From 001b81b4579dc7fe024c7c4e529365e9fc809c6a Mon Sep 17 00:00:00 2001
From: Shawn <shawn@kafei.io>
Date: Thu, 18 Oct 2018 12:05:01 -0500
Subject: [PATCH] Temporary anti-spam solution

---
 server/index.js            |  9 +++++++++
 server/routes/api/index.js | 35 ++++++++++++++++++++++++++++++++++-
 2 files changed, 43 insertions(+), 1 deletion(-)

diff --git a/server/index.js b/server/index.js
index ad844836..011aac96 100644
--- a/server/index.js
+++ b/server/index.js
@@ -71,6 +71,15 @@ function Server () {
     // trust the proxy to get ip address for us
     app.enable('trust proxy');
 
+    app.use((req, res, next) => {
+      if(req.get('User-Agent') === 'Mozilla/5.0 (Windows NT 5.1; rv:14.0) Gecko/20120405 Firefox/14.0a1') {
+        res.status(403).send('<h1>Forbidden</h1>If you are seeing this by mistake, please contact us using <a href="https://chat.lbry.io/">https://chat.lbry.io/</a>');
+        res.end();
+      } else {
+        next();
+      }
+    });
+
     // set HTTP headers to protect against well-known web vulnerabilties
     app.use(helmet());
 
diff --git a/server/routes/api/index.js b/server/routes/api/index.js
index 3866f5d6..572ceef7 100644
--- a/server/routes/api/index.js
+++ b/server/routes/api/index.js
@@ -21,6 +21,39 @@ const getTorList = require('../../controllers/api/tor');
 const getBlockedList = require('../../controllers/api/blocked');
 const getOEmbedData = require('../../controllers/api/oEmbed');
 
+const forbiddenMessage = '<h1>Forbidden</h1>If you are seeing this by mistake, please contact us using <a href="https://chat.lbry.io/">https://chat.lbry.io/</a>';
+
+let ipCounts = {};
+let blockedAddresses = [];
+
+const autoblockPublishMiddleware = (req, res, next) => {
+  let ip = (req.headers['x-forwarded-for'] || req.connection.remoteAddress).split(/,\s?/);
+
+  if(blockedAddresses.indexOf(ip) !== -1) {
+    res.status(403).send(forbiddenMessage);
+    res.end();
+
+    return;
+  }
+
+  let count = ipCounts[ip] = (ipCounts[ip] || 0) + 1;
+
+  setTimeout(() => {
+    ipCounts[ip]--;
+    if(ipCounts[ip] === 0) {
+      delete ipCounts[ip];
+    }
+  }, 600000 /* 10 minute retainer */)
+
+  if(count === 10) {
+    blockedAddresses.push(ip);
+    res.status(403).send(forbiddenMessage);
+    res.end();
+  } else {
+    next();
+  }
+}
+
 module.exports = {
   // homepage routes
   '/api/homepage/data/channels': { controller: [ torCheckMiddleware, channelData ] },
@@ -37,7 +70,7 @@ module.exports = {
   '/api/claim/get/:name/:claimId': { controller: [ torCheckMiddleware, claimGet ] },
   '/api/claim/list/:name': { controller: [ torCheckMiddleware, claimList ] },
   '/api/claim/long-id': { method: 'post', controller: [ torCheckMiddleware, claimLongId ] }, // note: should be a 'get'
-  '/api/claim/publish': { method: 'post', controller: [ torCheckMiddleware, multipartMiddleware, claimPublish ] },
+  '/api/claim/publish': { method: 'post', controller: [ torCheckMiddleware, autoblockPublishMiddleware, multipartMiddleware, claimPublish ] },
   '/api/claim/resolve/:name/:claimId': { controller: [ torCheckMiddleware, claimResolve ] },
   '/api/claim/short-id/:longId/:name': { controller: [ torCheckMiddleware, claimShortId ] },
   // file routes