linka-cloud/grpc
2
0
Fork 0
mirror of https://github.com/linka-cloud/grpc.git synced 2024-06-25 23:39:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

ban: more defaults options, simpler callback

Browse Source 
Signed-off-by: Adphi <philippe.adrien.nousse@gmail.com>
This commit is contained in:
Adphi 2022-12-07 14:09:36 +01:00
parent 01b37a0d91
commit ef9a12d89e
Signed by: adphi
GPG Key ID: 46BE4062DB2397FF
4 changed files with 87 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
example/example.go
View File

@ -138,7 +138,10 @@ func run(opts ...service.Option) {
service.WithMiddlewares(httpLogger),
service.WithInterceptors(metrics),
service.WithServerInterceptors(
ban.NewInterceptors(),
ban.NewInterceptors(ban.WithDefaultJailDuration(time.Second), ban.WithDefaultCallback(func(action ban.Action, actor string, rule *ban.Rule) error {
log.WithFields("action", action, "actor", actor, "rule", rule.Name).Info("ban callback")
return nil
})),
auth.NewServerInterceptors(auth.WithBasicValidators(func(ctx context.Context, user, password string) (context.Context, error) {
if !auth.Equals(user, "admin") || !auth.Equals(password, "admin") {
return ctx, fmt.Errorf("invalid user or password")
@ -187,7 +190,7 @@ func run(opts ...service.Option) {
}
g := NewGreeterClient(s)
h := grpc_health_v1.NewHealthClient(s)
for i := 0; i < 4; i++ {
for i := 0; i < 5; i++ {
_, err := h.Check(ctx, &grpc_health_v1.HealthCheckRequest{})
if err != nil {
log.Error(err)
@ -195,6 +198,8 @@ func run(opts ...service.Option) {
log.Fatalf("expected error")
}
}
log.Infof("waiting for unban")
time.Sleep(time.Second)
s, err = client.New(append(copts, client.WithInterceptors(auth.NewBasicAuthClientIntereptors("admin", "admin")))...)
if err != nil {
log.Fatal(err)

17
interceptors/ban/ban.go
View File

@ -27,16 +27,21 @@ func NewInterceptors(opts ...Option) interceptors.ServerInterceptors {
rules := make(map[codes.Code]Rule)
for _, r := range o.rules {
rules[r.Code] = r
callback := r.Callback
if callback == nil {
callback = o.defaultCallback
}
expire := r.JailDuration
if expire == 0 {
expire = o.defaultJailDuration
}
s.AddRule(&badactor.Rule{
Name: r.Name,
Message: r.Message,
StrikeLimit: r.StrikeLimit,
ExpireBase: r.ExpireBase,
Sentence: r.Sentence,
Action: &action{
whenJailed: r.WhenJailed,
whenTimeServed: r.WhenTimeServed,
},
ExpireBase: expire,
Sentence: expire,
Action: &action{fn: callback},
})
}
// we ignore the error because CreateDirectors never returns an error

38
interceptors/ban/options.go
View File

@ -16,10 +16,12 @@ const (
var (
defaultOptions = options{
cap: 1024,
reaperInterval: 10 * time.Minute,
rules: defaultRules,
actorFunc: DefaultActorFunc,
cap: 1024,
reaperInterval: 10 * time.Minute,
rules: defaultRules,
actorFunc: DefaultActorFunc,
defaultCallback: nil,
defaultJailDuration: 10 * time.Second,
}
defaultRules = []Rule{
@ -28,16 +30,12 @@ var (
Message: "Too many unauthorized requests",
Code: codes.PermissionDenied,
StrikeLimit: 3,
ExpireBase: time.Second * 10,
Sentence: time.Second * 10,
},
{
Name: Unauthenticated,
Message: "Too many unauthenticated requests",
Code: codes.Unauthenticated,
StrikeLimit: 3,
ExpireBase: time.Second * 10,
Sentence: time.Second * 10,
},
}
)
@ -79,9 +77,23 @@ func WithActorFunc(f func(context.Context) (name string, found bool, err error))
}
}
type options struct {
cap int32
rules []Rule
reaperInterval time.Duration
actorFunc func(ctx context.Context) (name string, found bool, err error)
func WithDefaultCallback(f ActionCallback) Option {
return func(o *options) {
o.defaultCallback = f
}
}
func WithDefaultJailDuration(expire time.Duration) Option {
return func(o *options) {
o.defaultJailDuration = expire
}
}
type options struct {
cap int32
rules []Rule
reaperInterval time.Duration
actorFunc func(ctx context.Context) (name string, found bool, err error)
defaultCallback ActionCallback
defaultJailDuration time.Duration
}

74
interceptors/ban/rule.go
View File

@ -7,46 +7,60 @@ import (
"google.golang.org/grpc/codes"
)
type ActionCallback func(action Action, actor string, rule *Rule) error
type Action int
const (
Jailed Action = iota
Released
)
func (a Action) String() string {
switch a {
case Jailed:
return "Jailed"
case Released:
return "Released"
default:
return "Unknown"
}
}
type Rule struct {
Name string
Message string
Code codes.Code
StrikeLimit int
ExpireBase time.Duration
Sentence time.Duration
// WhenJailed is an optional function to call when an Actor isJailed
WhenJailed func(actor string, r *Rule) error
// WhenTimeServed is an optional function to call when an Actor is released because of timeServed
WhenTimeServed func(actor string, r *Rule) error
Name string
Message string
Code codes.Code
StrikeLimit int
JailDuration time.Duration
// Callback is an optional function to call when an Actor isJailed or released because of timeServed
Callback ActionCallback
}
type action struct {
whenJailed func(actor string, r *Rule) error
whenTimeServed func(actor string, r *Rule) error
fn ActionCallback
}
func (a2 *action) WhenJailed(a *badactor.Actor, r *badactor.Rule) error {
if a2.whenJailed != nil {
return a2.whenJailed(a.Name(), &Rule{
Name: r.Name,
Message: r.Message,
StrikeLimit: r.StrikeLimit,
ExpireBase: r.ExpireBase,
Sentence: r.Sentence,
})
if a2.fn == nil {
return nil
}
return nil
return a2.fn(Jailed, a.Name(), &Rule{
Name: r.Name,
Message: r.Message,
StrikeLimit: r.StrikeLimit,
JailDuration: r.ExpireBase,
})
}
func (a2 *action) WhenTimeServed(a *badactor.Actor, r *badactor.Rule) error {
if a2.whenTimeServed != nil {
return a2.whenTimeServed(a.Name(), &Rule{
Name: r.Name,
Message: r.Message,
StrikeLimit: r.StrikeLimit,
ExpireBase: r.ExpireBase,
Sentence: r.Sentence,
})
if a2.fn == nil {
return nil
}
return nil
return a2.fn(Released, a.Name(), &Rule{
Name: r.Name,
Message: r.Message,
StrikeLimit: r.StrikeLimit,
JailDuration: r.ExpireBase,
})
}