various fixes for core plugins
This commit is contained in:
parent
4ba5d66598
commit
00b50c1629
|
@ -33,8 +33,7 @@ logger:log(ngx.INFO, "ngx.ctx filled (ret = " .. ret .. ")")
|
|||
-- Process bans as soon as possible
|
||||
local ok, reason = datastore:get("bans_ip_" .. ngx.ctx.bw.remote_addr)
|
||||
if not ok and reason ~= "not found" then
|
||||
logger:log(ngx.INFO, "error while checking if client is banned : " .. reason)
|
||||
return false
|
||||
logger:log(ngx.ERR, "error while checking if client is banned : " .. reason)
|
||||
elseif ok and reason ~= "not found" then
|
||||
logger:log(ngx.WARN, "IP " .. ngx.ctx.bw.remote_addr .. " is banned with reason : " .. reason)
|
||||
return ngx.exit(utils.get_deny_status())
|
||||
|
|
|
@ -17,15 +17,8 @@ function blacklist:initialize()
|
|||
self.logger:log(ngx.ERR, err)
|
||||
end
|
||||
self.use_redis = use_redis == "yes"
|
||||
-- Check if init is needed
|
||||
if ngx.get_phase() == "init" then
|
||||
local init_needed, err = utils.has_variable("USE_BLACKLIST", "yes")
|
||||
if init_needed == nil then
|
||||
self.logger:log(ngx.ERR, err)
|
||||
end
|
||||
self.init_needed = init_needed
|
||||
-- Decode lists
|
||||
else
|
||||
if ngx.get_phase() ~= "init" and self.variables["USE_BLACKLIST"] == "yes" then
|
||||
local lists, err = self.datastore:get("plugin_blacklist_lists")
|
||||
if not lists then
|
||||
self.logger:log(ngx.ERR, err)
|
||||
|
@ -39,9 +32,14 @@ end
|
|||
|
||||
function blacklist:init()
|
||||
-- Check if init is needed
|
||||
if not self.init_needed then
|
||||
local init_needed, err = utils.has_variable("USE_BLACKLIST", "yes")
|
||||
if init_needed == nil then
|
||||
return self:ret(false, "can't check USE_BLACKLIST variable : " .. err)
|
||||
end
|
||||
if not init_needed then
|
||||
return self:ret(true, "init not needed")
|
||||
end
|
||||
|
||||
-- Read blacklists
|
||||
local blacklists = {
|
||||
["IP"] = {},
|
||||
|
|
|
@ -10,29 +10,27 @@ local bunkernet = class("bunkernet", plugin)
|
|||
function bunkernet:initialize()
|
||||
-- Call parent initialize
|
||||
plugin.initialize(self, "bunkernet")
|
||||
-- Check if init is needed
|
||||
if ngx.get_phase() == "init" then
|
||||
local init_needed, err = utils.has_variable("USE_BUNKERNET", "yes")
|
||||
if init_needed == nil then
|
||||
self.logger:log(ngx.ERR, err)
|
||||
end
|
||||
self.init_needed = init_needed
|
||||
-- Get BunkerNet ID
|
||||
else
|
||||
if ngx.get_phase() ~= "init" and self.variables["USE_BUNKERNET"] == "yes" then
|
||||
local id, err = self.datastore:get("plugin_bunkernet_id")
|
||||
if not id then
|
||||
self.bunkernet_id = nil
|
||||
else
|
||||
if id then
|
||||
self.bunkernet_id = id
|
||||
else
|
||||
self.logger:log(ngx.ERR, "can't get BunkerNet ID from datastore : " .. err)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
function bunkernet:init()
|
||||
-- Check if init is needed
|
||||
if not self.init_needed then
|
||||
local init_needed, err = utils.has_variable("USE_BUNKERNET", "yes")
|
||||
if init_needed == nil then
|
||||
return self:ret(false, "can't check USE_BUNKERNET variable : " .. err)
|
||||
end
|
||||
if not init_needed then
|
||||
return self:ret(true, "no service uses bunkernet, skipping init")
|
||||
end
|
||||
|
||||
-- Check if instance ID is present
|
||||
local f, err = io.open("/var/cache/bunkerweb/bunkernet/instance.id", "r")
|
||||
if not f then
|
||||
|
@ -83,7 +81,7 @@ function bunkernet:log(bypass_use_bunkernet)
|
|||
end
|
||||
-- Check if BunkerNet ID is generated
|
||||
if not self.bunkernet_id then
|
||||
return self:ret(true, "bunkernet ID is not generated")
|
||||
return self:ret(false, "bunkernet ID is not generated")
|
||||
end
|
||||
-- Check if IP has been blocked
|
||||
local reason = utils.get_reason()
|
||||
|
@ -98,8 +96,10 @@ function bunkernet:log(bypass_use_bunkernet)
|
|||
return self:ret(true, "IP is not global")
|
||||
end
|
||||
-- TODO : check if IP has been reported recently
|
||||
self.integration = ngx.ctx.bw.integration
|
||||
self.version = ngx.ctx.bw.version
|
||||
local function report_callback(premature, obj, ip, reason, method, url, headers)
|
||||
local ok, err, status, data = obj:report(ip, reason, method, url, headers)
|
||||
local ok, err, status, data = obj:report(ip, reason, method, url, headers, obj.ctx.integration, obj.ctx.version)
|
||||
if status == 429 then
|
||||
obj.logger:log(ngx.WARN, "bunkernet API is rate limiting us")
|
||||
elseif not ok then
|
||||
|
@ -145,8 +145,8 @@ function bunkernet:request(method, url, data)
|
|||
end
|
||||
local all_data = {
