seth
/
jam-cloud
mirror of https://bitbucket.org/jamkazam/jam-cloud.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

* VRFS-3922 - update ip blacklist/whitelist behavior to offer more admin flexibilyt

This commit is contained in:
Seth Call 2016-02-09 12:58:54 -06:00
parent 1da6749d70
commit 1652aa4bd3
14 changed files with 224 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
admin/app/admin/ip_whitelist.rb Normal file
View File

@ -0,0 +1,13 @@
ActiveAdmin.register JamRuby::IpWhitelist, :as => 'IP Whitelist' do
menu :label => 'IP Whitelist', :parent => 'Operations'
config.sort_order = 'created_at desc'
config.batch_actions = false
index do
column :remote_ip
column :notes
column :created_at
end
end

13
admin/app/admin/user_whitelist.rb Normal file
View File

@ -0,0 +1,13 @@
ActiveAdmin.register JamRuby::UserWhitelist, :as => 'User Whitelist' do
menu :label => 'User Whitelist', :parent => 'Operations'
config.sort_order = 'created_at desc'
config.batch_actions = false
index do
column :user
column :notes
column :created_at
end
end

3
db/manifest
View File

@ -330,4 +330,5 @@ download_tracker_fingerprints.sql
connection_active.sql connection_active.sql
chat_channel.sql chat_channel.sql
jamblaster.sql jamblaster.sql
test_drive_lessons.sql test_drive_lessons.sql
whitelist.sql

18
db/up/whitelist.sql Normal file
View File

@ -0,0 +1,18 @@
CREATE TABLE ip_whitelists (
id VARCHAR(64) PRIMARY KEY DEFAULT uuid_generate_v4(),
remote_ip VARCHAR(400) UNIQUE NOT NULL,
notes VARCHAR,
created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
updated_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP
);
CREATE TABLE user_whitelists (
id VARCHAR(64) PRIMARY KEY DEFAULT uuid_generate_v4(),
user_id VARCHAR(64) UNIQUE NOT NULL REFERENCES users(id) ON DELETE CASCADE,
notes VARCHAR,
created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
updated_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP
);

2
ruby/lib/jam_ruby.rb
View File

@ -114,6 +114,8 @@ require "jam_ruby/models/machine_extra"
require "jam_ruby/models/download_tracker" require "jam_ruby/models/download_tracker"
require "jam_ruby/models/ip_blacklist" require "jam_ruby/models/ip_blacklist"
require "jam_ruby/models/user_blacklist" require "jam_ruby/models/user_blacklist"
require "jam_ruby/models/ip_whitelist"
require "jam_ruby/models/user_whitelist"
require "jam_ruby/models/fraud_alert" require "jam_ruby/models/fraud_alert"
require "jam_ruby/models/fingerprint_whitelist" require "jam_ruby/models/fingerprint_whitelist"
require "jam_ruby/models/review" require "jam_ruby/models/review"

18
ruby/lib/jam_ruby/models/download_tracker.rb
View File

@ -36,13 +36,16 @@ module JamRuby
def self.check(user, remote_ip, target, owned, fingerprint, is_client) def self.check(user, remote_ip, target, owned, fingerprint, is_client)
return false unless APP_CONFIG.guard_against_browser_fraud return false unless APP_CONFIG.guard_against_browser_fraud
return false if user.admin
return false if UserWhitelist.listed(user)
create(user, remote_ip, target, owned, fingerprint, is_client) create(user, remote_ip, target, owned, fingerprint, is_client)
# let's check the following # let's check the following
blacklisted = alert_freebies_snarfer(remote_ip) blacklisted = alert_freebies_snarfer(remote_ip, owned)
alert_user_sharer(user) alert_user_sharer(user)
@ -96,9 +99,16 @@ module JamRuby
end end
end end
def self.alert_freebies_snarfer(remote_ip) def self.alert_freebies_snarfer(remote_ip, owned)
if owned
return false
end
if !IpWhitelist.listed(remote_ip)
violation = check_freebie_snarfer(APP_CONFIG.max_multiple_users_same_ip, remote_ip).first
end
violation = check_freebie_snarfer(APP_CONFIG.max_multiple_users_same_ip, remote_ip).first
if violation if violation
body = "IP Address: #{remote_ip}\n" body = "IP Address: #{remote_ip}\n"

