spee.ch/server/routes/api/index.js

const fs = require('fs');

// middleware
const multipartMiddleware = require('../../middleware/multipartMiddleware');
const torCheckMiddleware = require('../../middleware/torCheckMiddleware');
// route handlers
const channelAvailability = require('../../controllers/api/channel/availability');
const channelClaims = require('../../controllers/api/channel/claims');
const channelData = require('../../controllers/api/channel/data');
const channelShortId = require('../../controllers/api/channel/shortId');
const claimAvailability = require('../../controllers/api/claim/availability');
const claimData = require('../../controllers/api/claim/data/');
const claimGet = require('../../controllers/api/claim/get');
const claimList = require('../../controllers/api/claim/list');
const claimLongId = require('../../controllers/api/claim/longId');
const claimPublish = require('../../controllers/api/claim/publish');
const claimResolve = require('../../controllers/api/claim/resolve');
const claimShortId = require('../../controllers/api/claim/shortId');
const fileAvailability = require('../../controllers/api/file/availability');
const userPassword = require('../../controllers/api/user/password');
const publishingConfig = require('../../controllers/api/config/site/publishing');
const getTorList = require('../../controllers/api/tor');
const getBlockedList = require('../../controllers/api/blocked');
const getOEmbedData = require('../../controllers/api/oEmbed');

const logger = require('winston');
const ipBanFile = '../../../config/ipBan.txt';
const forbiddenMessage = '<h1>Forbidden</h1>If you are seeing this by mistake, please contact us using <a href="https://chat.lbry.io/">https://chat.lbry.io/</a>';

let ipCounts = {};
let blockedAddresses = [];

if(fs.existsSync(ipBanFile)) {
  const lineReader = require('readline').createInterface({
    input: require('fs').createReadStream(ipBanFile),
  });

  lineReader.on('line', (line) => {
    if(line && line !== '') {
      blockedAddresses.push(line);
    }
  });
}

const autoblockPublishMiddleware = (req, res, next) => {
  let ip = (req.headers['x-forwarded-for'] || req.connection.remoteAddress).split(/,\s?/)[0];

  if(blockedAddresses.indexOf(ip) !== -1) {
    res.status(403).send(forbiddenMessage);
    res.end();

    return;
  }

  let count = ipCounts[ip] = (ipCounts[ip] || 0) + 1;

  setTimeout(() => {
    ipCounts[ip]--;
    if(ipCounts[ip] === 0) {
      delete ipCounts[ip];
    }
  }, 600000 /* 10 minute retainer */)

  if(count === 10) {
    logger.error(`Banning IP: ${ip}`);
    blockedAddresses.push(ip);
    res.status(403).send(forbiddenMessage);
    res.end();

    fs.appendFile(ipBanFile, ip + '\n', () => {});
  } else {
    next();
  }
}

module.exports = {
  // homepage routes
  '/api/homepage/data/channels': { controller: [ torCheckMiddleware, channelData ] },

  // channel routes
  '/api/channel/availability/:name': { controller: [ torCheckMiddleware, channelAvailability ] },
  '/api/channel/short-id/:longId/:name': { controller: [ torCheckMiddleware, channelShortId ] },
  '/api/channel/data/:channelName/:channelClaimId': { controller: [ torCheckMiddleware, channelData ] },
  '/api/channel/data/:channelName/:channelClaimId': { controller: [ torCheckMiddleware, channelData ] },
  '/api/channel/claims/:channelName/:channelClaimId/:page': { controller: [ torCheckMiddleware, channelClaims ] },
  // claim routes
  '/api/claim/availability/:name': { controller: [ torCheckMiddleware, claimAvailability ] },
  '/api/claim/data/:claimName/:claimId': { controller: [ torCheckMiddleware, claimData ] },
  '/api/claim/get/:name/:claimId': { controller: [ torCheckMiddleware, claimGet ] },
  '/api/claim/list/:name': { controller: [ torCheckMiddleware, claimList ] },
  '/api/claim/long-id': { method: 'post', controller: [ torCheckMiddleware, claimLongId ] }, // note: should be a 'get'
  '/api/claim/publish': { method: 'post', controller: [ torCheckMiddleware, autoblockPublishMiddleware, multipartMiddleware, claimPublish ] },
  '/api/claim/resolve/:name/:claimId': { controller: [ torCheckMiddleware, claimResolve ] },
  '/api/claim/short-id/:longId/:name': { controller: [ torCheckMiddleware, claimShortId ] },
  // file routes
  '/api/file/availability/:name/:claimId': { controller: [ torCheckMiddleware, fileAvailability ] },
  // user routes
  '/api/user/password/': { method: 'put', controller: [ torCheckMiddleware, userPassword ] },
  // configs
  '/api/config/site/publishing': { controller: [ torCheckMiddleware, publishingConfig ] },
  // tor
  '/api/tor': { controller: [ torCheckMiddleware, getTorList ] },
  // blocked
  '/api/blocked': { controller: [ torCheckMiddleware, getBlockedList ] },
  // open embed
  '/api/oembed': { controller: [ torCheckMiddleware, getOEmbedData ] },
};
Build persisting IP block lists 2018-10-20 10:23:46 +02:00			`const fs = require('fs');`

