Add tracker rate limiter

author: Chocobozzz <me@florianbigard.com> 2018-06-26 16:53:24 +0200
committer: Chocobozzz <me@florianbigard.com> 2018-06-26 16:53:43 +0200
commit: 9b67da3d9bc951c624f17dce7821036f8518d893 (patch)
tree: 91de299c2eb45a12b0c775b085c5f7a13dc16f71 /server
parent: 11fa7d392a21fe73dd235375b89c554e9b5ba18c (diff)
download: PeerTube-9b67da3d9bc951c624f17dce7821036f8518d893.tar.gz
PeerTube-9b67da3d9bc951c624f17dce7821036f8518d893.tar.zst
PeerTube-9b67da3d9bc951c624f17dce7821036f8518d893.zip
3 files changed, 101 insertions, 0 deletions
diff --git a/server/controllers/index.ts b/server/controllers/index.ts
index ff7928312..197fa897a 100644
--- a/server/controllers/index.ts
+++ b/server/controllers/index.ts
@@ -5,3 +5,4 @@ export * from './feeds'
 export * from './services'
 export * from './static'
 export * from './webfinger'
+export * from './tracker'
diff --git a/server/controllers/tracker.ts b/server/controllers/tracker.ts
new file mode 100644
index 000000000..42f5aea81
--- /dev/null
+++ b/server/controllers/tracker.ts
@@ -0,0 +1,91 @@
+import { logger } from '../helpers/logger'
+import * as express from 'express'
+import * as http from 'http'
+import * as bitTorrentTracker from 'bittorrent-tracker'
+import * as proxyAddr from 'proxy-addr'
+import { Server as WebSocketServer } from 'ws'
+import { CONFIG, TRACKER_RATE_LIMITS } from '../initializers/constants'
+const TrackerServer = bitTorrentTracker.Server
+const trackerRouter = express.Router()
+let peersIps = {}
+let peersIpInfoHash = {}
+runPeersChecker()
+const trackerServer = new TrackerServer({
+  http: false,
+  udp: false,
+  ws: false,
+  dht: false,
+  filter: function (infoHash, params, cb) {
+    let ip: string
+    if (params.type === 'ws') {
+      ip = params.socket.ip
+    } else {
+      ip = params.httpReq.ip
+    }
+    const key = ip + '-' + infoHash
+    peersIps[ip] = peersIps[ip] ? peersIps[ip] + 1 : 1
+    peersIpInfoHash[key] = peersIpInfoHash[key] ? peersIpInfoHash[key] + 1 : 1
+    if (peersIpInfoHash[key] > TRACKER_RATE_LIMITS.ANNOUNCES_PER_IP_PER_INFOHASH) {
+      return cb(new Error(`Too many requests (${peersIpInfoHash[ key ]} of ip ${ip} for torrent ${infoHash}`))
+    }
+    return cb()
+  }
+})
+trackerServer.on('error', function (err) {
+  logger.error('Error in tracker.', { err })
+})
+trackerServer.on('warning', function (err) {
+  logger.warn('Warning in tracker.', { err })
+})
+const onHttpRequest = trackerServer.onHttpRequest.bind(trackerServer)
+trackerRouter.get('/tracker/announce', (req, res) => onHttpRequest(req, res, { action: 'announce' }))
+trackerRouter.get('/tracker/scrape', (req, res) => onHttpRequest(req, res, { action: 'scrape' }))
+function createWebsocketServer (app: express.Application) {
+  const server = http.createServer(app)
+  const wss = new WebSocketServer({ server: server, path: '/tracker/socket' })
+  wss.on('connection', function (ws, req) {
+    const ip = proxyAddr(req, CONFIG.TRUST_PROXY)
+    ws['ip'] = ip
+    trackerServer.onWebSocketConnection(ws)
+  })
+  return server
+}
+// ---------------------------------------------------------------------------
+export {
+  trackerRouter,
+  createWebsocketServer
+}
+// ---------------------------------------------------------------------------
+function runPeersChecker () {
+  setInterval(() => {
+    logger.debug('Checking peers.')
