Add IP cloaking; make tor bans channel specific

2014-08-14 21:42:13 -05:00 · 2014-08-14 21:42:13 -05:00 · 8fddbc3e6e
commit 8fddbc3e6e
parent ecca806a58
14 changed files with 193 additions and 142 deletions
--- a/lib/io/ioserver.js
+++ b/lib/io/ioserver.js
@ -11,6 +11,8 @@ var Account = require("../account");
 var typecheck = require("json-typecheck");
 var net = require("net");
 var util = require("../utilities");
+var crypto = require("crypto");
+var isTorExit = require("../tor").isTorExit;

 var CONNECT_RATE = {
    burst: 5,
@ -43,27 +45,8 @@ function handleAuth(data, accept) {
    }
 }

-/**
- * Called after a connection is accepted
- */
-function handleConnection(sock) {
-    var ip = sock.handshake.address.address;
-    var longip = ip;
-    sock._ip = ip;
-    if (net.isIPv6(ip)) {
-        longip = util.expandIPv6(ip);
-    }
-    sock._longip = longip;
-    var srv = Server.getServer();
-    if (srv.torblocker && srv.torblocker.shouldBlockIP(ip)) {
-        sock.emit("kick", {
-            reason: "This server does not allow connections from Tor.  "+
-                    "Please log in with your regular internet connection."
-        });
-        Logger.syslog.log("Blocked Tor IP: " + ip);
-        sock.disconnect(true);
-        return;
-    }
+function throttleIP(sock) {
+    var ip = sock._realip;

    if (!(ip in ipThrottle)) {
        ipThrottle[ip] = $util.newRateLimiter();
@ -75,16 +58,14 @@ function handleConnection(sock) {
            reason: "Your IP address is connecting too quickly.  Please "+
                    "wait 10 seconds before joining again."
        });
-        return;
+        return true;
    }

-    // Check for global ban on the IP
-    if (db.isGlobalIPBanned(ip)) {
-        Logger.syslog.log("Rejecting " + ip + " - global banned");
-        sock.emit("kick", { reason: "Your IP is globally banned." });
-        sock.disconnect(true);
-        return;
-    }
+    return false;
+}
+
+function ipLimitReached(sock) {
+    var ip = sock._realip;

    sock.on("disconnect", function () {
        ipCount[ip]--;
@ -106,9 +87,9 @@ function handleConnection(sock) {
        sock.disconnect(true);
        return;
    }
+}

-    Logger.syslog.log("Accepted socket from " + ip);
-
+function addTypecheckedFunctions(sock) {
    sock.typecheckedOn = function (msg, template, cb) {
        sock.on(msg, function (data) {
            typecheck(data, template, function (err, data) {
@ -136,6 +117,44 @@ function handleConnection(sock) {
            });
        });
    };
+}
+
+/**
+ * Called after a connection is accepted
+ */
+function handleConnection(sock) {
+    var ip = sock.handshake.address.address;
+    if (net.isIPv6(ip)) {
+        ip = util.expandIPv6(ip);
+    }
+    sock._realip = ip;
+    sock._displayip = $util.cloakIP(ip);
+
+    if (isTorExit(ip)) {
+        sock._isUsingTor = true;
+    }
+
+    var srv = Server.getServer();
+
+    if (throttleIP(ip)) {
+        return;
+    }
+
+    // Check for global ban on the IP
+    if (db.isGlobalIPBanned(ip)) {
+        Logger.syslog.log("Rejecting " + ip + " - global banned");
+        sock.emit("kick", { reason: "Your IP is globally banned." });
+        sock.disconnect(true);
+        return;
+    }
+
+    if (ipLimitReached(sock)) {
+        return;
+    }
+
+    Logger.syslog.log("Accepted socket from " + ip);
+
+    addTypecheckedFunctions(sock);

    var user = new User(sock);
    if (sock.handshake.user) {
@ -148,6 +167,7 @@ function handleConnection(sock) {
                user.setFlag(Flags.U_READY);
                return;
            }
+
            user.socket.emit("login", {
                success: true,
                name: user.getName(),