2 * Copyright (C) 2001, 2002 The Mir-coders group
\r
4 * This file is part of Mir.
\r
6 * Mir is free software; you can redistribute it and/or modify
\r
7 * it under the terms of the GNU General Public License as published by
\r
8 * the Free Software Foundation; either version 2 of the License, or
\r
9 * (at your option) any later version.
\r
11 * Mir is distributed in the hope that it will be useful,
\r
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
\r
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
\r
14 * GNU General Public License for more details.
\r
16 * You should have received a copy of the GNU General Public License
\r
17 * along with Mir; if not, write to the Free Software
\r
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
\r
20 * In addition, as a special exception, The Mir-coders gives permission to link
\r
21 * the code of this program with any library licensed under the Apache Software License,
\r
22 * The Sun (tm) Java Advanced Imaging library (JAI), The Sun JIMI library
\r
23 * (or with modified versions of the above that use the same license as the above),
\r
24 * and distribute linked combinations including the two. You must obey the
\r
25 * GNU General Public License in all respects for all of the code used other than
\r
26 * the above mentioned libraries. If you modify this file, you may extend this
\r
27 * exception to your version of the file, but you are not obligated to do so.
\r
28 * If you do not wish to do so, delete this exception statement from your version.
\r
31 package mircoders.global;
\r
33 import java.io.File;
\r
34 import java.io.FileNotFoundException;
\r
35 import java.io.FileOutputStream;
\r
36 import java.util.Arrays;
\r
37 import java.util.Date;
\r
38 import java.util.GregorianCalendar;
\r
39 import java.util.HashMap;
\r
40 import java.util.Iterator;
\r
41 import java.util.List;
\r
42 import java.util.Map;
\r
43 import java.util.Random;
\r
44 import java.util.Vector;
\r
45 import javax.servlet.http.Cookie;
\r
46 import javax.servlet.http.HttpServletResponse;
\r
48 import org.apache.commons.collections.ExtendedProperties;
\r
49 import mir.config.MirPropertiesConfiguration;
\r
50 import mir.entity.Entity;
\r
51 import mir.log.LoggerWrapper;
\r
52 import mir.session.Request;
\r
53 import mir.util.GeneratorFormatAdapters;
\r
54 import mir.util.StringRoutines;
\r
55 import mircoders.entity.EntityComment;
\r
56 import mircoders.entity.EntityContent;
\r
57 import mircoders.entity.EntityUsers;
\r
58 import mircoders.localizer.MirAdminInterfaceLocalizer;
\r
59 import mircoders.localizer.MirAntiAbuseFilterType;
\r
62 public class Abuse {
\r
63 private List filterRules;
\r
64 private Map filterTypes;
\r
65 private List filterTypeIds;
\r
66 private int maxIdentifier;
\r
67 private LoggerWrapper logger;
\r
68 private LoggerWrapper adminUsageLogger;
\r
69 private int logSize;
\r
70 private boolean logEnabled;
\r
71 private boolean openPostingDisabled;
\r
72 private boolean openPostingPassword;
\r
73 private boolean cookieOnBlock;
\r
74 private String articleBlockAction;
\r
75 private String commentBlockAction;
\r
77 private String configFile = MirGlobal.config().getStringWithHome("Abuse.Config");
\r
79 private MirPropertiesConfiguration configuration;
\r
81 private static String cookieName=MirGlobal.config().getString("Abuse.CookieName");
\r
82 private static int cookieMaxAge = 60*60*MirGlobal.config().getInt("Abuse.CookieMaxAge");
\r
85 logger = new LoggerWrapper("Global.Abuse");
\r
86 adminUsageLogger = new LoggerWrapper("AdminUsage");
\r
87 filterRules = new Vector();
\r
92 configuration = MirPropertiesConfiguration.instance();
\r
94 catch (Throwable e) {
