author | Kim Alvefur <zash@zash.se> |
Fri, 05 Apr 2019 18:57:51 +0200 | |
changeset 3553 | b059a3fb2a58 |
parent 3244 | c30f2cfe9f15 |
child 4020 | b872f111b7af |
permissions | -rw-r--r-- |
2083
edec9de0220a
mod_firewall: Silence warnings about unused arguments [luacheck]
Kim Alvefur <zash@zash.se>
parents:
1867
diff
changeset
|
1 |
|
edec9de0220a
mod_firewall: Silence warnings about unused arguments [luacheck]
Kim Alvefur <zash@zash.se>
parents:
1867
diff
changeset
|
2 |
-- Name arguments are unused here |
edec9de0220a
mod_firewall: Silence warnings about unused arguments [luacheck]
Kim Alvefur <zash@zash.se>
parents:
1867
diff
changeset
|
3 |
-- luacheck: ignore 212 |
999
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 |
|
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 |
local definition_handlers = {}; |
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 |
|
2524
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
7 |
local http = require "net.http"; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
8 |
local timer = require "util.timer"; |
1867
92602cfac751
mod_firewall: Fix missing import of util.set (used to be global)
Kim Alvefur <zash@zash.se>
parents:
999
diff
changeset
|
9 |
local set = require"util.set"; |
999
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 |
local new_throttle = require "util.throttle".create; |
2590
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
11 |
local hashes = require "util.hashes"; |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
12 |
local jid = require "util.jid"; |
2132
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2083
diff
changeset
|
13 |
|
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2083
diff
changeset
|
14 |
local multirate_cache_size = module:get_option_number("firewall_multirate_cache_limit", 1000); |
999
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 |
|
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 |
function definition_handlers.ZONE(zone_name, zone_members) |
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 |
local zone_member_list = {}; |
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 |
for member in zone_members:gmatch("[^, ]+") do |
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 |
zone_member_list[#zone_member_list+1] = member; |
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 |
end |
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 |
return set.new(zone_member_list)._items; |
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 |
end |
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 |
|
2132
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2083
diff
changeset
|
24 |
-- Helper function used by RATE handler |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2083
diff
changeset
|
25 |
local function evict_only_unthrottled(name, throttle) |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2083
diff
changeset
|
26 |
throttle:update(); |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2083
diff
changeset
|
27 |
-- Check whether the throttle is at max balance (i.e. totally safe to forget about it) |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2083
diff
changeset
|
28 |
if throttle.balance < throttle.max then |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2083
diff
changeset
|
29 |
-- Not safe to forget |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2083
diff
changeset
|
30 |
return false; |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2083
diff
changeset
|
31 |
end |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2083
diff
changeset
|
32 |
end |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2083
diff
changeset
|
33 |
|
999
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 |
function definition_handlers.RATE(name, line) |
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 |
local rate = assert(tonumber(line:match("([%d.]+)")), "Unable to parse rate"); |
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 |
local burst = tonumber(line:match("%(%s*burst%s+([%d.]+)%s*%)")) or 1; |
2132
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2083
diff
changeset
|
37 |
local max_throttles = tonumber(line:match("%(%s*entries%s+([%d]+)%s*%)")) or multirate_cache_size; |
2374
5fe483b73fd2
mod_firewall: Rate limiting: Document 'entries' and add option to allow overflowing when full
Matthew Wild <mwild1@gmail.com>
parents:
2135
diff
changeset
|
38 |
local deny_when_full = not line:match("%(allow overflow%)"); |
2132
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2083
diff
changeset
|
39 |
return { |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2083
diff
changeset
|
40 |
single = function () |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2083
diff
changeset
|
41 |
return new_throttle(rate*burst, burst); |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2083
diff
changeset
|
42 |
end; |
2863
22e11645a895
mod_firewall: Trim trailing whitespace [luacheck]
Kim Alvefur <zash@zash.se>
parents:
2591
diff
changeset
|
43 |
|
2132
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2083
diff
changeset
|
44 |
multi = function () |
2374
5fe483b73fd2
mod_firewall: Rate limiting: Document 'entries' and add option to allow overflowing when full
Matthew Wild <mwild1@gmail.com>
parents:
2135
diff
changeset
|
45 |
local cache = require "util.cache".new(max_throttles, deny_when_full and evict_only_unthrottled or nil); |
2132
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2083
diff
changeset
|
46 |
return { |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2083
diff
changeset
|
47 |
