Mercurial > prosody-modules
annotate mod_firewall/definitions.lib.lua @ 2803:9db18f909b84
mod_storage_memory: Allow archive items to be overwritten by id
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Wed, 18 Oct 2017 20:25:48 +0200 |
parents | 8c879948a2cf |
children | 22e11645a895 |
rev | line source |
---|---|
2079
edec9de0220a
mod_firewall: Silence warnings about unused arguments [luacheck]
Kim Alvefur <zash@zash.se>
parents:
1863
diff
changeset
|
1 |
edec9de0220a
mod_firewall: Silence warnings about unused arguments [luacheck]
Kim Alvefur <zash@zash.se>
parents:
1863
diff
changeset
|
2 -- Name arguments are unused here |
edec9de0220a
mod_firewall: Silence warnings about unused arguments [luacheck]
Kim Alvefur <zash@zash.se>
parents:
1863
diff
changeset
|
3 -- luacheck: ignore 212 |
999
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 |
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 local definition_handlers = {}; |
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 |
2520
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
7 local http = require "net.http"; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
8 local timer = require "util.timer"; |
1863
92602cfac751
mod_firewall: Fix missing import of util.set (used to be global)
Kim Alvefur <zash@zash.se>
parents:
999
diff
changeset
|
9 local set = require"util.set"; |
999
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 local new_throttle = require "util.throttle".create; |
2586
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
11 local hashes = require "util.hashes"; |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
12 local jid = require "util.jid"; |
2128
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
13 |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
14 local multirate_cache_size = module:get_option_number("firewall_multirate_cache_limit", 1000); |
999
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 |
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 function definition_handlers.ZONE(zone_name, zone_members) |
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 local zone_member_list = {}; |
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 for member in zone_members:gmatch("[^, ]+") do |
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 zone_member_list[#zone_member_list+1] = member; |
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 end |
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 return set.new(zone_member_list)._items; |
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 end |
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 |
2128
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
24 -- Helper function used by RATE handler |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
25 local function evict_only_unthrottled(name, throttle) |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
26 throttle:update(); |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
27 -- Check whether the throttle is at max balance (i.e. totally safe to forget about it) |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
28 if throttle.balance < throttle.max then |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
29 -- Not safe to forget |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
30 return false; |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
31 end |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
32 end |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
33 |
999
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 function definition_handlers.RATE(name, line) |
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 local rate = assert(tonumber(line:match("([%d.]+)")), "Unable to parse rate"); |
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 local burst = tonumber(line:match("%(%s*burst%s+([%d.]+)%s*%)")) or 1; |
2128
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
37 local max_throttles = tonumber(line:match("%(%s*entries%s+([%d]+)%s*%)")) or multirate_cache_size; |
2370
5fe483b73fd2
mod_firewall: Rate limiting: Document 'entries' and add option to allow overflowing when full
Matthew Wild <mwild1@gmail.com>
parents:
2131
diff
changeset
|
38 local deny_when_full = not line:match("%(allow overflow%)"); |
2128
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
39 return { |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
40 single = function () |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
41 return new_throttle(rate*burst, burst); |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
42 end; |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
43 |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
44 multi = function () |
2370
5fe483b73fd2
mod_firewall: Rate limiting: Document 'entries' and add option to allow overflowing when full
Matthew Wild <mwild1@gmail.com>
parents:
2131
diff
changeset
|
45 local cache = require "util.cache".new(max_throttles, deny_when_full and evict_only_unthrottled or nil); |
2128
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
46 return { |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
47 poll_on = function (_, key, amount) |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
48 assert(key, "no key"); |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
49 local throttle = cache:get(key); |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
50 if not throttle then |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
51 throttle = new_throttle(rate*burst, burst); |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
52 if not cache:set(key, throttle) then |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
53 module:log("warn", "Multirate '%s' has hit its maximum number of active throttles (%d), denying new events", name, max_throttles); |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
54 return false; |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
55 end |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
56 end |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
57 return throttle:poll(amount); |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
58 end; |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
59 } |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
60 end; |
21bc4d7cddae
mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents:
2079
diff
