App-phoebe
view release on metacpan or search on metacpan
- App::Phoebe::Spartan is new; an alternative to Gemini and Titansince it's very simply, suggests gemtextfortext formatting, allowsuploads, but doesn'tdoTLS- App::Phoebe::Iapetus is new; an alternative to the Titan protocolforuploading- App::Phoebe::SpeedBump loads the block list on startup; as it savesevery half an hour, that means younolonger have to worry too muchabout losing information on the blocked IP numbers and networks- App::Gopher is new and improved; itnolonger just prints the Geminitext but does line wrapping and all that3.00- Add special feedsforthe blog, i.e. the pages startingwithan ISOdate2.08
We want to block crawlers that are too fast or that don’t follow theinstructions in robots.txt. Wedothis by keeping a list of recent visitors:forevery IP number, we remember the timestamps of theirlastvisits. If they makemore than 30 requests in 60s, we block themforan ever increasing amount ofseconds, startingwith60s and doubling everytimethis happens.For every IP number, Phoebe also records whether thelast30 requests were“suspicious†or not. A suspicious request is a request that is “disallowedâ€forbots according to “robots.txt†(more or less). If 10 requests or more of thelast30 requests in thelast60 seconds are suspicious, the IP number isblocked.When an IP number is blocked, it is blockedfor60s, and there’s a 120sprobationtime. When you’re blocked, Phoebe respondswitha “44†response. Thismeans: slow down!If the IP number is unblocked but gives causeforanother block in the probationtime, it is blocked again and the blockingtimeis doubled: the IP is blockedfor120s and there’s 240s probationtime. Andifit happens again, it is doubledagain.There isnoconfiguration required, but adding a known fingerprint is suggested.The `/do/speed-bump` URL shows you more information,ifyou have a clientcertificatewitha known fingerprint.The exact number of requests and thelengthof thetimewindow (in seconds) canbe changed in the `config` file, too.
lib/App/Phoebe.pm view on Meta::CPAN
# We can't use C<flock> because this defaults to C<fcntl> which means they are# I<per process>subwith_lock {my$stream=shift;my$host=shift;my$space=shift;my$code=shift;my$count=shift|| 0;my$dir= wiki_dir($host,$space);my$lock="$dir/locked";# remove stale locksif(-e$lock) {my$age=time() - modified($lock);$log->debug("lock is ${age}s old");rmdir$lockif-e$lockand$age> 5;}if(mkdir($lock)) {$log->debug("Running code with lock $lock");eval{$code->() };# protect against exceptionsif($@) {$log->error("Unable to run code with locked $lock: $@");result($stream,"40","An error occured, unfortunately");}rmdir($lock);$stream->close_gracefully();}elsif($count> 25) {$log->error("Unable to unlock $lock");result($stream,"40","The wiki is locked; try again in a few seconds");$stream->close_gracefully();}else{$log->debug("Waiting $count...");Mojo::IOLoop->timer(0.2=>sub{with_lock($stream,$host,$space,$code,$count+ 1)});# don't close the stream}}subwrite_page {
lib/App/Phoebe/SpeedBump.pm view on Meta::CPAN
We want to block crawlers that are too fast or that don’t follow theinstructions in robots.txt. Wedothis by keeping a list of recent visitors:forevery IP number, we remember the timestamps of theirlastvisits. If they makemore than 30 requests in 60s, we block themforan ever increasing amount ofseconds, startingwith60s and doubling everytimethis happens.For every IP number, Phoebe also records whether thelast30 requests were“suspicious†or not. A suspicious request is a request that is “disallowedâ€forbots according to “robots.txt†(more or less). If 10 requests or more of thelast30 requests in thelast60 seconds are suspicious, the IP number isblocked.When an IP number is blocked, it is blockedfor60s, and there’s a 120sprobationtime. When you’re blocked, Phoebe respondswitha “44†response. Thismeans: slow down!If the IP number is unblocked but gives causeforanother block in the probationtime, it is blocked again and the blockingtimeis doubled: the IP is blockedfor120s and there’s 240s probationtime. Andifit happens again, it is doubledagain.There isnoconfiguration required, but adding a known fingerprint is suggested.The C</do/speed-bump> URL shows you more information,ifyou have a clientcertificatewitha known fingerprint.The exact number of requests and thelengthof thetimewindow (in seconds) canbe changed in the F<config> file, too.
