Implement standard client Store interface

Define and use a standard Store interface for the client library.  This
will allow us to extend the client to greater uses later.

As an example, a RAM-based caching store has been implemented.

Fixes palner#11

Signed-off-by: Seán C McCord <[email protected]>

Author: Ulexus

clients/go/apiban-iptables/apiban-iptables-client.go

@@ -29,6 +29,8 @@ import (
 	"log"
 	"os"
 	"runtime"
+	"strconv"
+	"time"
 
 	"github.com/coreos/go-iptables/iptables"
 	"github.com/palner/apiban/clients/go/apiban"
@@ -120,24 +122,26 @@ func main() {
 		log.Fatalln("failed to initialize IPTables:", err)
 	}
 
+	lastTimestamp, err := strconv.ParseInt(apiconfig.LKID, 10, 64)
+	if err != nil {
+		// If we don't have a valid timestamp, try 1 year ago
+		lastTimestamp = time.Now().AddDate(-1, 0, 0).Unix()
+	}
+
 	// Get list of banned ip's from APIBAN.org
-	res, err := apiban.Banned(apiconfig.APIKEY, apiconfig.LKID)
+	list, err := apiban.NewOfficialStore(apiconfig.APIKEY).ListFromTime(time.Unix(lastTimestamp, 0))
 	if err != nil {
 		log.Fatalln("failed to get banned list:", err)
 	}
 
-	if res.ID == apiconfig.LKID {
+	if len(list) == 0 {
 		log.Print("Great news... no new bans to add. Exiting...")
 		os.Exit(0)
 	}
 
-	if len(res.IPs) == 0 {
-		log.Print("No IP addresses detected. Exiting.")
-		os.Exit(0)
-	}
+	for _, l := range list {
+		blockedip := l.IP.String()
 
-	for _, ip := range res.IPs {
-		blockedip := ip + "/32"
 		err = ipt.AppendUnique("filter", "APIBAN", "-s", blockedip, "-d", "0/0", "-j", "REJECT")
 		if err != nil {
 			log.Print("Adding rule failed. ", err.Error())
@@ -147,7 +151,7 @@ func main() {
 	}
 
 	// Update the config with the updated LKID
-	apiconfig.LKID = res.ID
+	apiconfig.LKID = strconv.FormatInt(list[len(list)-1].Timestamp.Unix(), 10)
 	if err := apiconfig.Update(); err != nil {
 		log.Fatalln(err)
 	}

clients/go/apiban/apiban.go

@@ -22,183 +22,41 @@
 package apiban
 
 import (
-	"bytes"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"io"
-	"net/http"
+	"net"
+	"time"
 )
 
-const (
-	// RootURL is the base URI of the APIBAN.org API server
-	RootURL = "https://apiban.org/api/"
-)
-
-// ErrBadRequest indicates a 400 response was received;
-//
-// NOTE: this is used by the server to indicate both that an IP address is not
-// blocked (when calling Check) and that the list is complete (when calling
-// Banned)
-var ErrBadRequest = errors.New("Bad Request")
-
-// Entry describes a set of blocked IP addresses from APIBAN.org
-type Entry struct {
-
-	// ID is the timestamp of the next Entry
-	ID string `json:"ID"`
-
-	// IPs is the list of blocked IP addresses in this entry
-	IPs []string `json:"ipaddress"`
-}
-
-// Banned returns a set of banned addresses, optionally limited to the
-// specified startFrom ID.  If no startFrom is supplied, the entire current list will
-// be pulled.
-func Banned(key string, startFrom string) (*Entry, error) {
-	if key == "" {
-		return nil, errors.New("API Key is required")
-	}
-
-	if startFrom == "" {
-		startFrom = "100" // NOTE: arbitrary ID copied from reference source
-	}
-
-	out := &Entry{
-		ID: startFrom,
-	}
-
-	for {
-		e, err := queryServer(http.DefaultClient, fmt.Sprintf("%s%s/banned/%s", RootURL, key, out.ID))
-		if err != nil {
-			return nil, err
-		}
-
-		if e.ID == "none" {
-			// List complete
-			return out, nil
-		}
-		if e.ID == "" {
-			return nil, errors.New("empty ID received")
-		}
+// Store defines and interface for storing and retrieving entries in the APIBan database, local or remote
+type Store interface {
 
-		// Set the next ID
-		out.ID = e.ID
+	// Add inserts the given Listing into the store
+	Add(l *Listing) (*Listing, error)
 