changeset
|
61 }; |
999
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
62 end |
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
63 |
2520
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
64 local list_backends = { |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
65 memory = { |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
66 init = function (self, type, opts) |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
67 if opts.limit then |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
68 local have_cache_lib, cache_lib = pcall(require, "util.cache"); |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
69 if not have_cache_lib then |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
70 error("In-memory lists with a size limit require Prosody 0.10"); |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
71 end |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
72 self.cache = cache_lib.new((assert(tonumber(opts.limit), "Invalid list limit"))); |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
73 if not self.cache.table then |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
74 error("In-memory lists with a size limit require a newer version of Prosody 0.10"); |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
75 end |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
76 self.items = self.cache:table(); |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
77 else |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
78 self.items = {}; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
79 end |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
80 end; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
81 add = function (self, item) |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
82 self.items[item] = true; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
83 end; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
84 remove = function (self, item) |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
85 self.items[item] = nil; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
86 end; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
87 contains = function (self, item) |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
88 return self.items[item] == true; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
89 end; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
90 }; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
91 http = { |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
92 init = function (self, url, opts) |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
93 local poll_interval = assert(tonumber(opts.ttl or "3600"), "invalid ttl for <"..url.."> (expected number of seconds)"); |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
94 local pattern = opts.pattern or "([^\r\n]+)\r?\n"; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
95 assert(pcall(string.match, "", pattern), "invalid pattern for <"..url..">"); |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
96 if opts.hash then |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
97 assert(opts.hash:match("^%w+$") and type(hashes[opts.hash]) == "function", "invalid hash function: "..opts.hash); |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
98 self.hash_function = hashes[opts.hash]; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
99 end |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
100 local etag; |
2522
72cbec103709
mod_firewall: Improve HTTP polling logic
Matthew Wild <mwild1@gmail.com>
parents:
2520
diff
changeset
|
101 local failure_count = 0; |
72cbec103709
mod_firewall: Improve HTTP polling logic
Matthew Wild <mwild1@gmail.com>
parents:
2520
diff
changeset
|
102 local retry_intervals = { 60, 120, 300 }; |
2520
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
103 local function update_list() |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
104 http.request(url, { |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
105 headers = { |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
106 ["If-None-Match"] = etag; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
107 }; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
108 }, function (body, code, response) |
2522
72cbec103709
mod_firewall: Improve HTTP polling logic
Matthew Wild <mwild1@gmail.com>
parents:
2520
diff
changeset
|
109 local next_poll = poll_interval; |
2520
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
110 if code == 200 and body then |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
111 etag = response.headers.etag; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
112 local items = {}; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
113 for entry in body:gmatch(pattern) do |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
114 items[entry] = true; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
115 end |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
116 self.items = items; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
117 module:log("debug", "Fetched updated list from <%s>", url); |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
118 elseif code == 304 then |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
119 module:log("debug", "List at <%s> is unchanged", url); |
2522
72cbec103709
mod_firewall: Improve HTTP polling logic
Matthew Wild <mwild1@gmail.com>
parents:
2520
diff
changeset
|
120 elseif code == 0 or (code >= 400 and code <=599) then |
2520
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
121 module:log("warn", "Failed to fetch list from <%s>: %d %s", url, code, tostring(body)); |
2522
72cbec103709
mod_firewall: Improve HTTP polling logic
Matthew Wild <mwild1@gmail.com>
parents:
2520
diff
changeset
|
122 failure_count = failure_count + 1; |
72cbec103709
mod_firewall: Improve HTTP polling logic
Matthew Wild <mwild1@gmail.com>
parents:
2520
diff
changeset
|
123 next_poll = retry_intervals[failure_count] or retry_intervals[#retry_intervals]; |
2520
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
124 end |
2522
72cbec103709
mod_firewall: Improve HTTP polling logic
Matthew Wild <mwild1@gmail.com>
parents:
2520
diff
changeset
|
125 if next_poll > 0 then |
72cbec103709
mod_firewall: Improve HTTP polling logic
Matthew Wild <mwild1@gmail.com>
parents:
2520
diff
changeset
|
