ip_filter 0.8.0

data/lib/ip_filter.rb

@@ -0,0 +1,100 @@
+require 'ip_filter/configuration'
+require 'ip_filter/cache'
+require 'ip_filter/request'
+require 'ip_filter/lookups/geoip'
+require 'ip_filter/providers/s3'
+require 'ip_filter/providers/max_mind'
+
+module IpFilter
+  extend self
+  attr_accessor :updated_at
+  attr_reader :lookups, :refresh_inprogress
+
+  # Better configuration handling ( like Pros !)
+  class << self
+    attr_accessor :configuration
+  end
+
+  def self.configure
+    self.configuration ||= IpFilter::Configuration.new
+    yield(configuration)
+  end
+
+  # Back to IpFilter job
+
+  # Search for information about an address.
+  def search(query)
+    if !ip_address?(query) && query.blank?
+      raise ArgumentError, 'invalid address'
+    end
+
+    begin
+      get_lookup.search(query)
+    rescue
+      sleep(0.300) # wait to reload the file
+      get_lookup.search(query)
+    end
+  end
+
+  # The working Cache object, or +nil+ if none configured.
+  def cache
+    @cache ||= configuration.cache
+  end
+
+  def s3
+    return @s3 unless @s3.nil?
+    if !configuration.s3_access_key_id.nil? &&
+       !configuration.s3_secret_access_key.nil?
+      return @s3 ||= IpFilter::S3.new
+    end
+    @s3
+  end
+
+  def maxmind
+    @maxmind ||= IpFilter::Providers::MaxMind.new
+  end
+
+  def reference_file
+    configuration.geo_ip_dat
+  end
+
+  def database_files
+    Dir[configuration.data_folder + '/*.dat']
+  end
+
+  private
+
+  def refresh_db
+    configuration.update_method.call
+    IpFilter.cache.reset unless IpFilter.cache.nil?
+    @updated_at = Time.now
+    @lookups = IpFilter::Lookup::Geoip.new
+  ensure
+    @refresh_inprogress = false
+  end
+
+  # Retrieve a Lookup object from the store.
+  def get_lookup
+    @updated_at ||= Time.now
+    if !@refresh_inprogress && (@lookups.nil? || Time.now.to_i > (@updated_at.to_i + IpFilter.configuration.refresh_delay))
+      @refresh_inprogress = true
+      Thread.new { refresh_db }
+    end
+    @lookups ||= IpFilter::Lookup::Geoip.new
+  end
+
+  # Checks if value looks like an IP address.
+  #
+  # Does not check for actual validity, just the appearance of four
+  # dot-delimited numbers.
+  def ip_address?(value)
+    !!value.to_s.match(
+      %r(^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})(\/\d{1,2}){0,1}$)
+    )
+  end
+end
+
+if defined?(Rails)
+  require 'ip_filter/railtie'
+  IpFilter::Railtie.insert
+end

data/lib/ip_filter/cache.rb

@@ -0,0 +1,30 @@
+require 'ip_filter/cache/dallistore'
+require 'ip_filter/cache/redis'
+
+module IpFilter
+
+  # For now just a simple wrapper class for a Memcache client.
+  class Cache
+    attr_reader :cached_at
+    attr_reader :prefix, :store
+
+    def initialize(store, prefix = IpFilter.configuration.cache_prefix)
+      @store = store
+      @prefix = prefix
+      @cached_at ||= DateTime.now
+    end
+
+    def serialize_output(value)
+      if !value.nil? && value != 'null'
+        value = JSON.parse(value) if value.is_a? String
+        return OpenStruct.new(value)
+      end
+      return nil
+    end
+
+    # Cache key for a given URL.
+    def key_for(ip)
+      [prefix, ip].join
+    end
+  end
+end

data/lib/ip_filter/cache/dallistore.rb

@@ -0,0 +1,39 @@
+module IpFilter
+  class Cache
+    class DalliStore < IpFilter::Cache
+
+      # Clean Cache (not available, as DalliStore cannot iterate on cache)
+      def reset
+        logger.warning "Cannot reset ip_filter cache with DalliStore, you must reset all your cache manually."
+      end
+
+      # Read from the Cache.
+      def [](ip)
+        result = case
+          when store.respond_to?(:read)
+            store.read key_for(ip)
+          when store.respond_to?(:[])
+            store[key_for(ip)]
+          when store.respond_to?(:get)
+            store.get key_for(ip)
+        end
+        # this method is inherited from IpFilter::Cache
+        serialize_output(result)
+      end
+
+      # Write to the Cache.
+      def []=(ip, value)
+        case
+          when store.respond_to?(:write)
+            store.write key_for(ip), value
+          when store.respond_to?(:[]=)
+            store[key_for(ip)] = value
+          when store.respond_to?(:set)
+            store.set key_for(ip), value
+        end
+      end
+
+
+    end
+  end
+end