lib/App/Phoebe/SpeedBump.pm view on Meta::CPAN
or$speed_data->{$ip}->{probation} <$now)and (not$speed_data->{$ip}->{visits}or @{$speed_data->{$ip}->{visits}} == 0or$speed_data->{$ip}->{visits}->[0] <$now-$speed_bump_window)) {delete($speed_data->{$ip});}}formy$cidr(keys%$speed_cidr_data) {delete($speed_cidr_data->{$cidr})if$speed_cidr_data->{$cidr} <$now;}# check whether the range is blockedmy$ip=$stream->handle->peerhost;my$ob= new Net::IP($ip);formy$cidr(keys%$speed_cidr_data) {my$range= new Net::IP($cidr) or$log->error(Net::IP::Error());my$overlap=$range->overlaps($ob);# $IP_PARTIAL_OVERLAP (ranges overlap) $IP_NO_OVERLAP (no overlap)# $IP_A_IN_B_OVERLAP (range2 contains range1) $IP_B_IN_A_OVERLAP (range1# contains range2) $IP_IDENTICAL (ranges are identical) undef (problem)if(defined$overlapand$overlap!=$IP_NO_OVERLAP) {$log->info("Net range $cidr is blocked");my$delta=$speed_cidr_data->{$cidr} -$now;result($stream,"44","$delta");# no more processingreturn1;}}# check if the ip is currently blocked and extend the block if soif(exists$speed_data->{$ip}) {my$until=$speed_data->{$ip}->{until};if($untiland$until>$now) {my$seconds= speed_bump_add($ip,$now);$log->info("IP is blocked, extending by $seconds");my$delta=$speed_data->{$ip}->{until} -$now;result($stream,"44","$delta");# no more processingreturn1;}}# add a timestamp to the front for the current $ipunshift(@{$speed_data->{$ip}->{visits}},$now);# add a warning to the front for the current $ip if the current URL could be a botunshift(@{$speed_data->{$ip}->{warnings}},scalar$url=~ m!/(raw|html|diff|history|do/(?:comment|do/(?:all/(?:latest/)?)?changes/|rss|(?:all)?atom|new|more|match|search|index|tag))/!);# if there are enough timestamps, pop the last one and see if it falls within# the time window; if so, all the requests happened within the time window# we're watchingif(@{$speed_data->{$ip}->{visits}} >$speed_bump_requests) {pop(@{$speed_data->{$ip}->{warnings}});my$oldest=pop(@{$speed_data->{$ip}->{visits}});if($now<$oldest+$speed_bump_window) {my$seconds= speed_bump_add($ip,$now);$log->info("Blocked for $seconds because of too many requests");result($stream,"44","$seconds");# no more processingreturn1;}}# even if the browsing speed is ok, we want to block you if you're visiting a# lot of URLs that a human would notmy$warnings= sum(@{$speed_data->{$ip}->{warnings}}) || 0;if($warnings>$speed_bump_requests/ 3) {my$seconds= speed_bump_add($ip,$now);$log->info("Blocked for $seconds because of too many suspicious requests");result($stream,"44","$seconds");# no more processingreturn1;}# maintenance is done and no block was required, carry onreturn0;}subspeed_bump_add {my$ip=shift;
lib/App/Phoebe/SpeedBump.pm view on Meta::CPAN
