diff options
author | Chocobozzz <me@florianbigard.com> | 2022-12-23 13:38:28 +0100 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2022-12-23 13:40:42 +0100 |
commit | 1fed9cb8d33f04b98d34ec74510d01b6d8b5c5e6 (patch) | |
tree | 8d751c61e63527570907d08dac2158b7483dc731 | |
parent | 7624270a63c47c90b6cc12d5331b2803ee1d004c (diff) | |
download | PeerTube-1fed9cb8d33f04b98d34ec74510d01b6d8b5c5e6.tar.gz PeerTube-1fed9cb8d33f04b98d34ec74510d01b6d8b5c5e6.tar.zst PeerTube-1fed9cb8d33f04b98d34ec74510d01b6d8b5c5e6.zip |
Don't need to use redis to block tracker ips
There could be many of them, so reduce load by storing IPs directly
inside node memory
-rw-r--r-- | server/controllers/tracker.ts | 32 | ||||
-rw-r--r-- | server/initializers/constants.ts | 5 | ||||
-rw-r--r-- | server/lib/redis.ts | 15 |
3 files changed, 20 insertions, 32 deletions
diff --git a/server/controllers/tracker.ts b/server/controllers/tracker.ts index 19a8b2bc9..0ef98c35e 100644 --- a/server/controllers/tracker.ts +++ b/server/controllers/tracker.ts | |||
@@ -1,17 +1,22 @@ | |||
1 | import { Server as TrackerServer } from 'bittorrent-tracker' | 1 | import { Server as TrackerServer } from 'bittorrent-tracker' |
2 | import express from 'express' | 2 | import express from 'express' |
3 | import { createServer } from 'http' | 3 | import { createServer } from 'http' |
4 | import LRUCache from 'lru-cache' | ||
4 | import proxyAddr from 'proxy-addr' | 5 | import proxyAddr from 'proxy-addr' |
5 | import { WebSocketServer } from 'ws' | 6 | import { WebSocketServer } from 'ws' |
6 | import { Redis } from '@server/lib/redis' | ||
7 | import { logger } from '../helpers/logger' | 7 | import { logger } from '../helpers/logger' |
8 | import { CONFIG } from '../initializers/config' | 8 | import { CONFIG } from '../initializers/config' |
9 | import { TRACKER_RATE_LIMITS } from '../initializers/constants' | 9 | import { LRU_CACHE, TRACKER_RATE_LIMITS } from '../initializers/constants' |
10 | import { VideoFileModel } from '../models/video/video-file' | 10 | import { VideoFileModel } from '../models/video/video-file' |
11 | import { VideoStreamingPlaylistModel } from '../models/video/video-streaming-playlist' | 11 | import { VideoStreamingPlaylistModel } from '../models/video/video-streaming-playlist' |
12 | 12 | ||
13 | const trackerRouter = express.Router() | 13 | const trackerRouter = express.Router() |
14 | 14 | ||
15 | const blockedIPs = new LRUCache<string, boolean>({ | ||
16 | max: LRU_CACHE.TRACKER_IPS.MAX_SIZE, | ||
17 | ttl: TRACKER_RATE_LIMITS.BLOCK_IP_LIFETIME | ||
18 | }) | ||
19 | |||
15 | let peersIps = {} | 20 | let peersIps = {} |
16 | let peersIpInfoHash = {} | 21 | let peersIpInfoHash = {} |
17 | runPeersChecker() | 22 | runPeersChecker() |
@@ -55,8 +60,7 @@ const trackerServer = new TrackerServer({ | |||
55 | 60 | ||
56 | // Close socket connection and block IP for a few time | 61 | // Close socket connection and block IP for a few time |
57 | if (params.type === 'ws') { | 62 | if (params.type === 'ws') { |
58 | Redis.Instance.setTrackerBlockIP(ip) | 63 | blockedIPs.set(ip, true) |
59 | .catch(err => logger.error('Cannot set tracker block ip.', { err })) | ||
60 | 64 | ||
61 | // setTimeout to wait filter response | 65 | // setTimeout to wait filter response |
62 | setTimeout(() => params.socket.close(), 0) | 66 | setTimeout(() => params.socket.close(), 0) |
@@ -102,20 +106,16 @@ function createWebsocketTrackerServer (app: express.Application) { | |||
102 | if (request.url === '/tracker/socket') { | 106 | if (request.url === '/tracker/socket') { |
103 | const ip = proxyAddr(request, CONFIG.TRUST_PROXY) | 107 | const ip = proxyAddr(request, CONFIG.TRUST_PROXY) |
104 | 108 | ||
105 | Redis.Instance.doesTrackerBlockIPExist(ip) | 109 | if (blockedIPs.has(ip)) { |
106 | .then(result => { | 110 | logger.debug('Blocking IP %s from tracker.', ip) |
107 | if (result === true) { | ||
108 | logger.debug('Blocking IP %s from tracker.', ip) | ||