updated startup to refresh blocked list 2018-06-28 22:16:48 +02:00			`// middleware`
			`const multipartMiddleware = require('../../middleware/multipartMiddleware');`
			`const torCheckMiddleware = require('../../middleware/torCheckMiddleware');`
			`// route handlers`
organized api controllers and helpers 2018-04-27 18:54:36 +02:00			`const channelAvailability = require('../../controllers/api/channel/availability');`
			`const channelClaims = require('../../controllers/api/channel/claims');`
			`const channelData = require('../../controllers/api/channel/data');`
			`const channelShortId = require('../../controllers/api/channel/shortId');`
			`const claimAvailability = require('../../controllers/api/claim/availability');`
			`const claimData = require('../../controllers/api/claim/data/');`
			`const claimGet = require('../../controllers/api/claim/get');`
added api endpoint to trigger blocked-list refresh 2018-04-30 00:30:11 +02:00			`const claimList = require('../../controllers/api/claim/list');`
organized api controllers and helpers 2018-04-27 18:54:36 +02:00			`const claimLongId = require('../../controllers/api/claim/longId');`
			`const claimPublish = require('../../controllers/api/claim/publish');`
			`const claimResolve = require('../../controllers/api/claim/resolve');`
			`const claimShortId = require('../../controllers/api/claim/shortId');`
			`const fileAvailability = require('../../controllers/api/file/availability');`
added route and controller for updating user password 2018-05-31 03:52:13 +02:00			`const userPassword = require('../../controllers/api/user/password');`
added a route to return publishing configs 2018-06-23 23:12:50 +02:00			`const publishingConfig = require('../../controllers/api/config/site/publishing');`
added an endpoint to update tor node list 2018-06-28 02:30:26 +02:00			`const getTorList = require('../../controllers/api/tor');`
updated startup to refresh blocked list 2018-06-28 22:16:48 +02:00			`const getBlockedList = require('../../controllers/api/blocked');`
fixed regex and oebed url creator 2018-07-28 00:56:56 +02:00			`const getOEmbedData = require('../../controllers/api/oEmbed');`
updated api and asset route folders 2018-03-29 02:35:41 +02:00
Fix IP ban and add logging 2018-10-19 21:36:18 +02:00			`const logger = require('winston');`
Build persisting IP block lists 2018-10-20 10:23:46 +02:00			`const ipBanFile = '../../../config/ipBan.txt';`
Temporary anti-spam solution 2018-10-18 19:05:01 +02:00			`const forbiddenMessage = '<h1>Forbidden</h1>If you are seeing this by mistake, please contact us using <a href="https://chat.lbry.io/">https://chat.lbry.io/</a>';`

			`let ipCounts = {};`
			`let blockedAddresses = [];`

Build persisting IP block lists 2018-10-20 10:23:46 +02:00			`if(fs.existsSync(ipBanFile)) {`
			`const lineReader = require('readline').createInterface({`
			`input: require('fs').createReadStream(ipBanFile),`
			`});`

			`lineReader.on('line', (line) => {`
			`if(line && line !== '') {`
			`blockedAddresses.push(line);`
			`}`
			`});`
			`}`

Temporary anti-spam solution 2018-10-18 19:05:01 +02:00			`const autoblockPublishMiddleware = (req, res, next) => {`
Fix IP ban and add logging 2018-10-19 21:36:18 +02:00			`let ip = (req.headers['x-forwarded-for'] \|\| req.connection.remoteAddress).split(/,\s?/)[0];`
Temporary anti-spam solution 2018-10-18 19:05:01 +02:00
			`if(blockedAddresses.indexOf(ip) !== -1) {`
			`res.status(403).send(forbiddenMessage);`
			`res.end();`

			`return;`
			`}`

			`let count = ipCounts[ip] = (ipCounts[ip] \|\| 0) + 1;`

			`setTimeout(() => {`
			`ipCounts[ip]--;`
			`if(ipCounts[ip] === 0) {`
			`delete ipCounts[ip];`
			`}`
			`}, 600000 /* 10 minute retainer */)`

