d3m0k1d/BanForge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 14 Wiki Activity

feat: full working max_retry logic
All checks were successful
build / build (push) Successful in 2m45s
Details

Browse Source
This commit is contained in:
d3m0k1d
2026-02-22 16:06:51 +03:00
parent 8c0cfcdbe7
commit a602207369
5 changed files with 24 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
cmd/banforge/command/daemon.go
View File

@@ -30,6 +30,11 @@ var DaemonCmd = &cobra.Command{
log.Error("Failed to create request writer", "error", err)
os.Exit(1)
}
reqDb_r, err := storage.NewRequestsRd()
if err != nil {
log.Error("Failed to create request reader", "error", err)
os.Exit(1)
}
banDb_r, err := storage.NewBanReader()
if err != nil {
log.Error("Failed to create ban reader", "error", err)
@@ -63,7 +68,7 @@ var DaemonCmd = &cobra.Command{
log.Error("Failed to load rules", "error", err)
os.Exit(1)
}
j := judge.New(banDb_r, banDb_w, b, resultCh, entryCh)
j := judge.New(banDb_r, banDb_w, reqDb_r, b, resultCh, entryCh)
j.LoadRules(r)
go j.UnbanChecker()
go j.Tribunal()

3
cmd/banforge/command/rule.go
View File

@@ -61,11 +61,12 @@ var ListCmd = &cobra.Command{
}
for _, rule := range r {
fmt.Printf(
"Name: %s\nService: %s\nPath: %s\nStatus: %s\nMethod: %s\n\n",
"Name: %s\nService: %s\nPath: %s\nStatus: %s\n MaxRetry: %d\nMethod: %s\n\n",
rule.Name,
rule.ServiceName,
rule.Path,
rule.Status,
rule.MaxRetry,
rule.Method,
)
}

2
internal/config/template.go
View File

@@ -12,13 +12,11 @@ config = "/etc/nftables.conf"
name = "nginx"
logging = "file"
log_path = "/var/log/nginx/access.log"
max_retry = 3
enabled = true
[[service]]
name = "nginx"
logging = "journald"
log_path = "/var/log/nginx/access.log"
max_retry = 3
enabled = false
`

18
internal/judge/judge.go
View File

@@ -14,6 +14,7 @@ import (
type Judge struct {
db_r *storage.BanReader
db_w *storage.BanWriter
db_rq *storage.RequestReader
logger *logger.Logger
Blocker blocker.BlockerEngine
rulesByService map[string][]config.Rule
@@ -24,6 +25,7 @@ type Judge struct {
func New(
db_r *storage.BanReader,
db_w *storage.BanWriter,
db_rq *storage.RequestReader,
b blocker.BlockerEngine,
resultCh chan *storage.LogEntry,
entryCh chan *storage.LogEntry,
@@ -31,6 +33,7 @@ func New(
return &Judge{
db_w: db_w,
db_r: db_r,
db_rq: db_rq,
logger: logger.New(false),
rulesByService: make(map[string][]config.Rule),
Blocker: b,
@@ -75,11 +78,10 @@ func (j *Judge) Tribunal() {
methodMatch := rule.Method == "" || entry.Method == rule.Method
statusMatch := rule.Status == "" || entry.Status == rule.Status
pathMatch := matchPath(entry.Path, rule.Path)
if methodMatch && statusMatch && pathMatch {
ruleMatched = true
j.logger.Info("Rule matched", "rule", rule.Name, "ip", entry.IP)
j.resultCh <- entry
banned, err := j.db_r.IsBanned(entry.IP)
if err != nil {
j.logger.Error("Failed to check ban status", "ip", entry.IP, "error", err)
@@ -87,10 +89,17 @@ func (j *Judge) Tribunal() {
}
if banned {
j.logger.Info("IP already banned", "ip", entry.IP)
j.resultCh <- entry
break
}
exceeded, err := j.db_rq.IsMaxRetryExceeded(entry.IP, rule.MaxRetry)
if err != nil {
j.logger.Error("Failed to check retry count", "ip", entry.IP, "error", err)
break
}
if !exceeded {
j.logger.Info("Max retry not exceeded", "ip", entry.IP)
break
}
err = j.db_w.AddBan(entry.IP, rule.BanTime, rule.Name)
if err != nil {
j.logger.Error(
@@ -118,7 +127,6 @@ func (j *Judge) Tribunal() {
"ban_time",
rule.BanTime,
)
j.resultCh <- entry
break
}
}

5
internal/storage/requests_db.go
View File

@@ -51,12 +51,13 @@ func NewRequestsRd() (*RequestReader, error) {
}, nil
}
func (r *RequestReader) IsMaxRetryExceeded(ip string, max_retry int) (bool, error) {
func (r *RequestReader) IsMaxRetryExceeded(ip string, maxRetry int) (bool, error) {
var count int
err := r.db.QueryRow("SELECT COUNT(*) FROM requests WHERE ip = ?", ip).Scan(&count)
if err != nil {
r.logger.Error("error query count: " + err.Error())
return false, err
}
return count >= max_retry, nil
r.logger.Info("Current request count for IP", "ip", ip, "count", count, "maxRetry", maxRetry)
return count >= maxRetry, nil
}