-
Notifications
You must be signed in to change notification settings - Fork 264
/
Copy pathshield.go
95 lines (87 loc) · 2.55 KB
/
shield.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
/*
* @Copyright Reserved By Janusec (https://www.janusec.com/).
* @Author: U2
* @Date: 2021-05-02 15:27:30
* @Last Modified: U2, 2021-05-02 15:27:30
*/
package gateway
import (
"html/template"
"janusec/data"
"janusec/models"
"janusec/utils"
"net/http"
"regexp"
"time"
"github.com/gorilla/sessions"
"github.com/patrickmn/go-cache"
)
var (
shieldCache = cache.New(5*time.Second, 5*time.Second)
)
func IsSearchEngine(ua string) bool {
matched, err := regexp.MatchString(data.NodeSetting.SearchEnginesPattern, ua)
if err != nil {
utils.DebugPrintln("ReverseHandlerFunc Search Engines MatchString", err)
}
return matched
}
func IsCrawler(r *http.Request, srcIP string) bool {
count, found := shieldCache.Get(srcIP)
if found {
nowCount := count.(int64) + int64(1)
if nowCount > 30 {
// Found crawler
return true
}
shieldCache.Set(srcIP, nowCount, cache.DefaultExpiration)
} else {
shieldCache.Set(srcIP, int64(1), cache.DefaultExpiration)
}
return false
}
// SecondShieldAuthorization give authorization
func SecondShieldAuthorization(w http.ResponseWriter, r *http.Request) {
session, _ := store.Get(r, "janusec-token")
// First, check time interval
timestampI := session.Values["timestamp"]
if timestampI == nil {
// show 5-second shield
GenerateShieldPage(w, r, r.URL.Path)
return
}
timestamp := timestampI.(int64)
now := time.Now().Unix()
if now-timestamp < 5 {
GenerateShieldPage(w, r, r.URL.Path)
return
}
session.Values["shldtoken"] = now
// 5-second shield session will be invalid when user close the browser.
session.Options = &sessions.Options{Path: "/", HttpOnly: true}
err := session.Save(r, w)
if err != nil {
utils.DebugPrintln("session save error", err)
}
callback := r.FormValue("callback")
http.Redirect(w, r, callback, http.StatusTemporaryRedirect)
}
// GenerateShieldPage for first access if 5-second shield enabled
func GenerateShieldPage(w http.ResponseWriter, r *http.Request, urlPath string) {
if data.TmplShield == nil {
data.TmplShield, _ = template.New("tmplShield").Parse(data.NodeSetting.ShieldHTML)
}
session, _ := store.Get(r, "janusec-token")
session.Values["timestamp"] = time.Now().Unix()
// 5-second shield session will be invalid when user close the browser.
session.Options = &sessions.Options{Path: "/", HttpOnly: true}
err := session.Save(r, w)
if err != nil {
utils.DebugPrintln("session save error", err)
}
w.WriteHeader(200)
err = data.TmplShield.Execute(w, models.ShieldInfo{Callback: urlPath})
if err != nil {
utils.DebugPrintln("GenerateShieldPage tmpl.Execute error", err)
}
}