+    for (const ip of Object.keys(peersIpInfoHash)) {
+      if (peersIps[ip] > TRACKER_RATE_LIMITS.ANNOUNCES_PER_IP) {
+        logger.warn('Peer %s made abnormal requests (%d).', ip, peersIps[ip])
+      }
+    }
+    peersIpInfoHash = {}
+    peersIps = {}
+  }, TRACKER_RATE_LIMITS.INTERVAL)
+}
diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts
index 53902071c..4e1c8dda7 100644
--- a/server/initializers/constants.ts
+++ b/server/initializers/constants.ts
@@ -450,6 +450,14 @@ const FEEDS = {
 // ---------------------------------------------------------------------------
+const TRACKER_RATE_LIMITS = {
+  INTERVAL: 60000 * 5, // 5 minutes
+  ANNOUNCES_PER_IP_PER_INFOHASH: 10, // maximum announces per torrent in the interval
+  ANNOUNCES_PER_IP: 30 // maximum announces for all our torrents in the interval
+}
+// ---------------------------------------------------------------------------
 // Special constants for a test instance
 if (isTestInstance() === true) {
  ACTOR_FOLLOW_SCORE.BASE = 20
@@ -482,6 +490,7 @@ export {
  AVATARS_SIZE,
  ACCEPT_HEADERS,
  BCRYPT_SALT_SIZE,
+  TRACKER_RATE_LIMITS,
  CACHE,
  CONFIG,
  CONSTRAINTS_FIELDS,
author	Chocobozzz <me@florianbigard.com>	2018-06-26 16:53:24 +0200
committer	Chocobozzz <me@florianbigard.com>	2018-06-26 16:53:43 +0200
commit	9b67da3d9bc951c624f17dce7821036f8518d893 (patch)
tree	91de299c2eb45a12b0c775b085c5f7a13dc16f71 /server
parent	11fa7d392a21fe73dd235375b89c554e9b5ba18c (diff)
download	PeerTube-9b67da3d9bc951c624f17dce7821036f8518d893.tar.gz PeerTube-9b67da3d9bc951c624f17dce7821036f8518d893.tar.zst PeerTube-9b67da3d9bc951c624f17dce7821036f8518d893.zip

diff --git a/server/controllers/index.ts b/server/controllers/index.ts index ff7928312..197fa897a 100644 --- a/server/controllers/index.ts +++ b/server/controllers/index.ts
@@ -5,3 +5,4 @@ export * from './feeds'
5	export * from './services'	5	export * from './services'
6	export * from './static'	6	export * from './static'
7	export * from './webfinger'	7	export * from './webfinger'
		8	export * from './tracker'


diff --git a/server/controllers/tracker.ts b/server/controllers/tracker.ts new file mode 100644 index 000000000..42f5aea81 --- /dev/null +++ b/server/controllers/tracker.ts
@@ -0,0 +1,91 @@
		1	import { logger } from '../helpers/logger'
		2	import * as express from 'express'
		3	import * as http from 'http'
		4	import * as bitTorrentTracker from 'bittorrent-tracker'
		5	import * as proxyAddr from 'proxy-addr'
		6	import { Server as WebSocketServer } from 'ws'
		7	import { CONFIG, TRACKER_RATE_LIMITS } from '../initializers/constants'
		8
		9	const TrackerServer = bitTorrentTracker.Server
		10
		11	const trackerRouter = express.Router()
		12
		13	let peersIps = {}
		14	let peersIpInfoHash = {}
		15	runPeersChecker()
		16
		17	const trackerServer = new TrackerServer({
		18	http: false,
		19	udp: false,
		20	ws: false,
		21	dht: false,
		22	filter: function (infoHash, params, cb) {
		23	let ip: string
		24
		25	if (params.type === 'ws') {
		26	ip = params.socket.ip
		27	} else {
		28	ip = params.httpReq.ip
		29	}
		30
		31	const key = ip + '-' + infoHash
		32
		33	peersIps[ip] = peersIps[ip] ? peersIps[ip] + 1 : 1