126 timer.add_task(next_poll+math.random(0, 60), update_list); |
2520
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
127 end |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
128 end); |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
129 end |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
130 update_list(); |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
131 end; |
2530
84e103fd8039
mod_firewall: Add dummy add/remove methods for HTTP lists
Matthew Wild <mwild1@gmail.com>
parents:
2528
diff
changeset
|
132 add = function () |
84e103fd8039
mod_firewall: Add dummy add/remove methods for HTTP lists
Matthew Wild <mwild1@gmail.com>
parents:
2528
diff
changeset
|
133 end; |
84e103fd8039
mod_firewall: Add dummy add/remove methods for HTTP lists
Matthew Wild <mwild1@gmail.com>
parents:
2528
diff
changeset
|
134 remove = function () |
84e103fd8039
mod_firewall: Add dummy add/remove methods for HTTP lists
Matthew Wild <mwild1@gmail.com>
parents:
2528
diff
changeset
|
135 end; |
2520
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
136 contains = function (self, item) |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
137 if self.hash_function then |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
138 item = self.hash_function(item); |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
139 end |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
140 return self.items and self.items[item] == true; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
141 end; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
142 }; |
2532
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
143 file = { |
2535
b85d88737a32
mod_firewall: Fix file backend init code
Matthew Wild <mwild1@gmail.com>
parents:
2532
diff
changeset
|
144 init = function (self, file_spec, opts) |
b85d88737a32
mod_firewall: Fix file backend init code
Matthew Wild <mwild1@gmail.com>
parents:
2532
diff
changeset
|
145 local filename = file_spec:gsub("^file:", ""); |
2532
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
146 local file, err = io.open(filename); |
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
147 if not file then |
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
148 module:log("warn", "Failed to open list from %s: %s", filename, err); |
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
149 return; |
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
150 end |
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
151 local items = {}; |
2536
22a271641c29
mod_firewall: Improve debug logging for LIST file backend
Matthew Wild <mwild1@gmail.com>
parents:
2535
diff
changeset
|
152 local n = 0; |
2532
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
153 for line in file:lines() do |
2536
22a271641c29
mod_firewall: Improve debug logging for LIST file backend
Matthew Wild <mwild1@gmail.com>
parents:
2535
diff
changeset
|
154 if not items[line] then |
22a271641c29
mod_firewall: Improve debug logging for LIST file backend
Matthew Wild <mwild1@gmail.com>
parents:
2535
diff
changeset
|
155 n = n + 1; |
22a271641c29
mod_firewall: Improve debug logging for LIST file backend
Matthew Wild <mwild1@gmail.com>
parents:
2535
diff
changeset
|
156 items[line] = true; |
22a271641c29
mod_firewall: Improve debug logging for LIST file backend
Matthew Wild <mwild1@gmail.com>
parents:
2535
diff
changeset
|
157 end |
2532
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
158 end |
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
159 self.items = items; |
2536
22a271641c29
mod_firewall: Improve debug logging for LIST file backend
Matthew Wild <mwild1@gmail.com>
parents:
2535
diff
changeset
|
160 module:log("debug", "Loaded %d items from %s", n, filename); |
2532
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
161 end; |
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
162 add = function (self, item) |
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
163 self.items[item] = true; |
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
164 end; |
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
165 remove = function (self, item) |
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
166 self.items[item] = nil; |
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
167 end; |
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
168 contains = function (self, item) |
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
169 return self.items and self.items[item] == true; |
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
170 end; |
2ddb74805f91
mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents:
2530
diff
changeset
|
171 }; |
2520
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
172 }; |
2523
a3a18d09ae8a
mod_firewall: Also handle HTTPS for lists
Matthew Wild <mwild1@gmail.com>
parents:
2522
diff
changeset
|
173 list_backends.https = list_backends.http; |
2520
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
174 |
2586
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
175 local normalize_functions = { |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
176 upper = string.upper, lower = string.lower; |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
177 md5 = hashes.md5, sha1 = hashes.sha1, sha256 = hashes.sha256; |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
178 prep = jid.prep, bare = jid.bare; |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
179 }; |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
180 |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
181 local function wrap_list_method(list_method, filter) |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
182 return function (self, item) |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
183 return list_method(self, filter(item)); |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
184 end |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
185 end |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
186 |
2520
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
187 local function create_list(list_backend, list_def, opts) |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
188 if not list_backends[list_backend] then |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
189 error("Unknown list type '"..list_backend.."'", 0); |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
