mirror of https://github.com/Chocobozzz/PeerTube
Block infohash spammers from tracker
parent
d4bf24df8e
commit
db48de8597
|
@ -1,13 +1,14 @@
|
||||||
import { logger } from '../helpers/logger'
|
import * as bitTorrentTracker from 'bittorrent-tracker'
|
||||||
import * as express from 'express'
|
import * as express from 'express'
|
||||||
import * as http from 'http'
|
import * as http from 'http'
|
||||||
import * as bitTorrentTracker from 'bittorrent-tracker'
|
|
||||||
import * as proxyAddr from 'proxy-addr'
|
import * as proxyAddr from 'proxy-addr'
|
||||||
import { Server as WebSocketServer } from 'ws'
|
import { Server as WebSocketServer } from 'ws'
|
||||||
|
import { Redis } from '@server/lib/redis'
|
||||||
|
import { logger } from '../helpers/logger'
|
||||||
|
import { CONFIG } from '../initializers/config'
|
||||||
import { TRACKER_RATE_LIMITS } from '../initializers/constants'
|
import { TRACKER_RATE_LIMITS } from '../initializers/constants'
|
||||||
import { VideoFileModel } from '../models/video/video-file'
|
import { VideoFileModel } from '../models/video/video-file'
|
||||||
import { VideoStreamingPlaylistModel } from '../models/video/video-streaming-playlist'
|
import { VideoStreamingPlaylistModel } from '../models/video/video-streaming-playlist'
|
||||||
import { CONFIG } from '../initializers/config'
|
|
||||||
|
|
||||||
const TrackerServer = bitTorrentTracker.Server
|
const TrackerServer = bitTorrentTracker.Server
|
||||||
|
|
||||||
|
@ -53,7 +54,16 @@ const trackerServer = new TrackerServer({
|
||||||
const playlistExists = await VideoStreamingPlaylistModel.doesInfohashExist(infoHash)
|
const playlistExists = await VideoStreamingPlaylistModel.doesInfohashExist(infoHash)
|
||||||
if (playlistExists === true) return cb()
|
if (playlistExists === true) return cb()
|
||||||
|
|
||||||
return cb(new Error(`Unknown infoHash ${infoHash} requested by ip ${ip}`))
|
cb(new Error(`Unknown infoHash ${infoHash} requested by ip ${ip}`))
|
||||||
|
|
||||||
|
// Close socket connection and block IP for a few time
|
||||||
|
if (params.type === 'ws') {
|
||||||
|
Redis.Instance.setTrackerBlockIP(ip)
|
||||||
|
.catch(err => logger.error('Cannot set tracker block ip.', { err }))
|
||||||
|
|
||||||
|
// setTimeout to wait filter response
|
||||||
|
setTimeout(() => params.socket.close(), 0)
|
||||||
|
}
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
logger.error('Error in tracker filter.', { err })
|
logger.error('Error in tracker filter.', { err })
|
||||||
return cb(err)
|
return cb(err)
|
||||||
|
@ -88,7 +98,21 @@ function createWebsocketTrackerServer (app: express.Application) {
|
||||||
|
|
||||||
server.on('upgrade', (request: express.Request, socket, head) => {
|
server.on('upgrade', (request: express.Request, socket, head) => {
|
||||||
if (request.url === '/tracker/socket') {
|
if (request.url === '/tracker/socket') {
|
||||||
wss.handleUpgrade(request, socket, head, ws => wss.emit('connection', ws, request))
|
const ip = proxyAddr(request, CONFIG.TRUST_PROXY)
|
||||||
|
|
||||||
|
Redis.Instance.doesTrackerBlockIPExist(ip)
|
||||||
|
.then(result => {
|
||||||
|
if (result === true) {
|
||||||
|
logger.debug('Blocking IP %s from tracker.', ip)
|
||||||
|
|
||||||
|
socket.write('HTTP/1.1 403 Forbidden\r\n\r\n')
|
||||||
|
socket.destroy()
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
return wss.handleUpgrade(request, socket, head, ws => wss.emit('connection', ws, request))
|
||||||
|
})
|
||||||
|
.catch(err => logger.error('Cannot check if tracker block ip exists.', { err }))
|
||||||
}
|
}
|
||||||
|
|
||||||
// Don't destroy socket, we have Socket.IO too
|
// Don't destroy socket, we have Socket.IO too
|
||||||
|
|
|
@ -633,7 +633,8 @@ const AUDIT_LOG_FILENAME = 'peertube-audit.log'
|
||||||
const TRACKER_RATE_LIMITS = {
|
const TRACKER_RATE_LIMITS = {
|
||||||
INTERVAL: 60000 * 5, // 5 minutes
|
INTERVAL: 60000 * 5, // 5 minutes
|
||||||
ANNOUNCES_PER_IP_PER_INFOHASH: 15, // maximum announces per torrent in the interval
|
ANNOUNCES_PER_IP_PER_INFOHASH: 15, // maximum announces per torrent in the interval
|
||||||
ANNOUNCES_PER_IP: 30 // maximum announces for all our torrents in the interval
|
ANNOUNCES_PER_IP: 30, // maximum announces for all our torrents in the interval
|
||||||
|
BLOCK_IP_LIFETIME: 60000 * 10 // 10 minutes
|
||||||
}
|
}
|
||||||
|
|
||||||
const P2P_MEDIA_LOADER_PEER_VERSION = 2
|
const P2P_MEDIA_LOADER_PEER_VERSION = 2
|
||||||
|
|
|
@ -8,7 +8,8 @@ import {
|
||||||
USER_PASSWORD_RESET_LIFETIME,
|
USER_PASSWORD_RESET_LIFETIME,
|
||||||
USER_PASSWORD_CREATE_LIFETIME,
|
USER_PASSWORD_CREATE_LIFETIME,