\r
95 throw new RuntimeException("Can't get configuration: " + e.getMessage());
\r
100 articleBlockAction = "";
\r
101 commentBlockAction = "";
\r
102 openPostingPassword = false;
\r
103 openPostingDisabled = false;
\r
104 cookieOnBlock = false;
\r
107 filterTypes = new HashMap();
\r
108 filterTypeIds = new Vector();
\r
110 Iterator i = MirGlobal.localizer().openPostings().getAntiAbuseFilterTypes().iterator();
\r
112 while (i.hasNext()) {
\r
113 MirAntiAbuseFilterType filterType = (MirAntiAbuseFilterType) i.next();
\r
114 filterTypes.put(filterType.getName(), filterType);
\r
115 filterTypeIds.add(filterType.getName());
\r
118 catch (Throwable t) {
\r
119 throw new RuntimeException("Can't get filter types: " + t.getMessage());
\r
125 private void setCookie(HttpServletResponse aResponse) {
\r
126 Random random = new Random();
\r
128 Cookie cookie = new Cookie(cookieName, Integer.toString(random.nextInt(1000000000)));
\r
129 cookie.setMaxAge(cookieMaxAge);
\r
130 cookie.setPath("/");
\r
132 if (aResponse!=null)
\r
133 aResponse.addCookie(cookie);
\r
136 private boolean checkCookie(List aCookies) {
\r
137 if (getCookieOnBlock()) {
\r
138 Iterator i = aCookies.iterator();
\r
140 while (i.hasNext()) {
\r
141 Cookie cookie = (Cookie) i.next();
\r
143 if (cookie.getName().equals(cookieName)) {
\r
144 logger.debug("cookie match");
\r
153 FilterRule findMatchingFilter(Entity anEntity, Request aRequest) {
\r
154 Iterator iterator = filterRules.iterator();
\r
156 while (iterator.hasNext()) {
\r
157 FilterRule rule = (FilterRule) iterator.next();
\r
159 if (rule.test(anEntity, aRequest))
\r
166 public void checkComment(EntityComment aComment, Request aRequest, HttpServletResponse aResponse) {
\r
167 logComment(aComment, aRequest);
\r
170 long time = System.currentTimeMillis();
\r
172 FilterRule filterRule = findMatchingFilter(aComment, aRequest);
\r
174 if (filterRule!=null) {
\r
175 logger.debug("Match for " + filterRule.getType()+" rule '"+ filterRule.getExpression()+"'");
\r
176 filterRule.setLastHit(new GregorianCalendar().getTime());
\r
177 MirGlobal.performCommentOperation(null, aComment, filterRule.getCommentAction());
\r
178 setCookie(aResponse);
\r
182 logger.info("checkComment: " + (System.currentTimeMillis()-time) + "ms");
\r
184 catch (Throwable t) {
\r
185 t.printStackTrace(logger.asPrintWriter(logger.DEBUG_MESSAGE));
\r
186 logger.error("Abuse.checkComment: " + t.toString());
\r
190 public void checkArticle(EntityContent anArticle, Request aRequest, HttpServletResponse aResponse) {
\r
191 logArticle(anArticle, aRequest);
\r
194 long time = System.currentTimeMillis();
\r
196 FilterRule filterRule = findMatchingFilter(anArticle, aRequest);
\r
198 if (filterRule!=null) {
\r
199 logger.debug("Match for " + filterRule.getType() + " rule '" + filterRule.getExpression()+"'");
\r
200 filterRule.setLastHit(new GregorianCalendar().getTime());
\r
201 MirGlobal.performArticleOperation(null, anArticle, filterRule.getArticleAction());
\r
202 setCookie(aResponse);
\r
206 logger.info("checkArticle: " + (System.currentTimeMillis()-time) + "ms");
\r
208 catch (Throwable t) {
\r
209 t.printStackTrace(logger.asPrintWriter(logger.DEBUG_MESSAGE));
\r
210 logger.error("Abuse.checkArticle: " + t.toString());
\r
214 public boolean getLogEnabled() {
\r
218 public void setLogEnabled(boolean anEnabled) {
\r
219 if (!configuration.getString("Abuse.DisallowIPLogging", "0").equals("1"))
\r
220 logEnabled = anEnabled;
\r
224 public int getLogSize() {
\r
228 public void setLogSize(int aSize) {
\r
233 public boolean getOpenPostingDisabled() {
\r
234 return openPostingDisabled;
\r
237 public void setOpenPostingDisabled(boolean anOpenPostingDisabled) {