190 end |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
191 local list = setmetatable({}, { __index = list_backends[list_backend] }); |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
192 if list.init then |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
193 list:init(list_def, opts); |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
194 end |
2586
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
195 if opts.filter then |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
196 local filters = {}; |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
197 for func_name in opts.filter:gmatch("[%w_]+") do |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
198 if func_name == "log" then |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
199 table.insert(filters, function (s) |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
200 --print("&&&&&", s); |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
201 module:log("debug", "Checking list <%s> for: %s", list_def, s); |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
202 return s; |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
203 end); |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
204 else |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
205 assert(normalize_functions[func_name], "Unknown list filter: "..func_name); |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
206 table.insert(filters, normalize_functions[func_name]); |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
207 end |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
208 end |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
209 |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
210 local filter; |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
211 local n = #filters; |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
212 if n == 1 then |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
213 filter = filters[1]; |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
214 else |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
215 function filter(s) |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
216 for i = 1, n do |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
217 s = filters[i](s or ""); |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
218 end |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
219 return s; |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
220 end |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
221 end |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
222 |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
223 list.add = wrap_list_method(list.add, filter); |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
224 list.remove = wrap_list_method(list.remove, filter); |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
225 list.contains = wrap_list_method(list.contains, filter); |
d28e434cb5fd
mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents:
2536
diff
changeset
|
226 end |
2520
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
227 return list; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
228 end |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
229 |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
230 --[[ |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
231 %LIST spammers: memory (source: /etc/spammers.txt) |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
232 |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
233 %LIST spammers: memory (source: /etc/spammers.txt) |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
234 |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
235 |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
236 %LIST spammers: http://example.com/blacklist.txt |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
237 ]] |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
238 |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
239 function definition_handlers.LIST(list_name, list_definition) |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
240 local list_backend = list_definition:match("^%w+"); |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
241 local opts = {}; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
242 local opt_string = list_definition:match("^%S+%s+%((.+)%)"); |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
243 if opt_string then |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
244 for opt_k, opt_v in opt_string:gmatch("(%w+): ?([^,]+)") do |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
245 opts[opt_k] = opt_v; |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
246 end |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
247 end |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
248 return create_list(list_backend, list_definition:match("^%S+"), opts); |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
249 end |
c6fd8975704b
mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents:
2370
diff
changeset
|
250 |
2528
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2523
diff
changeset
|
251 function definition_handlers.PATTERN(name, pattern) |
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2523
diff
changeset
|
252 local ok, err = pcall(string.match, "", pattern); |
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2523
diff
changeset
|
253 if not ok then |
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2523
diff
changeset
|
254 error("Invalid pattern '"..name.."': "..err); |
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2523
diff
changeset
|
255 end |
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2523
diff
changeset
|
256 return pattern; |
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2523
diff
changeset
|
257 end |
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2523
diff
changeset
|
258 |
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2523
diff
changeset
|
259 function definition_handlers.SEARCH(name, pattern) |
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2523
diff
changeset
|
260 return pattern; |
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2523
diff
changeset
|
261 end |
44a71584521d
mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents:
2523
diff
changeset
|
262 |
999
197af8440ffb
mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
263 return definition_handlers; |