Various updates

* Directives are available in all locations
* Enables writing to Repsheet
* Fixes broken test

Author: abedra

README.md

@@ -13,6 +13,7 @@
   * [bot_verifier_redis_connection_timeout](#bot_verifier_redis_connection_timeout)
   * [bot_verifier_redis_read_timeout](#bot_verifier_redis_read_timeout)
   * [bot_verifier_redis_expiry](#bot_verifier_redis_expiry)
+  * [bot_verifier_repsheet_enabled](#bot_verifier_repsheet_enabled)
 * [Installation](#installation)
 * [Verifying Functionality](#verifying-functionality)
 * [Developer Setup](#developer-setup)
@@ -40,6 +41,7 @@ location / {
     bot_verifier_redis_connection_timeout 10;
     bot_verifier_redis_read_timeout 10;
     bot_verifier_redis_expiry 3600;
+	bot_verifier_repsheet_enabled on;
 }
 ```
 
@@ -148,6 +150,21 @@ Sets the timeout when querying Redis. This setting is used to connect to the Red
 
 [Back to TOC](#table-of-contents)
 
+bot_verifier_repsheet_enabled
+-------------------------
+
+**syntax:** *bot_verifier_repsheet_enabled* \[on|off\]
+
+**default:** *off*
+
+**context:** *location*
+
+**phase:** *access*
+
+Enables blacklisting of failed actors in Repsheet. Assumes Repsheet cache lives on already configured redis server.
+
+[Back to TOC](#table-of-contents)
+
 ## Installation
 
 You can add this module to the static build of NGINX or as a dynamic module. To add as a static module add the following line to the `configure` command when compiling NGINX.

nginx.conf

@@ -1,19 +1,20 @@
 events {
-  worker_connections  1024;
+    worker_connections  1024;
 }
 
 http {
-  server {
-    listen 8888;
+    server {
+        bot_verifier_redis_host localhost;
+        bot_verifier_redis_port 6379;
+        bot_verifier_redis_connection_timeout 10;
+        bot_verifier_redis_read_timeout 10;
+        bot_verifier_redis_expiry 3600;
+        bot_verifier_enable_repsheet on;
 
-    location / {
-      bot_verifier on;
-      bot_verifier_redis_host localhost;
-      bot_verifier_redis_port 6379;
-      bot_verifier_redis_connection_timeout 10;
-      bot_verifier_redis_read_timeout 10;
-      bot_verifier_redis_expiry 3600;
+        listen 8888;
+
+        location / {
+            bot_verifier on;
+        }
     }
-  }
 }
-

ngx_http_bot_verifier_cache.c

@@ -93,14 +93,17 @@ lookup_verification_status(redisContext *context, char *address)
 }
 
 ngx_int_t
-persist_verification_status(redisContext *context, char *address, ngx_int_t status, ngx_int_t expiry)
+persist_verification_status(ngx_http_bot_verifier_module_loc_conf_t *loc_conf, char *address, ngx_int_t status)
 {
   redisReply *reply = NULL;
 
   if (status == NGX_OK) {
-    reply = redisCommand(context, "SETEX %s:bvs %d %s", address, expiry, "success");
+    reply = redisCommand(loc_conf->redis.connection, "SETEX %s:bvs %d %s", address, loc_conf->redis.expiry, "success");
   } else if (status == NGX_DECLINED) {
-    reply = redisCommand(context, "SETEX %s:bvs %d %s", address, expiry, "failure");
+    reply = redisCommand(loc_conf->redis.connection, "SETEX %s:bvs %d %s", address, loc_conf->redis.expiry, "failure");
+    if (loc_conf->repsheet_enabled) {
+      reply = redisCommand(loc_conf->redis.connection, "REPSHEET.BLACKLIST %s %d %s", address, loc_conf->redis.expiry, "http.bot.provider_validation");
+    }
   }
 
   if (reply) {

ngx_http_bot_verifier_cache.h

@@ -5,6 +5,6 @@ ngx_int_t check_connection(redisContext *context);
 void cleanup_connection(ngx_http_bot_verifier_module_loc_conf_t *loc_conf);
 ngx_int_t reset_connection(ngx_http_bot_verifier_module_loc_conf_t *loc_conf);
 ngx_int_t lookup_verification_status(redisContext *context, char *address);
-ngx_int_t persist_verification_status(redisContext *context, char *address, ngx_int_t status, ngx_int_t expiry);
+ngx_int_t persist_verification_status(ngx_http_bot_verifier_module_loc_conf_t *loc_conf, char *address, ngx_int_t status);
 
 #endif

ngx_http_bot_verifier_module.c

@@ -85,10 +85,10 @@ ngx_http_bot_verifier_module_handler(ngx_http_request_t *r)
     ret = ngx_http_bot_verifier_module_verify_bot(r, loc_conf, address);
     if (ret == NGX_OK) {
       ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "Verification successful, allowing request");
