From 42fe10a95f0bac3beea2fc277c604158d3275d1f Mon Sep 17 00:00:00 2001
From: Eric Wong <e@80x24.org>
Date: Mon, 8 Aug 2022 23:16:46 +0000
Subject: [PATCH] imap: only give AUTH=ANONYMOUS clients prefetch

Looking at IMAP traffic on public-inbox.org, it seems there is a
fair amount of traffic coming from malicious clients assuming
the IMAP server is compromised and searching for private
information.  Since AUTH=ANONYMOUS clients are more likely to
be legitimate clients looking for publicly-archived mail,
give them priority.
---
 lib/PublicInbox/IMAP.pm | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/PublicInbox/IMAP.pm b/lib/PublicInbox/IMAP.pm
index bed633e5..4ef5252b 100644
--- a/lib/PublicInbox/IMAP.pm
+++ b/lib/PublicInbox/IMAP.pm
@@ -138,6 +138,7 @@ sub login_success ($$) {
 sub auth_challenge_ok ($) {
 	my ($self) = @_;
 	my $tag = delete($self->{-login_tag}) or return;
+	$self->{anon} = 1;
 	login_success($self, $tag);
 }
 
@@ -588,10 +589,9 @@ sub fetch_blob_cb { # called by git->cat_async via ibx_async_cat
 		$smsg->{blob} eq $oid or die "BUG: $smsg->{blob} != $oid";
 	}
 	my $pre;
-	if (!$self->{wbuf} && (my $nxt = $msgs->[0])) {
-		$pre = ibx_async_prefetch($ibx, $nxt->{blob},
+	($self->{anon} && !$self->{wbuf} && $msgs->[0]) and
+		$pre = ibx_async_prefetch($ibx, $msgs->[0]->{blob},
 					\&fetch_blob_cb, $fetch_arg);
-	}
 	fetch_run_ops($self, $smsg, $bref, $ops, $partial);
 	$pre ? $self->dflush : $self->requeue_once;
 }
-- 
2.44.0