diff --git a/.gitignore b/.gitignore index 9e28f9c..0f5ddc2 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ rpc-checkpoint +patroneos main # Binaries for programs and plugins diff --git a/config.json b/example-configs/advanced/fail2ban-relay-config.json similarity index 87% rename from config.json rename to example-configs/advanced/fail2ban-relay-config.json index b7ae422..94d927d 100644 --- a/config.json +++ b/example-configs/advanced/fail2ban-relay-config.json @@ -11,7 +11,7 @@ "maxSignatures": 10, "maxTransactionSize": 1000000, - "logEndpoints": ["http://localhost:8080"], + "logEndpoints": [], "filterEndpoints": ["http://localhost:8081"], "logFileLocation": "./fail2ban.log" diff --git a/example-configs/advanced/filter-config.json b/example-configs/advanced/filter-config.json new file mode 100644 index 0000000..554b108 --- /dev/null +++ b/example-configs/advanced/filter-config.json @@ -0,0 +1,18 @@ +{ + "listenPort": "8081", + + "nodeosProtocol": "http", + "nodeosUrl": "localhost", + "nodeosPort": "8888", + + "contractBlackList": { + "currency": true + }, + "maxSignatures": 10, + "maxTransactionSize": 1000000, + + "logEndpoints": ["http://localhost:8080"], + "filterEndpoints": [], + + "logFileLocation": "./fail2ban.log" +} diff --git a/example-configs/simple/config.json b/example-configs/simple/config.json new file mode 100644 index 0000000..8ffd22b --- /dev/null +++ b/example-configs/simple/config.json @@ -0,0 +1,13 @@ +{ + "listenPort": "8080", + + "nodeosProtocol": "http", + "nodeosUrl": "localhost", + "nodeosPort": "8888", + + "contractBlackList": { + "currency": true + }, + "maxSignatures": 10, + "maxTransactionSize": 1000000 +} diff --git a/fail2ban-relay.go b/fail2ban-relay.go index 905096e..d1b6ecd 100644 --- a/fail2ban-relay.go +++ b/fail2ban-relay.go @@ -44,5 +44,5 @@ func addLogHandlers(mux *http.ServeMux) { } logger = log.New(logFile, "", log.LstdFlags) - mux.HandleFunc("/", listenForLogs) + mux.HandleFunc("/patroneos/fail2ban-relay", listenForLogs) } diff --git a/filter.go b/filter.go index 1f8b799..9e12f32 100644 --- a/filter.go +++ b/filter.go @@ -7,6 +7,7 @@ import ( "io/ioutil" "log" "net/http" + "strings" ) // Middleware returns a handler that can perform various operations @@ -58,6 +59,9 @@ func getHost(r *http.Request) string { func logFailure(message string, w http.ResponseWriter, r *http.Request) { remoteHost := getHost(r) for _, logAgent := range appConfig.LogEndpoints { + if !strings.Contains(logAgent, "/patroneos/fail2ban-relay") { + logAgent += "/patroneos/fail2ban-relay" + } logEvent := Log{ Host: remoteHost, Success: false, @@ -67,7 +71,7 @@ func logFailure(message string, w http.ResponseWriter, r *http.Request) { if err != nil { log.Printf("Error marshalling failure message %s", err) } - client.Post(logAgent, "application/json", bytes.NewBuffer(body)) + _, err = client.Post(logAgent, "application/json", bytes.NewBuffer(body)) if err != nil { log.Print(err) } @@ -78,7 +82,10 @@ func logFailure(message string, w http.ResponseWriter, r *http.Request) { w.Header().Add("X-REJECTED-BY", "patroneos") w.Header().Add("CONTENT-TYPE", "application/json") w.WriteHeader(400) - w.Write(errorBody) + _, err := w.Write(errorBody) + if err != nil { + log.Printf("Error writing response body %s", err) + } } } @@ -86,6 +93,9 @@ func logFailure(message string, w http.ResponseWriter, r *http.Request) { func logSuccess(message string, r *http.Request) { remoteHost := getHost(r) for _, logAgent := range appConfig.LogEndpoints { + if !strings.Contains(logAgent, "/patroneos/fail2ban-relay") { + logAgent += "/patroneos/fail2ban-relay" + } logEvent := Log{ Host: remoteHost, Success: true, @@ -95,7 +105,7 @@ func logSuccess(message string, r *http.Request) { if err != nil { log.Printf("Error marshalling success message %s", err) } - client.Post(logAgent, "application/json", bytes.NewBuffer(body)) + _, err = client.Post(logAgent, "application/json", bytes.NewBuffer(body)) if err != nil { log.Print(err) } @@ -221,8 +231,6 @@ func copyHeaders(response http.Header, request http.Header) { // If the request passes all middleware validations // we forward it to the node to be processed. func forwardCallToNodeos(w http.ResponseWriter, r *http.Request) { - log.Println("forward calls to nodeos") - nodeosHost := fmt.Sprintf("%s://%s:%s", appConfig.NodeosProtocol, appConfig.NodeosURL, appConfig.NodeosPort) url := nodeosHost + r.URL.String() method := r.Method @@ -242,6 +250,8 @@ func forwardCallToNodeos(w http.ResponseWriter, r *http.Request) { return } + defer res.Body.Close() + body, _ = ioutil.ReadAll(res.Body) if res.StatusCode == 200 { @@ -259,6 +269,21 @@ func forwardCallToNodeos(w http.ResponseWriter, r *http.Request) { } } +func relay(w http.ResponseWriter, r *http.Request) { + message := "Patroneos cannot receive fail2ban relay requests when running in filter mode. Please check your config." + log.Printf("%s", message) + + errorBody, _ := json.Marshal(ErrorMessage{Message: message, Code: 403}) + + w.WriteHeader(http.StatusForbidden) + _, err := w.Write(errorBody) + + if err != nil { + log.Printf("Error writing response body %s", err) + return + } +} + func addFilterHandlers(mux *http.ServeMux) { // Middleware are executed in the order that they are passed to chainMiddleware. middlewareChain := chainMiddleware( @@ -269,4 +294,5 @@ func addFilterHandlers(mux *http.ServeMux) { ) mux.HandleFunc("/", middlewareChain(forwardCallToNodeos)) + mux.HandleFunc("/patroneos/fail2ban-relay", relay) } diff --git a/main.go b/main.go index d18dff5..57a3397 100644 --- a/main.go +++ b/main.go @@ -98,7 +98,7 @@ func main() { parseConfigFile() mux := http.NewServeMux() - mux.HandleFunc("/config", updateConfig) + mux.HandleFunc("/patroneos/config", updateConfig) if operatingMode == "filter" { addFilterHandlers(mux)