poll_on = function (_, key, amount) |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2083
diff
changeset
|
48 |
assert(key, "no key"); |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2083
diff
changeset
|
49 |
local throttle = cache:get(key); |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2083
diff
changeset
|
50 |
if not throttle then |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2083
diff
changeset
|
51 |
throttle = new_throttle(rate*burst, burst); |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2083
diff
changeset
|
52 |
if not cache:set(key, throttle) then |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2083
diff
changeset
|
53 |
module:log("warn", "Multirate '%s' has hit its maximum number of active throttles (%d), denying new events", name, max_throttles); |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2083
diff
changeset
|
54 |
return false; |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2083
diff
changeset
|
55 |
end |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2083
diff
changeset
|
56 |
end |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2083
diff
changeset
|
57 |
return throttle:poll(amount); |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2083
diff
changeset
|
58 |
end; |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2083
diff
changeset
|
59 |
} |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2083
diff
changeset
|
60 |
end; |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2083
diff
changeset
|
61 |
}; |
999
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
62 |
end |
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
63 |
|
2524
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
64 |
local list_backends = { |
2902
9fd61234b6f0
mod_firewall/definitions: Comments on LIST backends
Kim Alvefur <zash@zash.se>
parents:
2863
diff
changeset
|
65 |
-- %LIST name: memory (limit: number) |
2524
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
66 |
memory = { |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
67 |
init = function (self, type, opts) |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
68 |
if opts.limit then |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
69 |
local have_cache_lib, cache_lib = pcall(require, "util.cache"); |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
70 |
if not have_cache_lib then |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
71 |
error("In-memory lists with a size limit require Prosody 0.10"); |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
72 |
end |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
73 |
self.cache = cache_lib.new((assert(tonumber(opts.limit), "Invalid list limit"))); |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
74 |
if not self.cache.table then |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
75 |
error("In-memory lists with a size limit require a newer version of Prosody 0.10"); |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
76 |
end |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
77 |
self.items = self.cache:table(); |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
78 |
else |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
79 |
self.items = {}; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
80 |
end |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
81 |
end; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
82 |
add = function (self, item) |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
83 |
self.items[item] = true; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
84 |
end; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
85 |
remove = function (self, item) |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
86 |
self.items[item] = nil; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
87 |
end; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
88 |
contains = function (self, item) |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
89 |
return self.items[item] == true; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
90 |
end; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
91 |
}; |
2902
9fd61234b6f0
mod_firewall/definitions: Comments on LIST backends
Kim Alvefur <zash@zash.se>
parents:
2863
diff
changeset
|
92 |
|
9fd61234b6f0
mod_firewall/definitions: Comments on LIST backends
Kim Alvefur <zash@zash.se>
parents:
2863
diff
changeset
|
93 |
-- %LIST name: http://example.com/ (ttl: number, pattern: pat, hash: sha1) |
2524
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
94 |
http = { |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
95 |
init = function (self, url, opts) |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
96 |
local poll_interval = assert(tonumber(opts.ttl or "3600"), "invalid ttl for <"..url.."> (expected number of seconds)"); |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
97 |
local pattern = opts.pattern or "([^\r\n]+)\r?\n"; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
98 |
assert(pcall(string.match, "", pattern), "invalid pattern for <"..url..">"); |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
99 |
if opts.hash then |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
100 |
assert(opts.hash:match("^%w+$") and type(hashes[opts.hash]) == "function", "invalid hash function: "..opts.hash); |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
101 |
self.hash_function = hashes[opts.hash]; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
102 |
end |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
103 |
local etag; |
2526
72cbec103709
mod_firewall: Improve HTTP polling logic
