From 6394b7e4ef742bf39a5acbacb19a84e3d29845aa Mon Sep 17 00:00:00 2001 From: Alfie Cleveland Date: Sun, 24 Sep 2017 14:39:13 +0100 Subject: [PATCH] Strip IP Intel entirely --- src/main/java/net/frozenorb/apiv3/APIv3.java | 2 - .../net/frozenorb/apiv3/domain/IpIntel.java | 160 ------------------ .../java/net/frozenorb/apiv3/domain/User.java | 50 +----- .../apiv3/web/route/GETDumpsType.java | 21 --- .../apiv3/web/route/ipIntel/GETIpInteld.java | 39 ----- .../route/servers/POSTServersHeartbeat.java | 17 +- 6 files changed, 13 insertions(+), 276 deletions(-) delete mode 100644 src/main/java/net/frozenorb/apiv3/domain/IpIntel.java delete mode 100644 src/main/java/net/frozenorb/apiv3/web/route/ipIntel/GETIpInteld.java diff --git a/src/main/java/net/frozenorb/apiv3/APIv3.java b/src/main/java/net/frozenorb/apiv3/APIv3.java index 612090f..44befd5 100644 --- a/src/main/java/net/frozenorb/apiv3/APIv3.java +++ b/src/main/java/net/frozenorb/apiv3/APIv3.java @@ -48,7 +48,6 @@ import net.frozenorb.apiv3.web.route.ipBans.DELETEIpBansId; import net.frozenorb.apiv3.web.route.ipBans.GETIpBans; import net.frozenorb.apiv3.web.route.ipBans.GETIpBansId; import net.frozenorb.apiv3.web.route.ipBans.POSTIpBans; -import net.frozenorb.apiv3.web.route.ipIntel.GETIpInteld; import net.frozenorb.apiv3.web.route.ipLog.GETIpLogId; import net.frozenorb.apiv3.web.route.lookup.POSTLookupByName; import net.frozenorb.apiv3.web.route.lookup.POSTLookupByUuid; @@ -190,7 +189,6 @@ public final class APIv3 { //httpPut(router, "/ipBans/:ipBanId", PUTIpBansId.class); httpDelete(router, "/ipBans/:ipBanId", DELETEIpBansId.class); - httpGet(router, "/ipIntel/:userIp", GETIpInteld.class); httpGet(router, "/ipLog/:id", GETIpLogId.class); diff --git a/src/main/java/net/frozenorb/apiv3/domain/IpIntel.java b/src/main/java/net/frozenorb/apiv3/domain/IpIntel.java deleted file mode 100644 index f80b512..0000000 --- a/src/main/java/net/frozenorb/apiv3/domain/IpIntel.java +++ /dev/null @@ -1,160 +0,0 @@ -package net.frozenorb.apiv3.domain; - -import java.time.Instant; -import java.util.ArrayList; -import java.util.Collection; -import java.util.LinkedList; -import java.util.List; -import java.util.Map; -import java.util.concurrent.ConcurrentHashMap; - -import org.bson.Document; - -import com.google.common.base.Charsets; -import com.google.common.hash.Hashing; -import com.mongodb.async.SingleResultCallback; -import com.mongodb.async.client.MongoCollection; -import com.mongodb.async.client.MongoDatabase; - -import fr.javatic.mongo.jacksonCodec.Entity; -import fr.javatic.mongo.jacksonCodec.objectId.Id; -import io.vertx.core.CompositeFuture; -import io.vertx.core.Future; -import lombok.AllArgsConstructor; -import lombok.Getter; -import lombok.Setter; -import net.frozenorb.apiv3.service.geoip.GeoIpInfo; -import net.frozenorb.apiv3.util.GeoJsonPoint; -import net.frozenorb.apiv3.util.SpringUtils; -import net.frozenorb.apiv3.util.SyncUtils; - -@Entity -@AllArgsConstructor -public final class IpIntel { - - private static final MongoCollection ipIntelCollection = SpringUtils.getBean(MongoDatabase.class).getCollection("ipIntel", IpIntel.class); - - @Getter @Setter @Id private String id; - @Getter private String hashedIp; - @Getter private Instant lastUpdatedAt; - @Getter private GeoIpInfo result; - @Getter private