From 55e8bca98cbf295db654aa146fee067e666250c8 Mon Sep 17 00:00:00 2001
From: Kload <kload@kload.fr>
Date: Sat, 15 Jun 2013 22:13:29 +0000
Subject: [PATCH] Logging SQL o/

---
 .dynette.rb.swp | Bin 12288 -> 20480 bytes
 dynette.rb      |  99 ++++++++++++++++++++++++++++++++++++++++++------
 2 files changed, 88 insertions(+), 11 deletions(-)

diff --git a/.dynette.rb.swp b/.dynette.rb.swp
index 77d30ff62cd01ccb526c568bcdcbea827721a783..04b84a734871d3a8694c8e3381d05cde1e03e985 100644
GIT binary patch
literal 20480
zcmeI2dyHIF9mlUlp%#!L#(xk!oyE>>*`1kvl)4kPW$Lc5w%c9U-L{)$oZgvxX6JP8
z+<U!`t<&9=7|}!}X!uJdNDL)BmJkvNDrtN~jgb%&6GTO*QDfCq186L<`1+pvp4q#v
zf}(it_S2cUk8^(ad!D~@e&yW3;SsVc(<|ZFDoL-LK6%sg_`3TlNs?9i5oYlVs~>ia
zX|sl|tbUgyebh@ZYgx6bm2EhhKG%~~8XC22nla03Jua>b1%v|UtAJxyyWV%H)Z5dY
z<4Lrowvj8|K6$>WiRXj@LII(GP(Uak6c7ps1%v`Zf&W1TY~upyR@lACx4qy0d{fKk
zoBiJt{%5x3`UU>)9scKSE!X{@;zKAP6c7ps1%v`Z0il3UKqw#-5DEwdgaSf=*Fgap
zyY?enz{SWM`~QLe|Keqm^a6MeJP95H_kj~&FX#gA09SyE!0ES1(r>_1U<rH%90d$a
zfk`j{_JJLs18fC<x>S;00zU^o0ndOZ!GqudumGmOB$xm<f;89;&Rrr&XTe{<8SpLe
zDey5c3a$h%;JtnY9t9`BU0@RM_dNri0}b#8Xix_#m;ggyGgx}7B;5-XunC;oEJ=R_
zXMha~APe3FzI>4+eI9%Q^np&$4$|OqaPC4$`Ym__+yzF!5EulT!Kt@M(*58bun1<s
zVemW_U!Dfv26I3IM*#z4pdV}pf5alpv*31c8~8Z50ek@L1$|&E_&XMRPJw5@H^GD8
zK5znj8dSkJ=mVWTylN60R8!nf{@tXuV`?N-s8pzB5rt}uDyi_YWy`i>k-l87d&<#N
zewRr<>`=?jFoO&Xki!1`qlbnDOT%N*47Eu*n>U=Y$||K<+Q>4)N)ttwq#)BF%{Chu
zSyeN(UOH;&nwxM%*KDfUCA(ozk`GS@55drXi={BbwT|cG+5sEP1{olpl~rb1c6;n~
z$iQx5$fjJkrekM|9l^uPbe$)8YMQ#qA586|4Z<wKv^iO2N}jaMC#1EQB8yGZ@OKZ3
zA?I4@7em6+nYwIOY9#xiX}RlouB*Q|-_x@=FmQF2xevCH_t$7;)_({0RD$vfRjEyz
z3$nQo6UwFOO$)>@^|DIqM6XmFlPW}UOs36{!2{#OF%;RRtG#A-k82uLE$V(DIQ)u=
zY@*u5Rdq`&6P@cMdCMs)dR=B(bUi$U%P`2~b&c2F;Q83O71i&_b-UKEs-LMP&w2KF
zHpJ2xh&2)SnYduy-Dnu(y6ecWk*SyzdbH=6QIZwKttwFi>u?`WY<I1>`WcA|EE!Hq
zH}o3TUX#u+%Qj`3>Dn8w4sWPdx)m_&EH!#;9bIK>^9=g1uz?nrwb0ha&_>2gosU-Q
z?{#GrZA@tp9t&w(q>2vN?;+aey=D~VznE#89~>Pi3?Eq569)}HeC73z4+KZN4~TlR
zXm}V8yRE=nTb`vFA17YDjp6(8K5x0`UN;jCGyQH~(nf}>B(TMk&XYXJ`V9|m<h)0*
zr0gT{l1JF^{fkin^Fm2H;w3d~sQS$6eKcz99J82Bm6B|8eJ5C*W;Fenr)twM7EhYz
z&D`X@A+decWcb}pN%0dkS+z-DcdnD9##Aa>lpK?pO?q<{t=ytT^EgypFQ>>*KFP3Q
zD2ePPU3gOB=?3?ss(S*cGM@>pGDO8+EN0b|?wH7$&wI+UreP*fHT62NYm`{joMRR0
z8Ho&s4cw9O+tdm<l_}aTZJJPGreRRiZjivbPBL!u$p(rAGf-Y0w&_r><}$6KItnF&
zvMrCu1|H1kZ>AQEtWc?fm$W=HqWNl+d?Z~bf1dJEcEyTr@vVN<7NE*S7L=)~Ycp2K
z)-jpn^Hc9tR?M~4CI#kDlga7^B#3ga$rjNdB}RtUe4`0Z@WL%whmCH9>+xBeS7t2<
zu#MY3<S7(6C8)xw?w(zl9R9jflGnHMlMS8!WvV7lhSecs!67o*^9rrXj%s(3p#uk}
z(}RVH!rsF8P-*h!{pliESRg4wx9k~{TKQ}?{MwND-}S0qk<}Wm2Z8Y^I0$?cW2m}m
z?%brKpO_2FrMg=cV`nX<$(Urs&X`WQF+=NC8gakdvW{hD%S_Aivl93JkHgR14Ih~M
z|2w#&hvWC~=^q7mgHdn;$b*;Qvp)^EpMMg34SW@R2^<GA;6`vg_y&CRB~Su~z(Md{
za2dE5YymIAM}G=@9efeo2`&f!fIVLUOW+}3fg+d!hruDhZ7u+D2nB=!LII(GP(Uak
z6c7ps1^zP%#OD681E09gX0W<Pw;}hyr}aG3);)`r{MBG}1<oLnbIQezjDp<~Q}-RW
zAXS1RX(?lPY=vEdFu`RjQ#`3~@g{MPAbd95A!y%|$G@JP)48sl#f2Vx^cC@6e{o?t
z*InG>es%xb({W3tW4?EBy?0-omAE|#ulbtpGC3NS3$onlcU5j);$5x864u+Biwx<m
zcS~oDvf?S7cVY2|-!P>WD=U0$E-Wl9H0^lBYYx9=I99El8Q5-gH%PoyHP_D%R*RyA
zg!uAibQVpJC&XJYm9amj=wyKz3vNBd1*`^47gwsZO&ePqUgdOCMQd22dB#i)i#&M?
zFJZrq`~Q2fcl-$UnYsTT#P|OVzWytK#{v8r`~sW;-v`0Ez#aI04dA~2d%(NFh2UlQ
z^-q8z;QRLP1dqX|e;6!*yTNwwXZY^F1V04h;DcZnIF0p)Q{Y+fGw>boF!%yE0(iW_
zKd~48GB^vK0G|U>;3kj-SAi|yv)GsaB(Oj`Ab{`HUkNsWGuW5^DYysR4t9fU!A@`%
zd-6X5KLFnY-vy6@JHf5s2sjK1;2Mwy+rcH^chK|4;BmmUJqhjr;t&c51%v`g3h=Ie
z^|{Yl*Z)5waKgEEeDL>Y$EneMDZV4+?Sck#X|7{%5(D@K=L6neMnY!)Wy8IQ*jW}2
z;8lZY^J(RHDG{;r`p;L_SAj*uPLl`3`!?U7U#kvt_hsF2WNy<5J4+F<<AnzV-ha#q
z^CLHw2g)`L4^hxb5G5lbb`s-Gla{$6@zx))6JJYdjUNhw4WdO8--GTd&i8h9U%Tip
zOeGoP2hT7~VHGU?5t)R^#e)2rv&<kgg2y=TX-`Erw**poYjNxB0}(N>TF~v0V>Ml_
Mvm<_#b+m@^FUB_33IG5A