|
||||||
VIDEO_VIEW_LIFETIME,
|
VIDEO_VIEW_LIFETIME,
|
||||||
WEBSERVER
|
WEBSERVER,
|
||||||
|
TRACKER_RATE_LIMITS
|
||||||
} from '../initializers/constants'
|
} from '../initializers/constants'
|
||||||
import { CONFIG } from '../initializers/config'
|
import { CONFIG } from '../initializers/config'
|
||||||
|
|
||||||
|
@ -121,6 +122,16 @@ class Redis {
|
||||||
return this.exists(this.generateViewKey(ip, videoUUID))
|
return this.exists(this.generateViewKey(ip, videoUUID))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* ************ Tracker IP block ************ */
|
||||||
|
|
||||||
|
setTrackerBlockIP (ip: string) {
|
||||||
|
return this.setValue(this.generateTrackerBlockIPKey(ip), '1', TRACKER_RATE_LIMITS.BLOCK_IP_LIFETIME)
|
||||||
|
}
|
||||||
|
|
||||||
|
async doesTrackerBlockIPExist (ip: string) {
|
||||||
|
return this.exists(this.generateTrackerBlockIPKey(ip))
|
||||||
|
}
|
||||||
|
|
||||||
/* ************ API cache ************ */
|
/* ************ API cache ************ */
|
||||||
|
|
||||||
async getCachedRoute (req: express.Request) {
|
async getCachedRoute (req: express.Request) {
|
||||||
|
@ -213,6 +224,10 @@ class Redis {
|
||||||
return `views-${videoUUID}-${ip}`
|
return `views-${videoUUID}-${ip}`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private generateTrackerBlockIPKey (ip: string) {
|
||||||
|
return `tracker-block-ip-${ip}`
|
||||||
|
}
|
||||||
|
|
||||||
private generateContactFormKey (ip: string) {
|
private generateContactFormKey (ip: string) {
|
||||||
return 'contact-form-' + ip
|
return 'contact-form-' + ip
|
||||||
}
|
}
|
||||||
|
|
|
@ -40,21 +40,6 @@ describe('Test tracker', function () {
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
it('Should return an error when adding an incorrect infohash', function (done) {
|
|
||||||
this.timeout(10000)
|
|
||||||
const webtorrent = new WebTorrent()
|
|
||||||
|
|
||||||
const torrent = webtorrent.add(badMagnet)
|
|
||||||
|
|
||||||
torrent.on('error', done)
|
|
||||||
torrent.on('warning', warn => {
|
|
||||||
const message = typeof warn === 'string' ? warn : warn.message
|
|
||||||
if (message.includes('Unknown infoHash ')) return done()
|
|
||||||
})
|
|
||||||
|
|
||||||
torrent.on('done', () => done(new Error('No error on infohash')))
|
|
||||||
})
|
|
||||||
|
|
||||||
it('Should succeed with the correct infohash', function (done) {
|
it('Should succeed with the correct infohash', function (done) {
|
||||||
this.timeout(10000)
|
this.timeout(10000)
|
||||||
const webtorrent = new WebTorrent()
|
const webtorrent = new WebTorrent()
|
||||||
|
@ -76,6 +61,7 @@ describe('Test tracker', function () {
|
||||||
const errCb = () => done(new Error('Tracker is enabled'))
|
const errCb = () => done(new Error('Tracker is enabled'))
|
||||||
|
|
||||||
killallServers([ server ])
|
killallServers([ server ])
|
||||||
|
|
||||||
reRunServer(server, { tracker: { enabled: false } })
|
reRunServer(server, { tracker: { enabled: false } })
|
||||||
.then(() => {
|
.then(() => {
|
||||||
const webtorrent = new WebTorrent()
|
const webtorrent = new WebTorrent()
|
||||||
|
@ -96,6 +82,39 @@ describe('Test tracker', function () {
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
|
it('Should return an error when adding an incorrect infohash', function (done) {
|
||||||
|
this.timeout(20000)
|
||||||
|
|
||||||
|
killallServers([ server ])
|
||||||
|
|
||||||
|
reRunServer(server)
|
||||||
|
.then(() => {
|
||||||
|
const webtorrent = new WebTorrent()
|
||||||
|
|
||||||
|
const torrent = webtorrent.add(badMagnet)
|
||||||
|
|
||||||
|
torrent.on('error', done)
|
||||||
|
torrent.on('warning', warn => {
|
||||||
|
const message = typeof warn === 'string' ? warn : warn.message
|
||||||
|
if (message.includes('Unknown infoHash ')) return done()
|
||||||
|
})
|
||||||
|
|
||||||
|
torrent.on('done', () => done(new Error('No error on infohash')))
|
||||||
|
})
|
||||||
|
})
|
||||||
|
|
||||||
|
it('Should block the IP after the failed infohash', function (done) {
|
||||||
|
const webtorrent = new WebTorrent()
|
||||||
|
|
||||||
|
const torrent = webtorrent.add(goodMagnet)
|
||||||
|
|
||||||
|
torrent.on('error', done)
|
||||||
|
torrent.on('warning', warn => {
|
||||||
|
const message = typeof warn === 'string' ? warn : warn.message
|
||||||
|
if (message.includes('Unsupported tracker protocol')) return done()
|
||||||
|
})
|
||||||
|
})
|
||||||
|
|
||||||
after(async function () {
|
after(async function () {
|
||||||
await cleanupTests([ server ])
|
await cleanupTests([ server ])
|
||||||
})
|
})
|
||||||
|
|
Loading…
Reference in New Issue