diff options
-rw-r--r-- | Bugzilla.pm | 2 | ||||
-rw-r--r-- | Bugzilla/ModPerl/BlockIP.pm | 67 | ||||
-rw-r--r-- | Bugzilla/Quantum.pm | 1 | ||||
-rwxr-xr-x | scripts/block-ip.pl | 10 |
4 files changed, 31 insertions, 49 deletions
diff --git a/Bugzilla.pm b/Bugzilla.pm index 4fbcd533e..f5516d247 100644 --- a/Bugzilla.pm +++ b/Bugzilla.pm @@ -801,7 +801,7 @@ sub check_rate_limit { my $limit = join("/", @$limit); Bugzilla->audit("[rate_limit] action=$action, ip=$ip, limit=$limit, name=$name"); if ($action eq 'block') { - Bugzilla::ModPerl::BlockIP->block_ip($ip); + $Bugzilla::Quantum::CGI::C->block_ip($ip); ThrowUserError("rate_limit"); } } diff --git a/Bugzilla/ModPerl/BlockIP.pm b/Bugzilla/ModPerl/BlockIP.pm index 4e9a4be5c..57f61c71f 100644 --- a/Bugzilla/ModPerl/BlockIP.pm +++ b/Bugzilla/ModPerl/BlockIP.pm @@ -1,64 +1,43 @@ -package Bugzilla::ModPerl::BlockIP; +package Bugzilla::Quantum::Plugin::BlockIP; use 5.10.1; -use strict; -use warnings; +use Mojo::Base 'Mojolicious::Plugin'; -use Apache2::RequestRec (); -use Apache2::Connection (); - -use Apache2::Const -compile => qw(OK); -use Cache::Memcached::Fast; +use Bugzilla::Memcached; use constant BLOCK_TIMEOUT => 60*60; my $MEMCACHED = Bugzilla::Memcached->_new()->{memcached}; -my $STATIC_URI = qr{ - ^/ - (?: extensions/[^/]+/web - | robots\.txt - | __heartbeat__ - | __lbheartbeat__ - | __version__ - | images - | skins - | js - | errors - ) -}xms; -sub block_ip { +sub register { + my ( $self, $app, $conf ) = @_; + + $app->hook(before_routes => \&_before_routes) + $app->helper(block_ip => \&_block_ip); + $app->helper(unblock_ip => \&_unblock_ip); +} + +sub _block_ip { my ($class, $ip) = @_; $MEMCACHED->set("block_ip:$ip" => 1, BLOCK_TIMEOUT) if $MEMCACHED; } -sub unblock_ip { +sub _unblock_ip { my ($class, $ip) = @_; $MEMCACHED->delete("block_ip:$ip") if $MEMCACHED; } -sub handler { - my $r = shift; - return Apache2::Const::OK if $r->uri =~ $STATIC_URI; - - my $ip = $r->headers_in->{'X-Forwarded-For'}; - if ($ip) { - $ip = (split(/\s*,\s*/ms, $ip))[-1]; - } - else { - $ip = $r->connection->remote_ip; - } +sub _before_routes { + my ( $c ) = @_; + return if $c->stash->{'mojo.static'}; + my $ip = $c->tx->remote_address; + $c->app->log->debug("remote ip: $ip"); if ($MEMCACHED && $MEMCACHED->get("block_ip:$ip")) { - __PACKAGE__->block_ip($ip); - $r->status_line("429 Too Many Requests"); - # 500 is used here because apache 2.2 doesn't understand 429. - # the above line and the return value together mean we produce 429. - # Any other variation doesn't work. - $r->custom_response(500, "Too Many Requests"); - return 429; - } - else { - return Apache2::Const::OK; + $c->block_ip($ip); + $c->res->code(429); + $c->res->message("Too Many Requests"); + $c->res->body("Too Many Requests"); + $c->finish; } } diff --git a/Bugzilla/Quantum.pm b/Bugzilla/Quantum.pm index b11e183d2..e1cf94f2c 100644 --- a/Bugzilla/Quantum.pm +++ b/Bugzilla/Quantum.pm @@ -32,6 +32,7 @@ sub startup { $self->plugin('Bugzilla::Quantum::Plugin::Glue'); $self->plugin('Bugzilla::Quantum::Plugin::Hostage'); + $self->plugin('Bugzilla::Quantum::Plugin::BlockIP'); my $r = $self->routes; Bugzilla::Quantum::CGI->load_all($r); diff --git a/scripts/block-ip.pl b/scripts/block-ip.pl index b767a1fd5..3fa66d336 100755 --- a/scripts/block-ip.pl +++ b/scripts/block-ip.pl @@ -12,8 +12,8 @@ use warnings; use lib qw(. lib local/lib/perl5); use Bugzilla; +use Bugzilla::Quantum; use Bugzilla::Constants; -use Bugzilla::ModPerl::BlockIP; use Getopt::Long; Bugzilla->usage_mode(USAGE_MODE_CMDLINE); @@ -23,10 +23,12 @@ GetOptions('unblock' => \$unblock); pod2usage("No IPs given") unless @ARGV; +my $app = Bugzilla::Quantum->new; + if ($unblock) { - Bugzilla::ModPerl::BlockIP->unblock_ip($_) for @ARGV; + $app->unblock_ip($_) for @ARGV; } else { - Bugzilla::ModPerl::BlockIP->block_ip($_) for @ARGV; + $app->block_ip($_) for @ARGV; } =head1 NAME @@ -52,4 +54,4 @@ If passed, the IPs will be unblocked instead of blocked. Use this to remove IPs =head1 DESCRIPTION -This is just a simple CLI inteface to L<Bugzilla::ModPerl::BlockIP>. +This is just a simple CLI inteface to L<Bugzilla::Quantum::Plugin::BlockIP>. |