# Not found
if not res:
+ logging.debug("%s is not blacklisted on %s" % (self, blacklist))
return False, None
# If the IP address is on a blacklist, we will try to fetch the TXT record
reason = yield self.backend.geoip.resolver.query(rr, type=pycares.QUERY_TYPE_TXT)
+ # Log result
+ logging.debug("%s is blacklisted on %s: %s" % (self, blacklist, reason or "N/A"))
+
# Take the first reason
if reason:
for i in reason:
@tornado.gen.coroutine
def is_blacklisted(self):
+ logging.debug("Checking if %s is blacklisted..." % self)
+
+ # Perform checks
blacklists = yield self.get_blacklists(important_only=True)
# If we are blacklisted on one list, this one is screwed
class LoginHandler(AuthenticationMixin, base.BaseHandler):
+ @base.blacklisted
def get(self):
next = self.get_argument("next", None)
self.render("auth/login.html", next=next)
+ @base.blacklisted
def post(self):
username = self.get_argument("username")
password = self.get_argument("password")
import datetime
import dateutil.parser
+import functools
import http.client
import ipaddress
import logging
from ..decorators import *
from .. import util
+def blacklisted(method):
+ @tornado.gen.coroutine
+ @functools.wraps(method)
+ def wrapper(self, *args, **kwargs):
+ # Check if remote is blacklisted
+ is_blacklisted = yield self.remote.is_blacklisted()
+
+ # If so, redirect to the blocked page
+ if is_blacklisted:
+ logging.warning("%s is blacklisted" % self.remote)
+
+ return self.redirect("https://www.ipfire.org/blocked")
+
+ return method(self, *args, **kwargs)
+
+ return wrapper
+
+
class BaseHandler(tornado.web.RequestHandler):
def set_expires(self, seconds):
# For HTTP/1.1
# Return the last IP if nothing else worked
return remote_ips.pop()
+ @lazy_property
+ def remote(self):
+ address = self.get_remote_ip()
+
+ if address:
+ return self.backend.geoip.lookup(address)
+
@lazy_property
def current_country_code(self):
remote_ip = self.get_remote_ip()
class SearchHandler(auth.CacheMixin, base.BaseHandler):
+ @base.blacklisted
def get(self):
q = self.get_argument("q")
def prepare(self):
self.set_header("Pragma", "no-cache")
+ @base.blacklisted
def get(self, filename):
mirror = self.backend.mirrors.get_for_download(filename,
country_code=self.current_country_code)
class SubscribeHandler(base.BaseHandler):
@tornado.gen.coroutine
+ @base.blacklisted
def post(self):
address = self.get_argument("email")
class CreateHandler(base.BaseHandler):
MODES = ("paste", "upload")
+ @base.blacklisted
def get(self):
mode = self.get_argument("mode", "paste")
if not mode in self.MODES:
self.render("nopaste/create.html", mode=mode,
max_size=self._max_size)
+ @base.blacklisted
def post(self):
mode = self.get_argument("mode")
if not mode in self.MODES:
class RawHandler(base.BaseHandler):
+ @base.blacklisted
def get(self, uid):
entry = self.backend.nopaste.get(uid)
if not entry:
class ViewHandler(auth.CacheMixin, base.BaseHandler):
+ @base.blacklisted
def get(self, uid):
entry = self.backend.nopaste.get(uid)
if not entry:
projects / ipfire.org.git / commitdiff
