Compare commits
11 Commits
2e9b307194
...
v0.5.1
| Author | SHA1 | Date | |
|---|---|---|---|
|
97eb626237 | ||
|
|
b7a1ac06d4 | ||
|
|
49f0acb777 | ||
|
|
a602207369 | ||
|
|
8c0cfcdbe7 | ||
|
|
35a1a89baf | ||
|
|
f3387b169a | ||
|
|
5782072f91 | ||
|
|
7918b3efe6 | ||
|
|
f628e24f58 | ||
|
|
7f54db0cd4 |
@@ -30,6 +30,11 @@ var DaemonCmd = &cobra.Command{
|
||||
log.Error("Failed to create request writer", "error", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
reqDb_r, err := storage.NewRequestsRd()
|
||||
if err != nil {
|
||||
log.Error("Failed to create request reader", "error", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
banDb_r, err := storage.NewBanReader()
|
||||
if err != nil {
|
||||
log.Error("Failed to create ban reader", "error", err)
|
||||
@@ -63,7 +68,7 @@ var DaemonCmd = &cobra.Command{
|
||||
log.Error("Failed to load rules", "error", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
j := judge.New(banDb_r, banDb_w, b, resultCh, entryCh)
|
||||
j := judge.New(banDb_r, banDb_w, reqDb_r, b, resultCh, entryCh)
|
||||
j.LoadRules(r)
|
||||
go j.UnbanChecker()
|
||||
go j.Tribunal()
|
||||
|
||||
@@ -61,11 +61,12 @@ var ListCmd = &cobra.Command{
|
||||
}
|
||||
for _, rule := range r {
|
||||
fmt.Printf(
|
||||
"Name: %s\nService: %s\nPath: %s\nStatus: %s\nMethod: %s\n\n",
|
||||
"Name: %s\nService: %s\nPath: %s\nStatus: %s\n MaxRetry: %d\nMethod: %s\n\n",
|
||||
rule.Name,
|
||||
rule.ServiceName,
|
||||
rule.Path,
|
||||
rule.Status,
|
||||
rule.MaxRetry,
|
||||
rule.Method,
|
||||
)
|
||||
}
|
||||
|
||||
@@ -6,7 +6,7 @@ import (
|
||||
"github.com/spf13/cobra"
|
||||
)
|
||||
|
||||
var version = "0.4.3"
|
||||
var version = "0.5.0"
|
||||
|
||||
var VersionCmd = &cobra.Command{
|
||||
Use: "version",
|
||||
|
||||
@@ -40,6 +40,7 @@ Example:
|
||||
service = "nginx"
|
||||
path = ""
|
||||
status = "304"
|
||||
max_retry = 3
|
||||
method = ""
|
||||
ban_time = "1m"
|
||||
```
|
||||
|
||||
13
go.mod
13
go.mod
@@ -7,23 +7,24 @@ require (
|
||||
github.com/jedib0t/go-pretty/v6 v6.7.8
|
||||
github.com/spf13/cobra v1.10.2
|
||||
gopkg.in/natefinch/lumberjack.v2 v2.2.1
|
||||
modernc.org/sqlite v1.44.3
|
||||
modernc.org/sqlite v1.46.1
|
||||
)
|
||||
|
||||
require (
|
||||
github.com/clipperhouse/uax29/v2 v2.7.0 // indirect
|
||||
github.com/dustin/go-humanize v1.0.1 // indirect
|
||||
github.com/google/uuid v1.6.0 // indirect
|
||||
github.com/inconshreveable/mousetrap v1.1.0 // indirect
|
||||
github.com/mattn/go-isatty v0.0.20 // indirect
|
||||
github.com/mattn/go-runewidth v0.0.16 // indirect
|
||||
github.com/mattn/go-runewidth v0.0.20 // indirect
|
||||
github.com/ncruces/go-strftime v1.0.0 // indirect
|
||||
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
|
||||
github.com/rivo/uniseg v0.4.7 // indirect
|
||||
github.com/spf13/pflag v1.0.10 // indirect
|
||||
golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 // indirect
|
||||
golang.org/x/sys v0.40.0 // indirect
|
||||
golang.org/x/text v0.32.0 // indirect
