Commit f65a4c35 authored by Luc Didry's avatar Luc Didry

Merge branch 'fix-45' into 'development'

Fix #45 - Make ban_blacklist really work as intended

See merge request luc/lstu!28
parents 8be7cd2d 5d40d9c5
Pipeline #73187 passed with stages
in 6 minutes and 47 seconds
# vim:set sw=4 ts=4 sts=4 ft=perl expandtab:
package Lstu::DB::Ban;
use Mojo::Base -base;
use Mojo::Collection 'c';
has 'ip';
has 'until';
......@@ -104,7 +105,7 @@ sub is_whitelisted {
my $c = shift;
my $ip = $c->ip;
return scalar(grep(sub { $_ eq $ip }, @{$c->app->config('ban_whitelist')}));
return c(@{$c->app->config('ban_whitelist')})->grep(sub { $_ eq $ip })->size;
}
=head2 is_blacklisted
......@@ -127,7 +128,7 @@ sub is_blacklisted {
my $c = shift;
my $ip = $c->ip;
return scalar(grep(sub { $_ eq $ip }, @{$c->app->config('ban_blacklist')}));
return c(@{$c->app->config('ban_blacklist')})->grep(sub { $_ eq $ip })->size;
}
=head2 is_banned
......
......@@ -122,6 +122,14 @@
# optional, default is an empty array
#ban_whitelist => [],
# Ban blacklist
# You can blacklist IP addresses to always ban those IP addresses
# Be careful, the IP addresses are compared as string, not as IP addresses
# a network range will not work
# Example of valid input: ban_blacklist => ['198.51.100.42', '2001:0DB8::42'],¬
# optional, default is an empty array
#ban_blacklist => [],
# define an URL to the Piwik instance and the ID of a website to track
# set if you want to track views in Piwik
# optional, Piwik tracking is disabled by default
......@@ -211,6 +219,14 @@
# optional, default is 0
#skip_spamhaus => 0,
# put your Google API key to enable Google safebrowsing check
# This will allow Lstu to download the Google safebrowsing database and use a local copy to check the URLs.
# Google does not get the URLs that are checked.
# Instructions to get a key: https://developers.google.com/safe-browsing/v4/get-started
# TL;DR: https://console.developers.google.com/projectselector/apis/library
# optional, no default
#safebrowsing_api_key => '',
# array of memcached servers to cache URL in order to accelerate responses to often-viewed URL.
# If set to [], the cache is disabled
# optional, default is []
......@@ -244,4 +260,9 @@
# Set to '' to disable X-XSS-Protection header
# optional, default is '1; mode=block'
#x_xss_protection => '1; mode=block',
# Log creator's IP address
# Set to 1 if you want to register the IP addresses of URL creators
# optional, default is 0
#log_creator_ip => 0,
};
