From c6bfdd45be4cd8194a8cbde66f35e118e7a4e4d1 Mon Sep 17 00:00:00 2001 From: binwiederhier Date: Wed, 8 Mar 2023 14:51:47 -0500 Subject: [PATCH] Increase allowed auth failure attempts, Increase maximum incremental backoff retry interval --- docs/releases.md | 2 ++ server/config.go | 2 +- server/server_test.go | 1 + web/src/app/Connection.js | 2 +- 4 files changed, 5 insertions(+), 2 deletions(-) diff --git a/docs/releases.md b/docs/releases.md index 6529f903..ed68cc7a 100644 --- a/docs/releases.md +++ b/docs/releases.md @@ -11,6 +11,8 @@ and the [ntfy Android app](https://github.com/binwiederhier/ntfy-android/release **Bug fixes + maintenance:** * `ntfy sub --poll --from-config` will now include authentication headers from client.yml (if applicable) ([#658](https://github.com/binwiederhier/ntfy/issues/658), thanks to [@wunter8](https://github.com/wunter8)) +* Increase allowed auth failure attempts per IP address to 30 (no ticket) +* Web app: Increase maximum incremental backoff retry interval to 2 minutes (no ticket) **Documentation:** diff --git a/server/config.go b/server/config.go index cc9539ba..ebf9ac1d 100644 --- a/server/config.go +++ b/server/config.go @@ -49,7 +49,7 @@ const ( DefaultVisitorEmailLimitReplenish = time.Hour DefaultVisitorAccountCreationLimitBurst = 3 DefaultVisitorAccountCreationLimitReplenish = 24 * time.Hour - DefaultVisitorAuthFailureLimitBurst = 10 + DefaultVisitorAuthFailureLimitBurst = 30 DefaultVisitorAuthFailureLimitReplenish = time.Minute DefaultVisitorAttachmentTotalSizeLimit = 100 * 1024 * 1024 // 100 MB DefaultVisitorAttachmentDailyBandwidthLimit = 500 * 1024 * 1024 // 500 MB diff --git a/server/server_test.go b/server/server_test.go index 032ec6ff..fdda5d96 100644 --- a/server/server_test.go +++ b/server/server_test.go @@ -796,6 +796,7 @@ func TestServer_Auth_Fail_CannotPublish(t *testing.T) { func TestServer_Auth_Fail_Rate_Limiting(t *testing.T) { c := newTestConfigWithAuthFile(t) + c.VisitorAuthFailureLimitBurst = 10 s := newTestServer(t, c) for i := 0; i < 10; i++ { diff --git a/web/src/app/Connection.js b/web/src/app/Connection.js index 8b795377..e86af78a 100644 --- a/web/src/app/Connection.js +++ b/web/src/app/Connection.js @@ -1,6 +1,6 @@ import {basicAuth, bearerAuth, encodeBase64Url, topicShortUrl, topicUrlWs} from "./utils"; -const retryBackoffSeconds = [5, 10, 15, 20, 30]; +const retryBackoffSeconds = [5, 10, 20, 30, 60, 120]; /** * A connection contains a single WebSocket connection for one topic. It handles its connection