feature: IP filtering on signup page

disable registration form on IP not in range checking the CIDR list before filtering with it placing the cidr filters as an attribute object in the config
author: Rigel Kent <sendmemail@rigelk.eu> 2018-05-22 19:43:13 +0200
committer: Rigel Kent <par@rigelk.eu> 2018-05-22 19:44:34 +0200
commit: ff2c1fe8133f9556f6aaa52058cd8b83c40085e6 (patch)
tree: bc92cde25bf5a1d74b1413d7145179ef7abfd670 /server/helpers
parent: e2f1dad83607aa610ee33b234a81b07664f4304c (diff)
download: PeerTube-ff2c1fe8133f9556f6aaa52058cd8b83c40085e6.tar.gz
PeerTube-ff2c1fe8133f9556f6aaa52058cd8b83c40085e6.tar.zst
PeerTube-ff2c1fe8133f9556f6aaa52058cd8b83c40085e6.zip
1 files changed, 36 insertions, 0 deletions
diff --git a/server/helpers/utils.ts b/server/helpers/utils.ts
index 058c3211e..e4556fa12 100644
--- a/server/helpers/utils.ts
+++ b/server/helpers/utils.ts
@@ -1,4 +1,6 @@
 import { Model } from 'sequelize-typescript'
+import * as ipaddr from 'ipaddr.js'
+const isCidr = require('is-cidr')
 import { ResultList } from '../../shared'
 import { VideoResolution } from '../../shared/models/videos'
 import { CONFIG } from '../initializers'
@@ -48,6 +50,39 @@ async function isSignupAllowed () {
  return totalUsers < CONFIG.SIGNUP.LIMIT
 }
+function isSignupAllowedForCurrentIP (ip: string) {
+  const addr = ipaddr.parse(ip)
+  let excludeList = [ 'blacklist' ]
+  let matched: string
+  // if there is a valid, non-empty whitelist, we exclude all unknown adresses too
+  if (CONFIG.SIGNUP.FILTERS.CIDR.WHITELIST.filter(cidr => isCidr(cidr)).length > 0) {
+    excludeList.push('unknown')
+  }
+  if (addr.kind() === 'ipv4') {
+    const addrV4 = ipaddr.IPv4.parse(ip)
+    const rangeList = {
+      whitelist: CONFIG.SIGNUP.FILTERS.CIDR.WHITELIST.filter(cidr => isCidr.v4(cidr))
+                                                .map(cidr => ipaddr.IPv4.parseCIDR(cidr)),
+      blacklist: CONFIG.SIGNUP.FILTERS.CIDR.BLACKLIST.filter(cidr => isCidr.v4(cidr))
+                                                .map(cidr => ipaddr.IPv4.parseCIDR(cidr))
+    }
+    matched = ipaddr.subnetMatch(addrV4, rangeList, 'unknown')
+  } else if (addr.kind() === 'ipv6') {
+    const addrV6 = ipaddr.IPv6.parse(ip)
+    const rangeList = {
+      whitelist: CONFIG.SIGNUP.FILTERS.CIDR.WHITELIST.filter(cidr => isCidr.v6(cidr))
+                                                .map(cidr => ipaddr.IPv6.parseCIDR(cidr)),
+      blacklist: CONFIG.SIGNUP.FILTERS.CIDR.BLACKLIST.filter(cidr => isCidr.v6(cidr))
+                                                .map(cidr => ipaddr.IPv6.parseCIDR(cidr))
+    }
+    matched = ipaddr.subnetMatch(addrV6, rangeList, 'unknown')
+  }
+  return !excludeList.includes(matched)
+}
 function computeResolutionsToTranscode (videoFileHeight: number) {
  const resolutionsEnabled: number[] = []
  const configResolutions = CONFIG.TRANSCODING.RESOLUTIONS
@@ -99,6 +134,7 @@ export {
  generateRandomString,
  getFormattedObjects,
  isSignupAllowed,
+  isSignupAllowedForCurrentIP,
  computeResolutionsToTranscode,
  resetSequelizeInstance,
  getServerActor,
author	Rigel Kent <sendmemail@rigelk.eu>	2018-05-22 19:43:13 +0200
committer	Rigel Kent <par@rigelk.eu>	2018-05-22 19:44:34 +0200