......@@ -122,6 +122,14 @@
# optional, default is an empty array
#ban_whitelist => [],
# Ban blacklist
# You can blacklist IP addresses to always ban those IP addresses
# Be careful, the IP addresses are compared as string, not as IP addresses
# a network range will not work
# Example of valid input: ban_blacklist => ['198.51.100.42', '2001:0DB8::42'],¬
# optional, default is an empty array
#ban_blacklist => [],
# define an URL to the Piwik instance and the ID of a website to track
# set if you want to track views in Piwik
# optional, Piwik tracking is disabled by default
......@@ -211,6 +219,14 @@
# optional, default is 0
#skip_spamhaus => 0,
# put your Google API key to enable Google safebrowsing check
# This will allow Lstu to download the Google safebrowsing database and use a local copy to check the URLs.
# Google does not get the URLs that are checked.
# Instructions to get a key: https://developers.google.com/safe-browsing/v4/get-started
# TL;DR: https://console.developers.google.com/projectselector/apis/library
# optional, no default
#safebrowsing_api_key => '',
# array of memcached servers to cache URL in order to accelerate responses to often-viewed URL.
# If set to [], the cache is disabled
# optional, default is []
......@@ -244,4 +260,9 @@
# Set to '' to disable X-XSS-Protection header
# optional, default is '1; mode=block'
#x_xss_protection => '1; mode=block',
# Log creator's IP address
# Set to 1 if you want to register the IP addresses of URL creators
# optional, default is 0
#log_creator_ip => 0,
};
......@@ -122,6 +122,14 @@
# optional, default is an empty array
#ban_whitelist => [],
# Ban blacklist
# You can blacklist IP addresses to always ban those IP addresses
# Be careful, the IP addresses are compared as string, not as IP addresses
# a network range will not work
# Example of valid input: ban_blacklist => ['198.51.100.42', '2001:0DB8::42'],¬
# optional, default is an empty array
#ban_blacklist => [],
# define an URL to the Piwik instance and the ID of a website to track
# set if you want to track views in Piwik
# optional, Piwik tracking is disabled by default
......@@ -211,6 +219,14 @@
# optional, default is 0
#skip_spamhaus => 0,
# put your Google API key to enable Google safebrowsing check
# This will allow Lstu to download the Google safebrowsing database and use a local copy to check the URLs.
# Google does not get the URLs that are checked.
# Instructions to get a key: https://developers.google.com/safe-browsing/v4/get-started
# TL;DR: https://console.developers.google.com/projectselector/apis/library
# optional, no default
#safebrowsing_api_key => '',
# array of memcached servers to cache URL in order to accelerate responses to often-viewed URL.
# If set to [], the cache is disabled
# optional, default is []
......@@ -244,4 +260,9 @@
# Set to '' to disable X-XSS-Protection header
# optional, default is '1; mode=block'
#x_xss_protection => '1; mode=block',
# Log creator's IP address
# Set to 1 if you want to register the IP addresses of URL creators
# optional, default is 0
#log_creator_ip => 0,
};
......@@ -122,6 +122,14 @@
# optional, default is an empty array
#ban_whitelist => [],
# Ban blacklist
# You can blacklist IP addresses to always ban those IP addresses
# Be careful, the IP addresses are compared as string, not as IP addresses
# a network range will not work
# Example of valid input: ban_blacklist => ['198.51.100.42', '2001:0DB8::42'],¬
# optional, default is an empty array
#ban_blacklist => [],
# define an URL to the Piwik instance and the ID of a website to track
# set if you want to track views in Piwik
# optional, Piwik tracking is disabled by default
......@@ -211,6 +219,14 @@
# optional, default is 0
#skip_spamhaus => 0,
# put your Google API key to enable Google safebrowsing check
# This will allow Lstu to download the Google safebrowsing database and use a local copy to check the URLs.
# Google does not get the URLs that are checked.
# Instructions to get a key: https://developers.google.com/safe-browsing/v4/get-started
# TL;DR: https://console.developers.google.com/projectselector/apis/library
# optional, no default
#safebrowsing_api_key => '',
# array of memcached servers to cache URL in order to accelerate responses to often-viewed URL.
# If set to [], the cache is disabled
# optional, default is []
......@@ -244,4 +260,9 @@
# Set to '' to disable X-XSS-Protection header
# optional, default is '1; mode=block'
#x_xss_protection => '1; mode=block',
# Log creator's IP address
# Set to 1 if you want to register the IP addresses of URL creators
# optional, default is 0
#log_creator_ip => 0,
};
