2020-10-07 16:49:14 +02:00
|
|
|
package.path = package.path .. ";./lib/?.lua"
|
|
|
|
|
|
|
|
|
|
local config = require "config"
|
|
|
|
|
local lrucache = require "lrucache"
|
|
|
|
|
local logging = require "logging"
|
|
|
|
|
local log_file = require "logging.file"
|
2021-02-08 17:21:13 +01:00
|
|
|
local socket = require "socket"
|
2020-10-07 16:49:14 +02:00
|
|
|
local http = require("socket.http")
|
|
|
|
|
local https = require("ssl.https")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
-- contain runtime = {}
|
|
|
|
|
local runtime = {}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
function ipToInt( str )
|
|
|
|
|
local num = 0
|
|
|
|
|
if str and type(str)=="string" then
|
|
|
|
|
local o1,o2,o3,o4 = str:match("(%d+)%.(%d+)%.(%d+)%.(%d+)" )
|
|
|
|
|
num = 2^24*o1 + 2^16*o2 + 2^8*o3 + o4
|
|
|
|
|
end
|
|
|
|
|
return num
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
local csmod = {}
|
|
|
|
|
|
2021-09-09 11:08:14 +02:00
|
|
|
function getLogLevel( level )
|
2021-09-09 11:36:33 +02:00
|
|
|
if level and type(level)=="string" then
|
|
|
|
|
if level:upper() == "INFO" then
|
2021-09-09 11:08:14 +02:00
|
|
|
return logging.INFO
|
|
|
|
|
end
|
2021-09-09 11:36:33 +02:00
|
|
|
if level:upper() == "WARN" then
|
2021-09-09 11:08:14 +02:00
|
|
|
return logging.WARN
|
|
|
|
|
end
|
2021-09-09 11:36:33 +02:00
|
|
|
if level:upper() == "DEBUG" then
|
2021-09-09 11:08:14 +02:00
|
|
|
return logging.DEBUG
|
|
|
|
|
end
|
2021-09-09 11:36:33 +02:00
|
|
|
if level:upper() == "ERROR" then
|
2021-09-09 11:08:14 +02:00
|
|
|
return logging.ERROR
|
|
|
|
|
end
|
2021-09-09 11:36:33 +02:00
|
|
|
if level:upper() == "FATAL" then
|
2021-09-09 11:08:14 +02:00
|
|
|
return logging.FATAL
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
return logging.INFO
|
|
|
|
|
end
|
|
|
|
|
|
2020-10-07 16:49:14 +02:00
|
|
|
-- init function
|
2020-11-03 15:45:44 +01:00
|
|
|
function csmod.init(configFile, userAgent)
|
2020-10-07 16:49:14 +02:00
|
|
|
local conf, err = config.loadConfig(configFile)
|
|
|
|
|
if conf == nil then
|
|
|
|
|
return nil, err
|
|
|
|
|
end
|
|
|
|
|
runtime.conf = conf
|
|
|
|
|
|
|
|
|
|
local logger = log_file(conf["LOG_FILE"])
|
2021-09-09 11:08:14 +02:00
|
|
|
logger:setLevel (getLogLevel(conf["LOG_LEVEL"]))
|
2020-10-07 16:49:14 +02:00
|
|
|
runtime.logger = logger
|
2020-11-03 15:45:44 +01:00
|
|
|
runtime.userAgent = userAgent
|
2020-10-07 16:49:14 +02:00
|
|
|
local c, err = lrucache.new(conf["CACHE_SIZE"])
|
|
|
|
|
if not c then
|
|
|
|
|
error("failed to create the cache: " .. (err or "unknown"))
|
|
|
|
|
end
|
|
|
|
|
runtime.cache = c
|
|
|
|
|
return true, nil
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
function csmod.allowIp(ip)
|
|
|
|
|
if runtime.conf == nil then
|
|
|
|
|
return nil, "Configuration is bad, cannot run properly"
|
|
|
|
|
end
|
|
|
|
|
local resp = runtime.cache:get(ip)
|
2020-11-10 21:06:22 +01:00
|
|
|
|
|
|
|
|
if resp ~= nil then -- we have it in cache
