-import { logger } from '../helpers/logger'
+import * as bitTorrentTracker from 'bittorrent-tracker'
import * as express from 'express'
import * as http from 'http'
-import * as bitTorrentTracker from 'bittorrent-tracker'
import * as proxyAddr from 'proxy-addr'
import { Server as WebSocketServer } from 'ws'
+import { Redis } from '@server/lib/redis'
+import { logger } from '../helpers/logger'
+import { CONFIG } from '../initializers/config'
import { TRACKER_RATE_LIMITS } from '../initializers/constants'
import { VideoFileModel } from '../models/video/video-file'
import { VideoStreamingPlaylistModel } from '../models/video/video-streaming-playlist'
-import { CONFIG } from '../initializers/config'
const TrackerServer = bitTorrentTracker.Server
const playlistExists = await VideoStreamingPlaylistModel.doesInfohashExist(infoHash)
if (playlistExists === true) return cb()
- return cb(new Error(`Unknown infoHash ${infoHash} requested by ip ${ip}`))
+ cb(new Error(`Unknown infoHash ${infoHash} requested by ip ${ip}`))
+
+ // Close socket connection and block IP for a few time
+ if (params.type === 'ws') {
+ Redis.Instance.setTrackerBlockIP(ip)
+ .catch(err => logger.error('Cannot set tracker block ip.', { err }))
+
+ // setTimeout to wait filter response
+ setTimeout(() => params.socket.close(), 0)
+ }
} catch (err) {
logger.error('Error in tracker filter.', { err })
return cb(err)
server.on('upgrade', (request: express.Request, socket, head) => {
if (request.url === '/tracker/socket') {
- wss.handleUpgrade(request, socket, head, ws => wss.emit('connection', ws, request))
+ const ip = proxyAddr(request, CONFIG.TRUST_PROXY)
+
+ Redis.Instance.doesTrackerBlockIPExist(ip)
+ .then(result => {
+ if (result === true) {
+ logger.debug('Blocking IP %s from tracker.', ip)
+
+ socket.write('HTTP/1.1 403 Forbidden\r\n\r\n')
+ socket.destroy()
+ return
+ }
+
+ return wss.handleUpgrade(request, socket, head, ws => wss.emit('connection', ws, request))
+ })
+ .catch(err => logger.error('Cannot check if tracker block ip exists.', { err }))
}
// Don't destroy socket, we have Socket.IO too
const TRACKER_RATE_LIMITS = {
INTERVAL: 60000 * 5, // 5 minutes
ANNOUNCES_PER_IP_PER_INFOHASH: 15, // maximum announces per torrent in the interval
- ANNOUNCES_PER_IP: 30 // maximum announces for all our torrents in the interval
+ ANNOUNCES_PER_IP: 30, // maximum announces for all our torrents in the interval
+ BLOCK_IP_LIFETIME: 60000 * 10 // 10 minutes
}
const P2P_MEDIA_LOADER_PEER_VERSION = 2
USER_PASSWORD_RESET_LIFETIME,
USER_PASSWORD_CREATE_LIFETIME,
VIDEO_VIEW_LIFETIME,
- WEBSERVER
+ WEBSERVER,
+ TRACKER_RATE_LIMITS
} from '../initializers/constants'
import { CONFIG } from '../initializers/config'
return this.exists(this.generateViewKey(ip, videoUUID))
}
+ /* ************ Tracker IP block ************ */
+
+ setTrackerBlockIP (ip: string) {
+ return this.setValue(this.generateTrackerBlockIPKey(ip), '1', TRACKER_RATE_LIMITS.BLOCK_IP_LIFETIME)
+ }
+
+ async doesTrackerBlockIPExist (ip: string) {
+ return this.exists(this.generateTrackerBlockIPKey(ip))
+ }
+
/* ************ API cache ************ */
async getCachedRoute (req: express.Request) {
return `views-${videoUUID}-${ip}`
}
+ private generateTrackerBlockIPKey (ip: string) {
+ return `tracker-block-ip-${ip}`
+ }
+
private generateContactFormKey (ip: string) {
return 'contact-form-' + ip
}
}
})
- it('Should return an error when adding an incorrect infohash', function (done) {
- this.timeout(10000)
- const webtorrent = new WebTorrent()
-
- const torrent = webtorrent.add(badMagnet)
-
- torrent.on('error', done)
- torrent.on('warning', warn => {
- const message = typeof warn === 'string' ? warn : warn.message
- if (message.includes('Unknown infoHash ')) return done()
- })
-
- torrent.on('done', () => done(new Error('No error on infohash')))
- })
-
it('Should succeed with the correct infohash', function (done) {
this.timeout(10000)
const webtorrent = new WebTorrent()
const errCb = () => done(new Error('Tracker is enabled'))
killallServers([ server ])
+
reRunServer(server, { tracker: { enabled: false } })
.then(() => {
const webtorrent = new WebTorrent()
})
})
+ it('Should return an error when adding an incorrect infohash', function (done) {
+ this.timeout(20000)
+
+ killallServers([ server ])
+
+ reRunServer(server)
+ .then(() => {
+ const webtorrent = new WebTorrent()
+
+ const torrent = webtorrent.add(badMagnet)
+
+ torrent.on('error', done)
+ torrent.on('warning', warn => {
+ const message = typeof warn === 'string' ? warn : warn.message
+ if (message.includes('Unknown infoHash ')) return done()
+ })
+
+ torrent.on('done', () => done(new Error('No error on infohash')))
+ })
+ })
+
+ it('Should block the IP after the failed infohash', function (done) {
+ const webtorrent = new WebTorrent()
+
+ const torrent = webtorrent.add(goodMagnet)
+
+ torrent.on('error', done)
+ torrent.on('warning', warn => {
+ const message = typeof warn === 'string' ? warn : warn.message
+ if (message.includes('Unsupported tracker protocol')) return done()
+ })
+ })
+
after(async function () {
await cleanupTests([ server ])
})
projects / oweals / peertube.git / commitdiff