commit	ff2c1fe8133f9556f6aaa52058cd8b83c40085e6 (patch)
tree	bc92cde25bf5a1d74b1413d7145179ef7abfd670 /server/helpers
parent	e2f1dad83607aa610ee33b234a81b07664f4304c (diff)
download	PeerTube-ff2c1fe8133f9556f6aaa52058cd8b83c40085e6.tar.gz PeerTube-ff2c1fe8133f9556f6aaa52058cd8b83c40085e6.tar.zst PeerTube-ff2c1fe8133f9556f6aaa52058cd8b83c40085e6.zip

diff --git a/server/helpers/utils.ts b/server/helpers/utils.ts index 058c3211e..e4556fa12 100644 --- a/server/helpers/utils.ts +++ b/server/helpers/utils.ts
@@ -1,4 +1,6 @@
1	import { Model } from 'sequelize-typescript'	1	import { Model } from 'sequelize-typescript'
		2	import * as ipaddr from 'ipaddr.js'
		3	const isCidr = require('is-cidr')
2	import { ResultList } from '../../shared'	4	import { ResultList } from '../../shared'
3	import { VideoResolution } from '../../shared/models/videos'	5	import { VideoResolution } from '../../shared/models/videos'
4	import { CONFIG } from '../initializers'	6	import { CONFIG } from '../initializers'
@@ -48,6 +50,39 @@ async function isSignupAllowed () {
48	return totalUsers < CONFIG.SIGNUP.LIMIT	50	return totalUsers < CONFIG.SIGNUP.LIMIT
49	}	51	}
50		52
		53	function isSignupAllowedForCurrentIP (ip: string) {
		54	const addr = ipaddr.parse(ip)
		55	let excludeList = [ 'blacklist' ]
		56	let matched: string
		57
		58	// if there is a valid, non-empty whitelist, we exclude all unknown adresses too
		59	if (CONFIG.SIGNUP.FILTERS.CIDR.WHITELIST.filter(cidr => isCidr(cidr)).length > 0) {
		60	excludeList.push('unknown')
		61	}
		62
		63	if (addr.kind() === 'ipv4') {
		64	const addrV4 = ipaddr.IPv4.parse(ip)
		65	const rangeList = {
		66	whitelist: CONFIG.SIGNUP.FILTERS.CIDR.WHITELIST.filter(cidr => isCidr.v4(cidr))
		67	.map(cidr => ipaddr.IPv4.parseCIDR(cidr)),
		68	blacklist: CONFIG.SIGNUP.FILTERS.CIDR.BLACKLIST.filter(cidr => isCidr.v4(cidr))
		69	.map(cidr => ipaddr.IPv4.parseCIDR(cidr))
		70	}
		71	matched = ipaddr.subnetMatch(addrV4, rangeList, 'unknown')
		72	} else if (addr.kind() === 'ipv6') {
		73	const addrV6 = ipaddr.IPv6.parse(ip)
		74	const rangeList = {
		75	whitelist: CONFIG.SIGNUP.FILTERS.CIDR.WHITELIST.filter(cidr => isCidr.v6(cidr))
		76	.map(cidr => ipaddr.IPv6.parseCIDR(cidr)),
		77	blacklist: CONFIG.SIGNUP.FILTERS.CIDR.BLACKLIST.filter(cidr => isCidr.v6(cidr))
		78	.map(cidr => ipaddr.IPv6.parseCIDR(cidr))
		79	}
		80	matched = ipaddr.subnetMatch(addrV6, rangeList, 'unknown')
		81	}
		82
		83	return !excludeList.includes(matched)
		84	}
		85
51	function computeResolutionsToTranscode (videoFileHeight: number) {	86	function computeResolutionsToTranscode (videoFileHeight: number) {
52	const resolutionsEnabled: number[] = []	87	const resolutionsEnabled: number[] = []
53	const configResolutions = CONFIG.TRANSCODING.RESOLUTIONS	88	const configResolutions = CONFIG.TRANSCODING.RESOLUTIONS
@@ -99,6 +134,7 @@ export {
99	generateRandomString,	134	generateRandomString,
100	getFormattedObjects,	135	getFormattedObjects,
101	isSignupAllowed,	136	isSignupAllowed,
		137	isSignupAllowedForCurrentIP,
102	computeResolutionsToTranscode,	138	computeResolutionsToTranscode,
103	resetSequelizeInstance,	139	resetSequelizeInstance,
104	getServerActor,	140	getServerActor,