Block infohash spammers from tracker

1 files changed, 29 insertions, 5 deletions

diff --git a/server/controllers/tracker.ts b/server/controllers/tracker.ts
index cacff36ec..c962fada5 100644
--- a/server/controllers/tracker.ts
+++ b/server/controllers/tracker.ts
@@ -1,13 +1,14 @@
-import { logger } from '../helpers/logger'
+import * as bitTorrentTracker from 'bittorrent-tracker'
 import * as express from 'express'
 import * as http from 'http'
-import * as bitTorrentTracker from 'bittorrent-tracker'
 import * as proxyAddr from 'proxy-addr'
 import { Server as WebSocketServer } from 'ws'
+import { Redis } from '@server/lib/redis'
+import { logger } from '../helpers/logger'
+import { CONFIG } from '../initializers/config'
 import { TRACKER_RATE_LIMITS } from '../initializers/constants'
 import { VideoFileModel } from '../models/video/video-file'
 import { VideoStreamingPlaylistModel } from '../models/video/video-streaming-playlist'
-import { CONFIG } from '../initializers/config'
 
 const TrackerServer = bitTorrentTracker.Server
 
@@ -53,7 +54,16 @@ const trackerServer = new TrackerServer({
       const playlistExists = await VideoStreamingPlaylistModel.doesInfohashExist(infoHash)
       if (playlistExists === true) return cb()
 
-      return cb(new Error(`Unknown infoHash ${infoHash} requested by ip ${ip}`))
+      cb(new Error(`Unknown infoHash ${infoHash} requested by ip ${ip}`))
+
+      // Close socket connection and block IP for a few time
+      if (params.type === 'ws') {
+        Redis.Instance.setTrackerBlockIP(ip)
+          .catch(err => logger.error('Cannot set tracker block ip.', { err }))
+
+        // setTimeout to wait filter response
+        setTimeout(() => params.socket.close(), 0)
+      }
     } catch (err) {
       logger.error('Error in tracker filter.', { err })
       return cb(err)
@@ -88,7 +98,21 @@ function createWebsocketTrackerServer (app: express.Application) {
 
   server.on('upgrade', (request: express.Request, socket, head) => {
     if (request.url === '/tracker/socket') {
-      wss.handleUpgrade(request, socket, head, ws => wss.emit('connection', ws, request))
+      const ip = proxyAddr(request, CONFIG.TRUST_PROXY)
+
+      Redis.Instance.doesTrackerBlockIPExist(ip)
+        .then(result => {
+          if (result === true) {
+            logger.debug('Blocking IP %s from tracker.', ip)
+
+            socket.write('HTTP/1.1 403 Forbidden\r\n\r\n')
+            socket.destroy()
+            return
+          }
+
+          return wss.handleUpgrade(request, socket, head, ws => wss.emit('connection', ws, request))
+        })
+        .catch(err => logger.error('Cannot check if tracker block ip exists.', { err }))
     }
 
     // Don't destroy socket, we have Socket.IO too