ingress-nginx-helm/internal/nginx/maxmind.go

/*
Copyright 2020 The Kubernetes Authors.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package nginx

import (
	"archive/tar"
	"compress/gzip"
	"fmt"
	"io"
	"net/http"
	"os"
	"path"
	"strings"
)

// MaxmindLicenseKey maxmind license key to download databases
var MaxmindLicenseKey = ""

// MaxmindEditionIDs maxmind editions (GeoLite2-City, GeoLite2-Country, GeoIP2-ISP, etc)
var MaxmindEditionIDs = ""

// MaxmindEditionFiles maxmind databases on disk
var MaxmindEditionFiles []string

// MaxmindMirror maxmind database mirror url (http://geoip.local)
var MaxmindMirror = ""

const (
	geoIPPath   = "/etc/nginx/geoip"
	dbExtension = ".mmdb"

	maxmindURL = "https://download.maxmind.com/app/geoip_download?license_key=%v&edition_id=%v&suffix=tar.gz"
)

// GeoLite2DBExists checks if the required databases for
// the GeoIP2 NGINX module are present in the filesystem
func GeoLite2DBExists() bool {
	for _, dbName := range strings.Split(MaxmindEditionIDs, ",") {
		if !fileExists(path.Join(geoIPPath, dbName+dbExtension)) {
			return false
		}
	}

	return true
}

// DownloadGeoLite2DB downloads the required databases by the
// GeoIP2 NGINX module using a license key from MaxMind.
func DownloadGeoLite2DB() error {
	for _, dbName := range strings.Split(MaxmindEditionIDs, ",") {
		err := downloadDatabase(dbName)
		if err != nil {
			return err
		}
		MaxmindEditionFiles = append(MaxmindEditionFiles, dbName+dbExtension)
	}
	return nil
}

func createURL(mirror, licenseKey, dbName string) string {
	if len(mirror) > 0 {
		return fmt.Sprintf("%s/%s.tar.gz", mirror, dbName)
	}
	return fmt.Sprintf(maxmindURL, licenseKey, dbName)
}

func downloadDatabase(dbName string) error {
	url := createURL(MaxmindMirror, MaxmindLicenseKey, dbName)
	req, err := http.NewRequest(http.MethodGet, url, nil)
	if err != nil {
		return err
	}

	resp, err := http.DefaultClient.Do(req)
	if err != nil {
		return err
	}

	defer resp.Body.Close()

	if resp.StatusCode != http.StatusOK {
		return fmt.Errorf("HTTP status %v", resp.Status)
	}

	archive, err := gzip.NewReader(resp.Body)
	if err != nil {
		return err
	}
	defer archive.Close()

	mmdbFile := dbName + dbExtension

	tarReader := tar.NewReader(archive)
	for true {
		header, err := tarReader.Next()
		if err == io.EOF {
			break
		}

		if err != nil {
			return err
		}

		switch header.Typeflag {
		case tar.TypeReg:
			if !strings.HasSuffix(header.Name, mmdbFile) {
				continue
			}

			outFile, err := os.Create(path.Join(geoIPPath, mmdbFile))
			if err != nil {
				return err
			}

			defer outFile.Close()

			if _, err := io.CopyN(outFile, tarReader, header.Size); err != nil {
				return err
			}

			return nil
		}
	}

	return fmt.Errorf("the URL %v does not contains the database %v",
		fmt.Sprintf(maxmindURL, "XXXXXXX", dbName), mmdbFile)
}

