mirror of
				https://github.com/NodeBB/NodeBB.git
				synced 2025-10-26 16:46:12 +01:00 
			
		
		
		
	api and regular routes dont allow blacklisting self ip check blacklist on socket emits
This commit is contained in:
		
				
					committed by
					
						 GitHub
						GitHub
					
				
			
			
				
	
			
			
			
						parent
						
							b44ffaf306
						
					
				
				
					commit
					23404ad103
				
			| @@ -62,6 +62,7 @@ | ||||
| 	"user-banned-reason-until": "Sorry, this account has been banned until %1 (Reason: %2)", | ||||
| 	"user-too-new": "Sorry, you are required to wait %1 second(s) before making your first post", | ||||
| 	"blacklisted-ip": "Sorry, your IP address has been banned from this community. If you feel this is in error, please contact an administrator.", | ||||
| 	"cant-blacklist-self-ip": "You can't blacklist your own IP", | ||||
| 	"ban-expiry-missing": "Please provide an end date for this ban", | ||||
|  | ||||
| 	"no-category": "Category does not exist", | ||||
|   | ||||
| @@ -38,6 +38,16 @@ Blacklist.save = async function (rules) { | ||||
| 	pubsub.publish('blacklist:reload'); | ||||
| }; | ||||
|  | ||||
| Blacklist.addRule = async function (rule) { | ||||
| 	const { valid } = Blacklist.validate(rule); | ||||
| 	if (!valid.length) { | ||||
| 		throw new Error('[[error:invalid-rule]]'); | ||||
| 	} | ||||
| 	let rules = await Blacklist.get(); | ||||
| 	rules = `${rules}\n${valid[0]}`; | ||||
| 	await Blacklist.save(rules); | ||||
| }; | ||||
|  | ||||
| Blacklist.get = async function () { | ||||
| 	const data = await db.getObject('ip-blacklist-rules'); | ||||
| 	return data && data.rules; | ||||
| @@ -165,12 +175,4 @@ Blacklist.validate = function (rules) { | ||||
| 	}; | ||||
| }; | ||||
|  | ||||
| Blacklist.addRule = async function (rule) { | ||||
| 	const { valid } = Blacklist.validate(rule); | ||||
| 	if (!valid.length) { | ||||
| 		throw new Error('[[error:invalid-rule]]'); | ||||
| 	} | ||||
| 	let rules = await Blacklist.get(); | ||||
| 	rules = `${rules}\n${valid[0]}`; | ||||
| 	await Blacklist.save(rules); | ||||
| }; | ||||
|  | ||||
|   | ||||
| @@ -16,6 +16,7 @@ helpers.setupPageRoute = function (...args) { | ||||
| 	} | ||||
|  | ||||
| 	middlewares = [ | ||||
| 		middleware.applyBlacklist, | ||||
| 		middleware.authenticateRequest, | ||||
| 		middleware.maintenanceMode, | ||||
| 		middleware.registrationComplete, | ||||
| @@ -53,6 +54,7 @@ helpers.setupApiRoute = function (...args) { | ||||
| 	const controller = args[args.length - 1]; | ||||
|  | ||||
| 	middlewares = [ | ||||
| 		middleware.applyBlacklist, | ||||
| 		middleware.authenticateRequest, | ||||
| 		middleware.maintenanceMode, | ||||
| 		middleware.registrationComplete, | ||||
|   | ||||
| @@ -24,6 +24,10 @@ async function blacklist(socket, method, rule) { | ||||
| 	if (!isAdminOrGlobalMod) { | ||||
| 		throw new Error('[[error:no-privileges]]'); | ||||
| 	} | ||||
| 	if (socket.ip && rule.includes(socket.ip)) { | ||||
| 		throw new Error('[[error:cant-blacklist-self-ip]]'); | ||||
| 	} | ||||
|  | ||||
| 	await meta.blacklist[method](rule); | ||||
| 	await events.log({ | ||||
| 		type: `ip-blacklist-${method}`, | ||||
|   | ||||
| @@ -12,6 +12,7 @@ const user = require('../user'); | ||||
| const logger = require('../logger'); | ||||
| const plugins = require('../plugins'); | ||||
| const ratelimit = require('../middleware/ratelimit'); | ||||
| const blacklist = require('../meta/blacklist'); | ||||
|  | ||||
| const Namespaces = Object.create(null); | ||||
|  | ||||
| @@ -178,6 +179,7 @@ async function onMessage(socket, payload) { | ||||
| 			return socket.disconnect(); | ||||
| 		} | ||||
|  | ||||
| 		await blacklist.test(socket.ip); | ||||
| 		await checkMaintenance(socket); | ||||
| 		await validateSession(socket, '[[error:revalidate-failure]]'); | ||||
|  | ||||
|   | ||||
		Reference in New Issue
	
	Block a user