|
|
|
|
|
runtime.logger:debug("'" .. ip .. "' is in cache")
|
|
|
|
|
return resp, nil
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
-- not in cache
|
|
|
|
|
local link = runtime.conf["API_URL"] .. "/v1/decisions?ip=" .. ip
|
|
|
|
|
local resp = {}
|
2021-02-09 18:05:16 +01:00
|
|
|
local one, body, code, headers, status
|
|
|
|
|
|
2020-11-10 21:06:22 +01:00
|
|
|
if link:find("https://") == 1 then
|
2021-11-02 10:28:45 +01:00
|
|
|
https.TIMEOUT = runtime.conf['REQUEST_TIMEOUT']
|
2021-02-09 18:05:16 +01:00
|
|
|
one, code, headers, status = https.request{
|
2020-10-07 16:49:14 +02:00
|
|
|
url = link,
|
|
|
|
|
headers = {
|
|
|
|
|
['Connection'] = 'close',
|
2020-11-03 15:45:44 +01:00
|
|
|
['X-Api-Key'] = runtime.conf["API_KEY"],
|
|
|
|
|
['User-Agent'] = runtime.userAgent
|
2020-10-07 16:49:14 +02:00
|
|
|
},
|
|
|
|
|
content_type = 'application/json',
|
|
|
|
|
sink = ltn12.sink.table(resp),
|
|
|
|
|
protocol = "tlsv1",
|
|
|
|
|
options = "all",
|
2021-11-02 10:28:45 +01:00
|
|
|
verify = "none"
|
2020-10-07 16:49:14 +02:00
|
|
|
}
|
2020-11-10 21:06:22 +01:00
|
|
|
else
|
2021-02-09 18:05:16 +01:00
|
|
|
body, code, headers = http.request{
|
2020-10-07 16:49:14 +02:00
|
|
|
url = link,
|
|
|
|
|
headers = {
|
|
|
|
|
['Connection'] = 'close',
|
2020-11-03 16:24:08 +01:00
|
|
|
['X-Api-Key'] = runtime.conf["API_KEY"],
|
|
|
|
|
['User-Agent'] = runtime.userAgent
|
2020-10-07 16:49:14 +02:00
|
|
|
},
|
|
|
|
|
content_type = 'application/json',
|
2021-02-08 17:21:13 +01:00
|
|
|
sink = ltn12.sink.table(resp),
|
|
|
|
|
create = function()
|
|
|
|
|
local req_sock = socket.tcp()
|
|
|
|
|
req_sock:settimeout(runtime.conf['REQUEST_TIMEOUT'], 't')
|
|
|
|
|
return req_sock
|
|
|
|
|
end
|
2020-10-07 16:49:14 +02:00
|
|
|
}
|
2020-11-10 21:06:22 +01:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
resp = table.concat(resp)
|
|
|
|
|
if code~=200 then
|
2020-11-26 11:25:31 +01:00
|
|
|
ngx.log(ngx.ERR, "[Crowdsec] Http error " .. code .. " while talking to LAPI (" .. link .. ")") -- API error, don't block IP
|
|
|
|
|
runtime.logger:error("Http error " .. code .. " while talking to LAPI (" .. link .. ")")
|
2020-11-10 21:06:22 +01:00
|
|
|
return true, nil
|
|
|
|
|
end
|
|
|
|
|
if resp == "null" then -- no result from API, no decision for this IP
|
2021-09-09 11:40:45 +02:00
|
|
|
-- set ip in cache and DON'T block it
|
|
|
|
|
runtime.cache:set(ip, true,runtime.conf["CACHE_EXPIRATION"])
|
2020-11-10 21:06:22 +01:00
|
|
|
return true, nil
|
2020-10-07 16:49:14 +02:00
|
|
|
end
|
2021-09-09 11:40:45 +02:00
|
|
|
-- set ip in cache and block it
|
|
|
|
|
runtime.cache:set(ip, false,runtime.conf["CACHE_EXPIRATION"])
|
2020-11-10 21:06:22 +01:00
|
|
|
return false, nil
|
2020-10-07 16:49:14 +02:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
-- Use it if you are able to close at shuttime
|
|
|
|
|
function csmod.close()
|
|
|
|
|
end
|
|
|
|
|
|
2020-12-28 21:49:31 +01:00
|
|
|
return csmod
|
