Annotate

mod_firewall/definitions.lib.lua @ 3660:11cd6e034fd3

mod_auth_external: Improve error handling when non-blocking mode used without libevent
author Matthew Wild <mwild1@gmail.com>
date Fri, 30 Aug 2019 13:28:30 +0100
parent 3240:c30f2cfe9f15
child 4016:b872f111b7af
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
2079
edec9de0220a mod_firewall: Silence warnings about unused arguments [luacheck]
Kim Alvefur <zash@zash.se>
parents: 1863
diff changeset
1
edec9de0220a mod_firewall: Silence warnings about unused arguments [luacheck]
Kim Alvefur <zash@zash.se>
parents: 1863
diff changeset
2 -- Name arguments are unused here
edec9de0220a mod_firewall: Silence warnings about unused arguments [luacheck]
Kim Alvefur <zash@zash.se>
parents: 1863
diff changeset
3 -- luacheck: ignore 212
999
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
4
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
5 local definition_handlers = {};
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
6
2520
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
7 local http = require "net.http";
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
8 local timer = require "util.timer";
1863
92602cfac751 mod_firewall: Fix missing import of util.set (used to be global)
Kim Alvefur <zash@zash.se>
parents: 999
diff changeset
9 local set = require"util.set";
999
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
10 local new_throttle = require "util.throttle".create;
2586
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
11 local hashes = require "util.hashes";
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
12 local jid = require "util.jid";
2128
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents: 2079
diff changeset
13
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents: 2079
diff changeset
14 local multirate_cache_size = module:get_option_number("firewall_multirate_cache_limit", 1000);
999
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
15
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
16 function definition_handlers.ZONE(zone_name, zone_members)
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
17 local zone_member_list = {};
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
18 for member in zone_members:gmatch("[^, ]+") do
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
19 zone_member_list[#zone_member_list+1] = member;
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
20 end
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
21 return set.new(zone_member_list)._items;
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
22 end
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
23
2128
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents: 2079
diff changeset
24 -- Helper function used by RATE handler
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents: 2079
diff changeset
25 local function evict_only_unthrottled(name, throttle)
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents: 2079
diff changeset
26 throttle:update();
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents: 2079
diff changeset
27 -- Check whether the throttle is at max balance (i.e. totally safe to forget about it)
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents: 2079
diff changeset
28 if throttle.balance < throttle.max then
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents: 2079
diff changeset
29 -- Not safe to forget
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents: 2079
diff changeset
30 return false;
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents: 2079
diff changeset
31 end
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents: 2079
diff changeset
32 end
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents: 2079
diff changeset
33
999
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
34 function definition_handlers.RATE(name, line)
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
35 local rate = assert(tonumber(line:match("([%d.]+)")), "Unable to parse rate");
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
36 local burst = tonumber(line:match("%(%s*burst%s+([%d.]+)%s*%)")) or 1;
2128
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents: 2079
diff changeset
37 local max_throttles = tonumber(line:match("%(%s*entries%s+([%d]+)%s*%)")) or multirate_cache_size;
2370
5fe483b73fd2 mod_firewall: Rate limiting: Document 'entries' and add option to allow overflowing when full
Matthew Wild <mwild1@gmail.com>
parents: 2131
diff changeset
38 local deny_when_full = not line:match("%(allow overflow%)");
2128
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents: 2079
diff changeset
39 return {
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents: 2079
diff changeset
40 single = function ()
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents: 2079
diff changeset
41 return new_throttle(rate*burst, burst);
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents: 2079
diff changeset
42 end;
2859
22e11645a895 mod_firewall: Trim trailing whitespace [luacheck]
Kim Alvefur <zash@zash.se>
parents: 2587
diff changeset
43
2128
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents: 2079
diff changeset
44 multi = function ()
2370
5fe483b73fd2 mod_firewall: Rate limiting: Document 'entries' and add option to allow overflowing when full
Matthew Wild <mwild1@gmail.com>
parents: 2131
diff changeset
45 local cache = require "util.cache".new(max_throttles, deny_when_full and evict_only_unthrottled or nil);
2128
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents: 2079
diff changeset
46 return {
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents: 2079
