Skip to content

Commit

Permalink
Feat: Integrate gluahttp library for HTTP requests
Browse files Browse the repository at this point in the history 
Replaced custom HTTP requests with gluahttp library across various Lua plugins for improved consistency and error handling. This change simplifies the code and ensures that all HTTP interactions follow a unified approach.

Signed-off-by: Christian Roessner <c@roessner.co>
  • Loading branch information
Christian Roessner committed Sep 26, 2024
1 parent 27f1110 commit 856f1d0
Show file tree
Hide file tree
Showing 17 changed files with 806 additions and 126 deletions.
1 change: 1 addition & 0 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ toolchain go1.23.1

require (
github.com/biter777/countries v1.7.5
github.com/cjoudrey/gluahttp v0.0.0-20201111170219-25003d9adfa9
github.com/coreos/go-oidc/v3 v3.11.0
github.com/dspinhirne/netaddr-go v0.0.0-20211008142535-a4c5bccad224
github.com/emersion/go-imap v1.2.1
Expand Down
2 changes: 2 additions & 0 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,8 @@ github.com/cheggaaa/pb/v3 v3.1.5/go.mod h1:CrxkeghYTXi1lQBEI7jSn+3svI3cuc19haAj6
github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
github.com/cjoudrey/gluahttp v0.0.0-20201111170219-25003d9adfa9 h1:rdWOzitWlNYeUsXmz+IQfa9NkGEq3gA/qQ3mOEqBU6o=
github.com/cjoudrey/gluahttp v0.0.0-20201111170219-25003d9adfa9/go.mod h1:X97UjDTXp+7bayQSFZk2hPvCTmTZIicUjZQRtkwgAKY=
github.com/cloudwego/base64x v0.1.4 h1:jwCgWpFanWmN8xoIUHa2rtzmkd5J2plF/dnLS6Xd/0Y=
github.com/cloudwego/base64x v0.1.4/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
github.com/cloudwego/iasm v0.2.0 h1:1KNIy1I1H9hNNFEEH3DVnI4UujN+1zjpuk6gwHLTssg=
Expand Down
3 changes: 3 additions & 0 deletions server/global/const.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -986,6 +986,9 @@ const (
// LuaModGLuaCrypto is a constant that represents the name of the GLuaCrypto module in Lua.
LuaModGLuaCrypto = "nauthilus_gluacrypto"

// LuaModGLuaHTTP is a constant that represents the module name for Lua HTTP functionality.
LuaModGLuaHTTP = "nauthilus_gluahttp"

// LuaModGLLPlugin is a constant that represents the name of the GLL plugin module in Lua.
LuaModGLLPlugin = "nauthilus_gll_plugin"

Expand Down
14 changes: 7 additions & 7 deletions server/lua-plugins.d/actions/bruteforce.lua
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,16 +13,16 @@
-- You should have received a copy of the GNU General Public License
-- along with this program. If not, see <https://www.gnu.org/licenses/>.

local nauthilus_util = require("nauthilus_util")
function nauthilus_call_action(request)
if not request.repeating then
local nauthilus_util = require("nauthilus_util")

dynamic_loader("nauthilus_context")
local nauthilus_context = require("nauthilus_context")
dynamic_loader("nauthilus_context")
local nauthilus_context = require("nauthilus_context")

dynamic_loader("nauthilus_gll_tcp")
local tcp = require("tcp")
dynamic_loader("nauthilus_gll_tcp")
local tcp = require("tcp")

function nauthilus_call_action(request)
if not request.repeating then
-- Send IP/Mask
local conn, err = tcp.open(os.getenv('HAPROXY_STATS'))

Expand Down
81 changes: 41 additions & 40 deletions server/lua-plugins.d/actions/haveibeenpwnd.lua
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,37 +13,6 @@
-- You should have received a copy of the GNU General Public License
-- along with this program. If not, see <https://www.gnu.org/licenses/>.

local nauthilus_util = require("nauthilus_util")

dynamic_loader("nauthilus_redis")
local nauthilus_redis = require("nauthilus_redis")

dynamic_loader("nauthilus_mail")
local nauthilus_mail = require("nauthilus_mail")

dynamic_loader("nauthilus_misc")
local nauthilus_misc = require("nauthilus_misc")

dynamic_loader("nauthilus_context")
local nauthilus_context = require("nauthilus_context")

dynamic_loader("nauthilus_gluacrypto")
local crypto = require('crypto')

dynamic_loader("nauthilus_gll_http")
local http = require("http")

dynamic_loader("nauthilus_gll_strings")
local strings = require("strings")

dynamic_loader("nauthilus_gll_template")
local template = require("template")

local client = http.client({
timeout = 30,
user_agent = "Nauthilus",
})

local smtp_message = [[
Hello,
Expand All @@ -62,8 +31,36 @@ Regards
Postmaster
]]

local N = "haveibeenpwnd"

function nauthilus_call_action(request)
if not request.no_auth and request.authenticated then
local nauthilus_util = require("nauthilus_util")

