Skip to content

Add configurable rate limiting for the creation of rooms. #18514

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Jul 24, 2025
Merged

Add configurable rate limiting for the creation of rooms. #18514

merged 7 commits into from
Jul 24, 2025

Conversation

@reivilibre
Copy link
Contributor

@reivilibre reivilibre commented Jun 4, 2025
edited
Loading

Default values will be 1 room per minute, with a burst count of 10.

It's hard to imagine most users will be affected by this default rate, but it's intentionally non-invasive in case of bots or other users that need to create rooms at a large rate.
Server admins might want to down-tune this on their deployments.

@reivilibre reivilibre requested a review from a team June 4, 2025 16:35
reivilibre
reivilibre commented Jun 4, 2025
View reviewed changes
synapse/handlers/room.py
Comment on lines +821 to +833
await self.common_request_ratelimiter.ratelimit(requester)
await self.creation_ratelimiter.ratelimit(requester)
Copy link
Contributor Author

@reivilibre reivilibre Jun 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's an open question if we want them both or not, but since room creation consuming tokens from the general bucket was implicitly relied upon by tests, I thought I should leave it like that for now

Copy link
Member

@devonh devonh Jun 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah - this is the bit I'm unsure of. Would need to dig into this further to see what we should be doing here, and if this is in fact the right thing to do.

reivilibre
reivilibre commented Jun 4, 2025
View reviewed changes
devonh
devonh reviewed Jun 4, 2025
View reviewed changes
synapse/config/ratelimiting.py
self.rc_room_creation = RatelimitSettings.parse(
config,
"rc_room_creation",
defaults={"per_second": 0.016, "burst_count": 10},
Copy link
Member

@devonh devonh Jun 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

interesting per_second value... almost 1 per minute?
I don't have a problem with it, but it might warrant a comment

Copy link
Contributor Author

@reivilibre reivilibre Jun 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hmm yeah, not sure what would be a good default

@devonh
Copy link
Member

devonh commented Jun 4, 2025

Oh, and in general this PR will need to update the docs to refect the new config option.
But that can be done after this is out of draft :)

@reivilibre reivilibre force-pushed the rei/ratelimit_room_creation branch from d305fb4 to 98ed365 Compare June 6, 2025 10:39
@github-actions github-actions bot deployed to PR Documentation Preview June 6, 2025 10:40 Active
@github-actions github-actions bot deployed to PR Documentation Preview June 6, 2025 11:10 Active
reivilibre added a commit to matrix-org/sytest that referenced this pull request Jun 6, 2025
@reivilibre
Give SyTest an exemption from Synapse room creation rate limiting
1ea8f53 
Tracks element-hq/synapse#18514
@reivilibre reivilibre mentioned this pull request Jun 6, 2025
Merged
@github-actions github-actions bot deployed to PR Documentation Preview June 9, 2025 14:18 Active
@reivilibre reivilibre marked this pull request as ready for review June 20, 2025 11:53
@reivilibre reivilibre requested a review from a team June 20, 2025 11:54
erikjohnston
erikjohnston approved these changes Jun 25, 2025
View reviewed changes
Copy link
Member

@erikjohnston erikjohnston left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Though has merge conflicts

reivilibre added a commit to matrix-org/sytest that referenced this pull request Jun 30, 2025
@reivilibre
Give SyTest an exemption from Synapse room creation rate limiting (#1405
bb83c6f 
)

Tracks element-hq/synapse#18514
@reivilibre reivilibre enabled auto-merge (squash) July 23, 2025 15:33
@github-actions github-actions bot deployed to PR Documentation Preview July 23, 2025 15:33 Active
@reivilibre reivilibre merged commit 8344c94 into develop Jul 24, 2025
84 of 87 checks passed
@reivilibre reivilibre deleted the rei/ratelimit_room_creation branch July 24, 2025 14:08
@t3chguy t3chguy mentioned this pull request Jul 29, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@devonh devonh devonh left review comments

@erikjohnston erikjohnston erikjohnston approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@reivilibre @devonh @erikjohnston