|
||||
modernc.org/libc v1.67.6 // indirect
|
||||
golang.org/x/exp v0.0.0-20260218203240-3dfff04db8fa // indirect
|
||||
golang.org/x/sys v0.41.0 // indirect
|
||||
golang.org/x/text v0.34.0 // indirect
|
||||
modernc.org/libc v1.68.0 // indirect
|
||||
modernc.org/mathutil v1.7.1 // indirect
|
||||
modernc.org/memory v1.11.0 // indirect
|
||||
)
|
||||
|
||||
18
go.sum
18
go.sum
@@ -1,5 +1,7 @@
|
||||
github.com/BurntSushi/toml v1.6.0 h1:dRaEfpa2VI55EwlIW72hMRHdWouJeRF7TPYhI+AUQjk=
|
||||
github.com/BurntSushi/toml v1.6.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
|
||||
github.com/clipperhouse/uax29/v2 v2.7.0 h1:+gs4oBZ2gPfVrKPthwbMzWZDaAFPGYK72F0NJv2v7Vk=
|
||||
github.com/clipperhouse/uax29/v2 v2.7.0/go.mod h1:EFJ2TJMRUaplDxHKj1qAEhCtQPW2tJSwu5BF98AuoVM=
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
|
||||
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
||||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
@@ -19,6 +21,8 @@ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWE
|
||||
github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
|
||||
github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc=
|
||||
github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
|
||||
github.com/mattn/go-runewidth v0.0.20 h1:WcT52H91ZUAwy8+HUkdM3THM6gXqXuLJi9O3rjcQQaQ=
|
||||
github.com/mattn/go-runewidth v0.0.20/go.mod h1:XBkDxAl56ILZc9knddidhrOlY5R/pDhgLpndooCuJAs=
|
||||
github.com/ncruces/go-strftime v1.0.0 h1:HMFp8mLCTPp341M/ZnA4qaf7ZlsbTc+miZjCLOFAw7w=
|
||||
github.com/ncruces/go-strftime v1.0.0/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
|
||||
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
||||
@@ -39,17 +43,25 @@ github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf
|
||||
go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
|
||||
golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 h1:mgKeJMpvi0yx/sU5GsxQ7p6s2wtOnGAHZWCHUM4KGzY=
|
||||
golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546/go.mod h1:j/pmGrbnkbPtQfxEe5D0VQhZC6qKbfKifgD0oM7sR70=
|
||||
golang.org/x/exp v0.0.0-20260218203240-3dfff04db8fa h1:Zt3DZoOFFYkKhDT3v7Lm9FDMEV06GpzjG2jrqW+QTE0=
|
||||
golang.org/x/exp v0.0.0-20260218203240-3dfff04db8fa/go.mod h1:K79w1Vqn7PoiZn+TkNpx3BUWUQksGO3JcVX6qIjytmA=
|
||||
golang.org/x/mod v0.30.0 h1:fDEXFVZ/fmCKProc/yAXXUijritrDzahmwwefnjoPFk=
|
||||
golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc=
|
||||
golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8=
|
||||
golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
|
||||
golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
|
||||
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
|
||||
golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
|
||||
golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k=
|
||||
golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
|
||||
golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=
|
||||
golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY=