// ValidateGeoLite2DBEditions check provided Maxmind database editions names
func ValidateGeoLite2DBEditions() error {
	allowedEditions := map[string]bool{
		"GeoIP2-Anonymous-IP":    true,
		"GeoIP2-Country":         true,
		"GeoIP2-City":            true,
		"GeoIP2-Connection-Type": true,
		"GeoIP2-Domain":          true,
		"GeoIP2-ISP":             true,
		"GeoIP2-ASN":             true,
		"GeoLite2-ASN":           true,
		"GeoLite2-Country":       true,
		"GeoLite2-City":          true,
	}

	for _, edition := range strings.Split(MaxmindEditionIDs, ",") {
		if !allowedEditions[edition] {
			return fmt.Errorf("unknown Maxmind GeoIP2 edition name: '%s'", edition)
		}
	}
	return nil
}

func fileExists(filePath string) bool {
	info, err := os.Stat(filePath)
	if os.IsNotExist(err) {
		return false
	}

	return !info.IsDir()
}
Enable download of GeoLite2 databases (#4896) 2020-01-08 22:46:43 +00:00			`/*`
			`Copyright 2020 The Kubernetes Authors.`

			`Licensed under the Apache License, Version 2.0 (the "License");`
			`you may not use this file except in compliance with the License.`
			`You may obtain a copy of the License at`

			`http://www.apache.org/licenses/LICENSE-2.0`

			`Unless required by applicable law or agreed to in writing, software`
			`distributed under the License is distributed on an "AS IS" BASIS,`
			`WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`See the License for the specific language governing permissions and`
			`limitations under the License.`
			`*/`

			`package nginx`

			`import (`
			`"archive/tar"`
			`"compress/gzip"`
			`"fmt"`
			`"io"`
			`"net/http"`
			`"os"`
			`"path"`
			`"strings"`
			`)`

			`// MaxmindLicenseKey maxmind license key to download databases`
			`var MaxmindLicenseKey = ""`

Add Maxmind Editions support 2020-03-16 07:26:33 +00:00			`// MaxmindEditionIDs maxmind editions (GeoLite2-City, GeoLite2-Country, GeoIP2-ISP, etc)`
			`var MaxmindEditionIDs = ""`
Enable download of GeoLite2 databases (#4896) 2020-01-08 22:46:43 +00:00
Add Maxmind Editions support 2020-03-16 07:26:33 +00:00			`// MaxmindEditionFiles maxmind databases on disk`
			`var MaxmindEditionFiles []string`
Enable download of GeoLite2 databases (#4896) 2020-01-08 22:46:43 +00:00
Add GeoIP Local mirror support 2020-12-28 05:28:16 +00:00			`// MaxmindMirror maxmind database mirror url (http://geoip.local)`
			`var MaxmindMirror = ""`

Add Maxmind Editions support 2020-03-16 07:26:33 +00:00			`const (`
			`geoIPPath = "/etc/nginx/geoip"`
Enable download of GeoLite2 databases (#4896) 2020-01-08 22:46:43 +00:00			`dbExtension = ".mmdb"`

			`maxmindURL = "https://download.maxmind.com/app/geoip_download?license_key=%v&edition_id=%v&suffix=tar.gz"`
			`)`

			`// GeoLite2DBExists checks if the required databases for`
			`// the GeoIP2 NGINX module are present in the filesystem`
			`func GeoLite2DBExists() bool {`
Add Maxmind Editions support 2020-03-16 07:26:33 +00:00			`for _, dbName := range strings.Split(MaxmindEditionIDs, ",") {`
			`if !fileExists(path.Join(geoIPPath, dbName+dbExtension)) {`
			`return false`
			`}`
Enable download of GeoLite2 databases (#4896) 2020-01-08 22:46:43 +00:00			`}`

			`return true`
			`}`

			`// DownloadGeoLite2DB downloads the required databases by the`
			`// GeoIP2 NGINX module using a license key from MaxMind.`
			`func DownloadGeoLite2DB() error {`
Add Maxmind Editions support 2020-03-16 07:26:33 +00:00			`for _, dbName := range strings.Split(MaxmindEditionIDs, ",") {`
			`err := downloadDatabase(dbName)`
			`if err != nil {`
			`return err`
			`}`
			`MaxmindEditionFiles = append(MaxmindEditionFiles, dbName+dbExtension)`
Enable download of GeoLite2 databases (#4896) 2020-01-08 22:46:43 +00:00			`}`
			`return nil`
			`}`

