feat(BRIDGE-464): add the ability to limit the amount of IMAP connections via client

Author: annatar

builder.go

@@ -11,6 +11,7 @@ import (
 	"github.com/ProtonMail/gluon/db"
 	"github.com/ProtonMail/gluon/imap"
 	"github.com/ProtonMail/gluon/imap/connectioncounter"
+	"github.com/ProtonMail/gluon/imap/connectionlimiter"
 	"github.com/ProtonMail/gluon/internal/backend"
 	"github.com/ProtonMail/gluon/internal/db_impl/sqlite3"
 	"github.com/ProtonMail/gluon/internal/session"
@@ -46,6 +47,7 @@ type serverBuilder struct {
 	observabilitySender      observability.Sender
 	featureFlagProvider      unleash.FeatureFlagValueProvider
 	connectionRollingCounter *connectioncounter.RollingCounter
+	connectionLimiter        connectionlimiter.ConnectionLimiter
 }
 
 func newBuilder() (*serverBuilder, error) {
@@ -139,6 +141,7 @@ func (builder *serverBuilder) build() (*Server, error) {
 		observabilitySender:      builder.observabilitySender,
 		connectionRollingCounter: builder.connectionRollingCounter,
 		featureFlagProvider:      builder.featureFlagProvider,
+		clientLimiter:            builder.connectionLimiter,
 	}
 
 	return s, nil

imap/connectioncounter/connectioncounter.go

@@ -138,10 +138,21 @@ func (rc *RollingCounter) GetRollingCount() int {
 	rc.bucketLock.Lock()
 	defer rc.bucketLock.Unlock()
 
-	var rollingCount int
+	return rc.getRollingCountUnlocked()
+}
+
+func (rc *RollingCounter) OverThreshold() bool {
+	rc.bucketLock.Lock()
+	defer rc.bucketLock.Unlock()
+
+	return rc.getRollingCountUnlocked() >= rc.newConnectionThreshold
+}
+
+func (rc *RollingCounter) getRollingCountUnlocked() int {
+	var rollingCount int 
 	for _, count := range rc.buckets {
 		rollingCount += count
 	}
 
 	return rollingCount
-}
+}

imap/connectionlimiter/client.go

@@ -0,0 +1,30 @@
+package connectionlimiter
+
+import (
+	"strings"
+
+	"github.com/ProtonMail/gluon/imap"
+)
+
+type Client string
+
+const (
+	ClientAppleMail   Client = "apple-mail"
+	ClientOutlook     Client = "outlook"
+	ClientThunderbird Client = "thunderbird"
+	ClientUnknown     Client = "unknown"
+)
+
+func normalizeClientKey(id imap.IMAPID) Client {
+	name := strings.TrimSpace(strings.ToLower(id.Name))
+	switch {
+	case strings.Contains(name, "mac") || strings.Contains(name, "os x") || strings.Contains(name, "apple"):
+		return ClientAppleMail
+	case strings.Contains(name, "outlook"):
+		return ClientOutlook
+	case strings.Contains(name, "thunderbird"):
+		return ClientThunderbird
+	default:
+		return ClientUnknown
+	}
+}

