]> git.r.bdr.sh - rbdr/mobius/blobdiff - hotline/server.go
git.r.bdr.sh / rbdr / mobius / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add client connection rate limit
[rbdr/mobius] / hotline / server.go
diff --git a/hotline/server.go b/hotline/server.go
index 5531bd3c59512916f927c705cd0ea4dc74d0a631..758f7ff8a3fa9aeacfb2c9b9a4bb65b46f715141 100644 (file)
--- a/hotline/server.go
+++ b/hotline/server.go
@@ -9,6 +9,7 @@ import (
        "errors"
        "fmt"
        "golang.org/x/text/encoding/charmap"
        "errors"
        "fmt"
        "golang.org/x/text/encoding/charmap"
+       "golang.org/x/time/rate"
        "io"
        "log"
        "log/slog"
        "io"
        "log"
        "log/slog"
@@ -37,6 +38,8 @@ type Server struct {
        NetInterface string
        Port         int
 
        NetInterface string
        Port         int
 
+       rateLimiters map[string]*rate.Limiter
+
        handlers map[TranType]HandlerFunc
 
        Config Config
        handlers map[TranType]HandlerFunc
 
        Config Config
@@ -98,6 +101,7 @@ func NewServer(options ...Option) (*Server, error) {
        server := Server{
                handlers:        make(map[TranType]HandlerFunc),
                outbox:          make(chan Transaction),
        server := Server{
                handlers:        make(map[TranType]HandlerFunc),
                outbox:          make(chan Transaction),
+               rateLimiters:    make(map[string]*rate.Limiter),
                FS:              &OSFileStore{},
                ChatMgr:         NewMemChatManager(),
                ClientMgr:       NewMemClientMgr(),
                FS:              &OSFileStore{},
                ChatMgr:         NewMemChatManager(),
                ClientMgr:       NewMemClientMgr(),
@@ -202,6 +206,10 @@ func (s *Server) processOutbox() {
        }
 }
 
        }
 }
 
+// perIPRateLimit controls how frequently an IP address can connect before being throttled.
+// 0.5 = 1 connection every 2 seconds
+const perIPRateLimit = rate.Limit(0.5)
+
 func (s *Server) Serve(ctx context.Context, ln net.Listener) error {
        for {
                select {
 func (s *Server) Serve(ctx context.Context, ln net.Listener) error {
        for {
                select {
@@ -216,13 +224,29 @@ func (s *Server) Serve(ctx context.Context, ln net.Listener) error {
                        }
 
                        go func() {
                        }
 
                        go func() {
+                               ipAddr := strings.Split(conn.RemoteAddr().(*net.TCPAddr).String(), ":")[0]
+
                                connCtx := context.WithValue(ctx, contextKeyReq, requestCtx{
                                        remoteAddr: conn.RemoteAddr().String(),
                                })
 
                                connCtx := context.WithValue(ctx, contextKeyReq, requestCtx{
                                        remoteAddr: conn.RemoteAddr().String(),
                                })
 
-                               s.Logger.Info("Connection established", "addr", conn.RemoteAddr())
+                               s.Logger.Info("Connection established", "ip", ipAddr)
                                defer conn.Close()
 
                                defer conn.Close()
 
+                               // Check if we have an existing rate limit for the IP and create one if we do not.
+                               rl, ok := s.rateLimiters[ipAddr]
+                               if !ok {
+                                       rl = rate.NewLimiter(perIPRateLimit, 1)
+                                       s.rateLimiters[ipAddr] = rl
+                               }
+
+                               // Check if the rate limit is exceeded and close the connection if so.
+                               if !rl.Allow() {
+                                       s.Logger.Info("Rate limit exceeded", "RemoteAddr", conn.RemoteAddr())
+                                       conn.Close()
+                                       return
+                               }
+
                                if err := s.handleNewConnection(connCtx, conn, conn.RemoteAddr().String()); err != nil {
                                        if err == io.EOF {
                                                s.Logger.Info("Client disconnected", "RemoteAddr", conn.RemoteAddr())
                                if err := s.handleNewConnection(connCtx, conn, conn.RemoteAddr().String()); err != nil {
                                        if err == io.EOF {
                                                s.Logger.Info("Client disconnected", "RemoteAddr", conn.RemoteAddr())
Friendship Quest remix of mobius, a hotline server in go #cli