diff options
author | Chocobozzz <me@florianbigard.com> | 2018-06-26 16:53:24 +0200 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2018-06-26 16:53:43 +0200 |
commit | 9b67da3d9bc951c624f17dce7821036f8518d893 (patch) | |
tree | 91de299c2eb45a12b0c775b085c5f7a13dc16f71 | |
parent | 11fa7d392a21fe73dd235375b89c554e9b5ba18c (diff) | |
download | PeerTube-9b67da3d9bc951c624f17dce7821036f8518d893.tar.gz PeerTube-9b67da3d9bc951c624f17dce7821036f8518d893.tar.zst PeerTube-9b67da3d9bc951c624f17dce7821036f8518d893.zip |
Add tracker rate limiter
-rw-r--r-- | server.ts | 39 | ||||
-rw-r--r-- | server/controllers/index.ts | 1 | ||||
-rw-r--r-- | server/controllers/tracker.ts | 91 | ||||
-rw-r--r-- | server/initializers/constants.ts | 9 |
4 files changed, 107 insertions, 33 deletions
@@ -10,13 +10,8 @@ if (isTestInstance()) { | |||
10 | // ----------- Node modules ----------- | 10 | // ----------- Node modules ----------- |
11 | import * as bodyParser from 'body-parser' | 11 | import * as bodyParser from 'body-parser' |
12 | import * as express from 'express' | 12 | import * as express from 'express' |
13 | import * as http from 'http' | ||
14 | import * as morgan from 'morgan' | 13 | import * as morgan from 'morgan' |
15 | import * as bitTorrentTracker from 'bittorrent-tracker' | ||
16 | import * as cors from 'cors' | 14 | import * as cors from 'cors' |
17 | import { Server as WebSocketServer } from 'ws' | ||
18 | |||
19 | const TrackerServer = bitTorrentTracker.Server | ||
20 | 15 | ||
21 | process.title = 'peertube' | 16 | process.title = 'peertube' |
22 | 17 | ||
@@ -75,7 +70,9 @@ import { | |||
75 | feedsRouter, | 70 | feedsRouter, |
76 | staticRouter, | 71 | staticRouter, |
77 | servicesRouter, | 72 | servicesRouter, |
78 | webfingerRouter | 73 | webfingerRouter, |
74 | trackerRouter, | ||
75 | createWebsocketServer | ||
79 | } from './server/controllers' | 76 | } from './server/controllers' |
80 | import { Redis } from './server/lib/redis' | 77 | import { Redis } from './server/lib/redis' |
81 | import { BadActorFollowScheduler } from './server/lib/schedulers/bad-actor-follow-scheduler' | 78 | import { BadActorFollowScheduler } from './server/lib/schedulers/bad-actor-follow-scheduler' |
@@ -116,33 +113,6 @@ app.use(bodyParser.json({ | |||
116 | limit: '500kb' | 113 | limit: '500kb' |
117 | })) | 114 | })) |
118 | 115 | ||
119 | // ----------- Tracker ----------- | ||
120 | |||
121 | const trackerServer = new TrackerServer({ | ||
122 | http: false, | ||
123 | udp: false, | ||
124 | ws: false, | ||
125 | dht: false | ||
126 | }) | ||
127 | |||
128 | trackerServer.on('error', function (err) { | ||
129 | logger.error('Error in websocket tracker.', err) | ||
130 | }) | ||
131 | |||
132 | trackerServer.on('warning', function (err) { | ||
133 | logger.error('Warning in websocket tracker.', err) | ||
134 | }) | ||
135 | |||
136 | const server = http.createServer(app) | ||
137 | const wss = new WebSocketServer({ server: server, path: '/tracker/socket' }) | ||
138 | wss.on('connection', function (ws) { | ||
139 | trackerServer.onWebSocketConnection(ws) | ||
140 | }) | ||
141 | |||
142 | const onHttpRequest = trackerServer.onHttpRequest.bind(trackerServer) | ||
143 | app.get('/tracker/announce', (req, res) => onHttpRequest(req, res, { action: 'announce' })) | ||
