Mercurial > prosody-modules
annotate mod_firewall/definitions.lib.lua @ 3568:6b3181fe5617
mod_auth_token: Timezone fix for TOTP checking
luatz.time() returns milliseconds since epoch which is in UTC time, so we don't
need to convert to UTC with gmtime.
By calling gmtime, TOTP validation was failing when this module wasn't running
on machine set to UTC time.
| author | JC Brand <jc@opkode.com> |
|---|---|
| date | Thu, 02 May 2019 11:07:27 +0200 |
| parents | c30f2cfe9f15 |
| children | b872f111b7af |
| rev | line source |
|---|---|
|
2079
edec9de0220a
mod_firewall: Silence warnings about unused arguments [luacheck]
Kim Alvefur <zash@zash.se>
parents:
1863
diff
changeset
|
1 |
|
edec9de0220a
mod_firewall: Silence warnings about unused arguments [luacheck]
Kim Alvefur <zash@zash.se>
parents:
1863
diff
changeset
|
2 -- Name arguments are unused here |
|
edec9de0220a
mod_firewall: Silence warnings about unused arguments [luacheck]
Kim Alvefur <zash@zash.se>
parents:
1863
diff
changeset
|
3 -- luacheck: ignore 212 |
|
999
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 |
|
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 local definition_handlers = {}; |
|
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 |
|
2520
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
7 local http = require "net.http"; |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
8 local timer = require "util.timer"; |
|
1863
92602cfac751
mod_firewall: Fix missing import of util.set (used to be global)
Kim Alvefur <zash@zash.se>
parents:
999
diff
changeset
|
9 local set = require"util.set"; |
|
999
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 local new_throttle = require "util.throttle".create; |
|
2586
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
11 local hashes = require "util.hashes"; |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
12 local jid = require "util.jid"; |
|
2128
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
13 |
|
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
14 local multirate_cache_size = module:get_option_number("firewall_multirate_cache_limit", 1000); |
|
999
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 |
|
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 function definition_handlers.ZONE(zone_name, zone_members) |
|
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 local zone_member_list = {}; |
|
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 for member in zone_members:gmatch("[^, ]+") do |
|
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 zone_member_list[#zone_member_list+1] = member; |
|
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 end |
|
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 return set.new(zone_member_list)._items; |
|
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 end |
|
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 |
|
2128
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
24 -- Helper function used by RATE handler |
|
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
25 local function evict_only_unthrottled(name, throttle) |
|
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
26 throttle:update(); |
|
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
27 -- Check whether the throttle is at max balance (i.e. totally safe to forget about it) |
|
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
28 if throttle.balance < throttle.max then |
|
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
29 -- Not safe to forget |
|
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
30 return false; |
|
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
31 end |
|
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
32 end |
|
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
33 |
|
999
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 function definition_handlers.RATE(name, line) |
|
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 local rate = assert(tonumber(line:match("([%d.]+)")), "Unable to parse rate"); |
|
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 local burst = tonumber(line:match("%(%s*burst%s+([%d.]+)%s*%)")) or 1; |
|
2128
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
37 local max_throttles = tonumber(line:match("%(%s*entries%s+([%d]+)%s*%)")) or multirate_cache_size; |
|
2370
5fe483b73fd2
mod_firewall: Rate limiting: Document 'entries' and add option to allow overflowing when full
Matthew Wild <mwild1@gmail.com>
parents:
2131
diff
changeset
|
38 local deny_when_full = not line:match("%(allow overflow%)"); |
|
2128
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
39 return { |
|
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
40 single = function () |
|
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
41 return new_throttle(rate*burst, burst); |
|
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
42 end; |
|
2859
22e11645a895
mod_firewall: Trim trailing whitespace [luacheck]
Kim Alvefur <zash@zash.se>
parents:
2587
diff
changeset
|
43 |
|
2128
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
44 multi = function () |
|
2370
5fe483b73fd2
mod_firewall: Rate limiting: Document 'entries' and add option to allow overflowing when full
Matthew Wild <mwild1@gmail.com>
parents:
2131
diff
changeset
|
45 local cache = require "util.cache".new(max_throttles, deny_when_full and evict_only_unthrottled or nil); |
|
2128
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
46 return { |
|
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
47 poll_on = function (_, key, amount) |
|
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
48 assert(key, "no key"); |
|
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
49 local throttle = cache:get(key); |
|
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
50 if not throttle then |
|
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
51 throttle = new_throttle(rate*burst, burst); |
|
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
52 if not cache:set(key, throttle) then |
|
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
53 module:log("warn", "Multirate '%s' has hit its maximum number of active throttles (%d), denying new events", name, max_throttles); |
|
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
54 return false; |
|
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
55 end |
|
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
56 end |
|
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
57 return throttle:poll(amount); |
|
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
58 end; |
|
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
59 } |
|
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
60 end; |
|
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
61 }; |
