From 208ceca723294ae910dbc681428c551f7833dafc Mon Sep 17 00:00:00 2001 From: Xe Iaso Date: Tue, 1 Jul 2025 23:58:42 +0000 Subject: [PATCH] chore: move checker package to top level Signed-off-by: Xe Iaso --- internal/thoth/asnchecker.go | 2 +- internal/thoth/asnchecker_test.go | 2 +- internal/thoth/geoipchecker.go | 2 +- internal/thoth/geoipchecker_test.go | 2 +- lib/anubis.go | 5 +- lib/{policy => }/checker/checker.go | 0 lib/{policy => }/checker/registry.go | 0 .../checker/remoteaddress/remoteaddress.go | 14 +- .../remoteaddress/remoteaddress_test.go | 168 ++++++++++-------- lib/policy/bot.go | 2 +- lib/policy/checker.go | 2 +- .../testdata/invalid_bad_cidr.json | 5 - .../testdata/invalid_no_cidr.json | 3 - .../testdata/invalid_not_json.json | 1 - .../testdata/valid_addresses.json | 5 - lib/policy/policy.go | 2 +- 16 files changed, 114 insertions(+), 101 deletions(-) rename lib/{policy => }/checker/checker.go (100%) rename lib/{policy => }/checker/registry.go (100%) rename lib/{policy => }/checker/remoteaddress/remoteaddress.go (89%) rename lib/{policy => }/checker/remoteaddress/remoteaddress_test.go (55%) delete mode 100644 lib/policy/checker/remoteaddress/testdata/invalid_bad_cidr.json delete mode 100644 lib/policy/checker/remoteaddress/testdata/invalid_no_cidr.json delete mode 100644 lib/policy/checker/remoteaddress/testdata/invalid_not_json.json delete mode 100644 lib/policy/checker/remoteaddress/testdata/valid_addresses.json diff --git a/internal/thoth/asnchecker.go b/internal/thoth/asnchecker.go index 548765c..8f2917c 100644 --- a/internal/thoth/asnchecker.go +++ b/internal/thoth/asnchecker.go @@ -10,7 +10,7 @@ import ( "time" "github.com/TecharoHQ/anubis/internal" - "github.com/TecharoHQ/anubis/lib/policy/checker" + "github.com/TecharoHQ/anubis/lib/checker" iptoasnv1 "github.com/TecharoHQ/thoth-proto/gen/techaro/thoth/iptoasn/v1" ) diff --git a/internal/thoth/asnchecker_test.go b/internal/thoth/asnchecker_test.go index a80e815..45045e4 100644 --- a/internal/thoth/asnchecker_test.go +++ b/internal/thoth/asnchecker_test.go @@ -6,7 +6,7 @@ import ( "testing" "github.com/TecharoHQ/anubis/internal/thoth" - "github.com/TecharoHQ/anubis/lib/policy/checker" + "github.com/TecharoHQ/anubis/lib/checker" iptoasnv1 "github.com/TecharoHQ/thoth-proto/gen/techaro/thoth/iptoasn/v1" ) diff --git a/internal/thoth/geoipchecker.go b/internal/thoth/geoipchecker.go index ef6dcb8..a626f49 100644 --- a/internal/thoth/geoipchecker.go +++ b/internal/thoth/geoipchecker.go @@ -9,7 +9,7 @@ import ( "strings" "time" - "github.com/TecharoHQ/anubis/lib/policy/checker" + "github.com/TecharoHQ/anubis/lib/checker" iptoasnv1 "github.com/TecharoHQ/thoth-proto/gen/techaro/thoth/iptoasn/v1" ) diff --git a/internal/thoth/geoipchecker_test.go b/internal/thoth/geoipchecker_test.go index 25b37b9..b7c9d85 100644 --- a/internal/thoth/geoipchecker_test.go +++ b/internal/thoth/geoipchecker_test.go @@ -6,7 +6,7 @@ import ( "testing" "github.com/TecharoHQ/anubis/internal/thoth" - "github.com/TecharoHQ/anubis/lib/policy/checker" + "github.com/TecharoHQ/anubis/lib/checker" ) var _ checker.Impl = &thoth.GeoIPChecker{} diff --git a/lib/anubis.go b/lib/anubis.go index 