Skip to content

Commit bd38f31

Browse files
rybitrybit
authored
Merge pull request #94 from netlify/add-ban-list
add banlist and tests
2 parents 4d128d6 + e8272e1 commit bd38f31

File tree

2 files changed

+220
-0
lines changed

2 files changed

+220
-0
lines changed

http/banlist/banlist.go

Lines changed: 119 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,119 @@
1+
package banlist
2+
3+
import (
4+
"encoding/json"
5+
"net/http"
6+
"os"
7+
"os/signal"
8+
"strings"
9+
"sync"
10+
"sync/atomic"
11+
"syscall"
12+
13+
"github.com/pkg/errors"
14+
"github.com/sirupsen/logrus"
15+
)
16+
17+
type Config struct {
18+
Domains []string
19+
URLs []string
20+
}
21+
22+
type Banlist struct {
23+
domainHolder atomic.Value
24+
urlHolder atomic.Value
25+
mtx sync.Mutex
26+
ch chan os.Signal
27+
log logrus.FieldLogger
28+
path string
29+
}
30+
31+
func New(log logrus.FieldLogger, filepath string) *Banlist {
32+
bl := newBanlist(log, filepath)
33+
bl.listen()
34+
bl.runUpdate()
35+
return bl
36+
}
37+
38+
func newBanlist(log logrus.FieldLogger, path string) *Banlist {
39+
bl := &Banlist{log: log, path: path}
40+
bl.domainHolder.Store(make(map[string]struct{}))
41+
bl.urlHolder.Store(make(map[string]struct{}))
42+
return bl
43+
}
44+
45+
func (b *Banlist) listen() {
46+
b.ch = make(chan os.Signal, 1)
47+
signal.Notify(b.ch, syscall.SIGHUP)
48+
go func() {
49+
for range b.ch {
50+
b.runUpdate()
51+
}
52+
b.log.Info("No longer listening for SIGHUP")
53+
}()
54+
}
55+
56+
func (b *Banlist) runUpdate() {
57+
if err := b.update(); err != nil {
58+
b.log.WithError(err).Warn("error updating banlist")
59+
} else {
60+
b.log.Info("banlist updated")
61+
}
62+
}
63+
64+
func (b *Banlist) update() error {
65+
b.mtx.Lock()
66+
defer b.mtx.Unlock()
67+
68+
f, err := os.Open(b.path)
69+
if err != nil {
70+
return errors.Wrap(err, "error opening banlist config")
71+
}
72+
defer f.Close()
73+
74+
c := new(Config)
75+
if err := json.NewDecoder(f).Decode(c); err != nil {
76+
return errors.Wrap(err, "error decoding banlist config")
77+
}
78+
79+
domains := make(map[string]struct{})
80+
urls := make(map[string]struct{})
81+
for _, el := range c.Domains {
82+
domains[strings.ToLower(el)] = struct{}{}
83+
}
84+
for _, el := range c.URLs {
85+
urls[strings.ToLower(el)] = struct{}{}
86+
}
87+
88+
b.domainHolder.Store(domains)
89+
b.urlHolder.Store(urls)
90+
return nil
91+
}
92+
93+
// CheckRequest will check if the domain is blocked or the path is blocked
94+
func (b *Banlist) CheckRequest(r *http.Request) bool {
95+
domain := strings.SplitN(r.Host, ":", 2)[0]
96+
if _, ok := b.domains()[strings.ToLower(domain)]; ok {
97+
return true
98+
}
99+
100+
url := domain + r.URL.Path
101+
if _, ok := b.urls()[strings.ToLower(url)]; ok {
102+
return true
103+
}
104+
105+
return false
106+
}
107+
108+
func (b *Banlist) Close() {
109+
signal.Stop(b.ch)
110+
close(b.ch)
111+
}
112+
113+
func (b *Banlist) domains() map[string]struct{} {
114+
return b.domainHolder.Load().(map[string]struct{})
115+
}
116+
117+
func (b *Banlist) urls() map[string]struct{} {
118+
return b.urlHolder.Load().(map[string]struct{})
119+
}