|
||||
golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk=
|
||||
golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA=
|
||||
golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ=
|
||||
golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ=
|
||||
golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k=
|
||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc=
|
||||
gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc=
|
||||
@@ -59,16 +71,20 @@ modernc.org/cc/v4 v4.27.1 h1:9W30zRlYrefrDV2JE2O8VDtJ1yPGownxciz5rrbQZis=
|
||||
modernc.org/cc/v4 v4.27.1/go.mod h1:uVtb5OGqUKpoLWhqwNQo/8LwvoiEBLvZXIQ/SmO6mL0=
|
||||
modernc.org/ccgo/v4 v4.30.1 h1:4r4U1J6Fhj98NKfSjnPUN7Ze2c6MnAdL0hWw6+LrJpc=
|
||||
modernc.org/ccgo/v4 v4.30.1/go.mod h1:bIOeI1JL54Utlxn+LwrFyjCx2n2RDiYEaJVSrgdrRfM=
|
||||
modernc.org/ccgo/v4 v4.30.2 h1:4yPaaq9dXYXZ2V8s1UgrC3KIj580l2N4ClrLwnbv2so=
|
||||
modernc.org/fileutil v1.3.40 h1:ZGMswMNc9JOCrcrakF1HrvmergNLAmxOPjizirpfqBA=
|
||||
modernc.org/fileutil v1.3.40/go.mod h1:HxmghZSZVAz/LXcMNwZPA/DRrQZEVP9VX0V4LQGQFOc=
|
||||
modernc.org/gc/v2 v2.6.5 h1:nyqdV8q46KvTpZlsw66kWqwXRHdjIlJOhG6kxiV/9xI=
|
||||
modernc.org/gc/v2 v2.6.5/go.mod h1:YgIahr1ypgfe7chRuJi2gD7DBQiKSLMPgBQe9oIiito=
|
||||
modernc.org/gc/v3 v3.1.1 h1:k8T3gkXWY9sEiytKhcgyiZ2L0DTyCQ/nvX+LoCljoRE=
|
||||
modernc.org/gc/v3 v3.1.1/go.mod h1:HFK/6AGESC7Ex+EZJhJ2Gni6cTaYpSMmU/cT9RmlfYY=
|
||||
modernc.org/gc/v3 v3.1.2 h1:ZtDCnhonXSZexk/AYsegNRV1lJGgaNZJuKjJSWKyEqo=
|
||||
modernc.org/goabi0 v0.2.0 h1:HvEowk7LxcPd0eq6mVOAEMai46V+i7Jrj13t4AzuNks=
|
||||
modernc.org/goabi0 v0.2.0/go.mod h1:CEFRnnJhKvWT1c1JTI3Avm+tgOWbkOu5oPA8eH8LnMI=
|
||||
modernc.org/libc v1.67.6 h1:eVOQvpModVLKOdT+LvBPjdQqfrZq+pC39BygcT+E7OI=
|
||||
modernc.org/libc v1.67.6/go.mod h1:JAhxUVlolfYDErnwiqaLvUqc8nfb2r6S6slAgZOnaiE=
|
||||
modernc.org/libc v1.68.0 h1:PJ5ikFOV5pwpW+VqCK1hKJuEWsonkIJhhIXyuF/91pQ=
|
||||
modernc.org/libc v1.68.0/go.mod h1:NnKCYeoYgsEqnY3PgvNgAeaJnso968ygU8Z0DxjoEc0=
|
||||
modernc.org/mathutil v1.7.1 h1:GCZVGXdaN8gTqB1Mf/usp1Y/hSqgI2vAGGP4jZMCxOU=
|
||||
modernc.org/mathutil v1.7.1/go.mod h1:4p5IwJITfppl0G4sUEDtCr4DthTaT47/N3aT6MhfgJg=
|
||||
modernc.org/memory v1.11.0 h1:o4QC8aMQzmcwCK3t3Ux/ZHmwFPzE6hf2Y5LbkRs+hbI=
|
||||
@@ -79,6 +95,8 @@ modernc.org/sortutil v1.2.1 h1:+xyoGf15mM3NMlPDnFqrteY07klSFxLElE2PVuWIJ7w=
|
||||
modernc.org/sortutil v1.2.1/go.mod h1:7ZI3a3REbai7gzCLcotuw9AC4VZVpYMjDzETGsSMqJE=
|
||||
modernc.org/sqlite v1.44.3 h1:+39JvV/HWMcYslAwRxHb8067w+2zowvFOUrOWIy9PjY=
|
||||
modernc.org/sqlite v1.44.3/go.mod h1:CzbrU2lSB1DKUusvwGz7rqEKIq+NUd8GWuBBZDs9/nA=
|
||||
modernc.org/sqlite v1.46.1 h1:eFJ2ShBLIEnUWlLy12raN0Z1plqmFX9Qe3rjQTKt6sU=
|
||||
modernc.org/sqlite v1.46.1/go.mod h1:CzbrU2lSB1DKUusvwGz7rqEKIq+NUd8GWuBBZDs9/nA=
|
||||
modernc.org/strutil v1.2.1 h1:UneZBkQA+DX2Rp35KcM69cSsNES9ly8mQWD71HKlOA0=
|
||||
modernc.org/strutil v1.2.1/go.mod h1:EHkiggD70koQxjVdSBM3JKM7k6L0FbGE5eymy9i3B9A=
|
||||
modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=
