policy: allow fetching ASN directly via RADb WHOIS service
This commit is contained in:
WeebDataHoarder
@@ -4,6 +4,7 @@ import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"git.gammaspectra.live/git/go-away/utils"
|
||||
"github.com/itchyny/gojq"
|
||||
"io"
|
||||
"net"
|
||||
@@ -13,16 +14,19 @@ import (
|
||||
)
|
||||
|
||||
type Network struct {
|
||||
// Fetches
|
||||
Url *string `yaml:"url,omitempty"`
|
||||
File *string `yaml:"file,omitempty"`
|
||||
ASN *int `yaml:"asn,omitempty"`
|
||||
|
||||
// Filtering
|
||||
JqPath *string `yaml:"jq-path,omitempty"`
|
||||
Regex *string `yaml:"regex,omitempty"`
|
||||
|
||||
Prefixes []string `yaml:"prefixes,omitempty"`
|
||||
}
|
||||
|
||||
func (n Network) FetchPrefixes(c *http.Client) (output []net.IPNet, err error) {
|
||||
func (n Network) FetchPrefixes(c *http.Client, whois *utils.RADb) (output []net.IPNet, err error) {
|
||||
if len(n.Prefixes) > 0 {
|
||||
for _, prefix := range n.Prefixes {
|
||||
ipNet, err := parseCIDROrIP(prefix)
|
||||
@@ -51,6 +55,12 @@ func (n Network) FetchPrefixes(c *http.Client) (output []net.IPNet, err error) {
|
||||
}
|
||||
defer file.Close()
|
||||
reader = file
|
||||
} else if n.ASN != nil {
|
||||
result, err := whois.FetchASNets(*n.ASN)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to fetch ASN %d: %v", *n.ASN, err)
|
||||
}
|
||||
return result, nil
|
||||
} else {
|
||||
if len(output) > 0 {
|
||||
return output, nil
|
||||
|
||||
14
lib/state.go
14
lib/state.go
@@ -7,6 +7,7 @@ import (
|
||||
"git.gammaspectra.live/git/go-away/lib/challenge"
|
||||
"git.gammaspectra.live/git/go-away/lib/condition"
|
||||
"git.gammaspectra.live/git/go-away/lib/policy"
|
||||
"git.gammaspectra.live/git/go-away/utils"
|
||||
"github.com/google/cel-go/cel"
|
||||
"github.com/yl2chen/cidranger"
|
||||
"log/slog"
|
||||
@@ -19,6 +20,7 @@ import (
|
||||
|
||||
type State struct {
|
||||
client *http.Client
|
||||
radb *utils.RADb
|
||||
urlPath string
|
||||
|
||||
programEnv *cel.Env
|
||||
@@ -48,6 +50,11 @@ func NewState(p policy.Policy, settings policy.Settings) (handler http.Handler,
|
||||
return http.ErrUseLastResponse
|
||||
},
|
||||
}
|
||||
state.radb, err = utils.NewRADb()
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to initialize RADb client: %w", err)
|
||||
}
|
||||
|
||||
state.urlPath = "/.well-known/." + state.Settings().PackageName
|
||||
|
||||
// set a reasonable configuration for default http proxy if there is none
|
||||
@@ -104,9 +111,12 @@ func NewState(p policy.Policy, settings policy.Settings) (handler http.Handler,
|
||||
if e.Url != nil {
|
||||
slog.Debug("loading network url list", "network", k, "url", *e.Url)
|
||||
}
|
||||
prefixes, err := e.FetchPrefixes(state.client)
|
||||
if e.ASN != nil {
|
||||
slog.Debug("loading ASN", "network", k, "asn", *e.ASN)
|
||||
}
|
||||
prefixes, err := e.FetchPrefixes(state.client, state.radb)
|
||||
if err != nil {
|
||||
slog.Error("error fetching network url list", "network", k, "url", *e.Url)
|
||||
slog.Error("error fetching network list", "network", k, "url", *e.Url)
|
||||
continue
|
||||
}
|
||||
for _, prefix := range prefixes {
|
||||
|
||||
Reference in New Issue
Block a user