hj/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request 'Harden rate limiter to deal with configuration issues' (#7795) from gitlab-mr-iid-4418 into develop

Browse source 
Reviewed-on: https://git.pleroma.social/pleroma/pleroma/pulls/7795
This commit is contained in:
feld 2026-03-25 19:55:08 +00:00
commit 63c9c7ea92
6 changed files with 226 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

16
test/pleroma/config_db_test.exs
View file

@ -174,6 +174,22 @@ defmodule Pleroma.ConfigDBTest do
assert updated1.value == [groups: [c: 3, d: 4], key: [a: 1, b: 2]]
assert updated2.value == [mascots: [c: 3, d: 4], key: [a: 1, b: 2]]
end
test "rejects invalid :rate_limit values (e.g. empty-string scale from AdminFE)" do
assert {:error, _changeset} =
ConfigDB.update_or_create(%{
group: ":pleroma",
key: ":rate_limit",
value: [
%{
"tuple" => [
":statuses_actions",
[%{"tuple" => ["", 0]}, %{"tuple" => ["", ""]}]
]
}
]
})
end
end
describe "delete/1" do

17
test/pleroma/web/plugs/rate_limiter_test.exs
View file

@ -268,6 +268,23 @@ defmodule Pleroma.Web.Plugs.RateLimiterTest do
refute {:err, :not_found} == RateLimiter.inspect_bucket(conn, limiter_name, opts)
end
test "doesn't crash if rate limit scale is invalid (e.g. broken DB config)" do
limiter_name = :test_invalid_rate_limit_config
clear_config([:rate_limit, limiter_name], [{"", 0}, {"", ""}])
clear_config([Pleroma.Web.Endpoint, :http, :ip], {8, 8, 8, 8})
opts = RateLimiter.init(name: limiter_name)
conn = %{build_conn(:get, "/") | remote_ip: {127, 0, 0, 1}}
conn_limited = RateLimiter.call(conn, opts)
refute conn_limited.status == Conn.Status.code(:too_many_requests)
refute conn_limited.resp_body
refute conn_limited.halted
end
def expire_ttl(%{remote_ip: remote_ip} = _conn, bucket_name_root) do
bucket_name = "anon:#{bucket_name_root}" |> String.to_atom()
key_name = "ip::#{remote_ip |> Tuple.to_list() |> Enum.join(".")}"