\r
238 openPostingDisabled = anOpenPostingDisabled;
\r
241 public boolean getOpenPostingPassword() {
\r
242 return openPostingPassword;
\r
245 public void setOpenPostingPassword(boolean anOpenPostingPassword) {
\r
246 openPostingPassword = anOpenPostingPassword;
\r
249 public boolean getCookieOnBlock() {
\r
250 return cookieOnBlock;
\r
253 public void setCookieOnBlock(boolean aCookieOnBlock) {
\r
254 cookieOnBlock = aCookieOnBlock;
\r
257 public String getArticleBlockAction() {
\r
258 return articleBlockAction;
\r
261 public void setArticleBlockAction(String anAction) {
\r
262 articleBlockAction = anAction;
\r
265 public String getCommentBlockAction() {
\r
266 return commentBlockAction;
\r
269 public void setCommentBlockAction(String anAction) {
\r
270 commentBlockAction = anAction;
\r
273 public List getLog() {
\r
274 synchronized(log) {
\r
276 List result = new Vector();
\r
278 Iterator i = log.iterator();
\r
279 while (i.hasNext()) {
\r
280 LogEntry logEntry = (LogEntry) i.next();
\r
281 Map entry = new HashMap();
\r
283 entry.put("ip", logEntry.getIpNumber());
\r
284 entry.put("id", logEntry.getId());
\r
285 entry.put("timestamp", new GeneratorFormatAdapters.DateFormatAdapter(logEntry.getTimeStamp(), MirPropertiesConfiguration.instance().getString("Mir.DefaultTimezone")));
\r
286 if (logEntry.getIsArticle())
\r
287 entry.put("type", "content");
\r
289 entry.put("type", "comment");
\r
290 entry.put("browser", logEntry.getBrowserString());
\r
297 catch (Throwable t) {
\r
298 throw new RuntimeException(t.toString());
\r
303 public void logComment(Entity aComment, Request aRequest) {
\r
304 String ipAddress = aRequest.getHeader("ip");
\r
305 String id = aComment.getId();
\r
306 String browser = aRequest.getHeader("User-Agent");
\r
308 logComment(ipAddress, id, new Date(), browser);
\r
311 public void logArticle(Entity anArticle, Request aRequest) {
\r
312 String ipAddress = aRequest.getHeader("ip");
\r
313 String id = anArticle.getId();
\r
314 String browser = aRequest.getHeader("User-Agent");
\r
316 logArticle(ipAddress, id, new Date(), browser);
\r
319 public void logComment(String anIp, String anId, Date aTimeStamp, String aBrowser) {
\r
320 appendLog(new LogEntry(aTimeStamp, anIp, aBrowser, anId, false));
\r
323 public void logArticle(String anIp, String anId, Date aTimeStamp, String aBrowser) {
\r
324 appendLog(new LogEntry(aTimeStamp, anIp, aBrowser, anId, true));
\r
327 public void load() {
\r
328 synchronized (filterRules) {
\r
330 ExtendedProperties configuration = new ExtendedProperties();
\r
333 configuration = new ExtendedProperties(configFile);
\r
335 catch (FileNotFoundException e) {
\r
338 getFilterConfig(filterRules, "abuse.filter", configuration);
\r
340 setOpenPostingDisabled(configuration.getString("abuse.openPostingDisabled", "0").equals("1"));
\r
341 setOpenPostingPassword(configuration.getString("abuse.openPostingPassword", "0").equals("1"));
\r
342 setCookieOnBlock(configuration.getString("abuse.cookieOnBlock", "0").equals("1"));
\r
343 setLogEnabled(configuration.getString("abuse.logEnabled", "0").equals("1"));
\r
344 setLogSize(configuration.getInt("abuse.logSize", 10));
\r
345 setArticleBlockAction(configuration.getString("abuse.articleBlockAction", ""));
\r
346 setCommentBlockAction(configuration.getString("abuse.commentBlockAction", ""));
\r
348 catch (Throwable t) {
\r
349 throw new RuntimeException(t.toString());
\r
354 public void save() {
\r
355 synchronized (filterRules) {
\r
357 ExtendedProperties configuration = new ExtendedProperties();
\r
359 setFilterConfig(filterRules, "abuse.filter", configuration);
\r