-		// Aggregate the received IPs
-		out.IPs = append(out.IPs, e.IPs...)
-	}
-}
-
-// Check queries APIBAN.org to see if the provided IP address is blocked.
-func Check(key string, ip string) (bool, error) {
-	if key == "" {
-		return false, errors.New("API Key is required")
-	}
-	if ip == "" {
-		return false, errors.New("IP address is required")
-	}
-
-	entry, err := queryServer(http.DefaultClient, fmt.Sprintf("%s%s/check/%s", RootURL, key, ip))
-	if err == ErrBadRequest {
-		// Not blocked
-		return false, nil
-	}
-	if err != nil {
-		return false, err
-	}
-	if entry == nil {
-		return false, errors.New("empty entry received")
-	}
+	// Exists checks to see whether the given IP matches a Listing in the store, returning the first matching Listing.
+	Exists(ip net.IP) (*Listing, error)
 
-	// IP address is blocked
-	return true, nil
-}
-
-func queryServer(c *http.Client, u string) (*Entry, error) {
-	resp, err := http.Get(u)
-	if err != nil {
-		return nil, err
-	}
-	defer resp.Body.Close()
+	// List retrieves the contents of the store
+	List() ([]*Listing, error)
 
-	// StatusBadRequest (400) has a number of special cases to handle
-	if resp.StatusCode == http.StatusBadRequest {
-		return processBadRequest(resp)
-	}
-	if resp.StatusCode > 400 && resp.StatusCode < 500 {
-		return nil, fmt.Errorf("client error (%d) from apiban.org: %s from %q", resp.StatusCode, resp.Status, u)
-	}
-	if resp.StatusCode >= 500 {
-		return nil, fmt.Errorf("server error (%d) from apiban.org: %s from %q", resp.StatusCode, resp.Status, u)
-	}
-	if resp.StatusCode > 299 {
-		return nil, fmt.Errorf("unhandled error (%d) from apiban.org: %s from %q", resp.StatusCode, resp.Status, u)
-	}
+	// ListFromTime retrieves the contents of the store from the given timestamp
+	ListFromTime(t time.Time) ([]*Listing, error)
 
-	entry := new(Entry)
-	if err = json.NewDecoder(resp.Body).Decode(entry); err != nil {
-		return nil, fmt.Errorf("failed to decode server response: %w", err)
-	}
+	// Remove deletes the given Listing from the store.
+	Remove(id string) error
 
-	return entry, nil
+	// Reset empties the store
+	Reset() error
 }
 
-func processBadRequest(resp *http.Response) (*Entry, error) {
-	var buf bytes.Buffer
-	if _, err := buf.ReadFrom(resp.Body); err != nil {
-		return nil, fmt.Errorf("failed to read response body: %w", err)
-	}
-
-	// Read the bytes buffer into a new bytes.Reader
-	r := bytes.NewReader(buf.Bytes())
-
-	// First, try decoding as a normal entry
-	e := new(Entry)
-	if err := json.NewDecoder(r).Decode(e); err == nil {
-		// Successfully decoded normal entry
-
-		switch e.ID {
-		case "none":
-			// non-error case
-		case "unauthorized":
-			return nil, errors.New("unauthorized")
-		default:
-			// unhandled case
-			return nil, ErrBadRequest
-		}
-
-		if len(e.IPs) > 0 {
-			switch e.IPs[0] {
-			case "no new bans":
-				return e, nil
-			}
-		}
-
-		// Unhandled case
-		return nil, ErrBadRequest
-	}
-
-	// Next, try decoding as an errorEntry
-	if _, err := r.Seek(0, io.SeekStart); err != nil {
-		return nil, fmt.Errorf("failed to re-seek to beginning of response buffer: %w", err)
-	}
+// Listing is an individually-listed IP address or subnet
+type Listing struct {
 
-	type errorEntry struct {
-		AddressCode string `json:"ipaddress"`
-		IDCode      string `json:"ID"`
-	}
+	// ID is the unique identifier for this Listing; for official APIBAN v1 entries, this is simply the IP address.
+	ID string
 
-	ee := new(errorEntry)
-	if err := json.NewDecoder(r).Decode(ee); err != nil {
-		return nil, fmt.Errorf("failed to decode Bad Request response: %w", err)
-	}
+	// Timestamp is the time at which this Listing was added to the apiban.org database
+	Timestamp time.Time
 
-	switch ee.AddressCode {
-	case "rate limit exceeded":
-		return nil, errors.New("rate limit exceeded")
-	default:
-		// unhandled case
-		return nil, ErrBadRequest
-	}
+	// IP is the IP address or IP network which is in the apiban.org database
+	IP net.IPNet
 }