dynamic_loader("nauthilus_redis")
local nauthilus_redis = require("nauthilus_redis")

dynamic_loader("nauthilus_mail")
local nauthilus_mail = require("nauthilus_mail")

dynamic_loader("nauthilus_misc")
local nauthilus_misc = require("nauthilus_misc")

dynamic_loader("nauthilus_context")
local nauthilus_context = require("nauthilus_context")

dynamic_loader("nauthilus_gluacrypto")
local crypto = require('crypto')

dynamic_loader("nauthilus_gluahttp")
local http = require("glua_http")

dynamic_loader("nauthilus_gll_strings")
local strings = require("strings")

dynamic_loader("nauthilus_gll_template")
local template = require("template")

nauthilus_misc.wait_random(500, 3000)

local redis_key = "ntc:HAVEIBEENPWND:" .. crypto.md5(request.account)
Expand All @@ -76,22 +73,26 @@ function nauthilus_call_action(request)
if nauthilus_util.is_number(redis_hash_count) then
if redis_hash_count > 0 then
-- Required by telegram.lua
nauthilus_context.context_set("haveibeenpwnd_hash_info", hash:sub(1, 5) .. redis_hash_count)
nauthilus_context.context_set(N .. "_hash_info", hash:sub(1, 5) .. redis_hash_count)

nauthilus_builtin.custom_log_add("action_haveibeenpwnd", "leaked")
nauthilus_builtin.custom_log_add(N .. "_result", "leaked")
end

return nauthilus_builtin.ACTION_RESULT_OK
end
end

local http_request = http.request("GET", "https://api.pwnedpasswords.com/range/" .. hash:sub(1, 5), "")

local result, err = client:do_request(http_request)
local result, err = http.get("https://api.pwnedpasswords.com/range/" .. hash:sub(1, 5), {
timeout = "10s",
headers = {
Accept = "*/*",
["User-Agent"] = "Nauthilus",
},
})
nauthilus_util.if_error_raise(err)

if result.code ~= 200 then
nauthilus_util.if_error_raise("haveibeenpwnd did not return status code 200")
if result.status_code ~= 200 then
nauthilus_util.if_error_raise(N .. "_status_code=" .. tostring(result.status_code))
end

for line in result.body:gmatch("([^\n]*)\n?") do
Expand All @@ -104,8 +105,8 @@ function nauthilus_call_action(request)
nauthilus_util.if_error_raise(err_redis_expire)

-- Required by telegram.lua
nauthilus_context.context_set("haveibeenpwnd_hash_info", hash:sub(1, 5) .. cmp_hash[2])
nauthilus_builtin.custom_log_add("action_haveibeenpwnd", "leaked")
nauthilus_context.context_set(N .. "_hash_info", hash:sub(1, 5) .. cmp_hash[2])
nauthilus_builtin.custom_log_add(N .. "_action", "leaked")

local already_sent_mail, err_redis_hget2 = nauthilus_redis.redis_hget(redis_key, "send_mail")
nauthilus_util.if_error_raise(err_redis_hget2)
Expand Down
42 changes: 23 additions & 19 deletions server/lua-plugins.d/actions/telegram.lua
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,29 +13,18 @@
-- You should have received a copy of the GNU General Public License
-- along with this program. If not, see <https://www.gnu.org/licenses/>.

local nauthilus_util = require("nauthilus_util")

dynamic_loader("nauthilus_context")
local nauthilus_context = require("nauthilus_context")

dynamic_loader("nauthilus_gll_http")
local http = require("http")

dynamic_loader("nauthilus_gll_telegram")
local telegram = require("telegram")

dynamic_loader("nauthilus_gll_json")
local json = require("json")
local N = "telegram"

dynamic_loader("nauthilus_gll_template")
local template = require("template")
function nauthilus_call_action(request)
if request.no_auth then
return nauthilus_builtin.ACTION_RESULT_OK
end

local client = http.client()
local bot = telegram.bot(os.getenv("TELEGRAM_PASSWORD"), client)
local nauthilus_util = require("nauthilus_util")

local N = "telegram"
dynamic_loader("nauthilus_context")
local nauthilus_context = require("nauthilus_context")

function nauthilus_call_action(request)
local send_message = false
local pwnd_info = "n/a"
local headline = "Information"
Expand Down Expand Up @@ -101,6 +90,21 @@ function nauthilus_call_action(request)
end

if send_message then
dynamic_loader("nauthilus_gll_http")
local http = require("http")

dynamic_loader("nauthilus_gll_telegram")
local telegram = require("telegram")

dynamic_loader("nauthilus_gll_template")
local template = require("template")

dynamic_loader("nauthilus_gll_json")
local json = require("json")

local client = http.client()
local bot = telegram.bot(os.getenv("TELEGRAM_PASSWORD"), client)

local result = request

local proto = request.protocol
Expand Down
46 changes: 20 additions & 26 deletions server/lua-plugins.d/features/blocklist.lua
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,34 +13,23 @@
-- You should have received a copy of the GNU General Public License
-- along with this program. If not, see <https://www.gnu.org/licenses/>.