$stream->write("The speed bump data has been reset.\n");$stream->write("=> /do/speed-bump menu\n") });return1;}return;}subspeed_bump_compute_cidr_blocks {my%count;my%until;# check which CIDR has been blocked at least three timesformy$ip(keys%$speed_data) {my$cidr=$speed_data->{$ip}->{cidr};nextunless$cidr;$count{$cidr}++;$until{$cidr} ||=$speed_data->{$ip}->{until};$until{$cidr} =$speed_data->{$ip}->{until}if$speed_data->{$ip}->{until} and$speed_data->{$ip}->{until} >$until{$cidr};}# only copy the blocked-until timestamp for those CIDRs that were listed at least three timesformy$cidr(keys%count) {nextunless$count{$cidr} >= 3;speed_bump_add_cidr($cidr,$until{$cidr});}}subwith_speed_bump_fingerprint {my$stream=shift;my$fun=shift;my$fingerprint=$stream->handle->get_fingerprint();
lib/App/Phoebe/SpeedBump.pm view on Meta::CPAN
$stream->write("```\n");$stream->write("=> /do/speed-bump menu\n");}subspeed_bump_cidr {my$ip=shift;my$now=shift;my$cidr=$speed_data->{$ip}->{cidr};my$until=$speed_data->{$ip}->{until};return$cidrif$cidror not$untilor$until-$now< 604800;# if blocked for at least 7d and no cidr is available, get it: 7*24*60*60 = 604800$ip= new Net::IP ($ip) orreturn;my$reverse=$ip->reverse_ip();$reverse=~ s/in-addr\.arpa\.$/asn.routeviews.org/;$log->debug("DNS TXT query for $reverse");formy$rr(rr($reverse,"TXT")) {nextunless$rr->type eq"TXT";my@data=$rr->txtdata;$log->debug("DNS TXT @data");$cidr=join("/",@data[1..2]);$speed_data->{$ip}->{cidr} =$cidr;
t/BlockFediverse.t view on Meta::CPAN
require'./t/test.pl';# variables set by test.plour$host;our$port;like(query_web("GET / HTTP/1.0\r\nhost: $host:$port"),qr/^HTTP\/1.1 200 OK/,"Web is served");like(query_web("GET / HTTP/1.0\r\nhost: $host:$port\r\nuser-agent: Mastodon"),qr/^HTTP\/1.1 400 Bad Request/,"Mastodon is blocked");done_testing;
t/SpeedBump.t view on Meta::CPAN
like($page,qr(18\.135\.104\.61),"IP number found");like($page,qr(CIDR\n.*18\.132\.0\.0/14),"CIDR number found");$page= query_gemini("$base/");like($page,qr(^20),"Request 1");$page= query_gemini("$base/");like($page,qr(^20),"Request 2");$page= query_gemini("$base/");like($page,qr(^44 60),"Request 3 is blocked for 60s");$page= query_gemini("$base/do/speed-bump/status");# From To Warns Block Until Probation IP# -5s -5s 2/ 2 60s 55s 115s 127.0.0.1like($page,qr(^ +0s +0s +2\/ 2\ +60s +60s +120s +127\.0\.0\.1)m,"Blocked for 60s!");# also making sure all the data from the old JSON file expiredunlike($page,qr(18\.135\.104\.61),"IP number no longer found");unlike($page,qr(CIDR\n.*18\.132\.0\.0/14),"CIDR number no longer found");done_testing();
Smiling faces floatTonight in the city parkPhone screens shining brightEOTmy$page= query_gemini("$titan/raw/Haiku;size=74;mime=text/plain;token=hello",$haiku);like($page,qr/^30 $base\/page\/Haiku\r$/,"Titan Haiku");ok(read_text("$dir/page/Haiku.gmi") eq$haiku,"Haiku saved");mkdir("$dir/locked");# 1s timerMojo::IOLoop->timer(1=>sub{pass("Waiting 1s");ok(read_text("$dir/page/Haiku.gmi") eq$haiku,"Haiku unchanged");rmdir("$dir/locked")});my$haiku2=<<EOT;Pink peaks and blue rocksThe sun is gone and I'm coldThe Blackbird still singsEOT# while it waits for the lock to expire, 1s passes and the lock is removedquery_gemini("$titan/raw/Haiku;size=81;mime=text/plain;token=hello",$haiku2);
t/oddmuse-wiki.pl view on Meta::CPAN
