feature: IP filtering on signup page

[github/Chocobozzz/PeerTube.git] / server / helpers / utils.ts
diff --git a/server/helpers/utils.ts b/server/helpers/utils.ts

index 3317dddc33de5cfea04bcbc2081004b33e9f55bc..e4556fa12d4a875b4665170785e3b940403d9dc1 100644 (file)
--- a/server/helpers/utils.ts
+++ b/server/helpers/utils.ts
@@ -1,17 +1,19 @@
-import * as express from 'express'
-import * as Promise from 'bluebird'
-
-import { pseudoRandomBytesPromise } from './core-utils'
-import { CONFIG, database as db } from '../initializers'
+import { Model } from 'sequelize-typescript'
+import * as ipaddr from 'ipaddr.js'
+const isCidr = require('is-cidr')
  import { ResultList } from '../../shared'
-import { VideoResolution } from '../../shared/models/videos/video-resolution.enum'
+import { VideoResolution } from '../../shared/models/videos'
+import { CONFIG } from '../initializers'
+import { UserModel } from '../models/account/user'
+import { ActorModel } from '../models/activitypub/actor'
+import { ApplicationModel } from '../models/application/application'
+import { pseudoRandomBytesPromise } from './core-utils'
+import { logger } from './logger'
  
-function badRequest (req: express.Request, res: express.Response, next: express.NextFunction) {
-  res.type('json').status(400).end()
-}
+async function generateRandomString (size: number) {
+  const raw = await pseudoRandomBytesPromise(size)
  
-function generateRandomString (size: number) {
-  return pseudoRandomBytesPromise(size).then(raw => raw.toString('hex'))
+  return raw.toString('hex')
  }
  
  interface FormattableToJSON {
@@ -33,19 +35,52 @@ function getFormattedObjects<U, T extends FormattableToJSON> (objects: T[], obje
    return res
  }
  
-function isSignupAllowed () {
+async function isSignupAllowed () {
    if (CONFIG.SIGNUP.ENABLED === false) {
-    return Promise.resolve(false)
+    return false
    }
  
    // No limit and signup is enabled
    if (CONFIG.SIGNUP.LIMIT === -1) {
-    return Promise.resolve(true)
+    return true
    }
  
-  return db.User.countTotal().then(totalUsers => {
-    return totalUsers < CONFIG.SIGNUP.LIMIT
-  })
+  const totalUsers = await UserModel.countTotal()
+
+  return totalUsers < CONFIG.SIGNUP.LIMIT
+}
+
+function isSignupAllowedForCurrentIP (ip: string) {
+  const addr = ipaddr.parse(ip)
+  let excludeList = [ 'blacklist' ]
+  let matched: string
+
+  // if there is a valid, non-empty whitelist, we exclude all unknown adresses too
+  if (CONFIG.SIGNUP.FILTERS.CIDR.WHITELIST.filter(cidr => isCidr(cidr)).length > 0) {
+    excludeList.push('unknown')
+  }
+
+  if (addr.kind() === 'ipv4') {
+    const addrV4 = ipaddr.IPv4.parse(ip)
+    const rangeList = {
+      whitelist: CONFIG.SIGNUP.FILTERS.CIDR.WHITELIST.filter(cidr => isCidr.v4(cidr))
+                                                .map(cidr => ipaddr.IPv4.parseCIDR(cidr)),
+      blacklist: CONFIG.SIGNUP.FILTERS.CIDR.BLACKLIST.filter(cidr => isCidr.v4(cidr))
+                                                .map(cidr => ipaddr.IPv4.parseCIDR(cidr))
+    }
+    matched = ipaddr.subnetMatch(addrV4, rangeList, 'unknown')
+  } else if (addr.kind() === 'ipv6') {
+    const addrV6 = ipaddr.IPv6.parse(ip)
+    const rangeList = {
+      whitelist: CONFIG.SIGNUP.FILTERS.CIDR.WHITELIST.filter(cidr => isCidr.v6(cidr))
+                                                .map(cidr => ipaddr.IPv6.parseCIDR(cidr)),
+      blacklist: CONFIG.SIGNUP.FILTERS.CIDR.BLACKLIST.filter(cidr => isCidr.v6(cidr))
+                                                .map(cidr => ipaddr.IPv6.parseCIDR(cidr))
+    }
+    matched = ipaddr.subnetMatch(addrV6, rangeList, 'unknown')
+  }
+
+  return !excludeList.includes(matched)
  }
  
  function computeResolutionsToTranscode (videoFileHeight: number) {
@@ -61,7 +96,7 @@ function computeResolutionsToTranscode (videoFileHeight: number) {
    ]
  
    for (const resolution of resolutions) {
-    if (configResolutions[resolution.toString()] === true && videoFileHeight > resolution) {
+    if (configResolutions[resolution + 'p'] === true && videoFileHeight > resolution) {
        resolutionsEnabled.push(resolution)
      }
    }
@@ -69,15 +104,39 @@ function computeResolutionsToTranscode (videoFileHeight: number) {
    return resolutionsEnabled
  }
  
+function resetSequelizeInstance (instance: Model<any>, savedFields: object) {
+  Object.keys(savedFields).forEach(key => {
+    const value = savedFields[key]
+    instance.set(key, value)
+  })
+}
+
+let serverActor: ActorModel
+async function getServerActor () {
+  if (serverActor === undefined) {
+    const application = await ApplicationModel.load()
+    serverActor = application.Account.Actor
+  }
+
+  if (!serverActor) {
+    logger.error('Cannot load server actor.')
+    process.exit(0)
+  }
+
+  return Promise.resolve(serverActor)
+}
+
  type SortType = { sortModel: any, sortValue: string }
  
  // ---------------------------------------------------------------------------
  
  export {
-  badRequest,
    generateRandomString,
    getFormattedObjects,
    isSignupAllowed,
+  isSignupAllowedForCurrentIP,
    computeResolutionsToTranscode,
+  resetSequelizeInstance,
+  getServerActor,
    SortType
  }