feat: Throttle out call attempts to the max number per minute (#7742)

* feat: Make possible to reload config for filter rayo iq. * feat: Throttle out call attempts to the max number per minute * squash: Updates comment about config
2020-09-22 10:53:43 -05:00 · 2020-09-22 10:53:43 -05:00 · 8dcf04897a
parent 69b7301b9d
commit 8dcf04897a
1 changed files with 26 additions and 11 deletions
--- a/resources/prosody-plugins/mod_filter_iq_rayo.lua
+++ b/resources/prosody-plugins/mod_filter_iq_rayo.lua
@ -1,3 +1,4 @@
+local new_throttle = require "util.throttle".create;
 local st = require "util.stanza";

 local token_util = module:require "token/util".new(module);
@ -10,12 +11,19 @@ if token_util == nil then
    return;
 end

-- configuration to limit number of outgoing calls
-local LIMIT_OUTGOING_CALLS = module:get_option_number("max_number_outgoing_calls", -1);
+-- The maximum number of simultaneous calls,
+-- and also the maximum number of new calls per minute that a session is allowed to create.
+local limit_outgoing_calls;
+local function load_config()
+    limit_outgoing_calls = module:get_option_number("max_number_outgoing_calls", -1);
+end
+load_config();

 -- Header names to use to push extra data extracted from token, if any
 local OUT_INITIATOR_USER_ATTR_NAME = "X-outbound-call-initiator-user";
 local OUT_INITIATOR_GROUP_ATTR_NAME = "X-outbound-call-initiator-group";
+local OUTGOING_CALLS_THROTTLE_INTERVAL = 60; -- if max_number_outgoing_calls is enabled it will be
+                                             -- the max number of outgoing calls a user can try for a minute

 -- filters rayo iq in case of requested from not jwt authenticated sessions
 -- or if the session has features in user context and it doesn't mention
@ -53,15 +61,21 @@ module:hook("pre-iq/full", function(event)
            end

            -- now lets check any limits if configured
-            if LIMIT_OUTGOING_CALLS > 0
-                and get_concurrent_outgoing_count(
-                        session.jitsi_meet_context_user["id"],
-                        session.jitsi_meet_context_group) >= LIMIT_OUTGOING_CALLS
-            then
-                module:log("warn",
-                    "Filtering stanza dial, stanza:%s, outgoing calls limit reached", tostring(stanza));
-                session.send(st.error_reply(stanza, "cancel", "resource-constraint"));
-                return true;
+            if limit_outgoing_calls > 0 then
+                if not session.dial_out_throttle then
+                    module:log("debug", "Enabling dial-out throttle session=%s.", session);
+                    session.dial_out_throttle = new_throttle(limit_outgoing_calls, OUTGOING_CALLS_THROTTLE_INTERVAL);
+                end
+
+                if not session.dial_out_throttle:poll(1) -- we first check the throttle so we can mark one incoming dial for the balance
+                    or get_concurrent_outgoing_count(session.jitsi_meet_context_user["id"], session.jitsi_meet_context_group)
+                            >= limit_outgoing_calls
+                then
+                    module:log("warn",
+                        "Filtering stanza dial, stanza:%s, outgoing calls limit reached", tostring(stanza));
+                    session.send(st.error_reply(stanza, "cancel", "resource-constraint"));
+                    return true;
+                end
            end

            -- now lets insert token information if any
@ -163,3 +177,4 @@ function get_concurrent_outgoing_count(context_user, context_group)
    return count;
 end

+module:hook_global('config-reloaded', load_config);