init work remote API

2021-10-02 20:29:50 +02:00
parent 5d94cc8f43
commit 64aa9c2530
6 changed files with 165 additions and 0 deletions
--- a/confs/global/init-lua.conf
+++ b/confs/global/init-lua.conf
@@ -3,6 +3,7 @@ init_by_lua_block {
 local dataloader		= require "dataloader"
 local logger			= require "logger"
 local cjson			= require "cjson"
+local remoteapi			= require "remoteapi"

 local use_redis			= {% if USE_REDIS == "yes" %}true{% else %}false{% endif +%}

@@ -12,6 +13,8 @@ local use_tor_exit_nodes	= {% if has_value("BLOCK_TOR_EXIT_NODE", "yes") %}true{
 local use_user_agents		= {% if has_value("BLOCK_USER_AGENT", "yes") %}true{% else %}false{% endif +%}
 local use_referrers		= {% if has_value("BLOCK_REFERRER", "yes") %}true{% else %}false{% endif +%}

+local use_remote_api		= {% if has_value("USE_REMOTE_API", "yes") %}true{% else %}false{% endif +%}
+
 if not use_redis then
 	if use_proxies then
 		dataloader.load_ip("/etc/nginx/proxies.list", ngx.shared.proxies_data)
@@ -72,4 +75,44 @@ for dir in p:lines() do
 end
 p:close()

+-- Remote API
+if use_remote_api then
+
+	-- Save server
+	ngx.shared.remote_api:set("server", "{{ REMOTE_API_SERVER }}", 0)
+
+	-- Save version
+	local f = io.open("/opt/bunkerized-nginx/VERSION", "r")
+	ngx.shared.remote_api:set("version", f:read("*all"), 0)
+	f:close()
+
+	-- Save and ask a machine ID if needed
+	local f = io.open("/opt/bunkerized-nginx/cache/machine.id", "rw")
+	if f == nil then
+		local res, id = remoteapi.register()
+		if not res then
+			logger.log(ngx.ERR, "REMOTE API", "Can't register to the remote API")
+		else
+			logger.log(ngx.ERR, "REMOTE API", "Successfully registered to the remote API")
+			f:write(data)
+			ngx.shared.remote_api:set("id", data, 0)
+		end
+	else
+		logger.log(ngx.ERR, "REMOTE API", "*NOT AN ERROR* Using existing machine ID from cache")	
+		id = f:read("*all")
+	end
+	f:close()
+
+	-- Test the machine ID
+	if id ~= nil then
+		local res, pong = remoteapi.ping()
+		if not res or pong ~= "pong" then
+			logger.log(ngx.ERR, "REMOTE API", "Ping failed, the remote server may be down or your machine ID is invalid")
+		else
+			logger.log(ngx.ERR, "REMOTE API", "*NOT AN ERROR* Ping successful")
+		end
+	end
+
+end
+
 }
--- a/confs/global/nginx.conf
+++ b/confs/global/nginx.conf
@@ -91,6 +91,7 @@ http {
 	{% if has_value("USE_BAD_BEHAVIOR", "yes") %}lua_shared_dict behavior_ban 10m;{% endif +%}
 	{% if has_value("USE_BAD_BEHAVIOR", "yes") %}lua_shared_dict behavior_count 10m;{% endif +%}
 	lua_shared_dict plugins_data 10m;
+	{% if has_value("USE_REMOTE_API", "yes") %}lua_shared_dict remote_api 1m;{% endif +%}

 	# shared memory zone for limit_req
 	{% if has_value("USE_LIMIT_REQ", "yes") %}limit_req_zone $binary_remote_addr$uri zone=limit:{{ LIMIT_REQ_CACHE }} rate={{ LIMIT_REQ_RATE }};{% endif +%}
--- a/confs/site/log-lua.conf
+++ b/confs/site/log-lua.conf
@@ -1,5 +1,7 @@
 log_by_lua_block {

+local logger			= require "logger"
+
 -- bad behavior
 local use_bad_behavior		= {% if USE_BAD_BEHAVIOR == "yes" %}true{% else %}false{% endif +%}
 local behavior			= require "behavior"
@@ -12,4 +14,20 @@ if use_bad_behavior then
 	behavior.count(bad_behavior_status_codes, bad_behavior_threshold, bad_behavior_count_time, bad_behavior_ban_time)
 end

+-- remote API
+local use_remote_api            = {% if USE_REMOTE_API == "yes" %}true{% else %}false{% endif +%}
+local remoteapi			= require "remoteapi"
+
+if use_remote_api then
+	if ngx.status == ngx.HTTP_FORBIDDEN then
+		-- TODO check if IP is global + good reason
+		local res, data = remoteapi.ip(ngx.var.remote_addr, "other")
+		if res then
+			logger.log(ngx.NOTICE, "REMOTE API", "Successfully reported ip " .. ngx.var.remote_addr)			
+		else
+			logger.log(ngx.ERR, "REMOTE API", "Error while reporting ip " .. ngx.var.remote_addr .. " : " .. data)
+		end
+	end
+end
+
 }