GeoJsonPoint location; - - public static void findAllNoSort(SingleResultCallback> callback) { - ipIntelCollection.find().into(new LinkedList<>(), SyncUtils.vertxWrap(callback)); - } - - public static void findAll(SingleResultCallback> callback) { - ipIntelCollection.find().sort(new Document("lastSeenAt", -1)).into(new LinkedList<>(), SyncUtils.vertxWrap(callback)); - } - - public static void findById(String id, SingleResultCallback callback) { - ipIntelCollection.find(new Document("_id", id)).first(SyncUtils.vertxWrap(callback)); - } - - public static void findByHashedIp(String hashedIp, SingleResultCallback callback) { - ipIntelCollection.find(new Document("hashedIp", hashedIp)).first(SyncUtils.vertxWrap(callback)); - } - - public static void findOrCreateById(String id, SingleResultCallback callback) { - findById(id, (existingIpIntel, error) -> { - if (error != null) { - callback.onResult(null, error); - } else if (existingIpIntel != null) { - callback.onResult(existingIpIntel, null); - } else { - /* - SpringUtils.getBean(GeoIpService.class).lookupInfo(id, (geoIpResult, error2) -> { - if (error2 != null) { - callback.onResult(null, error2); - } else if (geoIpResult != null) { - IpIntel newIpIntel = new IpIntel(id, geoIpResult); - - ipIntelCollection.insertOne(newIpIntel, SyncUtils.vertxWrap((ignored, error3) -> { - if (error3 != null) { - callback.onResult(null, error3); - } else { - callback.onResult(newIpIntel, null); - } - })); - } else { - // MaxMind failed to return result - callback.onResult(null, null); - } - });*/ - callback.onResult(null, null); - } - }); - } - - public static void findOrCreateByIdGrouped(Collection search, SingleResultCallback> callback) { - ipIntelCollection.find(new Document("_id", new Document("$in", search))).into(new LinkedList<>(), SyncUtils.vertxWrap((existingIntel, error) -> { - if (error != null) { - callback.onResult(null, error); - return; - } - - Map result = new ConcurrentHashMap<>(); - - for (IpIntel ipIntel : existingIntel) { - result.put(ipIntel.getId(), ipIntel); - } - - List createNewIntelFutures = new ArrayList<>(); - - search.forEach((ip) -> { - if (result.containsKey(ip)) { - return; - } - - Future createNewIntelFuture = Future.future(); - createNewIntelFutures.add(createNewIntelFuture); - - /* - SpringUtils.getBean(GeoIpService.class).lookupInfo(ip, (geoIpResult, error2) -> { - if (error2 != null) { - createNewIntelFuture.fail(error2); - return; - } - - // MaxMind failed to return result - if (geoIpResult == null) { - createNewIntelFuture.complete(); - return; - } - - IpIntel newIpIntel = new IpIntel(ip, geoIpResult); - - ipIntelCollection.insertOne(newIpIntel, SyncUtils.vertxWrap((ignored, error3) -> { - if (error3 != null) { - createNewIntelFuture.fail(error3); - } else { - result.put(ip, newIpIntel); - createNewIntelFuture.complete(); - } - })); - });*/ - createNewIntelFuture.complete(); - }); - - CompositeFuture.all(createNewIntelFutures).setHandler((creationStatus) -> { - if (creationStatus.failed()) { - callback.onResult(null, creationStatus.cause()); - } else { - callback.onResult(result, null); - } - }); - })); - } - - private IpIntel() {} // For Jackson - - private IpIntel(String ip, GeoIpInfo result) { - this.id = ip; - this.hashedIp = Hashing.sha256().hashString(id + SpringUtils.getProperty("ipHashing.salt"), Charsets.UTF_8).toString(); - this.lastUpdatedAt = Instant.now(); - this.result = result; - this.location = new GeoJsonPoint(result.getLocation()); - } - -} \ No newline at end of file diff --git a/src/main/java/net/frozenorb/apiv3/domain/User.java b/src/main/java/net/frozenorb/apiv3/domain/User.java index 201e07d..281d7cd 100644 --- a/src/main/java/net/frozenorb/apiv3/domain/User.java +++ b/src/main/java/net/frozenorb/apiv3/domain/User.java @@ -309,7 +309,6 @@ public final class User { public void getLoginInfo(Server server, String userIp, SingleResultCallback> callback) { Future> punishmentsFuture = Future.future(); - Future ipIntelFuture = Future.future(); Future> ipBansFuture = Future.future(); Future> grantsFuture = Future.future(); @@ -320,27 +319,24 @@ public final class User { ), new MongoToVertxCallback<>(punishmentsFuture)); if (userIp != null) { - IpIntel.findOrCreateById(userIp, new MongoToVertxCallback<>(ipIntelFuture)); IpBan.findByIp(userIp, new MongoToVertxCallback<>(ipBansFuture)); } else { - ipIntelFuture.complete(null); ipBansFuture.complete(ImmutableList.of()); } Grant.findByUser(this, new MongoToVertxCallback<>(grantsFuture)); - CompositeFuture.all(punishmentsFuture, ipIntelFuture, ipBansFuture, grantsFuture).setHandler((result) -> { + CompositeFuture.all(punishmentsFuture, ipBansFuture, grantsFuture).setHandler((result) -> { if (result.failed()) { callback.onResult(null, result.cause()); return; } Iterable punishments = result.result().result(0); - IpIntel ipIntel = result.result().result(1); - Iterable ipBans = result.result().result(2); - Iterable grants = result.result().result(3); + Iterable ipBans = result.result().result(1); + Iterable grants = result.result().result(2); - getLoginInfo(server, ipIntel, punishments, ipBans, grants, (loginInfo, error) -> { + getLoginInfo(server, punishments, ipBans, grants, (loginInfo, error) -> { if (error != null) { callback.onResult(null, error); } else { @@ -351,8 +347,8 @@ public final class User { } // This is only used to help batch requests to mongo - public void getLoginInfo(Server server, IpIntel ipIntel, Iterable punishments, Iterable ipBans, Iterable grants, SingleResultCallback> callback) { - getAccessInfo(ipIntel, punishments, ipBans, (accessInfo, error) -> { + public void getLoginInfo(Server server, Iterable punishments, Iterable ipBans, Iterable grants, SingleResultCallback> callback) { + getAccessInfo(punishments, ipBans, (accessInfo, error) -> { if (error != null) { callback.onResult(null, error); return; @@ -398,7 +394,7 @@ public final class User { }); } - private void getAccessInfo(IpIntel ipIntel, Iterable punishments, Iterable ipBans, SingleResultCallback> callback) { + private void getAccessInfo(Iterable punishments, Iterable ipBans, SingleResultCallback> callback) { Punishment activeBan = null; IpBan activeIpBan = null; @@ -432,38 +428,6 @@ public final class User { ), null); } }); - } else if (ipIntel != null) { - GeoIpInfo geoIpInfo = ipIntel.getResult(); - GeoIpUserType userType = geoIpInfo.getTraits().getUserType(); - Map proposedAccess = null; - - if (!userType.isAllowed()) { - proposedAccess = ImmutableMap.of( - "allowed", false, - "message", "You cannot join the " + SpringUtils.getProperty("network.name") + " from a VPN." - ); - } else if (BannedAsn.findById(geoIpInfo.getTraits().getAsn()) != null) { - proposedAccess = ImmutableMap.of( - "allowed", false, - "message", "You cannot join the " + SpringUtils.getProperty("network.name") + " from this ISP." - ); - } - - Map finalProposedAccess = proposedAccess; - - if (proposedAccess != null) { - hasPermissionAnywhere(Permissions.BYPASS_VPN_CHECK, (bypass, error) -> { - if (error != null) { - callback.onResult(null, error); - } else if (bypass) { - callback.onResult(null, null); - } else { - callback.onResult(finalProposedAccess, null); - } - }); - } else { - callback.onResult(null, null); - } } else { callback.onResult(null, null); } diff --git a/src/main/java/net/frozenorb/apiv3/web/route/GETDumpsType.java b/src/main/java/net/frozenorb/apiv3/web/route/GETDumpsType.java index 6baef16..3197d69 100644 --- a/src/main/java/net/frozenorb/apiv3/web/route/GETDumpsType.java +++ b/src/main/java/net/frozenorb/apiv3/web/route/GETDumpsType.java @@ -9,7 +9,6 @@ import net.frozenorb.apiv3.unsorted.actor.Actor; import net.frozenorb.apiv3.unsorted.actor.ActorType; import net.frozenorb.apiv3.domain.Grant; import net.frozenorb.apiv3.domain.IpBan; -import net.frozenorb.apiv3.domain.IpIntel; import net.frozenorb.apiv3.domain.Punishment; import net.frozenorb.apiv3.domain.Rank; import net.frozenorb.apiv3.domain.Server; @@ -147,26 +146,6 @@ public final class GETDumpsType implements Handler { this.ipBanCache = ipBanCache; }); - - IpIntel.findAllNoSort((ipIntel, error) -> { - if (error != null) { - error.printStackTrace(); - return; - } - - Map ipIntelCache = new HashMap<>(); - - for (IpIntel intel : ipIntel) { - GeoJsonPoint point = intel.getLocation(); - - if (point != null) { - String key = coordinateFormat.format(point.getLongitude()) + ":" + coordinateFormat.format(point.getLatitude()); - ipIntelCache.put(key, point); - } - } - - this.ipIntelCache = ipIntelCache; - }); } public void handle(RoutingContext ctx) { diff --git a/src/main/java/net/frozenorb/apiv3/web/route/ipIntel/GETIpInteld.java b/src/main/java/net/frozenorb/apiv3/web/route/ipIntel/GETIpInteld.java deleted file mode 100644 index 25b589d..0000000 --- a/src/main/java/net/frozenorb/apiv3/web/route/ipIntel/GETIpInteld.java +++ /dev/null @@ -1,39 +0,0 @@ -package net.frozenorb.apiv3.web.route.ipIntel; - -import net.frozenorb.apiv3.APIv3; -import net.frozenorb.apiv3.domain.IpIntel; -import net.frozenorb.apiv3.util.ErrorUtils; -import net.frozenorb.apiv3.util.IpUtils; - -import org.springframework.stereotype.Component; - -import io.vertx.core.Handler; -import io.vertx.ext.web.RoutingContext; - -@Component -public final class GETIpInteld implements Handler { - - public void handle(RoutingContext ctx) { - String userIp = ctx.request().getParam("userIp"); - - if (IpUtils.isValidIp(userIp)) { - IpIntel.findOrCreateById(userIp, (ipIntel, error) -> { - if (error != null) { - ErrorUtils.respondInternalError(ctx, error); - } else { - APIv3.respondJson(ctx, 200, ipIntel); - } - }); - } else { - IpIntel.findByHashedIp(userIp, (ipIntel, error) -> { - if (error != null) { - ErrorUtils.respondInternalError(ctx, error); - } else { - ipIntel.setId(null); // hide actual ip field if we found the entry via hash - APIv3.respondJson(ctx, 200, ipIntel); - } - }); - } - } - -} \ No newline at end of file diff --git