361 configuration.addProperty("abuse.openPostingDisabled", getOpenPostingDisabled() ? "1" : "0");
\r
362 configuration.addProperty("abuse.openPostingPassword", getOpenPostingPassword() ? "1" : "0");
\r
363 configuration.addProperty("abuse.cookieOnBlock", getCookieOnBlock() ? "1" : "0");
\r
364 configuration.addProperty("abuse.logEnabled", getLogEnabled() ? "1" : "0");
\r
365 configuration.addProperty("abuse.logSize", Integer.toString(getLogSize()));
\r
366 configuration.addProperty("abuse.articleBlockAction", getArticleBlockAction());
\r
367 configuration.addProperty("abuse.commentBlockAction", getCommentBlockAction());
\r
369 configuration.save(new FileOutputStream(new File(configFile)), "Anti abuse configuration");
\r
371 catch (Throwable t) {
\r
372 throw new RuntimeException(t.toString());
\r
377 public List getFilterTypes() {
\r
379 List result = new Vector();
\r
381 Iterator i = filterTypeIds.iterator();
\r
382 while (i.hasNext()) {
\r
383 String id = (String) i.next();
\r
385 Map action = new HashMap();
\r
386 action.put("resource", id);
\r
387 action.put("identifier", id);
\r
389 result.add(action);
\r
394 catch (Throwable t) {
\r
395 throw new RuntimeException("can't get article actions");
\r
399 public List getArticleActions() {
\r
401 List result = new Vector();
\r
403 Iterator i = MirGlobal.localizer().adminInterface().simpleArticleOperations().iterator();
\r
404 while (i.hasNext()) {
\r
405 MirAdminInterfaceLocalizer.MirSimpleEntityOperation operation =
\r
406 (MirAdminInterfaceLocalizer.MirSimpleEntityOperation) i.next();
\r
408 Map action = new HashMap();
\r
409 action.put("resource", operation.getName());
\r
410 action.put("identifier", operation.getName());
\r
412 result.add(action);
\r
417 catch (Throwable t) {
\r
418 throw new RuntimeException("can't get article actions");
\r
422 public List getCommentActions() {
\r
424 List result = new Vector();
\r
426 Iterator i = MirGlobal.localizer().adminInterface().simpleCommentOperations().iterator();
\r
427 while (i.hasNext()) {
\r
428 MirAdminInterfaceLocalizer.MirSimpleEntityOperation operation =
\r
429 (MirAdminInterfaceLocalizer.MirSimpleEntityOperation) i.next();
\r
431 Map action = new HashMap();
\r
432 action.put("resource", operation.getName());
\r
433 action.put("identifier", operation.getName());
\r
435 result.add(action);
\r
440 catch (Throwable t) {
\r
441 throw new RuntimeException("can't get comment actions");
\r
445 public List getFilters() {
\r
446 List result = new Vector();
\r
448 synchronized(filterRules) {
\r
449 Iterator i = filterRules.iterator();
\r
450 while (i.hasNext()) {
\r
451 FilterRule filter = (FilterRule) i.next();
\r
452 result.add(filter.clone());
\r
458 public String addFilter(String aType, String anExpression, String aComments, String aCommentAction, String anArticleAction) {
\r
459 return addFilter(aType, anExpression, aComments, aCommentAction, anArticleAction, null);
\r
462 public String addFilter(String aType, String anExpression, String aComments, String aCommentAction, String anArticleAction, Date aListHit) {
\r
463 return addFilter(filterRules, aType, anExpression, aComments, aCommentAction, anArticleAction, aListHit);
\r
466 public FilterRule getFilter(String anId) {
\r
467 synchronized (filterRules) {
\r
468 FilterRule result = (FilterRule) findFilter(filterRules, anId);
\r
472 return (FilterRule) result.clone();
\r
476 public String setFilter(String anIdentifier, String aType, String anExpression, String aComments, String aCommentAction, String anArticleAction) {
\r
477 return setFilter(filterRules, anIdentifier, aType, anExpression, aComments, aCommentAction, anArticleAction);
\r
480 public void deleteFilter(String anIdentifier) {
