Albirew/nyaa-pantsu
Archivé
1
0
Bifurcation 0

Better / fixed validation of uploaded torrent files

Cette révision appartient à :
sfan5 2017-05-07 12:20:08 +02:00
Parent 7b2968e430
révision f9b29af311
4 fichiers modifiés avec 61 ajouts et 6 suppressions

Voir le fichier

@ -1,5 +1,6 @@
package config
// remember to update the FAQ when updating these
var Trackers = []string{
"udp://tracker.coppersurfer.tk:6969",
"udp://zer0day.to:1337/announce",

Voir le fichier

@ -7,6 +7,7 @@ import (
"net/url"
"strconv"
"strings"
"regexp"
"github.com/ewhal/nyaa/service/captcha"
"github.com/ewhal/nyaa/util"
@ -47,6 +48,10 @@ const UploadFormDescription = "desc"
// error indicating a torrent is private
var ErrPrivateTorrent = errors.New("torrent is private")
// error indicating a problem with its trackers
// FIXME: hardcoded link
var ErrTrackerProblem = errors.New("torrent does not have any (working) trackers: https://nyaa.pantsu.cat/faq#trackers")
// error indicating a torrent's name is invalid
var ErrInvalidTorrentName = errors.New("torrent name is invalid")
@ -78,10 +83,9 @@ func (f *UploadForm) ExtractInfo(r *http.Request) error {
return ErrInvalidTorrentName
}
if len(f.Description) == 0 {
return ErrInvalidTorrentDescription
}
//if len(f.Description) == 0 {
// return ErrInvalidTorrentDescription
//}
catsSplit := strings.Split(f.Category, "_")
// need this to prevent out of index panics
@ -120,6 +124,12 @@ func (f *UploadForm) ExtractInfo(r *http.Request) error {
return ErrPrivateTorrent
}
// check trackers
trackers := torrent.GetAllAnnounceURLS()
if !CheckTrackers(trackers) {
return ErrTrackerProblem
}
// generate magnet
binInfohash := torrent.Infohash()
f.Infohash = hex.EncodeToString(binInfohash[:])
@ -135,12 +145,44 @@ func (f *UploadForm) ExtractInfo(r *http.Request) error {
return metainfo.ErrInvalidTorrentFile
} else {
f.Infohash = strings.ToUpper(strings.TrimPrefix(exactTopic, "urn:btih:"))
matched, err := regexp.MatchString("^[0-9A-F]{40}$", f.Infohash)
if err != nil || !matched {
return metainfo.ErrInvalidTorrentFile
}
}
}
return nil
}
var dead_trackers = []string{ // substring matches!
"://open.nyaatorrents.info:6544",
"://tracker.openbittorrent.com:80",
"://tracker.publicbt.com:80",
"://stats.anisource.net:2710",
"://exodus.desync.com",
"://open.demonii.com:1337",
"://tracker.istole.it:80",
"://tracker.ccc.de:80",
"://bt2.careland.com.cn:6969",
"://announce.torrentsmd.com:8080"}
func CheckTrackers(trackers []string) bool {
var numGood int
for _, t := range trackers {
var good bool = true
for _, check := range dead_trackers {
if strings.Contains(t, check) {
good = false
}
}
if good {
numGood += 1
}
}
return numGood > 0
}
// NewUploadForm creates a new upload form given parameters as list
func NewUploadForm(params ...string) (uploadForm UploadForm) {
if len(params) > 1 {

Voir le fichier

@ -43,6 +43,18 @@
<p>The magnet link should look like this: <span style="font-family:monospace">
magnet:?xt=urn:btih:[hash]&amp;dn=[name]&amp;tr=[tracker]&amp;tr=[...]</span></p>
<h2 id="trackers">Which trackers do you recommend using?</h2>
<p>If your torrent upload is denied because of trackers you'll need to add some of these:</p>
<pre>udp://tracker.coppersurfer.tk:6969
udp://zer0day.to:1337/announce
udp://tracker.leechers-paradise.org:6969
udp://explodie.org:6969
udp://tracker.opentrackr.org:1337
udp://tracker.internetwarriors.net:1337/announce
udp://eddie4.nl:6969/announce
http://mgtracker.org:6969/announce
http://tracker.baka-sub.cf/announce</pre>
<h2>How can I help?</h2>
<p>If you have website development expertise, you can join the #nyaapantsu IRC channel on irc.rizon.net.
If you have any current databases, especially for sukebei, <b>UPLOAD THEM</b>.</p>
@ -54,7 +66,7 @@
<p>It's the author's favorite programming language.</p>
<br />
<img src="https://my.mixtape.moe/omrskw.png">
<img src="https://my.mixtape.moe/omrskw.png" alt="funny meme">
<br />
<h2>nyaa.pantsu.cat and sukebei.pantsu.cat do not host any files.</h2>

Voir le fichier

@ -110,7 +110,7 @@ func (tf *TorrentFile) TorrentName() string {
// return true if this torrent is private otherwise return false
func (tf *TorrentFile) IsPrivate() bool {
return tf.Info.Private == nil || *tf.Info.Private == 0
return tf.Info.Private != nil && *tf.Info.Private == 1
}
// calculate infohash