a/src/main/java/net/frozenorb/apiv3/web/route/servers/POSTServersHeartbeat.java b/src/main/java/net/frozenorb/apiv3/web/route/servers/POSTServersHeartbeat.java index 6fc0362..da01e65 100644 --- a/src/main/java/net/frozenorb/apiv3/web/route/servers/POSTServersHeartbeat.java +++ b/src/main/java/net/frozenorb/apiv3/web/route/servers/POSTServersHeartbeat.java @@ -7,7 +7,6 @@ import net.frozenorb.apiv3.APIv3; import net.frozenorb.apiv3.unsorted.actor.Actor; import net.frozenorb.apiv3.unsorted.actor.ActorType; import net.frozenorb.apiv3.domain.Grant; -import net.frozenorb.apiv3.domain.IpIntel; import net.frozenorb.apiv3.domain.Punishment; import net.frozenorb.apiv3.domain.Rank; import net.frozenorb.apiv3.domain.Server; @@ -92,18 +91,15 @@ public final class POSTServersHeartbeat implements Handler { Future> callback = Future.future(); Future> userLookupCallback = Future.future(); - Future> ipIntelCallback = Future.future(); Future>> grantLookupCallback = Future.future(); Future>> punishmentLookupCallback = Future.future(); User.findOrCreateByIdGrouped(playerNames, new MongoToVertxCallback<>(userLookupCallback)); - IpIntel.findOrCreateByIdGrouped(playerIps.values(), new MongoToVertxCallback<>(ipIntelCallback)); Grant.findByUserGrouped(playerNames.keySet(), new MongoToVertxCallback<>(grantLookupCallback)); Punishment.findByUserGrouped(playerNames.keySet(), new MongoToVertxCallback<>(punishmentLookupCallback)); CompositeFuture.all( userLookupCallback, - ipIntelCallback, grantLookupCallback, punishmentLookupCallback ).setHandler((batchLookupInfo) -> { @@ -113,14 +109,13 @@ public final class POSTServersHeartbeat implements Handler { } Map users = batchLookupInfo.result().result(0); - Map ipIntel = batchLookupInfo.result().result(1); - Map> grants = batchLookupInfo.result().result(2); - Map> punishments = batchLookupInfo.result().result(3); + Map> grants = batchLookupInfo.result().result(1); + Map> punishments = batchLookupInfo.result().result(2); Map loginInfoFutures = new HashMap<>(); users.forEach((uuid, user) -> { Future> loginInfoFuture = Future.future(); - createLoginInfo(user, server, ipIntel.get(playerIps.get(uuid)), grants.get(uuid), punishments.get(uuid), loginInfoFuture); + createLoginInfo(user, server, grants.get(uuid), punishments.get(uuid), loginInfoFuture); loginInfoFutures.put(uuid, loginInfoFuture); }); @@ -242,7 +237,7 @@ public final class POSTServersHeartbeat implements Handler { return result; } - private void createLoginInfo(User user, Server server, IpIntel ipIntel, List grants, List punishments, Future> callback) { + private void createLoginInfo(User user, Server server, List grants, List punishments, Future> callback) { if (user.seenOnServer(server)) { user.save((ignored, error) -> { if (error != null) { @@ -250,10 +245,10 @@ public final class POSTServersHeartbeat implements Handler { return; } - user.getLoginInfo(server, ipIntel, punishments, ImmutableList.of(), grants, new MongoToVertxCallback<>(callback)); + user.getLoginInfo(server, punishments, ImmutableList.of(), grants, new MongoToVertxCallback<>(callback)); }); } else { - user.getLoginInfo(server, ipIntel, punishments, ImmutableList.of(), grants, new MongoToVertxCallback<>(callback)); + user.getLoginInfo(server, punishments, ImmutableList.of(), grants, new MongoToVertxCallback<>(callback)); } }