Add tracker rate limiter

author: Chocobozzz <me@florianbigard.com> 2018-06-26 16:53:24 +0200
committer: Chocobozzz <me@florianbigard.com> 2018-06-26 16:53:43 +0200
commit: 9b67da3d9bc951c624f17dce7821036f8518d893 (patch)
tree: 91de299c2eb45a12b0c775b085c5f7a13dc16f71
parent: 11fa7d392a21fe73dd235375b89c554e9b5ba18c (diff)
download: PeerTube-9b67da3d9bc951c624f17dce7821036f8518d893.tar.gz
PeerTube-9b67da3d9bc951c624f17dce7821036f8518d893.tar.zst
PeerTube-9b67da3d9bc951c624f17dce7821036f8518d893.zip
4 files changed, 107 insertions, 33 deletions
diff --git a/server.ts b/server.ts
index f756bf9d4..fb01ed572 100644
--- a/server.ts
+++ b/server.ts
@@ -10,13 +10,8 @@ if (isTestInstance()) {
 // ----------- Node modules -----------
 import * as bodyParser from 'body-parser'
 import * as express from 'express'
-import * as http from 'http'
 import * as morgan from 'morgan'
-import * as bitTorrentTracker from 'bittorrent-tracker'
 import * as cors from 'cors'
-import { Server as WebSocketServer } from 'ws'
-const TrackerServer = bitTorrentTracker.Server
 process.title = 'peertube'
@@ -75,7 +70,9 @@ import {
  feedsRouter,
  staticRouter,
  servicesRouter,
-  webfingerRouter
+  webfingerRouter,
+  trackerRouter,
+  createWebsocketServer
 } from './server/controllers'
 import { Redis } from './server/lib/redis'
 import { BadActorFollowScheduler } from './server/lib/schedulers/bad-actor-follow-scheduler'
@@ -116,33 +113,6 @@ app.use(bodyParser.json({
  limit: '500kb'
 }))
-// ----------- Tracker -----------
-const trackerServer = new TrackerServer({
-  http: false,
-  udp: false,
-  ws: false,
-  dht: false
-})
-trackerServer.on('error', function (err) {
-  logger.error('Error in websocket tracker.', err)
-})
-trackerServer.on('warning', function (err) {
-  logger.error('Warning in websocket tracker.', err)
-})
-const server = http.createServer(app)
-const wss = new WebSocketServer({ server: server, path: '/tracker/socket' })
-wss.on('connection', function (ws) {
-  trackerServer.onWebSocketConnection(ws)
-})
-const onHttpRequest = trackerServer.onHttpRequest.bind(trackerServer)
-app.get('/tracker/announce', (req, res) => onHttpRequest(req, res, { action: 'announce' }))
-app.get('/tracker/scrape', (req, res) => onHttpRequest(req, res, { action: 'scrape' }))
 // ----------- Views, routes and static files -----------
 // API
@@ -155,6 +125,7 @@ app.use('/services', servicesRouter)
 app.use('/', activityPubRouter)
 app.use('/', feedsRouter)
 app.use('/', webfingerRouter)
+app.use('/', trackerRouter)
 // Static files
 app.use('/', staticRouter)
@@ -181,6 +152,8 @@ app.use(function (err, req, res, next) {
  return res.status(err.status || 500).end()
 })
+const server = createWebsocketServer(app)
 // ----------- Run -----------
 async function startApplication () {
diff --git a/server/controllers/index.ts b/server/controllers/index.ts
index ff7928312..197fa897a 100644
--- a/server/controllers/index.ts
+++ b/server/controllers/index.ts
@@ -5,3 +5,4 @@ export * from './feeds'
 export * from './services'
 export * from './static'
 export * from './webfinger'
+export * from './tracker'
diff --git a/server/controllers/tracker.ts b/server/controllers/tracker.ts
new file mode 100644
index 000000000..42f5aea81
--- /dev/null
+++ b/server/controllers/tracker.ts
@@ -0,0 +1,91 @@
+import { logger } from '../helpers/logger'
+import * as express from 'express'
+import * as http from 'http'
+import * as bitTorrentTracker from 'bittorrent-tracker'
+import * as proxyAddr from 'proxy-addr'
+import { Server as WebSocketServer } from 'ws'
+import { CONFIG, TRACKER_RATE_LIMITS } from '../initializers/constants'
+const TrackerServer = bitTorrentTracker.Server
+const trackerRouter = express.Router()
+let peersIps = {}
+let peersIpInfoHash = {}
+runPeersChecker()