Matthew Wild <mwild1@gmail.com>
parents:
2524
diff
changeset
|
104 |
local failure_count = 0; |
72cbec103709
mod_firewall: Improve HTTP polling logic
Matthew Wild <mwild1@gmail.com>
parents:
2524
diff
changeset
|
105 |
local retry_intervals = { 60, 120, 300 }; |
2524
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
106 |
local function update_list() |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
107 |
http.request(url, { |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
108 |
headers = { |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
109 |
["If-None-Match"] = etag; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
110 |
}; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
111 |
}, function (body, code, response) |
2526
72cbec103709
mod_firewall: Improve HTTP polling logic
Matthew Wild <mwild1@gmail.com>
parents:
2524
diff
changeset
|
112 |
local next_poll = poll_interval; |
2524
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
113 |
if code == 200 and body then |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
114 |
etag = response.headers.etag; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
115 |
local items = {}; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
116 |
for entry in body:gmatch(pattern) do |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
117 |
items[entry] = true; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
118 |
end |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
119 |
self.items = items; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
120 |
module:log("debug", "Fetched updated list from <%s>", url); |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
121 |
elseif code == 304 then |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
122 |
module:log("debug", "List at <%s> is unchanged", url); |
2526
72cbec103709
mod_firewall: Improve HTTP polling logic
Matthew Wild <mwild1@gmail.com>
parents:
2524
diff
changeset
|
123 |
elseif code == 0 or (code >= 400 and code <=599) then |
2524
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
124 |
module:log("warn", "Failed to fetch list from <%s>: %d %s", url, code, tostring(body)); |
2526
72cbec103709
mod_firewall: Improve HTTP polling logic
Matthew Wild <mwild1@gmail.com>
parents:
2524
diff
changeset
|
125 |
failure_count = failure_count + 1; |
72cbec103709
mod_firewall: Improve HTTP polling logic
Matthew Wild <mwild1@gmail.com>
parents:
2524
diff
changeset
|
126 |
next_poll = retry_intervals[failure_count] or retry_intervals[#retry_intervals]; |
2524
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
127 |
end |
2526
72cbec103709
mod_firewall: Improve HTTP polling logic
Matthew Wild <mwild1@gmail.com>
parents:
2524
diff
changeset
|
128 |
if next_poll > 0 then |
72cbec103709
mod_firewall: Improve HTTP polling logic
Matthew Wild <mwild1@gmail.com>
parents:
2524
diff
changeset
|
129 |
timer.add_task(next_poll+math.random(0, 60), update_list); |
2524
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
130 |
end |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
131 |
end); |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
132 |
end |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
133 |
update_list(); |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
134 |
end; |
2534
84e103fd8039
mod_firewall: Add dummy add/remove methods for HTTP lists
Matthew Wild <mwild1@gmail.com>
parents:
2532
diff
changeset
|
135 |
add = function () |
84e103fd8039
mod_firewall: Add dummy add/remove methods for HTTP lists
Matthew Wild <mwild1@gmail.com>
parents:
2532
diff
changeset
|
136 |
end; |
84e103fd8039
mod_firewall: Add dummy add/remove methods for HTTP lists
Matthew Wild <mwild1@gmail.com>
parents:
2532
diff
changeset
|
137 |
remove = function () |
84e103fd8039
mod_firewall: Add dummy add/remove methods for HTTP lists
Matthew Wild <mwild1@gmail.com>
parents:
2532
diff
changeset
|
138 |
end; |
2524
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
139 |
contains = function (self, item) |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
140 |
if self.hash_function then |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
141 |
item = self.hash_function(item); |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
142 |
end |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
143 |
return self.items and self.items[item] == true; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
144 |
end; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
145 |
}; |
2902
9fd61234b6f0
mod_firewall/definitions: Comments on LIST backends
Kim Alvefur <zash@zash.se>
parents:
2863
diff
changeset
|
146 |
|
9fd61234b6f0
mod_firewall/definitions: Comments on LIST backends
Kim Alvefur <zash@zash.se>
parents:
2863
diff
changeset
|
147 |
-- %LIST: file:/path/to/file |
2536
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2534
diff
changeset
|
148 |
file = { |
2539
b85d88737a32
mod_firewall: Fix file backend init code
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
149 |
init = function (self, file_spec, opts) |
3244
c30f2cfe9f15
mod_firewall: Assume empty list if file could not be loaded
Matthew Wild <mwild1@gmail.com>
parents:
2902
diff
changeset
|
150 |
local items = {}; |
c30f2cfe9f15
mod_firewall: Assume empty list if file could not be loaded
Matthew Wild <mwild1@gmail.com>
parents:
2902
diff
changeset
|
151 |
local n = 0; |
2539
b85d88737a32
mod_firewall: Fix file backend init code
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
152 |
local filename = file_spec:gsub("^file:", ""); |
2536
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2534
diff