|
999
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
62 end |
|
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
63 |
|
2520
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
64 local list_backends = { |
|
2898
9fd61234b6f0
mod_firewall/definitions: Comments on LIST backends
Kim Alvefur <zash@zash.se>
parents:
2859
diff
changeset
|
65 -- %LIST name: memory (limit: number) |
|
2520
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
66 memory = { |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
67 init = function (self, type, opts) |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
68 if opts.limit then |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
69 local have_cache_lib, cache_lib = pcall(require, "util.cache"); |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
70 if not have_cache_lib then |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
71 error("In-memory lists with a size limit require Prosody 0.10"); |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
72 end |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
73 self.cache = cache_lib.new((assert(tonumber(opts.limit), "Invalid list limit"))); |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
74 if not self.cache.table then |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
75 error("In-memory lists with a size limit require a newer version of Prosody 0.10"); |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
76 end |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
77 self.items = self.cache:table(); |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
78 else |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
79 self.items = {}; |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
80 end |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
81 end; |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
82 add = function (self, item) |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
83 self.items[item] = true; |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
84 end; |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
85 remove = function (self, item) |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
86 self.items[item] = nil; |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
87 end; |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
88 contains = function (self, item) |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
89 return self.items[item] == true; |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
90 end; |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
91 }; |
|
2898
9fd61234b6f0
mod_firewall/definitions: Comments on LIST backends
Kim Alvefur <zash@zash.se>
parents:
2859
diff
changeset
|
92 |
|
9fd61234b6f0
mod_firewall/definitions: Comments on LIST backends
Kim Alvefur <zash@zash.se>
parents:
2859
diff
changeset
|
93 -- %LIST name: http://example.com/ (ttl: number, pattern: pat, hash: sha1) |
|
2520
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
94 http = { |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
95 init = function (self, url, opts) |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
96 local poll_interval = assert(tonumber(opts.ttl or "3600"), "invalid ttl for <"..url.."> (expected number of seconds)"); |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
97 local pattern = opts.pattern or "([^\r\n]+)\r?\n"; |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
98 assert(pcall(string.match, "", pattern), "invalid pattern for <"..url..">"); |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
99 if opts.hash then |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
100 assert(opts.hash:match("^%w+$") and type(hashes[opts.hash]) == "function", "invalid hash function: "..opts.hash); |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
101 self.hash_function = hashes[opts.hash]; |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
102 end |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
103 local etag; |
|
2522
72cbec103709
mod_firewall: Improve HTTP polling logic
Matthew Wild <mwild1@gmail.com>
parents:
2520
diff
changeset
|
104 local failure_count = 0; |
|
72cbec103709
mod_firewall: Improve HTTP polling logic
Matthew Wild <mwild1@gmail.com>
parents:
2520
diff
changeset
|
105 local retry_intervals = { 60, 120, 300 }; |
|
2520
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
106 local function update_list() |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
107 http.request(url, { |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
108 headers = { |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
109 ["If-None-Match"] = etag; |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
110 }; |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
111 }, function (body, code, response) |
|
2522
72cbec103709
mod_firewall: Improve HTTP polling logic
Matthew Wild <mwild1@gmail.com>
parents:
2520
diff
changeset
|
112 local next_poll = poll_interval; |
|
2520
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
113 if code == 200 and body then |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
114 etag = response.headers.etag; |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
115 local items = {}; |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
116 for entry in body:gmatch(pattern) do |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
117 items[entry] = true; |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
118 end |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
119 self.items = items; |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
120 module:log("debug", "Fetched updated list from <%s>", url); |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
121 elseif code == 304 then |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
122 module:log("debug", "List at <%s> is unchanged", url); |
|
2522
72cbec103709
mod_firewall: Improve HTTP polling logic
Matthew Wild <mwild1@gmail.com>
parents:
2520
diff
changeset
|
123 elseif code == 0 or (code >= 400 and code <=599) then |
|
2520
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
124 module:log("warn", "Failed to fetch list from <%s>: %d %s", url, code, tostring(body)); |
|
2522
72cbec103709
mod_firewall: Improve HTTP polling logic
Matthew Wild <mwild1@gmail.com>
parents:
2520
diff
changeset
|
125 failure_count = failure_count + 1; |
|
72cbec103709
mod_firewall: Improve HTTP polling logic
Matthew Wild <mwild1@gmail.com>
parents:
2520
diff
changeset
|
126 next_poll = retry_intervals[failure_count] or retry_intervals[#retry_intervals]; |
|
2520
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
127 end |
|
2522
72cbec103709
mod_firewall: Improve HTTP polling logic
Matthew Wild <mwild1@gmail.com>
parents:
2520
diff
changeset
|
