cc and ccn geo blocking

10 months ago · abe7fc904b
parent c41a3ecf58
commit abe7fc904b
6 changed files with 250 additions and 101 deletions
--- a/.env.example
+++ b/.env.example
@ -10,6 +10,8 @@ SERVER_PREFIX="websrv"
 HOSTS_MAP_NAME="hosts"
 BLOCKED_IP_MAP_NAME="blockedip"
 BLOCKED_ASN_MAP_NAME="blockedasn"
+BLOCKED_CC_MAP_NAME="blockedcc"
+BLOCKED_CN_MAP_NAME="blockedcn"
 DDOS_MAP_NAME="ddos"
 DDOS_CONFIG_MAP_NAME="ddos_config"
 BACKENDS_MAP_NAME="backends"
--- a/components/MenuLinks.js
+++ b/components/MenuLinks.js
@ -20,107 +20,126 @@ export default withRouter(function MenuLinks({ router }) {
 	switch(true) {
 		case router.pathname.startsWith('/kb'):
 			mainLinks = (<>
-				<li className='nav-item'>
-					<Link href='/kb' className={path === '/kb' ? 'nav-link active' : 'nav-link text-body'} aria-current='page'>
-						<i className='bi-layers pe-none me-2' width='16' height='16' />
-							Index
-					</Link>
-				</li>
-				<li className='nav-item'>
-					<Link href='/kb/firewall' className={path === '/kb/firewall' ? 'nav-link active' : 'nav-link text-body'} aria-current='page'>
-						<i className='bi-bricks pe-none me-2' width='16' height='16' />
-							Firewall
-					</Link>
-				</li>
-				<li className='nav-item'>
-					<Link href='/kb/https' className={path === '/kb/https' ? 'nav-link active' : 'nav-link text-body'} aria-current='page'>
-						<i className='bi-file-earmark-lock pe-none me-2' width='16' height='16' />
-							HTTPS & CSRs
-					</Link>
-				</li>
+				<ul className='nav nav-pills flex-column mb-auto'>
+					<li className='nav-item'>
+						<Link href='/kb' className={path === '/kb' ? 'nav-link active' : 'nav-link text-body'} aria-current='page'>
+							<i className='bi-layers pe-none me-2' width='16' height='16' />
+								Index
+						</Link>
+					</li>
+					<li className='nav-item'>
+						<Link href='/kb/firewall' className={path === '/kb/firewall' ? 'nav-link active' : 'nav-link text-body'} aria-current='page'>
+							<i className='bi-bricks pe-none me-2' width='16' height='16' />
+								Firewall
+						</Link>
+					</li>
+					<li className='nav-item'>
+						<Link href='/kb/https' className={path === '/kb/https' ? 'nav-link active' : 'nav-link text-body'} aria-current='page'>
+							<i className='bi-file-earmark-lock pe-none me-2' width='16' height='16' />
+								HTTPS & CSRs
+						</Link>
+					</li>
+				</ul>
 			</>);
 			bottomLinks = null;
 			break;
 		default:
 			mainLinks = (<>
-				<li className='nav-item'>
-					<Link href='/account' className={path === '/account' ? 'nav-link active' : 'nav-link text-body'} aria-current='page'>
-						<i className='bi-person-square pe-none me-2' width='16' height='16' />
-							Account
-					</Link>
-				</li>
-				<li className='nav-item'>
-					<Link href='/domains' className={path === '/domains' ? 'nav-link active' : 'nav-link text-body'} aria-current='page'>
-						<i className='bi-layers pe-none me-2' width='16' height='16' />
-							Domains
-					</Link>
-				</li>
-				<li className='nav-item'>
-					<Link href='/map/hosts' className={path === '/map/hosts' ? 'nav-link active' : 'nav-link text-body'} aria-current='page'>
-						<i className='bi-hdd-network pe-none me-2' width='16' height='16' />
-							Backends
-					</Link>
-				</li>
-				<li className='nav-item'>
-					<Link href='/certs' className={path === '/certs' ? 'nav-link active' : 'nav-link text-body'} aria-current='page'>
-						<i className='bi-file-earmark-lock pe-none me-2' width='16' height='16' />
-							HTTPS Certificates
-					</Link>
-				</li>
-				<li className='nav-item'>
-					<Link href='/csr' className={path === '/csr' ? 'nav-link active' : 'nav-link text-body'} aria-current='page'>
