Update rate limit ban to be a bit cleaner and use a RequestFrame

sapphonie · Dec 11, 2023 · 51b3eb3 · 51b3eb3
1 parent 064d690
commit 51b3eb3
Show file tree

Hide file tree

Showing 2 changed files with 59 additions and 19 deletions.
diff --git a/scripting/stac.sp b/scripting/stac.sp
@@ -55,7 +55,7 @@
 #pragma semicolon 1
 #pragma newdecls required
 
-#define PLUGIN_VERSION  "6.1.3-beta"
+#define PLUGIN_VERSION  "6.1.3-beta7"
 
 #define UPDATE_URL      "https://raw.githubusercontent.com/sapphonie/StAC-tf2/master/updatefile.txt"
 

diff --git a/scripting/stac/stac_client.sp b/scripting/stac/stac_client.sp
@@ -59,24 +59,15 @@ public bool OnClientPreConnectEx(const char[] name, char password[255], const ch
     {
         rejectReason = "Rate limited.";
 
-        // BanIdentity(steamID, 60, BANFLAG_AUTHID, "");
-        // BanIdentity(ip, 60, BANFLAG_IP, "");
-
-        // THE REASON we are doing this, is so that we hook into srcds's built in
-        // "firewall", basically, where with the default game banning system,
-        // srcds will ignore packets from banned ips.
-        // this prevents any clients from spamming, in a way that would otherwise not really be possible,
-        // without stupid memory hacks that would be overcomplicated anyway since this already exists
-        if ( CommandExists("sm_banip") && CommandExists("sm_addban") )
-        {
-            ServerCommand("sm_addban 60 %s %s", steamID,    "Rate limited");
-            ServerCommand("sm_banip %s 60 %s",  ip,         "Rate limited");
-        }
-        else
-        {
-            ServerCommand("addip 60 %s", ip);
-            ServerCommand("banid 60 %s", steamID);
-        }
+        DataPack steamidPlusIP = new DataPack();
+        steamidPlusIP.Reset(true);
+        steamidPlusIP.WriteString(steamID);
+        steamidPlusIP.WriteString(ip);
+        steamidPlusIP.WriteString(name);
+        steamidPlusIP.Reset(false);
+
+        // This is not arbitrary!
+        RequestFrame(DelayedRateLimitBan, steamidPlusIP);
 
         return false;
     }
@@ -90,10 +81,59 @@ public bool OnClientPreConnectEx(const char[] name, char password[255], const ch
     return true;
 }
 
+void DelayedRateLimitBan(DataPack dp)
+{
+    dp.Reset(false);
+    char steamID[MAX_AUTHID_LENGTH];
+    char ipAddr[256];
+    char playerName[MAX_NAME_LENGTH];
+    dp.ReadString(steamID, sizeof(steamID));
+    dp.ReadString(ipAddr, sizeof(ipAddr));
+    dp.ReadString(playerName, sizeof(playerName));
+    dp.Reset(true);
+    delete dp;
+
+    static int rateLimitBanTime = 60;
+
+    // BanIdentity(steamID, 60, BANFLAG_AUTHID, "");
+    // BanIdentity(ip, 60, BANFLAG_IP, "");
+
+    // THE REASON we are doing this so weirdly, is so that we hook into srcds's built in
+    // "firewall", basically, where with the default game banning system,
+    // srcds will ignore packets from banned ips.
+    // this prevents any clients from spamming, in a way that would otherwise not really be possible,
+    // without stupid memory hacks that would be overcomplicated anyway since this already exists
+
+    // We're doing sm_addban / sm_banip because SourceBans, at least, will propagate this to other servers as well
+    // which is what we want, so people don't have to get individually banned on each server on the same network that they try to spam on
+
+    // Probably before un-betaing this, i'm going to try to move this to sm_ban and then addip after?
+    // I don't really know. it's a tricky race condition here, since we're after OnClientPreConnectEx callback, so they should be rejected,
+    // but they can rejoin, but regardless we don't actually have a client index yet?
+    if ( CommandExists("sm_banip") && CommandExists("sm_addban") )
+    {
+        ServerCommand("sm_addban %i %s %s",  rateLimitBanTime,   steamID,            "Rate limited");
+        ServerCommand("sm_banip  %s %i %s",  ipAddr,             rateLimitBanTime,   "Rate limited");
+    }
+    else
+    {
+        ServerCommand("addip %i %s",        rateLimitBanTime, ipAddr);
+        ServerCommand("banid %i %s kick",   rateLimitBanTime, steamID);
+    }
+
+    char formattedMsg[1024];
+    Format(formattedMsg, sizeof(formattedMsg), "Rate limited %s / %s / %s for %i minutes for connect spam", playerName, steamID, ipAddr, rateLimitBanTime);
+
+    StacLog(formattedMsg);
+
+    StacNotify(0, formattedMsg, 1);
+}
+
 Action LeakIPConnectBucket(Handle timer)
 {
     if (!stac_prevent_connect_spam.BoolValue)
     {
+        IPBuckets.Clear();
         return Plugin_Continue;
     }