mirror of
https://github.com/therootcompany/golib.git
synced 2026-04-24 20:58:00 +00:00
AJ ONeal
4895553a91
Sources (blacklist.go) now owns only fetch/load logic — no atomic state. main.go holds the three atomic.Pointer[Cohort] vars, calls reload() on startup, and runs the background ticker directly. This makes the dataset pattern (fetch → load → atomic.Store → poll) visible at the call site.
175 lines
4.6 KiB
Go
175 lines
4.6 KiB
Go
package main
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"os"
|
|
"strings"
|
|
"sync/atomic"
|
|
"time"
|
|
|
|
"github.com/therootcompany/golib/net/ipcohort"
|
|
)
|
|
|
|
// inbound blocklist - pre-separated by type for independent ETag caching
|
|
const (
|
|
inboundSingleURL = "https://github.com/bitwire-it/ipblocklist/raw/refs/heads/main/tables/inbound/single_ips.txt"
|
|
inboundNetworkURL = "https://github.com/bitwire-it/ipblocklist/raw/refs/heads/main/tables/inbound/networks.txt"
|
|
)
|
|
|
|
// outbound blocklist
|
|
const (
|
|
outboundSingleURL = "https://github.com/bitwire-it/ipblocklist/raw/refs/heads/main/tables/outbound/single_ips.txt"
|
|
outboundNetworkURL = "https://github.com/bitwire-it/ipblocklist/raw/refs/heads/main/tables/outbound/networks.txt"
|
|
)
|
|
|
|
func main() {
|
|
if len(os.Args) < 3 {
|
|
fmt.Fprintf(os.Stderr, "Usage: %s <cache-dir|blacklist.txt> <ip-address> [git-url]\n", os.Args[0])
|
|
fmt.Fprintf(os.Stderr, " No remote: load from <blacklist.txt> (inbound only)\n")
|
|
fmt.Fprintf(os.Stderr, " git URL: clone/pull into <cache-dir>\n")
|
|
fmt.Fprintf(os.Stderr, " (default): fetch via HTTP into <cache-dir>\n")
|
|
os.Exit(1)
|
|
}
|
|
|
|
dataPath := os.Args[1]
|
|
ipStr := os.Args[2]
|
|
gitURL := ""
|
|
if len(os.Args) >= 4 {
|
|
gitURL = os.Args[3]
|
|
}
|
|
|
|
var src *Sources
|
|
switch {
|
|
case gitURL != "":
|
|
src = newGitSources(gitURL, dataPath,
|
|
nil,
|
|
[]string{"tables/inbound/single_ips.txt", "tables/inbound/networks.txt"},
|
|
[]string{"tables/outbound/single_ips.txt", "tables/outbound/networks.txt"},
|
|
)
|
|
case strings.HasSuffix(dataPath, ".txt") || strings.HasSuffix(dataPath, ".csv"):
|
|
src = newFileSources(nil, []string{dataPath}, nil)
|
|
default:
|
|
src = newHTTPSources(
|
|
nil,
|
|
[]HTTPSource{
|
|
{inboundSingleURL, dataPath + "/inbound_single_ips.txt"},
|
|
{inboundNetworkURL, dataPath + "/inbound_networks.txt"},
|
|
},
|
|
[]HTTPSource{
|
|
{outboundSingleURL, dataPath + "/outbound_single_ips.txt"},
|
|
{outboundNetworkURL, dataPath + "/outbound_networks.txt"},
|
|
},
|
|
)
|
|
}
|
|
|
|
var whitelist, inbound, outbound atomic.Pointer[ipcohort.Cohort]
|
|
|
|
if err := src.Init(false); err != nil {
|
|
fmt.Fprintf(os.Stderr, "error: %v\n", err)
|
|
os.Exit(1)
|
|
}
|
|
if err := reload(src, &whitelist, &inbound, &outbound); err != nil {
|
|
fmt.Fprintf(os.Stderr, "error: %v\n", err)
|
|
os.Exit(1)
|
|
}
|
|
|
|
fmt.Fprintf(os.Stderr, "Loaded inbound=%d outbound=%d\n",
|
|
size(&inbound), size(&outbound))
|
|
|
|
// Keep data fresh in the background if running as a daemon.
