafficSource.WEBSOCKET));
    webSocketEnvironment.jersey().register(MultiRecipientMessageProvider.class);
    webSocketEnvironment.jersey().register(new MetricsApplicationEventListener(TrafficSource.WEBSOCKET, clientReleaseManager));
--- a/service/src/main/java/org/whispersystems/textsecuregcm/limits/RateLimitByIpFilter.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/limits/RateLimitByIpFilter.java
@ -41,15 +41,9 @@ public class RateLimitByIpFilter implements ContainerRequestFilter {
  private static final String NO_IP_COUNTER_NAME = MetricsUtil.name(RateLimitByIpFilter.class, "noIpAddress");

  private final RateLimiters rateLimiters;
-  private final boolean softEnforcement;
-
-  public RateLimitByIpFilter(final RateLimiters rateLimiters, final boolean softEnforcement) {
-    this.rateLimiters = requireNonNull(rateLimiters);
-    this.softEnforcement = softEnforcement;
-  }

  public RateLimitByIpFilter(final RateLimiters rateLimiters) {
-    this(rateLimiters, false);
+    this.rateLimiters = requireNonNull(rateLimiters);
  }

  @Override
@ -87,9 +81,7 @@ public class RateLimitByIpFilter implements ContainerRequestFilter {
        // checking if annotation is configured to fail when the most recent IP is not resolved
        if (annotation.failOnUnresolvedIp()) {
          logger.error("Remote address was null");
-          if (!softEnforcement) {
-            throw INVALID_HEADER_EXCEPTION;
-          }
+          throw INVALID_HEADER_EXCEPTION;
        }
        // otherwise, allow request
        return;
@ -99,9 +91,7 @@ public class RateLimitByIpFilter implements ContainerRequestFilter {
      rateLimiter.validate(remoteAddress.get());
    } catch (RateLimitExceededException e) {
      final Response response = EXCEPTION_MAPPER.toResponse(e);
-      if (!softEnforcement) {
-        throw new ClientErrorException(response);
-      }
+      throw new ClientErrorException(response);
    }
  }
 }