printban WIP
parent
7128b6d5f6
commit
10677ec72e
|
@ -204,9 +204,9 @@ geoip {
|
|||
}
|
||||
security {
|
||||
collection.security = security
|
||||
collection.print_ban = print_ban
|
||||
flood.duration = 60 seconds
|
||||
firewall {
|
||||
enabled=true
|
||||
cookie {
|
||||
enabled = false
|
||||
name=fEKHA4zI74ZrZrom
|
||||
|
|
|
@ -28,7 +28,7 @@ final class Env(
|
|||
private val MailgunSender = config getString "mailgun.sender"
|
||||
private val MailgunReplyTo = config getString "mailgun.reply_to"
|
||||
private val CollectionSecurity = config getString "collection.security"
|
||||
private val FirewallEnabled = config getBoolean "firewall.enabled"
|
||||
private val CollectionPrintBan = config getString "collection.print_ban"
|
||||
private val FirewallCookieName = config getString "firewall.cookie.name"
|
||||
private val FirewallCookieEnabled = config getBoolean "firewall.cookie.enabled"
|
||||
private val FirewallCollectionFirewall = config getString "firewall.collection.firewall"
|
||||
|
@ -60,7 +60,6 @@ final class Env(
|
|||
lazy val firewall = new Firewall(
|
||||
coll = firewallColl,
|
||||
cookieName = FirewallCookieName.some filter (_ => FirewallCookieEnabled),
|
||||
enabled = FirewallEnabled,
|
||||
system = system
|
||||
)
|
||||
|
||||
|
@ -181,6 +180,8 @@ final class Env(
|
|||
|
||||
lazy val api = new SecurityApi(storeColl, firewall, geoIP, authenticator, emailAddressValidator, tryOAuthServer)(system)
|
||||
|
||||
lazy val printBanApi = new PrintBanApi(printBanColl)
|
||||
|
||||
lazy val csrfRequestHandler = new CSRFRequestHandler(NetDomain)
|
||||
|
||||
def cli = new Cli
|
||||
|
@ -191,6 +192,7 @@ final class Env(
|
|||
}
|
||||
|
||||
private[security] lazy val storeColl = db(CollectionSecurity)
|
||||
private[security] lazy val printBanColl = db(CollectionPrintBan)
|
||||
private[security] lazy val firewallColl = db(FirewallCollectionFirewall)
|
||||
}
|
||||
|
||||
|
|
|
@ -10,9 +10,9 @@ import lila.db.BSON.BSONJodaDateTimeHandler
|
|||
import lila.db.dsl._
|
||||
|
||||
final class Firewall(
|
||||
coll: Coll,
|
||||
ipColl: Coll,
|
||||
fpColl: Coll,
|
||||
cookieName: Option[String],
|
||||
enabled: Boolean,
|
||||
system: akka.actor.ActorSystem
|
||||
) {
|
||||
|
||||
|
@ -20,7 +20,7 @@ final class Firewall(
|
|||
|
||||
system.scheduler.scheduleOnce(10 minutes)(loadFromDb)
|
||||
|
||||
def blocksIp(ip: IpAddress): Boolean = current contains ip.value
|
||||
def blocksIp(ip: IpAddress): Boolean = ipSet contains ip.value
|
||||
|
||||
def blocks(req: RequestHeader): Boolean = enabled && {
|
||||
val v = blocksIp {
|
||||
|
@ -47,7 +47,7 @@ final class Firewall(
|
|||
|
||||
private def loadFromDb: Funit =
|
||||
coll.distinct[String, Set]("_id", none).map { ips =>
|
||||
current = ips
|
||||
ipSet = ips
|
||||
lila.mon.security.firewall.ip(ips.size)
|
||||
}
|
||||
|
||||
|
|
|
@ -0,0 +1,48 @@
|
|||
package lila.security
|
||||
|
||||
import reactivemongo.bson._
|
||||
|
||||
import lila.db.dsl._
|
||||
|
||||
private final class PrintBanApi(coll: Coll) {
|
||||
|
||||
private var current: Set[String] = Set.empty
|
||||
|
||||
def blocks(hash: FingerHash): Boolean = current contains hash.value
|
||||
|
||||
def blocks(req: RequestHeader): Boolean = enabled && {
|
||||
val v = blocksIp {
|
||||
lila.common.HTTPRequest lastRemoteAddress req
|
||||
} || cookieName.?? { blocksCookies(req.cookies, _) }
|
||||
if (v) lila.mon.security.firewall.block()
|
||||
v
|
||||
}
|
||||
|
||||
def accepts(req: RequestHeader): Boolean = !blocks(req)
|
||||
|
||||
def blockIps(ips: List[IpAddress]): Funit = ips.map { ip =>
|
||||
validIp(ip) ?? {
|
||||
coll.update(
|
||||
$id(ip),
|
||||
$doc("_id" -> ip, "date" -> DateTime.now),
|
||||
upsert = true
|
||||
).void
|
||||
}
|
||||
}.sequenceFu >> loadFromDb
|
||||
|
||||
def unblockIps(ips: Iterable[IpAddress]): Funit =
|
||||
coll.remove($inIds(ips.filter(validIp))).void >>- loadFromDb
|
||||
|
||||
private def loadFromDb: Funit =
|
||||
coll.distinct[String, Set]("_id", none).map { ips =>
|
||||
current = ips
|
||||
lila.mon.security.firewall.ip(ips.size)
|
||||
}
|
||||
|
||||
private def blocksCookies(cookies: Cookies, name: String) =
|
||||
(cookies get name).isDefined
|
||||
|
||||
private def validIp(ip: IpAddress) =
|
||||
(IpAddress.isv4(ip) && ip.value != "127.0.0.1" && ip.value != "0.0.0.0") ||
|
||||
(IpAddress.isv6(ip) && ip.value != "0:0:0:0:0:0:0:1" && ip.value != "0:0:0:0:0:0:0:0")
|
||||
}
|
Loading…
Reference in New Issue