feat: v2 checks implementation and syntax

cmd/anubis/main.go

@@ -31,6 +31,7 @@
 	"github.com/TecharoHQ/anubis/data"
 	"github.com/TecharoHQ/anubis/internal"
 	libanubis "github.com/TecharoHQ/anubis/lib"
+	"github.com/TecharoHQ/anubis/lib/checker/headerexists"
 	botPolicy "github.com/TecharoHQ/anubis/lib/policy"
 	"github.com/TecharoHQ/anubis/lib/policy/config"
 	"github.com/TecharoHQ/anubis/lib/thoth"
@@ -323,7 +324,7 @@
 	if *debugBenchmarkJS {
 		policy.Bots = []botPolicy.Bot{{
 			Name:   "",
-			Rules:  botPolicy.NewHeaderExistsChecker("User-Agent"),
+			Rules:  headerexists.New("User-Agent"),
 			Action: config.RuleBenchmark,
 		}}
 	}

cmd/robots2policy/main.go

@@ -12,6 +12,7 @@ import (
 	"regexp"
 	"strings"
 
+	"github.com/TecharoHQ/anubis/lib/checker/expression"
 	"github.com/TecharoHQ/anubis/lib/policy/config"
 
 	"sigs.k8s.io/yaml"
@@ -37,11 +38,11 @@ type RobotsRule struct {
 }
 
 type AnubisRule struct {
-	Expression *config.ExpressionOrList `yaml:"expression,omitempty" json:"expression,omitempty"`
-	Challenge  *config.ChallengeRules   `yaml:"challenge,omitempty" json:"challenge,omitempty"`
-	Weight     *config.Weight           `yaml:"weight,omitempty" json:"weight,omitempty"`
-	Name       string                   `yaml:"name" json:"name"`
-	Action     string                   `yaml:"action" json:"action"`
+	Expression *expression.Config     `yaml:"expression,omitempty" json:"expression,omitempty"`
+	Challenge  *config.ChallengeRules `yaml:"challenge,omitempty" json:"challenge,omitempty"`
+	Weight     *config.Weight         `yaml:"weight,omitempty" json:"weight,omitempty"`
+	Name       string                 `yaml:"name" json:"name"`
+	Action     string                 `yaml:"action" json:"action"`
 }
 
 func init() {
@@ -224,11 +225,11 @@ func convertToAnubisRules(robotsRules []RobotsRule) []AnubisRule {
 			}
 
 			if userAgent == "*" {
-				rule.Expression = &config.ExpressionOrList{
+				rule.Expression = &expression.Config{
 					All: []string{"true"}, // Always applies
 				}
 			} else {
-				rule.Expression = &config.ExpressionOrList{
+				rule.Expression = &expression.Config{
 					All: []string{fmt.Sprintf("userAgent.contains(%q)", userAgent)},
 				}
 			}
@@ -249,11 +250,11 @@ func convertToAnubisRules(robotsRules []RobotsRule) []AnubisRule {
 				rule.Name = fmt.Sprintf("%s-global-restriction-%d", *policyName, ruleCounter)
 				rule.Action = "WEIGH"
 				rule.Weight = &config.Weight{Adjust: 20} // Increase difficulty significantly
-				rule.Expression = &config.ExpressionOrList{
+				rule.Expression = &expression.Config{
 					All: []string{"true"}, // Always applies
 				}
 			} else {
-				rule.Expression = &config.ExpressionOrList{
+				rule.Expression = &expression.Config{
 					All: []string{fmt.Sprintf("userAgent.contains(%q)", userAgent)},
 				}
 			}
@@ -285,7 +286,7 @@ func convertToAnubisRules(robotsRules []RobotsRule) []AnubisRule {
 			pathCondition := buildPathCondition(disallow)
 			conditions = append(conditions, pathCondition)
 