006bd0a..6491614 100644 --- a/lib/anubis.go +++ b/lib/anubis.go @@ -26,14 +26,17 @@ import ( "github.com/TecharoHQ/anubis/internal/dnsbl" "github.com/TecharoHQ/anubis/internal/ogtags" "github.com/TecharoHQ/anubis/lib/challenge" + "github.com/TecharoHQ/anubis/lib/checker" "github.com/TecharoHQ/anubis/lib/localization" "github.com/TecharoHQ/anubis/lib/policy" - "github.com/TecharoHQ/anubis/lib/policy/checker" "github.com/TecharoHQ/anubis/lib/policy/config" // challenge implementations _ "github.com/TecharoHQ/anubis/lib/challenge/metarefresh" _ "github.com/TecharoHQ/anubis/lib/challenge/proofofwork" + + // checker implementations + _ "github.com/TecharoHQ/anubis/lib/checker/remoteaddress" ) var ( diff --git a/lib/policy/checker/checker.go b/lib/checker/checker.go similarity index 100% rename from lib/policy/checker/checker.go rename to lib/checker/checker.go diff --git a/lib/policy/checker/registry.go b/lib/checker/registry.go similarity index 100% rename from lib/policy/checker/registry.go rename to lib/checker/registry.go diff --git a/lib/policy/checker/remoteaddress/remoteaddress.go b/lib/checker/remoteaddress/remoteaddress.go similarity index 89% rename from lib/policy/checker/remoteaddress/remoteaddress.go rename to lib/checker/remoteaddress/remoteaddress.go index b05d68d..b2918a2 100644 --- a/lib/policy/checker/remoteaddress/remoteaddress.go +++ b/lib/checker/remoteaddress/remoteaddress.go @@ -8,8 +8,8 @@ import ( "net/netip" "github.com/TecharoHQ/anubis/internal" + "github.com/TecharoHQ/anubis/lib/checker" "github.com/TecharoHQ/anubis/lib/policy" - "github.com/TecharoHQ/anubis/lib/policy/checker" "github.com/TecharoHQ/anubis/lib/policy/config" "github.com/gaissmai/bart" ) @@ -18,7 +18,9 @@ var ( ErrNoRemoteAddresses = errors.New("remoteaddress: no remote addresses defined") ) -func init() {} +func init() { + checker.Register("remote_address", Factory{}) +} type Factory struct{} @@ -50,7 +52,7 @@ func (Factory) Create(inp json.RawMessage) (checker.Impl, error) { table.Insert(cidr) } - return &RemoteAddrChecker{ + return &Impl{ prefixTable: table, hash: internal.FastHash(string(inp)), }, nil @@ -80,12 +82,12 @@ func (fc fileConfig) Valid() error { return nil } -type RemoteAddrChecker struct { +type Impl struct { prefixTable *bart.Lite hash string } -func (rac *RemoteAddrChecker) Check(r *http.Request) (bool, error) { +func (rac *Impl) Check(r *http.Request) (bool, error) { host := r.Header.Get("X-Real-Ip") if host == "" { return false, fmt.Errorf("%w: header X-Real-Ip is not set", policy.ErrMisconfiguration) @@ -99,6 +101,6 @@ func (rac *RemoteAddrChecker) Check(r *http.Request) (bool, error) { return rac.prefixTable.Contains(addr), nil } -func (rac *RemoteAddrChecker) Hash() string { +func (rac *Impl) Hash() string { return rac.hash } diff --git a/lib/policy/checker/remoteaddress/remoteaddress_test.go b/lib/checker/remoteaddress/remoteaddress_test.go similarity index 55% rename from lib/policy/checker/remoteaddress/remoteaddress_test.go rename to lib/checker/remoteaddress/remoteaddress_test.go index f3bb9a3..6efe919 100644 --- a/lib/policy/checker/remoteaddress/remoteaddress_test.go +++ b/lib/checker/remoteaddress/remoteaddress_test.go @@ -5,10 +5,15 @@ import ( "encoding/json" "errors" "net/http" + "net/netip" + "strings" "testing" - "github.com/TecharoHQ/anubis/lib/policy/checker" + "github.com/TecharoHQ/anubis/internal" + "github.com/TecharoHQ/anubis/lib/checker" + "github.com/TecharoHQ/anubis/lib/policy" "github.com/TecharoHQ/anubis/lib/policy/config" + "github.com/gaissmai/bart" ) func TestFactoryIsCheckerFactory(t *testing.T) { @@ -137,80 +142,97 @@ func TestFactoryCreate(t *testing.T) { } } -// func TestRemoteAddrChecker(t *testing.T) { -// for _, tt := range []struct { -// err error -// name string -// ip string -// cidrs []string -// ok bool -// }{ -// { -// name: "match_ipv4", -// cidrs: []string{"0.0.0.0/0"}, -// ip: "1.1.1.1", -// ok: true, -// err: nil, -// }, -// { -// name: "match_ipv6", -// cidrs: []string{"::/0"}, -// ip: "cafe:babe::", -// ok: true, -// err: nil, -// }, -// { -// name: "not_match_ipv4", -// cidrs: []string{"1.1.1.1/32"}, -// ip: "1.1.1.2", -// ok: false, -// err: nil, -// }, -// { -// name: "not_match_ipv6", -// cidrs: []string{"cafe:babe::/128"}, -// ip: "cafe:babe:4::/128", -// ok: false, -// err: nil, -// }, -// { -// name: "no_ip_set", -// cidrs: []string{"::/0"}, -// ok: false, -// err: policy.ErrMisconfiguration, -// }, -// { -// name: "invalid_ip", -// cidrs: []string{"::/0"}, -// ip: "According to all natural laws of aviation", -// ok: false, -// err: policy.ErrMisconfiguration, -// }, -// } { -// t.Run(tt.name, func(t *testing.T) { -// rac, err := NewRemoteAddrChecker(tt.cidrs) -// if err != nil && !errors.Is(err, tt.err) { -// t.Fatalf("creating RemoteAddrChecker failed: %v", err) -// } +func racFromCidrs(t *testing.T, inp []string) *Impl { + t.Helper() -// r, err := http.NewRequest(http.MethodGet, "/", nil) -// if err != nil { -// t.Fatalf("can't make request: %v", err) -// } + var result Impl + result.prefixTable = new(bart.Lite) + result.hash = internal.FastHash(strings.Join(inp, ",")) -// if tt.ip != "" { -// r.Header.Add("X-Real-Ip", tt.ip) -// } + for _, cidr := range inp { + pfx, err := netip.ParsePrefix(cidr) + if err != nil { + t.Errorf("prefix %q is invalid: %v", cidr, err) + continue + } -// ok, err := rac.Check(r) + result.prefixTable.Insert(pfx) + } -// if tt.ok != ok { -// t.Errorf("ok: %v, wanted: %v", ok, tt.ok) -// } + return &result +} -// if err != nil && tt.err != nil && !errors.Is(err, tt.err) { -// t.Errorf("err: %v, wanted: %v", err, tt.err) -// } -// }) -// } -// } +func TestRemoteAddrChecker(t *testing.T) { + for _, tt := range []struct { + err error + name string + ip string + cidrs []string + ok bool + }{ + { + name: "match_ipv4", + cidrs: []string{"0.0.0.0/0"}, + ip: "1.1.1.1", + ok: true, + err: nil, + }, + { + name: "match_ipv6", + cidrs: []string{"::/0"}, + ip: "cafe:babe::", + ok: true, + err: nil, + }, + { + name: "not_match_ipv4", + cidrs: []string{"1.1.1.1/32"}, + ip: "1.1.1.2", + ok: false, + err: nil, + }, + { + name: "not_match_ipv6", + cidrs: []string{"cafe:babe::/128"}, + ip: "cafe:babe:4::/128", + ok: false, + err: nil, + }, + { + name: "no_ip_set", + cidrs: []string{"::/0"}, + ok: false, + err: policy.ErrMisconfiguration, + }, + { + name: "invalid_ip", + cidrs: []string{"::/0"}, + ip: "According to all natural laws of aviation", + ok: false, + err: policy.ErrMisconfiguration, + }, + } { + t.Run(tt.name, func(t *testing.T) { + rac := racFromCidrs(t, tt.cidrs) + + r, err := http.NewRequest(http.MethodGet, "/", nil) + if err != nil { + t.Fatalf("can't make request: %v", err) + } + + if tt.ip != "" { + r.Header.Add("X-Real-Ip", tt.ip) + } + + ok, err := rac.Check(r) + + if tt.ok != ok { + t.Errorf("ok: %v, wanted: %v", ok, tt.ok) + } + + if err != nil && tt.err != nil && !errors.Is(err, tt.err) { + t.Errorf("err: %v, wanted: %v", err, tt.err) + } + }) + } +} diff --git a/lib/policy/bot.go b/lib/policy/bot.go index 479bccc..79cad94 100644 --- a/lib/policy/bot.go +++ b/lib/policy/bot.go @@ -4,7 +4,7 @@ import ( "fmt" "github.com/TecharoHQ/anubis/internal" - "github.com/TecharoHQ/anubis/lib/policy/checker" + "github.com/TecharoHQ/anubis/lib/checker" "github.com/TecharoHQ/anubis/lib/policy/config" ) diff --git a/lib/policy/checker.go b/lib/policy/checker.go index 5753e14..12dcf09 100644 --- a/lib/policy/checker.go +++ b/lib/policy/checker.go @@ -9,7 +9,7 @@ import ( "strings" "github.com/TecharoHQ/anubis/internal" - "github.com/TecharoHQ/anubis/lib/policy/checker" + "github.com/TecharoHQ/anubis/lib/checker" "github.com/gaissmai/bart" ) diff --git a/lib/policy/checker/remoteaddress/testdata/invalid_bad_cidr.json b/lib/policy/checker/remoteaddress/testdata/invalid_bad_cidr.json deleted file mode 100644 index 09eb5a8..0000000 --- a/lib/policy/checker/remoteaddress/testdata/invalid_bad_cidr.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "remote_addresses": [ - "according to all laws of aviation" - ] -} \ No newline at end of file diff --git a/lib/policy/checker/remoteaddress/testdata/invalid_no_cidr.json b/lib/policy/checker/remoteaddress/testdata/invalid_no_cidr.json deleted file mode 100644 index 0c979ee..0000000 --- a/lib/policy/checker/remoteaddress/testdata/invalid_no_cidr.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "remote_addresses": [] -} \ No newline at end of file diff --git a/lib/policy/checker/remoteaddress/testdata/invalid_not_json.json b/lib/policy/checker/remoteaddress/testdata/invalid_not_json.json deleted file mode 100644 index 54caf60..0000000 --- a/lib/policy/checker/remoteaddress/testdata/invalid_not_json.json +++ /dev/null @@ -1 +0,0 @@ -] \ No newline at end of file diff --git a/lib/policy/checker/remoteaddress/testdata/valid_addresses.json b/lib/policy/checker/remoteaddress/testdata/valid_addresses.json deleted file mode 100644 index 53d59dd..0000000 --- a/lib/policy/checker/remoteaddress/testdata/valid_addresses.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "remote_addresses": [ - "1.1.1.1/32" - ] -} \ No newline at end of file diff --git a/lib/policy/policy.go b/lib/policy/policy.go index 9ee6efc..d16f9a5 100644 --- a/lib/policy/policy.go +++ b/lib/policy/policy.go @@ -9,7 +9,7 @@ import ( "sync/atomic" "github.com/TecharoHQ/anubis/internal/thoth" - "github.com/TecharoHQ/anubis/lib/policy/checker" + "github.com/TecharoHQ/anubis/lib/checker" "github.com/TecharoHQ/anubis/lib/policy/config" "github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus/promauto"