diff changeset
47 poll_on = function (_, key, amount)
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents: 2079
diff changeset
48 assert(key, "no key");
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents: 2079
diff changeset
49 local throttle = cache:get(key);
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents: 2079
diff changeset
50 if not throttle then
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents: 2079
diff changeset
51 throttle = new_throttle(rate*burst, burst);
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents: 2079
diff changeset
52 if not cache:set(key, throttle) then
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents: 2079
diff changeset
53 module:log("warn", "Multirate '%s' has hit its maximum number of active throttles (%d), denying new events", name, max_throttles);
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents: 2079
diff changeset
54 return false;
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents: 2079
diff changeset
55 end
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents: 2079
diff changeset
56 end
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents: 2079
diff changeset
57 return throttle:poll(amount);
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents: 2079
diff changeset
58 end;
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents: 2079
diff changeset
59 }
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents: 2079
diff changeset
60 end;
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental)
Matthew Wild <mwild1@gmail.com>
parents: 2079
diff changeset
61 };
999
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
62 end
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
63
2520
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
64 local list_backends = {
2898
9fd61234b6f0 mod_firewall/definitions: Comments on LIST backends
Kim Alvefur <zash@zash.se>
parents: 2859
diff changeset
65 -- %LIST name: memory (limit: number)
2520
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
66 memory = {
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
67 init = function (self, type, opts)
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
68 if opts.limit then
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
69 local have_cache_lib, cache_lib = pcall(require, "util.cache");
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
70 if not have_cache_lib then
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
71 error("In-memory lists with a size limit require Prosody 0.10");
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
72 end
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
73 self.cache = cache_lib.new((assert(tonumber(opts.limit), "Invalid list limit")));
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
74 if not self.cache.table then
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
75 error("In-memory lists with a size limit require a newer version of Prosody 0.10");
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
76 end
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
77 self.items = self.cache:table();
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
78 else
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
79 self.items = {};
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
80 end
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
81 end;
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
82 add = function (self, item)
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
83 self.items[item] = true;
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
84 end;
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
85 remove = function (self, item)
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
86 self.items[item] = nil;
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
87 end;
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
88 contains = function (self, item)
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
89 return self.items[item] == true;
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
90 end;
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
91 };
2898
9fd61234b6f0 mod_firewall/definitions: Comments on LIST backends
Kim Alvefur <zash@zash.se>
parents: 2859
diff changeset
92
9fd61234b6f0 mod_firewall/definitions: Comments on LIST backends
Kim Alvefur <zash@zash.se>
parents: 2859
diff changeset
93 -- %LIST name: http://example.com/ (ttl: number, pattern: pat, hash: sha1)
2520
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
94 http = {
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
95 init = function (self, url, opts)
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
96 local poll_interval = assert(tonumber(opts.ttl or "3600"), "invalid ttl for <"..url.."> (expected number of seconds)");
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
97 local pattern = opts.pattern or "([^\r\n]+)\r?\n";
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
98 assert(pcall(string.match, "", pattern), "invalid pattern for <"..url..">");
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
99 if opts.hash then
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
100 assert(opts.hash:match("^%w+$") and type(hashes[opts.hash]) == "function", "invalid hash function: "..opts.hash);
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
101 self.hash_function = hashes[opts.hash];
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
102 end
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
103 local etag;
2522
72cbec103709 mod_firewall: Improve HTTP polling logic
Matthew Wild <mwild1@gmail.com>
parents: 2520
diff changeset
104 local failure_count = 0;
