Block infohash spammers from tracker

pull/2904/head
Chocobozzz 2020-06-25 16:27:35 +02:00
parent d4bf24df8e
commit db48de8597
No known key found for this signature in database
GPG Key ID: 583A612D890159BE
4 changed files with 81 additions and 22 deletions

View File

@ -1,13 +1,14 @@
import { logger } from '../helpers/logger' import * as bitTorrentTracker from 'bittorrent-tracker'
import * as express from 'express' import * as express from 'express'
import * as http from 'http' import * as http from 'http'
import * as bitTorrentTracker from 'bittorrent-tracker'
import * as proxyAddr from 'proxy-addr' import * as proxyAddr from 'proxy-addr'
import { Server as WebSocketServer } from 'ws' import { Server as WebSocketServer } from 'ws'
import { Redis } from '@server/lib/redis'
import { logger } from '../helpers/logger'
import { CONFIG } from '../initializers/config'
import { TRACKER_RATE_LIMITS } from '../initializers/constants' import { TRACKER_RATE_LIMITS } from '../initializers/constants'
import { VideoFileModel } from '../models/video/video-file' import { VideoFileModel } from '../models/video/video-file'
import { VideoStreamingPlaylistModel } from '../models/video/video-streaming-playlist' import { VideoStreamingPlaylistModel } from '../models/video/video-streaming-playlist'
import { CONFIG } from '../initializers/config'
const TrackerServer = bitTorrentTracker.Server const TrackerServer = bitTorrentTracker.Server
@ -53,7 +54,16 @@ const trackerServer = new TrackerServer({
const playlistExists = await VideoStreamingPlaylistModel.doesInfohashExist(infoHash) const playlistExists = await VideoStreamingPlaylistModel.doesInfohashExist(infoHash)
if (playlistExists === true) return cb() if (playlistExists === true) return cb()
return cb(new Error(`Unknown infoHash ${infoHash} requested by ip ${ip}`)) cb(new Error(`Unknown infoHash ${infoHash} requested by ip ${ip}`))
// Close socket connection and block IP for a few time
if (params.type === 'ws') {
Redis.Instance.setTrackerBlockIP(ip)
.catch(err => logger.error('Cannot set tracker block ip.', { err }))
// setTimeout to wait filter response
setTimeout(() => params.socket.close(), 0)
}
} catch (err) { } catch (err) {
logger.error('Error in tracker filter.', { err }) logger.error('Error in tracker filter.', { err })
return cb(err) return cb(err)
@ -88,7 +98,21 @@ function createWebsocketTrackerServer (app: express.Application) {
server.on('upgrade', (request: express.Request, socket, head) => { server.on('upgrade', (request: express.Request, socket, head) => {
if (request.url === '/tracker/socket') { if (request.url === '/tracker/socket') {
wss.handleUpgrade(request, socket, head, ws => wss.emit('connection', ws, request)) const ip = proxyAddr(request, CONFIG.TRUST_PROXY)
Redis.Instance.doesTrackerBlockIPExist(ip)
.then(result => {
if (result === true) {
logger.debug('Blocking IP %s from tracker.', ip)
socket.write('HTTP/1.1 403 Forbidden\r\n\r\n')
socket.destroy()
return
}
return wss.handleUpgrade(request, socket, head, ws => wss.emit('connection', ws, request))
})
.catch(err => logger.error('Cannot check if tracker block ip exists.', { err }))
} }
// Don't destroy socket, we have Socket.IO too // Don't destroy socket, we have Socket.IO too

View File

@ -633,7 +633,8 @@ const AUDIT_LOG_FILENAME = 'peertube-audit.log'
const TRACKER_RATE_LIMITS = { const TRACKER_RATE_LIMITS = {
INTERVAL: 60000 * 5, // 5 minutes INTERVAL: 60000 * 5, // 5 minutes
ANNOUNCES_PER_IP_PER_INFOHASH: 15, // maximum announces per torrent in the interval ANNOUNCES_PER_IP_PER_INFOHASH: 15, // maximum announces per torrent in the interval
ANNOUNCES_PER_IP: 30 // maximum announces for all our torrents in the interval ANNOUNCES_PER_IP: 30, // maximum announces for all our torrents in the interval
BLOCK_IP_LIFETIME: 60000 * 10 // 10 minutes
} }
const P2P_MEDIA_LOADER_PEER_VERSION = 2 const P2P_MEDIA_LOADER_PEER_VERSION = 2

