initial import from /x/ monorepo

Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-03-17 19:33:07 -04:00 · 2025-03-17 19:33:07 -04:00 · 9923878c5c
commit 9923878c5c
61 changed files with 5615 additions and 0 deletions
--- a/cmd/anubis/internal/config/config.go
+++ b/cmd/anubis/internal/config/config.go
@ -0,0 +1,99 @@
+package config
+
+import (
+	"errors"
+	"fmt"
+	"regexp"
+)
+
+type Rule string
+
+const (
+	RuleUnknown   = ""
+	RuleAllow     = "ALLOW"
+	RuleDeny      = "DENY"
+	RuleChallenge = "CHALLENGE"
+)
+
+type Bot struct {
+	Name           string  `json:"name"`
+	UserAgentRegex *string `json:"user_agent_regex"`
+	PathRegex      *string `json:"path_regex"`
+	Action         Rule    `json:"action"`
+}
+
+var (
+	ErrNoBotRulesDefined                 = errors.New("config: must define at least one (1) bot rule")
+	ErrBotMustHaveName                   = errors.New("config.Bot: must set name")
+	ErrBotMustHaveUserAgentOrPath        = errors.New("config.Bot: must set either user_agent_regex, path_regex")
+	ErrBotMustHaveUserAgentOrPathNotBoth = errors.New("config.Bot: must set either user_agent_regex, path_regex, and not both")
+	ErrUnknownAction                     = errors.New("config.Bot: unknown action")
+	ErrInvalidUserAgentRegex             = errors.New("config.Bot: invalid user agent regex")
+	ErrInvalidPathRegex                  = errors.New("config.Bot: invalid path regex")
+)
+
+func (b Bot) Valid() error {
+	var errs []error
+
+	if b.Name == "" {
+		errs = append(errs, ErrBotMustHaveName)
+	}
+
+	if b.UserAgentRegex == nil && b.PathRegex == nil {
+		errs = append(errs, ErrBotMustHaveUserAgentOrPath)
+	}
+
+	if b.UserAgentRegex != nil && b.PathRegex != nil {
+		errs = append(errs, ErrBotMustHaveUserAgentOrPathNotBoth)
+	}
+
+	if b.UserAgentRegex != nil {
+		if _, err := regexp.Compile(*b.UserAgentRegex); err != nil {
+			errs = append(errs, ErrInvalidUserAgentRegex, err)
+		}
+	}
+
+	if b.PathRegex != nil {
+		if _, err := regexp.Compile(*b.PathRegex); err != nil {
+			errs = append(errs, ErrInvalidPathRegex, err)
+		}
+	}
+
+	switch b.Action {
+	case RuleAllow, RuleChallenge, RuleDeny:
+		// okay
+	default:
+		errs = append(errs, fmt.Errorf("%w: %q", ErrUnknownAction, b.Action))
+	}
+
+	if len(errs) != 0 {
+		return fmt.Errorf("config: bot entry for %q is not valid:\n%w", b.Name, errors.Join(errs...))
+	}
+
+	return nil
+}
+
+type Config struct {
+	Bots  []Bot `json:"bots"`
+	DNSBL bool  `json:"dnsbl"`
+}
+
+func (c Config) Valid() error {
+	var errs []error
+
+	if len(c.Bots) == 0 {
+		errs = append(errs, ErrNoBotRulesDefined)
+	}
+
+	for _, b := range c.Bots {
+		if err := b.Valid(); err != nil {
+			errs = append(errs, err)
+		}
+	}
+
+	if len(errs) != 0 {
+		return fmt.Errorf("config is not valid:\n%w", errors.Join(errs...))