+const trackerServer = new TrackerServer({
+  http: false,
+  udp: false,
+  ws: false,
+  dht: false,
+  filter: function (infoHash, params, cb) {
+    let ip: string
+    if (params.type === 'ws') {
+      ip = params.socket.ip
+    } else {
+      ip = params.httpReq.ip
+    }
+    const key = ip + '-' + infoHash
+    peersIps[ip] = peersIps[ip] ? peersIps[ip] + 1 : 1
+    peersIpInfoHash[key] = peersIpInfoHash[key] ? peersIpInfoHash[key] + 1 : 1
+    if (peersIpInfoHash[key] > TRACKER_RATE_LIMITS.ANNOUNCES_PER_IP_PER_INFOHASH) {
+      return cb(new Error(`Too many requests (${peersIpInfoHash[ key ]} of ip ${ip} for torrent ${infoHash}`))
+    }
+    return cb()
+  }
+})
+trackerServer.on('error', function (err) {
+  logger.error('Error in tracker.', { err })
+})
+trackerServer.on('warning', function (err) {
+  logger.warn('Warning in tracker.', { err })
+})
+const onHttpRequest = trackerServer.onHttpRequest.bind(trackerServer)
+trackerRouter.get('/tracker/announce', (req, res) => onHttpRequest(req, res, { action: 'announce' }))
+trackerRouter.get('/tracker/scrape', (req, res) => onHttpRequest(req, res, { action: 'scrape' }))
+function createWebsocketServer (app: express.Application) {
+  const server = http.createServer(app)
+  const wss = new WebSocketServer({ server: server, path: '/tracker/socket' })
+  wss.on('connection', function (ws, req) {
+    const ip = proxyAddr(req, CONFIG.TRUST_PROXY)
+    ws['ip'] = ip
+    trackerServer.onWebSocketConnection(ws)
+  })
+  return server
+}
+// ---------------------------------------------------------------------------
+export {
+  trackerRouter,
+  createWebsocketServer
+}
+// ---------------------------------------------------------------------------
+function runPeersChecker () {
+  setInterval(() => {
+    logger.debug('Checking peers.')
+    for (const ip of Object.keys(peersIpInfoHash)) {
+      if (peersIps[ip] > TRACKER_RATE_LIMITS.ANNOUNCES_PER_IP) {
+        logger.warn('Peer %s made abnormal requests (%d).', ip, peersIps[ip])
+      }
+    }
+    peersIpInfoHash = {}
+    peersIps = {}
+  }, TRACKER_RATE_LIMITS.INTERVAL)
+}
diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts
index 53902071c..4e1c8dda7 100644
--- a/server/initializers/constants.ts
+++ b/server/initializers/constants.ts
@@ -450,6 +450,14 @@ const FEEDS = {
 // ---------------------------------------------------------------------------
+const TRACKER_RATE_LIMITS = {
+  INTERVAL: 60000 * 5, // 5 minutes
+  ANNOUNCES_PER_IP_PER_INFOHASH: 10, // maximum announces per torrent in the interval
+  ANNOUNCES_PER_IP: 30 // maximum announces for all our torrents in the interval
+}
+// ---------------------------------------------------------------------------
 // Special constants for a test instance
 if (isTestInstance() === true) {
  ACTOR_FOLLOW_SCORE.BASE = 20
@@ -482,6 +490,7 @@ export {
  AVATARS_SIZE,
  ACCEPT_HEADERS,
  BCRYPT_SALT_SIZE,
+  TRACKER_RATE_LIMITS,
  CACHE,
  CONFIG,
  CONSTRAINTS_FIELDS,
author	Chocobozzz <me@florianbigard.com>	2018-06-26 16:53:24 +0200
committer	Chocobozzz <me@florianbigard.com>	2018-06-26 16:53:43 +0200
commit	9b67da3d9bc951c624f17dce7821036f8518d893 (patch)
tree	91de299c2eb45a12b0c775b085c5f7a13dc16f71
parent	11fa7d392a21fe73dd235375b89c554e9b5ba18c (diff)
download	PeerTube-9b67da3d9bc951c624f17dce7821036f8518d893.tar.gz PeerTube-9b67da3d9bc951c624f17dce7821036f8518d893.tar.zst PeerTube-9b67da3d9bc951c624f17dce7821036f8518d893.zip

diff --git a/server.ts b/server.ts index f756bf9d4..fb01ed572 100644 --- a/server.ts +++ b/server.ts
@@ -10,13 +10,8 @@ if (isTestInstance()) {
10	// ----------- Node modules -----------	10	// ----------- Node modules -----------
11	import * as bodyParser from 'body-parser'	11	import * as bodyParser from 'body-parser'
12	import * as express from 'express'	12	import * as express from 'express'