data/lib/ip_filter/cache/redis.rb

@@ -0,0 +1,26 @@
+require "json"
+
+module IpFilter
+  class Cache
+    class Redis < IpFilter::Cache
+
+      def reset
+        keys = store.keys("#{@prefix}*")
+        store.del keys unless keys.empty?
+      end
+
+      # Read from the Cache.
+      def [](ip)
+        value = store.get(key_for(ip))
+        # this method is inherited from IpFilter::Cache
+        serialize_output(value)
+      end
+
+      # Write to the Cache.
+      def []=(ip, value)
+        store.set(key_for(ip), value.to_json)
+      end
+
+    end
+  end
+end

data/lib/ip_filter/configuration.rb

@@ -0,0 +1,47 @@
+module IpFilter
+  class Configuration
+    attr_accessor :data_folder, :geo_ip_dat, :geoip_level, :update_method,
+                  :ip_code_type, :ip_codes, :ip_whitelist, :ip_exception,
+                  :allow_loopback, :cache, :cache_prefix, :geoipupdate_config,
+                  :s3_access_key_id, :s3_secret_access_key, :s3_bucket_name,
+                  :refresh_delay
+
+    def initialize
+      # Folder containing GeoIP database files.
+      @data_folder = '/tmp/geoip'
+      # Level of filtering : Country, city...
+      @geo_ip_dat = 'data/GeoIP.dat'
+      @geoip_level = :country
+      # Logic to use to update geoip.dat file
+      @update_method = []
+      # Must be 'country_code', 'country_code2', 'country_code3',
+      # 'country_name', 'continent_code'
+      @ip_code_type = nil
+      # Must be of the corresponding format as :ip_code_type
+      @ip_codes = []
+      # Whitelist of IPs
+      @ip_whitelist = []
+      # Exceptions that should not be rescued by default
+      # (if you want to implement custom error handling);
+      @ip_exception = Exception.new
+      # Allow loopback Ip
+      @allow_loopback = true
+      # cache object (must respond to #[], #[]=, and #keys)
+      @cache = nil
+      # prefix (string) to use for all cache keys
+      @cache_prefix = 'ip_filter:'
+      # Configuration path for geoipupdate binary
+      @geoipupdate_config = '/usr/local/etc/GeoIP.conf'
+      ## S3 credentials ##
+      # if access_key_id is nil, S3 isn't loaded.
+      @s3_access_key_id = nil
+      # S3 Secret API key
+      @s3_secret_access_key = nil
+      # S3 bucket name
+      @s3_bucket_name = 'ip_filter-geoip'
+      # Cache refresh delay, every 24 hours by default
+      @refresh_delay = 86400
+    end
+
+  end
+end

data/lib/ip_filter/controller/geo_ip_lookup.rb

@@ -0,0 +1,78 @@
+module IpFilter
+  module Controller
+    module GeoIpLookup
+      # Mix below class methods into ActionController.
+      def self.included(base)
+        base.send :include, InstanceMethods
+        base.send :extend, ClassMethods
+      end
+
+      #
+      # Class methods
+      #
+      module ClassMethods
+        def validate_ip(filter_options = {}, &block)
+          if block
+            before_filter filter_options do |controller|
+              controller.check_ip_location(block)
+            end
+          else
+            before_filter :check_ip_location, filter_options
+          end
+        end
+
+        def skip_validate_ip(filter_options = {})
+          skip_before_filter(:check_ip_location, filter_options)
+        end
+
+        def code_type
+          @code_type ||= IpFilter.configuration.ip_code_type.to_sym
+        end
+
+        def codes
+          IpFilter.configuration.ip_codes
+        end
+
+        def whitelist
+          IpFilter.configuration.ip_whitelist
+        end
+
+        def allow_loopback?
+          @allow_loopback ||= IpFilter.configuration.allow_loopback
+        end
+      end
+
+      #
+      # Instance methods
+      #
+      module InstanceMethods
+        private
+
+        def check_ip_location(block = nil)
+          code  = request.location[self.class.code_type]
+          ip    = request.remote_ip || request.ip
+
+          perform_check = self.class.allow_loopback? ? (code != 'N/A') : true
+
+          if perform_check
+            unless valid_code?(code) || valid_ip?(ip)
+              block ? block.call : IpFilter.configuration.ip_exception.call
+            end
+          end
+        end
+
+        def valid_code?(code)
+          code.in? self.class.codes
+        end
+
+        def valid_ip?(ip)
+          # go through each IP range and validate IP against it
+          Array.wrap(self.class.whitelist).any? do |ip_range|
+            IPAddr.new(ip_range).include?(ip)
+          end
+        end
+      end
+      # end of module
+    end
+  end
+end