		34	peersIpInfoHash[key] = peersIpInfoHash[key] ? peersIpInfoHash[key] + 1 : 1
		35
		36	if (peersIpInfoHash[key] > TRACKER_RATE_LIMITS.ANNOUNCES_PER_IP_PER_INFOHASH) {
		37	return cb(new Error(`Too many requests (${peersIpInfoHash[ key ]} of ip ${ip} for torrent ${infoHash}`))
		38	}
		39
		40	return cb()
		41	}
		42	})
		43
		44	trackerServer.on('error', function (err) {
		45	logger.error('Error in tracker.', { err })
		46	})
		47
		48	trackerServer.on('warning', function (err) {
		49	logger.warn('Warning in tracker.', { err })
		50	})
		51
		52	const onHttpRequest = trackerServer.onHttpRequest.bind(trackerServer)
		53	trackerRouter.get('/tracker/announce', (req, res) => onHttpRequest(req, res, { action: 'announce' }))
		54	trackerRouter.get('/tracker/scrape', (req, res) => onHttpRequest(req, res, { action: 'scrape' }))
		55
		56	function createWebsocketServer (app: express.Application) {
		57	const server = http.createServer(app)
		58	const wss = new WebSocketServer({ server: server, path: '/tracker/socket' })
		59	wss.on('connection', function (ws, req) {
		60	const ip = proxyAddr(req, CONFIG.TRUST_PROXY)
		61	ws['ip'] = ip
		62
		63	trackerServer.onWebSocketConnection(ws)
		64	})
		65
		66	return server
		67	}
		68
		69	// ---------------------------------------------------------------------------
		70
		71	export {
		72	trackerRouter,
		73	createWebsocketServer
		74	}
		75
		76	// ---------------------------------------------------------------------------
		77
		78	function runPeersChecker () {
		79	setInterval(() => {
		80	logger.debug('Checking peers.')
		81
		82	for (const ip of Object.keys(peersIpInfoHash)) {
		83	if (peersIps[ip] > TRACKER_RATE_LIMITS.ANNOUNCES_PER_IP) {
		84	logger.warn('Peer %s made abnormal requests (%d).', ip, peersIps[ip])
		85	}
		86	}
		87
		88	peersIpInfoHash = {}
		89	peersIps = {}
		90	}, TRACKER_RATE_LIMITS.INTERVAL)
		91	}


diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts index 53902071c..4e1c8dda7 100644 --- a/server/initializers/constants.ts +++ b/server/initializers/constants.ts
@@ -450,6 +450,14 @@ const FEEDS = {
450		450
451	// ---------------------------------------------------------------------------	451	// ---------------------------------------------------------------------------
452		452
		453	const TRACKER_RATE_LIMITS = {
		454	INTERVAL: 60000 * 5, // 5 minutes
		455	ANNOUNCES_PER_IP_PER_INFOHASH: 10, // maximum announces per torrent in the interval
		456	ANNOUNCES_PER_IP: 30 // maximum announces for all our torrents in the interval
		457	}
		458
		459	// ---------------------------------------------------------------------------
		460
453	// Special constants for a test instance	461	// Special constants for a test instance
454	if (isTestInstance() === true) {	462	if (isTestInstance() === true) {
455	ACTOR_FOLLOW_SCORE.BASE = 20	463	ACTOR_FOLLOW_SCORE.BASE = 20
@@ -482,6 +490,7 @@ export {
482	AVATARS_SIZE,	490	AVATARS_SIZE,
483	ACCEPT_HEADERS,	491	ACCEPT_HEADERS,
484	BCRYPT_SALT_SIZE,	492	BCRYPT_SALT_SIZE,
		493	TRACKER_RATE_LIMITS,
485	CACHE,	494	CACHE,
486	CONFIG,	495	CONFIG,
487	CONSTRAINTS_FIELDS,	496	CONSTRAINTS_FIELDS,