8
ruby/lib/jam_ruby/models/ip_blacklist.rb
View File

@ -5,10 +5,14 @@ module JamRuby
@@log = Logging.logger[IpBlacklist] @@log = Logging.logger[IpBlacklist]
validates :remote_ip, presence:true, uniqueness:true validates :remote_ip, presence: true, uniqueness: true
def self.banned(remote_ip)
IpBlacklist.count(:conditions => "remote_ip = '#{remote_ip}' AND remote_ip not in (select remote_ip from ip_whitelists where remote_ip = '#{remote_ip}')") == 1
end
def self.listed(remote_ip) def self.listed(remote_ip)
IpBlacklist.count(:conditions => "remote_ip = '#{remote_ip}'") == 1 IpBlacklist.where(:conditions => "remote_ip = '#{remote_ip}'") == 1
end end
def self.admin_url def self.admin_url

30
ruby/lib/jam_ruby/models/ip_whitelist.rb Normal file
View File

@ -0,0 +1,30 @@
module JamRuby
class IpWhitelist< ActiveRecord::Base
attr_accessible :remote_ip, :notes, as: :admin
@@log = Logging.logger[IpWhitelist]
validates :remote_ip, presence:true, uniqueness:true
def self.listed(remote_ip)
IpWhitelist.count(:conditions => "remote_ip = '#{remote_ip}'") == 1
end
def self.admin_url
APP_CONFIG.admin_root_url + "/admin/ip_whitelists/"
end
def self.admin_activity_url(remote_ip)
APP_CONFIG.admin_root_url + "/admin/download_trackers?q[remote_ip_equals]=#{URI.escape(remote_ip)}&commit=Filter&order=id_desc"
end
def admin_url
APP_CONFIG.admin_root_url + "/admin/ip_whitelists/" + id
end
def to_s
remote_ip
end
end
end

8
ruby/lib/jam_ruby/models/user_blacklist.rb
View File

@ -6,7 +6,13 @@ module JamRuby
belongs_to :user, :class_name => "JamRuby::User" belongs_to :user, :class_name => "JamRuby::User"
validates :user, presence:true, uniqueness: true validates :user, presence: true
validates_uniqueness_of :user_id
def self.banned(user)
UserBlacklist.count(:conditions => "user_id = '#{user.id}' AND user_id not in (select user_id from user_whitelists where user_id = '#{user.id}')") == 1
end
def self.listed(user) def self.listed(user)
UserBlacklist.count(:conditions => "user_id= '#{user.id}'") == 1 UserBlacklist.count(:conditions => "user_id= '#{user.id}'") == 1

29
ruby/lib/jam_ruby/models/user_whitelist.rb Normal file
View File

@ -0,0 +1,29 @@
module JamRuby
class UserWhitelist < ActiveRecord::Base
attr_accessible :user_id, :notes, as: :admin
@@log = Logging.logger[UserWhitelist]
belongs_to :user, :class_name => "JamRuby::User"
validates :user, presence:true
validates_uniqueness_of :user_id
def self.listed(user)
UserWhitelist.count(:conditions => "user_id= '#{user.id}'") == 1
end
def self.admin_url
APP_CONFIG.admin_root_url + "/admin/user_whitelists/"
end
def admin_url
APP_CONFIG.admin_root_url + "/admin/user_whitelists/" + id
end
def to_s
user
end
end
end