13	import * as http from 'http'
14	import * as morgan from 'morgan'	13	import * as morgan from 'morgan'
15	import * as bitTorrentTracker from 'bittorrent-tracker'
16	import * as cors from 'cors'	14	import * as cors from 'cors'
17	import { Server as WebSocketServer } from 'ws'
18
19	const TrackerServer = bitTorrentTracker.Server
20		15
21	process.title = 'peertube'	16	process.title = 'peertube'
22		17
@@ -75,7 +70,9 @@ import {
75	feedsRouter,	70	feedsRouter,
76	staticRouter,	71	staticRouter,
77	servicesRouter,	72	servicesRouter,
78	webfingerRouter	73	webfingerRouter,
		74	trackerRouter,
		75	createWebsocketServer
79	} from './server/controllers'	76	} from './server/controllers'
80	import { Redis } from './server/lib/redis'	77	import { Redis } from './server/lib/redis'
81	import { BadActorFollowScheduler } from './server/lib/schedulers/bad-actor-follow-scheduler'	78	import { BadActorFollowScheduler } from './server/lib/schedulers/bad-actor-follow-scheduler'
@@ -116,33 +113,6 @@ app.use(bodyParser.json({
116	limit: '500kb'	113	limit: '500kb'
117	}))	114	}))
118		115
119	// ----------- Tracker -----------
120
121	const trackerServer = new TrackerServer({
122	http: false,
123	udp: false,
124	ws: false,
125	dht: false
126	})
127
128	trackerServer.on('error', function (err) {
129	logger.error('Error in websocket tracker.', err)
130	})
131
132	trackerServer.on('warning', function (err) {
133	logger.error('Warning in websocket tracker.', err)
134	})
135
136	const server = http.createServer(app)
137	const wss = new WebSocketServer({ server: server, path: '/tracker/socket' })
138	wss.on('connection', function (ws) {
139	trackerServer.onWebSocketConnection(ws)
140	})
141
142	const onHttpRequest = trackerServer.onHttpRequest.bind(trackerServer)
143	app.get('/tracker/announce', (req, res) => onHttpRequest(req, res, { action: 'announce' }))
144	app.get('/tracker/scrape', (req, res) => onHttpRequest(req, res, { action: 'scrape' }))
145
146	// ----------- Views, routes and static files -----------	116	// ----------- Views, routes and static files -----------
147		117
148	// API	118	// API
@@ -155,6 +125,7 @@ app.use('/services', servicesRouter)
155	app.use('/', activityPubRouter)	125	app.use('/', activityPubRouter)
156	app.use('/', feedsRouter)	126	app.use('/', feedsRouter)
157	app.use('/', webfingerRouter)	127	app.use('/', webfingerRouter)
		128	app.use('/', trackerRouter)
158		129
159	// Static files	130	// Static files
160	app.use('/', staticRouter)	131	app.use('/', staticRouter)
@@ -181,6 +152,8 @@ app.use(function (err, req, res, next) {
181	return res.status(err.status \|\| 500).end()	152	return res.status(err.status \|\| 500).end()
182	})	153	})
183		154
		155	const server = createWebsocketServer(app)
		156
184	// ----------- Run -----------	157	// ----------- Run -----------
185		158
186	async function startApplication () {	159	async function startApplication () {


diff --git a/server/controllers/index.ts b/server/controllers/index.ts index ff7928312..197fa897a 100644 --- a/server/controllers/index.ts +++ b/server/controllers/index.ts
@@ -5,3 +5,4 @@ export * from './feeds'
5	export * from './services'	5	export * from './services'
6	export * from './static'	6	export * from './static'
7	export * from './webfinger'	7	export * from './webfinger'
		8	export * from './tracker'


diff --git a/server/controllers/tracker.ts b/server/controllers/tracker.ts new file mode 100644 index 000000000..42f5aea81 --- /dev/null +++ b/server/controllers/tracker.ts
@@ -0,0 +1,91 @@
		1	import { logger } from '../helpers/logger'
		2	import * as express from 'express'
		3	import * as http from 'http'
		4	import * as bitTorrentTracker from 'bittorrent-tracker'
		5	import * as proxyAddr from 'proxy-addr'
		6	import { Server as WebSocketServer } from 'ws'
