sync/lib/io/ioserver.js

var sio = require("socket.io");
var cookieParser = require("cookie-parser")();
var Logger = require("../logger");
var db = require("../database");
var User = require("../user");
var Server = require("../server");
var Config = require("../config");
var $util = require("../utilities");
var Flags = require("../flags");
var Account = require("../account");
var typecheck = require("json-typecheck");
var net = require("net");
var util = require("../utilities");
var crypto = require("crypto");
var isTorExit = require("../tor").isTorExit;

var CONNECT_RATE = {
    burst: 5,
    sustained: 0.1
};

var ipThrottle = {};
// Keep track of number of connections per IP
var ipCount = {};

/**
 * Called before an incoming socket.io connection is accepted.
 */
function handleAuth(socket, accept) {
    var data = socket.request;

    socket.user = false;
    if (data.headers.cookie) {
        cookieParser(data, null, function () {
            var auth = data.cookies.auth;
            db.users.verifyAuth(auth, function (err, user) {
                if (!err) {
                    socket.user = {
                        name: user.name,
                        global_rank: user.global_rank
                    };
                }
                accept(null, true);
            });
        });
    } else {
        accept(null, true);
    }
}

function throttleIP(sock) {
    var ip = sock._realip;

    if (!(ip in ipThrottle)) {
        ipThrottle[ip] = $util.newRateLimiter();
    }

    if (ipThrottle[ip].throttle(CONNECT_RATE)) {
        Logger.syslog.log("WARN: IP throttled: " + ip);
        sock.emit("kick", {
            reason: "Your IP address is connecting too quickly.  Please "+
                    "wait 10 seconds before joining again."
        });
        return true;
    }

    return false;
}

function ipLimitReached(sock) {
    var ip = sock._realip;

    sock.on("disconnect", function () {
        ipCount[ip]--;
        if (ipCount[ip] === 0) {
            /* Clear out unnecessary counters to save memory */
            delete ipCount[ip];
        }
    });

    if (!(ip in ipCount)) {
        ipCount[ip] = 0;
    }

    ipCount[ip]++;
    if (ipCount[ip] > Config.get("io.ip-connection-limit")) {
        sock.emit("kick", {
            reason: "Too many connections from your IP address"
        });
        sock.disconnect(true);
        return;
    }
}

function addTypecheckedFunctions(sock) {
    sock.typecheckedOn = function (msg, template, cb) {
        sock.on(msg, function (data) {
            typecheck(data, template, function (err, data) {
                if (err) {
                    sock.emit("errorMsg", {
                        msg: "Unexpected error for message " + msg + ": " + err.message
                    });
                } else {
                    cb(data);
                }
            });
        });
    };

    sock.typecheckedOnce = function (msg, template, cb) {
        sock.once(msg, function (data) {
            typecheck(data, template, function (err, data) {
                if (err) {
                    sock.emit("errorMsg", {
                        msg: "Unexpected error for message " + msg + ": " + err.message
                    });
                } else {
                    cb(data);
                }
            });
        });
    };
}

/**
 * Called after a connection is accepted
 */
function handleConnection(sock) {
    var ip = sock.request.connection.remoteAddress;
    if (!ip) {
        sock.emit("kick", {
            reason: "Your IP address could not be determined from the socket connection.  See https://github.com/Automattic/socket.io/issues/1387#issuecomment-48425088 for details"
        });
        return;
    }

    if (net.isIPv6(ip)) {
        ip = util.expandIPv6(ip);
    }
    sock._realip = ip;
    sock._displayip = $util.cloakIP(ip);

    if (isTorExit(ip)) {
        sock._isUsingTor = true;
    }

    var srv = Server.getServer();

    if (throttleIP(sock)) {
        return;
    }

    // Check for global ban on the IP
    if (db.isGlobalIPBanned(ip)) {
        Logger.syslog.log("Rejecting " + ip + " - global banned");
        sock.emit("kick", { reason: "Your IP is globally banned." });
        sock.disconnect(true);
        return;
    }

    if (ipLimitReached(sock)) {
        return;
    }

    Logger.syslog.log("Accepted socket from " + ip);

    addTypecheckedFunctions(sock);

    var user = new User(sock);
    if (sock.user) {
        user.setFlag(Flags.U_REGISTERED);
        user.clearFlag(Flags.U_READY);
        user.refreshAccount({ name: sock.user.name },
                            function (err, account) {
            if (err) {
                user.clearFlag(Flags.U_REGISTERED);
                user.setFlag(Flags.U_READY);
                return;
            }

            user.socket.emit("login", {
                success: true,
                name: user.getName(),
                guest: false
            });
            db.recordVisit(ip, user.getName());
            user.socket.emit("rank", user.account.effectiveRank);
            user.setFlag(Flags.U_LOGGED_IN);
            user.emit("login", account);
            Logger.syslog.log(ip + " logged in as " + user.getName());
            user.setFlag(Flags.U_READY);
        });
    } else {
        user.socket.emit("rank", -1);
        user.setFlag(Flags.U_READY);
    }
}

module.exports = {
    init: function (srv) {
        var bound = {};
        var io = sio.instance = sio();

        io.use(handleAuth);
        io.on("connection", handleConnection);