|
||||
|
||||
@@ -23,6 +23,7 @@ func (f *Firewalld) Ban(ip string) error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
// #nosec G204 - ip is validated
|
||||
cmd := exec.Command("firewall-cmd", "--zone=drop", "--add-source", ip, "--permanent")
|
||||
output, err := cmd.CombinedOutput()
|
||||
if err != nil {
|
||||
@@ -44,6 +45,7 @@ func (f *Firewalld) Unban(ip string) error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
// #nosec G204 - ip is validated
|
||||
cmd := exec.Command("firewall-cmd", "--zone=drop", "--remove-source", ip, "--permanent")
|
||||
output, err := cmd.CombinedOutput()
|
||||
if err != nil {
|
||||
@@ -61,7 +63,7 @@ func (f *Firewalld) Unban(ip string) error {
|
||||
}
|
||||
|
||||
func (f *Firewalld) PortOpen(port int, protocol string) error {
|
||||
// #nosec G204 - handle is extracted from nftables output and validated
|
||||
// #nosec G204 - handle is extracted from Firewalld output and validated
|
||||
if port >= 0 && port <= 65535 {
|
||||
if protocol != "tcp" && protocol != "udp" {
|
||||
f.logger.Error("invalid protocol")
|
||||
|
||||
@@ -28,6 +28,7 @@ func (f *Iptables) Ban(ip string) error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
// #nosec G204 - f.config is validated above via validateConfigPath()
|
||||
cmd := exec.Command("iptables", "-A", "INPUT", "-s", ip, "-j", "DROP")
|
||||
output, err := cmd.CombinedOutput()
|
||||
if err != nil {
|
||||
@@ -70,6 +71,7 @@ func (f *Iptables) Unban(ip string) error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
// #nosec G204 - f.config is validated above via validateConfigPath()
|
||||
cmd := exec.Command("iptables", "-D", "INPUT", "-s", ip, "-j", "DROP")
|
||||
output, err := cmd.CombinedOutput()
|
||||
if err != nil {
|
||||
|
||||
@@ -26,7 +26,7 @@ func (n *Nftables) Ban(ip string) error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// #nosec G204 - ip is validated
|
||||
cmd := exec.Command("nft", "add", "rule", "inet", "banforge", "banned",
|
||||
"ip", "saddr", ip, "drop")
|
||||
output, err := cmd.CombinedOutput()
|
||||
@@ -113,6 +113,7 @@ func (n *Nftables) Setup(config string) error {
|
||||
}
|
||||
}
|
||||
`
|
||||
// #nosec G204 - config is managed by adminstartor
|
||||
cmd := exec.Command("tee", config)
|
||||
stdin, err := cmd.StdinPipe()
|
||||
if err != nil {
|
||||
@@ -135,7 +136,7 @@ func (n *Nftables) Setup(config string) error {
|
||||
if err = cmd.Wait(); err != nil {
|
||||
return fmt.Errorf("failed to save config: %w", err)
|
||||
}
|
||||
|
||||
// #nosec G204 - config is managed by adminstartor
|
||||
cmd = exec.Command("nft", "-f", config)
|
||||
output, err := cmd.CombinedOutput()
|
||||
if err != nil {
|
||||
@@ -253,7 +254,7 @@ func saveNftablesConfig(configPath string) error {
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to get nftables ruleset: %w", err)
|
||||
}
|
||||
|
||||
// #nosec G204 - managed by system adminstartor
|
||||
cmd = exec.Command("tee", configPath)
|
||||