changeset
|
153 |
local file, err = io.open(filename); |
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2534
diff
changeset
|
154 |
if not file then |
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2534
diff
changeset
|
155 |
module:log("warn", "Failed to open list from %s: %s", filename, err); |
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2534
diff
changeset
|
156 |
return; |
3244
c30f2cfe9f15
mod_firewall: Assume empty list if file could not be loaded
Matthew Wild <mwild1@gmail.com>
parents:
2902
diff
changeset
|
157 |
else |
c30f2cfe9f15
mod_firewall: Assume empty list if file could not be loaded
Matthew Wild <mwild1@gmail.com>
parents:
2902
diff
changeset
|
158 |
for line in file:lines() do |
c30f2cfe9f15
mod_firewall: Assume empty list if file could not be loaded
Matthew Wild <mwild1@gmail.com>
parents:
2902
diff
changeset
|
159 |
if not items[line] then |
c30f2cfe9f15
mod_firewall: Assume empty list if file could not be loaded
Matthew Wild <mwild1@gmail.com>
parents:
2902
diff
changeset
|
160 |
n = n + 1; |
c30f2cfe9f15
mod_firewall: Assume empty list if file could not be loaded
Matthew Wild <mwild1@gmail.com>
parents:
2902
diff
changeset
|
161 |
items[line] = true; |
c30f2cfe9f15
mod_firewall: Assume empty list if file could not be loaded
Matthew Wild <mwild1@gmail.com>
parents:
2902
diff
changeset
|
162 |
end |
2540
22a271641c29
mod_firewall: Improve debug logging for LIST file backend
Matthew Wild <mwild1@gmail.com>
parents:
2539
diff
changeset
|
163 |
end |
2536
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2534
diff
changeset
|
164 |
end |
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2534
diff
changeset
|
165 |
self.items = items; |
2540
22a271641c29
mod_firewall: Improve debug logging for LIST file backend
Matthew Wild <mwild1@gmail.com>
parents:
2539
diff
changeset
|
166 |
module:log("debug", "Loaded %d items from %s", n, filename); |
2536
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2534
diff
changeset
|
167 |
end; |
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2534
diff
changeset
|
168 |
add = function (self, item) |
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2534
diff
changeset
|
169 |
self.items[item] = true; |
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2534
diff
changeset
|
170 |
end; |
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2534
diff
changeset
|
171 |
remove = function (self, item) |
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2534
diff
changeset
|
172 |
self.items[item] = nil; |
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2534
diff
changeset
|
173 |
end; |
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2534
diff
changeset
|
174 |
contains = function (self, item) |
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2534
diff
changeset
|
175 |
return self.items and self.items[item] == true; |
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2534
diff
changeset
|
176 |
end; |
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2534
diff
changeset
|
177 |
}; |
2524
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
178 |
}; |
2527
a3a18d09ae8a
mod_firewall: Also handle HTTPS for lists
Matthew Wild <mwild1@gmail.com>
parents:
2526
diff
changeset
|
179 |
list_backends.https = list_backends.http; |
2524
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
180 |
|
2590
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
181 |
local normalize_functions = { |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
182 |
upper = string.upper, lower = string.lower; |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
183 |
md5 = hashes.md5, sha1 = hashes.sha1, sha256 = hashes.sha256; |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
184 |
prep = jid.prep, bare = jid.bare; |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
185 |
}; |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
186 |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
187 |
local function wrap_list_method(list_method, filter) |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
188 |
return function (self, item) |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
189 |
return list_method(self, filter(item)); |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
190 |
end |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
191 |
end |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
192 |
|
2524
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
193 |
local function create_list(list_backend, list_def, opts) |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
194 |
if not list_backends[list_backend] then |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
195 |
error("Unknown list type '"..list_backend.."'", 0); |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
196 |
end |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
197 |
local list = setmetatable({}, { __index = list_backends[list_backend] }); |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
198 |
if list.init then |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
199 |
list:init(list_def, opts); |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
200 |
end |
2590
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
201 |
if opts.filter then |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
202 |
local filters = {}; |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
203 |
for func_name in opts.filter:gmatch("[%w_]+") do |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
204 |
if func_name == "log" then |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
205 |
