From bd873e65718063b6c2099104ef46d7373c858693 Mon Sep 17 00:00:00 2001
From: David Robertson <davidr@element.io>
Date: Tue, 28 Jun 2022 13:08:55 +0100
Subject: [PATCH] Define config for room-level join limiter

but don't use it in tests
---
 .../complement/conf/workers-shared-extra.yaml.j2 |  4 ++++
 docs/usage/configuration/config_documentation.md | 16 ++++++++++++++++
 synapse/config/ratelimiting.py                   |  7 +++++++
 tests/utils.py                                   |  1 +
 4 files changed, 28 insertions(+)

diff --git a/docker/complement/conf/workers-shared-extra.yaml.j2 b/docker/complement/conf/workers-shared-extra.yaml.j2
index 7c6a0fd756..20f3a012a0 100644
--- a/docker/complement/conf/workers-shared-extra.yaml.j2
+++ b/docker/complement/conf/workers-shared-extra.yaml.j2
@@ -67,6 +67,10 @@ rc_joins:
     per_second: 9999
     burst_count: 9999
 
+rc_joins_per_room:
+    per_second: 9999
+    burst_count: 9999
+
 rc_3pid_validation:
   per_second: 1000
   burst_count: 1000
diff --git a/docs/usage/configuration/config_documentation.md b/docs/usage/configuration/config_documentation.md
index 58a74ace48..ed874cd853 100644
--- a/docs/usage/configuration/config_documentation.md
+++ b/docs/usage/configuration/config_documentation.md
@@ -1380,6 +1380,22 @@ rc_joins:
     burst_count: 12
 ```
 ---
+### `rc_joins_per_room`
+
+This option allows for ratelimiting joins to a room based on the number of recent
+joins (local or remote) to that room. It is intended to mitigate mass-join spam
+waves which target multiple homeservers.
+
+Sensible values for this option are provided by default; most server admins
+won't need to adjust this setting.
+
+Example configuration:
+```yaml
+rc_joins_per_room:
+  per_second: 1
+  burst_count: 10
+```
+---
 ### `rc_3pid_validation`
 
 This option ratelimits how often a user or IP can attempt to validate a 3PID.
diff --git a/synapse/config/ratelimiting.py b/synapse/config/ratelimiting.py
index d4090a1f9a..f99e35cafa 100644
--- a/synapse/config/ratelimiting.py
+++ b/synapse/config/ratelimiting.py
@@ -112,6 +112,13 @@ class RatelimitConfig(Config):
             defaults={"per_second": 0.01, "burst_count": 10},
         )
 
+        # Track the rate of joins to a given room. If there are too many, temporarily
+        # prevent local joins and remote joins via this server.
+        self.rc_joins_per_room = RateLimitConfig(
+            config.get("rc_joins_per_room", {}),
+            defaults={"per_second": 1, "burst_count": 10},
+        )
+
         # Ratelimit cross-user key requests:
         # * For local requests this is keyed by the sending device.
         # * For requests received over federation this is keyed by the origin.
diff --git a/tests/utils.py b/tests/utils.py
index cabb2c0dec..4f097a97c2 100644
--- a/tests/utils.py
+++ b/tests/utils.py
@@ -151,6 +151,7 @@ def default_config(name, parse=False):
             "local": {"per_second": 10000, "burst_count": 10000},
             "remote": {"per_second": 10000, "burst_count": 10000},
         },
+        "rc_joins_per_room": {"per_second": 10000, "burst_count": 10000},
         "rc_invites": {
             "per_room": {"per_second": 10000, "burst_count": 10000},
             "per_user": {"per_second": 10000, "burst_count": 10000},