closedpizza-authorization.rb

# closedpizza-authorization.rb - mruby handler to check if all clients
# have accounts on closed.pizza, checked via ip address and result kept with lrucache
# there is also a redis class in h2o mruby but it probably isn't worth using

# to change returned status code/response for unauthorized users, see end of call method

# paths:
#   /:
#     mruby.handler-file: /path/to/closedpizza-authorization.rb

# lrucache class
require "/usr/share/h2o/mruby/lru_cache.rb"

class ClosedPizzaAuthorization
	def initialize()
		# make a new lrucache with size 64 to use through this class
		@cache = LRUCache.new(64)
	end

	# handler before every request
	def call(env)
		# get value from cache with key of the ip address
		# if the cache doesn't exist, do everything in this block 
		unless allowed = @cache.get(env["REMOTE_ADDR"])
			# closed.pizza ip existence api thing
			# this will check to see if the ip belongs to any user on closed.pizza
			req = http_request("http://closed.pizza/Bf9Euj6Vy3s3wDWC/#{env["REMOTE_ADDR"]}")
			# execute request and get status code
			status = req.join[0]
			# if status is 202 then the ip is ok, otherwise it isn't
			# value of 1 if ok, value of 2 if not good
			allowed = status == 202 ? 1 : 2
			# put allowed, an int of one byte, into cache
			@cache.set(env["REMOTE_ADDR"], allowed)
		end
		# ip address is allowed
		if allowed == 1
			# go to next handler (status 399) and return
			return [399, {}, []]
		end
		# ip address isn't allowed, return status 444, empty response
		# TODO: change this to 403? or somehow add ip address to fail2ban jail?
		[444, {}, []]
	end
end

# return new instance
ClosedPizzaAuthorization.new