imap/connectionlimiter/limiter.go

@@ -0,0 +1,141 @@
+package connectionlimiter
+
+import (
+	"sync"
+
+	"github.com/ProtonMail/gluon/imap"
+	"github.com/sirupsen/logrus"
+)
+
+type ConnectionLimiter interface {
+	//TryBind tries to bind a given sessionID to a client.
+	TryBind(sessionID int, id imap.IMAPID) (allowed bool, key Client, current int, max int)
+
+	//Unbind unbinds a given sessionID from a client.
+	Unbind(sessionID int)
+}
+
+type limiter struct {
+	mu     sync.Mutex
+	limits Limits
+
+	//sessionID mapping to normalized client key
+	sessionClient map[int]Client
+
+	//normalized key mapping to current open sessions
+	clientCount map[Client]int
+
+	log *logrus.Entry
+}
+
+func NewConnectionLimiter(limits Limits) ConnectionLimiter {
+	return newLimiter(limits)
+}
+
+func newLimiter(limits Limits) *limiter {
+	log := logrus.WithFields(logrus.Fields{
+		"pkg":    "gluon/connectionlimiter",
+		"limits": limits,
+	})
+
+	return &limiter{
+		limits:        limits,
+		sessionClient: make(map[int]Client),
+		clientCount:   make(map[Client]int),
+		log:           log,
+	}
+}
+
+func (l *limiter) TryBind(sessionID int, id imap.IMAPID) (allowed bool, key Client, current int, max int) {
+	l.mu.Lock()
+	defer l.mu.Unlock()
+
+	key = normalizeClientKey(id)
+
+	// already bound to this client, no-op allow
+	if prev, ok := l.sessionClient[sessionID]; ok && prev == key {
+		maxUsages := l.maxForKey(key)
+		l.log.WithFields(logrus.Fields{
+			"sessionID": sessionID,
+			"client":    key,
+			"current":   l.clientCount[key],
+			"max":       max,
+		}).Info("Already bound to this client, no-op allow")
+		return true, key, l.clientCount[key], maxUsages
+	}
+
+	// if rebind, release the old key first
+	if prev, ok := l.sessionClient[sessionID]; ok {
+		if c := l.clientCount[prev]; c > 0 {
+			l.log.WithFields(logrus.Fields{
+				"sessionID": sessionID,
+				"client":    prev,
+				"current":   c,
+			}).Info("Releasing old client")
+			l.clientCount[prev] = c - 1
+		}
+
+	}
+
+	max = l.maxForKey(key)
+	cur := l.clientCount[key]
+
+	if max > 0 && cur >= max {
+		delete(l.sessionClient, sessionID)
+		return false, key, cur, max
+	}
+
+	l.clientCount[key] = cur + 1
+	l.sessionClient[sessionID] = key
+
+	l.log.WithFields(logrus.Fields{
+		"sessionID": sessionID,
+		"client":    key,
+		"current":   l.clientCount[key],
+		"max":       max,
+	}).Debug("Binding session to client")
+
+	return true, key, l.clientCount[key], max
+}
+
+func (l *limiter) Unbind(sessionID int) {
+	l.mu.Lock()
+	defer l.mu.Unlock()
+
+	key, ok := l.sessionClient[sessionID]
+	if !ok {
+		return
+	}
+	delete(l.sessionClient, sessionID)
+
+	if c := l.clientCount[key]; c > 1 {
+		l.clientCount[key] = c - 1
+
+		l.log.WithFields(logrus.Fields{
+			"sessionID": sessionID,
+			"client":    key,
+			"current":   l.clientCount[key],
+		}).Debug("Unbinding session from client")
+
+	} else {
+		delete(l.clientCount, key)
+
+		l.log.WithFields(logrus.Fields{
+			"sessionID": sessionID,
+			"client":    key,
+		}).Debug("Unbinding session from client")
+	}
+}
+
+func (l *limiter) maxForKey(key Client) int {
+	if limit, ok := l.limits.PerClient[key]; ok {
+		return limit
+	}
+
+	l.log.WithFields(logrus.Fields{
+		"client": key,
+		"limit":  l.limits.UnknownLimit,
+	}).Debug("Client key not found in limits, using unknown limit")
+
+	return l.limits.UnknownLimit
+}

