clio/DOSGuard_8hpp_source.html

//------------------------------------------------------------------------------

/*

    This file is part of clio: https://github.com/XRPLF/clio

    Copyright (c) 2022, the clio developers.


    Permission to use, copy, modify, and distribute this software for any

    purpose with or without fee is hereby granted, provided that the above

    copyright notice and this permission notice appear in all copies.


    THE  SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

    WITH  REGARD  TO  THIS  SOFTWARE  INCLUDING  ALL  IMPLIED  WARRANTIES  OF

    MERCHANTABILITY  AND  FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR

    ANY  SPECIAL,  DIRECT,  INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

    WHATSOEVER  RESULTING  FROM  LOSS  OF USE, DATA OR PROFITS, WHETHER IN AN

    ACTION  OF  CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

*/

//==============================================================================


#pragma once


#include "util/Mutex.hpp"

#include "util/config/ConfigDefinition.hpp"

#include "util/log/Logger.hpp"

#include "web/dosguard/DOSGuardInterface.hpp"

#include "web/dosguard/WeightsInterface.hpp"

#include "web/dosguard/WhitelistHandlerInterface.hpp"


#include <boost/asio.hpp>

#include <boost/iterator/transform_iterator.hpp>

#include <boost/json/object.hpp>

#include <boost/system/error_code.hpp>


#include <cstdint>

#include <functional>

#include <string>

#include <string_view>

#include <unordered_map>

#include <unordered_set>


namespace web::dosguard {


class DOSGuard : public DOSGuardInterface {

    struct ClientState {

        std::uint32_t transferredByte = 0;

        std::uint32_t requestsCount = 0;

    };


    struct State {

        std::unordered_map<std::string, ClientState> ipState;

        std::unordered_map<std::string, std::uint32_t> ipConnCount;

    };

    util::Mutex<State> mtx_;


    std::reference_wrapper<WhitelistHandlerInterface const> whitelistHandler_;

    std::reference_wrapper<WeightsInterface const> weights_;


    std::uint32_t const maxFetches_;

    std::uint32_t const maxConnCount_;

    std::uint32_t const maxRequestCount_;

    util::Logger log_{"RPC"};


public:

    DOSGuard(

        util::config::ClioConfigDefinition const& config,

        WhitelistHandlerInterface const& whitelistHandler,

        WeightsInterface const& weights

    );


    [[nodiscard]] bool

    isWhiteListed(std::string_view const ip) const noexcept override;


    [[nodiscard]] bool

    isOk(std::string const& ip) const noexcept override;


    void

    increment(std::string const& ip) noexcept override;


    void

    decrement(std::string const& ip) noexcept override;


    [[maybe_unused]] bool

    add(std::string const& ip, uint32_t numObjects) noexcept override;


    [[maybe_unused]] bool

    request(std::string const& ip, boost::json::object const& request) override;


    void

    clear() noexcept override;


private:

    [[nodiscard]] static std::unordered_set<std::string>

    getWhitelist(util::config::ClioConfigDefinition const& config);

};


}  // namespace web::dosguard

util::Logger
A simple thread-safe logger for the channel specified in the constructor.
Definition Logger.hpp:111

util::Mutex
A container for data that is protected by a mutex. Inspired by Mutex in Rust.
Definition Mutex.hpp:96

util::config::ClioConfigDefinition
All the config data will be stored and extracted from this class.
Definition ConfigDefinition.hpp:54

web::dosguard::DOSGuardInterface
The interface of a denial of service guard.
Definition DOSGuardInterface.hpp:46

web::dosguard::DOSGuard
A simple denial of service guard used for rate limiting.
Definition DOSGuard.hpp:48

web::dosguard::DOSGuard::isWhiteListed
bool isWhiteListed(std::string_view const ip) const noexcept override
Check whether an ip address is in the whitelist or not.
Definition DOSGuard.cpp:57

web::dosguard::DOSGuard::clear
void clear() noexcept override
Instantly clears all fetch counters added by.
Definition DOSGuard.cpp:142

web::dosguard::DOSGuard::request
bool request(std::string const &ip, boost::json::object const &request) override
Adds one request for the given ip address.
Definition DOSGuard.cpp:126

web::dosguard::DOSGuard::increment
void increment(std::string const &ip) noexcept override
Increment connection count for the given ip address.
Definition DOSGuard.cpp:91

web::dosguard::DOSGuard::isOk
bool isOk(std::string const &ip) const noexcept override
Check whether an ip address is currently rate limited or not.
Definition DOSGuard.cpp:63

web::dosguard::DOSGuard::decrement
void decrement(std::string const &ip) noexcept override
Decrement connection count for the given ip address.
Definition DOSGuard.cpp:100

web::dosguard::DOSGuard::DOSGuard
DOSGuard(util::config::ClioConfigDefinition const &config, WhitelistHandlerInterface const &whitelistHandler, WeightsInterface const &weights)
Constructs a new DOS guard.
Definition DOSGuard.cpp:43

web::dosguard::DOSGuard::add
bool add(std::string const &ip, uint32_t numObjects) noexcept override
Adds numObjects of usage for the given ip address.
Definition DOSGuard.cpp:112

web::dosguard::WeightsInterface
Interface for determining request weights in DOS protection.
Definition WeightsInterface.hpp:34

web::dosguard::WhitelistHandlerInterface
Interface for a whitelist handler.
Definition WhitelistHandlerInterface.hpp:29