1
0
mirror of https://github.com/node-red/node-red-nodes.git synced 2023-10-10 13:36:58 +02:00

Attempt to mitigate stream server connect feedback loop

Pushbullet dev here. Around 36 hours ago we started receiving around 750 additional requests per second to connect to our stream server. I blocked around 50 - 100 IP addresses to mitigate the spam. This spam traffic has continued unchanged since then.

I don't know for sure what caused this, but one user came forward reporting issues with their Node-Red setup after I banned the IPs (status code is my banned IP status code which is pretty compelling evidence). I can't be sure what is causing the issue since no User-Agent is included in the requests, but it for sure is at least partly Node-Red API users. I'd like to work on mitigating this since mitigating the spam traffic costs money.

My first theory here is in this PR. I am not aware of any guarantees that you'll never get multiple 'error' events, so it makes sense to clear the timeout before setting a new one to reconnect. Even if it is just defensive, it may not have much cost? If you do get multiple error events without this change, it is possible to trigger many connect() requests which can error out and then trigger many more connect() requests with lots of timeouts, which is not good.

Another thing to consider is that this library's dependency for PB (https://github.com/alexwhitman/node-pushbullet-api) already has code to reconnect if a websocket connection is lost without having been properly closed. I think an even better solution is verifying this works and then deleting the reconnect logic from here.

I'm not an expert on Node-Red though so I am only trying to offer suggestions to ensure everyone is a good citizen when using our API :) Thanks!
This commit is contained in:
guzba 2020-10-13 16:27:30 -05:00 committed by GitHub
parent f599797144
commit ff9d21827d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -125,6 +125,7 @@ module.exports = function(RED) {
stream.on('close', function() { stream.on('close', function() {
self.emitter.emit('stream_disconnected'); self.emitter.emit('stream_disconnected');
if (!closing) { if (!closing) {
if (tout) { clearTimeout(tout); }
tout = setTimeout(function() { tout = setTimeout(function() {
stream.connect(); stream.connect();
}, 15000); }, 15000);
@ -133,6 +134,7 @@ module.exports = function(RED) {
stream.on('error', function(err) { stream.on('error', function(err) {
self.emitter.emit('stream_error', err); self.emitter.emit('stream_error', err);
if (!closing) { if (!closing) {
if (tout) { clearTimeout(tout); }
tout = setTimeout(function() { tout = setTimeout(function() {
stream.connect(); stream.connect();
}, 15000); }, 15000);