-			rule.Expression = &config.ExpressionOrList{
+			rule.Expression = &expression.Config{
 				All: conditions,
 			}
 

errors.go

@@ -0,0 +1,7 @@
+package anubis
+
+import "errors"
+
+var (
+	ErrMisconfiguration = errors.New("[unexpected] policy: administrator misconfiguration")
+)

lib/anubis.go

@@ -28,15 +28,17 @@ import (
 	"github.com/TecharoHQ/anubis/internal/dnsbl"
 	"github.com/TecharoHQ/anubis/internal/ogtags"
 	"github.com/TecharoHQ/anubis/lib/challenge"
+	"github.com/TecharoHQ/anubis/lib/checker"
 	"github.com/TecharoHQ/anubis/lib/localization"
 	"github.com/TecharoHQ/anubis/lib/policy"
-	"github.com/TecharoHQ/anubis/lib/policy/checker"
 	"github.com/TecharoHQ/anubis/lib/policy/config"
 	"github.com/TecharoHQ/anubis/lib/store"
 
+	// checker implementations
+	_ "github.com/TecharoHQ/anubis/lib/checker/all"
+
 	// challenge implementations
-	_ "github.com/TecharoHQ/anubis/lib/challenge/metarefresh"
-	_ "github.com/TecharoHQ/anubis/lib/challenge/proofofwork"
+	_ "github.com/TecharoHQ/anubis/lib/challenge/all"
 )
 
 var (
@@ -549,7 +551,7 @@ func (s *Server) check(r *http.Request) (policy.CheckResult, *policy.Bot, error)
 		if matches {
 			return cr("threshold/"+t.Name, t.Action, weight), &policy.Bot{
 				Challenge: t.Challenge,
-				Rules:     &checker.List{},
+				Rules:     &checker.Any{},
 			}, nil
 		}
 	}
@@ -560,6 +562,6 @@ func (s *Server) check(r *http.Request) (policy.CheckResult, *policy.Bot, error)
 			ReportAs:   s.policy.DefaultDifficulty,
 			Algorithm:  config.DefaultAlgorithm,
 		},
-		Rules: &checker.List{},
+		Rules: &checker.Any{},
 	}, nil
 }

lib/challenge/all/all.go

@@ -0,0 +1,6 @@
+package all
+
+import (
+	_ "github.com/TecharoHQ/anubis/lib/challenge/metarefresh"
+	_ "github.com/TecharoHQ/anubis/lib/challenge/proofofwork"
+)

lib/checker/all.go

@@ -0,0 +1,35 @@
+package checker
+
+import (
+	"fmt"
+	"net/http"
+	"strings"
+
+	"github.com/TecharoHQ/anubis/internal"
+)
+
+type All []Interface
+
+func (a All) Check(r *http.Request) (bool, error) {
+	for _, c := range a {
+		match, err := c.Check(r)
+		if err != nil {
+			return match, err
+		}
+		if !match {
+			return false, err // no match
+		}
+	}
+
+	return true, nil // match
+}
+
+func (a All) Hash() string {
+	var sb strings.Builder
+
+	for _, c := range a {
+		fmt.Fprintln(&sb, c.Hash())
+	}
+
+	return internal.FastHash(sb.String())
+}

lib/checker/all/all.go

@@ -0,0 +1,10 @@
+// Package all imports all of the standard checker types.
+package all
+
+import (
+	_ "github.com/TecharoHQ/anubis/lib/checker/expression"
+	_ "github.com/TecharoHQ/anubis/lib/checker/headerexists"
+	_ "github.com/TecharoHQ/anubis/lib/checker/headermatches"
+	_ "github.com/TecharoHQ/anubis/lib/checker/path"
+	_ "github.com/TecharoHQ/anubis/lib/checker/remoteaddress"
+)

