initial import from /x/ monorepo
Signed-off-by: Xe Iaso <me@xeiaso.net>
This commit is contained in:
commit
9923878c5c
61 changed files with 5615 additions and 0 deletions
99
cmd/anubis/internal/config/config.go
Normal file
99
cmd/anubis/internal/config/config.go
Normal file
|
|
@ -0,0 +1,99 @@
|
|||
package config
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"regexp"
|
||||
)
|
||||
|
||||
type Rule string
|
||||
|
||||
const (
|
||||
RuleUnknown = ""
|
||||
RuleAllow = "ALLOW"
|
||||
RuleDeny = "DENY"
|
||||
RuleChallenge = "CHALLENGE"
|
||||
)
|
||||
|
||||
type Bot struct {
|
||||
Name string `json:"name"`
|
||||
UserAgentRegex *string `json:"user_agent_regex"`
|
||||
PathRegex *string `json:"path_regex"`
|
||||
Action Rule `json:"action"`
|
||||
}
|
||||
|
||||
var (
|
||||
ErrNoBotRulesDefined = errors.New("config: must define at least one (1) bot rule")
|
||||
ErrBotMustHaveName = errors.New("config.Bot: must set name")
|
||||
ErrBotMustHaveUserAgentOrPath = errors.New("config.Bot: must set either user_agent_regex, path_regex")
|
||||
ErrBotMustHaveUserAgentOrPathNotBoth = errors.New("config.Bot: must set either user_agent_regex, path_regex, and not both")
|
||||
ErrUnknownAction = errors.New("config.Bot: unknown action")
|
||||
ErrInvalidUserAgentRegex = errors.New("config.Bot: invalid user agent regex")
|
||||
ErrInvalidPathRegex = errors.New("config.Bot: invalid path regex")
|
||||
)
|
||||
|
||||
func (b Bot) Valid() error {
|
||||
var errs []error
|
||||
|
||||
if b.Name == "" {
|
||||
errs = append(errs, ErrBotMustHaveName)
|
||||
}
|
||||
|
||||
if b.UserAgentRegex == nil && b.PathRegex == nil {
|
||||
errs = append(errs, ErrBotMustHaveUserAgentOrPath)
|
||||
}
|
||||
|
||||
if b.UserAgentRegex != nil && b.PathRegex != nil {
|
||||
errs = append(errs, ErrBotMustHaveUserAgentOrPathNotBoth)
|
||||
}
|
||||
|
||||
if b.UserAgentRegex != nil {
|
||||
if _, err := regexp.Compile(*b.UserAgentRegex); err != nil {
|
||||
errs = append(errs, ErrInvalidUserAgentRegex, err)
|
||||
}
|
||||
}
|
||||
|
||||
if b.PathRegex != nil {
|
||||
if _, err := regexp.Compile(*b.PathRegex); err != nil {
|
||||
errs = append(errs, ErrInvalidPathRegex, err)
|
||||
}
|
||||
}
|
||||
|
||||
switch b.Action {
|
||||
case RuleAllow, RuleChallenge, RuleDeny:
|
||||
// okay
|
||||
default:
|
||||
errs = append(errs, fmt.Errorf("%w: %q", ErrUnknownAction, b.Action))
|
||||
}
|
||||
|
||||
if len(errs) != 0 {
|
||||
return fmt.Errorf("config: bot entry for %q is not valid:\n%w", b.Name, errors.Join(errs...))
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
type Config struct {
|
||||
Bots []Bot `json:"bots"`
|
||||
DNSBL bool `json:"dnsbl"`
|
||||
}
|
||||
|
||||
func (c Config) Valid() error {
|
||||
var errs []error
|
||||
|
||||
if len(c.Bots) == 0 {
|
||||
errs = append(errs, ErrNoBotRulesDefined)
|
||||
}
|
||||
|
||||
for _, b := range c.Bots {
|
||||
if err := b.Valid(); err != nil {
|
||||
errs = append(errs, err)
|
||||
}
|
||||
}
|
||||
|
||||
if len(errs) != 0 {
|
||||
return fmt.Errorf("config is not valid:\n%w", errors.Join(errs...))