local nauthilus_util = require("nauthilus_util")

dynamic_loader("nauthilus_context")
local nauthilus_context = require("nauthilus_context")

dynamic_loader("nauthilus_gll_http")
local http = require("http")

dynamic_loader("nauthilus_gll_json")
local json = require("json")

local client = http.client({
timeout = 30,
user_agent = "Nauthilus"
})

local N = "feature_blocklist"

function nauthilus_call_feature(request)
if request.no_auth then
return nauthilus_builtin.FEATURE_TRIGGER_NO, nauthilus_builtin.FEATURES_ABORT_NO, nauthilus_builtin.FEATURE_RESULT_YES
end

if not request.client_ip then
nauthilus_builtin.custom_log_add(N, "no client IP found")
local nauthilus_util = require("nauthilus_util")

return nauthilus_builtin.FEATURE_TRIGGER_NO, nauthilus_builtin.FEATURES_ABORT_NO, nauthilus_builtin.FEATURE_RESULT_FAILURE
end
dynamic_loader("nauthilus_context")
local nauthilus_context = require("nauthilus_context")

dynamic_loader("nauthilus_gluahttp")
local http = require("glua_http")

dynamic_loader("nauthilus_gll_json")
local json = require("json")

-- Get result table
local rt = nauthilus_context.context_get("rt")
Expand All @@ -55,14 +44,19 @@ function nauthilus_call_feature(request)
local payload, json_encode_err = json.encode(t)
nauthilus_util.if_error_raise(json_encode_err)

local blocklist_request = http.request("POST", os.getenv("BLOCKLIST_URL"), payload)
blocklist_request:header_set("Content-Type", "application/json")

local result, request_err = client:do_request(blocklist_request)
local result, request_err = http.post(os.getenv("BLOCKLIST_URL"), {
timeout = "10s",
headers = {
Accept = "*/*",
["User-Agent"] = "Nauthilus",
["Content-Type"] = "application/json",
},
body = payload,
})
nauthilus_util.if_error_raise(request_err)

if result.code ~= 200 then
nauthilus_util.if_error_raise(N .. "_status_code=" .. tostring(result.code))
if result.status_code ~= 200 then
nauthilus_util.if_error_raise(N .. "_status_code=" .. tostring(result.status_code))
end

local response, err_jdec = json.decode(result.body)
Expand Down
49 changes: 26 additions & 23 deletions server/lua-plugins.d/filters/geoip.lua
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,26 +12,15 @@
--
-- You should have received a copy of the GNU General Public License
-- along with this program. If not, see <https://www.gnu.org/licenses/>.
local N = "geoippolicyd"

local nauthilus_util = require("nauthilus_util")

dynamic_loader("nauthilus_context")
local nauthilus_context = require("nauthilus_context")

dynamic_loader("nauthilus_gll_http")
local http = require("http")

dynamic_loader("nauthilus_gll_json")
local json = require("json")

local client = http.client({
timeout = 30,
user_agent = "Nauthilus"
})
function nauthilus_call_filter(request)
if request.no_auth then
return nauthilus_builtin.FILTER_ACCEPT, nauthilus_builtin.FILTER_RESULT_OK
end

local N = "filter_geoippolicyd"
local nauthilus_util = require("nauthilus_util")

function nauthilus_call_filter(request)
local function add_custom_logs(object)
for item, values in pairs(object) do
if type(values) == "table" then
Expand Down Expand Up @@ -65,7 +54,16 @@ function nauthilus_call_filter(request)
ts = "unknown"
end

if request.user_found and request.authenticated and not (request.no_auth or request.client_ip == "127.0.0.1") then
if request.authenticated and request.client_ip ~= "127.0.0.1" then
dynamic_loader("nauthilus_context")
local nauthilus_context = require("nauthilus_context")

dynamic_loader("nauthilus_gluahttp")
local http = require("glua_http")

dynamic_loader("nauthilus_gll_json")
local json = require("json")

local t = {}

t.key = "client"
Expand All @@ -77,13 +75,18 @@ function nauthilus_call_filter(request)
local payload, json_encode_err = json.encode(t)
nauthilus_util.if_error_raise(json_encode_err)

local geoip_request = http.request("POST", os.getenv("GEOIP_POLICY_URL"), payload)
geoip_request:header_set("Content-Type", "application/json")

local result, request_err = client:do_request(geoip_request)
local result, request_err = http.post(os.getenv("GEOIP_POLICY_URL"), {
timeout = "10s",
headers = {
Accept = "*/*",
["User-Agent"] = "Nauthilus",
["Content-Type"] = "application/json",
},
body = payload,
})
nauthilus_util.if_error_raise(request_err)

if result.code ~= 202 then
if result.status_code ~= 202 then
nauthilus_util.if_error_raise(N .. "_status_code=" .. tostring(result.code))
end

Expand Down
Loading

0 comments on commit 856f1d0

Please sign in to comment.