        Config.get("listen").forEach(function (bind) {
            if (!bind.io) {
                return;
            }
            var id = bind.ip + ":" + bind.port;
            if (id in bound) {
                Logger.syslog.log("[WARN] Ignoring duplicate listen address " + id);
                return;
            }

            if (id in srv.servers) {
                io.attach(srv.servers[id]);
            } else {
                io.attach(require("http").createServer().listen(bind.port, bind.ip));
            }

            bound[id] = null;
        });
    }
};

/* Clean out old rate limiters */
setInterval(function () {
    for (var ip in ipThrottle) {
        if (ipThrottle[ip].lastTime < Date.now() - 60 * 1000) {
            var obj = ipThrottle[ip];
            /* Not strictly necessary, but seems to help the GC out a bit */
            for (var key in obj) {
                delete obj[key];
            }
            delete ipThrottle[ip];
        }
    }

    if (Config.get("aggressive-gc") && global && global.gc) {
        global.gc();
    }
}, 5 * 60 * 1000);
More refactoring 2013-12-12 17:09:49 -06:00			`var sio = require("socket.io");`
Update rest of dependencies 2014-08-19 00:46:30 -05:00			`var cookieParser = require("cookie-parser")();`
More refactoring 2013-12-12 17:09:49 -06:00			`var Logger = require("../logger");`
			`var db = require("../database");`
			`var User = require("../user");`
			`var Server = require("../server");`
Switch config to YAML 2014-01-22 17:11:26 -06:00			`var Config = require("../config");`
More refactoring 2013-12-12 17:09:49 -06:00			`var $util = require("../utilities");`
Merge refactoring into 3.0 2014-05-20 19:30:14 -07:00			`var Flags = require("../flags");`
			`var Account = require("../account");`
			`var typecheck = require("json-typecheck");`
			`var net = require("net");`
			`var util = require("../utilities");`
Add IP cloaking; make tor bans channel specific 2014-08-14 21:42:13 -05:00			`var crypto = require("crypto");`
			`var isTorExit = require("../tor").isTorExit;`
More refactoring 2013-12-12 17:09:49 -06:00
			`var CONNECT_RATE = {`
			`burst: 5,`
			`sustained: 0.1`
			`};`

			`var ipThrottle = {};`
			`// Keep track of number of connections per IP`
			`var ipCount = {};`

			`/**`
			`* Called before an incoming socket.io connection is accepted.`
			`*/`
Update to socket.io 1.0 2014-08-19 22:57:28 -05:00			`function handleAuth(socket, accept) {`
			`var data = socket.request;`

			`socket.user = false;`
More refactoring 2013-12-12 17:09:49 -06:00			`if (data.headers.cookie) {`
Update rest of dependencies 2014-08-19 00:46:30 -05:00			`cookieParser(data, null, function () {`
			`var auth = data.cookies.auth;`
			`db.users.verifyAuth(auth, function (err, user) {`
			`if (!err) {`
Update to socket.io 1.0 2014-08-19 22:57:28 -05:00			`socket.user = {`
Update rest of dependencies 2014-08-19 00:46:30 -05:00			`name: user.name,`
			`global_rank: user.global_rank`
			`};`
			`}`
			`accept(null, true);`
			`});`
More refactoring 2013-12-12 17:09:49 -06:00			`});`
			`} else {`
			`accept(null, true);`
			`}`
			`}`

Add IP cloaking; make tor bans channel specific 2014-08-14 21:42:13 -05:00			`function throttleIP(sock) {`
			`var ip = sock._realip;`
More refactoring 2013-12-12 17:09:49 -06:00
			`if (!(ip in ipThrottle)) {`
			`ipThrottle[ip] = $util.newRateLimiter();`
			`}`

			`if (ipThrottle[ip].throttle(CONNECT_RATE)) {`
			`Logger.syslog.log("WARN: IP throttled: " + ip);`
			`sock.emit("kick", {`
			`reason: "Your IP address is connecting too quickly. Please "+`
			`"wait 10 seconds before joining again."`
			`});`
Add IP cloaking; make tor bans channel specific 2014-08-14 21:42:13 -05:00			`return true;`
More refactoring 2013-12-12 17:09:49 -06:00			`}`