-						<i className='bi-building-lock pe-none me-2' width='16' height='16' />
-							Origin CSR
-					</Link>
-				</li>
-				<li className='nav-item'>
-					<Link href='/map/ddos_config' className={path === '/map/ddos_config' ? 'nav-link active' : 'nav-link text-body'} aria-current='page'>
-						<i className='bi-sliders2 pe-none me-2' width='16' height='16' />
-							Protection Settings
-					</Link>
-				</li>
-				<li className='nav-item'>
-					<Link href='/map/ddos' className={path === '/map/ddos' ? 'nav-link active' : 'nav-link text-body'} aria-current='page'>
-						<i className='bi-shield-check pe-none me-2' width='16' height='16' />
-							Protection Rules
-					</Link>
-				</li>
-				<li className='nav-item'>
-					<Link href='/map/rewrite' className={path === '/map/rewrite' ? 'nav-link active' : 'nav-link text-body'} aria-current='page'>
-						<i className='bi-pencil pe-none me-2' width='16' height='16' />
-							Rewrites
-					</Link>
-				</li>
-				<li className='nav-item'>
-					<Link href='/map/redirect' className={path === '/map/redirect' ? 'nav-link active' : 'nav-link text-body'} aria-current='page'>
-						<i className='bi-signpost pe-none me-2' width='16' height='16' />
-							Redirects
-					</Link>
-				</li>
-				<li className='nav-item'>
-					<Link href='/map/whitelist' className={path === '/map/whitelist' ? 'nav-link active' : 'nav-link text-body'} aria-current='page'>
-						<i className='bi-person-check pe-none me-2' width='16' height='16' />
-							IP Whitelist
-					</Link>
-				</li>
-				<li className='nav-item'>
-					<Link href='/map/blockedip' className={path === '/map/blockedip' ? 'nav-link active' : 'nav-link text-body'} aria-current='page'>
-						<i className='bi-person-slash pe-none me-2' width='16' height='16' />
-							IP Blacklist
-					</Link>
-				</li>
-				<li className='nav-item'>
-					<Link href='/map/blockedasn' className={path === '/map/blockedasn' ? 'nav-link active' : 'nav-link text-body'} aria-current='page'>
-						<i className='bi-building-slash pe-none me-2' width='16' height='16' />
-							ASN Blacklist
-					</Link>
-				</li>
-				<li className='nav-item'>
-					<Link href='/map/maintenance' className={path === '/map/maintenance' ? 'nav-link active' : 'nav-link text-body'} aria-current='page'>
-						<i className='bi-info-square pe-none me-2' width='16' height='16' />
-							Maintenance Mode
-					</Link>
-				</li>
+				<ul className='nav nav-pills flex-column mb-auto'>
+					<li className='nav-item'>
+						<Link href='/account' className={path === '/account' ? 'nav-link active' : 'nav-link text-body'} aria-current='page'>
+							<i className='bi-person-square pe-none me-2' width='16' height='16' />
+								Account
+						</Link>
+					</li>
+					<li className='nav-item'>
+						<Link href='/domains' className={path === '/domains' ? 'nav-link active' : 'nav-link text-body'} aria-current='page'>
+							<i className='bi-layers pe-none me-2' width='16' height='16' />
+								Domains
+						</Link>
+					</li>
+					<li className='nav-item'>
+						<Link href='/map/hosts' className={path === '/map/hosts' ? 'nav-link active' : 'nav-link text-body'} aria-current='page'>
+							<i className='bi-hdd-network pe-none me-2' width='16' height='16' />
+								Backends
+						</Link>
+					</li>
+					<li className='nav-item'>
+						<Link href='/certs' className={path === '/certs' ? 'nav-link active' : 'nav-link text-body'} aria-current='page'>
+							<i className='bi-file-earmark-lock pe-none me-2' width='16' height='16' />
+								HTTPS Certificates
+						</Link>
+					</li>
+					<li className='nav-item'>