128 if next_poll > 0 then |
|
72cbec103709
mod_firewall: Improve HTTP polling logic
Matthew Wild <mwild1@gmail.com>
parents:
2520
diff
changeset
|
129 timer.add_task(next_poll+math.random(0, 60), update_list); |
|
2520
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
130 end |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
131 end); |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
132 end |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
133 update_list(); |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
134 end; |
|
2530
84e103fd8039
mod_firewall: Add dummy add/remove methods for HTTP lists
Matthew Wild <mwild1@gmail.com>
parents:
2528
diff
changeset
|
135 add = function () |
|
84e103fd8039
mod_firewall: Add dummy add/remove methods for HTTP lists
Matthew Wild <mwild1@gmail.com>
parents:
2528
diff
changeset
|
136 end; |
|
84e103fd8039
mod_firewall: Add dummy add/remove methods for HTTP lists
Matthew Wild <mwild1@gmail.com>
parents:
2528
diff
changeset
|
137 remove = function () |
|
84e103fd8039
mod_firewall: Add dummy add/remove methods for HTTP lists
Matthew Wild <mwild1@gmail.com>
parents:
2528
diff
changeset
|
138 end; |
|
2520
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
139 contains = function (self, item) |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
140 if self.hash_function then |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
141 item = self.hash_function(item); |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
142 end |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
143 return self.items and self.items[item] == true; |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
144 end; |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
145 }; |
|
2898
9fd61234b6f0
mod_firewall/definitions: Comments on LIST backends
Kim Alvefur <zash@zash.se>
parents:
2859
diff
changeset
|
146 |
|
9fd61234b6f0
mod_firewall/definitions: Comments on LIST backends
Kim Alvefur <zash@zash.se>
parents:
2859
diff
changeset
|
147 -- %LIST: file:/path/to/file |
|
2532
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
148 file = { |
|
2535
b85d88737a32
mod_firewall: Fix file backend init code
Matthew Wild <mwild1@gmail.com>
parents:
2532
diff
changeset
|
149 init = function (self, file_spec, opts) |
|
3240
c30f2cfe9f15
mod_firewall: Assume empty list if file could not be loaded
Matthew Wild <mwild1@gmail.com>
parents:
2898
diff
changeset
|
150 local items = {}; |
|
c30f2cfe9f15
mod_firewall: Assume empty list if file could not be loaded
Matthew Wild <mwild1@gmail.com>
parents:
2898
diff
changeset
|
151 local n = 0; |
|
2535
b85d88737a32
mod_firewall: Fix file backend init code
Matthew Wild <mwild1@gmail.com>
parents:
2532
diff
changeset
|
152 local filename = file_spec:gsub("^file:", ""); |
|
2532
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
153 local file, err = io.open(filename); |
|
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
154 if not file then |
|
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
155 module:log("warn", "Failed to open list from %s: %s", filename, err); |
|
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
156 return; |
|
3240
c30f2cfe9f15
mod_firewall: Assume empty list if file could not be loaded
Matthew Wild <mwild1@gmail.com>
parents:
2898
diff
changeset
|
157 else |
|
c30f2cfe9f15
mod_firewall: Assume empty list if file could not be loaded
Matthew Wild <mwild1@gmail.com>
parents:
2898
diff
changeset
|
158 for line in file:lines() do |
|
c30f2cfe9f15
mod_firewall: Assume empty list if file could not be loaded
Matthew Wild <mwild1@gmail.com>
parents:
2898
diff
changeset
|
159 if not items[line] then |
|
c30f2cfe9f15
mod_firewall: Assume empty list if file could not be loaded
Matthew Wild <mwild1@gmail.com>
parents:
2898
diff
changeset
|
160 n = n + 1; |
|
c30f2cfe9f15
mod_firewall: Assume empty list if file could not be loaded
Matthew Wild <mwild1@gmail.com>
parents:
2898
diff
changeset
|
161 items[line] = true; |
|
c30f2cfe9f15
mod_firewall: Assume empty list if file could not be loaded
Matthew Wild <mwild1@gmail.com>
parents:
2898
diff
changeset
|
162 end |
|
2536
22a271641c29
mod_firewall: Improve debug logging for LIST file backend
Matthew Wild <mwild1@gmail.com>
parents:
2535
diff
changeset
|
163 end |
|
2532
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
164 end |
|
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
165 self.items = items; |
|
2536
22a271641c29
mod_firewall: Improve debug logging for LIST file backend
Matthew Wild <mwild1@gmail.com>
parents:
2535
diff
changeset
|
166 module:log("debug", "Loaded %d items from %s", n, filename); |
|
2532
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
167 end; |
|
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
168 add = function (self, item) |
|
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
169 self.items[item] = true; |
|
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
170 end; |
|
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
171 remove = function (self, item) |
|
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
172 self.items[item] = nil; |
|
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
173 end; |
|
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
174 contains = function (self, item) |
|
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
175 return self.items and self.items[item] == true; |
|
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
176 end; |
|
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
177 }; |
|
2520
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
178 }; |
|
2523
a3a18d09ae8a
mod_firewall: Also handle HTTPS for lists
Matthew Wild <mwild1@gmail.com>
parents:
2522
diff
changeset
|
179 list_backends.https = list_backends.http; |
|
2520
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
180 |
|
2586
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
181 local normalize_functions = { |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
182 upper = string.upper, lower = string.lower; |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
183 md5 = hashes.md5, sha1 = hashes.sha1, sha256 = hashes.sha256; |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
184 prep = jid.prep, bare = jid.bare; |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
185 }; |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
186 |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
187 local function wrap_list_method(list_method, filter) |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
188 return function (self, item) |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
189 return list_method(self, filter(item)); |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
190 end |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
