Documentation ¶
Overview ¶
Package ban provides an IP ban service, based on the Banner interface. Expected usage is as a http server middleware.
To use the service:
- create a Banner implementation. Bundled implementations include:
- Memory, recommended for single-instance services not needing persistence.
- SQL, recommended for multi-instance services or those needing persistence. All implementations support concurrent operation.
- On request handling, check the IP with Banner.IsBanned.
- To ban an IP, use Banner.Ban
- To unban an IP, use Banner.UnBan
- Management UIs/debugging can list bans with Banner.FindAll ad Banner.FindByID
- Close the instance when done using it, probably with a defer.
Index ¶
- Constants
- Variables
- type Ban
- type Banner
- type ID
- type Memory
- func (m *Memory) Ban(_ context.Context, ip net.IP) (ID, error)
- func (m *Memory) Close() error
- func (m *Memory) FindAll(ctx context.Context) ([]Ban, error)
- func (m *Memory) FindByID(ctx context.Context, id ID) (net.IP, error)
- func (m *Memory) IsBanned(ctx context.Context, ip net.IP) (bool, error)
- func (m *Memory) UnBan(ctx context.Context, ip net.IP) error
- type SQL
- func (s *SQL) Ban(ctx context.Context, ip net.IP) (ID, error)
- func (s *SQL) Close() error
- func (s *SQL) FindAll(ctx context.Context) ([]Ban, error)
- func (s *SQL) FindByID(ctx context.Context, id ID) (net.IP, error)
- func (s *SQL) IsBanned(ctx context.Context, ip net.IP) (bool, error)
- func (s *SQL) UnBan(ctx context.Context, ip net.IP) error
Constants ¶
const (
// DefaultBanListSize is a heuristic for storage sizing only.
DefaultBanListSize = 50
)
const DefaultTableName = `ban`
DefaultTableName is the default name for the table used as the storage for the SQL Flooder implementation.
const (
/* https://mariadb.com/kb/en/mariadb-error-codes/ */
ErDupEntry = 1062
)
Variables ¶
var ( // ErrAlreadyBanned is a logic error, but without consequences. It may be ignored. ErrAlreadyBanned = errors.New("already banned") // ErrInvalidID is a severe error, meaning data corruption. // Program should stop, or at the very least reset the Banner instance. ErrInvalidID = errors.New("ID is invalid") // ErrInvalidIP is a severe error, meaning data corruption. // Program should stop, or at the very least reset the Banner instance. ErrInvalidIP = errors.New("IP is invalid") // ErrNonExistentBan is a logic error, but without consequences. It may be ignored. ErrNonExistentBan = errors.New("non-existent ban") // ErrStorageInconsistency is a severe error, meaning data corruption. // Program should stop, or at the very least reset the Banner instance. ErrStorageInconsistency = errors.New("storage inconsistency") )
Functions ¶
This section is empty.
Types ¶
type Banner ¶
type Banner interface { // Closer allows closing the Banner instance. // // The interface does not define persistence considerations on a closed instance: // some implementations may persist (e.g. SQL), while others will not (e.g. Memory). io.Closer // Ban adds an IP to the ban list. // // Although it is idempotent at the storage level, repeated calls for the // same IP will return ErrAlreadyBanned, and should be seen as a logic error. Ban(ctx context.Context, ip net.IP) (ID, error) // FindAll may return large slices, and is very inefficient in the general case: // because of the concurrent access property, it only represents a crawl through // the ban storage, which may not represent an actual snapshot of that storage at any time. // // As such, it is considered an unstable function, mostly be seen as a debugging tool, // which could be used for admin UIs on sites with smaller ban lists. FindAll(ctx context.Context) ([]Ban, error) // FindByID is an administrative operation, which should not be used in the // hot path, as it may be highly inefficient (O(n) by number of IPs). // // For most situations, access the storage using IsBanned instead. FindByID(ctx context.Context, id ID) (net.IP, error) // IsBanned is the only operation meant for the hot path, and is expected to // the most used one, by far. IsBanned(ctx context.Context, ip net.IP) (bool, error) // UnBan removes an IP from the ban list. // // Although it is idempotent at the storage level, repeated calls for the // same IP will return ErrNonExistentBan, and should be seen as a logic error. UnBan(ctx context.Context, ip net.IP) error }
Banner is the interface defining the ability to ban IPs.
It has nothing to do with advertising banners or the IAB.
type Memory ¶
type Memory struct { // Map is used here because each entry is expected to be written only once, // when banning (and deleted one when unbanning) but read ofte to check access. // Keys are IPs in string format (because net.IP cannot he hashed), values are IDs. sync.Map // contains filtered or unexported fields }
Memory is an in-memory non-persistent implementation of ban.Banner. The blank value is a ready-to-use instance.
There is no guarantee that a once-Closed instance may be reused, although this is the case in the current implementation.
type SQL ¶
SQL is a RDBMS-backed Banner implementation. See NewSQL. In the current version, it only supports SQLIte > 3. TODO support other engines.
func NewSQL ¶
NewSQL creates a RDBMS-backed Banner instance.
- db is an opened sql.DB pool
- tableName is the name of the table which the service will use. If set to the empty string, it will use DefaultTableName.