view mod_muc_limits/README.markdown @ 5589:7040d0772758

mod_http_oauth2: Implement RFC 8628 Device Authorization Grant Meant for devices without easy access to a web browser, such as refrigerators and toasters, which definitely need to be running OAuth-enabled XMPP clients! Could be used for CLI tools that might have trouble running a http server needed for the authorization code flow.
author Kim Alvefur <zash@zash.se>
date Mon, 10 Jul 2023 07:16:54 +0200
parents d52cc18f0aa8
children 6680a1f53353
line wrap: on
line source

---
labels:
- 'Stage-Beta'
summary: 'Impose rate-limits on a MUC'
...

Introduction
============

This module allows you to control the maximum rate of 'events' in a MUC
room. This makes it useful to prevent room floods (whether malicious or
accidental).

Details
=======

This module limits the following events:

-   Room joins
-   Nick changes
-   Status changes
-   Messages (including private messages)

The limit is for the room as a whole, not individual occupants in the
room. Users with an affiliation (members, admins and owners) are not
limited.

Configuration
=============

Add the module to the MUC host (not the global modules\_enabled):

        Component "conference.example.com" "muc"
            modules_enabled = { "muc_limits" }

You can define (globally or per-MUC component) the following options:

  Name                  Default value   Description
  --------------------- --------------- --------------------------------------------------
  muc_event_rate        0.5             The maximum number of events per second.
  muc_burst_factor      6               Allow temporary bursts of this multiple.
  muc_max_nick_length   23              The maximum allowed length of user nicknames
  muc_max_char_count    5664            The maximum allowed number of bytes in a message
  muc_max_line_count    23              The maximum allowed number of lines in a message

For more understanding of how these values are used, see the algorithm
section below.

Algorithm
=========

A certain number of events are allowed per second, given by
muc\_event\_rate. An event rate of 1 allows one event per second, and
event rate of 3 allows three events per second, and 0.5 allows one event
every two seconds, and so on.

Obviously MUC conversations are not exactly steady streams of events.
Sometimes multiple people will talk at once. This is handled by the
muc\_burst\_factor option.

A burst factor of 2 will allow 2 times as many events at once, for 2
seconds, before throttling will be triggered. A factor of 5, 5 times as
many events for 5 seconds.

When the limit is reached, an error response will be generated telling
the user the MUC is overactive, and asking them to try again.

Compatibility
=============

  ------- ------------------
  trunk   Works
  0.11    Works
  0.10    Works
  0.9     Works
  0.8     Doesn't work[^1]
  ------- ------------------

[^1]: This module can be made to work in 0.8 (and *maybe* previous
    versions) of Prosody by copying the new
    [util.throttle](http://hg.prosody.im/trunk/raw-file/fc8a22936b3c/util/throttle.lua)
    into your Prosody source directory (into the util/ subdirectory).