157 lines
4.8 KiB
Python
157 lines
4.8 KiB
Python
"""Geo / IP lookup router.
|
|
|
|
Provides the IP enrichment endpoints:
|
|
|
|
* ``GET /api/geo/lookup/{ip}`` — ban status, ban history, and geo info for an IP
|
|
* ``POST /api/geo/re-resolve`` — retry all previously failed geo lookups
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
from typing import TYPE_CHECKING, Annotated
|
|
|
|
if TYPE_CHECKING:
|
|
from app.services.jail_service import IpLookupResult
|
|
|
|
import aiosqlite
|
|
from fastapi import APIRouter, Depends, HTTPException, Path, status
|
|
|
|
from app.dependencies import (
|
|
AuthDep,
|
|
Fail2BanSocketDep,
|
|
HttpSessionDep,
|
|
get_db,
|
|
)
|
|
from app.models.geo import GeoCacheStatsResponse, GeoDetail, GeoInfo, GeoReResolveResponse, IpLookupResponse
|
|
from app.services import geo_service, jail_service
|
|
from app.utils.fail2ban_client import Fail2BanConnectionError
|
|
|
|
router: APIRouter = APIRouter(prefix="/api/geo", tags=["Geo"])
|
|
|
|
_IpPath = Annotated[str, Path(description="IPv4 or IPv6 address to look up.")]
|
|
|
|
|
|
@router.get(
|
|
"/lookup/{ip}",
|
|
response_model=IpLookupResponse,
|
|
summary="Look up ban status and geo information for an IP",
|
|
)
|
|
async def lookup_ip(
|
|
_auth: AuthDep,
|
|
ip: _IpPath,
|
|
socket_path: Fail2BanSocketDep,
|
|
http_session: HttpSessionDep,
|
|
) -> IpLookupResponse:
|
|
"""Return current ban status, geo data, and network information for an IP.
|
|
|
|
Checks every running fail2ban jail to determine whether the IP is
|
|
currently banned, and enriches the result with country, ASN, and
|
|
organisation data from ip-api.com.
|
|
|
|
Args:
|
|
_auth: Validated session — enforces authentication.
|
|
ip: The IP address to look up.
|
|
|
|
Returns:
|
|
:class:`~app.models.geo.IpLookupResponse` with ban status and geo data.
|
|
|
|
Raises:
|
|
HTTPException: 400 when *ip* is not a valid IP address.
|
|
HTTPException: 502 when fail2ban is unreachable.
|
|
"""
|
|
async def _enricher(addr: str) -> geo_service.GeoInfo | None:
|
|
return await geo_service.lookup(addr, http_session)
|
|
|
|
try:
|
|
result: IpLookupResult = await jail_service.lookup_ip(
|
|
socket_path,
|
|
ip,
|
|
geo_enricher=_enricher,
|
|
)
|
|
except ValueError as exc:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_400_BAD_REQUEST,
|
|
detail=str(exc),
|
|
) from exc
|
|
except Fail2BanConnectionError as exc:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_502_BAD_GATEWAY,
|
|
detail=f"Cannot reach fail2ban: {exc}",
|
|
) from exc
|
|
|
|
raw_geo = result["geo"]
|
|
geo_detail: GeoDetail | None = None
|
|
if isinstance(raw_geo, GeoInfo):
|
|
geo_detail = GeoDetail(
|
|
country_code=raw_geo.country_code,
|
|
country_name=raw_geo.country_name,
|
|
asn=raw_geo.asn,
|
|
org=raw_geo.org,
|
|
)
|
|
|
|
return IpLookupResponse(
|
|
ip=result["ip"],
|
|
currently_banned_in=result["currently_banned_in"],
|
|
geo=geo_detail,
|
|
)
|
|
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# POST /api/geo/re-resolve
|
|
# ---------------------------------------------------------------------------
|
|
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# GET /api/geo/stats
|
|
# ---------------------------------------------------------------------------
|
|
|
|
|
|
@router.get(
|
|
"/stats",
|
|
response_model=GeoCacheStatsResponse,
|
|
summary="Geo cache diagnostic counters",
|
|
)
|
|
async def geo_stats(
|
|
_auth: AuthDep,
|
|
db: Annotated[aiosqlite.Connection, Depends(get_db)],
|
|
) -> GeoCacheStatsResponse:
|
|
"""Return diagnostic counters for the geo cache subsystem.
|
|
|
|
Useful for operators and the UI to gauge geo-resolution health.
|
|
|
|
Args:
|
|
_auth: Validated session — enforces authentication.
|
|
db: BanGUI application database connection.
|
|
|
|
Returns:
|
|
:class:`~app.models.geo.GeoCacheStatsResponse` with current counters.
|
|
"""
|
|
stats: dict[str, int] = await geo_service.cache_stats(db)
|
|
return GeoCacheStatsResponse(**stats)
|
|
|
|
|
|
@router.post(
|
|
"/re-resolve",
|
|
summary="Re-resolve all IPs whose country could not be determined",
|
|
response_model=GeoReResolveResponse,
|
|
)
|
|
async def re_resolve_geo(
|
|
_auth: AuthDep,
|
|
db: Annotated[aiosqlite.Connection, Depends(get_db)],
|
|
http_session: HttpSessionDep,
|
|
) -> GeoReResolveResponse:
|
|
"""Retry geo resolution for every IP in ``geo_cache`` with a null country.
|
|
|
|
Clears the in-memory negative cache first so that previously failing IPs
|
|
are immediately eligible for a new API attempt.
|
|
|
|
Args:
|
|
_auth: Validated session — enforces authentication.
|
|
db: BanGUI application database (for reading/writing ``geo_cache``).
|
|
http_session: Shared HTTP session for geo lookups.
|
|
|
|
Returns:
|
|
A :class:`~app.models.geo.GeoReResolveResponse` with retry counts.
|
|
"""
|
|
return await geo_service.re_resolve_all(db, http_session)
|