extend settings and add an option to kick all users with bad IPs.

2018-02-11 15:03:10 +00:00 · 2018-02-11 15:03:10 +00:00 · 8e08da5c28
parent f11f1d621f
commit 8e08da5c28
6 changed files with 57 additions and 25 deletions
--- a/api.lua
+++ b/api.lua
@ -1,7 +1,7 @@
 local api_base = {}
 local http_api = ...
-local cache_time = 30000 -- ~8 hours
-local max_try_count = 3 -- how many API do we try to use before aborting
+local cache_time = tonumber(core.settings:get("block_vps_cache_time")) or 30000 -- ~8 hours
+local max_try_count = tonumber(core.settings:get("block_vps_max_try")) or 3 -- how many API do we try to use before aborting
 local enabled_sources = string.split(core.settings:get("block_vps_datasources")
 	or "iphub, iphub_legacy, nastyhosts", ",")

--- a/init.lua
+++ b/init.lua
@ -4,8 +4,7 @@ assert(http_api ~= nil, "Add 'block_vps' to secure.http_mods and restart server"

 local mod_path = core.get_modpath(core.get_current_modname())
 local mod_storage = minetest.get_mod_storage()
-- block users from banned IPs from even attempting to connect, not recommand as it freezes other server activity
-local block_before_login = core.settings:get_bool("block_vps_block_before_login") or false
+local block_type = core.settings:get("block_vps_type") or "activation"

 assert(loadfile(mod_path .. "/api.lua"))(http_api)
 dofile(mod_path .. "/iphub.lua")
@ -14,11 +13,20 @@ dofile(mod_path .. "/nastyhosts.lua")
 -- block other mods from register data source till better security code can be written
 block_vps.regsiter_datasource = nil

-local function create_reject_message(ip, isp, kicked)
+local function create_reject_message(ip, isp)
+	local message
+	if block_type ~= "kick" then
+		message = "\nCreating new accounts "
+	else
+		message = "\nConnecting "
+	end
+	message = message .. "from this IP address (%s) is blocked,\nas it appears to be belong to a hosting/VPN/proxy provider (%s)" ..
+				"%s\nplease contact the server owner if this is an error."
 	local note = ","
-	if kicked then note = ".\nConnect from an unblocked IP address to be able to use this account," end
-	return string.format("\nCreating new accounts from this IP address (%s) is blocked,\nas it appears to be belong to a hosting/VPN/proxy provider (%s)" ..
-			"%s\nplease contact the server owner if this is an error.", ip, isp, note)
+	if block_type == "activation" then 
+		note = ".\nConnect from an unblocked IP address to be able to use this account,"
+	end
+	return string.format(message, ip, isp, note)
 end
 	
 local function log_block(name, ip, isp, datasource, kicked)
@ -27,7 +35,7 @@ local function log_block(name, ip, isp, datasource, kicked)
 	core.log("action", string.format("[block_vps] " .. prefix .. " from %q as the IP address appears to belong to %q (datasource = %q).", name, ip, isp, datasource))
 end

