From fdb399be9f23798d4f85093133ab8734a90fd01d Mon Sep 17 00:00:00 2001 From: Leo Balduf Date: Sun, 28 Feb 2016 09:39:55 +0100 Subject: [PATCH] middleware: added client blacklist/whitelist middlewares --- server/store/middleware/client/README.md | 25 +++++++++++++++ server/store/middleware/client/blacklist.go | 35 +++++++++++++++++++++ server/store/middleware/client/whitelist.go | 31 ++++++++++++++++++ 3 files changed, 91 insertions(+) create mode 100644 server/store/middleware/client/README.md create mode 100644 server/store/middleware/client/blacklist.go create mode 100644 server/store/middleware/client/whitelist.go diff --git a/server/store/middleware/client/README.md b/server/store/middleware/client/README.md new file mode 100644 index 0000000..aecca9a --- /dev/null +++ b/server/store/middleware/client/README.md @@ -0,0 +1,25 @@ +## Client Blacklisting/Whitelisting Middlewares + +This package provides the announce middlewares `client_whitelist` and `client_blacklist` for blacklisting or whitelisting clients for announces. + +### `client_blacklist` + +The `client_blacklist` middleware uses all clientIDs stored in the `ClientStore` to blacklist, i.e. block announces. + +The clientID part of the peerID of an announce is matched against the `ClientStore`, if it's contained within the `ClientStore`, the announce is aborted. + +### `client_whitelist` + +The `client_whitelist` middleware uses all clientIDs stored in the `ClientStore` to whitelist, i.e. allow announces. + +The clientID part of the peerID of an announce is matched against the `ClientStore`, if it's _not_ contained within the `ClientStore`, the announce is aborted. + +### Important things to notice + +Both middlewares operate on announce requests only. + +Both middlewares use the same `ClientStore`. +It is therefore not advised to have both the `client_blacklist` and the `client_whitelist` middleware running. +(If you add clientID to the `ClientStore`, it will be used for blacklisting and whitelisting. +If your store contains no clientIDs, no announces will be blocked by the blacklist, but all announces will be blocked by the whitelist. +If your store contains all clientIDs, no announces will be blocked by the whitelist, but all announces will be blocked by the blacklist.) \ No newline at end of file diff --git a/server/store/middleware/client/blacklist.go b/server/store/middleware/client/blacklist.go new file mode 100644 index 0000000..84f1182 --- /dev/null +++ b/server/store/middleware/client/blacklist.go @@ -0,0 +1,35 @@ +// Copyright 2016 The Chihaya Authors. All rights reserved. +// Use of this source code is governed by the BSD 2-Clause license, +// which can be found in the LICENSE file. + +package ip + +import ( + "github.com/chihaya/chihaya" + "github.com/chihaya/chihaya/config" + "github.com/chihaya/chihaya/server/store" + "github.com/chihaya/chihaya/tracker" +) + +func init() { + tracker.RegisterAnnounceMiddleware("client_blacklist", blacklistAnnounceClient) +} + +// ErrBlockedClient is returned by an announce middleware if the announcing +// Client is disallowed. +var ErrBlockedClient = tracker.ClientError("disallowed client") + +// blacklistAnnounceClient provides a middleware that only allows Clients to +// announce that are not stored in a ClientStore. +func blacklistAnnounceClient(next tracker.AnnounceHandler) tracker.AnnounceHandler { + return func(cfg *config.TrackerConfig, req *chihaya.AnnounceRequest, resp *chihaya.AnnounceResponse) error { + blacklisted, err := store.MustGetStore().FindClient(req.PeerID) + + if err != nil { + return err + } else if blacklisted { + return ErrBlockedClient + } + return next(cfg, req, resp) + } +} diff --git a/server/store/middleware/client/whitelist.go b/server/store/middleware/client/whitelist.go new file mode 100644 index 0000000..305c59c --- /dev/null +++ b/server/store/middleware/client/whitelist.go @@ -0,0 +1,31 @@ +// Copyright 2016 The Chihaya Authors. All rights reserved. +// Use of this source code is governed by the BSD 2-Clause license, +// which can be found in the LICENSE file. + +package ip + +import ( + "github.com/chihaya/chihaya" + "github.com/chihaya/chihaya/config" + "github.com/chihaya/chihaya/server/store" + "github.com/chihaya/chihaya/tracker" +) + +func init() { + tracker.RegisterAnnounceMiddleware("client_whitelist", whitelistAnnounceClient) +} + +// whitelistAnnounceClient provides a middleware that only allows Clients to +// announce that are stored in a ClientStore. +func whitelistAnnounceClient(next tracker.AnnounceHandler) tracker.AnnounceHandler { + return func(cfg *config.TrackerConfig, req *chihaya.AnnounceRequest, resp *chihaya.AnnounceResponse) error { + whitelisted, err := store.MustGetStore().FindClient(req.PeerID) + + if err != nil { + return err + } else if !whitelisted { + return ErrBlockedClient + } + return next(cfg, req, resp) + } +}