diff options
author | Christian Grothoff <christian@grothoff.org> | 2021-12-31 11:37:42 +0100 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2021-12-31 11:37:42 +0100 |
commit | ce443bb4d4815ac79170b81cae74fc8b8030ea54 (patch) | |
tree | 5ad2e67ea4179a4f766c3180bf44b06cc8577f33 /src/backend | |
parent | 9f7a6d50b4c6a79ab16dfabe2c57510565bc4cf2 (diff) | |
download | anastasis-ce443bb4d4815ac79170b81cae74fc8b8030ea54.tar.gz anastasis-ce443bb4d4815ac79170b81cae74fc8b8030ea54.tar.bz2 anastasis-ce443bb4d4815ac79170b81cae74fc8b8030ea54.zip |
fix #7054: propagate more information on the rate-limiting
Diffstat (limited to 'src/backend')
-rw-r--r-- | src/backend/anastasis-httpd_truth.c | 41 |
1 files changed, 26 insertions, 15 deletions
diff --git a/src/backend/anastasis-httpd_truth.c b/src/backend/anastasis-httpd_truth.c index 6c05ef8..54969bf 100644 --- a/src/backend/anastasis-httpd_truth.c +++ b/src/backend/anastasis-httpd_truth.c @@ -237,6 +237,27 @@ static struct GNUNET_SCHEDULER_Task *to_task; /** + * Generate a response telling the client that answering this + * challenge failed because the rate limit has been exceeded. + * + * @param gc request to answer for + * @return MHD status code + */ +static MHD_RESULT +reply_rate_limited (const struct GetContext *gc) +{ + return TALER_MHD_REPLY_JSON_PACK ( + gc->connection, + MHD_HTTP_TOO_MANY_REQUESTS, + TALER_MHD_PACK_EC (TALER_EC_ANASTASIS_TRUTH_RATE_LIMITED), + GNUNET_JSON_pack_uint64 ("request_limit", + gc->authorization->retry_counter), + GNUNET_JSON_pack_time_rel ("request_frequency", + gc->authorization->code_rotation_period)); +} + + +/** * Timeout requests that are past their due date. * * @param cls NULL @@ -991,9 +1012,8 @@ run_authorization_process (struct MHD_Connection *connection, /** - * Use the database to rate-limit queries to the - * authentication procedure, but without actually - * storing 'real' challenge codes. + * Use the database to rate-limit queries to the authentication + * procedure, but without actually storing 'real' challenge codes. * * @param[in,out] gc context to rate limit requests for * @return #GNUNET_OK if rate-limiting passes, @@ -1034,10 +1054,7 @@ rate_limit (struct GetContext *gc) if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs) { return (MHD_YES == - TALER_MHD_reply_with_error (gc->connection, - MHD_HTTP_TOO_MANY_REQUESTS, - TALER_EC_ANASTASIS_TRUTH_RATE_LIMITED, - NULL)) + reply_rate_limited (gc)) ? GNUNET_NO : GNUNET_SYSERR; } @@ -1066,10 +1083,7 @@ rate_limit (struct GetContext *gc) : GNUNET_SYSERR; case ANASTASIS_DB_CODE_STATUS_NO_RESULTS: return (MHD_YES == - TALER_MHD_reply_with_error (gc->connection, - MHD_HTTP_TOO_MANY_REQUESTS, - TALER_EC_ANASTASIS_TRUTH_RATE_LIMITED, - NULL)) + reply_rate_limited (gc)) ? GNUNET_NO : GNUNET_SYSERR; case ANASTASIS_DB_CODE_STATUS_VALID_CODE_STORED: @@ -1640,10 +1654,7 @@ AH_handler_truth_get ( case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS: /* 0 == retry_counter of existing challenge => rate limit exceeded */ GNUNET_free (decrypted_truth); - return TALER_MHD_reply_with_error (connection, - MHD_HTTP_TOO_MANY_REQUESTS, - TALER_EC_ANASTASIS_TRUTH_RATE_LIMITED, - NULL); + return reply_rate_limited (gc); case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT: /* challenge code was stored successfully*/ GNUNET_log (GNUNET_ERROR_TYPE_INFO, |