72cbec103709 mod_firewall: Improve HTTP polling logic
Matthew Wild <mwild1@gmail.com>
parents: 2520
diff changeset
105 local retry_intervals = { 60, 120, 300 };
2520
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
106 local function update_list()
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
107 http.request(url, {
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
108 headers = {
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
109 ["If-None-Match"] = etag;
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
110 };
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
111 }, function (body, code, response)
2522
72cbec103709 mod_firewall: Improve HTTP polling logic
Matthew Wild <mwild1@gmail.com>
parents: 2520
diff changeset
112 local next_poll = poll_interval;
2520
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
113 if code == 200 and body then
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
114 etag = response.headers.etag;
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
115 local items = {};
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
116 for entry in body:gmatch(pattern) do
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
117 items[entry] = true;
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
118 end
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
119 self.items = items;
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
120 module:log("debug", "Fetched updated list from <%s>", url);
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
121 elseif code == 304 then
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
122 module:log("debug", "List at <%s> is unchanged", url);
2522
72cbec103709 mod_firewall: Improve HTTP polling logic
Matthew Wild <mwild1@gmail.com>
parents: 2520
diff changeset
123 elseif code == 0 or (code >= 400 and code <=599) then
2520
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
124 module:log("warn", "Failed to fetch list from <%s>: %d %s", url, code, tostring(body));
2522
72cbec103709 mod_firewall: Improve HTTP polling logic
Matthew Wild <mwild1@gmail.com>
parents: 2520
diff changeset
125 failure_count = failure_count + 1;
72cbec103709 mod_firewall: Improve HTTP polling logic
Matthew Wild <mwild1@gmail.com>
parents: 2520
diff changeset
126 next_poll = retry_intervals[failure_count] or retry_intervals[#retry_intervals];
2520
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
127 end
2522
72cbec103709 mod_firewall: Improve HTTP polling logic
Matthew Wild <mwild1@gmail.com>
parents: 2520
diff changeset
128 if next_poll > 0 then
72cbec103709 mod_firewall: Improve HTTP polling logic
Matthew Wild <mwild1@gmail.com>
parents: 2520
diff changeset
129 timer.add_task(next_poll+math.random(0, 60), update_list);
2520
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
130 end
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
131 end);
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
132 end
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
133 update_list();
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
134 end;
2530
84e103fd8039 mod_firewall: Add dummy add/remove methods for HTTP lists
Matthew Wild <mwild1@gmail.com>
parents: 2528
diff changeset
135 add = function ()
84e103fd8039 mod_firewall: Add dummy add/remove methods for HTTP lists
Matthew Wild <mwild1@gmail.com>
parents: 2528
diff changeset
136 end;
84e103fd8039 mod_firewall: Add dummy add/remove methods for HTTP lists
Matthew Wild <mwild1@gmail.com>
parents: 2528
diff changeset
137 remove = function ()
84e103fd8039 mod_firewall: Add dummy add/remove methods for HTTP lists
Matthew Wild <mwild1@gmail.com>
parents: 2528
diff changeset
138 end;
2520
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
139 contains = function (self, item)
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
140 if self.hash_function then
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
141 item = self.hash_function(item);
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
142 end
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
143 return self.items and self.items[item] == true;
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
144 end;
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
145 };
2898
9fd61234b6f0 mod_firewall/definitions: Comments on LIST backends
Kim Alvefur <zash@zash.se>
parents: 2859
diff changeset
146
9fd61234b6f0 mod_firewall/definitions: Comments on LIST backends
Kim Alvefur <zash@zash.se>
parents: 2859
diff changeset
147 -- %LIST: file:/path/to/file
2532
2ddb74805f91 mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents: 2530
diff changeset
148 file = {
2535
b85d88737a32 mod_firewall: Fix file backend init code
Matthew Wild <mwild1@gmail.com>
parents: 2532
diff changeset
149 init = function (self, file_spec, opts)
3240
c30f2cfe9f15 mod_firewall: Assume empty list if file could not be loaded
Matthew Wild <mwild1@gmail.com>
parents: 2898
diff changeset
150 local items = {};
c30f2cfe9f15 mod_firewall: Assume empty list if file could not be loaded
Matthew Wild <mwild1@gmail.com>
parents: 2898
diff changeset
151 local n = 0;
2535
b85d88737a32 mod_firewall: Fix file backend init code
Matthew Wild <mwild1@gmail.com>
parents: 2532
diff changeset
152 local filename = file_spec:gsub("^file:", "");
2532
2ddb74805f91 mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents: 2530
diff changeset
153 local file, err = io.open(filename);
2ddb74805f91 mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents: 2530
diff changeset
154 if not file then
2ddb74805f91 mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents: 2530
diff changeset
