munin-f2b-remote/f2b-responder.py

#!/usr/bin/env python

from contextlib import suppress
from http import HTTPStatus
from http.server import SimpleHTTPRequestHandler, ThreadingHTTPServer
from pathlib import Path
from random import choices
from signal import SIGTERM, signal
from socket import AF_INET6, IPPROTO_IPV6, IPV6_V6ONLY, socket
from sqlite3 import connect
from string import ascii_lowercase
from sys import stderr
from tempfile import gettempdir
from threading import Thread
from types import FrameType
from typing import NamedTuple

_F2B_DBPATH = Path('/', 'var', 'db', 'fail2ban', 'fail2ban.sqlite3')
_CONFIG_RESULT = """\
graph_category fail2ban
graph_title {db_table} DB table statistics
graph_vlabel Database record count by jail name
graph_printf %3.0lf
"""


def _log_message(message: str) -> None:
    'Do a simple log on `stderr`.'
    stderr.write(f'=== {message}\n')


class _JailInfo(NamedTuple):
    id: int
    name: str


class F2bRemoteRequestHandler(SimpleHTTPRequestHandler):
    server_version = 'F2bRemoteRequestHandler'
    _randompath = Path(
        gettempdir(),
        ''.join(choices(population=ascii_lowercase, k=15)))

    def __init__(
            self, request: socket, client_address: tuple[str, int],
            server: ThreadingHTTPServer):
        super().__init__(
            request=request, client_address=client_address, server=server,
            directory=str(self._randompath))

    def __send_403(self) -> None:
        'Send a HTTP 403.'
        self.send_error(code=HTTPStatus.FORBIDDEN)

    def __get_jails(self) -> list[_JailInfo]:
        'Return the list of jails.'
        cursor = self.__connection.cursor()
        cursor.execute('SELECT `ROWID`, `name` FROM `jails` ORDER BY `ROWID`')
        result = list[_JailInfo]()
        while row := cursor.fetchone():
            result.append(_JailInfo(*row))
        cursor.close()
        return result

    def __send_data_response(self, body: str) -> None:
        'Encode and send a response with a HTTP 200.'
        body_bytes = body.encode(encoding='utf-8', errors='surrogateescape')
        self.send_response(code=HTTPStatus.OK)
        self.send_header(
            keyword='Content-Type', value='text/plain; charset=utf-8')
        self.send_header(keyword='Content-Length', value=str(len(body_bytes)))
        self.send_header(keyword='Connection', value='close')
        self.end_headers()
        self.wfile.write(body_bytes)

    def __get_config(self, db_table: str) -> None:
        'Send the current plugin configuration for `db_table`.'
        message = _CONFIG_RESULT.format(db_table=db_table)
        for jail in self.__get_jails():
            message += f'usercount{jail.id}.label {jail.name}\n'
            message += f'usercount{jail.id}.draw LINE1\n'
        self.__send_data_response(body=message)

    def __get_data(self, db_table: str) -> None:
        'Return organized data for the requested `db_table`.'
        output = ''
        cursor = self.__connection.cursor()
        jails = self.__get_jails()
        in_clause = ', '.join(f'\'{jail.name}\'' for jail in jails)
        db_query = (
            f'SELECT `jail`, COUNT(*) FROM `{db_table}` WHERE `jail` IN '
            f'({in_clause}) GROUP BY `jail`')
        cursor.execute(db_query)
        result = dict[str, int]()
        while row := cursor.fetchone():
            jail_name, count = row
            result[jail_name] = count
        cursor.close()
        for jail_id, jail_name in jails:
            count = result.get(jail_name) or 0
            output += f'usercount{jail_id}.value {count}\n'
        self.__send_data_response(body=output)

    def do_GET(self) -> None:
        'Overwriting `do_GET`.'
        self.__connection = connect(database=_F2B_DBPATH)
        match(self.path):
            case '/db/bans/config/':
                self.__get_config(db_table='bans')
            case '/db/bips/config/':
                self.__get_config(db_table='bips')
            case '/db/bans/data/':
                self.__get_data(db_table='bans')
            case '/db/bips/data/':
                self.__get_data(db_table='bips')
            case _:
                self.__send_403()
        self.__connection.close()