......@@ -122,6 +122,14 @@
# optional, default is an empty array
#ban_whitelist => [],
# Ban blacklist
# You can blacklist IP addresses to always ban those IP addresses
# Be careful, the IP addresses are compared as string, not as IP addresses
# a network range will not work
# Example of valid input: ban_blacklist => ['198.51.100.42', '2001:0DB8::42'],¬
# optional, default is an empty array
#ban_blacklist => [],
# define an URL to the Piwik instance and the ID of a website to track
# set if you want to track views in Piwik
# optional, Piwik tracking is disabled by default
......@@ -211,6 +219,14 @@
# optional, default is 0
#skip_spamhaus => 0,
# put your Google API key to enable Google safebrowsing check
# This will allow Lstu to download the Google safebrowsing database and use a local copy to check the URLs.
# Google does not get the URLs that are checked.
# Instructions to get a key: https://developers.google.com/safe-browsing/v4/get-started
# TL;DR: https://console.developers.google.com/projectselector/apis/library
# optional, no default
#safebrowsing_api_key => '',
# array of memcached servers to cache URL in order to accelerate responses to often-viewed URL.
# If set to [], the cache is disabled
# optional, default is []
......@@ -244,4 +260,9 @@
# Set to '' to disable X-XSS-Protection header
# optional, default is '1; mode=block'
#x_xss_protection => '1; mode=block',
# Log creator's IP address
# Set to 1 if you want to register the IP addresses of URL creators
# optional, default is 0
#log_creator_ip => 0,
};
......@@ -122,6 +122,14 @@
# optional, default is an empty array
#ban_whitelist => [],
# Ban blacklist
# You can blacklist IP addresses to always ban those IP addresses
# Be careful, the IP addresses are compared as string, not as IP addresses
# a network range will not work
# Example of valid input: ban_blacklist => ['198.51.100.42', '2001:0DB8::42'],¬
# optional, default is an empty array
#ban_blacklist => [],
# define an URL to the Piwik instance and the ID of a website to track
# set if you want to track views in Piwik
# optional, Piwik tracking is disabled by default
......@@ -211,6 +219,14 @@
# optional, default is 0
#skip_spamhaus => 0,
# put your Google API key to enable Google safebrowsing check
# This will allow Lstu to download the Google safebrowsing database and use a local copy to check the URLs.
# Google does not get the URLs that are checked.
# Instructions to get a key: https://developers.google.com/safe-browsing/v4/get-started
# TL;DR: https://console.developers.google.com/projectselector/apis/library
# optional, no default
#safebrowsing_api_key => '',
# array of memcached servers to cache URL in order to accelerate responses to often-viewed URL.
# If set to [], the cache is disabled
# optional, default is []
......@@ -244,4 +260,9 @@
# Set to '' to disable X-XSS-Protection header
# optional, default is '1; mode=block'
#x_xss_protection => '1; mode=block',
# Log creator's IP address
# Set to 1 if you want to register the IP addresses of URL creators
# optional, default is 0
#log_creator_ip => 0,
};
......@@ -122,6 +122,14 @@
# optional, default is an empty array
#ban_whitelist => [],
# Ban blacklist
# You can blacklist IP addresses to always ban those IP addresses
# Be careful, the IP addresses are compared as string, not as IP addresses
# a network range will not work
# Example of valid input: ban_blacklist => ['198.51.100.42', '2001:0DB8::42'],¬
# optional, default is an empty array
#ban_blacklist => [],
# define an URL to the Piwik instance and the ID of a website to track
# set if you want to track views in Piwik
# optional, Piwik tracking is disabled by default
......@@ -211,6 +219,14 @@
# optional, default is 0
#skip_spamhaus => 0,
# put your Google API key to enable Google safebrowsing check
# This will allow Lstu to download the Google safebrowsing database and use a local copy to check the URLs.
# Google does not get the URLs that are checked.
# Instructions to get a key: https://developers.google.com/safe-browsing/v4/get-started
# TL;DR: https://console.developers.google.com/projectselector/apis/library
# optional, no default
#safebrowsing_api_key => '',
# array of memcached servers to cache URL in order to accelerate responses to often-viewed URL.
# If set to [], the cache is disabled
# optional, default is []
......@@ -244,4 +260,9 @@
# Set to '' to disable X-XSS-Protection header
# optional, default is '1; mode=block'
#x_xss_protection => '1; mode=block',
# Log creator's IP address
# Set to 1 if you want to register the IP addresses of URL creators
# optional, default is 0
#log_creator_ip => 0,
};
