rack-dedos 0.2.2 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5358dccb09197e0042d35f689f02a913a8c566e975b2bac47c7dbdfbd4c01c56
-  data.tar.gz: 63c029725b96d240ac4700c02585772b8a8a843c2e8fcca574ada29ae344a740
+  metadata.gz: 499458581f04fa158a8cd0bfb41068b72c41e0d33c0a4321aeaa123a66af7c53
+  data.tar.gz: 22777d21fa4db1beb2571792683835780a561dd466c366803212b88a5e828711
 SHA512:
-  metadata.gz: bc44d5579d132a3960f280f26f8c4f0b1eca01d7001d15d5dbfbe907fbc08f2a0d0ad775e610c018ff1f8f7cef6e47611bcf0ad0c4618cf5eed100d59cc97188
-  data.tar.gz: 329b51f582b0c664b1754f8f8169b8623c0675695171560aadacd3ce6963863644ced781a144c8d55d35d8de5cd75801f85a1d7640ff4bba43e6f14ab0196679
+  metadata.gz: 889de2da536b7376f39e901caa59e78fb3a59faffd3dddb833051dafe8fae40199d31125ea1c5595480df4cb85cfb61edeb0e3a224335e0a512a503c5275121f
+  data.tar.gz: 22c1060501f2c686b8ad0f499e9ffd366d99640aedcc40f84ac94208ed6e5a917c03e3ad82ae0583705306bb6d9ca09a350e82c838466dbc34316bc24560ff34

data/CHANGELOG.md

@@ -2,28 +2,59 @@
 
 Nothing so far
 
+## 0.4.0
+
+### Changes
+* Drop certs
+* Add action for trusted release
+
+## 0.3.2
+
+### Changes
+* Resolve all paths to prevent problems with relative paths
+
+## 0.3.1
+
+### Changes
+* Root `File` operations to prevent clashes with Rack
+
+## 0.3.0
+
+### Changes
+* Convert `geoipget` from Bash to Ruby
+
+## 0.2.4
+
+### Changes
+* Use Bash for `geoipget` to prevent problems with `/bin/sh` diversity
+
+## 0.2.3
+
+### Additions
+* `geoipget` shell script
+
 ## 0.2.2
 
-#### Changes
+### Changes
 * Update to Ruby 3.4
 
 ## 0.2.1
 
-#### Fixes
+### Fixes
 
 * Fix paths on conditional requires
 * Renew certificate
 
 ## 0.2.0
 
-#### Changes
+### Changes
 
 * Determine real client IP
 * Drop autoload and put filters in proper namespace
 
 ## 0.1.0
 
-#### Initial implementation
+### Initial implementation
 
 * UserAgent filter
 * Country filter

data/README.md

@@ -19,16 +19,6 @@ Thank you for supporting free and open-source software by sponsoring on [GitHub]
 
 ## Install
 
-### Security
-
-This gem is [cryptographically signed](https://guides.rubygems.org/security/#using-gems) in order to assure it hasn't been tampered with. Unless already done, please add the author's public key as a trusted certificate now:
-
-```
-gem cert --add <(curl -Ls https://raw.github.com/svoop/rack-dedos/main/certs/svoop.pem)
-```
-
-### Bundler
-
 Add the following to the <tt>Gemfile</tt> or <tt>gems.rb</tt> of your [Bundler](https://bundler.io) powered Ruby project:
 
 ```ruby
@@ -38,7 +28,7 @@ gem 'rack-dedos'
 And then install the bundle:
 
 ```
-bundle install --trust-policy MediumSecurity
+bundle install
 ```
 
 ## Configuration
@@ -125,18 +115,13 @@ Either allow or deny requests by probable country of origin. If both are set, th
 
 The MaxMind GeoLite2 database is free, however, you have to create an account on [maxmind.com](https://www.maxmind.com) and then download the country database.
 
-For automatic updates, create a `geoipupdate.conf` file and then use the [geoipupdate tool](https://github.com/maxmind/geoipupdate/releases) to fetch the latest country database:
+For automatic updates, create a `geoipupdate.conf` file and then use the [geoipupdate tool for your arch](https://github.com/maxmind/geoipupdate/releases) to fetch the latest country database.
+
+The bundled `geoipget` executable does all this in one swipe:
 
 ```
-version=4.10.0
-arch=linux_amd64
-conf=/etc/geoipupdate.conf
-dir=/var/db/maxmind/
-
-mkdir -p "${dir}"
-wget --quiet -O /tmp/geoipupdate.tgz https://github.com/maxmind/geoipupdate/releases/download/v${version}/geoipupdate_${version}_${arch}.tar.gz
-tar -xz -C /tmp -f /tmp/geoipupdate.tgz
-/tmp/geoipupdate_${version}_${arch}/geoipupdate -f "${conf}" -d "${dir}"
+geoipget --help
+geoipget --dir . --arch linux_amd64 /etc/geoipupdate.conf
 ```
 
 ## Real Client IP

data/exe/geoipget

@@ -0,0 +1,5 @@
+#!/usr/bin/env ruby
+
+require 'rack/dedos'
+
+Rack::Dedos::Executables::Geoipget.new.run

data/lib/rack/dedos/executables/geoipget.rb

@@ -0,0 +1,98 @@
+# frozen_string_literal: true
+
+require 'optparse'
+require 'tmpdir'
+require 'open-uri'
+require 'json'
+require 'rubygems/package'
+
+module Rack
+  module Dedos
+    module Executables
+      class Geoipget
+        attr_reader :config, :dir, :arch
+
+        def initialize(**options)
+          @arch, @dir = 'linux_amd64', '.'
+          OptionParser.new do |o|
+            o.banner = <<~END
+              Download the geoip database from Maxmind.
+              Usage: #{::File.basename($0)} CONFIG_FILE
+            END
+            o.on('-a', '--arch ARCH', String, "architecture (default: #{arch})") { @arch = _1 }
+            o.on('-d', '--dir DIR', String, "destination directory (default: #{dir})") { @dir = _1 }
+            o.on('-A', '--about', 'show author/license information and exit') { self.class.about }
+            o.on('-V', '--version', 'show version and exit') { self.class.version }
+          end.parse!
+          @config = ARGV.first
+        end
+
+        def run
+          fail "cannot read config file #{config}" unless config && ::File.readable?(config)
+          Maxmind.new(::File.realpath(config), ::File.realpath(dir), arch).get
+        end
+
+        def self.about
+          puts 'Written by Sven Schwyn (bitcetera.com) and distributed under MIT license.'
+          exit
+        end
+
+        def self.version
+          puts Rack::Dedos::VERSION
+          exit
+        end
+
+        class Maxmind
+          REPO = "maxmind/geoipupdate"
+
+          attr_reader :config, :dir, :arch
+
+          def initialize(config, dir, arch)
+            @config, @dir, @arch = config, dir, arch
+          end
+
+          def get
+            prepare(latest_version) { download }
+          end
+
+          private
+
+          def latest_version
+            URI("https://api.github.com/repos/#{REPO}/releases/latest")
+              .read
+              .then { JSON.parse(_1) }
+              .fetch('tag_name')
+              .slice(1..)
+          end
+
+          def prepare(version)
+            uri = URI("https://github.com/#{REPO}/releases/download/v#{version}/geoipupdate_#{version}_#{arch}.tar.gz")
+            Dir.mktmpdir do |tmp|
+              Dir.chdir tmp
+              uri.open do |file|
+                Zlib::GzipReader.wrap(file) do |gz|
+                  Gem::Package::TarReader.new(gz) do |tar|
+                    tar.each do |entry|
+                      if entry.full_name.match? %r(/geoipupdate$)
+                        ::File.write('geoipupdate', entry.read)
+                      end
+                    end
+                  end
+                end
+              end
+              ::File.chmod(0755, 'geoipupdate')