    do_HEAD = do_POST = __send_403


class DualStackThreadingHttpServer(ThreadingHTTPServer):
    address_family = AF_INET6

    def server_bind(self):
        # suppress exception when protocol is IPv4-only
        with suppress(OSError):
            self.socket.setsockopt(IPPROTO_IPV6, IPV6_V6ONLY, 0)
        return super().server_bind()


server = DualStackThreadingHttpServer(
    server_address=('', 8000), RequestHandlerClass=F2bRemoteRequestHandler,
    bind_and_activate=True)


def shutdown(signalnum: int, frame: FrameType | None):
    'Shut down upon SIGTERM.'
    _log_message('Shutting down.')
    server.shutdown()


if __name__ == '__main__':
    signal(signalnum=SIGTERM, handler=shutdown)
    run_thread = Thread(
        target=server.serve_forever, kwargs=dict(poll_interval=1))
    _log_message('Serving.')
    run_thread.start()
    try:
        run_thread.join()
    except KeyboardInterrupt:
        pass
    _log_message('Server is shut down.')
Initial version 2024-08-06 18:18:31 +02:00			`#!/usr/bin/env python`

Listen on dual stack 2024-08-06 20:39:11 +02:00			`from contextlib import suppress`
Initial version 2024-08-06 18:18:31 +02:00			`from http import HTTPStatus`
			`from http.server import SimpleHTTPRequestHandler, ThreadingHTTPServer`
			`from pathlib import Path`
			`from random import choices`
			`from signal import SIGTERM, signal`
Listen on dual stack 2024-08-06 20:39:11 +02:00			`from socket import AF_INET6, IPPROTO_IPV6, IPV6_V6ONLY, socket`
Initial version 2024-08-06 18:18:31 +02:00			`from sqlite3 import connect`
			`from string import ascii_lowercase`
Add logging to stderr 2024-08-06 22:55:16 +02:00			`from sys import stderr`
Initial version 2024-08-06 18:18:31 +02:00			`from tempfile import gettempdir`
			`from threading import Thread`
			`from types import FrameType`
			`from typing import NamedTuple`

			`_F2B_DBPATH = Path('/', 'var', 'db', 'fail2ban', 'fail2ban.sqlite3')`
			`_CONFIG_RESULT = """\`
			`graph_category fail2ban`
			`graph_title {db_table} DB table statistics`
			`graph_vlabel Database record count by jail name`
Fix graph_printf 2024-08-06 22:35:47 +02:00			`graph_printf %3.0lf`
Initial version 2024-08-06 18:18:31 +02:00			`"""`


Add logging to stderr 2024-08-06 22:55:16 +02:00			`def _log_message(message: str) -> None:`
			'Do a simple log on `stderr`.'
			`stderr.write(f'=== {message}\n')`


Initial version 2024-08-06 18:18:31 +02:00			`class _JailInfo(NamedTuple):`
			`id: int`
			`name: str`


			`class F2bRemoteRequestHandler(SimpleHTTPRequestHandler):`
			`server_version = 'F2bRemoteRequestHandler'`
			`_randompath = Path(`
			`gettempdir(),`
			`''.join(choices(population=ascii_lowercase, k=15)))`

			`def __init__(`
			`self, request: socket, client_address: tuple[str, int],`
			`server: ThreadingHTTPServer):`
			`super().__init__(`
			`request=request, client_address=client_address, server=server,`
			`directory=str(self._randompath))`

			`def __send_403(self) -> None:`
			`'Send a HTTP 403.'`
			`self.send_error(code=HTTPStatus.FORBIDDEN)`

			`def __get_jails(self) -> list[_JailInfo]:`
			`'Return the list of jails.'`
			`cursor = self.__connection.cursor()`
			cursor.execute('SELECT `ROWID`, `name` FROM `jails` ORDER BY `ROWID`')
			`result = list[_JailInfo]()`
			`while row := cursor.fetchone():`
			`result.append(_JailInfo(*row))`
			`cursor.close()`
			`return result`