|
|
ctx, cancel := context.WithCancel(context.Background())
|
|
defer cancel()
|
|
go run(ctx, src, &whitelist, &inbound, &outbound)
|
|
|
|
blockedInbound := containsInbound(ipStr, &whitelist, &inbound)
|
|
blockedOutbound := containsOutbound(ipStr, &whitelist, &outbound)
|
|
|
|
switch {
|
|
case blockedInbound && blockedOutbound:
|
|
fmt.Printf("%s is BLOCKED (inbound + outbound)\n", ipStr)
|
|
os.Exit(1)
|
|
case blockedInbound:
|
|
fmt.Printf("%s is BLOCKED (inbound)\n", ipStr)
|
|
os.Exit(1)
|
|
case blockedOutbound:
|
|
fmt.Printf("%s is BLOCKED (outbound)\n", ipStr)
|
|
os.Exit(1)
|
|
default:
|
|
fmt.Printf("%s is allowed\n", ipStr)
|
|
}
|
|
}
|
|
|
|
func reload(src *Sources,
|
|
whitelist, inbound, outbound *atomic.Pointer[ipcohort.Cohort],
|
|
) error {
|
|
if wl, err := src.LoadWhitelist(); err != nil {
|
|
return err
|
|
} else if wl != nil {
|
|
whitelist.Store(wl)
|
|
}
|
|
if in, err := src.LoadInbound(); err != nil {
|
|
return err
|
|
} else if in != nil {
|
|
inbound.Store(in)
|
|
}
|
|
if out, err := src.LoadOutbound(); err != nil {
|
|
return err
|
|
} else if out != nil {
|
|
outbound.Store(out)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func run(ctx context.Context, src *Sources,
|
|
whitelist, inbound, outbound *atomic.Pointer[ipcohort.Cohort],
|
|
) {
|
|
ticker := time.NewTicker(47 * time.Minute)
|
|
defer ticker.Stop()
|
|
|
|
for {
|
|
select {
|
|
case <-ticker.C:
|
|
updated, err := src.Fetch(false)
|
|
if err != nil {
|
|
fmt.Fprintf(os.Stderr, "error: sync: %v\n", err)
|
|
continue
|
|
}
|
|
if !updated {
|
|
continue
|
|
}
|
|
if err := reload(src, whitelist, inbound, outbound); err != nil {
|
|
fmt.Fprintf(os.Stderr, "error: reload: %v\n", err)
|
|
continue
|
|
}
|
|
fmt.Fprintf(os.Stderr, "reloaded: inbound=%d outbound=%d\n",
|
|
size(inbound), size(outbound))
|
|
case <-ctx.Done():
|
|
return
|
|
}
|
|
}
|
|
}
|
|
|
|
func containsInbound(ip string, whitelist, inbound *atomic.Pointer[ipcohort.Cohort]) bool {
|
|
if wl := whitelist.Load(); wl != nil && wl.Contains(ip) {
|
|
return false
|
|
}
|
|
c := inbound.Load()
|
|
return c != nil && c.Contains(ip)
|
|
}
|
|
|
|
func containsOutbound(ip string, whitelist, outbound *atomic.Pointer[ipcohort.Cohort]) bool {
|
|
if wl := whitelist.Load(); wl != nil && wl.Contains(ip) {
|
|
return false
|
|
}
|
|
c := outbound.Load()
|
|
return c != nil && c.Contains(ip)
|
|
}
|
|
|
|
func size(ptr *atomic.Pointer[ipcohort.Cohort]) int {
|
|
if c := ptr.Load(); c != nil {
|
|
return c.Size()
|
|
}
|
|
return 0
|
|
}
|