feat: implement a client for Thoth, the IP reputation database for Anubis (#637)
* feat(internal): add Thoth client and simple ASN checker Signed-off-by: Xe Iaso <me@xeiaso.net> * feat(thoth): cached ip to asn checker Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: go mod tidy Signed-off-by: Xe Iaso <me@xeiaso.net> * fix(thoth): minor testing fixups, ensure ASNChecker is Checker Signed-off-by: Xe Iaso <me@xeiaso.net> * feat(thoth): make ASNChecker instances Signed-off-by: Xe Iaso <me@xeiaso.net> * feat(thoth): add GeoIP checker Signed-off-by: Xe Iaso <me@xeiaso.net> * feat(thoth): store a thoth client in a context Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: refactor Checker type to its own package Signed-off-by: Xe Iaso <me@xeiaso.net> * test(thoth): add thoth mocking package, ignore context deadline exceeded errors Signed-off-by: Xe Iaso <me@xeiaso.net> * feat(thoth): pre-cache private ranges Signed-off-by: Xe Iaso <me@xeiaso.net> * feat(lib/policy/config): enable thoth ASNs and GeoIP checker parsing Signed-off-by: Xe Iaso <me@xeiaso.net> * chore(thoth): refactor to move checker creation to the checker files Signed-off-by: Xe Iaso <me@xeiaso.net> * feat(policy): enable thoth checks Signed-off-by: Xe Iaso <me@xeiaso.net> * feat(thothmock): test helper function for loading a mock thoth instance Signed-off-by: Xe Iaso <me@xeiaso.net> * feat: wire up Thoth, make thoth checks part of the default config Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: spelling Signed-off-by: Xe Iaso <me@xeiaso.net> * fix(thoth): mend staticcheck errors Signed-off-by: Xe Iaso <me@xeiaso.net> * docs(admin): add Thoth docs Signed-off-by: Xe Iaso <me@xeiaso.net> * chore(policy): update Thoth links in error messages Signed-off-by: Xe Iaso <me@xeiaso.net> * docs: update CHANGELOG Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: spelling Signed-off-by: Xe Iaso <me@xeiaso.net> * chore(docs/manifest): enable Thoth Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: add THOTH_INSECURE for contacting Thoth over plain TCP in extreme circumstances Signed-off-by: Xe Iaso <me@xeiaso.net> * test(thoth): use mock thoth when credentials aren't detected in the environment Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: spelling Signed-off-by: Xe Iaso <me@xeiaso.net> * fix(cmd/anubis): better warnings for half-configured Thoth setups Signed-off-by: Xe Iaso <me@xeiaso.net> * docs(botpolicies): link to Thoth geoip docs Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net>
This commit is contained in:
Xe Iaso
GitHub
parent
823d1be5d1
commit
e3826df3ab
39 changed files with 1101 additions and 82 deletions
59
internal/thoth/thothmock/iptoasn.go
Normal file
59
internal/thoth/thothmock/iptoasn.go
Normal file
|
|
@ -0,0 +1,59 @@
|
|||
package thothmock
|
||||
|
||||
import (
|
||||
"context"
|
||||
"net/netip"
|
||||
|
||||
iptoasnv1 "github.com/TecharoHQ/thoth-proto/gen/techaro/thoth/iptoasn/v1"
|
||||
"google.golang.org/grpc"
|
||||
"google.golang.org/grpc/codes"
|
||||
"google.golang.org/grpc/status"
|
||||
)
|
||||
|
||||
func MockIpToASNService() *IpToASNService {
|
||||
responses := map[string]*iptoasnv1.LookupResponse{
|
||||
"127.0.0.1": {Announced: false},
|
||||
"::1": {Announced: false},
|
||||
"10.10.10.10": {
|
||||
Announced: true,
|
||||
AsNumber: 13335,
|
||||
Cidr: []string{"1.1.1.0/24"},
|
||||
CountryCode: "US",
|
||||
Description: "Cloudflare",
|
||||
},
|
||||
"2.2.2.2": {
|
||||
Announced: true,
|
||||
AsNumber: 420,
|
||||
Cidr: []string{"2.2.2.0/24"},
|
||||
CountryCode: "CA",
|
||||
Description: "test canada",
|
||||
},
|
||||
"1.1.1.1": {
|
||||
Announced: true,
|
||||
AsNumber: 13335,
|
||||
Cidr: []string{"1.1.1.0/24"},
|
||||
CountryCode: "US",
|
||||
Description: "Cloudflare",
|
||||
},
|
||||
}
|
||||
|
||||
return &IpToASNService{Responses: responses}
|
||||
}
|
||||
|
||||
type IpToASNService struct {
|
||||
iptoasnv1.UnimplementedIpToASNServiceServer
|
||||
Responses map[string]*iptoasnv1.LookupResponse
|
||||
}
|
||||
|
||||
func (ip2asn *IpToASNService) Lookup(ctx context.Context, lr *iptoasnv1.LookupRequest, opts ...grpc.CallOption) (*iptoasnv1.LookupResponse, error) {
|
||||
if _, err := netip.ParseAddr(lr.GetIpAddress()); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
resp, ok := ip2asn.Responses[lr.GetIpAddress()]
|
||||
if !ok {
|
||||
return nil, status.Error(codes.NotFound, "IP address not found in mock")
|
||||
}
|
||||
|
||||
return resp, nil
|
||||
}
|
||||
17
internal/thoth/thothmock/withthothmock.go
Normal file
17
internal/thoth/thothmock/withthothmock.go
Normal file
|
|
@ -0,0 +1,17 @@
|
|||
package thothmock
|
||||
|
||||
import (
|
||||
"context"
|
||||
"testing"
|
||||
|
||||
"github.com/TecharoHQ/anubis/internal/thoth"
|
||||
)
|
||||
|
||||
func WithMockThoth(t *testing.T) context.Context {
|
||||
t.Helper()
|
||||
|
||||
thothCli := &thoth.Client{}
|
||||
thothCli.WithIPToASNService(MockIpToASNService())
|
||||
ctx := thoth.With(t.Context(), thothCli)
|
||||
return ctx
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue