diff options
Diffstat (limited to 'src/backend/anastasis-httpd_truth.c')
-rw-r--r-- | src/backend/anastasis-httpd_truth.c | 41 |
1 files changed, 26 insertions, 15 deletions
diff --git a/src/backend/anastasis-httpd_truth.c b/src/backend/anastasis-httpd_truth.c index 6c05ef8..54969bf 100644 --- a/src/backend/anastasis-httpd_truth.c +++ b/src/backend/anastasis-httpd_truth.c | |||
@@ -237,6 +237,27 @@ static struct GNUNET_SCHEDULER_Task *to_task; | |||
237 | 237 | ||
238 | 238 | ||
239 | /** | 239 | /** |
240 | * Generate a response telling the client that answering this | ||
241 | * challenge failed because the rate limit has been exceeded. | ||
242 | * | ||
243 | * @param gc request to answer for | ||
244 | * @return MHD status code | ||
245 | */ | ||
246 | static MHD_RESULT | ||
247 | reply_rate_limited (const struct GetContext *gc) | ||
248 | { | ||
249 | return TALER_MHD_REPLY_JSON_PACK ( | ||
250 | gc->connection, | ||
251 | MHD_HTTP_TOO_MANY_REQUESTS, | ||
252 | TALER_MHD_PACK_EC (TALER_EC_ANASTASIS_TRUTH_RATE_LIMITED), | ||
253 | GNUNET_JSON_pack_uint64 ("request_limit", | ||
254 | gc->authorization->retry_counter), | ||
255 | GNUNET_JSON_pack_time_rel ("request_frequency", | ||
256 | gc->authorization->code_rotation_period)); | ||
257 | } | ||
258 | |||
259 | |||
260 | /** | ||
240 | * Timeout requests that are past their due date. | 261 | * Timeout requests that are past their due date. |
241 | * | 262 | * |
242 | * @param cls NULL | 263 | * @param cls NULL |
@@ -991,9 +1012,8 @@ run_authorization_process (struct MHD_Connection *connection, | |||
991 | 1012 | ||
992 | 1013 | ||
993 | /** | 1014 | /** |
994 | * Use the database to rate-limit queries to the | 1015 | * Use the database to rate-limit queries to the authentication |
995 | * authentication procedure, but without actually | 1016 | * procedure, but without actually storing 'real' challenge codes. |
996 | * storing 'real' challenge codes. | ||
997 | * | 1017 | * |
998 | * @param[in,out] gc context to rate limit requests for | 1018 | * @param[in,out] gc context to rate limit requests for |
999 | * @return #GNUNET_OK if rate-limiting passes, | 1019 | * @return #GNUNET_OK if rate-limiting passes, |
@@ -1034,10 +1054,7 @@ rate_limit (struct GetContext *gc) | |||
1034 | if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs) | 1054 | if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs) |
1035 | { | 1055 | { |
1036 | return (MHD_YES == | 1056 | return (MHD_YES == |
1037 | TALER_MHD_reply_with_error (gc->connection, | 1057 | reply_rate_limited (gc)) |
1038 | MHD_HTTP_TOO_MANY_REQUESTS, | ||
1039 | TALER_EC_ANASTASIS_TRUTH_RATE_LIMITED, | ||
1040 | NULL)) | ||
1041 | ? GNUNET_NO | 1058 | ? GNUNET_NO |
1042 | : GNUNET_SYSERR; | 1059 | : GNUNET_SYSERR; |
1043 | } | 1060 | } |
@@ -1066,10 +1083,7 @@ rate_limit (struct GetContext *gc) | |||
1066 | : GNUNET_SYSERR; | 1083 | : GNUNET_SYSERR; |
1067 | case ANASTASIS_DB_CODE_STATUS_NO_RESULTS: | 1084 | case ANASTASIS_DB_CODE_STATUS_NO_RESULTS: |
1068 | return (MHD_YES == | 1085 | return (MHD_YES == |
1069 | TALER_MHD_reply_with_error (gc->connection, | 1086 | reply_rate_limited (gc)) |
1070 | MHD_HTTP_TOO_MANY_REQUESTS, | ||
1071 | TALER_EC_ANASTASIS_TRUTH_RATE_LIMITED, | ||
1072 | NULL)) | ||
1073 | ? GNUNET_NO | 1087 | ? GNUNET_NO |
1074 | : GNUNET_SYSERR; | 1088 | : GNUNET_SYSERR; |
1075 | case ANASTASIS_DB_CODE_STATUS_VALID_CODE_STORED: | 1089 | case ANASTASIS_DB_CODE_STATUS_VALID_CODE_STORED: |
@@ -1640,10 +1654,7 @@ AH_handler_truth_get ( | |||
1640 | case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS: | 1654 | case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS: |
1641 | /* 0 == retry_counter of existing challenge => rate limit exceeded */ | 1655 | /* 0 == retry_counter of existing challenge => rate limit exceeded */ |
1642 | GNUNET_free (decrypted_truth); | 1656 | GNUNET_free (decrypted_truth); |
1643 | return TALER_MHD_reply_with_error (connection, | 1657 | return reply_rate_limited (gc); |
1644 | MHD_HTTP_TOO_MANY_REQUESTS, | ||
1645 | TALER_EC_ANASTASIS_TRUTH_RATE_LIMITED, | ||
1646 | NULL); | ||
1647 | case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT: | 1658 | case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT: |
1648 | /* challenge code was stored successfully*/ | 1659 | /* challenge code was stored successfully*/ |
1649 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | 1660 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, |