delta 712
zcmaLUUr19?9Ki82H(Tm<H(h^*P~4U5V%n}vX=Z3aG_kPjeQ5nPo87UNL)UUqy(m;*
zM1dU$>&f*NlqP#qVNtLBdnptNdTafGgoGY?>AQOGz~}J$@#Fl?z2`SRZ5uyZKiCrM
z=~W}4R>ATLasBP0nIv5C&()Va9-9~=sVEm&7i6t>bK$&q$}>5=|DNh_yQsXgQ{f~<
zb^BP4M~F6T!bVh~qzLgDZ}1d%kj4;B;TU4*MKhXEhc&klKk*UESi);O$08Omiz(d1
zWj9~zBbads5x}DwA@aC|Yv{zMY8v4IBG3_nipNznfdvyE)^j1|kwP5(I1LjW(BMbG
z$&WjEtyY3x>o|z}xQjGSq8qO&g?Nc)NT44la2$sagb!;DA->~1ideuro?rqw#Bc-=
z{9q2>YT3Tx3(A98vd>K_6|!ruSIK3P*|?PmFs;O}C0D!lI8&K{xMgK!d-R6f8hs&$
zJKeHR+ftZqcxaPHg9l~GP-HRKELV4IkOz#q>P&7hojRuuC9cXdMuYobIzYOuQONv0
zpUfLtWo}f}bXklB%KZv`TFEYdH@g1zav0|Sdze8#7u}Z2hE`bF*=<wW!=Z2+T6Twa
Zg(I>_KU|Z%bTQqb>)DZ!Q8}Ss`2(iIm&O19

diff --git a/dynette.rb b/dynette.rb
index aa21d0f..3a48e77 100755
--- a/dynette.rb
+++ b/dynette.rb
@@ -5,9 +5,9 @@ require 'sinatra'
 require 'data_mapper'
 require 'json'
 