		7	import { CONFIG, TRACKER_RATE_LIMITS } from '../initializers/constants'
		8
		9	const TrackerServer = bitTorrentTracker.Server
		10
		11	const trackerRouter = express.Router()
		12
		13	let peersIps = {}
		14	let peersIpInfoHash = {}
		15	runPeersChecker()
		16
		17	const trackerServer = new TrackerServer({
		18	http: false,
		19	udp: false,
		20	ws: false,
		21	dht: false,
		22	filter: function (infoHash, params, cb) {
		23	let ip: string
		24
		25	if (params.type === 'ws') {
		26	ip = params.socket.ip
		27	} else {
		28	ip = params.httpReq.ip
		29	}
		30
		31	const key = ip + '-' + infoHash
		32
		33	peersIps[ip] = peersIps[ip] ? peersIps[ip] + 1 : 1
		34	peersIpInfoHash[key] = peersIpInfoHash[key] ? peersIpInfoHash[key] + 1 : 1
		35
		36	if (peersIpInfoHash[key] > TRACKER_RATE_LIMITS.ANNOUNCES_PER_IP_PER_INFOHASH) {
		37	return cb(new Error(`Too many requests (${peersIpInfoHash[ key ]} of ip ${ip} for torrent ${infoHash}`))
		38	}
		39
		40	return cb()
		41	}
		42	})
		43
		44	trackerServer.on('error', function (err) {
		45	logger.error('Error in tracker.', { err })
		46	})
		47
		48	trackerServer.on('warning', function (err) {
		49	logger.warn('Warning in tracker.', { err })
		50	})
		51
		52	const onHttpRequest = trackerServer.onHttpRequest.bind(trackerServer)
		53	trackerRouter.get('/tracker/announce', (req, res) => onHttpRequest(req, res, { action: 'announce' }))
		54	trackerRouter.get('/tracker/scrape', (req, res) => onHttpRequest(req, res, { action: 'scrape' }))
		55
		56	function createWebsocketServer (app: express.Application) {
		57	const server = http.createServer(app)
		58	const wss = new WebSocketServer({ server: server, path: '/tracker/socket' })
		59	wss.on('connection', function (ws, req) {
		60	const ip = proxyAddr(req, CONFIG.TRUST_PROXY)
		61	ws['ip'] = ip
		62
		63	trackerServer.onWebSocketConnection(ws)
		64	})
		65
		66	return server
		67	}
		68
		69	// ---------------------------------------------------------------------------
		70
		71	export {
		72	trackerRouter,
		73	createWebsocketServer
		74	}
		75
		76	// ---------------------------------------------------------------------------
		77
		78	function runPeersChecker () {
		79	setInterval(() => {
		80	logger.debug('Checking peers.')
		81
		82	for (const ip of Object.keys(peersIpInfoHash)) {
		83	if (peersIps[ip] > TRACKER_RATE_LIMITS.ANNOUNCES_PER_IP) {
		84	logger.warn('Peer %s made abnormal requests (%d).', ip, peersIps[ip])
		85	}
		86	}
		87
		88	peersIpInfoHash = {}
		89	peersIps = {}
		90	}, TRACKER_RATE_LIMITS.INTERVAL)
		91	}


diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts index 53902071c..4e1c8dda7 100644 --- a/server/initializers/constants.ts +++ b/server/initializers/constants.ts
@@ -450,6 +450,14 @@ const FEEDS = {
450		450
451	// ---------------------------------------------------------------------------	451	// ---------------------------------------------------------------------------
452		452
		453	const TRACKER_RATE_LIMITS = {
		454	INTERVAL: 60000 * 5, // 5 minutes
		455	ANNOUNCES_PER_IP_PER_INFOHASH: 10, // maximum announces per torrent in the interval
		456	ANNOUNCES_PER_IP: 30 // maximum announces for all our torrents in the interval
		457	}
		458
		459	// ---------------------------------------------------------------------------
		460
453	// Special constants for a test instance	461	// Special constants for a test instance
454	if (isTestInstance() === true) {	462	if (isTestInstance() === true) {
455	ACTOR_FOLLOW_SCORE.BASE = 20	463	ACTOR_FOLLOW_SCORE.BASE = 20
@@ -482,6 +490,7 @@ export {
482	AVATARS_SIZE,	490	AVATARS_SIZE,
483	ACCEPT_HEADERS,	491	ACCEPT_HEADERS,
484	BCRYPT_SALT_SIZE,	492	BCRYPT_SALT_SIZE,
		493	TRACKER_RATE_LIMITS,
485	CACHE,	494	CACHE,
486	CONFIG,	495	CONFIG,
487	CONSTRAINTS_FIELDS,	496	CONSTRAINTS_FIELDS,