jschan/helpers/checks/dnsbl.js

'use strict';

const cache = require(__dirname+'/../../redis.js')
	, { check: blockBypassCheck } = require(__dirname+'/blockbypass.js')
	, dynamicResponse = require(__dirname+'/../dynamic.js')
	, deleteTempFiles = require(__dirname+'/../files/deletetempfiles.js')
	, config = require(__dirname+'/../../config.js')
	, { batch } = require('dnsbl');

module.exports = async (req, res, next) => {

	const { ipHeader, dnsbl, blockBypass } = config.get;

	if (dnsbl.enabled && dnsbl.blacklists.length > 0 //if dnsbl enabled and has more than 0 blacklists
		&& !res.locals.anonymizer) { //anonymizers cant be dnsbl'd
		const ip = req.headers[ipHeader] || req.connection.remoteAddress;
		let isBlacklisted = await cache.get(`blacklisted:${ip}`);
		if (isBlacklisted === null) { //not cached
			const dnsblResp = await batch(ip, dnsbl.blacklists);
			isBlacklisted = dnsblResp.some(r => r.listed === true);
			await cache.set(`blacklisted:${ip}`, isBlacklisted, Math.floor(dnsbl.cacheTime/1000));
		}
		if (isBlacklisted) {
			if (blockBypass.bypassDnsbl) {
				if (!res.locals.blockBypass) {
					return blockBypassCheck(req, res, next);
				}
				return next(); //already solved
			}
			//otherwise dnsbl cant be bypassed
			deleteTempFiles(req).catch(e => console.error);
			return dynamicResponse(req, res, 403, 'message', {
				'title': 'Forbidden',
				'message': `Your request was blocked because your IP address is listed on a blacklist.`,
				'redirect': req.headers.referer || '/',
			});
		}
	}
	return next();

}