+	}
+
+	return nil
+}
--- a/cmd/anubis/internal/config/config_test.go
+++ b/cmd/anubis/internal/config/config_test.go
@ -0,0 +1,168 @@
+package config
+
+import (
+	"encoding/json"
+	"errors"
+	"os"
+	"path/filepath"
+	"testing"
+)
+
+func p[V any](v V) *V { return &v }
+
+func TestBotValid(t *testing.T) {
+	var tests = []struct {
+		name string
+		bot  Bot
+		err  error
+	}{
+		{
+			name: "simple user agent",
+			bot: Bot{
+				Name:           "mozilla-ua",
+				Action:         RuleChallenge,
+				UserAgentRegex: p("Mozilla"),
+			},
+			err: nil,
+		},
+		{
+			name: "simple path",
+			bot: Bot{
+				Name:      "well-known-path",
+				Action:    RuleAllow,
+				PathRegex: p("^/.well-known/.*$"),
+			},
+			err: nil,
+		},
+		{
+			name: "no rule name",
+			bot: Bot{
+				Action:         RuleChallenge,
+				UserAgentRegex: p("Mozilla"),
+			},
+			err: ErrBotMustHaveName,
+		},
+		{
+			name: "no rule matcher",
+			bot: Bot{
+				Name:   "broken-rule",
+				Action: RuleAllow,
+			},
+			err: ErrBotMustHaveUserAgentOrPath,
+		},
+		{
+			name: "both user-agent and path",
+			bot: Bot{
+				Name:           "path-and-user-agent",
+				Action:         RuleDeny,
+				UserAgentRegex: p("Mozilla"),
+				PathRegex:      p("^/.secret-place/.*$"),
+			},
+			err: ErrBotMustHaveUserAgentOrPathNotBoth,
+		},
+		{
+			name: "unknown action",
+			bot: Bot{
+				Name:           "Unknown action",
+				Action:         RuleUnknown,
+				UserAgentRegex: p("Mozilla"),
+			},
+			err: ErrUnknownAction,
+		},
+		{
+			name: "invalid user agent regex",
+			bot: Bot{
+				Name:           "mozilla-ua",
+				Action:         RuleChallenge,
+				UserAgentRegex: p("a(b"),
+			},
+			err: ErrInvalidUserAgentRegex,
+		},
+		{
+			name: "invalid path regex",
+			bot: Bot{
+				Name:      "mozilla-ua",
+				Action:    RuleChallenge,
+				PathRegex: p("a(b"),
+			},
+			err: ErrInvalidPathRegex,
+		},
+	}
+
+	for _, cs := range tests {
+		cs := cs
+		t.Run(cs.name, func(t *testing.T) {
+			err := cs.bot.Valid()
+			if err == nil && cs.err == nil {
+				return
+			}
+
+			if err == nil && cs.err != nil {
+				t.Errorf("didn't get an error, but wanted: %v", cs.err)
+			}
+
+			if !errors.Is(err, cs.err) {
+				t.Logf("got wrong error from Valid()")
+				t.Logf("wanted: %v", cs.err)
+				t.Logf("got:    %v", err)
+				t.Errorf("got invalid error from check")
+			}
+		})
+	}
+}
+
+func TestConfigValidKnownGood(t *testing.T) {
+	finfos, err := os.ReadDir("testdata/good")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	for _, st := range finfos {
+		st := st
+		t.Run(st.Name(), func(t *testing.T) {
+			fin, err := os.Open(filepath.Join("testdata", "good", st.Name()))
+			if err != nil {
+				t.Fatal(err)
+			}
+			defer fin.Close()
+
+			var c Config
+			if err := json.NewDecoder(fin).Decode(&c); err != nil {
+				t.Fatalf("can't decode file: %v", err)
+			}
+
+			if err := c.Valid(); err != nil {
+				t.Fatal(err)
+			}
+		})
+	}
+}
+
+func TestConfigValidBad(t *testing.T) {
+	finfos, err := os.ReadDir("testdata/bad")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	for _, st := range finfos {
+		st := st
+		t.Run(st.Name(), func(t *testing.T) {
+			fin, err := os.Open(filepath.Join("testdata", "bad", st.Name()))
+			if err != nil {
+				t.Fatal(err)
+			}
+			defer fin.Close()
+
+			var c Config
+			if err := json.NewDecoder(fin).Decode(&c); err != nil {
+				t.Fatalf("can't decode file: %v", err)
+			}
+
+			if err := c.Valid(); err == nil {
+				t.Fatal("validation should have failed but didn't somehow")
+			} else {
+				t.Log(err)
+			}
+		})
+	}
+}
--- a/cmd/anubis/internal/config/testdata/bad/badregexes.json
+++ b/cmd/anubis/internal/config/testdata/bad/badregexes.json
@ -0,0 +1,14 @@
+{
+  "bots": [
+    {
+      "name": "path-bad",
+      "path_regex": "a(b",
+      "action": "DENY"
+    },
+    {
+      "name": "user-agent-bad",
+      "user_agent_regex": "a(b",
+      "action": "DENY"
+    }
+  ]
+}
--- a/cmd/anubis/internal/config/testdata/bad/invalid.json
+++ b/cmd/anubis/internal/config/testdata/bad/invalid.json
@ -0,0 +1,5 @@
+{
+  "bots": [
+    {}
+  ]
+}
--- a/cmd/anubis/internal/config/testdata/bad/nobots.json
+++ b/cmd/anubis/internal/config/testdata/bad/nobots.json
@ -0,0 +1 @@
+{}
--- a/cmd/anubis/internal/config/testdata/good/challengemozilla.json
+++ b/cmd/anubis/internal/config/testdata/good/challengemozilla.json
@ -0,0 +1,9 @@
+{
+  "bots": [
+    {
+      "name": "generic-browser",
+      "user_agent_regex": "Mozilla",
+      "action": "CHALLENGE"
+    }
+  ]
+}
--- a/cmd/anubis/internal/config/testdata/good/everything_blocked.json
+++ b/cmd/anubis/internal/config/testdata/good/everything_blocked.json
@ -0,0 +1,10 @@
+{
+  "bots": [
+    {
+      "name": "everything",
+      "user_agent_regex": ".*",
+      "action": "DENY"
+    }
+  ],
+  "dnsbl": false
+}