clear=> \&DoClearCache,debug=> \&DoDebug,contrib=> \&DoContributors,more=> \&DoJournal);our@MyRules= (\&LinkRules, \&ListRule);# don't set this variable, add to it!our%RuleOrder= (\&LinkRules=> 0, \&ListRule=> 0);# The 'main' program, called at the end of this script file (aka. as handler)subDoWikiRequest {Init();DoSurgeProtection();if(not$BannedCanReadand UserIsBanned() and not UserIsEditor()) {ReportError(T('Reading not allowed: user, ip, or network is blocked.'),'403 FORBIDDEN',0,$q->p(ScriptLink('action=password', T('Login'),'password')));}DoBrowseRequest();}subReportError {# fatal!my($errmsg,$status,$log,@html) =@_;InitRequest();# make sure we can report errors before InitRequestGetHttpHeader('text/html','nocache',$status), GetHtmlHeader(T('Error')),$q->start_div({class=>'error'}),$q->h1(QuoteHtml($errmsg)),@html,$q->end_div,
t/oddmuse-wiki.pl view on Meta::CPAN
my$page= ParseData($data);# before InitVariables so GetPageContent won't workeval$page->{text}if$page->{text};# perlcritic dislikes the use of eval here but we really mean it$Message.= CGI::p("$ConfigPage: $@")if$@;}}subInitDirConfig {$PageDir="$DataDir/page";# Stores page data$KeepDir="$DataDir/keep";# Stores kept (old) page data$TempDir="$DataDir/temp";# Temporary files and locks$LockDir="$TempDir/lock";# DB is locked if this exists$NoEditFile="$DataDir/noedit";# Indicates that the site is read-only$RcFile="$DataDir/rc.log";# New RecentChanges logfile$RcOldFile="$DataDir/oldrc.log";# Old RecentChanges logfile$IndexFile="$DataDir/pageidx";# List of all pages$VisitorFile="$DataDir/visitors.log";# List of recent visitors$DeleteFile="$DataDir/delete.log";# Deletion logfile$RssDir="$DataDir/rss";# For rss feed cache$ConfigFile||="$DataDir/config";# Config file with Perl code to execute$ModuleDir||="$DataDir/modules";# For extensions (ending in .pm or .pl)}
t/oddmuse-wiki.pl view on Meta::CPAN
return;}subRunMyMacros {$_=shift;foreachmy$macro(@MyMacros) {$macro->() };return$_;}subPrintWikiToHTML {my($markup,$is_saving_cache,$revision,$is_locked) =@_;my($blocks,$flags);$FootnoteNumber= 0;$markup=~ s/$FS//gif$markup;# Remove separators (paranoia)$markup= QuoteHtml($markup);($blocks,$flags) = ApplyRules($markup, 1,$is_saving_cache,$revision,'p');if($is_saving_cacheand not$revisionand$Page{revision}# don't save revision 0 pagesand$Page{blocks} ne$blocksand$Page{flags} ne$flags) {$Page{blocks} =$blocks;$Page{flags} =$flags;if($is_lockedor RequestLockDir('main')) {# not fatal!SavePage();ReleaseLock()unless$is_locked;}}}subDoClearCache {returnunlessUserIsAdminOrError();RequestLockOrError();GetHeader('', T('Clear Cache')),$q->start_div({-class=>'content clear'}),$q->p(T('Main lock obtained.')),'<p>';foreachmy$id(AllPagesList()) {
t/oddmuse-wiki.pl view on Meta::CPAN
}subPrintPageContent {my($text,$revision,$comment) =@_;$q->start_div({-class=>'content browse',-lang=>GetLanguage($text)});# This is a lot like PrintPageHtml except that it also works for older revisionsif($revisioneq''and$Page{blocks} and GetParam('cache',$UseCache) > 0) {PrintCache();}else{my$savecache= ($Page{revision} > 0 and$revisioneq'');# new page not cachedPrintWikiToHTML($text,$savecache,$revision);# unlocked, with anchors, unlocked}if($comment) {$q->start_div({-class=>'preview'}),$q->hr();$q->h2(T('Preview:'));# no caching, current revision, unlockedPrintWikiToHTML(AddComment('',$comment));$q->hr(),$q->h2(T('Preview only, not yet saved')),$q->end_div();}$q->end_div();}subPrintFooter {my($id,$rev,$comment,$page) =@_;if(GetParam('embed',$EmbedWiki)) {$q->end_html,"\n";
