defender: don't return expired hosts/banned ip in GetHost too

2021-06-19 18:51:33 +02:00 · 2021-06-19 18:51:33 +02:00 · 81aac15a6c
commit 81aac15a6c
parent c1b862394d
2 changed files with 17 additions and 11 deletions
--- a/common/defender.go
+++ b/common/defender.go
@ -272,11 +272,19 @@ func (d *memoryDefender) GetHost(ip string) (*DefenderEntry, error) {
 		}, nil
 	}

-	if ev, ok := d.hosts[ip]; ok {
-		return &DefenderEntry{
-			IP:    ip,
-			Score: ev.TotalScore,
-		}, nil
+	if hs, ok := d.hosts[ip]; ok {
+		score := 0
+		for _, event := range hs.Events {
+			if event.dateTime.Add(time.Duration(d.config.ObservationTime) * time.Minute).After(time.Now()) {
+				score += event.score
+			}
+		}
+		if score > 0 {
+			return &DefenderEntry{
+				IP:    ip,
+				Score: score,
+			}, nil
+		}
 	}

 	return nil, utils.NewRecordNotFoundError("host not found")
--- a/common/defender_test.go
+++ b/common/defender_test.go
@ -246,12 +246,10 @@ func TestExpiredHostBans(t *testing.T) {
 	// the recorded scored are too old
 	res = defender.GetHosts()
 	assert.Len(t, res, 0)
-	// the old API still returns the host
-	entry, err = defender.GetHost(testIP)
-	assert.NoError(t, err)
-	assert.Equal(t, testIP, entry.IP)
-	assert.Empty(t, entry.GetBanTime())
-	assert.Equal(t, 5, entry.Score)
+	_, err = defender.GetHost(testIP)
+	assert.Error(t, err)
+	_, ok := defender.hosts[testIP]
+	assert.True(t, ok)
 }

 func TestLoadHostListFromFile(t *testing.T) {