From 9b67da3d9bc951c624f17dce7821036f8518d893 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Tue, 26 Jun 2018 16:53:24 +0200 Subject: [PATCH] Add tracker rate limiter --- server.ts | 39 +++----------- server/controllers/index.ts | 1 + server/controllers/tracker.ts | 91 ++++++++++++++++++++++++++++++++ server/initializers/constants.ts | 9 ++++ 4 files changed, 107 insertions(+), 33 deletions(-) create mode 100644 server/controllers/tracker.ts diff --git a/server.ts b/server.ts index f756bf9d4..fb01ed572 100644 --- a/server.ts +++ b/server.ts @@ -10,13 +10,8 @@ if (isTestInstance()) { // ----------- Node modules ----------- import * as bodyParser from 'body-parser' import * as express from 'express' -import * as http from 'http' import * as morgan from 'morgan' -import * as bitTorrentTracker from 'bittorrent-tracker' import * as cors from 'cors' -import { Server as WebSocketServer } from 'ws' - -const TrackerServer = bitTorrentTracker.Server process.title = 'peertube' @@ -75,7 +70,9 @@ import { feedsRouter, staticRouter, servicesRouter, - webfingerRouter + webfingerRouter, + trackerRouter, + createWebsocketServer } from './server/controllers' import { Redis } from './server/lib/redis' import { BadActorFollowScheduler } from './server/lib/schedulers/bad-actor-follow-scheduler' @@ -116,33 +113,6 @@ app.use(bodyParser.json({ limit: '500kb' })) -// ----------- Tracker ----------- - -const trackerServer = new TrackerServer({ - http: false, - udp: false, - ws: false, - dht: false -}) - -trackerServer.on('error', function (err) { - logger.error('Error in websocket tracker.', err) -}) - -trackerServer.on('warning', function (err) { - logger.error('Warning in websocket tracker.', err) -}) - -const server = http.createServer(app) -const wss = new WebSocketServer({ server: server, path: '/tracker/socket' }) -wss.on('connection', function (ws) { - trackerServer.onWebSocketConnection(ws) -}) - -const onHttpRequest = trackerServer.onHttpRequest.bind(trackerServer) -app.get('/tracker/announce', (req, res) => onHttpRequest(req, res, { action: 'announce' })) -app.get('/tracker/scrape', (req, res) => onHttpRequest(req, res, { action: 'scrape' })) - // ----------- Views, routes and static files ----------- // API @@ -155,6 +125,7 @@ app.use('/services', servicesRouter) app.use('/', activityPubRouter) app.use('/', feedsRouter) app.use('/', webfingerRouter) +app.use('/', trackerRouter) // Static files app.use('/', staticRouter) @@ -181,6 +152,8 @@ app.use(function (err, req, res, next) { return res.status(err.status || 500).end() }) +const server = createWebsocketServer(app) + // ----------- Run ----------- async function startApplication () { diff --git a/server/controllers/index.ts b/server/controllers/index.ts index ff7928312..197fa897a 100644 --- a/server/controllers/index.ts +++ b/server/controllers/index.ts @@ -5,3 +5,4 @@ export * from './feeds' export * from './services' export * from './static' export * from './webfinger' +export * from './tracker' diff --git a/server/controllers/tracker.ts b/server/controllers/tracker.ts new file mode 100644 index 000000000..42f5aea81 --- /dev/null +++ b/server/controllers/tracker.ts @@ -0,0 +1,91 @@ +import { logger } from '../helpers/logger' +import * as express from 'express' +import * as http from 'http' +import * as bitTorrentTracker from 'bittorrent-tracker' +import * as proxyAddr from 'proxy-addr' +import { Server as WebSocketServer } from 'ws' +import { CONFIG, TRACKER_RATE_LIMITS } from '../initializers/constants' + +const TrackerServer = bitTorrentTracker.Server + +const trackerRouter = express.Router() + +let peersIps = {} +let peersIpInfoHash = {} +runPeersChecker() + +const trackerServer = new TrackerServer({ + http: false, + udp: false, + ws: false, + dht: false, + filter: function (infoHash, params, cb) { + let ip: string + + if (params.type === 'ws') { + ip = params.socket.ip + } else { + ip = params.httpReq.ip + } + + const key = ip + '-' + infoHash + + peersIps[ip] = peersIps[ip] ? peersIps[ip] + 1 : 1 + peersIpInfoHash[key] = peersIpInfoHash[key] ? peersIpInfoHash[key] + 1 : 1 + + if (peersIpInfoHash[key] > TRACKER_RATE_LIMITS.ANNOUNCES_PER_IP_PER_INFOHASH) { + return cb(new Error(`Too many requests (${peersIpInfoHash[ key ]} of ip ${ip} for torrent ${infoHash}`)) + } + + return cb() + } +}) + +trackerServer.on('error', function (err) { + logger.error('Error in tracker.', { err }) +}) + +trackerServer.on('warning', function (err) { + logger.warn('Warning in tracker.', { err }) +}) + +const onHttpRequest = trackerServer.onHttpRequest.bind(trackerServer) +trackerRouter.get('/tracker/announce', (req, res) => onHttpRequest(req, res, { action: 'announce' })) +trackerRouter.get('/tracker/scrape', (req, res) => onHttpRequest(req, res, { action: 'scrape' })) + +function createWebsocketServer (app: express.Application) { + const server = http.createServer(app) + const wss = new WebSocketServer({ server: server, path: '/tracker/socket' }) + wss.on('connection', function (ws, req) { + const ip = proxyAddr(req, CONFIG.TRUST_PROXY) + ws['ip'] = ip + + trackerServer.onWebSocketConnection(ws) + }) + + return server +} + +// --------------------------------------------------------------------------- + +export { + trackerRouter, + createWebsocketServer +} + +// --------------------------------------------------------------------------- + +function runPeersChecker () { + setInterval(() => { + logger.debug('Checking peers.') + + for (const ip of Object.keys(peersIpInfoHash)) { + if (peersIps[ip] > TRACKER_RATE_LIMITS.ANNOUNCES_PER_IP) { + logger.warn('Peer %s made abnormal requests (%d).', ip, peersIps[ip]) + } + } + + peersIpInfoHash = {} + peersIps = {} + }, TRACKER_RATE_LIMITS.INTERVAL) +} diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts index 53902071c..4e1c8dda7 100644 --- a/server/initializers/constants.ts +++ b/server/initializers/constants.ts @@ -450,6 +450,14 @@ const FEEDS = { // --------------------------------------------------------------------------- +const TRACKER_RATE_LIMITS = { + INTERVAL: 60000 * 5, // 5 minutes + ANNOUNCES_PER_IP_PER_INFOHASH: 10, // maximum announces per torrent in the interval + ANNOUNCES_PER_IP: 30 // maximum announces for all our torrents in the interval +} + +// --------------------------------------------------------------------------- + // Special constants for a test instance if (isTestInstance() === true) { ACTOR_FOLLOW_SCORE.BASE = 20 @@ -482,6 +490,7 @@ export { AVATARS_SIZE, ACCEPT_HEADERS, BCRYPT_SALT_SIZE, + TRACKER_RATE_LIMITS, CACHE, CONFIG, CONSTRAINTS_FIELDS,