From cf36944d280fffb07ae067d7add1fcfaf833d6da Mon Sep 17 00:00:00 2001 From: xiaomlove Date: Mon, 5 Jun 2023 02:51:07 +0800 Subject: [PATCH] fix reAnnounce check --- include/constants.php | 2 +- include/functions_announce.php | 6 ++++++ public/announce.php | 20 +++++++++++--------- 3 files changed, 18 insertions(+), 10 deletions(-) diff --git a/include/constants.php b/include/constants.php index 00b7b4b0..fba577e1 100644 --- a/include/constants.php +++ b/include/constants.php @@ -1,6 +1,6 @@ $msg]); exit(); } + +function warn($msg) +{ + benc_resp(['warning message' => $msg]); + exit(); +} function check_cheater($userid, $torrentid, $uploaded, $downloaded, $anctime, $seeders=0, $leechers=0){ global $cheaterdet_security,$nodetect_security, $CURUSER; diff --git a/public/announce.php b/public/announce.php index 0c990972..62af9a45 100644 --- a/public/announce.php +++ b/public/announce.php @@ -5,7 +5,6 @@ require ROOT_PATH . 'include/core.php'; //1. BLOCK ACCESS WITH WEB BROWSERS AND CHEATS! $agent = $_SERVER["HTTP_USER_AGENT"] ?? ''; block_browser(); - //2. GET ANNOUNCE VARIABLES // get string type passkey, info_hash, peer_id, event, ip from client foreach (array("passkey","info_hash","peer_id","event") as $x) @@ -30,6 +29,7 @@ $torrentNotExistsKey = "torrent_not_exists"; $authKeyInvalidKey = "authkey_invalid"; $passkeyInvalidKey = "passkey_invalid"; $isReAnnounce = false; +$userAuthenticateKey = ""; if (!empty($_GET['authkey'])) { $authkey = $_GET['authkey']; $parts = explode("|", $authkey); @@ -37,7 +37,7 @@ if (!empty($_GET['authkey'])) { err("authkey format error"); } $authKeyTid = $parts[0]; - $authKeyUid = $parts[1]; + $authKeyUid = $userAuthenticateKey = $parts[1]; $subAuthkey = sprintf("%s|%s", $authKeyTid, $authKeyUid); //check ReAnnounce $lockParams = ['torrent_user' => $subAuthkey]; @@ -49,10 +49,11 @@ if (!empty($_GET['authkey'])) { if (!$redis->set($lockKey, TIMENOW, ['nx', 'ex' => 20])) { $isReAnnounce = true; } - if (!$isReAnnounce && !$redis->set($subAuthkey, TIMENOW, ['nx', 'ex' => 60])) { + $reAnnounceCheckByAuthKey = "reAnnounceCheckByAuthKey:$subAuthkey"; + if (!$isReAnnounce && !$redis->set($reAnnounceCheckByAuthKey, TIMENOW, ['nx', 'ex' => 60])) { $msg = "Request too frequent(a)"; - do_log("[ANNOUNCE] $msg"); - err($msg); + do_log(sprintf("[ANNOUNCE] %s key: %s already exists, value: %s", $msg, $reAnnounceCheckByAuthKey, TIMENOW)); + warn($msg); } if ($redis->get("$authKeyInvalidKey:$authkey")) { $msg = "Invalid authkey"; @@ -60,7 +61,7 @@ if (!empty($_GET['authkey'])) { err($msg); } } elseif (!empty($_GET['passkey'])) { - $passkey = $_GET['passkey']; + $passkey = $userAuthenticateKey = $_GET['passkey']; if ($redis->get("$passkeyInvalidKey:$passkey")) { $msg = "Passkey invalid"; do_log("[ANNOUNCE] $msg"); @@ -84,10 +85,11 @@ if ($redis->get("$torrentNotExistsKey:$info_hash")) { do_log("[ANNOUNCE] $msg"); err($msg); } -if (!$isReAnnounce && !$redis->set(sprintf('%s:%s', $userid, $info_hash), TIMENOW, ['nx', 'ex' => 60])) { +$torrentReAnnounceKey = sprintf('reAnnounceCheckByPasskey:%s:%s', $userAuthenticateKey, $info_hash); +if (!$isReAnnounce && !$redis->set($torrentReAnnounceKey, TIMENOW, ['nx', 'ex' => 60])) { $msg = "Request too frequent(h)"; - do_log("[ANNOUNCE] $msg"); - err($msg); + do_log(sprintf("[ANNOUNCE] %s key: %s already exists, value: %s", $msg, $torrentReAnnounceKey, TIMENOW)); + warn($msg); }