add cf blacklist

2025-11-25 03:15:05 +08:00 · 2022-04-10 15:20:11 +08:00
parent 9a17fe77dc
commit 3d916523ca
2 changed files with 33 additions and 3 deletions
--- a/yyetsweb/handler.py
+++ b/yyetsweb/handler.py
@@ -28,6 +28,7 @@ from tornado import escape, gen, web
 from tornado.concurrent import run_on_executor

 from database import CaptchaResource, Redis
+from utils import add_cf_blacklist

 escape.json_encode = lambda value: json.dumps(value, ensure_ascii=False)
 logging.basicConfig(level=logging.INFO)
@@ -76,7 +77,12 @@ class SecurityHandler(web.RequestHandler):
        self.r.incr(ip)
        count = int(self.r.get(ip))
        # ban rule: (count-10)*600
-        ex = 120 if count <= 10 else (count - 10) * 600
+        if count <= 10:
+            ex = 120
+        else:
+            ex = (count - 10) * 600
+        if count >= 30:
+            add_cf_blacklist(ip)
        self.r.set(ip, count, ex)
        user = self.get_current_user()
        if user:
@@ -758,7 +764,11 @@ class BlacklistHandler(BaseHandler):

 class NotFoundHandler(BaseHandler):
    def get(self):  # for react app
-        self.ban()
+        if self.request.uri not in ["/", "/home", "/discuss", "/login", "/404", "/search",
+                                    "/resource", "/me", "/database", "help", "/statistics"
+                                    ]:
+            self.ban()
+
        self.render(index)


--- a/yyetsweb/utils.py
+++ b/yyetsweb/utils.py
@@ -8,6 +8,7 @@
 __author__ = "Benny <benny.think@gmail.com>"

 import contextlib
+import logging
 import os
 import smtplib
 import time
@@ -15,6 +16,7 @@ from email.header import Header
 from email.mime.text import MIMEText
 from email.utils import formataddr, parseaddr

+import requests
 from akismet import Akismet


@@ -64,5 +66,23 @@ def check_spam(ip, ua, author, content) -> int:
    return 0


+def add_cf_blacklist(ip):
+    logging.warning("Cloudflare: Blacklisting %s", ip)
+    zone_id = "b8e2d2fa75c6f7dc3c2e478e27f3061b"
+    filter_id = "cc6c810f7f2941d28a672bfb6ac6bebe"
+    api = f"https://api.cloudflare.com/client/v4/zones/{zone_id}/filters/{filter_id}"
+    s = requests.Session()
+    s.headers.update({"Authorization": "Bearer %s" % os.getenv("CF_TOKEN")})
+    expr = s.get(api).json()["result"]["expression"]
+    if ip not in expr:
+        body = {
+            "id": filter_id,
+            "paused": False,
+            "expression": f"{expr} or (ip.src eq {ip})"
+        }
+        resp = s.put(api, json=body)
+        print(resp.json())
+
+
 if __name__ == '__main__':
-    send_mail("benny.think@gmail.com", "subj", 'aaaa<br>bbb')
+    add_cf_blacklist("192.168.2.1")