16
ruby/spec/factories.rb
View File

@ -906,5 +906,21 @@ FactoryGirl.define do
sequence(:sibling_client_id ) { |n| "sibling_client_id#{n}" } sequence(:sibling_client_id ) { |n| "sibling_client_id#{n}" }
sequence(:sibling_key ) { |n| "sibling_key#{n}" } sequence(:sibling_key ) { |n| "sibling_key#{n}" }
end end
factory :ip_blacklist, class: "JamRuby::IpBlacklist" do
remote_ip '1.1.1.1'
end
factory :ip_whitelist, class: "JamRuby::IpWhitelist" do
remote_ip '1.1.1.1'
end
factory :user_blacklist, class: "JamRuby::UserBlacklist" do
association :user, factory: :user
end
factory :user_whitelist, class: "JamRuby::UserWhitelist" do
association :user, factory: :user
end
end end

27
ruby/spec/jam_ruby/models/ip_blacklist_spec.rb Normal file
View File

@ -0,0 +1,27 @@
require 'spec_helper'
describe IpBlacklist do
describe "#banned" do
it "returns false if no ban" do
IpBlacklist.banned('1.1.1.1').should eq false
end
it "returns true if banned" do
FactoryGirl.create(:ip_blacklist, remote_ip: "1.1.1.1")
IpBlacklist.banned('1.1.1.1').should eq true
end
it "returns false if whitelisted" do
FactoryGirl.create(:ip_whitelist, remote_ip: "1.1.1.1")
IpBlacklist.banned('1.1.1.1').should eq false
end
it "returns false if whitelisted and blacklisted too" do
FactoryGirl.create(:ip_blacklist, remote_ip: "1.1.1.1")
FactoryGirl.create(:ip_whitelist, remote_ip: "1.1.1.1")
IpBlacklist.banned('1.1.1.1').should eq false
end
end
end

29
ruby/spec/jam_ruby/models/user_blacklist_spec.rb Normal file
View File

@ -0,0 +1,29 @@
require 'spec_helper'
describe UserBlacklist do
let(:user) { FactoryGirl.create(:user) }
describe "#banned" do
it "returns false if no ban" do
UserBlacklist.banned(user).should eq false
end
it "returns true if banned" do
FactoryGirl.create(:user_blacklist, user: user)
UserBlacklist.banned(user).should eq true
end
it "returns false if whitelisted" do
FactoryGirl.create(:user_whitelist, user: user)
UserBlacklist.banned(user).should eq false
end
it "returns false if whitelisted and blacklisted too" do
FactoryGirl.create(:user_blacklist, user: user)
FactoryGirl.create(:user_whitelist, user: user)
UserBlacklist.banned(user).should eq false
end
end
end

20
web/app/helpers/sessions_helper.rb
View File

@ -140,14 +140,30 @@ module SessionsHelper
end end
def ip_blacklist def ip_blacklist
if IpBlacklist.listed(request.remote_ip) if current_user && current_user.admin
return
end
if @jam_track_right && !@jam_track_right.redeemed
return
end
if IpBlacklist.banned(request.remote_ip) && (current_user && !UserWhitelist.listed(current_user))
Stats.write('web.blacklist.ip', {value: 1, remote_ip: request.remote_ip}) Stats.write('web.blacklist.ip', {value: 1, remote_ip: request.remote_ip})
render :json => { :message => "IP blacklisted"}, :status => 403 render :json => { :message => "IP blacklisted"}, :status => 403
end end
end end
def user_blacklist def user_blacklist
if UserBlacklist.listed(current_user) if current_user && current_user.admin
return
end
if @jam_track_right && !@jam_track_right.redeemed
return
end
if UserBlacklist.banned(current_user)
Stats.write('web.blacklist.user', {value: 1, user_id: current_user.id}) Stats.write('web.blacklist.user', {value: 1, user_id: current_user.id})
render :json => { :message => "User blacklisted"}, :status => 403 render :json => { :message => "User blacklisted"}, :status => 403
end end