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
168
cmd/anubis/internal/config/config_test.go
Normal file
168
cmd/anubis/internal/config/config_test.go
Normal file
|
|
@ -0,0 +1,168 @@
|
|||
package config
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func p[V any](v V) *V { return &v }
|
||||
|
||||
func TestBotValid(t *testing.T) {
|
||||
var tests = []struct {
|
||||
name string
|
||||
bot Bot
|
||||
err error
|
||||
}{
|
||||
{
|
||||
name: "simple user agent",
|
||||
bot: Bot{
|
||||
Name: "mozilla-ua",
|
||||
Action: RuleChallenge,
|
||||
UserAgentRegex: p("Mozilla"),
|
||||
},
|
||||
err: nil,
|
||||
},
|
||||
{
|
||||
name: "simple path",
|
||||
bot: Bot{
|
||||
Name: "well-known-path",
|
||||
Action: RuleAllow,
|
||||
PathRegex: p("^/.well-known/.*$"),
|
||||
},
|
||||
err: nil,
|
||||
},
|
||||
{
|
||||
name: "no rule name",
|
||||
bot: Bot{
|
||||
Action: RuleChallenge,
|
||||
UserAgentRegex: p("Mozilla"),
|
||||
},
|
||||
err: ErrBotMustHaveName,
|
||||
},
|
||||
{
|
||||
name: "no rule matcher",
|
||||
bot: Bot{
|
||||
Name: "broken-rule",
|
||||
Action: RuleAllow,
|
||||
},
|
||||
err: ErrBotMustHaveUserAgentOrPath,
|
||||
},
|
||||
{
|
||||
name: "both user-agent and path",
|
||||
bot: Bot{
|
||||
Name: "path-and-user-agent",
|
||||
Action: RuleDeny,
|
||||
UserAgentRegex: p("Mozilla"),
|
||||
PathRegex: p("^/.secret-place/.*$"),
|
||||
},
|
||||
err: ErrBotMustHaveUserAgentOrPathNotBoth,
|
||||
},
|
||||
{
|
||||
name: "unknown action",
|
||||
bot: Bot{
|
||||
Name: "Unknown action",
|
||||
Action: RuleUnknown,
|
||||
UserAgentRegex: p("Mozilla"),
|
||||
},
|
||||
err: ErrUnknownAction,
|
||||
},
|
||||
{
|
||||
name: "invalid user agent regex",
|
||||
bot: Bot{
|
||||
Name: "mozilla-ua",
|
||||
Action: RuleChallenge,
|
||||
UserAgentRegex: p("a(b"),
|
||||
},
|
||||
err: ErrInvalidUserAgentRegex,
|
||||
},
|
||||
{
|
||||
name: "invalid path regex",
|
||||
bot: Bot{
|
||||
Name: "mozilla-ua",
|
||||
Action: RuleChallenge,
|
||||
PathRegex: p("a(b"),
|
||||
},
|
||||
err: ErrInvalidPathRegex,
|
||||
},
|
||||
}
|
||||
|
||||
for _, cs := range tests {
|
||||
cs := cs
|
||||
t.Run(cs.name, func(t *testing.T) {
|
||||
err := cs.bot.Valid()
|
||||
if err == nil && cs.err == nil {
|
||||
return
|
||||
}
|
||||
|
||||
if err == nil && cs.err != nil {
|
||||
t.Errorf("didn't get an error, but wanted: %v", cs.err)
|
||||
}
|
||||
|
||||
if !errors.Is(err, cs.err) {
|
||||
t.Logf("got wrong error from Valid()")
|
||||
t.Logf("wanted: %v", cs.err)
|
||||
t.Logf("got: %v", err)
|
||||
t.Errorf("got invalid error from check")
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestConfigValidKnownGood(t *testing.T) {
|
||||
finfos, err := os.ReadDir("testdata/good")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
for _, st := range finfos {
|
||||
st := st
|
||||
t.Run(st.Name(), func(t *testing.T) {
|
||||
fin, err := os.Open(filepath.Join("testdata", "good", st.Name()))
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
defer fin.Close()
|
||||
|
||||
var c Config
|
||||
if err := json.NewDecoder(fin).Decode(&c); err != nil {
|
||||
t.Fatalf("can't decode file: %v", err)
|
||||
}
|
||||
|
||||
if err := c.Valid(); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestConfigValidBad(t *testing.T) {
|
||||
finfos, err := os.ReadDir("testdata/bad")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
for _, st := range finfos {
|
||||
st := st
|
||||
t.Run(st.Name(), func(t *testing.T) {
|
||||
fin, err := os.Open(filepath.Join("testdata", "bad", st.Name()))
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
defer fin.Close()
|
||||
|
||||
var c Config
|
||||
if err := json.NewDecoder(fin).Decode(&c); err != nil {
|
||||
t.Fatalf("can't decode file: %v", err)
|
||||
}
|
||||
|
||||
if err := c.Valid(); err == nil {
|
||||
t.Fatal("validation should have failed but didn't somehow")
|
||||
} else {
|
||||
t.Log(err)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
14
cmd/anubis/internal/config/testdata/bad/badregexes.json
vendored
Normal file
14
cmd/anubis/internal/config/testdata/bad/badregexes.json
vendored
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
{
|
||||
"bots": [
|
||||
{
|
||||
"name": "path-bad",
|
||||
"path_regex": "a(b",
|
||||
"action": "DENY"
|
||||
},
|
||||
{
|
||||
"name": "user-agent-bad",
|
||||
"user_agent_regex": "a(b",
|
||||
"action": "DENY"
|
||||
}
|
||||
]
|
||||
}
|
||||
5
cmd/anubis/internal/config/testdata/bad/invalid.json
vendored
Normal file
5
cmd/anubis/internal/config/testdata/bad/invalid.json
vendored
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"bots": [
|
||||
{}
|
||||
]
|
||||
}
|
||||
1
cmd/anubis/internal/config/testdata/bad/nobots.json
vendored
Normal file
1
cmd/anubis/internal/config/testdata/bad/nobots.json
vendored
Normal file
|
|
@ -0,0 +1 @@
|
|||
{}
|
||||
9
cmd/anubis/internal/config/testdata/good/challengemozilla.json
vendored
Normal file
9
cmd/anubis/internal/config/testdata/good/challengemozilla.json
vendored
Normal file
|
|
@ -0,0 +1,9 @@
|
|||
{
|
||||
"bots": [
|
||||
{
|
||||
"name": "generic-browser",
|
||||
"user_agent_regex": "Mozilla",
|
||||
"action": "CHALLENGE"
|
||||
}
|
||||
]
|
||||
}
|
||||
10
cmd/anubis/internal/config/testdata/good/everything_blocked.json
vendored
Normal file
10
cmd/anubis/internal/config/testdata/good/everything_blocked.json
vendored
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
{
|
||||
"bots": [
|
||||
{
|
||||
"name": "everything",
|
||||
"user_agent_regex": ".*",
|
||||
"action": "DENY"
|
||||
}
|
||||
],
|
||||
"dnsbl": false
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue