@warren-bank/hls-proxy 3.6.5 → 3.6.6

package/README.md

@@ -159,6 +159,7 @@ options:
 -v <number>
 --acl-ip <ip_address_list>
 --acl-pass <password_list>
+--block-req-hostname <hostname_list>
 --http-proxy <http[s]://[user:pass@]hostname:port>
 --tls-cert <filepath>
 --tls-key <filepath>
@@ -394,6 +395,8 @@ options:
   * ex: `"192.168.1.100,192.168.1.101,192.168.1.102"`
 * _--acl-pass_ restricts proxy server access to requests that include a `password` querystring parameter having a value in whitelist
   * ex: `"1111,2222,3333,4444,5555"`
+* _--block-req-hostname_ blocks proxy server requests to hostnames in blacklist
+  * ex: `"localhost,127.0.0.1"`
 * --http-proxy enables all outbound HTTP and HTTPS requests from HLS-Proxy to be tunnelled through an additional external web proxy server
   * SOCKS proxies are not supported
   * ex: `http://myusername:mypassword@myproxy.example.com:1234`

package/hls-proxy/bin/hlsd.js

@@ -47,6 +47,7 @@ const middleware = require('../proxy')({
   debug_level:                          argv_vals["-v"],
   acl_ip:                               argv_vals["--acl-ip"],
   acl_pass:                             argv_vals["--acl-pass"],
+  block_req_hostname:                   argv_vals["--block-req-hostname"],
   http_proxy:                           argv_vals["--http-proxy"],
   manifest_extension:                   argv_vals["--manifest-extension"],
   segment_extension:                    argv_vals["--segment-extension"]

package/hls-proxy/bin/lib/help.js

@@ -30,6 +30,7 @@ options:
 -v <number>
 --acl-ip <ip_address_list>
 --acl-pass <password_list>
+--block-req-hostname <hostname_list>
 --http-proxy <http[s]://[user:pass@]hostname:port>
 --tls-cert <filepath>
 --tls-key <filepath>

package/hls-proxy/bin/lib/process_argv.js

@@ -38,6 +38,7 @@ const argv_flags = {
   "-v":                                     {num:  "int"},
   "--acl-ip":                               {},
   "--acl-pass":                             {},
+  "--block-req-hostname":                   {},
   "--http-proxy":                           {},
 
   "--tls-cert":                             {file: "path-exists"},
@@ -177,6 +178,10 @@ if (argv_vals["--acl-pass"]) {
   argv_vals["--acl-pass"] = argv_vals["--acl-pass"].trim().split(/\s*,\s*/g)
 }
 
+if (argv_vals["--block-req-hostname"]) {
+  argv_vals["--block-req-hostname"] = argv_vals["--block-req-hostname"].trim().toLowerCase().split(/\s*,\s*/g)
+}
+
 if (argv_vals["--http-proxy"]) {
   const proxy_options = {
     keepAlive:      true,

package/hls-proxy/proxy.js

@@ -6,17 +6,17 @@ const timers   = require('./timers')
 const utils    = require('./utils')
 
 const get_middleware = function(params) {
-  const {cache_segments} = params
-  let   {acl_ip}         = params
+  const {acl_ip, cache_segments} = params
 
   const segment_cache = require('./segment_cache')(params)
   const {get_segment, add_listener} = segment_cache
 
-  const is_acl_pass_allowed = acl_pass.is_allowed.bind(null, params)
-  const debug               = utils.debug.bind(null, params)
-  const parse_req_url       = utils.parse_req_url.bind(null, params)
-  const get_request_options = utils.get_request_options.bind(null, params)
-  const modify_m3u8_content = parser.modify_m3u8_content.bind(null, params, segment_cache)
+  const is_acl_pass_allowed   = acl_pass.is_allowed.bind(null, params)
+  const debug                 = utils.debug.bind(null, params)
+  const parse_req_url         = utils.parse_req_url.bind(null, params)
+  const get_request_options   = utils.get_request_options.bind(null, params)
+  const block_request_options = utils.block_request_options.bind(null, params)
+  const modify_m3u8_content   = parser.modify_m3u8_content.bind(null, params, segment_cache)
 
   const middleware = {}
 
@@ -57,6 +57,14 @@ const get_middleware = function(params) {
 
     const qs_password = acl_pass.get_decoded_qs_password(req)
     const is_m3u8     = (url_type === 'm3u8')
+    const options     = get_request_options(url, is_m3u8, referer_url, querystring_req_headers, req.headers)
+
+    if (block_request_options(options)) {
+      res.writeHead(401)
+      res.end()
+      debug(2, 'request blocked by hostname blacklist:', url)
+      return
+    }
 
     const send_cache_segment = function(segment, type) {
       if (!type)
@@ -79,7 +87,6 @@ const get_middleware = function(params) {
       }
     }
 
-    const options = get_request_options(url, is_m3u8, referer_url, querystring_req_headers, req.headers)
     debug(1, 'proxying:', url)
     debug(3, 'm3u8:', (is_m3u8 ? 'true' : 'false'))
 

package/hls-proxy/utils.js

@@ -197,6 +197,24 @@ const get_request_options = function(params, url, is_m3u8, referer_url, querystr
   return request_options
 }
 
+const block_request_options = function(params, request_options) {
+  const {block_req_hostname} = params
+
+  // short circuit
+  if (!block_req_hostname || !Array.isArray(block_req_hostname) || !block_req_hostname.length || !request_options)
+    return false
+
+  // special case: url
+  if (typeof request_options === 'string')
+    request_options = parse_url(request_options)
+
+  // sanity check
+  if (!request_options.hostname || (typeof request_options.hostname !== 'string'))
+    return false
+
+  return (block_req_hostname.indexOf(request_options.hostname.toLowerCase()) >= 0)
+}
+
 const should_prefetch_url = function(params, url, url_type) {
   const {hooks, cache_segments} = params
 
@@ -226,5 +244,6 @@ module.exports = {
   debug,
   normalize_req_headers,
   get_request_options,
+  block_request_options,
   should_prefetch_url
 }

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@warren-bank/hls-proxy",
   "description": "Node.js server to proxy HLS video streams",
-  "version":     "3.6.5",
+  "version":     "3.6.6",
   "scripts": {
     "start":     "node hls-proxy/bin/hlsd.js",
     "sudo": "sudo node hls-proxy/bin/hlsd.js"