extend settings and add an option to kick all users with bad IPs.
parent
f11f1d621f
commit
8e08da5c28
4
api.lua
4
api.lua
|
@ -1,7 +1,7 @@
|
|||
local api_base = {}
|
||||
local http_api = ...
|
||||
local cache_time = 30000 -- ~8 hours
|
||||
local max_try_count = 3 -- how many API do we try to use before aborting
|
||||
local cache_time = tonumber(core.settings:get("block_vps_cache_time")) or 30000 -- ~8 hours
|
||||
local max_try_count = tonumber(core.settings:get("block_vps_max_try")) or 3 -- how many API do we try to use before aborting
|
||||
local enabled_sources = string.split(core.settings:get("block_vps_datasources")
|
||||
or "iphub, iphub_legacy, nastyhosts", ",")
|
||||
|
||||
|
|
43
init.lua
43
init.lua
|
@ -4,8 +4,7 @@ assert(http_api ~= nil, "Add 'block_vps' to secure.http_mods and restart server"
|
|||
|
||||
local mod_path = core.get_modpath(core.get_current_modname())
|
||||
local mod_storage = minetest.get_mod_storage()
|
||||
-- block users from banned IPs from even attempting to connect, not recommand as it freezes other server activity
|
||||
local block_before_login = core.settings:get_bool("block_vps_block_before_login") or false
|
||||
local block_type = core.settings:get("block_vps_type") or "activation"
|
||||
|
||||
assert(loadfile(mod_path .. "/api.lua"))(http_api)
|
||||
dofile(mod_path .. "/iphub.lua")
|
||||
|
@ -14,11 +13,20 @@ dofile(mod_path .. "/nastyhosts.lua")
|
|||
-- block other mods from register data source till better security code can be written
|
||||
block_vps.regsiter_datasource = nil
|
||||
|
||||
local function create_reject_message(ip, isp, kicked)
|
||||
local function create_reject_message(ip, isp)
|
||||
local message
|
||||
if block_type ~= "kick" then
|
||||
message = "\nCreating new accounts "
|
||||
else
|
||||
message = "\nConnecting "
|
||||
end
|
||||
message = message .. "from this IP address (%s) is blocked,\nas it appears to be belong to a hosting/VPN/proxy provider (%s)" ..
|
||||
"%s\nplease contact the server owner if this is an error."
|
||||
local note = ","
|
||||
if kicked then note = ".\nConnect from an unblocked IP address to be able to use this account," end
|
||||
return string.format("\nCreating new accounts from this IP address (%s) is blocked,\nas it appears to be belong to a hosting/VPN/proxy provider (%s)" ..
|
||||
"%s\nplease contact the server owner if this is an error.", ip, isp, note)
|
||||
if block_type == "activation" then
|
||||
note = ".\nConnect from an unblocked IP address to be able to use this account,"
|
||||
end
|
||||
return string.format(message, ip, isp, note)
|
||||
end
|
||||
|
||||
local function log_block(name, ip, isp, datasource, kicked)
|
||||
|
@ -27,7 +35,7 @@ local function log_block(name, ip, isp, datasource, kicked)
|
|||
core.log("action", string.format("[block_vps] " .. prefix .. " from %q as the IP address appears to belong to %q (datasource = %q).", name, ip, isp, datasource))
|
||||
end
|
||||
|
||||
if block_before_login then
|
||||
if block_type == "creation" then
|
||||
core.register_on_prejoinplayer(function(name, ip)
|
||||
if not core.player_exists(name) then
|
||||
local ip_info = block_vps.get_ip_info_sync(ip)
|
||||
|
@ -37,15 +45,16 @@ if block_before_login then
|
|||
end
|
||||
end
|
||||
end)
|
||||
else
|
||||
core.register_on_prejoinplayer(function(name, ip)
|
||||
elseif block_type == "activation" then
|
||||
core.register_on_joinplayer(function(player)
|
||||
local name = player:get_player_name()
|
||||
-- Check if the account has yet to connect from a valid IP
|
||||
if mod_storage:get_int(name) == 1 then
|
||||
block_vps.get_ip_info(ip, function(ip, info)
|
||||
block_vps.get_ip_info(core.get_player_ip(name), function(ip, info)
|
||||
if info and info.is_blocked then
|
||||
-- if the player tries to connect from another banned IP kick and log.
|
||||
log_block(name, ip, info.isp, info.api, true)
|
||||
minetest.kick_player(name, create_reject_message(ip, info.isp, true))
|
||||
minetest.kick_player(name, create_reject_message(ip, info.isp))
|
||||
else
|
||||
mod_storage:set_int(name, 0) -- there doesn't seem to be a function to erase a key?
