From 9e27d0f34555778a3df0e83b1e14643c06c22b97 Mon Sep 17 00:00:00 2001 From: lebaudantoine Date: Mon, 28 Apr 2025 19:40:16 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=9A=91=EF=B8=8F(frontend)=20throttle=20em?= =?UTF-8?q?oji=20reaction=20sending=20to=20prevent=20DoS=20attacks?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Apply rate limiting to emoji reactions after discovering malicious users using auto-clickers to flood the system and crash other participants' apps. --- .../livekit/components/controls/ReactionsToggle.tsx | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/frontend/src/features/rooms/livekit/components/controls/ReactionsToggle.tsx b/src/frontend/src/features/rooms/livekit/components/controls/ReactionsToggle.tsx index de299603..ee128d41 100644 --- a/src/frontend/src/features/rooms/livekit/components/controls/ReactionsToggle.tsx +++ b/src/frontend/src/features/rooms/livekit/components/controls/ReactionsToggle.tsx @@ -12,6 +12,7 @@ import { } from '@/features/rooms/livekit/components/ReactionPortal' import { Toolbar as RACToolbar } from 'react-aria-components' import { Participant } from 'livekit-client' +import useRateLimiter from '@/hooks/useRateLimiter' // eslint-disable-next-line react-refresh/only-export-components export const EMOJIS = ['👍', '👎', '👏', '❤️', '😂', '😮', '🎉'] @@ -56,6 +57,12 @@ export const ReactionsToggle = () => { }, ANIMATION_DURATION) } + const debouncedSendReaction = useRateLimiter({ + callback: sendReaction, + maxCalls: 10, + windowMs: 1000, + }) + // Custom animation implementation for the emoji toolbar // Could not use a menu and its animation, because a menu would make the toolbar inaccessible by keyboard // animation isn't perfect @@ -127,7 +134,7 @@ export const ReactionsToggle = () => { {EMOJIS.map((emoji, index) => (