update
This commit is contained in:
parent
cec44d2549
commit
10a2c34b96
7 changed files with 27 additions and 33 deletions
|
@ -35,7 +35,7 @@ function config.loadConfig(file)
|
|||
return nil, "File ".. file .." doesn't exist"
|
||||
end
|
||||
local conf = {}
|
||||
local valid_params = {'API_URL', 'API_KEY', 'BOUNCING_ON_TYPE', 'MODE', 'SECRET_KEY', 'SITE_KEY', 'CAPTCHA_TEMPLATE_PATH', 'REDIRECT_LOCATION', 'RET_CODE', 'EXCLUDE_LOCATION'}
|
||||
local valid_params = {'API_URL', 'API_KEY', 'BOUNCING_ON_TYPE', 'MODE', 'SECRET_KEY', 'SITE_KEY', 'BAN_TEMPLATE_PATH' ,'CAPTCHA_TEMPLATE_PATH', 'REDIRECT_LOCATION', 'RET_CODE', 'EXCLUDE_LOCATION'}
|
||||
local valid_int_params = {'CACHE_EXPIRATION', 'CACHE_SIZE', 'REQUEST_TIMEOUT', 'UPDATE_FREQUENCY', 'CAPTCHA_EXPIRATION'}
|
||||
local valid_bouncing_on_type_values = {'ban', 'captcha', 'all'}
|
||||
local default_values = {
|
||||
|
|
|
@ -6,6 +6,7 @@ local http = require "resty.http"
|
|||
local cjson = require "cjson"
|
||||
local recaptcha = require "plugins.crowdsec.recaptcha"
|
||||
local utils = require "plugins.crowdsec.utils"
|
||||
local ban = require "plugins.crowdsec.ban"
|
||||
|
||||
-- contain runtime = {}
|
||||
local runtime = {}
|
||||
|
@ -32,6 +33,7 @@ function csmod.init(configFile, userAgent)
|
|||
captcha_ok = true
|
||||
|
||||
err = recaptcha.New(runtime.conf["SITE_KEY"], runtime.conf["SECRET_KEY"], runtime.conf["CAPTCHA_TEMPLATE_PATH"])
|
||||
err = ban.new(runtime.conf["BAN_TEMPLATE_PATH"], runtime.conf["REDIRECT_LOCATION"], runtime.conf["RET_CODE"])
|
||||
|
||||
if runtime.conf["REDIRECT_LOCATION"] ~= "" then
|
||||
table.insert(runtime.conf["EXCLUDE_LOCATION"], runtime.conf["REDIRECT_LOCATION"])
|
||||
|
@ -367,7 +369,7 @@ end
|
|||
|
||||
|
||||
function csmod.Allow(ip)
|
||||
if utils.table_len(runtime.conf["EXCLUDE_LOCATION"]) > 0 then
|
||||
if runtime.conf["EXCLUDE_LOCATION"] ~= nil and utils.table_len(runtime.conf["EXCLUDE_LOCATION"]) > 0 then
|
||||
for k, v in pairs(runtime.conf["EXCLUDE_LOCATION"]) do
|
||||
if ngx.var.uri == v then
|
||||
ngx.log(ngx.ERR, "whitelisted location: " .. v)
|
||||
|
@ -426,16 +428,7 @@ function csmod.Allow(ip)
|
|||
if not ok then
|
||||
ngx.log(ngx.ALERT, "[Crowdsec] denied '" .. ngx.var.remote_addr .. "' with '"..remediation.."'")