table.insert(filters, function (s) |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
206 |
--print("&&&&&", s); |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
207 |
module:log("debug", "Checking list <%s> for: %s", list_def, s); |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
208 |
return s; |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
209 |
end); |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
210 |
else |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
211 |
assert(normalize_functions[func_name], "Unknown list filter: "..func_name); |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
212 |
table.insert(filters, normalize_functions[func_name]); |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
213 |
end |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
214 |
end |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
215 |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
216 |
local filter; |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
217 |
local n = #filters; |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
218 |
if n == 1 then |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
219 |
filter = filters[1]; |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
220 |
else |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
221 |
function filter(s) |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
222 |
for i = 1, n do |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
223 |
s = filters[i](s or ""); |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
224 |
end |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
225 |
return s; |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
226 |
end |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
227 |
end |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
228 |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
229 |
list.add = wrap_list_method(list.add, filter); |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
230 |
list.remove = wrap_list_method(list.remove, filter); |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
231 |
list.contains = wrap_list_method(list.contains, filter); |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2540
diff
changeset
|
232 |
end |
2524
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
233 |
return list; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
234 |
end |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
235 |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
236 |
--[[ |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
237 |
%LIST spammers: memory (source: /etc/spammers.txt) |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
238 |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
239 |
%LIST spammers: memory (source: /etc/spammers.txt) |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
240 |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
241 |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
242 |
%LIST spammers: http://example.com/blacklist.txt |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
243 |
]] |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
244 |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
245 |
function definition_handlers.LIST(list_name, list_definition) |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
246 |
local list_backend = list_definition:match("^%w+"); |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
247 |
local opts = {}; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
248 |
local opt_string = list_definition:match("^%S+%s+%((.+)%)"); |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
249 |
if opt_string then |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
250 |
for opt_k, opt_v in opt_string:gmatch("(%w+): ?([^,]+)") do |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
251 |
opts[opt_k] = opt_v; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
252 |
end |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
253 |
end |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
254 |
return create_list(list_backend, list_definition:match("^%S+"), opts); |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
255 |
end |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2374
diff
changeset
|
256 |
|
2532
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2527
diff
changeset
|
257 |
function definition_handlers.PATTERN(name, pattern) |
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2527
diff
changeset
|
258 |
local ok, err = pcall(string.match, "", pattern); |
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2527
diff
changeset
|
259 |
if not ok then |
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2527
diff
changeset
|
260 |
error("Invalid pattern '"..name.."': "..err); |
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2527
diff
changeset
|
261 |
end |
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2527
diff
changeset
|
262 |
return pattern; |
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2527
diff
changeset
|
263 |
end |
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2527
diff
changeset
|
264 |
|
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2527
diff
changeset
|
265 |
function definition_handlers.SEARCH(name, pattern) |
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2527
diff
changeset
|
266 |
return pattern; |
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2527
diff
changeset
|
267 |
end |
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2527
diff
changeset
|
268 |
|
999
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
269 |
return definition_handlers; |