data/lib/ip_filter/lookups/base.rb

@@ -0,0 +1,60 @@
+require 'ipaddr'
+
+module IpFilter
+  module Lookup
+    class Base
+
+      # A number of non-routable IP ranges.
+      #
+      # --
+      # Sources for these:
+      #   RFC 3330: Special-Use IPv4 Addresses
+      #   The bogon list: http://www.cymru.com/Documents/bogon-list.html
+      NON_ROUTABLE_IP_RANGES = [
+        IPAddr.new('0.0.0.0/8'),      # "This" Network
+        IPAddr.new('10.0.0.0/8'),     # Private-Use Networks
+        IPAddr.new('14.0.0.0/8'),     # Public-Data Networks
+        IPAddr.new('127.0.0.0/8'),    # Loopback
+        IPAddr.new('169.254.0.0/16'), # Link local
+        IPAddr.new('172.16.0.0/12'),  # Private-Use Networks
+        IPAddr.new('192.0.2.0/24'),   # Test-Net
+        IPAddr.new('192.168.0.0/16'), # Private-Use Networks
+        IPAddr.new('198.18.0.0/15'),  # Network Interconnect Device Benchmark Testing
+        IPAddr.new('224.0.0.0/4'),    # Multicast
+        IPAddr.new('240.0.0.0/4')     # Reserved for future use
+      ].freeze
+
+
+      # Query the GeoIP database for a given IP address, and returns information about
+      # the region/country where the IP address is allocated.
+      #
+      # Takes a search string (eg: "205.128.54.202") for country info
+      # Returns an array of <tt>IpFilter::Result</tt>s.
+      def search(query)
+        results(query).map { |r| result_class.new(r) }
+      end
+
+      private
+
+      # IpFilter::Result object or nil on timeout or other error.
+      def results(query, reverse = false)
+        raise NotImplementedError.new
+      end
+
+      # Class of the result objects.
+      def result_class
+        IpFilter::Result.const_get(self.class.to_s.split(":").last)
+      end
+
+      # The working Cache object.
+      def cache
+        IpFilter.cache
+      end
+
+      # Checks if address is a loopback/private address range.
+      def loopback_address?(ip)
+        NON_ROUTABLE_IP_RANGES.any? { |range| range.include?(ip) }
+      end
+    end
+  end
+end

data/lib/ip_filter/lookups/geoip.rb

@@ -0,0 +1,41 @@
+require 'ip_filter/lookups/base'
+require 'ip_filter/results/geoip'
+require 'geoip'
+
+module IpFilter
+  module Lookup
+    class Geoip < Base
+      private
+
+      def fetch_data(query)
+        data = cache[query]
+        unless cache && data
+          data = geo_ip_lookup.country(query).to_hash
+          cache[query] = data if cache
+        end
+        data
+      end
+
+      def geo_ip_lookup
+        @geo_ip_lookup ||= GeoIP.new(IpFilter.reference_file)
+      end
+
+      def results(query)
+        # don't look up a loopback address, just return the stored result
+        return [reserved_result(query)] if loopback_address?(query)
+        [fetch_data(query)]
+      end
+
+      def reserved_result(ip)
+        {
+          ip:             ip,
+          country_code:   'N/A',
+          country_code2:  'N/A',
+          country_code3:  'N/A',
+          country_name:   'N/A',
+          continent_code: 'N/A'
+        }
+      end
+    end
+  end
+end

data/lib/ip_filter/providers/max_mind.rb

@@ -0,0 +1,52 @@
+require 'fileutils'
+
+module IpFilter
+  module Providers
+    class MaxMind
+      attr_reader :files
+
+      def initialize
+        check_geoipupdate_presence!
+        refresh_file_list!
+        update! if @files.empty?
+        return @files
+      end
+
+      def update!
+        # Execute geoipupdate command.
+        if %x{geoipupdate -f #{config} -d #{folder}}
+          refresh_file_list!
+          return true
+        end
+        return false
+      end
+
+      def config
+        @config ||= IpFilter.configuration.geoipupdate_config
+      end
+
+      def folder
+        @folder ||= IpFilter.configuration.data_folder
+      end
+
+      def refresh_file_list!
+        @files = Dir["#{folder}/*.dat"]
+      end
+
+      protected
+
+      def check_geoipupdate_presence!
+        if not %x{command -v geoipupdate >/dev/null 2>&1 || { 'false'>&2; exit 1; }}
+          puts 'WARNING: `geoipupdate` binary is required, to setup it do the following :'
+          puts 'First, add the maxmind ppa repository: `add-apt-repository ppa:maxmind/ppa`'
+          puts 'Next, update your package list: `apt-get update`'
+          puts 'Finally, setup the package: `apt-get install geoipupdate`'
+          raise "Missing binary : geoipupdate"
+        end
+        return true
+      end
+
+
+    end
+  end
+end