-DataMapper.setup(:default, ENV['DATABASE_URL'] || "pgsql://root:yayaya@localhost/dynette")
+DataMapper.setup(:default, ENV['DATABASE_URL'] || "postgres://postgres:yayaya@localhost/dynette")
 DOMAIN = "yoyoyo.fr"
-ALLOWED_IP = "82.242.206.127"
+ALLOWED_IP = "127.0.0.1"
 
 class Entry
     include DataMapper::Resource
@@ -29,16 +29,43 @@ class Ip
     belongs_to :entry
 end
 
+class Iplog
+    include DataMapper::Resource
+
+    property :ip_addr, String, :key => true
+    property :visited_at, DateTime
+end
+
+class Ipban
+    include DataMapper::Resource
+
+    property :ip_addr, String, :key => true
+end
+
+before do
+    if Ipban.first(:ip_addr => request.ip)
+        halt 410, "Your ip is banned from the service"
+    end
+    if iplog = Iplog.last(:ip_addr => request.ip)
+        if iplog.visited_at.to_time > Time.now - 30
+            halt 410, "Please wait 30sec\n"
+        else
+            iplog.update(:visited_at => Time.now)
+        end
+    else
+        Iplog.create(:ip_addr => request.ip, :visited_at => Time.now)
+    end
+end
+
 get '/' do
     `whoami`
 end
 
-post '/' do
+post '/:public_key' do
     content_type :json
     # Check params
     status 400
     return { :error => "Please indicate a subdomain" }.to_json unless params.has_key?("subdomain")
-    return { :error => "Please indicate a public key" }.to_json unless params.has_key?("public_key")
     return { :error => "Subdomain is invalid: #{params[:subdomain]}.#{DOMAIN}" }.to_json unless params[:subdomain].match /^[a-z0-9-]{3,16}$/
     return { :error => "Key is invalid: #{params[:public_key]}" }.to_json unless params[:public_key].match /^[a-z0-9]{22}==$/i
 
@@ -63,12 +90,13 @@ post '/' do
     end
 end
 
-put '/' do
+put '/:public_key' do
     content_type :json
     # Check params
-    status 400
-    return { :error => "Please indicate a public key" }.to_json unless params.has_key?("public_key")
-    return { :error => "Key is invalid: #{params[:public_key]}" }.to_json unless params[:public_key].match /^[a-z0-9]{22}==$/i
+    unless params[:public_key].match /^[a-z0-9]{22}==$/i
+        status 400
+        return { :error => "Key is invalid: #{params[:public_key]}" }.to_json
+    end
 
     entry = Entry.first(:public_key => params[:public_key])
     unless request.ip == entry.current_ip
@@ -84,6 +112,19 @@ put '/' do
     end
 end
 
+delete '/:public_key' do
+    content_type :json
+    # Check params
+    unless params[:public_key].match /^[a-z0-9]{22}==$/i
+        status 400
+        return { :error => "Key is invalid: #{params[:public_key]}" }.to_json
+    end
+
+    if entry = Entry.first(:public_key => params[:public_key])
+        return "OK" if entry.destroy
+    end
+end
+
 get '/all' do
     unless request.ip == ALLOWED_IP
         status 403
@@ -93,14 +134,50 @@ get '/all' do
     Entry.all.to_json
 end
 
-get '/ips' do
+get '/:public_key/ips' do
     unless request.ip == ALLOWED_IP
         status 403
         return "Access denied"
     end
     content_type :json
-    Entry.first(:public_key => params[:public_key]).ips.ip_addr.to_json
+    unless params[:public_key].match /^[a-z0-9]{22}==$/i
+        status 400
+        return { :error => "Key is invalid: #{params[:public_key]}" }.to_json
+    end
+    ips = []
+    Entry.first(:public_key => params[:public_key]).ips.all.each do |ip|
+        ips.push(ip.ip_addr)
+    end
+    ips.to_json
+end
+
+get '/ban/:ip_to_ban' do
+    unless request.ip == ALLOWED_IP
+        status 403
+        return "Access denied"
+    end
+    unless params[:ip_to_ban].match /^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/
+        status 400
+        return { :error => "IP is invalid: #{params[:ip_to_ban]}" }.to_json
+    end
+
+    Ipban.create(:ip_addr => params[:ip_to_ban])
+    Ipban.all.to_json
+end
+
+get '/unban/:ip_to_ub' do
+    unless request.ip == ALLOWED_IP
+        status 403
+        return "Access denied"
+    end
+    unless params[:ip_to_ub].match /^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/
+        status 400
+        return { :error => "IP is invalid: #{params[:ip_to_ub]}" }.to_json
+    end
+
+    Ipban.first(:ip_addr => params[:ip_to_ub]).destroy
+    Ipban.all.to_json
 end
 
 
-DataMapper.auto_upgrade!
+DataMapper.auto_migrate!