blacklist.go 2.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109
  1. package blacklist
  2. import (
  3. "errors"
  4. "log"
  5. "strings"
  6. "imuslab.com/arozos/mod/auth/accesscontrol"
  7. db "imuslab.com/arozos/mod/database"
  8. )
  9. /*
  10. ArozOS Blacklist Module
  11. Author: tobychui
  12. This module record the IP blacklist of users trying to enter the
  13. system without permission
  14. */
  15. type BlackList struct {
  16. Enabled bool
  17. database *db.Database
  18. }
  19. func NewBlacklistManager(sysdb *db.Database) *BlackList {
  20. sysdb.NewTable("ipblacklist")
  21. blacklistEnabled := false
  22. if sysdb.KeyExists("ipblacklist", "enable") {
  23. err := sysdb.Read("ipblacklist", "enable", &blacklistEnabled)
  24. if err != nil {
  25. log.Println("[Auth/Blacklist] Unable to load previous enable state from database. Using default.")
  26. }
  27. }
  28. return &BlackList{
  29. Enabled: blacklistEnabled,
  30. database: sysdb,
  31. }
  32. }
  33. //Check if a given IP is banned
  34. func (bl *BlackList) IsBanned(ip string) bool {
  35. if bl.Enabled == false {
  36. return false
  37. }
  38. if bl.database.KeyExists("ipblacklist", ip) {
  39. return true
  40. }
  41. //The ip might be inside as a range. Do a range search.
  42. //Need optimization, current implementation is O(N)
  43. for _, thisIpRange := range bl.ListBannedIpRanges() {
  44. if accesscontrol.IpInRange(ip, thisIpRange) {
  45. return true
  46. }
  47. }
  48. return false
  49. }
  50. func (bl *BlackList) ListBannedIpRanges() []string {
  51. entries, err := bl.database.ListTable("ipblacklist")
  52. if err != nil {
  53. return []string{}
  54. }
  55. results := []string{}
  56. for _, keypairs := range entries {
  57. thisIpRange := keypairs[0]
  58. if string(thisIpRange) == "enable" || accesscontrol.ValidateIpRange(string(thisIpRange)) != nil {
  59. //Reserved key field
  60. continue
  61. }
  62. results = append(results, string(thisIpRange))
  63. }
  64. return results
  65. }
  66. //Set the ban state of a ip or ip range
  67. func (bl *BlackList) Ban(ipRange string) error {
  68. //Check if the IP range is correct
  69. err := accesscontrol.ValidateIpRange(ipRange)
  70. if err != nil {
  71. return err
  72. }
  73. //Push it to the ban list
  74. ipRange = strings.TrimSpace(ipRange)
  75. ipRange = strings.ReplaceAll(ipRange, " ", "")
  76. return bl.database.Write("ipblacklist", ipRange, true)
  77. }
  78. //Unban an IP or IP range
  79. func (bl *BlackList) UnBan(ipRange string) error {
  80. //Check if the IP range is correct
  81. err := accesscontrol.ValidateIpRange(ipRange)
  82. if err != nil {
  83. return err
  84. }
  85. //Check if the ip range is banned
  86. if !bl.database.KeyExists("ipblacklist", ipRange) {
  87. return errors.New("invalid IP range given")
  88. }
  89. //Ip range exists, remove it from database
  90. return bl.database.Delete("ipblacklist", ipRange)
  91. }