stdin, err := cmd.StdinPipe()
|
||||
if err != nil {
|
||||
|
||||
@@ -23,7 +23,7 @@ func (u *Ufw) Ban(ip string) error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// #nosec G204 - ip is validated
|
||||
cmd := exec.Command("ufw", "--force", "deny", "from", ip)
|
||||
output, err := cmd.CombinedOutput()
|
||||
if err != nil {
|
||||
@@ -42,7 +42,7 @@ func (u *Ufw) Unban(ip string) error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// #nosec G204 - ip is validated
|
||||
cmd := exec.Command("ufw", "--force", "delete", "deny", "from", ip)
|
||||
output, err := cmd.CombinedOutput()
|
||||
if err != nil {
|
||||
|
||||
@@ -28,5 +28,6 @@ type Rule struct {
|
||||
Path string `toml:"path"`
|
||||
Status string `toml:"status"`
|
||||
Method string `toml:"method"`
|
||||
MaxRetry int `toml:"max_retry"`
|
||||
BanTime string `toml:"ban_time"`
|
||||
}
|
||||
|
||||
@@ -14,6 +14,7 @@ import (
|
||||
type Judge struct {
|
||||
db_r *storage.BanReader
|
||||
db_w *storage.BanWriter
|
||||
db_rq *storage.RequestReader
|
||||
logger *logger.Logger
|
||||
Blocker blocker.BlockerEngine
|
||||
rulesByService map[string][]config.Rule
|
||||
@@ -24,6 +25,7 @@ type Judge struct {
|
||||
func New(
|
||||
db_r *storage.BanReader,
|
||||
db_w *storage.BanWriter,
|
||||
db_rq *storage.RequestReader,
|
||||
b blocker.BlockerEngine,
|
||||
resultCh chan *storage.LogEntry,
|
||||
entryCh chan *storage.LogEntry,
|
||||
@@ -31,6 +33,7 @@ func New(
|
||||
return &Judge{
|
||||
db_w: db_w,
|
||||
db_r: db_r,
|
||||
db_rq: db_rq,
|
||||
logger: logger.New(false),
|
||||
rulesByService: make(map[string][]config.Rule),
|
||||
Blocker: b,
|
||||
@@ -75,31 +78,28 @@ func (j *Judge) Tribunal() {
|
||||
methodMatch := rule.Method == "" || entry.Method == rule.Method
|
||||
statusMatch := rule.Status == "" || entry.Status == rule.Status
|
||||
pathMatch := matchPath(entry.Path, rule.Path)
|
||||
|
||||
j.logger.Debug(
|
||||
"Testing rule",
|
||||
"rule", rule.Name,
|
||||
"method_match", methodMatch,
|
||||
"status_match", statusMatch,
|
||||
"path_match", pathMatch,
|
||||
)
|
||||
|
||||
if methodMatch && statusMatch && pathMatch {
|
||||
ruleMatched = true
|
||||
j.logger.Info("Rule matched", "rule", rule.Name, "ip", entry.IP)
|
||||
|
||||
j.resultCh <- entry
|
||||
banned, err := j.db_r.IsBanned(entry.IP)
|
||||
if err != nil {
|
||||
j.logger.Error("Failed to check ban status", "ip", entry.IP, "error", err)
|
||||
break
|
||||
}
|
||||
|
||||
if banned {
|
||||
j.logger.Info("IP already banned", "ip", entry.IP)
|
||||
j.resultCh <- entry
|
||||
break
|
||||
}
|
||||
|
||||
exceeded, err := j.db_rq.IsMaxRetryExceeded(entry.IP, rule.MaxRetry)
|
||||
if err != nil {
|
||||
j.logger.Error("Failed to check retry count", "ip", entry.IP, "error", err)
|
||||
break
|
||||
}
|
||||
if !exceeded {
|
||||
j.logger.Info("Max retry not exceeded", "ip", entry.IP)
|
||||
break
|
||||
}
|
||||
err = j.db_w.AddBan(entry.IP, rule.BanTime, rule.Name)
|
||||
if err != nil {
|
||||