144 | app.get('/tracker/scrape', (req, res) => onHttpRequest(req, res, { action: 'scrape' })) | ||
145 | |||
146 | // ----------- Views, routes and static files ----------- | 116 | // ----------- Views, routes and static files ----------- |
147 | 117 | ||
148 | // API | 118 | // API |
@@ -155,6 +125,7 @@ app.use('/services', servicesRouter) | |||
155 | app.use('/', activityPubRouter) | 125 | app.use('/', activityPubRouter) |
156 | app.use('/', feedsRouter) | 126 | app.use('/', feedsRouter) |
157 | app.use('/', webfingerRouter) | 127 | app.use('/', webfingerRouter) |
128 | app.use('/', trackerRouter) | ||
158 | 129 | ||
159 | // Static files | 130 | // Static files |
160 | app.use('/', staticRouter) | 131 | app.use('/', staticRouter) |
@@ -181,6 +152,8 @@ app.use(function (err, req, res, next) { | |||
181 | return res.status(err.status || 500).end() | 152 | return res.status(err.status || 500).end() |
182 | }) | 153 | }) |
183 | 154 | ||
155 | const server = createWebsocketServer(app) | ||
156 | |||
184 | // ----------- Run ----------- | 157 | // ----------- Run ----------- |
185 | 158 | ||
186 | async function startApplication () { | 159 | async function startApplication () { |
diff --git a/server/controllers/index.ts b/server/controllers/index.ts index ff7928312..197fa897a 100644 --- a/server/controllers/index.ts +++ b/server/controllers/index.ts | |||
@@ -5,3 +5,4 @@ export * from './feeds' | |||
5 | export * from './services' | 5 | export * from './services' |
6 | export * from './static' | 6 | export * from './static' |
7 | export * from './webfinger' | 7 | export * from './webfinger' |
8 | export * from './tracker' | ||
diff --git a/server/controllers/tracker.ts b/server/controllers/tracker.ts new file mode 100644 index 000000000..42f5aea81 --- /dev/null +++ b/server/controllers/tracker.ts | |||
@@ -0,0 +1,91 @@ | |||
1 | import { logger } from '../helpers/logger' | ||
2 | import * as express from 'express' | ||
3 | import * as http from 'http' | ||
4 | import * as bitTorrentTracker from 'bittorrent-tracker' | ||
5 | import * as proxyAddr from 'proxy-addr' | ||
6 | import { Server as WebSocketServer } from 'ws' | ||
7 | import { CONFIG, TRACKER_RATE_LIMITS } from '../initializers/constants' | ||
8 | |||
9 | const TrackerServer = bitTorrentTracker.Server | ||
10 | |||
11 | const trackerRouter = express.Router() | ||
12 | |||
13 | let peersIps = {} | ||
14 | let peersIpInfoHash = {} | ||
15 | runPeersChecker() | ||
16 | |||
17 | const trackerServer = new TrackerServer({ | ||
18 | http: false, | ||
19 | udp: false, | ||
20 | ws: false, | ||
21 | dht: false, | ||
22 | filter: function (infoHash, params, cb) { | ||
23 | let ip: string | ||
24 | |||
25 | if (params.type === 'ws') { | ||
26 | ip = params.socket.ip | ||
27 | } else { | ||
28 | ip = params.httpReq.ip | ||
29 | } | ||
30 | |||
31 | const key = ip + '-' + infoHash | ||
32 | |||
33 | peersIps[ip] = peersIps[ip] ? peersIps[ip] + 1 : 1 | ||
34 | peersIpInfoHash[key] = peersIpInfoHash[key] ? peersIpInfoHash[key] + 1 : 1 | ||
35 | |||
36 | if (peersIpInfoHash[key] > TRACKER_RATE_LIMITS.ANNOUNCES_PER_IP_PER_INFOHASH) { | ||
37 | return cb(new Error(`Too many requests (${peersIpInfoHash[ key ]} of ip ${ip} for torrent ${infoHash}`)) | ||