-      persist_verification_status(loc_conf->redis.connection, address, ret, loc_conf->redis.expiry);
+      persist_verification_status(loc_conf, address, ret);
     } else if (ret == NGX_DECLINED) {
       ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "Verification failed, blocking request");
-      persist_verification_status(loc_conf->redis.connection, address, ret, loc_conf->redis.expiry);
+      persist_verification_status(loc_conf, address, ret);
       return NGX_HTTP_FORBIDDEN;
     }
   }
@@ -118,47 +118,55 @@ static ngx_command_t
 ngx_http_bot_verifier_module_commands[] = {
   {
     ngx_string("bot_verifier"),
-    NGX_HTTP_MAIN_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+    NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
     ngx_conf_set_flag_slot,
     NGX_HTTP_LOC_CONF_OFFSET,
     offsetof(ngx_http_bot_verifier_module_loc_conf_t, enabled),
     NULL
   },
+  {
+    ngx_string("bot_verifier_enable_repsheet"),
+    NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+    ngx_conf_set_flag_slot,
+    NGX_HTTP_LOC_CONF_OFFSET,
+    offsetof(ngx_http_bot_verifier_module_loc_conf_t, repsheet_enabled),
+    NULL
+  },
   {
     ngx_string("bot_verifier_redis_host"),
-    NGX_HTTP_MAIN_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+    NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
     ngx_conf_set_str_slot,
     NGX_HTTP_LOC_CONF_OFFSET,
     offsetof(ngx_http_bot_verifier_module_loc_conf_t, redis.host),
     NULL
   },
   {
     ngx_string("bot_verifier_redis_port"),
-    NGX_HTTP_MAIN_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+    NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
     ngx_conf_set_num_slot,
     NGX_HTTP_LOC_CONF_OFFSET,
     offsetof(ngx_http_bot_verifier_module_loc_conf_t, redis.port),
     NULL
   },
   {
     ngx_string("bot_verifier_redis_connection_timeout"),
-    NGX_HTTP_MAIN_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+    NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
     ngx_conf_set_num_slot,
     NGX_HTTP_LOC_CONF_OFFSET,
     offsetof(ngx_http_bot_verifier_module_loc_conf_t, redis.connection_timeout),
     NULL
   },
   {
     ngx_string("bot_verifier_redis_read_timeout"),
-    NGX_HTTP_MAIN_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+    NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
     ngx_conf_set_num_slot,
     NGX_HTTP_LOC_CONF_OFFSET,
     offsetof(ngx_http_bot_verifier_module_loc_conf_t, redis.read_timeout),
     NULL
   },
   {
     ngx_string("bot_verifier_redis_expiry"),
-    NGX_HTTP_MAIN_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+    NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
     ngx_conf_set_num_slot,
     NGX_HTTP_LOC_CONF_OFFSET,
     offsetof(ngx_http_bot_verifier_module_loc_conf_t, redis.expiry),
@@ -178,6 +186,7 @@ ngx_http_bot_verifier_module_create_loc_conf(ngx_conf_t *cf)
   }
 
   conf->enabled = NGX_CONF_UNSET;
+  conf->repsheet_enabled = NGX_CONF_UNSET;
   conf->redis.port = NGX_CONF_UNSET_UINT;
   conf->redis.connection_timeout = NGX_CONF_UNSET_UINT;
   conf->redis.read_timeout = NGX_CONF_UNSET_UINT;
@@ -231,6 +240,7 @@ ngx_http_bot_verifier_module_merge_loc_conf(ngx_conf_t *cf, void *parent, void *
   ngx_http_bot_verifier_module_loc_conf_t *conf = (ngx_http_bot_verifier_module_loc_conf_t *) child;
 
   ngx_conf_merge_value(conf->enabled,                       prev->enabled,                  0);
+  ngx_conf_merge_value(conf->repsheet_enabled,              prev->repsheet_enabled,          0);
   ngx_conf_merge_uint_value(conf->redis.port,               prev->redis.port,               6379);
   ngx_conf_merge_uint_value(conf->redis.connection_timeout, prev->redis.connection_timeout, 10);
   ngx_conf_merge_uint_value(conf->redis.read_timeout,       prev->redis.read_timeout,       10);

ngx_http_bot_verifier_module.h

@@ -22,6 +22,7 @@ typedef struct {
 
 typedef struct {
   ngx_flag_t enabled;
+  ngx_flag_t repsheet_enabled;
   redis_t redis;
   size_t provider_len;
   provider_t **providers;

t/enabled.t

@@ -96,7 +96,7 @@ location = /t {
 "GET /t HTTP/1.1\r
 Host: 127.0.0.1\r
 Connection: close\r
-X-Forwarded-For: 65.52.104.9\r
+X-Forwarded-For: 157.55.39.5\r
 User-Agent: Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)\r
 \r
 "