1
0
mirror of https://github.com/KubaPro010/fm-dx-webserver.git synced 2026-02-26 22:13:53 +01:00

Merge pull request #97 from AmateurAudioDude/fixes/v1.3.1-spam-protection-fix

Minor adjustments to spam fix
This commit is contained in:
Marek Farkaš
2024-11-04 14:24:55 +01:00
committed by GitHub

View File

@@ -357,6 +357,7 @@ wss.on('connection', (ws, request) => {
let clientIp = request.headers['x-forwarded-for'] || request.connection.remoteAddress;
const userCommandHistory = {};
if (serverConfig.webserver.banlist?.includes(clientIp)) {
ws.close(1008, 'Banned IP');
return;
}
@@ -425,11 +426,11 @@ wss.on('connection', (ws, request) => {
// Record the current timestamp for the user
userCommandHistory[clientIp].push(now);
// Remove timestamps older than 10 ms from the history
// Remove timestamps older than 20 ms from the history
userCommandHistory[clientIp] = userCommandHistory[clientIp].filter(timestamp => now - timestamp <= 20);
// Check if there are 3 or more commands in the last 10 ms
if (userCommandHistory[clientIp].length >= 5) {
// Check if there are 8 or more commands in the last 20 ms
if (userCommandHistory[clientIp].length >= 8) {
logWarn(`User \x1b[90m${clientIp}\x1b[0m is spamming with rapid commands. Connection will be terminated and user will be banned.`);
// Add to banlist if not already banned
@@ -458,8 +459,8 @@ wss.on('connection', (ws, request) => {
// Remove timestamps older than 1 second
userCommands[command] = userCommands[command].filter(timestamp => now - timestamp <= 1000);
// If command count exceeds 3 in a second, close connection
if (userCommands[command].length > 3) {
// If command count exceeds limit, close connection
if (userCommands[command].length > 18) {
logWarn(`User \x1b[90m${clientIp}\x1b[0m is spamming command "${command}". Connection will be terminated.`);
ws.close(1008, 'Spamming detected');
return;
@@ -575,9 +576,49 @@ chatWss.on('connection', (ws, request) => {
admin: request.session.isAdminAuthenticated
};
ws.send(JSON.stringify(ipMessage));
const userCommands = {};
ws.on('message', function incoming(message) {
const messageData = JSON.parse(message);
// Anti-spam
const command = message.toString();
const now = Date.now();
// Update the last message time for general spam detection
lastMessageTime = now;
// Initialize command history for rate-limiting checks
if (!userCommands[command]) {
userCommands[command] = [];
}
// Record the current timestamp for this command
userCommands[command].push(now);
// Remove timestamps older than 1 second
userCommands[command] = userCommands[command].filter(timestamp => now - timestamp <= 1000);
// If command count exceeds limit, close connection
if (userCommands[command].length > 3) {
logWarn(`User \x1b[90m${clientIp}\x1b[0m is spamming command "${command}". Connection will be terminated.`);
ws.close(1008, 'Spamming detected');
return;
}
let messageData;
try {
messageData = JSON.parse(message);
} catch (error) {
// console.error("Failed to parse message:", error);
// Optionally, send an error response back to the client
ws.send(JSON.stringify({ error: "Invalid message format" }));
return; // Stop processing if JSON parsing fails
}
messageData.ip = clientIp; // Adding IP address to the message object
const currentTime = new Date();
@@ -589,7 +630,7 @@ chatWss.on('connection', (ws, request) => {
return;
}
if(request.session.isAdminAuthenticated === true) {
if (request.session.isAdminAuthenticated === true) {
messageData.admin = true;
}
@@ -610,15 +651,6 @@ chatWss.on('connection', (ws, request) => {
client.send(modifiedMessage);
}
});
});
ws.on('close', function close() {
});
});
rdsWss.on('connection', (ws, request) => {
ws.on('message', function incoming(message) {
});
ws.on('close', function close() {