imap/connectionlimiter/limiter_test.go

@@ -0,0 +1,119 @@
+package connectionlimiter
+
+import (
+	"testing"
+
+	"github.com/ProtonMail/gluon/imap"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func imapID(name string) imap.IMAPID {
+	return imap.IMAPID{Name: name}
+}
+
+func TestTryBind_FirstConnectionAllowed(t *testing.T) {
+	limits := NewLimits(map[Client]int{ClientAppleMail: 3}, 1)
+	l := NewConnectionLimiter(limits)
+	allowed, key, current, max := l.TryBind(1, imapID("Apple Mail"))
+	require.True(t, allowed)
+	assert.Equal(t, ClientAppleMail, key)
+	assert.Equal(t, 1, current)
+	assert.Equal(t, 3, max)
+}
+
+func TestTryBind_OverLimitDenied(t *testing.T) {
+	limits := NewLimits(map[Client]int{ClientAppleMail: 2}, 1)
+	l := NewConnectionLimiter(limits)
+	l.TryBind(1, imapID("Apple Mail"))
+	l.TryBind(2, imapID("Apple Mail"))
+	allowed, key, current, max := l.TryBind(3, imapID("Apple Mail"))
+	require.False(t, allowed)
+	assert.Equal(t, ClientAppleMail, key)
+	assert.Equal(t, 2, current)
+	assert.Equal(t, 2, max)
+}
+
+func TestUnbind_FreesSlot(t *testing.T) {
+	limits := NewLimits(map[Client]int{ClientAppleMail: 2}, 1)
+	l := NewConnectionLimiter(limits)
+	l.TryBind(1, imapID("Apple Mail"))
+	l.TryBind(2, imapID("Apple Mail"))
+	l.Unbind(1)
+	allowed, _, current, _ := l.TryBind(3, imapID("Apple Mail"))
+	require.True(t, allowed)
+	assert.Equal(t, 2, current)
+}
+
+func TestUnbind_UnknownSessionNoop(t *testing.T) {
+	limits := NewLimits(map[Client]int{ClientAppleMail: 2}, 1)
+	l := NewConnectionLimiter(limits)
+	l.TryBind(1, imapID("Apple Mail"))
+	l.Unbind(999) // never bound
+	_, _, current, _ := l.TryBind(2, imapID("Apple Mail"))
+	assert.Equal(t, 2, current)
+}
+
+func TestTryBind_SameSessionSameClientNoop(t *testing.T) {
+	limits := NewLimits(map[Client]int{ClientAppleMail: 2}, 1)
+	l := NewConnectionLimiter(limits)
+	l.TryBind(1, imapID("Apple Mail"))
+	allowed, key, current, max := l.TryBind(1, imapID("Apple Mail"))
+	require.True(t, allowed)
+	assert.Equal(t, ClientAppleMail, key)
+	assert.Equal(t, 1, current)
+	assert.Equal(t, 2, max)
+}
+
+func TestTryBind_RebindToDifferentClient(t *testing.T) {
+	limits := NewLimits(map[Client]int{
+		ClientAppleMail: 2,
+		ClientOutlook:   2,
+	}, 1)
+	l := NewConnectionLimiter(limits)
+	l.TryBind(1, imapID("Apple Mail"))
+	allowed, key, cur, _ := l.TryBind(1, imapID("Microsoft Outlook"))
+	require.True(t, allowed)
+	assert.Equal(t, ClientOutlook, key)
+	assert.Equal(t, 1, cur)
+	_, _, appleCur, _ := l.TryBind(2, imapID("Apple Mail"))
+	assert.Equal(t, 1, appleCur)
+}
+
+func TestTryBind_UnknownClientUsesUnknownLimit(t *testing.T) {
+	limits := NewLimits(map[Client]int{ClientAppleMail: 10}, 2)
+	l := NewConnectionLimiter(limits)
+	l.TryBind(1, imapID("SomeOtherClient"))
+	l.TryBind(2, imapID("Unknown"))
+	allowed, key, current, max := l.TryBind(3, imapID("Custom"))
+	require.False(t, allowed)
+	assert.Equal(t, ClientUnknown, key)
+	assert.Equal(t, 2, current)
+	assert.Equal(t, 2, max)
+}
+
+func TestTryBind_UnlimitedLimit(t *testing.T) {
+	limits := NewLimits(map[Client]int{ClientAppleMail: 0}, 1)
+	l := NewConnectionLimiter(limits)
+	for i := 1; i <= 5; i++ {
+		allowed, key, current, max := l.TryBind(i, imapID("Apple Mail"))
+		require.True(t, allowed)
+		assert.Equal(t, ClientAppleMail, key)
+		assert.Equal(t, i, current)
+		assert.Equal(t, 0, max)
+	}
+}
+
+func TestNormalizeClientKey_AppleMail(t *testing.T) {
+	assert.Equal(t, ClientAppleMail, normalizeClientKey(imapID("Apple Mail")))
+	assert.Equal(t, ClientAppleMail, normalizeClientKey(imapID("macos mail")))
+	assert.Equal(t, ClientAppleMail, normalizeClientKey(imapID("OS X Mail")))
+}
+func TestNormalizeClientKey_OutlookAndThunderbird(t *testing.T) {
+	assert.Equal(t, ClientOutlook, normalizeClientKey(imapID("Microsoft Outlook")))
+	assert.Equal(t, ClientThunderbird, normalizeClientKey(imapID("Thunderbird")))
+}
+func TestNormalizeClientKey_Unknown(t *testing.T) {
+	assert.Equal(t, ClientUnknown, normalizeClientKey(imapID("")))
+	assert.Equal(t, ClientUnknown, normalizeClientKey(imapID("Custom Client")))
+}

imap/connectionlimiter/limits.go

@@ -0,0 +1,34 @@
+package connectionlimiter
+
+const (
+	defaultClientLimit  = 25
+	defaultUnknownLimit = 10
+)
+
+type Limits struct {
+	// normalized client name with max open sessions.
+	// If we want unlimited connections for a client set the limit to 0.
+	PerClient map[Client]int
+
+	// max open sessions for unknown clients.
+	// If we want unlimited connections for unknown clients set the limit to 0.
+	UnknownLimit int
+}
+
+func NewDefaultLimits() Limits {
+	return Limits{
+		PerClient: map[Client]int{
+			ClientAppleMail:   defaultClientLimit,
+			ClientOutlook:     defaultClientLimit,
+			ClientThunderbird: defaultClientLimit,
+		},
+		UnknownLimit: defaultUnknownLimit,
+	}
+}
+
+func NewLimits(perClient map[Client]int, unknownLimit int) Limits {
+	return Limits{
+		PerClient:    perClient,
+		UnknownLimit: unknownLimit,
+	}
+}