191 end |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
192 |
|
2520
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
193 local function create_list(list_backend, list_def, opts) |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
194 if not list_backends[list_backend] then |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
195 error("Unknown list type '"..list_backend.."'", 0); |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
196 end |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
197 local list = setmetatable({}, { __index = list_backends[list_backend] }); |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
198 if list.init then |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
199 list:init(list_def, opts); |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
200 end |
|
2586
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
201 if opts.filter then |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
202 local filters = {}; |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
203 for func_name in opts.filter:gmatch("[%w_]+") do |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
204 if func_name == "log" then |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
205 table.insert(filters, function (s) |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
206 --print("&&&&&", s); |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
207 module:log("debug", "Checking list <%s> for: %s", list_def, s); |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
208 return s; |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
209 end); |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
210 else |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
211 assert(normalize_functions[func_name], "Unknown list filter: "..func_name); |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
212 table.insert(filters, normalize_functions[func_name]); |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
213 end |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
214 end |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
215 |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
216 local filter; |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
217 local n = #filters; |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
218 if n == 1 then |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
219 filter = filters[1]; |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
220 else |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
221 function filter(s) |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
222 for i = 1, n do |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
223 s = filters[i](s or ""); |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
224 end |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
225 return s; |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
226 end |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
227 end |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
228 |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
229 list.add = wrap_list_method(list.add, filter); |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
230 list.remove = wrap_list_method(list.remove, filter); |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
231 list.contains = wrap_list_method(list.contains, filter); |
|
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
232 end |
|
2520
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
233 return list; |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
234 end |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
235 |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
236 --[[ |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
237 %LIST spammers: memory (source: /etc/spammers.txt) |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
238 |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
239 %LIST spammers: memory (source: /etc/spammers.txt) |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
240 |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
241 |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
242 %LIST spammers: http://example.com/blacklist.txt |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
243 ]] |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
244 |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
245 function definition_handlers.LIST(list_name, list_definition) |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
246 local list_backend = list_definition:match("^%w+"); |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
247 local opts = {}; |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
248 local opt_string = list_definition:match("^%S+%s+%((.+)%)"); |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
249 if opt_string then |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
250 for opt_k, opt_v in opt_string:gmatch("(%w+): ?([^,]+)") do |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
251 opts[opt_k] = opt_v; |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
252 end |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
253 end |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
254 return create_list(list_backend, list_definition:match("^%S+"), opts); |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
255 end |
|
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
256 |
|
2528
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2523
diff
changeset
|
257 function definition_handlers.PATTERN(name, pattern) |
|
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2523
diff
changeset
|
258 local ok, err = pcall(string.match, "", pattern); |
|
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2523
diff
changeset
|
259 if not ok then |
|
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2523
diff
changeset
|
260 error("Invalid pattern '"..name.."': "..err); |
|
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2523
diff
changeset
|
261 end |
|
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2523
diff
changeset
|
262 return pattern; |
|
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2523
diff
changeset
|
263 end |
|
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2523
diff
changeset
|
264 |
|
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2523
diff
changeset
|
265 function definition_handlers.SEARCH(name, pattern) |
|
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2523
diff
changeset
|
266 return pattern; |
|
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2523
diff
changeset
|
267 end |
|
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2523
diff
changeset
|
268 |
|
999
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
269 return definition_handlers; |