155 module:log("warn", "Failed to open list from %s: %s", filename, err);
2ddb74805f91 mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents: 2530
diff changeset
156 return;
3240
c30f2cfe9f15 mod_firewall: Assume empty list if file could not be loaded
Matthew Wild <mwild1@gmail.com>
parents: 2898
diff changeset
157 else
c30f2cfe9f15 mod_firewall: Assume empty list if file could not be loaded
Matthew Wild <mwild1@gmail.com>
parents: 2898
diff changeset
158 for line in file:lines() do
c30f2cfe9f15 mod_firewall: Assume empty list if file could not be loaded
Matthew Wild <mwild1@gmail.com>
parents: 2898
diff changeset
159 if not items[line] then
c30f2cfe9f15 mod_firewall: Assume empty list if file could not be loaded
Matthew Wild <mwild1@gmail.com>
parents: 2898
diff changeset
160 n = n + 1;
c30f2cfe9f15 mod_firewall: Assume empty list if file could not be loaded
Matthew Wild <mwild1@gmail.com>
parents: 2898
diff changeset
161 items[line] = true;
c30f2cfe9f15 mod_firewall: Assume empty list if file could not be loaded
Matthew Wild <mwild1@gmail.com>
parents: 2898
diff changeset
162 end
2536
22a271641c29 mod_firewall: Improve debug logging for LIST file backend
Matthew Wild <mwild1@gmail.com>
parents: 2535
diff changeset
163 end
2532
2ddb74805f91 mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents: 2530
diff changeset
164 end
2ddb74805f91 mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents: 2530
diff changeset
165 self.items = items;
2536
22a271641c29 mod_firewall: Improve debug logging for LIST file backend
Matthew Wild <mwild1@gmail.com>
parents: 2535
diff changeset
166 module:log("debug", "Loaded %d items from %s", n, filename);
2532
2ddb74805f91 mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents: 2530
diff changeset
167 end;
2ddb74805f91 mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents: 2530
diff changeset
168 add = function (self, item)
2ddb74805f91 mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents: 2530
diff changeset
169 self.items[item] = true;
2ddb74805f91 mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents: 2530
diff changeset
170 end;
2ddb74805f91 mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents: 2530
diff changeset
171 remove = function (self, item)
2ddb74805f91 mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents: 2530
diff changeset
172 self.items[item] = nil;
2ddb74805f91 mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents: 2530
diff changeset
173 end;
2ddb74805f91 mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents: 2530
diff changeset
174 contains = function (self, item)
2ddb74805f91 mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents: 2530
diff changeset
175 return self.items and self.items[item] == true;
2ddb74805f91 mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents: 2530
diff changeset
176 end;
2ddb74805f91 mod_firewall: Add 'file' backend for lists (read-only atm)
Matthew Wild <mwild1@gmail.com>
parents: 2530
diff changeset
177 };
2520
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
178 };
2523
a3a18d09ae8a mod_firewall: Also handle HTTPS for lists
Matthew Wild <mwild1@gmail.com>
parents: 2522
diff changeset
179 list_backends.https = list_backends.http;
2520
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
180
2586
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
181 local normalize_functions = {
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
182 upper = string.upper, lower = string.lower;
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
183 md5 = hashes.md5, sha1 = hashes.sha1, sha256 = hashes.sha256;
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
184 prep = jid.prep, bare = jid.bare;
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
185 };
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
186
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
187 local function wrap_list_method(list_method, filter)
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
188 return function (self, item)
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
189 return list_method(self, filter(item));
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
190 end
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
191 end
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
192
2520
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
193 local function create_list(list_backend, list_def, opts)
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
194 if not list_backends[list_backend] then
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
195 error("Unknown list type '"..list_backend.."'", 0);
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
196 end
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
197 local list = setmetatable({}, { __index = list_backends[list_backend] });
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
198 if list.init then
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
199 list:init(list_def, opts);
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
200 end
2586
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
201 if opts.filter then
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
202 local filters = {};
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
203 for func_name in opts.filter:gmatch("[%w_]+") do
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
204 if func_name == "log" then
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
205 table.insert(filters, function (s)
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
206 --print("&&&&&", s);
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
207 module:log("debug", "Checking list <%s> for: %s", list_def, s);
