From 46155122859657e674a0fab097c6812349c35274 Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Thu, 8 Nov 2018 21:35:58 +0100
Subject: [PATCH] Reduce connect timeout limit and limit signature failures by
 source IP (#9236)

* Reduce connect timeout from 10s to 1s

* Limit failing signature verifications per source IP
---
 app/controllers/concerns/signature_verification.rb | 7 ++++++-
 app/lib/request.rb                                 | 2 +-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/app/controllers/concerns/signature_verification.rb b/app/controllers/concerns/signature_verification.rb
index e5d5e2ca61..7e491641b3 100644
--- a/app/controllers/concerns/signature_verification.rb
+++ b/app/controllers/concerns/signature_verification.rb
@@ -43,7 +43,12 @@ module SignatureVerification
       return
     end
 
-    account = account_from_key_id(signature_params['keyId'])
+    account_stoplight = Stoplight("source:#{request.ip}") { account_from_key_id(signature_params['keyId']) }
+      .with_fallback { nil }
+      .with_threshold(1)
+      .with_cool_off_time(5.minutes.seconds)
+
+    account = account_stoplight.run
 
     if account.nil?
       @signature_verification_failure_reason = "Public key not found for key #{signature_params['keyId']}"
diff --git a/app/lib/request.rb b/app/lib/request.rb
index 36c211dbfe..73b495ce19 100644
--- a/app/lib/request.rb
+++ b/app/lib/request.rb
@@ -94,7 +94,7 @@ class Request
   end
 
   def timeout
-    { write: 10, connect: 10, read: 10 }
+    { connect: 1, read: 10, write: 10 }
   end
 
   def http_client