t/oddmuse-wiki.pl view on Meta::CPAN
my$header;if($revisionand not$upload) {$header= Ts('Editing revision %s of',$revision) .' '. NormalToFree($id);}else{$header= Ts('Editing %s', NormalToFree($id));}GetHeader('',$header),$q->start_div({-class=>'content edit'});if($previewand not$upload) {$q->start_div({-class=>'preview'});$q->h2(T('Preview:'));PrintWikiToHTML($oldText);# no caching, current revision, unlocked$q->hr(),$q->h2(T('Preview only, not yet saved')),$q->end_div();}if($revision) {$q->strong(Ts('Editing old revision %s.',$revision) .' '. T('Saving this page will replace the latest revision with this text.'))}GetEditForm($id,$upload,$oldText,$revision),$q->end_div();PrintFooter($id,'edit');}
t/oddmuse-wiki.pl view on Meta::CPAN
return1;}subUserCanEditOrDie {my$id=shift;ValidIdOrDie($id);if(not UserCanEdit($id, 1)) {my$rule= UserIsBanned();if($rule) {ReportError(T('Edit Denied'),'403 FORBIDDEN',undef,$q->p(T('Editing not allowed: user, ip, or network is blocked.')),$q->p(T('Contact the wiki administrator for more information.')),$q->p(Ts('The rule %s matched for you.',$rule) .' '. Ts('See %s for more information.', GetPageLink($BannedHosts))));}else{ReportError(T('Edit Denied'),'403 FORBIDDEN',undef,$q->p(Ts('Editing not allowed: %s is read-only.', NormalToFree($id))));}}}
t/oddmuse-wiki.pl view on Meta::CPAN
}subWriteIndex {WriteStringToFile($IndexFile,join(' ',@IndexList));}subRefreshIndex {@IndexList= ();%IndexHash= ();# If file exists and cannot be changed, error!my$locked= RequestLockDir('index',undef,undef, IsFile($IndexFile));foreach(Glob("$PageDir/*.pg"), Glob("$PageDir/.*.pg")) {nextunlessm|/.*/(.+)\.pg$|;my$id= $1;push(@IndexList,$id);$IndexHash{$id} = 1;}WriteIndex()if$locked;ReleaseLockDir('index')if$locked;}subAddToIndex {my($id) =@_;$IndexHash{$id} = 1;@IndexList=sort(keys%IndexHash);WriteIndex();}subDoSearch {
t/oddmuse-wiki.pl view on Meta::CPAN
delete$IndexHash{$id};@IndexList=sort(keys%IndexHash);return'';# no error}subDoEditLock {returnunlessUserIsAdminOrError();GetHeader('', T('Set or Remove global edit lock'));my$fname="$NoEditFile";if(GetParam("set", 1)) {WriteStringToFile($fname,'editing locked.');}else{Unlink($fname);}utimetime,time,$IndexFile;# touch index file$q->p(IsFile($fname) ? T('Edit lock created.') : T('Edit lock removed.'));PrintFooter();}subDoPageLock {returnunlessUserIsAdminOrError();GetHeader('', T('Set or Remove page edit lock'));my$id= GetParam('id','');ValidIdOrDie($id);my$fname= GetLockedPageFile($id);if(GetParam('set', 1)) {WriteStringToFile($fname,'editing locked.');}else{Unlink($fname);}utimetime,time,$IndexFile;# touch index file$q->p(IsFile($fname) ? Ts('Lock for %s created.', GetPageLink($id)): Ts('Lock for %s removed.', GetPageLink($id)));PrintFooter();}subDoShowVersion {
( run in 0.513 second using v1.01-cache-2.11-cpan-a9ef4e587e4 )