[bisq-network/bisq] Define gRPC api call rate constraints (#5103)
Stan
notifications at github.com
Mon Jan 25 18:00:46 CET 2021
@ghubstan commented on this pull request.
> +
+ final ServerInterceptor[] interceptors() {
+ Optional<ServerInterceptor> rateMeteringInterceptor = rateMeteringInterceptor();
+ return rateMeteringInterceptor.map(serverInterceptor ->
+ new ServerInterceptor[]{serverInterceptor}).orElseGet(() -> new ServerInterceptor[0]);
+ }
+
+ final Optional<ServerInterceptor> rateMeteringInterceptor() {
+ CallRateMeteringInterceptor defaultCallRateMeteringInterceptor =
+ new CallRateMeteringInterceptor(new HashMap<>() {{
+ put("getBalances", new GrpcCallRateMeter(1, SECONDS));
+ put("getAddressBalance", new GrpcCallRateMeter(1, SECONDS));
+ put("getFundingAddresses", new GrpcCallRateMeter(1, SECONDS));
+ put("getUnusedBsqAddress", new GrpcCallRateMeter(1, SECONDS));
+ put("sendBsq", new GrpcCallRateMeter(1, MINUTES));
+ put("sendBtc", new GrpcCallRateMeter(1, MINUTES));
This is not to protect against malicious attacks. A lot more analysis is needed for that.
The rate metering is to help prevent scripting mistakes. We don't want anyone accidentally spamming the network with a create offer loop, or anyone accidentally emptying her own wallet.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/bisq/pull/5103#discussion_r563884011
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20210125/f332a075/attachment.htm>
More information about the bisq-github
mailing list