38 | } | ||
39 | |||
40 | return cb() | ||
41 | } | ||
42 | }) | ||
43 | |||
44 | trackerServer.on('error', function (err) { | ||
45 | logger.error('Error in tracker.', { err }) | ||
46 | }) | ||
47 | |||
48 | trackerServer.on('warning', function (err) { | ||
49 | logger.warn('Warning in tracker.', { err }) | ||
50 | }) | ||
51 | |||
52 | const onHttpRequest = trackerServer.onHttpRequest.bind(trackerServer) | ||
53 | trackerRouter.get('/tracker/announce', (req, res) => onHttpRequest(req, res, { action: 'announce' })) | ||
54 | trackerRouter.get('/tracker/scrape', (req, res) => onHttpRequest(req, res, { action: 'scrape' })) | ||
55 | |||
56 | function createWebsocketServer (app: express.Application) { | ||
57 | const server = http.createServer(app) | ||
58 | const wss = new WebSocketServer({ server: server, path: '/tracker/socket' }) | ||
59 | wss.on('connection', function (ws, req) { | ||
60 | const ip = proxyAddr(req, CONFIG.TRUST_PROXY) | ||
61 | ws['ip'] = ip | ||
62 | |||
63 | trackerServer.onWebSocketConnection(ws) | ||
64 | }) | ||
65 | |||
66 | return server | ||
67 | } | ||
68 | |||
69 | // --------------------------------------------------------------------------- | ||
70 | |||
71 | export { | ||
72 | trackerRouter, | ||
73 | createWebsocketServer | ||
74 | } | ||
75 | |||
76 | // --------------------------------------------------------------------------- | ||
77 | |||
78 | function runPeersChecker () { | ||
79 | setInterval(() => { | ||
80 | logger.debug('Checking peers.') | ||
81 | |||
82 | for (const ip of Object.keys(peersIpInfoHash)) { | ||
83 | if (peersIps[ip] > TRACKER_RATE_LIMITS.ANNOUNCES_PER_IP) { | ||
84 | logger.warn('Peer %s made abnormal requests (%d).', ip, peersIps[ip]) | ||
85 | } | ||
86 | } | ||
87 | |||
88 | peersIpInfoHash = {} | ||
89 | peersIps = {} | ||
90 | }, TRACKER_RATE_LIMITS.INTERVAL) | ||
91 | } | ||
diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts index 53902071c..4e1c8dda7 100644 --- a/server/initializers/constants.ts +++ b/server/initializers/constants.ts | |||
@@ -450,6 +450,14 @@ const FEEDS = { | |||
450 | 450 | ||
451 | // --------------------------------------------------------------------------- | 451 | // --------------------------------------------------------------------------- |
452 | 452 | ||
453 | const TRACKER_RATE_LIMITS = { | ||
454 | INTERVAL: 60000 * 5, // 5 minutes | ||
455 | ANNOUNCES_PER_IP_PER_INFOHASH: 10, // maximum announces per torrent in the interval | ||
456 | ANNOUNCES_PER_IP: 30 // maximum announces for all our torrents in the interval | ||
457 | } | ||
458 | |||
459 | // --------------------------------------------------------------------------- | ||
460 | |||
453 | // Special constants for a test instance | 461 | // Special constants for a test instance |
454 | if (isTestInstance() === true) { | 462 | if (isTestInstance() === true) { |
455 | ACTOR_FOLLOW_SCORE.BASE = 20 | 463 | ACTOR_FOLLOW_SCORE.BASE = 20 |
@@ -482,6 +490,7 @@ export { | |||
482 | AVATARS_SIZE, | 490 | AVATARS_SIZE, |
483 | ACCEPT_HEADERS, | 491 | ACCEPT_HEADERS, |
484 | BCRYPT_SALT_SIZE, | 492 | BCRYPT_SALT_SIZE, |
493 | TRACKER_RATE_LIMITS, | ||
485 | CACHE, | 494 | CACHE, |
486 | CONFIG, | 495 | CONFIG, |
487 | CONSTRAINTS_FIELDS, | 496 | CONSTRAINTS_FIELDS, |