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
208 return s;
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
209 end);
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
210 else
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
211 assert(normalize_functions[func_name], "Unknown list filter: "..func_name);
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
212 table.insert(filters, normalize_functions[func_name]);
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
213 end
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
214 end
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
215
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
216 local filter;
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
217 local n = #filters;
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
218 if n == 1 then
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
219 filter = filters[1];
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
220 else
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
221 function filter(s)
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
222 for i = 1, n do
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
223 s = filters[i](s or "");
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
224 end
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
225 return s;
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
226 end
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
227 end
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
228
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
229 list.add = wrap_list_method(list.add, filter);
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
230 list.remove = wrap_list_method(list.remove, filter);
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
231 list.contains = wrap_list_method(list.contains, filter);
d28e434cb5fd mod_firewall: Support filters for normalizing items before checking for them in lists
Matthew Wild <mwild1@gmail.com>
parents: 2536
diff changeset
232 end
2520
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
233 return list;
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
234 end
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
235
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
236 --[[
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
237 %LIST spammers: memory (source: /etc/spammers.txt)
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
238
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
239 %LIST spammers: memory (source: /etc/spammers.txt)
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
240
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
241
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
242 %LIST spammers: http://example.com/blacklist.txt
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
243 ]]
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
244
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
245 function definition_handlers.LIST(list_name, list_definition)
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
246 local list_backend = list_definition:match("^%w+");
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
247 local opts = {};
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
248 local opt_string = list_definition:match("^%S+%s+%((.+)%)");
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
249 if opt_string then
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
250 for opt_k, opt_v in opt_string:gmatch("(%w+): ?([^,]+)") do
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
251 opts[opt_k] = opt_v;
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
252 end
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
253 end
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
254 return create_list(list_backend, list_definition:match("^%S+"), opts);
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
255 end
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP
Matthew Wild <mwild1@gmail.com>
parents: 2370
diff changeset
256
2528
44a71584521d mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents: 2523
diff changeset
257 function definition_handlers.PATTERN(name, pattern)
44a71584521d mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents: 2523
diff changeset
258 local ok, err = pcall(string.match, "", pattern);
44a71584521d mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents: 2523
diff changeset
259 if not ok then
44a71584521d mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents: 2523
diff changeset
260 error("Invalid pattern '"..name.."': "..err);
44a71584521d mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents: 2523
diff changeset
261 end
44a71584521d mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents: 2523
diff changeset
262 return pattern;
44a71584521d mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents: 2523
diff changeset
263 end
44a71584521d mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents: 2523
diff changeset
264
44a71584521d mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents: 2523
diff changeset
265 function definition_handlers.SEARCH(name, pattern)
44a71584521d mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents: 2523
diff changeset
266 return pattern;
44a71584521d mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents: 2523
diff changeset
267 end
44a71584521d mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list
Matthew Wild <mwild1@gmail.com>
parents: 2523
diff changeset
268
999
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with %
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
269 return definition_handlers;