lib/checker/all_test.go

@@ -0,0 +1,70 @@
+package checker
+
+import (
+	"net/http"
+	"testing"
+)
+
+func TestAll_Check(t *testing.T) {
+	tests := []struct {
+		name     string
+		checkers []MockChecker
+		want     bool
+		wantErr  bool
+	}{
+		{
+			name: "All match",
+			checkers: []MockChecker{
+				{Result: true, Err: nil},
+				{Result: true, Err: nil},
+			},
+			want:    true,
+			wantErr: false,
+		},
+		{
+			name: "One not match",
+			checkers: []MockChecker{
+				{Result: true, Err: nil},
+				{Result: false, Err: nil},
+			},
+			want:    false,
+			wantErr: false,
+		},
+		{
+			name: "No match",
+			checkers: []MockChecker{
+				{Result: false, Err: nil},
+				{Result: false, Err: nil},
+			},
+			want:    false,
+			wantErr: false,
+		},
+		{
+			name: "Error encountered",
+			checkers: []MockChecker{
+				{Result: true, Err: nil},
+				{Result: false, Err: http.ErrNotSupported},
+			},
+			want:    false,
+			wantErr: true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			var all All
+			for _, mc := range tt.checkers {
+				all = append(all, mc)
+			}
+
+			got, err := all.Check(nil)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("All.Check() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if got != tt.want {
+				t.Errorf("All.Check() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}

lib/checker/any.go

@@ -0,0 +1,35 @@
+package checker
+
+import (
+	"fmt"
+	"net/http"
+	"strings"
+
+	"github.com/TecharoHQ/anubis/internal"
+)
+
+type Any []Interface
+
+func (a Any) Check(r *http.Request) (bool, error) {
+	for _, c := range a {
+		match, err := c.Check(r)
+		if err != nil {
+			return match, err
+		}
+		if match {
+			return true, err // match
+		}
+	}
+
+	return false, nil // no match
+}
+
+func (a Any) Hash() string {
+	var sb strings.Builder
+
+	for _, c := range a {
+		fmt.Fprintln(&sb, c.Hash())
+	}
+
+	return internal.FastHash(sb.String())
+}

lib/checker/any_test.go

@@ -0,0 +1,83 @@
+package checker
+
+import (
+	"net/http"
+	"testing"
+)
+
+type MockChecker struct {
+	Result bool
+	Err    error
+}
+
+func (m MockChecker) Check(r *http.Request) (bool, error) {
+	return m.Result, m.Err
+}
+
+func (m MockChecker) Hash() string {
+	return "mock-hash"
+}
+
+func TestAny_Check(t *testing.T) {
+	tests := []struct {
+		name     string
+		checkers []MockChecker
+		want     bool
+		wantErr  bool
+	}{
+		{
+			name: "All match",
+			checkers: []MockChecker{
+				{Result: true, Err: nil},
+				{Result: true, Err: nil},
+			},
+			want:    true,
+			wantErr: false,
+		},
+		{
+			name: "One match",
+			checkers: []MockChecker{
+				{Result: false, Err: nil},
+				{Result: true, Err: nil},
+			},
+			want:    true,
+			wantErr: false,
+		},
+		{
+			name: "No match",
+			checkers: []MockChecker{
+				{Result: false, Err: nil},
+				{Result: false, Err: nil},
+			},
+			want:    false,
+			wantErr: false,
+		},
+		{
+			name: "Error encountered",
+			checkers: []MockChecker{
+				{Result: false, Err: nil},
+				{Result: false, Err: http.ErrNotSupported},
+			},
+			want:    false,
+			wantErr: true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			var any Any
+			for _, mc := range tt.checkers {
+				any = append(any, mc)
+			}
+
+			got, err := any.Check(nil)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("Any.Check() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if got != tt.want {
+				t.Errorf("Any.Check() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}

lib/checker/checker.go

@@ -0,0 +1,17 @@
+// Package checker defines the Checker interface and a helper utility to avoid import cycles.
+package checker
+
+import (
+	"errors"
+	"net/http"
+)
+
+var (
+	ErrUnparseableConfig = errors.New("checker: config is unparseable")
+	ErrInvalidConfig     = errors.New("checker: config is invalid")
+)
+
+type Interface interface {
+	Check(*http.Request) (matches bool, err error)
+	Hash() string
+}