+						<Link href='/csr' className={path === '/csr' ? 'nav-link active' : 'nav-link text-body'} aria-current='page'>
+							<i className='bi-building-lock pe-none me-2' width='16' height='16' />
+								Origin CSR
+						</Link>
+					</li>
+					<li className='nav-item'>
+						<Link href='/map/ddos_config' className={path === '/map/ddos_config' ? 'nav-link active' : 'nav-link text-body'} aria-current='page'>
+							<i className='bi-sliders2 pe-none me-2' width='16' height='16' />
+								Protection Settings
+						</Link>
+					</li>
+					<li className='nav-item'>
+						<Link href='/map/ddos' className={path === '/map/ddos' ? 'nav-link active' : 'nav-link text-body'} aria-current='page'>
+							<i className='bi-shield-check pe-none me-2' width='16' height='16' />
+								Protection Rules
+						</Link>
+					</li>
+					<li className='nav-item'>
+						<Link href='/map/rewrite' className={path === '/map/rewrite' ? 'nav-link active' : 'nav-link text-body'} aria-current='page'>
+							<i className='bi-pencil pe-none me-2' width='16' height='16' />
+								Rewrites
+						</Link>
+					</li>
+					<li className='nav-item'>
+						<Link href='/map/redirect' className={path === '/map/redirect' ? 'nav-link active' : 'nav-link text-body'} aria-current='page'>
+							<i className='bi-signpost pe-none me-2' width='16' height='16' />
+								Redirects
+						</Link>
+					</li>
+					<li className='nav-item'>
+						<Link href='/map/maintenance' className={path === '/map/maintenance' ? 'nav-link active' : 'nav-link text-body'} aria-current='page'>
+							<i className='bi-info-square pe-none me-2' width='16' height='16' />
+								Maintenance Mode
+						</Link>
+					</li>
+				</ul>
+				<hr />
+				<ul className='nav nav-pills flex-column'>
+					<li className='nav-item'>
+						<Link href='/map/whitelist' className={path === '/map/whitelist' ? 'nav-link active' : 'nav-link text-body'} aria-current='page'>
+							<i className='bi-person-check pe-none me-2' width='16' height='16' />
+								IP Whitelist
+						</Link>
+					</li>
+					<li className='nav-item'>
+						<Link href='/map/blockedip' className={path === '/map/blockedip' ? 'nav-link active' : 'nav-link text-body'} aria-current='page'>
+							<i className='bi-person-slash pe-none me-2' width='16' height='16' />
+								IP Blacklist
+						</Link>
+					</li>
+					<li className='nav-item'>
+						<Link href='/map/blockedasn' className={path === '/map/blockedasn' ? 'nav-link active' : 'nav-link text-body'} aria-current='page'>
+							<i className='bi-building-slash pe-none me-2' width='16' height='16' />
+								ASN Blacklist
+						</Link>
+					</li>
+					<li className='nav-item'>
+						<Link href='/map/blockedcc' className={path === '/map/blockedcc' ? 'nav-link active' : 'nav-link text-body'} aria-current='page'>
+							<i className='bi-globe2 pe-none me-2' width='16' height='16' />
+								Country Blacklist
+						</Link>
+					</li>
+					<li className='nav-item'>
+						<Link href='/map/blockedcn' className={path === '/map/blockedcn' ? 'nav-link active' : 'nav-link text-body'} aria-current='page'>
+							<i className='bi-globe2 pe-none me-2' width='16' height='16' />
+								Continent Blacklist
+						</Link>
+					</li>
+				</ul>
 			</>);
 			bottomLinks = (<>
 				<hr />
@ -159,9 +178,7 @@ export default withRouter(function MenuLinks({ router }) {
 			<span className='mx-2 fs-4 text-decoration-none'>BasedFlare</span>
 		</Link>
 		<hr />
-		<ul className='nav nav-pills flex-column mb-auto'>
-			{mainLinks}
-		</ul>
+		{mainLinks}
 		{bottomLinks}
 	</>);

--- a/controllers/maps.js
+++ b/controllers/maps.js
@ -1,7 +1,17 @@