+              yield
+            end
+          ensure
+            lockfile = "#{dir}/.geoipupdate.lock"
+            ::File.unlink(lockfile) if ::File.exist? lockfile
+          end
+
+          def download
+            `./geoipupdate -f "#{config}" -d "#{dir}"`
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rack/dedos/filters/country.rb

@@ -22,7 +22,7 @@ module Rack
         end
 
         def allowed?(request, ip)
-          if country = maxmind_db.get(ip)
+          if country = maxmind_db&.get(ip)
             country_code = country.dig('country', 'iso_code').to_sym
             @countries.include?(country_code) ? @allowed : !@allowed
           else   # not found in database

data/lib/rack/dedos/version.rb

@@ -2,6 +2,6 @@
 
 module Rack
   module Dedos
-    VERSION = "0.2.2"
+    VERSION = "0.4.0"
   end
 end

data/lib/rack/dedos.rb

@@ -3,6 +3,7 @@
 require 'rack'
 
 require_relative 'dedos/version'
+require_relative 'dedos/executables/geoipget'
 
 module Rack
   module Dedos

metadata

@@ -1,34 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: rack-dedos
 version: !ruby/object:Gem::Version
-  version: 0.2.2
+  version: 0.4.0
 platform: ruby
 authors:
 - Sven Schwyn
-bindir: bin
-cert_chain:
-- |
-  -----BEGIN CERTIFICATE-----
-  MIIDODCCAiCgAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDDBhydWJ5
-  L0RDPWJpdGNldGVyYS9EQz1jb20wHhcNMjQxMTIwMjExMDIwWhcNMjUxMTIwMjEx
-  MDIwWjAjMSEwHwYDVQQDDBhydWJ5L0RDPWJpdGNldGVyYS9EQz1jb20wggEiMA0G
-  CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcLg+IHjXYaUlTSU7R235lQKD8ZhEe
-  KMhoGlSUonZ/zo1OT3KXcqTCP1iMX743xYs6upEGALCWWwq+nxvlDdnWRjF3AAv7
-  ikC+Z2BEowjyeCCT/0gvn4ohKcR0JOzzRaIlFUVInlGSAHx2QHZ2N8ntf54lu7nd
-  L8CiDK8rClsY4JBNGOgH9UC81f+m61UUQuTLxyM2CXfAYkj/sGNTvFRJcNX+nfdC
-  hM9r2kH1+7wsa8yG7wJ2IkrzNACD8v84oE6qVusN8OLEMUI/NaEPVPbw2LUM149H
-  PVa0i729A4IhroNnFNmw4wOC93ARNbM1+LW36PLMmKjKudf5Exg8VmDVAgMBAAGj
-  dzB1MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQWBBSfK8MtR62mQ6oN
-  yoX/VKJzFjLSVDAdBgNVHREEFjAUgRJydWJ5QGJpdGNldGVyYS5jb20wHQYDVR0S
-  BBYwFIEScnVieUBiaXRjZXRlcmEuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQDSeB1x
-  8QK8F/ML37isgvwGiQxovDUqu6Sq14cQ1qE9y5prUBmL2AsDuCBpXXctcvamFqNC
-  PgfJtj7ZZcXmY0SfKCog7T1btkr6zYxPXpxwUqB45n0I6v5qc0UCNvMEfBzxlak5
-  VW7UMNlKD9qukeN55hxuLF2F/sLldMcHUo/ATgdV4zk1t3sK6A9+02wz5K5qfWdM
-  Mi+XWXmGd57uojk3RcIXNwBRRP4DTKcKgVXhuyHb7q1vjTXrS6bw1Ortu0KmWOIk
-  jTyRsT1gymASS2KHe+BaCTwD74GqO8q4woYLZgXnJ/PvgcFgY2FEi2Kn/sXLp4JE
-  boIgxQCMT+nxBHCD
-  -----END CERTIFICATE-----
-date: 2024-12-25 00:00:00.000000000 Z
+bindir: exe
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -195,18 +174,21 @@ description: |
   resort only to be enabled during an attack.
 email:
 - ruby@bitcetera.com
-executables: []
+executables:
+- geoipget
 extensions: []
 extra_rdoc_files:
-- README.md
 - CHANGELOG.md
 - LICENSE.txt
+- README.md
 files:
 - CHANGELOG.md
 - LICENSE.txt
 - README.md
+- exe/geoipget
 - lib/rack/dedos.rb
 - lib/rack/dedos/cache.rb
+- lib/rack/dedos/executables/geoipget.rb
 - lib/rack/dedos/filters/base.rb
 - lib/rack/dedos/filters/country.rb
 - lib/rack/dedos/filters/user_agent.rb
@@ -241,7 +223,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.2
+rubygems_version: 3.6.9
 specification_version: 4
 summary: Radical filters to block denial-of-service (DoS) requests.
 test_files: []