in server/api/pages/bans.py [0:0]
def run(API, environ, indata, session):
global BANLIST, BAN_TS
method = environ['REQUEST_METHOD']
# Adding a new entry?
if method == "PUT":
ip = indata['source']
reason = indata['reason']
target = indata.get('target', '*')
force = indata.get('force', False)
submitter = environ.get('HTTP_PROXY_USER', 'Admin')
reason = "Banned by %s: %s" % (submitter, reason)
# Check if ban already exists
if find_rule(session.DB, 'ban', ip):
raise API.exception(400, "A ban already exists for this IP!")
# Check if this IP is within a whitelisted space
block = plugins.worker.to_block(ip)
whitelist = plugins.worker.get_whitelist(session.DB)
for white in whitelist:
if block in white:
if force:
remove_whitelist(session, white)
else:
raise API.exception(403, "IP Address is whitelisted as %s, cannot ban!" % white)
if white in block:
if force:
remove_whitelist(session, white)
else:
raise API.exception(403, "This ban would cancel whitelist entry for %s, cannot mix" % white)
# all good? Okay, add the entry then
entry = {
'ip': ip,
'reason': reason,
'target': target,
'epoch': int(time.time())
}
bid = plugins.worker.make_sha1(str(block))
session.DB.ES.index(index=session.DB.dbname, doc_type = 'ban', id = bid, body = entry)
plugins.worker.addnote(session.DB, 'manual', "Manual ban for %s added by %s: %s" % (ip, submitter, reason))
yield json.dumps({"message": "Entry added!"})
return
# Delete an entry
if method == "DELETE":
submitter = environ.get('HTTP_PROXY_USER', 'Admin')
rid = indata.get('rule')
doc = None
if re.match(r"^[a-f0-9]+$", rid):
if session.DB.ES.exists(index=session.DB.dbname, doc_type='ban', id = rid):
hit = session.DB.ES.get(index=session.DB.dbname, doc_type='ban', id = rid)
plugins.worker.addnote(session.DB, 'manual', "Ban for %s removed by %s" % (hit['_source'].get('ip', rid), submitter))
to_whitelist_temp(session.DB, hit)
session.DB.ES.delete(index=session.DB.dbname, doc_type='ban', id = rid, refresh = 'wait_for')
yield json.dumps({"message": "Entry removed"})
return
elif re.match(r"^[a-f0-9.:_]+$", rid):
if session.DB.ES.exists(index=session.DB.dbname, doc_type='ban', id = rid):
hit = session.DB.ES.get(index=session.DB.dbname, doc_type='ban', id = rid, refresh = 'wait_for')
plugins.worker.addnote(session.DB, 'manual', "Ban for %s removed by %s" % (hit['_source'].get('ip', rid), submitter))
to_whitelist_temp(session.DB, hit)
session.DB.ES.delete(index=session.DB.dbname, doc_type='ban', id = rid)
yield json.dumps({"message": "Entry removed"})
return
else:
raise API.exception(400, "Invalid rule ID specified!")
# Display the current banlist entries
if method == "GET":
# Only re-fetch banlist every 30 secs, save processing power!
if BAN_TS < (time.time() - BAN_CACHE_TIME) or 'Mozilla' in environ.get('HTTP_USER_AGENT', 'python'):
res = session.DB.ES.search(
index=session.DB.dbname,
doc_type="ban",
size = 10000,
body = {
'query': {
'match_all': {}
}
}
)
BANLIST = []
for hit in res['hits']['hits']:
doc = hit['_source']
ip = doc.get('ip')
if not ip:
ip = hit['_id'].replace('_', '/') # backwards compat
if ip:
doc['ip'] = ip.strip()
doc['rid'] = hit['_id']
BANLIST.append(doc)
BAN_TS = time.time()
JSON_OUT = {
'bans': BANLIST
}
yield json.dumps(JSON_OUT)
return
# Finally, if we hit a method we don't know, balk!
yield API.exception(400, "I don't know this request method!!")