Server: update check throttling

Refs #1867
M66B · Aug 16, 2014 · b0bf0a2 · b0bf0a2
1 parent 4cf29bf
commit b0bf0a2
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 13 deletions.
diff --git a/server/index.php b/server/index.php
@@ -207,7 +207,7 @@ function log_error($message, $my_email, $data = null) {
 					$sql = "INSERT INTO xprivacy (android_id_md5, android_sdk, xprivacy_version,";
 					$sql .= " package_name, package_version, package_version_code,";
 					$sql .= " restriction, method, restricted, allowed, used) VALUES ";
-					$sql .= "('" . $data->android_id . "'";
+					$sql .= "('" . $db->real_escape_string($data->android_id) . "'";
 					$sql .= "," . $db->real_escape_string($data->android_sdk) . "";
 					$sql .= "," . (empty($data->xprivacy_version) ? 'NULL' : (int)$data->xprivacy_version) . "";
 					$sql .= ",'" . $db->real_escape_string($data->package_name[$i]) . "'";
@@ -336,6 +336,24 @@ function log_error($message, $my_email, $data = null) {
 				exit();
 			}
 
+			// Throttling
+			if (empty($data->android_id))
+				$data->android_id = '';
+			else {
+				$sql = "SELECT UNIX_TIMESTAMP(MAX(time)) AS time FROM xprivacy_update";
+				$sql .= " WHERE android_id_md5 = '" . $db->real_escape_string($data->android_id) . "'";
+				$result = $db->query($sql);
+				if ($result) {
+					if (($row = $result->fetch_object()))
+						if ($row->time + 3600 > time()) {
+							header($_SERVER['SERVER_PROTOCOL'] . ' 429 Too Many Requests');
+							exit();
+						}
+				}
+				else
+					log_error('update: error=' . $db->error . ' query=' . $sql, $my_email, $data);
+			}
+
 			$folder = 'release';
 			if (!empty($data->test_versions) && $data->test_versions)
 				$folder = 'test';
@@ -350,9 +368,10 @@ function log_error($message, $my_email, $data = null) {
 						$latest = $version;
 				}
 
-			$sql = "INSERT INTO xprivacy_update (installed_version, test_versions, current_version)";
+			$sql = "INSERT INTO xprivacy_update (android_id_md5, installed_version, test_versions, current_version)";
 			$sql .= " VALUES (";
-			$sql .= "'" . $db->real_escape_string($data->xprivacy_version_name) . "'";
+			$sql .= "'" . $db->real_escape_string($data->android_id) . "'";
+			$sql .= ", '" . $db->real_escape_string($data->xprivacy_version_name) . "'";
 			$sql .= ", " . (int)$data->test_versions;
 			$sql .= ", '" . $db->real_escape_string($latest) . "'";
 			$sql .= ")";

diff --git a/server/xprivacy.sql b/server/xprivacy.sql
@@ -3,7 +3,7 @@
 -- http://www.phpmyadmin.net
 --
 -- Host: localhost
--- Generation Time: Aug 07, 2014 at 11:19 AM
+-- Generation Time: Aug 16, 2014 at 12:13 PM
 -- Server version: 5.6.19-1~dotdeb.1-log
 -- PHP Version: 5.5.15-1~dotdeb.1
 
@@ -41,7 +41,7 @@ CREATE TABLE IF NOT EXISTS `xprivacy` (
   `used` bigint(13) NOT NULL,
   `modified` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
   `updates` int(11) NOT NULL DEFAULT '1'
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=7877581 ;
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=8170557 ;
 
 -- --------------------------------------------------------
 
@@ -56,7 +56,7 @@ CREATE TABLE IF NOT EXISTS `xprivacy_app` (
   `package_version` text CHARACTER SET utf8 NOT NULL,
   `package_version_code` int(11) NOT NULL,
   `modified` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
-) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=54080 ;
+) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=54865 ;
 
 -- --------------------------------------------------------
 
@@ -67,10 +67,11 @@ CREATE TABLE IF NOT EXISTS `xprivacy_app` (
 CREATE TABLE IF NOT EXISTS `xprivacy_update` (
 `id` int(11) NOT NULL,
   `time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
-  `installed_version` text NOT NULL,
+  `android_id_md5` text CHARACTER SET utf8,
+  `installed_version` text CHARACTER SET utf8 NOT NULL,
   `test_versions` int(11) NOT NULL,
-  `current_version` text NOT NULL
-) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ;
+  `current_version` text CHARACTER SET utf8 NOT NULL
+) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=1256 ;
 
 --
 -- Indexes for dumped tables
@@ -92,7 +93,7 @@ ALTER TABLE `xprivacy_app`
 -- Indexes for table `xprivacy_update`
 --
 ALTER TABLE `xprivacy_update`
- ADD PRIMARY KEY (`id`);
+ ADD PRIMARY KEY (`id`), ADD KEY `android_id` (`android_id_md5`(50));
 
 --
 -- AUTO_INCREMENT for dumped tables
@@ -102,17 +103,17 @@ ALTER TABLE `xprivacy_update`
 -- AUTO_INCREMENT for table `xprivacy`
 --
 ALTER TABLE `xprivacy`
-MODIFY `id` int(11) NOT NULL AUTO_INCREMENT,AUTO_INCREMENT=7877581;
+MODIFY `id` int(11) NOT NULL AUTO_INCREMENT,AUTO_INCREMENT=8170557;
 --
 -- AUTO_INCREMENT for table `xprivacy_app`
 --
 ALTER TABLE `xprivacy_app`
-MODIFY `id` int(11) NOT NULL AUTO_INCREMENT,AUTO_INCREMENT=54080;
+MODIFY `id` int(11) NOT NULL AUTO_INCREMENT,AUTO_INCREMENT=54865;
 --
 -- AUTO_INCREMENT for table `xprivacy_update`
 --
 ALTER TABLE `xprivacy_update`
-MODIFY `id` int(11) NOT NULL AUTO_INCREMENT,AUTO_INCREMENT=2;
+MODIFY `id` int(11) NOT NULL AUTO_INCREMENT,AUTO_INCREMENT=1256;
 /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
 /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
 /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;