|
|
|
|
@ -1,73 +1,54 @@
|
|
|
|
|
'use strict';
|
|
|
|
|
|
|
|
|
|
var ipaddr = require('ipaddr.js');
|
|
|
|
|
var winston = require('winston');
|
|
|
|
|
var async = require('async');
|
|
|
|
|
var _ = require('lodash');
|
|
|
|
|
|
|
|
|
|
var db = require('../database');
|
|
|
|
|
var pubsub = require('../pubsub');
|
|
|
|
|
var plugins = require('../plugins');
|
|
|
|
|
var analytics = require('../analytics');
|
|
|
|
|
|
|
|
|
|
var Blacklist = module.exports;
|
|
|
|
|
Blacklist._rules = [];
|
|
|
|
|
|
|
|
|
|
Blacklist.load = function (callback) {
|
|
|
|
|
callback = callback || function () {};
|
|
|
|
|
|
|
|
|
|
async.waterfall([
|
|
|
|
|
Blacklist.get,
|
|
|
|
|
Blacklist.validate,
|
|
|
|
|
function (rules, next) {
|
|
|
|
|
winston.verbose('[meta/blacklist] Loading ' + rules.valid.length + ' blacklist rule(s)' + (rules.duplicateCount > 0 ? ', ignored ' + rules.duplicateCount + ' duplicate(s)' : ''));
|
|
|
|
|
if (rules.invalid.length) {
|
|
|
|
|
winston.warn('[meta/blacklist] ' + rules.invalid.length + ' invalid blacklist rule(s) were ignored.');
|
|
|
|
|
}
|
|
|
|
|
const ipaddr = require('ipaddr.js');
|
|
|
|
|
const winston = require('winston');
|
|
|
|
|
const _ = require('lodash');
|
|
|
|
|
|
|
|
|
|
const db = require('../database');
|
|
|
|
|
const pubsub = require('../pubsub');
|
|
|
|
|
const plugins = require('../plugins');
|
|
|
|
|
const analytics = require('../analytics');
|
|
|
|
|
|
|
|
|
|
const Blacklist = module.exports;
|
|
|
|
|
Blacklist._rules = {};
|
|
|
|
|
|
|
|
|
|
Blacklist.load = async function () {
|
|
|
|
|
let rules = await Blacklist.get();
|
|
|
|
|
rules = Blacklist.validate(rules);
|
|
|
|
|
|
|
|
|
|
Blacklist._rules = {
|
|
|
|
|
ipv4: rules.ipv4,
|
|
|
|
|
ipv6: rules.ipv6,
|
|
|
|
|
cidr: rules.cidr,
|
|
|
|
|
cidr6: rules.cidr6,
|
|
|
|
|
};
|
|
|
|
|
next();
|
|
|
|
|
},
|
|
|
|
|
], callback);
|
|
|
|
|
winston.verbose('[meta/blacklist] Loading ' + rules.valid.length + ' blacklist rule(s)' + (rules.duplicateCount > 0 ? ', ignored ' + rules.duplicateCount + ' duplicate(s)' : ''));
|
|
|
|
|
if (rules.invalid.length) {
|
|
|
|
|
winston.warn('[meta/blacklist] ' + rules.invalid.length + ' invalid blacklist rule(s) were ignored.');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Blacklist._rules = {
|
|
|
|
|
ipv4: rules.ipv4,
|
|
|
|
|
ipv6: rules.ipv6,
|
|
|
|
|
cidr: rules.cidr,
|
|
|
|
|
cidr6: rules.cidr6,
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
pubsub.on('blacklist:reload', Blacklist.load);
|
|
|
|
|
|
|
|
|
|
Blacklist.save = function (rules, callback) {
|
|
|
|
|
async.waterfall([
|
|
|
|
|
function (next) {
|
|
|
|
|
db.setObject('ip-blacklist-rules', { rules: rules }, next);
|
|
|
|
|
},
|
|
|
|
|
function (next) {
|
|
|
|
|
Blacklist.load(next);
|
|
|
|
|
pubsub.publish('blacklist:reload');
|
|
|
|
|
},
|
|
|
|
|
], callback);
|
|
|
|
|
Blacklist.save = async function (rules) {
|
|
|
|
|
await db.setObject('ip-blacklist-rules', { rules: rules });
|
|
|
|
|
await Blacklist.load();
|
|
|
|
|
pubsub.publish('blacklist:reload');
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
Blacklist.get = function (callback) {
|
|
|
|
|
async.waterfall([
|
|
|
|
|
function (next) {
|
|
|
|
|
db.getObject('ip-blacklist-rules', next);
|
|
|
|
|
},
|
|
|
|
|
function (data, next) {
|
|
|
|
|
next(null, data && data.rules);
|
|
|
|
|
},
|
|
|
|
|
], callback);
|
|
|
|
|
Blacklist.get = async function () {
|
|
|
|
|
const data = await db.getObject('ip-blacklist-rules');
|
|
|
|
|
return data && data.rules;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