109 | 111 | ||
110 | socket.write('HTTP/1.1 403 Forbidden\r\n\r\n') | 112 | socket.write('HTTP/1.1 403 Forbidden\r\n\r\n') |
111 | socket.destroy() | 113 | socket.destroy() |
112 | return | 114 | return |
113 | } | 115 | } |
114 | 116 | ||
115 | // FIXME: typings | 117 | // FIXME: typings |
116 | return wss.handleUpgrade(request, socket as any, head, ws => wss.emit('connection', ws, request)) | 118 | return wss.handleUpgrade(request, socket as any, head, ws => wss.emit('connection', ws, request)) |
117 | }) | ||
118 | .catch(err => logger.error('Cannot check if tracker block ip exists.', { err })) | ||
119 | } | 119 | } |
120 | 120 | ||
121 | // Don't destroy socket, we have Socket.IO too | 121 | // Don't destroy socket, we have Socket.IO too |
diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts index 0e56f0c9f..ec5045078 100644 --- a/server/initializers/constants.ts +++ b/server/initializers/constants.ts | |||
@@ -781,6 +781,9 @@ const LRU_CACHE = { | |||
781 | VIDEO_TOKENS: { | 781 | VIDEO_TOKENS: { |
782 | MAX_SIZE: 100_000, | 782 | MAX_SIZE: 100_000, |
783 | TTL: parseDurationToMs('8 hours') | 783 | TTL: parseDurationToMs('8 hours') |
784 | }, | ||
785 | TRACKER_IPS: { | ||
786 | MAX_SIZE: 100_000 | ||
784 | } | 787 | } |
785 | } | 788 | } |
786 | 789 | ||
@@ -884,7 +887,7 @@ const TRACKER_RATE_LIMITS = { | |||
884 | INTERVAL: 60000 * 5, // 5 minutes | 887 | INTERVAL: 60000 * 5, // 5 minutes |
885 | ANNOUNCES_PER_IP_PER_INFOHASH: 15, // maximum announces per torrent in the interval | 888 | ANNOUNCES_PER_IP_PER_INFOHASH: 15, // maximum announces per torrent in the interval |
886 | ANNOUNCES_PER_IP: 30, // maximum announces for all our torrents in the interval | 889 | ANNOUNCES_PER_IP: 30, // maximum announces for all our torrents in the interval |
887 | BLOCK_IP_LIFETIME: 60000 * 3 // 3 minutes | 890 | BLOCK_IP_LIFETIME: parseDurationToMs('3 minutes') |
888 | } | 891 | } |
889 | 892 | ||
890 | const P2P_MEDIA_LOADER_PEER_VERSION = 2 | 893 | const P2P_MEDIA_LOADER_PEER_VERSION = 2 |
diff --git a/server/lib/redis.ts b/server/lib/redis.ts index c0e9aece7..451ddd0b6 100644 --- a/server/lib/redis.ts +++ b/server/lib/redis.ts | |||
@@ -8,7 +8,6 @@ import { | |||
8 | AP_CLEANER, | 8 | AP_CLEANER, |
9 | CONTACT_FORM_LIFETIME, | 9 | CONTACT_FORM_LIFETIME, |
10 | RESUMABLE_UPLOAD_SESSION_LIFETIME, | 10 | RESUMABLE_UPLOAD_SESSION_LIFETIME, |
11 | TRACKER_RATE_LIMITS, | ||
12 | TWO_FACTOR_AUTH_REQUEST_TOKEN_LIFETIME, | 11 | TWO_FACTOR_AUTH_REQUEST_TOKEN_LIFETIME, |
13 | USER_EMAIL_VERIFY_LIFETIME, | 12 | USER_EMAIL_VERIFY_LIFETIME, |
14 | USER_PASSWORD_CREATE_LIFETIME, | 13 | USER_PASSWORD_CREATE_LIFETIME, |
@@ -157,16 +156,6 @@ class Redis { | |||
157 | return this.exists(this.generateIPViewKey(ip, videoUUID)) | 156 | return this.exists(this.generateIPViewKey(ip, videoUUID)) |
158 | } | 157 | } |
159 | 158 | ||
160 | /* ************ Tracker IP block ************ */ | ||
161 | |||
162 | setTrackerBlockIP (ip: string) { | ||
163 | return this.setValue(this.generateTrackerBlockIPKey(ip), '1', TRACKER_RATE_LIMITS.BLOCK_IP_LIFETIME) | ||
164 | } | ||
165 | |||
166 | async doesTrackerBlockIPExist (ip: string) { | ||
167 | return this.exists(this.generateTrackerBlockIPKey(ip)) | ||
168 | } | ||
169 | |||
170 | /* ************ Video views stats ************ */ | 159 | /* ************ Video views stats ************ */ |
171 | 160 | ||
172 | addVideoViewStats (videoId: number) { | 161 | addVideoViewStats (videoId: number) { |
@@ -365,10 +354,6 @@ class Redis { | |||
365 | return `views-${videoUUID}-${ip}` | 354 | return `views-${videoUUID}-${ip}` |
366 | } | 355 | } |
367 | 356 | ||
368 | private generateTrackerBlockIPKey (ip: string) { | ||
369 | return `tracker-block-ip-${ip}` | ||
370 | } | ||
371 | |||
372 | private generateContactFormKey (ip: string) { | 357 | private generateContactFormKey (ip: string) { |
373 | return 'contact-form-' + ip | 358 | return 'contact-form-' + ip |
374 | } | 359 | } |