http/banlist/banlist_test.go

Lines changed: 101 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,101 @@
1+
package banlist
2+
3+
import (
4+
"encoding/json"
5+
"io/ioutil"
6+
"net/http"
7+
"net/http/httptest"
8+
"os"
9+
"testing"
10+
11+
"github.com/sirupsen/logrus"
12+
"github.com/stretchr/testify/assert"
13+
"github.com/stretchr/testify/require"
14+
)
15+
16+
func TestBanlistMissingFile(t *testing.T) {
17+
bl := newBanlist(tl(t), "not a path")
18+
require.Error(t, bl.update())
19+
}
20+
21+
func TestBanlistInvalidFileContents(t *testing.T) {
22+
path, err := ioutil.TempFile("", "")
23+
require.NoError(t, err)
24+
defer os.Remove(path.Name())
25+
26+
_, err = path.WriteString("this isn't valid json")
27+
require.NoError(t, err)
28+
29+
bl := newBanlist(tl(t), path.Name())
30+
require.Error(t, bl.update())
31+
}
32+
33+
func TestBanlistNoPaths(t *testing.T) {
34+
bl := testList(t, &Config{
35+
Domains: []string{"something.com"},
36+
})
37+
38+
assert.Empty(t, bl.urls())
39+
domains := bl.domains()
40+
assert.Len(t, domains, 1)
41+
_, ok := domains["something.com"]
42+
assert.True(t, ok)
43+
}
44+
45+
func TestBanlistNoDomains(t *testing.T) {
46+
bl := testList(t, &Config{
47+
URLs: []string{"something.com/path/to/thing"},
48+
})
49+
50+
urls := bl.urls()
51+
assert.Len(t, urls, 1)
52+
_, ok := urls["something.com/path/to/thing"]
53+
assert.True(t, ok)
54+
55+
assert.Empty(t, bl.domains())
56+
}
57+
func TestBanlistBanning(t *testing.T) {
58+
bl := testList(t, &Config{
59+
URLs: []string{"villians.com/the/joker"},
60+
Domains: []string{"sick.com"},
61+
})
62+
63+
tests := []struct {
64+
url string
65+
isBanned bool
66+
name string
67+
}{
68+
{"http://heros.com", false, "completely unbanned"},
69+
{"http://sick.com:12345", true, "banned domain with port"},
70+
{"http://sick.com", true, "banned domain without port"},
71+
{"http://siCK.com", true, "banned domain mixed case"},
72+
{"http://villians.com:12354/the/joker", true, "banned path with port"},
73+
{"http://villians.com/the/joker", true, "banned path without port"},
74+
{"http://villians.com/the/Joker", true, "banned path mixed case"},
75+
{"http://villians.com/the/joker?query=param", true, "banned path with query params"},
76+
}
77+
for _, test := range tests {
78+
t.Run(test.name, func(t *testing.T) {
79+
req := httptest.NewRequest(http.MethodGet, test.url, nil)
80+
assert.Equal(t, test.isBanned, bl.CheckRequest(req))
81+
})
82+
}
83+
}
84+
85+
func tl(t *testing.T) logrus.FieldLogger {
86+
l := logrus.New()
87+
l.SetLevel(logrus.DebugLevel)
88+
return l.WithField("test", t.Name())
89+
}
90+
91+
func testList(t *testing.T, config *Config) *Banlist {
92+
path, err := ioutil.TempFile("", "")
93+
require.NoError(t, err)
94+
defer os.Remove(path.Name())
95+
96+
require.NoError(t, json.NewEncoder(path).Encode(config))
97+
98+
bl := newBanlist(tl(t), path.Name())
99+
require.NoError(t, bl.update())
100+
return bl
101+
}

0 commit comments

Comments
 (0)