\r
481 deleteFilter(filterRules, anIdentifier);
\r
484 private String addFilter(List aFilters, String aType, String anExpression, String aComments, String aCommentAction, String anArticleAction, Date aLastHit) {
\r
485 MirAntiAbuseFilterType type = (MirAntiAbuseFilterType) filterTypes.get(aType);
\r
488 return "invalidtype";
\r
490 if (!type.validate(anExpression)) {
\r
491 return "invalidexpression";
\r
494 FilterRule filter = new FilterRule();
\r
496 filter.setId(generateId());
\r
497 filter.setExpression(anExpression);
\r
498 filter.setType(aType);
\r
499 filter.setComments(aComments);
\r
500 filter.setArticleAction(anArticleAction);
\r
501 filter.setCommentAction(aCommentAction);
\r
502 filter.setLastHit(aLastHit);
\r
504 synchronized (aFilters) {
\r
505 aFilters.add(filter);
\r
511 private String setFilter(List aFilters, String anIdentifier, String aType, String anExpression, String aComments, String aCommentAction, String anArticleAction) {
\r
512 MirAntiAbuseFilterType type = (MirAntiAbuseFilterType) filterTypes.get(aType);
\r
515 return "invalidtype";
\r
517 if (!type.validate(anExpression)) {
\r
518 return "invalidexpression";
\r
521 synchronized (aFilters) {
\r
522 FilterRule filter = findFilter(aFilters, anIdentifier);
\r
524 if (filter!=null) {
\r
525 filter.setExpression(anExpression);
\r
526 filter.setType(aType);
\r
527 filter.setCommentAction(aCommentAction);
\r
528 filter.setArticleAction(anArticleAction);
\r
529 filter.setComments(aComments);
\r
536 private FilterRule findFilter(List aFilters, String anIdentifier) {
\r
537 synchronized (aFilters) {
\r
538 Iterator i = aFilters.iterator();
\r
539 while (i.hasNext()) {
\r
540 FilterRule filter = (FilterRule) i.next();
\r
542 if (filter.getId().equals(anIdentifier)) {
\r
551 private void deleteFilter(List aFilters, String anIdentifier) {
\r
552 synchronized (aFilters) {
\r
553 FilterRule filter = findFilter(aFilters, anIdentifier);
\r
555 if (filter!=null) {
\r
556 aFilters.remove(filter);
\r
561 private String generateId() {
\r
562 synchronized(this) {
\r
563 maxIdentifier = maxIdentifier+1;
\r
565 return Integer.toString(maxIdentifier);
\r
569 public class FilterRule {
\r
570 private String identifier;
\r
571 private String expression;
\r
572 private String type;
\r
573 private String comments;
\r
574 private String articleAction;
\r
575 private String commentAction;
\r
576 private Date lastHit;
\r
578 public FilterRule() {
\r
583 articleAction = articleBlockAction;
\r
584 commentAction = commentBlockAction;
\r
588 public Date getLastHit() {
\r
592 public void setLastHit(Date aDate) {
\r
596 public String getId() {
\r
600 public void setId(String anId) {
\r
604 public String getExpression() {
\r
608 public void setExpression(String anExpression) {
\r
609 expression = anExpression;
\r
612 public String getType() {
\r
616 public void setType(String aType) {
\r
620 public void setComments(String aComments) {
\r
621 comments = aComments;
\r
624 public String getComments() {
\r
628 public String getArticleAction() {
\r
629 return articleAction;
\r
632 public void setArticleAction(String anArticleAction) {
\r
633 articleAction = anArticleAction;
\r
636 public String getCommentAction() {
\r
637 return commentAction;
\r
640 public void setCommentAction(String aCommentAction) {
\r
641 commentAction = aCommentAction;
\r
644 public boolean test(Entity anEntity, Request aRequest) {
\r
645 MirAntiAbuseFilterType filterType = (MirAntiAbuseFilterType) filterTypes.get(type);
\r
647 if (filterType != null)
\r
648 return filterType.test(expression, anEntity, aRequest);
\r
650 catch (Throwable t) {
\r
