From 9b67da3d9bc951c624f17dce7821036f8518d893 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Tue, 26 Jun 2018 16:53:24 +0200 Subject: Add tracker rate limiter --- server/controllers/index.ts | 1 + server/controllers/tracker.ts | 91 ++++++++++++++++++++++++++++++++++++++++ server/initializers/constants.ts | 9 ++++ 3 files changed, 101 insertions(+) create mode 100644 server/controllers/tracker.ts (limited to 'server') diff --git a/server/controllers/index.ts b/server/controllers/index.ts index ff7928312..197fa897a 100644 --- a/server/controllers/index.ts +++ b/server/controllers/index.ts @@ -5,3 +5,4 @@ export * from './feeds' export * from './services' export * from './static' export * from './webfinger' +export * from './tracker' diff --git a/server/controllers/tracker.ts b/server/controllers/tracker.ts new file mode 100644 index 000000000..42f5aea81 --- /dev/null +++ b/server/controllers/tracker.ts @@ -0,0 +1,91 @@ +import { logger } from '../helpers/logger' +import * as express from 'express' +import * as http from 'http' +import * as bitTorrentTracker from 'bittorrent-tracker' +import * as proxyAddr from 'proxy-addr' +import { Server as WebSocketServer } from 'ws' +import { CONFIG, TRACKER_RATE_LIMITS } from '../initializers/constants' + +const TrackerServer = bitTorrentTracker.Server + +const trackerRouter = express.Router() + +let peersIps = {} +let peersIpInfoHash = {} +runPeersChecker() + +const trackerServer = new TrackerServer({ + http: false, + udp: false, + ws: false, + dht: false, + filter: function (infoHash, params, cb) { + let ip: string + + if (params.type === 'ws') { + ip = params.socket.ip + } else { + ip = params.httpReq.ip + } + + const key = ip + '-' + infoHash + + peersIps[ip] = peersIps[ip] ? peersIps[ip] + 1 : 1 + peersIpInfoHash[key] = peersIpInfoHash[key] ? peersIpInfoHash[key] + 1 : 1 + + if (peersIpInfoHash[key] > TRACKER_RATE_LIMITS.ANNOUNCES_PER_IP_PER_INFOHASH) { + return cb(new Error(`Too many requests (${peersIpInfoHash[ key ]} of ip ${ip} for torrent ${infoHash}`)) + } + + return cb() + } +}) + +trackerServer.on('error', function (err) { + logger.error('Error in tracker.', { err }) +}) + +trackerServer.on('warning', function (err) { + logger.warn('Warning in tracker.', { err }) +}) + +const onHttpRequest = trackerServer.onHttpRequest.bind(trackerServer) +trackerRouter.get('/tracker/announce', (req, res) => onHttpRequest(req, res, { action: 'announce' })) +trackerRouter.get('/tracker/scrape', (req, res) => onHttpRequest(req, res, { action: 'scrape' })) + +function createWebsocketServer (app: express.Application) { + const server = http.createServer(app) + const wss = new WebSocketServer({ server: server, path: '/tracker/socket' }) + wss.on('connection', function (ws, req) { + const ip = proxyAddr(req, CONFIG.TRUST_PROXY) + ws['ip'] = ip + + trackerServer.onWebSocketConnection(ws) + }) + + return server +} + +// --------------------------------------------------------------------------- + +export { + trackerRouter, + createWebsocketServer +} + +// --------------------------------------------------------------------------- + +function runPeersChecker () { + setInterval(() => { + logger.debug('Checking peers.') + + for (const ip of Object.keys(peersIpInfoHash)) { + if (peersIps[ip] > TRACKER_RATE_LIMITS.ANNOUNCES_PER_IP) { + logger.warn('Peer %s made abnormal requests (%d).', ip, peersIps[ip]) + } + } + + peersIpInfoHash = {} + peersIps = {} + }, TRACKER_RATE_LIMITS.INTERVAL) +} diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts index 53902071c..4e1c8dda7 100644 --- a/server/initializers/constants.ts +++ b/server/initializers/constants.ts @@ -450,6 +450,14 @@ const FEEDS = { // --------------------------------------------------------------------------- +const TRACKER_RATE_LIMITS = { + INTERVAL: 60000 * 5, // 5 minutes + ANNOUNCES_PER_IP_PER_INFOHASH: 10, // maximum announces per torrent in the interval + ANNOUNCES_PER_IP: 30 // maximum announces for all our torrents in the interval +} + +// --------------------------------------------------------------------------- + // Special constants for a test instance if (isTestInstance() === true) { ACTOR_FOLLOW_SCORE.BASE = 20 @@ -482,6 +490,7 @@ export { AVATARS_SIZE, ACCEPT_HEADERS, BCRYPT_SALT_SIZE, + TRACKER_RATE_LIMITS, CACHE, CONFIG, CONSTRAINTS_FIELDS, -- cgit v1.2.3