1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
package backend
import (
"context"
"math"
"net/http"
"strconv"
"sync"
"time"
"git.anhgelus.world/anhgelus/small-web/backend/log"
"git.anhgelus.world/anhgelus/small-web/backend/storage"
"github.com/go-chi/chi/v5"
)
type adminData struct {
*data
Visits []storage.StatsRow
Rows []storage.StatsRow
PagesNumber int
CurrentPage int
}
type to struct {
n int
since time.Time
}
type tos struct {
mu sync.Mutex
tos map[string]*to
}
var timeouts = tos{tos: make(map[string]*to)}
func rateLimitDuration(n int) time.Duration {
return time.Duration(math.Pow10(n/4)) * time.Second
}
func isRateLimited(ctx context.Context) bool {
ip := ctx.Value(storage.IPAddressKey).(string)
timeouts.mu.Lock()
defer timeouts.mu.Unlock()
v, ok := timeouts.tos[ip]
if !ok {
return false
}
return time.Since(v.since) <= rateLimitDuration(v.n)
}
func rateLimit(ctx context.Context) bool {
ip := ctx.Value(storage.IPAddressKey).(string)
timeouts.mu.Lock()
defer timeouts.mu.Unlock()
v, ok := timeouts.tos[ip]
if !ok {
timeouts.tos[ip] = &to{n: 1}
return false
}
if time.Since(v.since) <= rateLimitDuration(v.n) {
return true
}
v.n++
if v.n%4 != 0 {
return false
}
v.since = time.Now()
log.GetLogger(ctx).Warn("rate limiting IP", "ip", ip, "duration", rateLimitDuration(v.n).String())
go func(v *to, ip string) {
time.Sleep(3 * time.Hour)
v.n = max(v.n-4, 0)
if v.n == 0 {
timeouts.mu.Lock()
defer timeouts.mu.Unlock()
delete(timeouts.tos, ip)
}
}(v, ip)
return true
}
func resetRateLimit(ctx context.Context) {
ip := ctx.Value(storage.IPAddressKey).(string)
timeouts.mu.Lock()
defer timeouts.mu.Unlock()
delete(timeouts.tos, ip)
}
func HandleAdmin(r *chi.Mux) {
r.Get("/admin", func(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
if !ctx.Value(loginKey).(bool) {
w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
http.Error(w, "Unauthorized", http.StatusUnauthorized)
return
}
d := new(adminData)
d.data = new(data)
rawPage := r.URL.Query().Get("page")
page := 1
var err error
if rawPage != "" {
page, err = strconv.Atoi(rawPage)
if err != nil || page < 1 {
log.GetLogger(ctx).Warn("invalid page number", "requested", rawPage)
http.Error(w, "Bad request", http.StatusBadRequest)
return
}
}
d.Rows, err = storage.GetStatsRows(ctx, uint(page))
if err != nil {
panic(err)
}
d.Visits, err = storage.GetUnionStatsRows(ctx)
if err != nil {
panic(err)
}
d.PagesNumber = page + max(len(d.Rows)-storage.StatsPerPage+1, 0)
d.CurrentPage = page
d.handleGeneric(w, r, "admin", d)
})
}
|