			`if(count === 10) {`
Fix IP ban and add logging 2018-10-19 21:36:18 +02:00			logger.error(`Banning IP: ${ip}`);
Temporary anti-spam solution 2018-10-18 19:05:01 +02:00			`blockedAddresses.push(ip);`
			`res.status(403).send(forbiddenMessage);`
			`res.end();`
Build persisting IP block lists 2018-10-20 10:23:46 +02:00
			`fs.appendFile(ipBanFile, ip + '\n', () => {});`
Temporary anti-spam solution 2018-10-18 19:05:01 +02:00			`} else {`
			`next();`
			`}`
			`}`

Add context & dynamic route sagas, req for Osprey features 2018-09-28 05:56:10 +02:00			`module.exports = {`
Fix chainquery bugs and add initial metrics implementation 2018-10-09 02:02:05 +02:00			`// homepage routes`
			`'/api/homepage/data/channels': { controller: [ torCheckMiddleware, channelData ] },`

fixed api and assets routes 2018-03-29 20:24:52 +02:00			`// channel routes`
Add context & dynamic route sagas, req for Osprey features 2018-09-28 05:56:10 +02:00			`'/api/channel/availability/:name': { controller: [ torCheckMiddleware, channelAvailability ] },`
			`'/api/channel/short-id/:longId/:name': { controller: [ torCheckMiddleware, channelShortId ] },`
			`'/api/channel/data/:channelName/:channelClaimId': { controller: [ torCheckMiddleware, channelData ] },`
Fix chainquery bugs and add initial metrics implementation 2018-10-09 02:02:05 +02:00			`'/api/channel/data/:channelName/:channelClaimId': { controller: [ torCheckMiddleware, channelData ] },`
Add context & dynamic route sagas, req for Osprey features 2018-09-28 05:56:10 +02:00			`'/api/channel/claims/:channelName/:channelClaimId/:page': { controller: [ torCheckMiddleware, channelClaims ] },`
fixed api and assets routes 2018-03-29 20:24:52 +02:00			`// claim routes`
Add context & dynamic route sagas, req for Osprey features 2018-09-28 05:56:10 +02:00			`'/api/claim/availability/:name': { controller: [ torCheckMiddleware, claimAvailability ] },`
			`'/api/claim/data/:claimName/:claimId': { controller: [ torCheckMiddleware, claimData ] },`
			`'/api/claim/get/:name/:claimId': { controller: [ torCheckMiddleware, claimGet ] },`
			`'/api/claim/list/:name': { controller: [ torCheckMiddleware, claimList ] },`
			`'/api/claim/long-id': { method: 'post', controller: [ torCheckMiddleware, claimLongId ] }, // note: should be a 'get'`
Temporary anti-spam solution 2018-10-18 19:05:01 +02:00			`'/api/claim/publish': { method: 'post', controller: [ torCheckMiddleware, autoblockPublishMiddleware, multipartMiddleware, claimPublish ] },`
Add context & dynamic route sagas, req for Osprey features 2018-09-28 05:56:10 +02:00			`'/api/claim/resolve/:name/:claimId': { controller: [ torCheckMiddleware, claimResolve ] },`
			`'/api/claim/short-id/:longId/:name': { controller: [ torCheckMiddleware, claimShortId ] },`
fixed api and assets routes 2018-03-29 20:24:52 +02:00			`// file routes`
Add context & dynamic route sagas, req for Osprey features 2018-09-28 05:56:10 +02:00			`'/api/file/availability/:name/:claimId': { controller: [ torCheckMiddleware, fileAvailability ] },`
added route and controller for updating user password 2018-05-31 03:52:13 +02:00			`// user routes`
Add context & dynamic route sagas, req for Osprey features 2018-09-28 05:56:10 +02:00			`'/api/user/password/': { method: 'put', controller: [ torCheckMiddleware, userPassword ] },`
added a route to return publishing configs 2018-06-23 23:12:50 +02:00			`// configs`
Add context & dynamic route sagas, req for Osprey features 2018-09-28 05:56:10 +02:00			`'/api/config/site/publishing': { controller: [ torCheckMiddleware, publishingConfig ] },`
added an endpoint to update tor node list 2018-06-28 02:30:26 +02:00			`// tor`
Add context & dynamic route sagas, req for Osprey features 2018-09-28 05:56:10 +02:00			`'/api/tor': { controller: [ torCheckMiddleware, getTorList ] },`
updated startup to refresh blocked list 2018-06-28 22:16:48 +02:00			`// blocked`
Add context & dynamic route sagas, req for Osprey features 2018-09-28 05:56:10 +02:00			`'/api/blocked': { controller: [ torCheckMiddleware, getBlockedList ] },`
fixed regex and oebed url creator 2018-07-28 00:56:56 +02:00			`// open embed`
Add context & dynamic route sagas, req for Osprey features 2018-09-28 05:56:10 +02:00			`'/api/oembed': { controller: [ torCheckMiddleware, getOEmbedData ] },`
updated api and asset route folders 2018-03-29 02:35:41 +02:00			`};`