Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat!: reject some crawler access #387

Merged
merged 2 commits into from
May 17, 2024
Merged

feat!: reject some crawler access #387

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b4b5625
feat!: reject some crawler access
KisaragiEffective May 17, 2024
dc68f9e
Merge branch 'develop' into deny-known-crawler
KisaragiEffective May 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions packages/toy-blog/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ strum = { version = "0.26.2", features = ["derive"] }
thiserror = "1.0.59"
tokio = { version = "1.37.0", features = ["time", "macros"] }
toy-blog-endpoint-model = { path = "../toy-blog-endpoint-model" }
futures-util = "0.3.23"

[features]

Expand Down
30 changes: 29 additions & 1 deletion packages/toy-blog/src/service/rest.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,11 @@ mod header;

use std::fs::File;
use std::io::stdin;
use std::net::{IpAddr, Ipv4Addr};
use std::path::Path;
use actix_web::{App, HttpServer};
use actix_web::{App, HttpResponseBuilder, HttpServer};
use actix_web::dev::{ServiceRequest, ServiceResponse};
use actix_web::http::StatusCode;
use actix_web::middleware::Logger;
use anyhow::Context;
use log::info;
Expand All @@ -21,6 +24,8 @@ use crate::service::rest::auth::WRITE_TOKEN;
use crate::service::rest::repository::GLOBAL_FILE;
use actix_web::web::scope as prefixed_service;
use actix_web_httpauth::extractors::bearer::Config as BearerAuthConfig;
use futures_util::future::LocalBoxFuture;
use futures_util::FutureExt;

mod inner_no_leak {
use std::error::Error;
Expand Down Expand Up @@ -110,6 +115,29 @@ pub async fn boot_http_server(port: u16, host: &str, proxied_by_cloudflare: bool
.realm("Perform write operation")
.scope("article:write"),
)
.wrap_fn(move |req, srv| {
let cloudflare_support = proxied_by_cloudflare;

const HATENA_BOOKMARK_CRAWLER: Ipv4Addr = Ipv4Addr::new(133, 242, 243, 6);
let extract_real_ip = |req: &ServiceRequest, cloudflare_support: bool| {
if cloudflare_support {
req.headers().get("CF-Connecting-IP")?.to_str().ok()?.parse::<IpAddr>().ok()
} else {
req.peer_addr().map(|x| x.ip())
}
};

if extract_real_ip(&req, cloudflare_support).is_some_and(|x| x == HATENA_BOOKMARK_CRAWLER) {
Box::pin(async {
Ok(ServiceResponse::new(req.into_parts().0, HttpResponseBuilder::new(StatusCode::FORBIDDEN).body("Forbidden")))
}) as LocalBoxFuture<Result<ServiceResponse, actix_web::Error>>
} else {
use actix_web::dev::Service;

Box::pin(srv.call(req).map(|x| x.map(|y| y.map_into_boxed_body())))
as LocalBoxFuture<Result<ServiceResponse, actix_web::Error>>
}
})
.wrap(Logger::new(logger_format))
.wrap(crate::service::rest::cors::middleware_factory())
};
Expand Down