From b0bf0a2fe2c079c6b0b54db0b5ba9d9575c59410 Mon Sep 17 00:00:00 2001 From: M66B Date: Sat, 16 Aug 2014 12:37:28 +0200 Subject: [PATCH] Server: update check throttling Refs #1867 --- server/index.php | 25 ++++++++++++++++++++++--- server/xprivacy.sql | 21 +++++++++++---------- 2 files changed, 33 insertions(+), 13 deletions(-) diff --git a/server/index.php b/server/index.php index d86079483..7b33253d6 100644 --- a/server/index.php +++ b/server/index.php @@ -207,7 +207,7 @@ function log_error($message, $my_email, $data = null) { $sql = "INSERT INTO xprivacy (android_id_md5, android_sdk, xprivacy_version,"; $sql .= " package_name, package_version, package_version_code,"; $sql .= " restriction, method, restricted, allowed, used) VALUES "; - $sql .= "('" . $data->android_id . "'"; + $sql .= "('" . $db->real_escape_string($data->android_id) . "'"; $sql .= "," . $db->real_escape_string($data->android_sdk) . ""; $sql .= "," . (empty($data->xprivacy_version) ? 'NULL' : (int)$data->xprivacy_version) . ""; $sql .= ",'" . $db->real_escape_string($data->package_name[$i]) . "'"; @@ -336,6 +336,24 @@ function log_error($message, $my_email, $data = null) { exit(); } + // Throttling + if (empty($data->android_id)) + $data->android_id = ''; + else { + $sql = "SELECT UNIX_TIMESTAMP(MAX(time)) AS time FROM xprivacy_update"; + $sql .= " WHERE android_id_md5 = '" . $db->real_escape_string($data->android_id) . "'"; + $result = $db->query($sql); + if ($result) { + if (($row = $result->fetch_object())) + if ($row->time + 3600 > time()) { + header($_SERVER['SERVER_PROTOCOL'] . ' 429 Too Many Requests'); + exit(); + } + } + else + log_error('update: error=' . $db->error . ' query=' . $sql, $my_email, $data); + } + $folder = 'release'; if (!empty($data->test_versions) && $data->test_versions) $folder = 'test'; @@ -350,9 +368,10 @@ function log_error($message, $my_email, $data = null) { $latest = $version; } - $sql = "INSERT INTO xprivacy_update (installed_version, test_versions, current_version)"; + $sql = "INSERT INTO xprivacy_update (android_id_md5, installed_version, test_versions, current_version)"; $sql .= " VALUES ("; - $sql .= "'" . $db->real_escape_string($data->xprivacy_version_name) . "'"; + $sql .= "'" . $db->real_escape_string($data->android_id) . "'"; + $sql .= ", '" . $db->real_escape_string($data->xprivacy_version_name) . "'"; $sql .= ", " . (int)$data->test_versions; $sql .= ", '" . $db->real_escape_string($latest) . "'"; $sql .= ")"; diff --git a/server/xprivacy.sql b/server/xprivacy.sql index 89cecae89..4b5018a2b 100644 --- a/server/xprivacy.sql +++ b/server/xprivacy.sql @@ -3,7 +3,7 @@ -- http://www.phpmyadmin.net -- -- Host: localhost --- Generation Time: Aug 07, 2014 at 11:19 AM +-- Generation Time: Aug 16, 2014 at 12:13 PM -- Server version: 5.6.19-1~dotdeb.1-log -- PHP Version: 5.5.15-1~dotdeb.1 @@ -41,7 +41,7 @@ CREATE TABLE IF NOT EXISTS `xprivacy` ( `used` bigint(13) NOT NULL, `modified` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, `updates` int(11) NOT NULL DEFAULT '1' -) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=7877581 ; +) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=8170557 ; -- -------------------------------------------------------- @@ -56,7 +56,7 @@ CREATE TABLE IF NOT EXISTS `xprivacy_app` ( `package_version` text CHARACTER SET utf8 NOT NULL, `package_version_code` int(11) NOT NULL, `modified` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP -) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=54080 ; +) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=54865 ; -- -------------------------------------------------------- @@ -67,10 +67,11 @@ CREATE TABLE IF NOT EXISTS `xprivacy_app` ( CREATE TABLE IF NOT EXISTS `xprivacy_update` ( `id` int(11) NOT NULL, `time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, - `installed_version` text NOT NULL, + `android_id_md5` text CHARACTER SET utf8, + `installed_version` text CHARACTER SET utf8 NOT NULL, `test_versions` int(11) NOT NULL, - `current_version` text NOT NULL -) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ; + `current_version` text CHARACTER SET utf8 NOT NULL +) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1256 ; -- -- Indexes for dumped tables @@ -92,7 +93,7 @@ ALTER TABLE `xprivacy_app` -- Indexes for table `xprivacy_update` -- ALTER TABLE `xprivacy_update` - ADD PRIMARY KEY (`id`); + ADD PRIMARY KEY (`id`), ADD KEY `android_id` (`android_id_md5`(50)); -- -- AUTO_INCREMENT for dumped tables @@ -102,17 +103,17 @@ ALTER TABLE `xprivacy_update` -- AUTO_INCREMENT for table `xprivacy` -- ALTER TABLE `xprivacy` -MODIFY `id` int(11) NOT NULL AUTO_INCREMENT,AUTO_INCREMENT=7877581; +MODIFY `id` int(11) NOT NULL AUTO_INCREMENT,AUTO_INCREMENT=8170557; -- -- AUTO_INCREMENT for table `xprivacy_app` -- ALTER TABLE `xprivacy_app` -MODIFY `id` int(11) NOT NULL AUTO_INCREMENT,AUTO_INCREMENT=54080; +MODIFY `id` int(11) NOT NULL AUTO_INCREMENT,AUTO_INCREMENT=54865; -- -- AUTO_INCREMENT for table `xprivacy_update` -- ALTER TABLE `xprivacy_update` -MODIFY `id` int(11) NOT NULL AUTO_INCREMENT,AUTO_INCREMENT=2; +MODIFY `id` int(11) NOT NULL AUTO_INCREMENT,AUTO_INCREMENT=1256; /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;