From 2cd5accf8bf512e0424c9ea0297746b3db36507d Mon Sep 17 00:00:00 2001 From: Shawn Date: Fri, 19 Oct 2018 14:36:18 -0500 Subject: [PATCH 1/3] Fix IP ban and add logging --- server/routes/api/index.js | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/server/routes/api/index.js b/server/routes/api/index.js index 572ceef7..f42cd0b9 100644 --- a/server/routes/api/index.js +++ b/server/routes/api/index.js @@ -21,15 +21,18 @@ const getTorList = require('../../controllers/api/tor'); const getBlockedList = require('../../controllers/api/blocked'); const getOEmbedData = require('../../controllers/api/oEmbed'); +const logger = require('winston'); + const forbiddenMessage = '

Forbidden

If you are seeing this by mistake, please contact us using https://chat.lbry.io/'; let ipCounts = {}; let blockedAddresses = []; const autoblockPublishMiddleware = (req, res, next) => { - let ip = (req.headers['x-forwarded-for'] || req.connection.remoteAddress).split(/,\s?/); + let ip = (req.headers['x-forwarded-for'] || req.connection.remoteAddress).split(/,\s?/)[0]; if(blockedAddresses.indexOf(ip) !== -1) { + logger.warn(`Banned IP publish attempt: ${ip}`); res.status(403).send(forbiddenMessage); res.end(); @@ -46,6 +49,7 @@ const autoblockPublishMiddleware = (req, res, next) => { }, 600000 /* 10 minute retainer */) if(count === 10) { + logger.error(`Banning IP: ${ip}`); blockedAddresses.push(ip); res.status(403).send(forbiddenMessage); res.end(); From 1e607d2b8a37a1f4e27038d5d5e3473a9d6d3f49 Mon Sep 17 00:00:00 2001 From: Shawn Date: Sat, 20 Oct 2018 03:23:46 -0500 Subject: [PATCH 2/3] Build persisting IP block lists --- server/routes/api/index.js | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/server/routes/api/index.js b/server/routes/api/index.js index f42cd0b9..b4c31df9 100644 --- a/server/routes/api/index.js +++ b/server/routes/api/index.js @@ -1,3 +1,5 @@ +const fs = require('fs'); + // middleware const multipartMiddleware = require('../../middleware/multipartMiddleware'); const torCheckMiddleware = require('../../middleware/torCheckMiddleware'); @@ -22,17 +24,28 @@ const getBlockedList = require('../../controllers/api/blocked'); const getOEmbedData = require('../../controllers/api/oEmbed'); const logger = require('winston'); - +const ipBanFile = '../../../config/ipBan.txt'; const forbiddenMessage = '

Forbidden

If you are seeing this by mistake, please contact us using https://chat.lbry.io/'; let ipCounts = {}; let blockedAddresses = []; +if(fs.existsSync(ipBanFile)) { + const lineReader = require('readline').createInterface({ + input: require('fs').createReadStream(ipBanFile), + }); + + lineReader.on('line', (line) => { + if(line && line !== '') { + blockedAddresses.push(line); + } + }); +} + const autoblockPublishMiddleware = (req, res, next) => { let ip = (req.headers['x-forwarded-for'] || req.connection.remoteAddress).split(/,\s?/)[0]; if(blockedAddresses.indexOf(ip) !== -1) { - logger.warn(`Banned IP publish attempt: ${ip}`); res.status(403).send(forbiddenMessage); res.end(); @@ -53,6 +66,8 @@ const autoblockPublishMiddleware = (req, res, next) => { blockedAddresses.push(ip); res.status(403).send(forbiddenMessage); res.end(); + + fs.appendFile(ipBanFile, ip + '\n', () => {}); } else { next(); } From 33b9aa4dff07a331667a7fc348653733e1e62214 Mon Sep 17 00:00:00 2001 From: Shawn Date: Sat, 20 Oct 2018 03:44:25 -0500 Subject: [PATCH 3/3] Fix ban config file path --- server/routes/api/index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/routes/api/index.js b/server/routes/api/index.js index b4c31df9..7b5e9806 100644 --- a/server/routes/api/index.js +++ b/server/routes/api/index.js @@ -24,7 +24,7 @@ const getBlockedList = require('../../controllers/api/blocked'); const getOEmbedData = require('../../controllers/api/oEmbed'); const logger = require('winston'); -const ipBanFile = '../../../config/ipBan.txt'; +const ipBanFile = './config/ipBan.txt'; const forbiddenMessage = '

Forbidden

If you are seeing this by mistake, please contact us using https://chat.lbry.io/'; let ipCounts = {};