 import { extractMap, dynamicResponse } from '../util.js';
 import { createCIDR, parse } from 'ip6addr';
 import url from 'url';
-
+import countries from 'i18n-iso-countries';
+const countryMap = countries.getAlpha2Codes();
+const continentMap = {
+	'NA': 'North America',
+	'SA': 'South America',
+	'EU': 'Europe',
+	'AS': 'Asia',
+	'OC': 'Oceania',
+	'AF': 'Africa',
+	'AN': 'Antarctica',
+};
 /**
 * GET /maps/:name
 * Show map filtering to users domains
@ -54,6 +64,8 @@ export async function mapData(req, res, next) {
 			break;
 		case process.env.BLOCKED_IP_MAP_NAME:
 		case process.env.BLOCKED_ASN_MAP_NAME:
+		case process.env.BLOCKED_CC_MAP_NAME:
+		case process.env.BLOCKED_CN_MAP_NAME:
 		case process.env.WHITELIST_MAP_NAME:
 			map = map
 				.filter(a => {
@ -100,6 +112,8 @@ export async function deleteMapForm(req, res, next) {

 	if (req.params.name === process.env.BLOCKED_IP_MAP_NAME
 		|| req.params.name === process.env.BLOCKED_ASN_MAP_NAME
+		|| req.params.name === process.env.BLOCKED_CC_MAP_NAME
+		|| req.params.name === process.env.BLOCKED_CN_MAP_NAME
 		|| req.params.name === process.env.WHITELIST_MAP_NAME) {
 		let value;
 		const existingEntry = await res.locals
@ -233,6 +247,22 @@ export async function patchMapForm(req, res, next) {
 			//req.body.key is a number
 		}

+		//validate key is country code
+		if (req.params.name === process.env.BLOCKED_CC_MAP_NAME) {
+			if (!countryMap[req.body.key]) {
+				return dynamicResponse(req, res, 403, { error: 'Invalid country code' });
+			}
+			//req.body.key is a cc
+		}
+
+		//validate key is country code
+		if (req.params.name === process.env.BLOCKED_CN_MAP_NAME) {
+			if (!continentMap[req.body.key]) {
+				return dynamicResponse(req, res, 403, { error: 'Invalid continent code' });
+			}
+			//req.body.key is a cn
+		}
+
 		//validate value is url (roughly)
 		if (req.params.name === process.env.REWRITE_MAP_NAME
 			|| req.params.name === process.env.REDIRECT_MAP_NAME) {
@ -294,6 +324,8 @@ export async function patchMapForm(req, res, next) {
 				break;
 			case process.env.BLOCKED_IP_MAP_NAME:
 			case process.env.BLOCKED_ASN_MAP_NAME:
+			case process.env.BLOCKED_CC_MAP_NAME:
+			case process.env.BLOCKED_CN_MAP_NAME:
 			case process.env.WHITELIST_MAP_NAME: {
 				const existingEntry = await res.locals
 					.dataPlaneRetry('getRuntimeMapEntry', {
--- a/pages/map/[name].js
+++ b/pages/map/[name].js
@ -1,12 +1,29 @@
 import { useRouter } from 'next/router';
 import React, { useState, useEffect } from 'react';
 import Head from 'next/head';
+import Select from 'react-select';
 import MapRow from '../../components/MapRow.js';
 import BackButton from '../../components/BackButton.js';
 import ErrorAlert from '../../components/ErrorAlert.js';
 import SearchFilter from '../../components/SearchFilter.js';
 import * as API from '../../api.js';

+import countries from 'i18n-iso-countries';
+import enCountries from 'i18n-iso-countries/langs/en.json';
+countries.registerLocale(enCountries);
+const continentMap = {
+	'NA': 'North America',
+	'SA': 'South America',
+	'EU': 'Europe',
+	'AS': 'Asia',
+	'OC': 'Oceania',
+	'AF': 'Africa',
+	'AN': 'Antarctica',
+};
+
+const countryOptions = Object.entries(countries.getNames('en'))
+	.map(e => ({ value: e[0], label: `${e[1]} (${e[0]})` }));
+
 const MapPage = (props) => {

 	const router = useRouter();
@ -253,6 +270,73 @@ const MapPage = (props) => {
 				</>
 			);
 			break;
+		case 'blockedcc':
+			mapInfoHelper = <div className='alert alert-info' role='info'>
+				Blocked countries based on geoip data. Uses <a target='_blank' rel='noreferrer' href='https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes'>ISO 3166-1 alpha-2 country codes</a>.