651 logger.error("error while testing "+type+"-filter '"+expression+"'");
\r
657 public Object clone() {
\r
658 FilterRule result = new FilterRule();
\r
659 result.setComments(getComments());
\r
660 result.setExpression(getExpression());
\r
661 result.setId(getId());
\r
662 result.setType(getType());
\r
663 result.setArticleAction(getArticleAction());
\r
664 result.setCommentAction(getCommentAction());
\r
665 result.setLastHit(getLastHit());
\r
671 private void setFilterConfig(List aFilters, String aConfigKey, ExtendedProperties aConfiguration) {
\r
672 synchronized(aFilters) {
\r
673 Iterator i = aFilters.iterator();
\r
675 while (i.hasNext()) {
\r
676 FilterRule filter = (FilterRule) i.next();
\r
678 String filterconfig =
\r
679 StringRoutines.replaceStringCharacters(filter.getType(), new char[] { '\\', ':'}, new String[] { "\\\\", "\\:"} ) + ":" +
\r
680 StringRoutines.replaceStringCharacters(filter.getExpression(), new char[] { '\\', ':'}, new String[] { "\\\\", "\\:"} ) + ":" +
\r
681 StringRoutines.replaceStringCharacters(filter.getArticleAction(), new char[] { '\\', ':'}, new String[] { "\\\\", "\\:"} ) + ":" +
\r
682 StringRoutines.replaceStringCharacters(filter.getCommentAction(), new char[] { '\\', ':'}, new String[] { "\\\\", "\\:"} ) + ":" +
\r
683 StringRoutines.replaceStringCharacters(filter.getComments(), new char[] { '\\', ':'}, new String[] { "\\\\", "\\:"}) + ":";
\r
685 if (filter.getLastHit()!=null)
\r
686 filterconfig = filterconfig + filter.getLastHit().getTime();
\r
688 aConfiguration.addProperty(aConfigKey, filterconfig);
\r
693 private void getFilterConfig(List aFilters, String aConfigKey, ExtendedProperties aConfiguration) {
\r
694 synchronized(aFilters) {
\r
697 if (aConfiguration.getStringArray(aConfigKey)!=null) {
\r
699 Iterator i = Arrays.asList(aConfiguration.getStringArray(aConfigKey)).
\r
702 while (i.hasNext()) {
\r
703 String filter = (String) i.next();
\r
704 List parts = StringRoutines.splitStringWithEscape(filter, ':', '\\');
\r
705 if (parts.size() == 2) {
\r
706 parts.add(articleBlockAction);
\r
707 parts.add(commentBlockAction);
\r
712 if (parts.size() >= 5) {
\r
713 Date lastHit = null;
\r
715 if (parts.size()>=6) {
\r
716 String lastHitString = (String) parts.get(5);
\r
719 lastHit = new Date(Long.parseLong(lastHitString));
\r
721 catch (Throwable t) {
\r
725 addFilter( (String) parts.get(0), (String) parts.get(1), (String) parts.get(4), (String) parts.get(3), (String) parts.get(2), lastHit);
\r
732 private static class LogEntry {
\r
733 private String ipNumber;
\r
734 private String browserString;
\r
736 private Date timeStamp;
\r
737 private boolean isArticle;
\r
739 public LogEntry(Date aTimeStamp, String anIpNumber, String aBrowserString, String anId, boolean anIsArticle) {
\r
740 ipNumber = anIpNumber;
\r
741 browserString = aBrowserString;
\r
743 isArticle = anIsArticle;
\r
744 timeStamp=aTimeStamp;
\r
747 public String getIpNumber() {
\r
751 public String getBrowserString() {
\r
752 return browserString;
\r
755 public String getId() {
\r
759 public Date getTimeStamp() {
\r
763 public boolean getIsArticle() {
\r
768 private void truncateLog() {
\r
769 synchronized(log) {
\r
773 while (log.size()>0 && log.size()>logSize) {
\r
780 private void appendLog(LogEntry anEntry) {
\r
781 synchronized (log) {
\r
789 public void logAdminUsage(EntityUsers aUser, String aDescription) {
\r
791 String user = "unknown (" + aUser.toString() +")";
\r
793 user = aUser.getValue("login");
\r
794 adminUsageLogger.info(user + ": " + aDescription);
\r
796 catch (Throwable t) {
\r
797 logger.error("Error while logging admin usage ("+aUser.toString()+", "+aDescription+"): " +t.toString());
\r