j.logger.Error(
|
||||
@@ -127,7 +127,6 @@ func (j *Judge) Tribunal() {
|
||||
"ban_time",
|
||||
rule.BanTime,
|
||||
)
|
||||
j.resultCh <- entry
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
@@ -24,6 +24,7 @@ type Scanner struct {
|
||||
}
|
||||
|
||||
func NewScannerTail(path string) (*Scanner, error) {
|
||||
// #nosec G204 - managed by system adminstartor
|
||||
cmd := exec.Command("tail", "-F", "-n", "10", path)
|
||||
stdout, err := cmd.StdoutPipe()
|
||||
if err != nil {
|
||||
@@ -46,6 +47,7 @@ func NewScannerTail(path string) (*Scanner, error) {
|
||||
}
|
||||
|
||||
func NewScannerJournald(unit string) (*Scanner, error) {
|
||||
// #nosec G204 - managed by system adminstartor
|
||||
cmd := exec.Command("journalctl", "-u", unit, "-f", "-n", "0", "-o", "short", "--no-pager")
|
||||
stdout, err := cmd.StdoutPipe()
|
||||
if err != nil {
|
||||
|
||||
@@ -28,3 +28,36 @@ func NewRequestsWr() (*RequestWriter, error) {
|
||||
db: db,
|
||||
}, nil
|
||||
}
|
||||
|
||||
type RequestReader struct {
|
||||
logger *logger.Logger
|
||||
db *sql.DB
|
||||
}
|
||||
|
||||
func NewRequestsRd() (*RequestReader, error) {
|
||||
db, err := sql.Open(
|
||||
"sqlite",
|
||||
buildSqliteDsn(ReqDBPath, pragmas),
|
||||
)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
db.SetMaxOpenConns(1)
|
||||
db.SetMaxIdleConns(1)
|
||||
db.SetConnMaxLifetime(0)
|
||||
return &RequestReader{
|
||||
logger: logger.New(false),
|
||||
db: db,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (r *RequestReader) IsMaxRetryExceeded(ip string, maxRetry int) (bool, error) {
|
||||
var count int
|
||||
err := r.db.QueryRow("SELECT COUNT(*) FROM requests WHERE ip = ?", ip).Scan(&count)
|
||||
if err != nil {
|
||||
r.logger.Error("error query count: " + err.Error())
|
||||
return false, err
|
||||
}
|
||||
r.logger.Info("Current request count for IP", "ip", ip, "count", count, "maxRetry", maxRetry)
|
||||
return count >= maxRetry, nil
|
||||
}
|
||||
|
||||
@@ -94,3 +94,13 @@ func WriteReq(db *RequestWriter, resultCh <-chan *LogEntry) {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func (w *RequestWriter) GetRequestCount() (int, error) {
|
||||
var count int
|
||||
err := w.db.QueryRow("SELECT COUNT(*) FROM requests").Scan(&count)
|
||||
return count, err
|
||||
}
|
||||
|
||||
func (w *RequestWriter) Close() error {
|
||||
return w.db.Close()
|
||||
}
|
||||
|
||||
@@ -299,21 +299,3 @@ func (w *RequestWriter) CreateTable() error {
|
||||
w.logger.Info("Created requests table")
|
||||
return nil
|
||||
}
|
||||
|
||||
func (w *RequestWriter) Close() error {
|
||||
w.logger.Info("Closing request database connection")
|
||||
err := w.db.Close()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (w *RequestWriter) GetRequestCount() (int, error) {
|
||||
var count int
|
||||
err := w.db.QueryRow("SELECT COUNT(*) FROM requests").Scan(&count)
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
return count, nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user