Rate limiting for message sending

[geekgonecrazy]

Right now you could send as many messages as you want as fast as you want, and the server just has to take it.

We need to rate limit. Maybe configurable incase people want to be able to have a bot spam really quickly

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

[AdrianoCahete]

configurable

👍

Something like irc, maybe? Lines per second.
More than this, server just ignore and send a notice for the user.

[Sing-Li]

We might not have the time luxury to just rate-limit message sending anymore.

Rate limiting needs to be core of every single server-side method, directly or indirectly invokable by client. Rate limiting criterion may also vary per API.

This is another use-case for an interpreted policy system on top of our permissions and roles. For instance:

• adminstrators can change avatar at any time, as frequently as desired
• regular users can change avatar no more than once every 5 minutes

[marceloschmidt]

Started working on this: b97231b

Any ideas on how to improve this? Maybe adding toggles on settings? @RocketChat/owners

[marceloschmidt]

I agree with what somebody said in another issue. Too many settings will clutter everything and make it hard for any sysadmin to manage their instance. Do you think we should just stipulate our own limits?

[sampaiodiego]

I don't think a lot of settings are that bad.
maybe we could make a clean settings page with the most important/common settings and another tab/menu "advanced settings" with a lot of settings..

[marceloschmidt]

Whatever the case is, we definitely need a new settings page. Current layout is not user-friendly.

[sampaiodiego]

agreed!

2015-10-08 0:02 GMT-03:00 Marcelo Schmidt notifications@github.com:

Whatever the case is, we definitely need a new settings page. Current
layout is not user-friendly.

—
Reply to this email directly or view it on GitHub
#897 (comment)
.

.Diego Sampaio

[hostile123]

So we are year later. Was that sorted?

[geekgonecrazy]

@hostile we've enforced a limit. I can' remember what it is exactly, but its not configurable at the moment.

@marceloschmidt can you recall? I think this is the only reason this ticket remains open?

cc @RocketChat/core

[engelgabriel]

@marceloschmidt why was this part commented?

https://github.com/RocketChat/Rocket.Chat/blob/develop/packages/rocketchat-lib/server/methods/sendMessage.coffee#L44

Was it because of the import and slack bridge packages were calling the methods rather than the functions before? Can we uncomment this?

[engelgabriel]

Closed via 1c312af

[geekgonecrazy]

👍

@hostile so limit right now is: 5 msgs/second

[AdrianoCahete]

limit right now is: 5 msgs/second

User is notified when reach this limit?

[Setitch]

Can we also make an option for remove any limits from bots?

[graywolf336]

@Setitch if a user has the role of bot, I believe they are not limited.

[lorek123]

Is this applicable also for mobile users? I'm struggling with RocketChat/Rocket.Chat.Android#2008 and it seems that server is not rate limiting those.

[rodrigok]

@lorek123 it is, unless the user is a bot or admin