|
||||
if remediation == "ban" then
|
||||
if runtime.conf["REDIRECT_LOCATION"] ~= "" then
|
||||
ngx.redirect(runtime.conf["REDIRECT_LOCATION"])
|
||||
else
|
||||
ret_code = runtime.conf["RET_CODE"]
|
||||
if ret_code ~= nil and ret_code ~= "" and ret_code ~= 0 then
|
||||
ngx.exit(utils.HTTP_CODE[ret_code])
|
||||
else
|
||||
ngx.exit(ngx.HTTP_FORBIDDEN)
|
||||
end
|
||||
end
|
||||
ban.apply()
|
||||
return
|
||||
end
|
||||
-- if the remediation is a captcha and captcha is well configured
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
--local template = require "resty.template.safe"
|
||||
local http = require "resty.http"
|
||||
local cjson = require "cjson"
|
||||
local template = require "plugins.crowdsec.template"
|
||||
local utils = require "plugins.crowdsec.utils"
|
||||
|
||||
|
||||
local M = {_TYPE='module', _NAME='recaptcha.funcs', _VERSION='1.0-0'}
|
||||
|
@ -30,24 +30,7 @@ function M.GetStateID(state)
|
|||
return nil
|
||||
end
|
||||
|
||||
local function read_file(path)
|
||||
local file = io.open(path, "r") -- r read mode and b binary mode
|
||||
if not file then return nil end
|
||||
io.input(file)
|
||||
content = io.read("*a")
|
||||
io.close(file)
|
||||
return content
|
||||
end
|
||||
|
||||
local function file_exist(path)
|
||||
local f = io.open(path, "r")
|
||||
if f ~= nil then
|
||||
io.close(f)
|
||||
return true
|
||||
else
|
||||
return false
|
||||
end
|
||||
end
|
||||
|
||||
function M.New(siteKey, secretKey, TemplateFilePath)
|
||||
|
||||
|
@ -62,11 +45,11 @@ function M.New(siteKey, secretKey, TemplateFilePath)
|
|||
|
||||
M.SecretKey = secretKey
|
||||
|
||||
if file_exist(TemplateFilePath) == false then
|
||||
if utils.file_exist(TemplateFilePath) == false then
|
||||
return "captcha template file doesn't exist, can't use recaptcha"
|
||||
end
|
||||
|
||||
local captcha_template = read_file(TemplateFilePath)
|
||||
local captcha_template = utils.read_file(TemplateFilePath)
|
||||
if captcha_template == nil then
|
||||
return "Template file " .. TemplateFilePath .. "not found."
|
||||
end
|
||||
|
|
|
@ -11,6 +11,7 @@ MODE=stream
|
|||
EXCLUDE_LOCATION=
|
||||
#those apply for "ban" action
|
||||
# /!\ REDIRECT_LOCATION and RET_CODE can't be used together. REDIRECT_LOCATION take priority over RET_CODE
|
||||
BAN_TEMPLATE_PATH=/usr/local/lua/crowdsec/templates/captcha.html
|
||||
REDIRECT_LOCATION=
|
||||
RET_CODE=
|
||||
#those apply for "captcha" action
|
||||
|
@ -18,5 +19,5 @@ RET_CODE=
|
|||
SECRET_KEY=
|
||||
# Recaptcha Site key
|
||||
SITE_KEY=
|
||||
CAPTCHA_TEMPLATE_PATH=/usr/local/lua/crowdsec/captcha.html
|
||||
CAPTCHA_TEMPLATE_PATH=/usr/local/lua/crowdsec/templates/captcha.html
|
||||
CAPTCHA_EXPIRATION=3600
|
||||
|
|
0
nginx/templates/ban.html
Normal file
0
nginx/templates/ban.html
Normal file
|
@ -15,7 +15,24 @@ M.HTTP_CODE["404"] = ngx.HTTP_NOT_FOUND
|
|||
M.HTTP_CODE["405"] = ngx.HTTP_NOT_ALLOWED
|
||||
M.HTTP_CODE["500"] = ngx.HTTP_INTERNAL_SERVER_ERROR
|
||||
|
||||
function M.read_file(path)
|
||||
local file = io.open(path, "r") -- r read mode and b binary mode
|
||||
if not file then return nil end
|
||||
io.input(file)
|
||||
content = io.read("*a")
|
||||
io.close(file)
|
||||
return content
|
||||
end
|
||||
|
||||
function M.file_exist(path)
|
||||
local f = io.open(path, "r")
|
||||
if f ~= nil then
|
||||
io.close(f)
|
||||
return true
|
||||
else
|
||||
return false
|
||||
end
|
||||
end
|
||||
|
||||
function M.starts_with(str, start)
|
||||
return str:sub(1, #start) == start
|
||||
|
|
Loading…
Add table
Reference in a new issue