Mercurial > prosody-modules

view mod_muc_limits/README.markdown @ 5682:527c747711f3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Limit revocation to clients own tokens in strict mode RFC 7009 section 2.1 states: > The authorization server first validates the client credentials (in > case of a confidential client) and then verifies whether the token was > issued to the client making the revocation request. If this > validation fails, the request is refused and the client is informed of > the error by the authorization server as described below. The first part was already covered (in strict mode). This adds the later part using the hash of client_id recorded in 0860497152af It still seems weird to me that revoking a leaked token should not be allowed whoever might have discovered it, as that seems the responsible thing to do.
author Kim Alvefur <zash@zash.se>
date Sun, 29 Oct 2023 11:30:49 +0100
parents ee335399d90e
children
line wrap: on
line source

---
labels:
- 'Stage-Beta'
summary: 'Impose rate-limits on a MUC'
...

Introduction
============

This module allows you to control the maximum rate of 'events' in a MUC
room. This makes it useful to prevent room floods (whether malicious or
accidental).

Details
=======

This module limits the following events:

-   Room joins
-   Nick changes
-   Status changes
-   Messages (including private messages)

The limit is for the room as a whole, not individual occupants in the
room. Users with an affiliation (members, admins and owners) are not
limited.

Configuration
=============

Add the module to the MUC host (not the global modules\_enabled):

```lua
Component "conference.example.com" "muc"
    modules_enabled = { "muc_limits" }
```

You can define (globally or per-MUC component) the following options:

  Name                        Default value   Description
  --------------------------- --------------- ----------------------------------------------------------
  muc_event_rate              0.5             The maximum number of events per second.
  muc_burst_factor            6               Allow temporary bursts of this multiple.
  muc_max_nick_length         23              The maximum allowed length of user nicknames
  muc_max_char_count          5664            The maximum allowed number of bytes in a message
  muc_max_line_count          23              The maximum allowed number of lines in a message
  muc_limit_base_cost         1               Base cost of sending a stanza
  muc_line_count_multiplier   0.1             Additional cost of each newline in the body of a message

For more understanding of how these values are used, see the algorithm
section below.

Algorithm
=========

A certain number of events are allowed per second, given by
muc\_event\_rate. An event rate of 1 allows one event per second, and
event rate of 3 allows three events per second, and 0.5 allows one event
every two seconds, and so on.

Obviously MUC conversations are not exactly steady streams of events.
Sometimes multiple people will talk at once. This is handled by the
muc\_burst\_factor option.

A burst factor of 2 will allow 2 times as many events at once, for 2
seconds, before throttling will be triggered. A factor of 5, 5 times as
many events for 5 seconds.

When the limit is reached, an error response will be generated telling
the user the MUC is overactive, and asking them to try again.

Compatibility
=============

  ------- -------
  trunk   Works
  0.11    Works
  ------- -------