From b9f8addd21f2fb604c93c9dbd2321f7023c6817f Mon Sep 17 00:00:00 2001 From: Travis Person Date: Thu, 31 Oct 2019 10:24:59 -0700 Subject: [PATCH] Invert faucet rate limiting Rate limits needs to be ordered from specific to generic to ensure that a single user will not exhaust the generic limiter before being limited by the more specific. Resolves #517 --- cmd/lotus-fountain/main.go | 53 +++++++++++++++++++------------------- 1 file changed, 27 insertions(+), 26 deletions(-) diff --git a/cmd/lotus-fountain/main.go b/cmd/lotus-fountain/main.go index 6c27758a617..6d590bb0c54 100644 --- a/cmd/lotus-fountain/main.go +++ b/cmd/lotus-fountain/main.go @@ -136,29 +136,29 @@ type handler struct { } func (h *handler) send(w http.ResponseWriter, r *http.Request) { - // General limiter to allow throttling all messages that can make it into the mpool - if !h.limiter.Allow() { - http.Error(w, http.StatusText(http.StatusTooManyRequests), http.StatusTooManyRequests) + to, err := address.NewFromString(r.FormValue("address")) + if err != nil { + w.WriteHeader(400) + w.Write([]byte(err.Error())) return } - // Limit based on IP - limiter := h.limiter.GetIPLimiter(r.RemoteAddr) + // Limit based on wallet address + limiter := h.limiter.GetWalletLimiter(to.String()) if !limiter.Allow() { http.Error(w, http.StatusText(http.StatusTooManyRequests), http.StatusTooManyRequests) return } - to, err := address.NewFromString(r.FormValue("address")) - if err != nil { - w.WriteHeader(400) - w.Write([]byte(err.Error())) + // Limit based on IP + limiter = h.limiter.GetIPLimiter(r.RemoteAddr) + if !limiter.Allow() { + http.Error(w, http.StatusText(http.StatusTooManyRequests), http.StatusTooManyRequests) return } - // Limit based on wallet address - limiter = h.limiter.GetWalletLimiter(to.String()) - if !limiter.Allow() { + // General limiter to allow throttling all messages that can make it into the mpool + if !h.limiter.Allow() { http.Error(w, http.StatusText(http.StatusTooManyRequests), http.StatusTooManyRequests) return } @@ -181,19 +181,6 @@ func (h *handler) send(w http.ResponseWriter, r *http.Request) { } func (h *handler) mkminer(w http.ResponseWriter, r *http.Request) { - // General limiter owner allow throttling all messages that can make it into the mpool - if !h.colLimiter.Allow() { - http.Error(w, http.StatusText(http.StatusTooManyRequests), http.StatusTooManyRequests) - return - } - - // Limit based on IP - limiter := h.colLimiter.GetIPLimiter(r.RemoteAddr) - if !limiter.Allow() { - http.Error(w, http.StatusText(http.StatusTooManyRequests), http.StatusTooManyRequests) - return - } - owner, err := address.NewFromString(r.FormValue("address")) if err != nil { w.WriteHeader(400) @@ -215,11 +202,25 @@ func (h *handler) mkminer(w http.ResponseWriter, r *http.Request) { log.Infof("mkactor on %s", owner) // Limit based on wallet address - limiter = h.colLimiter.GetWalletLimiter(owner.String()) + limiter := h.colLimiter.GetWalletLimiter(owner.String()) + if !limiter.Allow() { + http.Error(w, http.StatusText(http.StatusTooManyRequests), http.StatusTooManyRequests) + return + } + + // Limit based on IP + limiter = h.colLimiter.GetIPLimiter(r.RemoteAddr) if !limiter.Allow() { http.Error(w, http.StatusText(http.StatusTooManyRequests), http.StatusTooManyRequests) return } + + // General limiter owner allow throttling all messages that can make it into the mpool + if !h.colLimiter.Allow() { + http.Error(w, http.StatusText(http.StatusTooManyRequests), http.StatusTooManyRequests) + return + } + collateral, err := h.api.StatePledgeCollateral(r.Context(), nil) if err != nil { w.WriteHeader(400)