Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 08:36:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat: #11868 apply blacklist to routes (#11873)

Browse Source 
api and regular routes
dont allow blacklisting self ip
check blacklist on socket emits
This commit is contained in:
Barış Soner Uşaklı
2023-08-03 10:58:03 -04:00
committed by GitHub
parent b44ffaf306
commit 23404ad103
5 changed files with 20 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
public/language/en-GB/error.json
View File

@@ -62,6 +62,7 @@
"user-banned-reason-until": "Sorry, this account has been banned until %1 (Reason: %2)",
"user-too-new": "Sorry, you are required to wait %1 second(s) before making your first post",
"blacklisted-ip": "Sorry, your IP address has been banned from this community. If you feel this is in error, please contact an administrator.",
"cant-blacklist-self-ip": "You can't blacklist your own IP",
"ban-expiry-missing": "Please provide an end date for this ban",
"no-category": "Category does not exist",

20
src/meta/blacklist.js
View File

@@ -38,6 +38,16 @@ Blacklist.save = async function (rules) {
pubsub.publish('blacklist:reload');
};
Blacklist.addRule = async function (rule) {
const { valid } = Blacklist.validate(rule);
if (!valid.length) {
throw new Error('[[error:invalid-rule]]');
}
let rules = await Blacklist.get();
rules = `${rules}\n${valid[0]}`;
await Blacklist.save(rules);
};
Blacklist.get = async function () {
const data = await db.getObject('ip-blacklist-rules');
return data && data.rules;
@@ -165,12 +175,4 @@ Blacklist.validate = function (rules) {
};
};
Blacklist.addRule = async function (rule) {
const { valid } = Blacklist.validate(rule);
if (!valid.length) {
throw new Error('[[error:invalid-rule]]');
}
let rules = await Blacklist.get();
rules = `${rules}\n${valid[0]}`;
await Blacklist.save(rules);
};

2
src/routes/helpers.js
View File

@@ -16,6 +16,7 @@ helpers.setupPageRoute = function (...args) {
}
middlewares = [
middleware.applyBlacklist,
middleware.authenticateRequest,
middleware.maintenanceMode,
middleware.registrationComplete,
@@ -53,6 +54,7 @@ helpers.setupApiRoute = function (...args) {
const controller = args[args.length - 1];
middlewares = [
middleware.applyBlacklist,
middleware.authenticateRequest,
middleware.maintenanceMode,
middleware.registrationComplete,

4
src/socket.io/blacklist.js
View File

@@ -24,6 +24,10 @@ async function blacklist(socket, method, rule) {
if (!isAdminOrGlobalMod) {
throw new Error('[[error:no-privileges]]');
}
if (socket.ip && rule.includes(socket.ip)) {
throw new Error('[[error:cant-blacklist-self-ip]]');
}
await meta.blacklist[method](rule);
await events.log({
type: `ip-blacklist-${method}`,

2
src/socket.io/index.js
View File

@@ -12,6 +12,7 @@ const user = require('../user');
const logger = require('../logger');
const plugins = require('../plugins');
const ratelimit = require('../middleware/ratelimit');
const blacklist = require('../meta/blacklist');
const Namespaces = Object.create(null);
@@ -178,6 +179,7 @@ async function onMessage(socket, payload) {
return socket.disconnect();
}
await blacklist.test(socket.ip);
await checkMaintenance(socket);
await validateSession(socket, '[[error:revalidate-failure]]');