+			</div>;
+			formElements = (
+				<>
+					<td>
+						<button className='btn btn-sm btn-success' type='submit'>
+							<i className='bi-plus-lg pe-none' width='16' height='16' />
+						</button>
+					</td>
+					<td>
+						<Select
+							theme={(theme) => ({
+								...theme,
+								borderRadius: 5,
+							})}
+							required
+							closeMenuOnSelect={true}
+							options={countryOptions}
+							// value={(rec.geov||[]).map(x => ({ value: x, label: `${countries.getName(x, 'en')} (${x})` }))}
+							getOptionLabel={x => `${countries.getName(x.value, 'en')} (${x.value})`}
+							classNamePrefix='select'
+							name='key'
+							className='basic-multi-select'
+						/>
+					</td>
+				</>
+			);
+			break;
+		case 'blockedcn':
+			mapInfoHelper = <div className='alert alert-info' role='info'>
+				Block continents based on geoip data.
+			</div>;
+			formElements = (
+				<>
+					<td>
+						<button className='btn btn-sm btn-success' type='submit'>
+							<i className='bi-plus-lg pe-none' width='16' height='16' />
+						</button>
+					</td>
+					<td>
+						<Select
+							theme={(theme) => ({
+								...theme,
+								borderRadius: 5,
+							})}
+							required
+							closeMenuOnSelect={true}
+							options={[
+								{ value: 'NA', label: 'North America' },
+								{ value: 'SA', label: 'South America' },
+								{ value: 'EU', label: 'Europe' },
+								{ value: 'AS', label: 'Asia' },
+								{ value: 'OC', label: 'Oceania' },
+								{ value: 'AF', label: 'Africa' },
+								{ value: 'AN', label: 'Antarctica' },
+							]}
+							getOptionLabel={x => `${continentMap[x.value]} (${x.value})`}
+							classNamePrefix='select'
+							name='key'
+							className='basic-multi-select'
+						/>
+					</td>
+				</>
+			);
+			break;
 		case 'redirect':
 			mapInfoHelper = <div className='alert alert-info' role='info'>
 				Redirects redirect all requests from a domain to another domain or a domain+path e.g. &quot;www.example.com&quot; -&gt; &quot;example.com&quot; or &quot;example.com/something&quot;.
@ -314,7 +398,7 @@ const MapPage = (props) => {
 			<SearchFilter filter={filter} setFilter={setFilter} />

 			{/* Map table */}
-			<div className='table-responsive w-100 round-shadow'>
+			<div className='w-100 round-shadow'>
 				<form onSubmit={addToMap} className='d-flex' action={`/forms/map/${mapInfo.name}/add`} method='post'>
 					<table className='table text-nowrap mb-0'>
 						<tbody>
--- a/router.js
+++ b/router.js
@ -242,6 +242,8 @@ export default function router(server, app) {
 	const mapNames = [
 			process.env.BLOCKED_IP_MAP_NAME,
 			process.env.BLOCKED_ASN_MAP_NAME,
+			process.env.BLOCKED_CC_MAP_NAME,
+			process.env.BLOCKED_CN_MAP_NAME,
 			process.env.MAINTENANCE_MAP_NAME,
 			process.env.WHITELIST_MAP_NAME,
 			process.env.REDIRECT_MAP_NAME,
--- a/util.js
+++ b/util.js
@ -42,6 +42,18 @@ const fMap = {
 		columnNames: ['AS Number', ''],
 	},

+	[process.env.BLOCKED_CC_MAP_NAME]: {
+		fname: 'Country Blacklist',
+		description: 'Countries that are outright blocked',
+		columnNames: ['Country Code', ''],
+	},
+
+	[process.env.BLOCKED_CN_MAP_NAME]: {
+		fname: 'Continent Blacklist',
+		description: 'Continents that are outright blocked',
+		columnNames: ['Continent Code', ''],
+	},
+
 	[process.env.WHITELIST_MAP_NAME]: {
 		fname: 'IP Whitelist',
 		description: 'IPs/subnets that bypass protection rules',