Add GeoIP Local mirror support 2020-12-28 05:28:16 +00:00			`func createURL(mirror, licenseKey, dbName string) string {`
			`if len(mirror) > 0 {`
			`return fmt.Sprintf("%s/%s.tar.gz", mirror, dbName)`
			`}`
			`return fmt.Sprintf(maxmindURL, licenseKey, dbName)`
			`}`

Enable download of GeoLite2 databases (#4896) 2020-01-08 22:46:43 +00:00			`func downloadDatabase(dbName string) error {`
Add GeoIP Local mirror support 2020-12-28 05:28:16 +00:00			`url := createURL(MaxmindMirror, MaxmindLicenseKey, dbName)`
Enable download of GeoLite2 databases (#4896) 2020-01-08 22:46:43 +00:00			`req, err := http.NewRequest(http.MethodGet, url, nil)`
			`if err != nil {`
			`return err`
			`}`

			`resp, err := http.DefaultClient.Do(req)`
			`if err != nil {`
			`return err`
			`}`

			`defer resp.Body.Close()`

			`if resp.StatusCode != http.StatusOK {`
			`return fmt.Errorf("HTTP status %v", resp.Status)`
			`}`

			`archive, err := gzip.NewReader(resp.Body)`
			`if err != nil {`
			`return err`
			`}`
			`defer archive.Close()`

			`mmdbFile := dbName + dbExtension`

			`tarReader := tar.NewReader(archive)`
			`for true {`
			`header, err := tarReader.Next()`
			`if err == io.EOF {`
			`break`
			`}`

			`if err != nil {`
			`return err`
			`}`

			`switch header.Typeflag {`
			`case tar.TypeReg:`
			`if !strings.HasSuffix(header.Name, mmdbFile) {`
			`continue`
			`}`

			`outFile, err := os.Create(path.Join(geoIPPath, mmdbFile))`
			`if err != nil {`
			`return err`
			`}`

			`defer outFile.Close()`

Fixes for gosec 2020-12-04 12:40:42 +00:00			`if _, err := io.CopyN(outFile, tarReader, header.Size); err != nil {`
Enable download of GeoLite2 databases (#4896) 2020-01-08 22:46:43 +00:00			`return err`
			`}`

			`return nil`
			`}`
			`}`

			`return fmt.Errorf("the URL %v does not contains the database %v",`
			`fmt.Sprintf(maxmindURL, "XXXXXXX", dbName), mmdbFile)`
			`}`

Add Maxmind Editions support 2020-03-16 07:26:33 +00:00			`// ValidateGeoLite2DBEditions check provided Maxmind database editions names`
			`func ValidateGeoLite2DBEditions() error {`
			`allowedEditions := map[string]bool{`
			`"GeoIP2-Anonymous-IP": true,`
			`"GeoIP2-Country": true,`
			`"GeoIP2-City": true,`
			`"GeoIP2-Connection-Type": true,`
			`"GeoIP2-Domain": true,`
			`"GeoIP2-ISP": true,`
			`"GeoIP2-ASN": true,`
			`"GeoLite2-ASN": true,`
			`"GeoLite2-Country": true,`
			`"GeoLite2-City": true,`
			`}`

			`for _, edition := range strings.Split(MaxmindEditionIDs, ",") {`
			`if !allowedEditions[edition] {`
			`return fmt.Errorf("unknown Maxmind GeoIP2 edition name: '%s'", edition)`
			`}`
			`}`
			`return nil`
			`}`

Enable download of GeoLite2 databases (#4896) 2020-01-08 22:46:43 +00:00			`func fileExists(filePath string) bool {`
			`info, err := os.Stat(filePath)`
			`if os.IsNotExist(err) {`
			`return false`
			`}`

			`return !info.IsDir()`
			`}`