			`def __send_data_response(self, body: str) -> None:`
			`'Encode and send a response with a HTTP 200.'`
			`body_bytes = body.encode(encoding='utf-8', errors='surrogateescape')`
			`self.send_response(code=HTTPStatus.OK)`
			`self.send_header(`
			`keyword='Content-Type', value='text/plain; charset=utf-8')`
			`self.send_header(keyword='Content-Length', value=str(len(body_bytes)))`
			`self.send_header(keyword='Connection', value='close')`
			`self.end_headers()`
			`self.wfile.write(body_bytes)`

			`def __get_config(self, db_table: str) -> None:`
			'Send the current plugin configuration for `db_table`.'
			`message = _CONFIG_RESULT.format(db_table=db_table)`
			`for jail in self.__get_jails():`
			`message += f'usercount{jail.id}.label {jail.name}\n'`
Draw lines, not areas 2024-08-06 21:48:02 +02:00			`message += f'usercount{jail.id}.draw LINE1\n'`
Initial version 2024-08-06 18:18:31 +02:00			`self.__send_data_response(body=message)`

			`def __get_data(self, db_table: str) -> None:`
			'Return organized data for the requested `db_table`.'
			`output = ''`
			`cursor = self.__connection.cursor()`
			`jails = self.__get_jails()`
			`in_clause = ', '.join(f'\'{jail.name}\'' for jail in jails)`
			`db_query = (`
			f'SELECT `jail`, COUNT(*) FROM `{db_table}` WHERE `jail` IN '
			f'({in_clause}) GROUP BY `jail`')
			`cursor.execute(db_query)`
			`result = dict[str, int]()`
			`while row := cursor.fetchone():`
			`jail_name, count = row`
			`result[jail_name] = count`
			`cursor.close()`
			`for jail_id, jail_name in jails:`
			`count = result.get(jail_name) or 0`
Fix wrong value display 2024-08-06 22:00:26 +02:00			`output += f'usercount{jail_id}.value {count}\n'`
Initial version 2024-08-06 18:18:31 +02:00			`self.__send_data_response(body=output)`

			`def do_GET(self) -> None:`
			'Overwriting `do_GET`.'
			`self.__connection = connect(database=_F2B_DBPATH)`
			`match(self.path):`
			`case '/db/bans/config/':`
			`self.__get_config(db_table='bans')`
			`case '/db/bips/config/':`
			`self.__get_config(db_table='bips')`
			`case '/db/bans/data/':`
			`self.__get_data(db_table='bans')`
			`case '/db/bips/data/':`
			`self.__get_data(db_table='bips')`
			`case _:`
			`self.__send_403()`
			`self.__connection.close()`

			`do_HEAD = do_POST = __send_403`


Listen on dual stack 2024-08-06 20:39:11 +02:00			`class DualStackThreadingHttpServer(ThreadingHTTPServer):`
			`address_family = AF_INET6`

			`def server_bind(self):`
			`# suppress exception when protocol is IPv4-only`
			`with suppress(OSError):`
			`self.socket.setsockopt(IPPROTO_IPV6, IPV6_V6ONLY, 0)`
			`return super().server_bind()`


			`server = DualStackThreadingHttpServer(`
Initial version 2024-08-06 18:18:31 +02:00			`server_address=('', 8000), RequestHandlerClass=F2bRemoteRequestHandler,`
			`bind_and_activate=True)`


			`def shutdown(signalnum: int, frame: FrameType \| None):`
			`'Shut down upon SIGTERM.'`
Add logging to stderr 2024-08-06 22:55:16 +02:00			`_log_message('Shutting down.')`
Initial version 2024-08-06 18:18:31 +02:00			`server.shutdown()`


			`if __name__ == '__main__':`
			`signal(signalnum=SIGTERM, handler=shutdown)`
			`run_thread = Thread(`
			`target=server.serve_forever, kwargs=dict(poll_interval=1))`
Add logging to stderr 2024-08-06 22:55:16 +02:00			`_log_message('Serving.')`
Initial version 2024-08-06 18:18:31 +02:00			`run_thread.start()`
			`try:`
			`run_thread.join()`
			`except KeyboardInterrupt:`
			`pass`
Add logging to stderr 2024-08-06 22:55:16 +02:00			`_log_message('Server is shut down.')`