feat: full working max_retry logic
All checks were successful
build / build (push) Successful in 2m45s
All checks were successful
build / build (push) Successful in 2m45s
This commit is contained in:
d3m0k1d
@@ -12,13 +12,11 @@ config = "/etc/nftables.conf"
|
||||
name = "nginx"
|
||||
logging = "file"
|
||||
log_path = "/var/log/nginx/access.log"
|
||||
max_retry = 3
|
||||
enabled = true
|
||||
|
||||
[[service]]
|
||||
name = "nginx"
|
||||
logging = "journald"
|
||||
log_path = "/var/log/nginx/access.log"
|
||||
max_retry = 3
|
||||
enabled = false
|
||||
`
|
||||
|
||||
@@ -14,6 +14,7 @@ import (
|
||||
type Judge struct {
|
||||
db_r *storage.BanReader
|
||||
db_w *storage.BanWriter
|
||||
db_rq *storage.RequestReader
|
||||
logger *logger.Logger
|
||||
Blocker blocker.BlockerEngine
|
||||
rulesByService map[string][]config.Rule
|
||||
@@ -24,6 +25,7 @@ type Judge struct {
|
||||
func New(
|
||||
db_r *storage.BanReader,
|
||||
db_w *storage.BanWriter,
|
||||
db_rq *storage.RequestReader,
|
||||
b blocker.BlockerEngine,
|
||||
resultCh chan *storage.LogEntry,
|
||||
entryCh chan *storage.LogEntry,
|
||||
@@ -31,6 +33,7 @@ func New(
|
||||
return &Judge{
|
||||
db_w: db_w,
|
||||
db_r: db_r,
|
||||
db_rq: db_rq,
|
||||
logger: logger.New(false),
|
||||
rulesByService: make(map[string][]config.Rule),
|
||||
Blocker: b,
|
||||
@@ -75,11 +78,10 @@ func (j *Judge) Tribunal() {
|
||||
methodMatch := rule.Method == "" || entry.Method == rule.Method
|
||||
statusMatch := rule.Status == "" || entry.Status == rule.Status
|
||||
pathMatch := matchPath(entry.Path, rule.Path)
|
||||
|
||||
if methodMatch && statusMatch && pathMatch {
|
||||
ruleMatched = true
|
||||
j.logger.Info("Rule matched", "rule", rule.Name, "ip", entry.IP)
|
||||
|
||||
j.resultCh <- entry
|
||||
banned, err := j.db_r.IsBanned(entry.IP)
|
||||
if err != nil {
|
||||
j.logger.Error("Failed to check ban status", "ip", entry.IP, "error", err)
|
||||
@@ -87,10 +89,17 @@ func (j *Judge) Tribunal() {
|
||||
}
|
||||
if banned {
|
||||
j.logger.Info("IP already banned", "ip", entry.IP)
|
||||
j.resultCh <- entry
|
||||
break
|
||||
}
|
||||
|
||||
exceeded, err := j.db_rq.IsMaxRetryExceeded(entry.IP, rule.MaxRetry)
|
||||
if err != nil {
|
||||
j.logger.Error("Failed to check retry count", "ip", entry.IP, "error", err)
|
||||
break
|
||||
}
|
||||
if !exceeded {
|
||||
j.logger.Info("Max retry not exceeded", "ip", entry.IP)
|
||||
break
|
||||
}
|
||||
err = j.db_w.AddBan(entry.IP, rule.BanTime, rule.Name)
|
||||
if err != nil {
|
||||
j.logger.Error(
|
||||
@@ -118,7 +127,6 @@ func (j *Judge) Tribunal() {
|
||||
"ban_time",
|
||||
rule.BanTime,
|
||||
)
|
||||
j.resultCh <- entry
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
@@ -51,12 +51,13 @@ func NewRequestsRd() (*RequestReader, error) {
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (r *RequestReader) IsMaxRetryExceeded(ip string, max_retry int) (bool, error) {
|
||||
func (r *RequestReader) IsMaxRetryExceeded(ip string, maxRetry int) (bool, error) {
|
||||
var count int
|
||||
err := r.db.QueryRow("SELECT COUNT(*) FROM requests WHERE ip = ?", ip).Scan(&count)
|
||||
if err != nil {
|
||||
r.logger.Error("error query count: " + err.Error())
|
||||
return false, err
|
||||
}
|
||||
return count >= max_retry, nil
|
||||
r.logger.Info("Current request count for IP", "ip", ip, "count", count, "maxRetry", maxRetry)
|
||||
return count >= maxRetry, nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user