Blacklist.test = function (clientIp, callback) {
|
|
|
|
|
Blacklist.test = async function (clientIp) {
|
|
|
|
|
// Some handy test addresses
|
|
|
|
|
// clientIp = '2001:db8:85a3:0:0:8a2e:370:7334'; // IPv6
|
|
|
|
|
// clientIp = '127.0.15.1'; // IPv4
|
|
|
|
|
// clientIp = '127.0.15.1:3443'; // IPv4 with port strip port to not fail
|
|
|
|
|
if (!clientIp) {
|
|
|
|
|
return setImmediate(callback);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
clientIp = clientIp.split(':').length === 2 ? clientIp.split(':')[0] : clientIp;
|
|
|
|
|
|
|
|
|
|
@ -76,7 +57,7 @@ Blacklist.test = function (clientIp, callback) {
|
|
|
|
|
addr = ipaddr.parse(clientIp);
|
|
|
|
|
} catch (err) {
|
|
|
|
|
winston.error('[meta/blacklist] Error parsing client IP : ' + clientIp);
|
|
|
|
|
return callback(err);
|
|
|
|
|
throw err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (
|
|
|
|
|
@ -90,26 +71,23 @@ Blacklist.test = function (clientIp, callback) {
|
|
|
|
|
return addr.match(cidr);
|
|
|
|
|
}) // not in a blacklisted IPv4 or IPv6 cidr range
|
|
|
|
|
) {
|
|
|
|
|
plugins.fireHook('filter:blacklist.test', { // To return test failure, pass back an error in callback
|
|
|
|
|
ip: clientIp,
|
|
|
|
|
}, function (err) {
|
|
|
|
|
if (err) {
|
|
|
|
|
analytics.increment('blacklist');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
callback(err);
|
|
|
|
|
});
|
|
|
|
|
try {
|
|
|
|
|
// To return test failure, pass back an error in callback
|
|
|
|
|
await plugins.fireHook('filter:blacklist.test', { ip: clientIp });
|
|
|
|
|
} catch (err) {
|
|
|
|
|
analytics.increment('blacklist');
|
|
|
|
|
throw err;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
var err = new Error('[[error:blacklisted-ip]]');
|
|
|
|
|
err.code = 'blacklisted-ip';
|
|
|
|
|
|
|
|
|
|
analytics.increment('blacklist');
|
|
|
|
|
|
|
|
|
|
setImmediate(callback, err);
|
|
|
|
|
throw err;
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
Blacklist.validate = function (rules, callback) {
|
|
|
|
|
Blacklist.validate = function (rules) {
|
|
|
|
|
rules = (rules || '').split('\n');
|
|
|
|
|
var ipv4 = [];
|
|
|
|
|
var ipv6 = [];
|
|
|
|
|
@ -170,7 +148,7 @@ Blacklist.validate = function (rules, callback) {
|
|
|
|
|
return false;
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
callback(null, {
|
|
|
|
|
return {
|
|
|
|
|
numRules: rules.length + invalid.length,
|
|
|
|
|
ipv4: ipv4,
|
|
|
|
|
ipv6: ipv6,
|
|
|
|
|
@ -178,25 +156,17 @@ Blacklist.validate = function (rules, callback) {
|
|
|
|
|
valid: rules,
|
|
|
|
|
invalid: invalid,
|
|
|
|
|
duplicateCount: duplicateCount,
|
|
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
Blacklist.addRule = function (rule, callback) {
|
|
|
|
|
Blacklist.addRule = async function (rule) {
|
|
|
|
|
var valid;
|
|
|
|
|
async.waterfall([
|
|
|
|
|
function (next) {
|
|
|
|
|
Blacklist.validate(rule, next);
|
|
|
|
|
},
|
|
|
|
|
function (result, next) {
|
|
|
|
|
valid = result.valid;
|
|
|
|
|
if (!valid.length) {
|
|
|
|
|
return next(new Error('[[error:invalid-rule]]'));
|
|
|
|
|
}
|
|
|
|
|
Blacklist.get(next);
|
|
|
|
|
},
|
|
|
|
|
function (rules, next) {
|
|
|
|
|
rules = rules + '\n' + valid[0];
|
|
|
|
|
Blacklist.save(rules, next);
|
|
|
|
|
},
|
|
|
|
|
], callback);
|
|
|
|
|
const result = Blacklist.validate(rule);
|
|
|
|
|
valid = result.valid;
|
|
|
|
|
if (!valid.length) {
|
|
|
|
|
throw new Error('[[error:invalid-rule]]');
|
|
|
|
|
}
|
|
|
|
|
let rules = await Blacklist.get();
|
|
|
|
|
rules = rules + '\n' + valid[0];
|
|
|
|
|
await Blacklist.save(rules);
|
|
|
|
|
};
|
|
|
|
|
|
Barış Soner Uşaklı
6 years ago