View File

@ -8,7 +8,8 @@ import {
USER_PASSWORD_RESET_LIFETIME, USER_PASSWORD_RESET_LIFETIME,
USER_PASSWORD_CREATE_LIFETIME, USER_PASSWORD_CREATE_LIFETIME,
VIDEO_VIEW_LIFETIME, VIDEO_VIEW_LIFETIME,
WEBSERVER WEBSERVER,
TRACKER_RATE_LIMITS
} from '../initializers/constants' } from '../initializers/constants'
import { CONFIG } from '../initializers/config' import { CONFIG } from '../initializers/config'
@ -121,6 +122,16 @@ class Redis {
return this.exists(this.generateViewKey(ip, videoUUID)) return this.exists(this.generateViewKey(ip, videoUUID))
} }
/* ************ Tracker IP block ************ */
setTrackerBlockIP (ip: string) {
return this.setValue(this.generateTrackerBlockIPKey(ip), '1', TRACKER_RATE_LIMITS.BLOCK_IP_LIFETIME)
}
async doesTrackerBlockIPExist (ip: string) {
return this.exists(this.generateTrackerBlockIPKey(ip))
}
/* ************ API cache ************ */ /* ************ API cache ************ */
async getCachedRoute (req: express.Request) { async getCachedRoute (req: express.Request) {
@ -213,6 +224,10 @@ class Redis {
return `views-${videoUUID}-${ip}` return `views-${videoUUID}-${ip}`
} }
private generateTrackerBlockIPKey (ip: string) {
return `tracker-block-ip-${ip}`
}
private generateContactFormKey (ip: string) { private generateContactFormKey (ip: string) {
return 'contact-form-' + ip return 'contact-form-' + ip
} }

View File

@ -40,21 +40,6 @@ describe('Test tracker', function () {
} }
}) })
it('Should return an error when adding an incorrect infohash', function (done) {
this.timeout(10000)
const webtorrent = new WebTorrent()
const torrent = webtorrent.add(badMagnet)
torrent.on('error', done)
torrent.on('warning', warn => {
const message = typeof warn === 'string' ? warn : warn.message
if (message.includes('Unknown infoHash ')) return done()
})
torrent.on('done', () => done(new Error('No error on infohash')))
})
it('Should succeed with the correct infohash', function (done) { it('Should succeed with the correct infohash', function (done) {
this.timeout(10000) this.timeout(10000)
const webtorrent = new WebTorrent() const webtorrent = new WebTorrent()
@ -76,6 +61,7 @@ describe('Test tracker', function () {
const errCb = () => done(new Error('Tracker is enabled')) const errCb = () => done(new Error('Tracker is enabled'))
killallServers([ server ]) killallServers([ server ])
reRunServer(server, { tracker: { enabled: false } }) reRunServer(server, { tracker: { enabled: false } })
.then(() => { .then(() => {
const webtorrent = new WebTorrent() const webtorrent = new WebTorrent()
@ -96,6 +82,39 @@ describe('Test tracker', function () {
}) })
}) })
it('Should return an error when adding an incorrect infohash', function (done) {
this.timeout(20000)
killallServers([ server ])
reRunServer(server)
.then(() => {
const webtorrent = new WebTorrent()
const torrent = webtorrent.add(badMagnet)
torrent.on('error', done)
torrent.on('warning', warn => {
const message = typeof warn === 'string' ? warn : warn.message
if (message.includes('Unknown infoHash ')) return done()
})
torrent.on('done', () => done(new Error('No error on infohash')))
})
})
it('Should block the IP after the failed infohash', function (done) {
const webtorrent = new WebTorrent()
const torrent = webtorrent.add(goodMagnet)
torrent.on('error', done)
torrent.on('warning', warn => {
const message = typeof warn === 'string' ? warn : warn.message
if (message.includes('Unsupported tracker protocol')) return done()
})
})
after(async function () { after(async function () {
await cleanupTests([ server ]) await cleanupTests([ server ])
}) })