From 4bae19015ce440edc41fb6f6ec3d40b9ecdf202f Mon Sep 17 00:00:00 2001
From: Seth Alves <seth.alves@gmail.com>
Date: Tue, 17 Mar 2015 15:52:23 -0700
Subject: [PATCH 1/4] add (thus far unused) domain-server setting for maximum
 user capacity

---
 domain-server/resources/describe-settings.json | 8 ++++++++
 domain-server/src/DomainServer.cpp             | 1 +
 2 files changed, 9 insertions(+)

diff --git a/domain-server/resources/describe-settings.json b/domain-server/resources/describe-settings.json
index fdaede8c44..6635515152 100644
--- a/domain-server/resources/describe-settings.json
+++ b/domain-server/resources/describe-settings.json
@@ -74,6 +74,14 @@
           }
         ]
       },
+      {
+        "name": "maximum_user_capacity",
+        "label": "Maximum User Capacity",
+        "help": "The limit on how many avatars can be connected at once.  0 means no limit.",
+        "placeholder": "0",
+        "default": "0",
+        "advanced": false
+      },
       {
         "name": "allowed_editors",
         "type": "table",
diff --git a/domain-server/src/DomainServer.cpp b/domain-server/src/DomainServer.cpp
index 7af9ffd85c..3f6dedf9a3 100644
--- a/domain-server/src/DomainServer.cpp
+++ b/domain-server/src/DomainServer.cpp
@@ -44,6 +44,7 @@ const QString ICE_SERVER_DEFAULT_HOSTNAME = "ice.highfidelity.io";
 
 
 const QString ALLOWED_USERS_SETTINGS_KEYPATH = "security.allowed_users";
+const QString MAXIMUM_USER_CAPACITY = "security.maximum_user_capacity";
 const QString ALLOWED_EDITORS_SETTINGS_KEYPATH = "security.allowed_editors";
 
 

From 610607e8e603ef2185ac41c2c2eb4fd7c024bba6 Mon Sep 17 00:00:00 2001
From: Seth Alves <seth.alves@gmail.com>
Date: Wed, 18 Mar 2015 14:08:53 -0700
Subject: [PATCH 2/4] optionally limit number of avatars that can connect

---
 domain-server/src/DomainServer.cpp | 25 +++++++++++++++++++++++++
 domain-server/src/DomainServer.h   |  1 +
 2 files changed, 26 insertions(+)

diff --git a/domain-server/src/DomainServer.cpp b/domain-server/src/DomainServer.cpp
index 3f6dedf9a3..33652bb0de 100644
--- a/domain-server/src/DomainServer.cpp
+++ b/domain-server/src/DomainServer.cpp
@@ -668,9 +668,34 @@ void DomainServer::handleConnectRequest(const QByteArray& packet, const HifiSock
 }
 
 
+unsigned int DomainServer::countConnectedUsers() {
+    unsigned int result = 0;
+    auto nodeList = DependencyManager::get<LimitedNodeList>();
+    nodeList->eachNode([&](const SharedNodePointer& otherNode){
+        if (otherNode->getType() == NodeType::Agent) {
+            result++;
+        }
+    });
+    return result;
+}
+
+
 bool DomainServer::shouldAllowConnectionFromNode(const QString& username,
                                                  const QByteArray& usernameSignature,
                                                  const HifiSockAddr& senderSockAddr) {
+
+    const QVariant* maximumUserCapacityVariant = valueForKeyPath(_settingsManager.getSettingsMap(), MAXIMUM_USER_CAPACITY);
+    unsigned int maximumUserCapacity = maximumUserCapacityVariant ? maximumUserCapacityVariant->toUInt() : 0;
+    if (maximumUserCapacity > 0) {
+        unsigned int connectedUsers = countConnectedUsers();
+        if (connectedUsers >= maximumUserCapacity) {
+            // too many users, deny the new connection.
+            qDebug() << connectedUsers << "/" << maximumUserCapacity << "users connected, denying new connection.";
+            return false;
+        }
+        qDebug() << connectedUsers << "/" << maximumUserCapacity << "users connected, perhaps allowing new connection.";
+    }
+
     const QVariant* allowedUsersVariant = valueForKeyPath(_settingsManager.getSettingsMap(),
                                                                  ALLOWED_USERS_SETTINGS_KEYPATH);
     QStringList allowedUsers = allowedUsersVariant ? allowedUsersVariant->toStringList() : QStringList();
diff --git a/domain-server/src/DomainServer.h b/domain-server/src/DomainServer.h
index f910534eb1..7052cd65a8 100644
--- a/domain-server/src/DomainServer.h
+++ b/domain-server/src/DomainServer.h
@@ -83,6 +83,7 @@ private:
     void processDatagram(const QByteArray& receivedPacket, const HifiSockAddr& senderSockAddr);
     
     void handleConnectRequest(const QByteArray& packet, const HifiSockAddr& senderSockAddr);
+    unsigned int countConnectedUsers();
     bool shouldAllowConnectionFromNode(const QString& username, const QByteArray& usernameSignature,
                                        const HifiSockAddr& senderSockAddr);
     

