mirror of
https://github.com/waku-org/nwaku.git
synced 2025-01-10 14:56:31 +00:00
026d804a0d
* Added flexible rate limit checks for store, legacy store and lightpush. Also added rate and traffic metrics. * Fix chat2 after WakuLegacyStoreCodec rename * Update waku/common/ratelimit.nim Co-authored-by: Ivan FB <128452529+Ivansete-status@users.noreply.github.com> * Update waku/common/ratelimit.nim Co-authored-by: Ivan FB <128452529+Ivansete-status@users.noreply.github.com> * Update waku/waku_store_legacy/protocol.nim Co-authored-by: Ivan FB <128452529+Ivansete-status@users.noreply.github.com> * Fix review findings, added limit to debug logs --------- Co-authored-by: Ivan FB <128452529+Ivansete-status@users.noreply.github.com>
119 lines
3.5 KiB
Nim
119 lines
3.5 KiB
Nim
when (NimMajor, NimMinor) < (1, 4):
|
|
{.push raises: [Defect].}
|
|
else:
|
|
{.push raises: [].}
|
|
|
|
import
|
|
std/options, stew/results, stew/byteutils, chronicles, chronos, metrics, bearssl/rand
|
|
import
|
|
../node/peer_manager/peer_manager,
|
|
../waku_core,
|
|
./common,
|
|
./rpc,
|
|
./rpc_codec,
|
|
./protocol_metrics,
|
|
../common/ratelimit,
|
|
../common/waku_service_metrics
|
|
|
|
export ratelimit
|
|
|
|
logScope:
|
|
topics = "waku lightpush"
|
|
|
|
type WakuLightPush* = ref object of LPProtocol
|
|
rng*: ref rand.HmacDrbgContext
|
|
peerManager*: PeerManager
|
|
pushHandler*: PushMessageHandler
|
|
requestRateLimiter*: Option[TokenBucket]
|
|
|
|
proc handleRequest*(
|
|
wl: WakuLightPush, peerId: PeerId, buffer: seq[byte]
|
|
): Future[PushRPC] {.async.} =
|
|
let reqDecodeRes = PushRPC.decode(buffer)
|
|
var
|
|
isSuccess = false
|
|
pushResponseInfo = ""
|
|
requestId = ""
|
|
|
|
if reqDecodeRes.isErr():
|
|
pushResponseInfo = decodeRpcFailure & ": " & $reqDecodeRes.error
|
|
elif reqDecodeRes.get().request.isNone():
|
|
pushResponseInfo = emptyRequestBodyFailure
|
|
else:
|
|
let pushRpcRequest = reqDecodeRes.get()
|
|
|
|
requestId = pushRpcRequest.requestId
|
|
|
|
let
|
|
request = pushRpcRequest.request
|
|
|
|
pubSubTopic = request.get().pubSubTopic
|
|
message = request.get().message
|
|
waku_lightpush_messages.inc(labelValues = ["PushRequest"])
|
|
debug "push request",
|
|
peerId = peerId,
|
|
requestId = requestId,
|
|
pubsubTopic = pubsubTopic,
|
|
hash = pubsubTopic.computeMessageHash(message).to0xHex()
|
|
|
|
let handleRes = await wl.pushHandler(peerId, pubsubTopic, message)
|
|
isSuccess = handleRes.isOk()
|
|
pushResponseInfo = (if isSuccess: "OK" else: handleRes.error)
|
|
|
|
if not isSuccess:
|
|
waku_lightpush_errors.inc(labelValues = [pushResponseInfo])
|
|
error "failed to push message", error = pushResponseInfo
|
|
let response = PushResponse(isSuccess: isSuccess, info: some(pushResponseInfo))
|
|
let rpc = PushRPC(requestId: requestId, response: some(response))
|
|
return rpc
|
|
|
|
proc initProtocolHandler(wl: WakuLightPush) =
|
|
proc handle(conn: Connection, proto: string) {.async.} =
|
|
var rpc: PushRPC
|
|
wl.requestRateLimiter.checkUsageLimit(WakuLightPushCodec, conn):
|
|
let buffer = await conn.readLp(DefaultMaxRpcSize)
|
|
|
|
waku_service_inbound_network_bytes.inc(
|
|
amount = buffer.len().int64, labelValues = [WakuLightPushCodec]
|
|
)
|
|
|
|
rpc = await handleRequest(wl, conn.peerId, buffer)
|
|
do:
|
|
debug "lightpush request rejected due rate limit exceeded",
|
|
peerId = conn.peerId, limit = $wl.requestRateLimiter
|
|
|
|
rpc = static(
|
|
PushRPC(
|
|
## We will not copy and decode RPC buffer from stream only for requestId
|
|
## in reject case as it is comparably too expensive and opens possible
|
|
## attack surface
|
|
requestId: "N/A",
|
|
response:
|
|
some(PushResponse(isSuccess: false, info: some(TooManyRequestsMessage))),
|
|
)
|
|
)
|
|
|
|
await conn.writeLp(rpc.encode().buffer)
|
|
|
|
## For lightpush might not worth to measure outgoing trafic as it is only
|
|
## small respones about success/failure
|
|
|
|
wl.handler = handle
|
|
wl.codec = WakuLightPushCodec
|
|
|
|
proc new*(
|
|
T: type WakuLightPush,
|
|
peerManager: PeerManager,
|
|
rng: ref rand.HmacDrbgContext,
|
|
pushHandler: PushMessageHandler,
|
|
rateLimitSetting: Option[RateLimitSetting] = none[RateLimitSetting](),
|
|
): T =
|
|
let wl = WakuLightPush(
|
|
rng: rng,
|
|
peerManager: peerManager,
|
|
pushHandler: pushHandler,
|
|
requestRateLimiter: newTokenBucket(rateLimitSetting),
|
|
)
|
|
wl.initProtocolHandler()
|
|
return wl
|