Merge branch 'master' of gitea.moe:lamp/qonq

add antiscrape
2021-12-05 02:40:36 -06:00 · 2021-12-05 02:40:33 -06:00
3 changed files with 21 additions and 4 deletions
--- a/.gitignore
+++ b/.gitignore
@ -8,3 +8,4 @@
 !/README.md
 !/files/www/qonq.js
 !/favicon.ico
+!/antiscrape.js
--- a/antiscrape.js
+++ b/antiscrape.js
@ -0,0 +1,15 @@
+// someone could iterate over all ~1.6 million possible file codes to download all files.
+// prevent this by banning IP addresses that request too many non-existant files.
+
+var ip404 = {};
+module.exports = (req, res, next) => {
+	if (ip404[req.ip]?.size > 10)
+		return res.status(403).send("Banned");
+	res.on("finish", () => {
+		if (res.statusCode == 404 && req.filecode) {
+			if (!ip404[req.ip]) ip404[req.ip] = new Set();
+			ip404[req.ip].add(req.filecode);
+		}
+	});
+	next();
+};
--- a/qonq.js
+++ b/qonq.js
@ -55,16 +55,17 @@ app.post("*", (req, res, next) => {
 	})();
 });

+app.use(require("./antiscrape"));

 app.get(['/', '/:code/', '/:code/*'], function(req, res, next){
 	var subdomain = req.subdomains.at(-1);
-	var filecode = subdomain || req.params.code;
-	if (!filecode) filecode = "www";
-	var webroot = path.join(FILES_DIR, filecode);
+	req.filecode = subdomain || req.params.code;
+	if (!req.filecode) req.filecode = "www";
+	var webroot = path.join(FILES_DIR, req.filecode);
 	fs.readdir(webroot, function(error, webrootdirlist) {
 		if (error) return void next(error.code == "ENOENT" ? "route" : error);
 		if (webrootdirlist.length > 1) {
-			if (subdomain) req.url = path.join(filecode, req.url);
+			if (subdomain) req.url = path.join(req.filecode, req.url);
 			next();
 		} else if (webrootdirlist.length == 1) {
 			res.sendFile(webrootdirlist[0], {
Author	SHA1	Message	Date
Lamp	4e99509d96	Merge branch 'master' of gitea.moe:lamp/qonq	2021-12-05 02:40:36 -06:00
Lamp	16afa0abc5	add antiscrape	2021-12-05 02:40:33 -06:00