|
||||
end
|
||||
|
@ -56,7 +65,7 @@ else
|
|||
core.register_on_newplayer(function(player)
|
||||
local name = player:get_player_name()
|
||||
block_vps.get_ip_info(core.get_player_ip(name), function(ip, info)
|
||||
if true or info and info.is_blocked then
|
||||
if info and info.is_blocked then
|
||||
--[[
|
||||
If the IP the player created the account with is banned,
|
||||
kick them, log the event and record that they need to login with a normal IP to use the account in mod storage
|
||||
|
@ -67,6 +76,16 @@ else
|
|||
end
|
||||
end)
|
||||
end)
|
||||
elseif block_type == "kick" then
|
||||
core.register_on_joinplayer(function(player)
|
||||
local name = player:get_player_name()
|
||||
block_vps.get_ip_info(core.get_player_ip(name), function(ip, info)
|
||||
if info and info.is_blocked then
|
||||
log_block(name, ip, info.isp, info.api, true)
|
||||
minetest.kick_player(name, create_reject_message(ip, info.isp))
|
||||
end
|
||||
end)
|
||||
end)
|
||||
end
|
||||
|
||||
core.register_chatcommand("get_ip_info", {
|
||||
|
|
|
@ -42,7 +42,7 @@ end
|
|||
|
||||
function ip_hub_api:handle_response_data(ip, data_json)
|
||||
local info = {}
|
||||
local data = minetest.parse_json(data_json)
|
||||
local data = core.parse_json(data_json)
|
||||
info.is_blocked = (data.block == 1)
|
||||
info.isp = data.isp
|
||||
info.asn = data.asn
|
||||
|
|
|
@ -30,7 +30,7 @@ function ip_hub_api:is_response_valid(response)
|
|||
end
|
||||
|
||||
function ip_hub_api:handle_response_data(ip, data_json)
|
||||
local data = minetest.parse_json(data_json)
|
||||
local data = core.parse_json(data_json)
|
||||
if not data then
|
||||
return nil
|
||||
end
|
||||
|
|
|
@ -5,7 +5,7 @@ function nasty_hosts_api:generate_request(ip)
|
|||
end
|
||||
|
||||
function nasty_hosts_api:handle_response_data(ip, data_json)
|
||||
local data = minetest.parse_json(data_json)
|
||||
local data = core.parse_json(data_json)
|
||||
local info = {}
|
||||
info.is_blocked = (data.suggestion == "deny")
|
||||
if data.asn then
|
||||
|
|
|
@ -1,13 +1,26 @@
|
|||
# Blocks users from banned IPs from creating accounts instead of disconnecting them afterwards
|
||||
# Not recommanded as it blocks other server activity
|
||||
block_vps_block_before_login (block user creation) bool false
|
||||
# Changes how users from blocked IPs are handled:
|
||||
# creation - Blocks users from banned IPs from creating accounts
|
||||
# kick - Kicks any users that connect from a blacklist IP address
|
||||
# activation - Requires all new users to login at least once from a non-blacklist IP
|
||||
# none - Do nothing, let other mods handle it
|
||||
# Note: "creation" is not recommanded as it blocks other server activity
|
||||
block_vps_type (User block method) enum activation creation,kick,activation,none
|
||||
|
||||
# List of APIs for checking IP addresses against
|
||||
# Listed in the order of preference
|
||||
block_vps_datasources (data sources) string iphub, iphub_legacy, nastyhosts
|
||||
# List of APIs for checking IP addresses against.
|
||||
# Listed in the order of preference.
|
||||
block_vps_datasources (Data sources) string iphub, iphub_legacy, nastyhosts
|
||||
|
||||
# Contact email, needed by some APIs used as data sources
|
||||
block_vps_email (contact email) string your_email@example.com
|
||||
# Contact email, needed by some APIs used as data sources.
|
||||
block_vps_email (Contact email) string your_email@example.com
|
||||
|
||||
# How long IP lookups are cached in memory (in-seconds).
|
||||
# May be overriden by certain datasources.
|
||||
block_vps_cache_time (Lookup cache time) int 30000
|
||||
|
||||
# How many datasources/APIs should the mod attempt to lookup before aborting.
|
||||
# Higher values increase the chance of an IP being looked up even if some of the APIs fail
|
||||
# but they also increase server load.
|
||||
block_vps_max_try (Retry count) int 3
|
||||
|
||||
[APIs]
|
||||
[*IP Hub]
|
||||
|
|
Loading…
Reference in New Issue