......@@ -122,6 +122,14 @@
# optional, default is an empty array
#ban_whitelist => [],
# Ban blacklist
# You can blacklist IP addresses to always ban those IP addresses
# Be careful, the IP addresses are compared as string, not as IP addresses
# a network range will not work
# Example of valid input: ban_blacklist => ['198.51.100.42', '2001:0DB8::42'],¬
# optional, default is an empty array
#ban_blacklist => [],
# define an URL to the Piwik instance and the ID of a website to track
# set if you want to track views in Piwik
# optional, Piwik tracking is disabled by default
......@@ -211,6 +219,14 @@
# optional, default is 0
#skip_spamhaus => 0,
# put your Google API key to enable Google safebrowsing check
# This will allow Lstu to download the Google safebrowsing database and use a local copy to check the URLs.
# Google does not get the URLs that are checked.
# Instructions to get a key: https://developers.google.com/safe-browsing/v4/get-started
# TL;DR: https://console.developers.google.com/projectselector/apis/library
# optional, no default
#safebrowsing_api_key => '',
# array of memcached servers to cache URL in order to accelerate responses to often-viewed URL.
# If set to [], the cache is disabled
# optional, default is []
......@@ -244,4 +260,9 @@
# Set to '' to disable X-XSS-Protection header
# optional, default is '1; mode=block'
#x_xss_protection => '1; mode=block',
# Log creator's IP address
# Set to 1 if you want to register the IP addresses of URL creators
# optional, default is 0
#log_creator_ip => 0,
};
......@@ -122,6 +122,14 @@
# optional, default is an empty array
#ban_whitelist => [],
# Ban blacklist
# You can blacklist IP addresses to always ban those IP addresses
# Be careful, the IP addresses are compared as string, not as IP addresses
# a network range will not work
# Example of valid input: ban_blacklist => ['198.51.100.42', '2001:0DB8::42'],¬
# optional, default is an empty array
#ban_blacklist => [],
# define an URL to the Piwik instance and the ID of a website to track
# set if you want to track views in Piwik
# optional, Piwik tracking is disabled by default
......@@ -182,6 +190,14 @@
# optional, default is 0
#skip_spamhaus => 0,
# put your Google API key to enable Google safebrowsing check
# This will allow Lstu to download the Google safebrowsing database and use a local copy to check the URLs.
# Google does not get the URLs that are checked.
# Instructions to get a key: https://developers.google.com/safe-browsing/v4/get-started
# TL;DR: https://console.developers.google.com/projectselector/apis/library
# optional, no default
#safebrowsing_api_key => '',
# array of memcached servers to cache URL in order to accelerate responses to often-viewed URL.
# If set to [], the cache is disabled
# optional, default is []
......@@ -215,4 +231,9 @@
# Set to '' to disable X-XSS-Protection header
# optional, default is '1; mode=block'
#x_xss_protection => '1; mode=block',
# Log creator's IP address
# Set to 1 if you want to register the IP addresses of URL creators
# optional, default is 0
#log_creator_ip => 0,
};
......@@ -301,6 +301,30 @@ $t->post_ok('/a' => form => { lsturl => 'https://lstu.fr', format => 'json' })
$config_file->spurt($config_orig);
# Test IP blacklisting
$config_content = $config_orig;
$config_content =~ s/^( +)#?ban_blacklist.*/$1ban_blacklist => ['::1', '127.0.0.1'],/gm;
$config_file->spurt($config_content);
$t = Test::Mojo->new('Lstu');
# Give time to provision some short URLs
sleep 3;
$t->ua->post('/a' => form => { lsturl => 'https://lstu.fr', format => 'json' });
$t->ua->post('/a' => form => { lsturl => 'https://lstu.fr', format => 'json' });
$t->ua->post('/a' => form => { lsturl => 'https://lstu.fr', format => 'json' });
$t->ua->post('/a' => form => { lsturl => 'https://lstu.fr', format => 'json' });
$t->ua->post('/a' => form => { lsturl => 'https://lstu.fr', format => 'json' });
$t->post_ok('/a' => form => { lsturl => 'https://lstu.fr', format => 'json' })
->status_is(200)
->json_has('msg', 'success')
->json_is('/success' => false)
->json_like('/msg' => qr#You asked to shorten too many URLs too quickly\. You're banned for \d+ hour\(s\)\.#);
$config_file->spurt($config_orig);
# Test domain blacklisting
Lstu::DB::Ban->new(app => $m)->delete_all;
$config_content = $config_orig;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment