Authenticate seeders in browser

[gustavomrfz]

I would like to authenticate some users in a way they could seed whatever they want and some unauthenticated users who only can seed a file if any authenticated user did it before. For that, I will use a database that stores first-time-seeded magnets-uri and so unauthenticated users could upload any magnet that was previously shared al least once. I need to make some authentication system in tracker or in nodejs server to avoid that any person could upload copyrighted stuff. The app is using a browserified webtorrent-hybrid and bittorrent-tracker.

Any ideas?

[elad]

I think this is for you to figure out yourself and outside the scope of this project, but take a look at the "server" example in feross/bittorrent-tracker, specifically, the filter option. Quoting:

var Server = require('bittorrent-tracker').Server

var server = new Server({
  udp: true, // enable udp server? [default=true]
  http: true, // enable http server? [default=true]
  ws: true, // enable websocket server? [default=true]
  filter: function (infoHash, params, cb) {
    // Blacklist/whitelist function for allowing/disallowing torrents. If this option is
    // omitted, all torrents are allowed. It is possible to interface with a database or
    // external system before deciding to allow/deny, because this function is async.

    // It is possible to block by peer id (whitelisting torrent clients) or by secret
    // key (private trackers). Full access to the original HTTP/UDP request parameters
    // are available n `params`.

    // This example only allows one torrent.

    var allowed = (infoHash === 'aaa67059ed6bd08362da625b3ae77f6f4a075aaa')
    cb(allowed)

    // In addition to returning a boolean (`true` for allowed, `false` for disallowed),
    // you can return an `Error` object to disallow and provide a custom reason.
  })
})

[gustavomrfz]

Thank you, elad, for your answer.

Actually, I need that all users can seed files, but only some could start a swarm.

I apologize if opening this issue is an inconvenience.

[feross]

@gustavomrfz Take a look at @elad's example. He's correct. You'll want to look at the filter option to the bittorrent-tracker server. Then, you'll want to configure your client to only use the tracker that you control by passing the announce option to webtorrent.add():

var client = new WebTorrent()

client.add(torrentId, { announce: 'your_tracker' }, cb)

[feross]

You should take a look at what parameters are available in params and see if that's enough to identify your "authenticated" users -- maybe by their cookies or something. We might need to add a way to send additional parameters to the tracker server.

Also, you mentioned: "The app is using a browserified webtorrent-hybrid". You don't need to use webtorrent-hybrid for this since the browser comes with WebRTC. Just use webtorrent and you can save install time, since you won't need to install the node.js webrtc implementation (wrtc).

[gustavomrfz]

I were looking params more carefully and I belive peerid parameter will be enough, with the help of a pair of queries to a database. To be honest, I am using bittorrent-tracker with cmd.js launcher with any modifications so far, but it's time to make my own script.

I took note of your advice about using webtorrent. I realize there is no real reason to use webtorrent-hybrid in this case.

Thank you, @feross, @elad

[feross]

Awesome, glad we could help!