From 4412ba916ea5b8a813b725f5308d63a517dc4544 Mon Sep 17 00:00:00 2001
From: Seth Alves <seth.alves@gmail.com>
Date: Wed, 18 Mar 2015 15:17:25 -0700
Subject: [PATCH 3/4] don't lock out someone from localhost, even if the
 maximum number of users are connected

---
 domain-server/src/DomainServer.cpp | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/domain-server/src/DomainServer.cpp b/domain-server/src/DomainServer.cpp
index 33652bb0de..2e3505dd4d 100644
--- a/domain-server/src/DomainServer.cpp
+++ b/domain-server/src/DomainServer.cpp
@@ -684,6 +684,16 @@ bool DomainServer::shouldAllowConnectionFromNode(const QString& username,
                                                  const QByteArray& usernameSignature,
                                                  const HifiSockAddr& senderSockAddr) {
 
+    const QVariant* allowedUsersVariant = valueForKeyPath(_settingsManager.getSettingsMap(),
+                                                                 ALLOWED_USERS_SETTINGS_KEYPATH);
+    QStringList allowedUsers = allowedUsersVariant ? allowedUsersVariant->toStringList() : QStringList();
+    
+    // we always let in a user who is sending a packet from our local socket or from the localhost address
+    if (senderSockAddr.getAddress() == DependencyManager::get<LimitedNodeList>()->getLocalSockAddr().getAddress()
+        || senderSockAddr.getAddress() == QHostAddress::LocalHost) {
+        return true;
+    }
+
     const QVariant* maximumUserCapacityVariant = valueForKeyPath(_settingsManager.getSettingsMap(), MAXIMUM_USER_CAPACITY);
     unsigned int maximumUserCapacity = maximumUserCapacityVariant ? maximumUserCapacityVariant->toUInt() : 0;
     if (maximumUserCapacity > 0) {
@@ -695,16 +705,6 @@ bool DomainServer::shouldAllowConnectionFromNode(const QString& username,
         }
         qDebug() << connectedUsers << "/" << maximumUserCapacity << "users connected, perhaps allowing new connection.";
     }
-
-    const QVariant* allowedUsersVariant = valueForKeyPath(_settingsManager.getSettingsMap(),
-                                                                 ALLOWED_USERS_SETTINGS_KEYPATH);
-    QStringList allowedUsers = allowedUsersVariant ? allowedUsersVariant->toStringList() : QStringList();
-    
-    // we always let in a user who is sending a packet from our local socket or from the localhost address
-    if (senderSockAddr.getAddress() == DependencyManager::get<LimitedNodeList>()->getLocalSockAddr().getAddress()
-        || senderSockAddr.getAddress() == QHostAddress::LocalHost) {
-        return true;
-    }
     
     if (allowedUsers.count() > 0) {
         if (allowedUsers.contains(username, Qt::CaseInsensitive)) {

From 91906d619fd1f382051eb91557d45c821fb6d12b Mon Sep 17 00:00:00 2001
From: Brad Davis <bdavis@saintandreas.org>
Date: Wed, 18 Mar 2015 22:32:06 -0700
Subject: [PATCH 4/4] Removing unmatched QReadWriteLock::unlock() call

---
 libraries/physics/src/PhysicsEngine.cpp | 1 -
 1 file changed, 1 deletion(-)

diff --git a/libraries/physics/src/PhysicsEngine.cpp b/libraries/physics/src/PhysicsEngine.cpp
index a2420e0572..8ae85ba67a 100644
--- a/libraries/physics/src/PhysicsEngine.cpp
+++ b/libraries/physics/src/PhysicsEngine.cpp
@@ -342,7 +342,6 @@ void PhysicsEngine::stepSimulation() {
         }
 
         unlock();
-        _avatarData->unlock();
         _entityTree->unlock();
     
         computeCollisionEvents();