limit downloads per IP

OdyseeTeam · Oct 30, 2023 · e0af118 · e0af118
1 parent b48a578
commit e0af118
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 9 deletions.
diff --git a/firewall/firewall.go b/firewall/firewall.go
@@ -1,10 +1,11 @@
 package firewall
 
 import (
+	"errors"
+	"sync"
 	"time"
 
 	"github.com/bluele/gcache"
-	"github.com/modern-go/concurrent"
 )
 
 const WindowSize = 120 * time.Second
@@ -23,16 +24,16 @@ func IsIpAbusingResources(ip string, endpoint string) (bool, int) {
 		return false, 0
 	}
 	resources, err := resourcesForIPCache.Get(ip)
-	if err == gcache.KeyNotFoundError {
-		tokensMap := concurrent.NewMap()
+	if errors.Is(err, gcache.KeyNotFoundError) {
+		tokensMap := &sync.Map{}
 		tokensMap.Store(endpoint, time.Now())
 		err := resourcesForIPCache.SetWithExpire(ip, tokensMap, WindowSize*10)
 		if err != nil {
 			return false, 1
 		}
 		return false, 1
 	}
-	tokensForIP, _ := resources.(*concurrent.Map)
+	tokensForIP, _ := resources.(*sync.Map)
 	currentTime := time.Now()
 	tokensForIP.Store(endpoint, currentTime)
 	resourcesCount := 0

diff --git a/player/http_handlers.go b/player/http_handlers.go
@@ -1,6 +1,7 @@
 package player
 
 import (
+	"encoding/json"
 	"errors"
 	"fmt"
 	"net/http"
@@ -20,6 +21,7 @@ import (
 
 	"github.com/getsentry/sentry-go"
 	"github.com/gin-gonic/gin"
+	"github.com/sirupsen/logrus"
 )
 
 // SpeechPrefix is root level prefix for speech URLs.
@@ -85,10 +87,9 @@ var bannedIPs = map[string]bool{
 	"207.244.91.166":  true,
 	"198.98.52.25":    true,
 	"207.244.91.131":  true,
+	"175.182.108.229": true,
 }
 
-const LOG_FILE = "/tmp/player_cache/logrus.log"
-
 var allowedReferrers = map[string]bool{
 	"https://piped.kavin.rocks/": true,
 	"https://piped.video/":       true,
@@ -229,6 +230,14 @@ func (h *RequestHandler) Handle(c *gin.Context) {
 	}
 	isDownload, _ := strconv.ParseBool(c.Query(paramDownload))
 
+	if isDownload {
+		// log all headers for download requests
+		//encode headers in a json string
+		headers, err := json.MarshalIndent(c.Request.Header, "", "  ")
+		if err == nil {
+			logrus.Infof("download request for %s with IP %s and headers: %+v", uri, ip, string(headers))
+		}
+	}
 	//don't allow downloads if either flagged or disabled
 	if isDownload && (!h.player.options.downloadsEnabled || flagged) {
 		c.String(http.StatusForbidden, "downloads are currently disabled")
@@ -247,13 +256,18 @@ func (h *RequestHandler) Handle(c *gin.Context) {
 		c.String(http.StatusForbidden, "this content cannot be accessed")
 		return
 	}
-	if abusive, count := firewall.IsIpAbusingResources(ip, stream.ClaimID); abusive {
-		Logger.Warnf("IP %s is abusing resources (count: %d): %s - %s", ip, count, stream.ClaimID, stream.claim.Name)
-		if count > 10 {
+	abusiveIP, abuseCount := firewall.IsIpAbusingResources(ip, stream.ClaimID)
+	if abusiveIP {
+		Logger.Warnf("IP %s is abusing resources (count: %d): %s - %s", ip, abuseCount, stream.ClaimID, stream.claim.Name)
+		if abuseCount > 10 {
 			c.String(http.StatusTooManyRequests, "Try again later")
 			return
 		}
 	}
+	if isDownload && abuseCount > 2 {
+		c.String(http.StatusTooManyRequests, "Try again later")
+		return
+	}
 
 	err = h.player.VerifyAccess(stream, c)
 	if err != nil {