Implement rate limiting of add_chain

1 files changed, 18 insertions, 0 deletions

diff --git a/tools/compileconfig.py b/tools/compileconfig.py
index d90d96d..c48ba66 100755
--- a/tools/compileconfig.py
+++ b/tools/compileconfig.py
@@ -150,6 +150,21 @@ def allowed_servers_frontend(signingnodenames, storagenodenames):
         ("/ct/signing/sct", signingnodenames),
     ]
 
+def parse_ratelimit_expression(expression):
+    if expression == "none":
+        return Symbol("none")
+    parts = expression.split(" ")
+    if not (len(parts) == 3 and parts[1] == 'per' and parts[2] in ["second", "minute", "hour"]):
+        print >>sys.stderr, "Ratelimit expressions must have the format \"<frequency> per second|minute|hour\" or \"none\""
+        sys.exit(1)
+    return (int(parts[0]), Symbol(parts[2]))
+
+def parse_ratelimit((type, description)):
+    descriptions = [parse_ratelimit_expression(s.strip()) for s in description.split(",")]
+    if len(descriptions) != 1:
+        print >>sys.stderr, "%s: Only one ratelimit expression supported right now" % (type,)
+    return (Symbol(type), descriptions)
+
 def gen_config(nodename, config, localconfig):
     print "generating config for", nodename
     paths = localconfig["paths"]
@@ -171,6 +186,9 @@ def gen_config(nodename, config, localconfig):
         catlfishconfig.append((Symbol("known_roots_path"), localconfig["paths"]["knownroots"]))
         if "sctcaching" in options:
             catlfishconfig.append((Symbol("sctcache_root_path"), paths["db"] + "sctcache/"))
+        if localconfig["ratelimits"]:
+            ratelimits = map(parse_ratelimit, localconfig["ratelimits"].items())
+            catlfishconfig.append((Symbol("ratelimits"), ratelimits))
 
     catlfishconfig += [
         (Symbol("https_servers"), https_servers),