ptr.pet / hydrant
very fast at protocol indexer with flexible filtering, xrpc queries, cursor-backed event stream, and more, built on fjall
rust fjall at-protocol atproto indexer
58
fork

Configure Feed

Select the types of activity you want to include in your feed.

[crawler,firehose] add more tls error variants that will cause a throttle

dawn b70fdcce 2a2e6424

+25 -3
+2 -2
src/ingest/firehose.rs
··· 3 3 use crate::ingest::{BufferTx, IngestMessage}; 4 4 use crate::state::AppState; 5 5 use crate::util::throttle::ThrottleHandle; 6 - use crate::util::{WatchEnabledExt, is_timeout, is_tls_cert_error}; 6 + use crate::util::{WatchEnabledExt, is_timeout, is_tls_cert_error, is_tls_error_our_fault}; 7 7 use jacquard_common::IntoStatic; 8 8 use jacquard_common::types::did::Did; 9 9 use miette::{IntoDiagnostic, Result}; ··· 24 24 } 25 25 26 26 match e { 27 - WsError::Rustls(e) if matches!(e, rustls::Error::InvalidCertificate(_)) => return true, 27 + WsError::Rustls(e) if is_tls_error_our_fault(e) => return true, 28 28 WsError::Io(io_err) if is_tls_cert_error(io_err) => return true, 29 29 WsError::CannotResolveHost => return true, 30 30 WsError::Upgrade(tokio_websockets::upgrade::Error::DidNotSwitchProtocols(status)) => {
+23 -1
src/util/mod.rs
··· 41 41 return false; 42 42 }; 43 43 if let Some(rustls_err) = inner.downcast_ref::<rustls::Error>() { 44 - return matches!(rustls_err, rustls::Error::InvalidCertificate(_)); 44 + return is_tls_error_our_fault(rustls_err); 45 45 } 46 46 if let Some(nested_io) = inner.downcast_ref::<std::io::Error>() { 47 47 return is_tls_cert_error(nested_io); 48 48 } 49 49 false 50 + } 51 + 52 + pub fn is_tls_error_our_fault(e: &rustls::Error) -> bool { 53 + use rustls::Error::*; 54 + matches!( 55 + *e, 56 + InvalidCertificate(_) 57 + | PeerMisbehaved(_) 58 + | InconsistentKeys(_) 59 + | InappropriateMessage { .. } 60 + | InappropriateHandshakeMessage { .. } 61 + | InvalidMessage(_) 62 + | NoCertificatesPresented 63 + | UnsupportedNameType 64 + | DecryptError 65 + | PeerIncompatible(_) 66 + | AlertReceived(_) 67 + | InvalidCertRevocationList(_) 68 + | InvalidEncryptedClientHello(_) 69 + | PeerSentOversizedRecord 70 + | NoApplicationProtocol 71 + ) 50 72 } 51 73 52 74 /// outcome of [`RetryWithBackoff::retry`] when the operation does not succeed.