-if block_before_login then
+if block_type == "creation" then
 	core.register_on_prejoinplayer(function(name, ip)
 		if not core.player_exists(name) then
 			local ip_info = block_vps.get_ip_info_sync(ip)
@ -37,15 +45,16 @@ if block_before_login then
 			end
 		end
 	end)
-else
-	core.register_on_prejoinplayer(function(name, ip)
+elseif block_type == "activation" then
+	core.register_on_joinplayer(function(player)
+		local name = player:get_player_name()
 		-- Check if the account has yet to connect from a valid IP
 		if mod_storage:get_int(name) == 1 then
-			block_vps.get_ip_info(ip, function(ip, info)
+			block_vps.get_ip_info(core.get_player_ip(name), function(ip, info)
 				if info and info.is_blocked then
 					-- if the player tries to connect from another banned IP kick and log.
 					log_block(name, ip, info.isp, info.api, true)
-					minetest.kick_player(name, create_reject_message(ip, info.isp, true))
+					minetest.kick_player(name, create_reject_message(ip, info.isp))
 				else
 					mod_storage:set_int(name, 0) -- there doesn't seem to be a function to erase a key?
 				end
@ -56,7 +65,7 @@ else
 	core.register_on_newplayer(function(player)
 		local name = player:get_player_name()
 		block_vps.get_ip_info(core.get_player_ip(name), function(ip, info)
-			if true or info and info.is_blocked then
+			if info and info.is_blocked then
 				--[[
 					If the IP the player created the account with is banned,
 					kick them, log the event and record that they need to login with a normal IP to use the account in mod storage
@ -67,6 +76,16 @@ else
 			end
 		end)
 	end)
+elseif block_type == "kick" then
+	core.register_on_joinplayer(function(player)
+		local name = player:get_player_name()
+		block_vps.get_ip_info(core.get_player_ip(name), function(ip, info)
+			if info and info.is_blocked then
+				log_block(name, ip, info.isp, info.api, true)
+				minetest.kick_player(name, create_reject_message(ip, info.isp))
+			end
+		end)
+	end)
 end

 core.register_chatcommand("get_ip_info", {
--- a/iphub.lua
+++ b/iphub.lua
@ -42,7 +42,7 @@ end

 function ip_hub_api:handle_response_data(ip, data_json)
 	local info = {}
-	local data = minetest.parse_json(data_json)
+	local data = core.parse_json(data_json)
 	info.is_blocked = (data.block == 1)
 	info.isp = data.isp
 	info.asn = data.asn
--- a/iphub_legacy.lua
+++ b/iphub_legacy.lua
@ -30,7 +30,7 @@ function ip_hub_api:is_response_valid(response)
 end

 function ip_hub_api:handle_response_data(ip, data_json)
-	local data = minetest.parse_json(data_json)
+	local data = core.parse_json(data_json)
 	if not data then
 		return nil
 	end
--- a/nastyhosts.lua
+++ b/nastyhosts.lua
@ -5,7 +5,7 @@ function nasty_hosts_api:generate_request(ip)
 end

 function nasty_hosts_api:handle_response_data(ip, data_json)
-	local data = minetest.parse_json(data_json)
+	local data = core.parse_json(data_json)
 	local info = {}
 	info.is_blocked = (data.suggestion == "deny")
 	if data.asn then
--- a/settingtypes.txt
+++ b/settingtypes.txt
@ -1,13 +1,26 @@
-#    Blocks users from banned IPs from creating accounts instead of disconnecting them afterwards
-#    Not recommanded as it blocks other server activity
-block_vps_block_before_login (block user creation) bool false
+#    Changes how users from blocked IPs are handled:
+#        creation  -  Blocks users from banned IPs from creating accounts
+#        kick  -  Kicks any users that connect from a blacklist IP address
+#        activation  -  Requires all new users to login at least once from a non-blacklist IP
+#        none  -  Do nothing, let other mods handle it
+#    Note: "creation" is not recommanded as it blocks other server activity
+block_vps_type (User block method) enum activation creation,kick,activation,none

-#   List of APIs for checking IP addresses against
-#   Listed in the order of preference
-block_vps_datasources (data sources) string iphub, iphub_legacy, nastyhosts
+#   List of APIs for checking IP addresses against.
+#   Listed in the order of preference.
+block_vps_datasources (Data sources) string iphub, iphub_legacy, nastyhosts

-#    Contact email, needed by some APIs used as data sources
-block_vps_email (contact email) string your_email@example.com
+#    Contact email, needed by some APIs used as data sources.
+block_vps_email (Contact email) string your_email@example.com
+
+#   How long IP lookups are cached in memory (in-seconds).
+#   May be overriden by certain datasources.
+block_vps_cache_time (Lookup cache time) int 30000
+
+#   How many datasources/APIs should the mod attempt to lookup before aborting.
+#   Higher values increase the chance of an IP being looked up even if some of the APIs fail
+#   but they also increase server load.
+block_vps_max_try (Retry count) int 3

 [APIs]
 [*IP Hub]