Add IP cloaking; make tor bans channel specific 2014-08-14 21:42:13 -05:00			`return false;`
			`}`

			`function ipLimitReached(sock) {`
			`var ip = sock._realip;`
More refactoring 2013-12-12 17:09:49 -06:00
			`sock.on("disconnect", function () {`
			`ipCount[ip]--;`
Fix a few memory leaks; add /gc console command 3 memory leaks were fixed - ipThrottle (due to the periodic cleaner clearing the wrong object...) - ipCount (shouldn't have leaked very much, but removing obsolete data is good practice) - lastguestlogin (again, shouldn't leak much, but should be cleared periodically anyways) A new console command (i.e. from the terminal running node) was added: /gc - If the process is invoked as node --expose-gc index.js, /gc allows you to manually invoke the garbage collector 2014-04-10 21:54:46 -05:00			`if (ipCount[ip] === 0) {`
			`/* Clear out unnecessary counters to save memory */`
			`delete ipCount[ip];`
			`}`
More refactoring 2013-12-12 17:09:49 -06:00			`});`

			`if (!(ip in ipCount)) {`
			`ipCount[ip] = 0;`
			`}`

			`ipCount[ip]++;`
Switch config to YAML 2014-01-22 17:11:26 -06:00			`if (ipCount[ip] > Config.get("io.ip-connection-limit")) {`
More refactoring 2013-12-12 17:09:49 -06:00			`sock.emit("kick", {`
			`reason: "Too many connections from your IP address"`
			`});`
			`sock.disconnect(true);`
			`return;`
			`}`
Add IP cloaking; make tor bans channel specific 2014-08-14 21:42:13 -05:00			`}`
More refactoring 2013-12-12 17:09:49 -06:00
Add IP cloaking; make tor bans channel specific 2014-08-14 21:42:13 -05:00			`function addTypecheckedFunctions(sock) {`
Merge refactoring into 3.0 2014-05-20 19:30:14 -07:00			`sock.typecheckedOn = function (msg, template, cb) {`
			`sock.on(msg, function (data) {`
			`typecheck(data, template, function (err, data) {`
			`if (err) {`
			`sock.emit("errorMsg", {`
			`msg: "Unexpected error for message " + msg + ": " + err.message`
			`});`
			`} else {`
			`cb(data);`
			`}`
			`});`
			`});`
			`};`

			`sock.typecheckedOnce = function (msg, template, cb) {`
			`sock.once(msg, function (data) {`
			`typecheck(data, template, function (err, data) {`
			`if (err) {`
			`sock.emit("errorMsg", {`
			`msg: "Unexpected error for message " + msg + ": " + err.message`
			`});`
			`} else {`
			`cb(data);`
			`}`
			`});`
			`});`
			`};`
Add IP cloaking; make tor bans channel specific 2014-08-14 21:42:13 -05:00			`}`

			`/**`
			`* Called after a connection is accepted`
			`*/`
			`function handleConnection(sock) {`
Fix IP extraction for socket.io 2014-08-20 11:44:37 -05:00			`var ip = sock.request.connection.remoteAddress;`
Reject sockets with no IP 2014-08-20 12:09:38 -05:00			`if (!ip) {`
Typo 2014-08-20 12:11:46 -05:00			`sock.emit("kick", {`
Reject sockets with no IP 2014-08-20 12:09:38 -05:00			`reason: "Your IP address could not be determined from the socket connection. See https://github.com/Automattic/socket.io/issues/1387#issuecomment-48425088 for details"`
			`});`
			`return;`
			`}`

Add IP cloaking; make tor bans channel specific 2014-08-14 21:42:13 -05:00			`if (net.isIPv6(ip)) {`
			`ip = util.expandIPv6(ip);`
			`}`
			`sock._realip = ip;`
			`sock._displayip = $util.cloakIP(ip);`

			`if (isTorExit(ip)) {`
			`sock._isUsingTor = true;`
			`}`

			`var srv = Server.getServer();`

Fix wrong argument being passed 2014-08-14 22:02:58 -05:00			`if (throttleIP(sock)) {`
Add IP cloaking; make tor bans channel specific 2014-08-14 21:42:13 -05:00			`return;`
			`}`

			`// Check for global ban on the IP`
			`if (db.isGlobalIPBanned(ip)) {`
			`Logger.syslog.log("Rejecting " + ip + " - global banned");`
			`sock.emit("kick", { reason: "Your IP is globally banned." });`
			`sock.disconnect(true);`
			`return;`
			`}`

