Merge 4e4bdaf335 into 65093c619f

2024-04-26 18:07:05 +00:00 · 2024-04-26 18:07:05 +00:00 · 81be0c2fc5
parent 65093c619f 4e4bdaf335
commit 81be0c2fc5
3 changed files with 80 additions and 0 deletions
--- a/.env.production.sample
+++ b/.env.production.sample
@ -75,3 +75,11 @@ S3_ALIAS_HOST=files.example.com
 # -----------------------
 IP_RETENTION_PERIOD=31556952
 SESSION_RETENTION_PERIOD=31556952
+
+# Antispam: IP Block/Limit lists  (Limited IP require manual approval).
+# -----------------------
+# URLS in this list are refreshed every 24 hours. Blocked/limited IP Addresses expire after 24 hours.
+# Comma delimited to add more URLs. The format should contain only IP addresses (subnet optional)
+# -----------------------
+# SCHEDULED_IPLIMIT_URLS="https://check.torproject.org/torbulkexitlist"
+# SCHEDULED_IPBLOCK_URLS=""
--- a/app/workers/scheduler/ip_spamlist_urls_scheduler.rb
+++ b/app/workers/scheduler/ip_spamlist_urls_scheduler.rb
@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+class Scheduler::IpSpamlistUrlsScheduler
+  include Sidekiq::Worker
+
+  sidekiq_options retry: 0
+
+  def perform
+    grab_ip_blocks_addresses! if ENV['SCHEDULED_IPBLOCK_URLS'].present?
+    add_ip_blocks_addresses! if ENV['SCHEDULED_IPBLOCK_URLS'].present?
+    grab_ip_limit_addresses! if ENV['SCHEDULED_IPLIMIT_URLS'].present?
+    add_ip_limit_addresses! if ENV['SCHEDULED_IPLIMIT_URLS'].present?
+  end
+
+  def grab_ip_blocks_addresses!
+    @blockips = []
+    ENV['SCHEDULED_IPBLOCK_URLS'].split(',').each do |url|
+      Request.new(:get, url).perform do |res|
+        @blockips.insert = res.body
+      end
+    end
+  end
+
+  def grab_ip_limit_addresses!
+    @limitips = []
+    ENV['SCHEDULED_IPBLIMIT_URLS'].split(',').each do |url|
+      Request.new(:get, url).perform do |res|
+        @limitips.insert = res.body
+      end
+    end
+  end
+
+  def add_ip_blocks_addresses!
+    @blockips.each do |ip|
+      ip_block = IpBlock.find_by(ip: ip)
+
+      if ip_block.present?
+        ip_block.update(expires_in: 24.hours.to_i)
+        next
+      end
+
+      IpBlock.create(
+        ip: ip,
+        severity: :sign_up_block,
+        comment: 'Scheduled IPBlock',
+        expires_in: 24.hours.to_i
+      )
+    end
+  end
+
+  def add_ip_limit_addresses!
+    @limitips.each do |ip|
+      ip_limit = IpBlock.find_by(ip: ip)
+
+      if ip_limit.present?
+        ip_limit.update(expires_in: 24.hours.to_i)
+        next
+      end
+
+      IpBlock.create(
+        ip: ip,
+        severity: :sign_up_requires_approval,
+        comment: 'Scheduled IPLimit',
+        expires_in: 24.hours.to_i
+      )
+    end
+  end
+end
--- a/config/sidekiq.yml
+++ b/config/sidekiq.yml
@ -67,3 +67,7 @@
      interval: 1 hour
      class: Scheduler::AutoCloseRegistrationsScheduler
      queue: scheduler
+    ip_spamlist_url_scheduler:
+      every: '24h'
+      class: Scheduler::IpSpamlistUrlsScheduler
+      queue: scheduler