diff --git a/doc/RELEASE-NOTES.md b/doc/RELEASE-NOTES.md index ccc9c949e..6fbf41aaa 100644 --- a/doc/RELEASE-NOTES.md +++ b/doc/RELEASE-NOTES.md @@ -6,7 +6,7 @@ in progress and may not always be a stable version. ### Enhancements: * Central anti-spam services: - * The two services from below require a central-api key, which + * The services from below require a central-api key, which you can [request here](https://www.unrealircd.org/central-api/). * [Central Blocklist](https://www.unrealircd.org/docs/Central_Blocklist) is an attempt to detect and block spammers. It works similar to DNS @@ -18,7 +18,12 @@ in progress and may not always be a stable version. the `SPAMREPORT` command. This information may then be used to improve [Central Blocklist](https://www.unrealircd.org/docs/Central_Blocklist) and/or [Central Spamfilter](https://www.unrealircd.org/docs/Central_Spamfilter). -* TODO: Mention Central API, central blocklist, central spamreport... + * The [Central Spamfilter](https://www.unrealircd.org/docs/Central_Spamfilter), + which provides spamfilter { } blocks that are centrally managed, is + now fetched from a different URL if you have an Central API key set. + This way, we can later provide spamfilter { } blocks that build on + central blocklist scoring functionality, and also don't have to reveal + the central spamfilter blocks to 100% of the world. * Make [Deny channel](https://www.unrealircd.org/docs/Deny_channel_block) support escaped sequences like `channel "#xyz\*";` so you can match a literal `*` or `?` via `\*` and `\?`. diff --git a/include/config.h b/include/config.h index f8f35eeb5..2ec569ad0 100644 --- a/include/config.h +++ b/include/config.h @@ -299,6 +299,11 @@ #define UNREALIRCD_DEFAULT_ECDH_CURVES "secp521r1:secp384r1:prime256v1" #endif +/* These can be changed via set::central-spamfilter::url and ::feed */ +#define DEFAULT_CENTRAL_SPAMFILTER_URL_OPEN_ACCESS "https://spamfilter.unrealircd.org/spamfilter/v6/$feed/central_spamfilter.conf" +#define DEFAULT_CENTRAL_SPAMFILTER_URL_RESTRICTED_ACCESS "https://spamfilter.unrealircd-api.org/spamfilter/v6/$feed/central_spamfilter.conf" +#define DEFAULT_CENTRAL_SPAMFILTER_FEED "standard" + /* These are just defaults, which you can override via set::dns */ #define DNS_DEFAULT_CLIENT_TIMEOUT 1500 #define DNS_DEFAULT_CLIENT_RETRIES 2 diff --git a/src/conf.c b/src/conf.c index 86029a57e..10615a4a5 100644 --- a/src/conf.c +++ b/src/conf.c @@ -1821,8 +1821,8 @@ void config_setdefaultsettings(Configuration *i) i->who_limit = 100; i->named_extended_bans = 1; i->high_connection_rate = 1000; - safe_strdup(i->central_spamfilter_url, "https://spamfilter.unrealircd.org/spamfilter/v6/$feed/central_spamfilter.conf"); - safe_strdup(i->central_spamfilter_feed, "standard"); + safe_strdup(i->central_spamfilter_url, DEFAULT_CENTRAL_SPAMFILTER_URL_OPEN_ACCESS); + safe_strdup(i->central_spamfilter_feed, DEFAULT_CENTRAL_SPAMFILTER_FEED); i->central_spamfilter_refresh_time = 3600; i->central_spamfilter_enabled = 0; i->central_spamfilter_except = safe_alloc(sizeof(SecurityGroup)); @@ -11955,6 +11955,8 @@ void central_spamfilter_start_download(void) { char url[512]; NameValuePrioList *nvp = NULL; + const char *apikey; + OutgoingWebRequest *request; if (central_spamfilter_downloading) return; @@ -11967,13 +11969,32 @@ void central_spamfilter_start_download(void) central_spamfilter_downloading = 1; + /* Prepare the request */ + request = safe_alloc(sizeof(OutgoingWebRequest)); + request->http_method = HTTP_METHOD_GET; + request->cachetime = CENTRAL_SPAMFILTER_CACHE_TIME; + request->callback = central_spamfilter_download_complete; + request->callback_data = NULL; + request->max_redirects = DOWNLOAD_MAX_REDIRECTS; + request->store_in_file = 1; + /* Build the URL */ add_nvplist(&nvp, 0, "feed", iConf.central_spamfilter_feed); - buildvarstring_nvp(iConf.central_spamfilter_url, url, sizeof(url), nvp, 0); + apikey = get_central_api_key(); + if (apikey && !strcmp(iConf.central_spamfilter_url, DEFAULT_CENTRAL_SPAMFILTER_URL_OPEN_ACCESS)) + { + /* Use the restricted URL */ + buildvarstring_nvp(DEFAULT_CENTRAL_SPAMFILTER_URL_RESTRICTED_ACCESS, url, sizeof(url), nvp, 0); + add_nvplist(&request->headers, 0, "X-API-Key", apikey); + } else { + /* Use the open access URL */ + buildvarstring_nvp(iConf.central_spamfilter_url, url, sizeof(url), nvp, 0); + } safe_free_nvplist(nvp); /* Start HTTPS request */ - download_file_async(url, CENTRAL_SPAMFILTER_CACHE_TIME, central_spamfilter_download_complete, NULL, DOWNLOAD_MAX_REDIRECTS); + safe_strdup(request->url, url); + url_start_async(request); } EVENT(central_spamfilter_download_evt)