			`if (ipLimitReached(sock)) {`
			`return;`
			`}`

			`Logger.syslog.log("Accepted socket from " + ip);`

			`addTypecheckedFunctions(sock);`
Merge refactoring into 3.0 2014-05-20 19:30:14 -07:00
More refactoring 2013-12-12 17:09:49 -06:00			`var user = new User(sock);`
Update to socket.io 1.0 2014-08-19 22:57:28 -05:00			`if (sock.user) {`
Merge refactoring into 3.0 2014-05-20 19:30:14 -07:00			`user.setFlag(Flags.U_REGISTERED);`
			`user.clearFlag(Flags.U_READY);`
Update to socket.io 1.0 2014-08-19 22:57:28 -05:00			`user.refreshAccount({ name: sock.user.name },`
Merge refactoring into 3.0 2014-05-20 19:30:14 -07:00			`function (err, account) {`
			`if (err) {`
			`user.clearFlag(Flags.U_REGISTERED);`
			`user.setFlag(Flags.U_READY);`
			`return;`
			`}`
Add IP cloaking; make tor bans channel specific 2014-08-14 21:42:13 -05:00
Merge refactoring into 3.0 2014-05-20 19:30:14 -07:00			`user.socket.emit("login", {`
			`success: true,`
			`name: user.getName(),`
			`guest: false`
			`});`
			`db.recordVisit(ip, user.getName());`
			`user.socket.emit("rank", user.account.effectiveRank);`
			`user.setFlag(Flags.U_LOGGED_IN);`
			`user.emit("login", account);`
			`Logger.syslog.log(ip + " logged in as " + user.getName());`
			`user.setFlag(Flags.U_READY);`
Work on user options 2013-12-25 16:18:21 -05:00			`});`
Work on chat filters, UI stuff 2014-01-18 20:18:00 -06:00			`} else {`
			`user.socket.emit("rank", -1);`
Merge refactoring into 3.0 2014-05-20 19:30:14 -07:00			`user.setFlag(Flags.U_READY);`
More refactoring 2013-12-12 17:09:49 -06:00			`}`
			`}`

			`module.exports = {`
			`init: function (srv) {`
Update to socket.io 1.0 2014-08-19 22:57:28 -05:00			`var bound = {};`
			`var io = sio.instance = sio();`

			`io.use(handleAuth);`
			`io.on("connection", handleConnection);`

Convert server definitions to be more flexible 2014-04-11 00:14:52 -05:00			`Config.get("listen").forEach(function (bind) {`
			`if (!bind.io) {`
			`return;`
			`}`
			`var id = bind.ip + ":" + bind.port;`
Update to socket.io 1.0 2014-08-19 22:57:28 -05:00			`if (id in bound) {`
Convert server definitions to be more flexible 2014-04-11 00:14:52 -05:00			`Logger.syslog.log("[WARN] Ignoring duplicate listen address " + id);`
			`return;`
			`}`
More refactoring 2013-12-12 17:09:49 -06:00
Convert server definitions to be more flexible 2014-04-11 00:14:52 -05:00			`if (id in srv.servers) {`
Update to socket.io 1.0 2014-08-19 22:57:28 -05:00			`io.attach(srv.servers[id]);`
Convert server definitions to be more flexible 2014-04-11 00:14:52 -05:00			`} else {`
Update to socket.io 1.0 2014-08-19 22:57:28 -05:00			`io.attach(require("http").createServer().listen(bind.port, bind.ip));`
Convert server definitions to be more flexible 2014-04-11 00:14:52 -05:00			`}`
Merge refactoring into 3.0 2014-05-20 19:30:14 -07:00
Update to socket.io 1.0 2014-08-19 22:57:28 -05:00			`bound[id] = null;`
Convert server definitions to be more flexible 2014-04-11 00:14:52 -05:00			`});`
More refactoring 2013-12-12 17:09:49 -06:00			`}`
			`};`
Fix a few memory leaks; add /gc console command 3 memory leaks were fixed - ipThrottle (due to the periodic cleaner clearing the wrong object...) - ipCount (shouldn't have leaked very much, but removing obsolete data is good practice) - lastguestlogin (again, shouldn't leak much, but should be cleared periodically anyways) A new console command (i.e. from the terminal running node) was added: /gc - If the process is invoked as node --expose-gc index.js, /gc allows you to manually invoke the garbage collector 2014-04-10 21:54:46 -05:00
			`/* Clean out old rate limiters */`
			`setInterval(function () {`
			`for (var ip in ipThrottle) {`
			`if (ipThrottle[ip].lastTime < Date.now() - 60 * 1000) {`
			`var obj = ipThrottle[ip];`
			`/* Not strictly necessary, but seems to help the GC out a bit */`
			`for (var key in obj) {`
			`delete obj[key];`
			`}`
			`delete ipThrottle[ip];`
			`}`
			`}`

			`if (Config.get("aggressive-gc") && global && global.gc) {`
			`global.gc();`
			`}`
			`}, 5 * 60 * 1000);`