|
||||
id = self.id,
|
||||
integration = utils.get_integration(),
|
||||
version = utils.get_version()
|
||||
integration = self.integration,
|
||||
version = self.version
|
||||
}
|
||||
for k, v in pairs(data) do
|
||||
all_data[k] = v
|
||||
|
@ -156,7 +156,7 @@ function bunkernet:request(method, url, data)
|
|||
body = cjson.encode(all_data),
|
||||
headers = {
|
||||
["Content-Type"] = "application/json",
|
||||
["User-Agent"] = "BunkerWeb/" .. utils.get_version()
|
||||
["User-Agent"] = "BunkerWeb/" .. self.version
|
||||
}
|
||||
})
|
||||
httpc:close()
|
||||
|
|
|
@ -16,15 +16,8 @@ function greylist:initialize()
|
|||
self.logger:log(ngx.ERR, err)
|
||||
end
|
||||
self.use_redis = use_redis == "yes"
|
||||
-- Check if init is needed
|
||||
if ngx.get_phase() == "init" then
|
||||
local init_needed, err = utils.has_variable("USE_GREYLIST", "yes")
|
||||
if init_needed == nil then
|
||||
self.logger:log(ngx.ERR, err)
|
||||
end
|
||||
self.init_needed = init_needed
|
||||
-- Decode lists
|
||||
elseif self.variables["USE_GREYLIST"] == "yes" then
|
||||
if ngx.get_phase() ~= "init" and self.variables["USE_GREYLIST"] == "yes" then
|
||||
local lists, err = self.datastore:get("plugin_greylist_lists")
|
||||
if not lists then
|
||||
self.logger:log(ngx.ERR, err)
|
||||
|
@ -38,7 +31,11 @@ end
|
|||
|
||||
function greylist:init()
|
||||
-- Check if init is needed
|
||||
if not self.init_needed then
|
||||
local init_needed, err = utils.has_variable("USE_GREYLIST", "yes")
|
||||
if init_needed == nil then
|
||||
return self:ret(false, "can't check USE_GREYLIST variable : " .. err)
|
||||
end
|
||||
if not init_needed then
|
||||
return self:ret(true, "init not needed")
|
||||
end
|
||||
-- Read greylists
|
||||
|
|
|
@ -17,28 +17,26 @@ function limit:initialize()
|
|||
end
|
||||
self.use_redis = use_redis == "yes"
|
||||
-- Load rules if needed
|
||||
if ngx.get_phase() == "access" then
|
||||
if self.variables["USE_LIMIT_REQ"] == "yes" then
|
||||
-- Get all rules from datastore
|
||||
local limited = false
|
||||
local all_rules, err = self.datastore:get("plugin_limit_rules")
|
||||
if not all_rules then
|
||||
self.logger:log(ngx.ERR, err)
|
||||
return
|
||||
if ngx.get_phase() ~= "init" and self.variables["USE_LIMIT_REQ"] == "yes" then
|
||||
-- Get all rules from datastore
|
||||
local limited = false
|
||||
local all_rules, err = self.datastore:get("plugin_limit_rules")
|
||||
if not all_rules then
|
||||
self.logger:log(ngx.ERR, err)
|
||||
return
|
||||
end
|
||||
all_rules = cjson.decode(all_rules)
|
||||
self.rules = {}
|
||||
-- Extract global rules
|
||||
if all_rules.global then
|
||||
for k, v in pairs(all_rules.global) do
|
||||
self.rules[k] = v
|
||||
end
|
||||
all_rules = cjson.decode(all_rules)
|
||||
self.rules = {}
|
||||
-- Extract global rules
|
||||
if all_rules.global then
|
||||
for k, v in pairs(all_rules.global) do
|
||||
self.rules[k] = v
|
||||
end
|
||||
end
|
||||
-- Extract and overwrite if needed server rules
|
||||
if all_rules[ngx.ctx.bw.server_name] then
|
||||
for k, v in pairs(all_rules[ngx.ctx.bw.server_name]) do
|
||||
self.rules[k] = v
|
||||
end
|
||||
end
|
||||
-- Extract and overwrite if needed server rules
|
||||
if all_rules[ngx.ctx.bw.server_name] then
|
||||
for k, v in pairs(all_rules[ngx.ctx.bw.server_name]) do
|
||||
self.rules[k] = v
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -18,15 +18,8 @@ function whitelist:initialize()
|
|||
self.logger:log(ngx.ERR, err)
|
||||
end
|
||||
self.use_redis = use_redis == "yes"
|
||||
-- Check if init is needed
|
||||
if ngx.get_phase() == "init" then
|
||||
local init_needed, err = utils.has_variable("USE_WHITELIST", "yes")
|
||||
if init_needed == nil then
|
||||
self.logger:log(ngx.ERR, err)
|
||||
end
|
||||
self.init_needed = init_needed
|
||||
-- Decode lists
|
||||
else
|
||||
if ngx.get_phase() ~= "init" and self.variables["USE_WHITELIST"] == "yes" then
|
||||
local lists, err = self.datastore:get("plugin_whitelist_lists")
|
||||
if not lists then
|
||||
self.logger:log(ngx.ERR, err)
|
||||
|
@ -40,7 +33,11 @@ end
|
|||
|
||||
function whitelist:init()
|
||||
-- Check if init is needed
|
||||
if not self.init_needed then
|
||||
local init_needed, err = utils.has_variable("USE_WHITELIST", "yes")
|
||||
if init_needed == nil then
|
||||
return self:ret(false, "can't check USE_WHITELIST variable : " .. err)
|
||||
end
|
||||
if not init_needed then
|
||||
return self:ret(true, "init not needed")
|
||||
end
|
||||
-- Read whitelists
|
||||
|
|
Loading…
Reference in New Issue