Skip to content

Commit

Permalink
feat!: reject some crawler access
Browse files Browse the repository at this point in the history
  • Loading branch information
@KisaragiEffective
KisaragiEffective committed May 17, 2024
1 parent 10e34b0 commit b4b5625
Show file tree
Hide file tree
Showing 3 changed files with 43 additions and 1 deletion.
13 changes: 13 additions & 0 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions packages/toy-blog/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ strum = { version = "0.26.2", features = ["derive"] }
thiserror = "1.0.59"
tokio = { version = "1.37.0", features = ["time", "macros"] }
toy-blog-endpoint-model = { path = "../toy-blog-endpoint-model" }
futures-util = "0.3.23"

[features]

Expand Down
30 changes: 29 additions & 1 deletion packages/toy-blog/src/service/rest.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,11 @@ mod header;

use std::fs::File;
use std::io::stdin;
use std::net::{IpAddr, Ipv4Addr};
use std::path::Path;
use actix_web::{App, HttpServer};
use actix_web::{App, HttpResponseBuilder, HttpServer};
use actix_web::dev::{ServiceRequest, ServiceResponse};
use actix_web::http::StatusCode;
use actix_web::middleware::Logger;
use anyhow::Context;
use log::info;
Expand All @@ -21,6 +24,8 @@ use crate::service::rest::auth::WRITE_TOKEN;
use crate::service::rest::repository::GLOBAL_FILE;
use actix_web::web::scope as prefixed_service;
use actix_web_httpauth::extractors::bearer::Config as BearerAuthConfig;
use futures_util::future::LocalBoxFuture;
use futures_util::FutureExt;

mod inner_no_leak {
use std::error::Error;
Expand Down Expand Up @@ -110,6 +115,29 @@ pub async fn boot_http_server(port: u16, host: &str, proxied_by_cloudflare: bool
.realm("Perform write operation")
.scope("article:write"),
)
.wrap_fn(move |req, srv| {
let cloudflare_support = proxied_by_cloudflare;

const HATENA_BOOKMARK_CRAWLER: Ipv4Addr = Ipv4Addr::new(133, 242, 243, 6);
let extract_real_ip = |req: &ServiceRequest, cloudflare_support: bool| {
if cloudflare_support {
req.headers().get("CF-Connecting-IP")?.to_str().ok()?.parse::<IpAddr>().ok()
} else {
req.peer_addr().map(|x| x.ip())
}
};

if extract_real_ip(&req, cloudflare_support).is_some_and(|x| x == HATENA_BOOKMARK_CRAWLER) {
Box::pin(async {
Ok(ServiceResponse::new(req.into_parts().0, HttpResponseBuilder::new(StatusCode::FORBIDDEN).body("Forbidden")))
}) as LocalBoxFuture<Result<ServiceResponse, actix_web::Error>>
} else {
use actix_web::dev::Service;

Box::pin(srv.call(req).map(|x| x.map(|y| y.map_into_boxed_body())))
as LocalBoxFuture<Result<ServiceResponse, actix_web::Error>>
}
})
.wrap(Logger::new(logger_format))
.wrap(crate::service::rest::cors::middleware_factory())
};
Expand Down

0 comments on commit b4b5625

Please sign in to comment.