Adds config settings, and a X hour unblock

  Use the config to set when to unblock ip.

.gitignore

@@ -7,4 +7,6 @@ pyvenv.cfg
 failUser.log
 __pycache__/
 bbs/
-tail-F_inotify.py
+tail-F_inotify.py
+failUser.cfg
+blocks.json

config.py

@@ -2,6 +2,9 @@
 from logging import basicConfig, DEBUG, INFO, WARN, ERROR, CRITICAL, getLogger
 from logging.handlers import TimedRotatingFileHandler
 from os.path import exists, join, dirname, abspath
+from json import loads, dumps
+from json.decoder import JSONDecodeError
+import pendulum
 
 # Get the full path for this file
 currentdir = dirname(abspath(__file__))
@@ -24,4 +27,77 @@ basicConfig(
     ],
 )
 
-log = getLogger("failUser")
+log = getLogger("failUser")
+
+# Config JSON
+def save_config(con):
+    with open("failUser.cfg", "w") as f:
+        f.write(dumps(con, indent=4, sort_keys=False))
+
+def load_config():
+    if not exists("failUser.cfg"):
+        now = pendulum.now().to_datetime_string()
+        defaults = {
+            # Target enigma logs
+            "target": "bbs/logs/enigma-bbs.log",
+            # block_time in hours
+            "block_time": 4,
+            # Last unblock
+            "last_unblock": now,
+        }
+        save_config(defaults)
+        return defaults
+    else:
+        with open("failUser.cfg", "r") as f:
+            config = loads(f.read())
+        return config
+
+# blocks in json
+def add_block(ip, time):
+    # first load in all blocks
+    try:
+        with open("blocks.json", "r") as f:
+            blocks = loads(f.read())
+    except FileNotFoundError:
+        blocks = {}
+        pass
+    # add ip and time
+    blocks[ip] = time
+    # update blocks
+    with open("blocks.json", "w") as f:
+        f.write(dumps(blocks))
+
+def rm_block(ip):
+    # first load all blocks
+    try:
+        with open("blocks.json", "r") as f:
+            blocks = loads(f.read())
+    except FileNotFoundError:
+        return
+    try:
+        if blocks[ip]:
+            del blocks[ip]
+        # update blocks
+        with open("blocks.json", "w") as f:
+            f.write(dumps(blocks))
+    except KeyError:
+        log.debug("Unable to unblock '{0}'".format(ip))
+
+def check_blocks():
+    # return a list of ips exceeding block_time in config
+    result = []
+    conf = load_config()
+    # load in blocks
+    try:
+        with open("blocks.json", "r") as f:
+            blocks = loads(f.read())
+    except FileNotFoundError:
+        return
+    now = pendulum.now()
+    for ip in blocks:
+        dt = pendulum.parse(blocks[ip])
+        if abs(now.diff(dt, False).in_hours()) < conf["block_time"]:
+            # Oops, this ip needs to be unblocked
+            result.append(ip)
+    if result:
+        return result

failUser.py

@@ -9,9 +9,11 @@ from pyinotify import IN_MODIFY, IN_DELETE, IN_MOVE_SELF, IN_CREATE
 import sys
 
 # Branch off the logging into a seperate file
-from config import log
+from config import log, load_config, add_block, rm_block, check_blocks
 
-myfile = join("bbs", "logs", "enigma-bbs.log")
+myConfig = load_config()
+
+myfile = myConfig["target"]
 TARGET = open(myfile, 'r')
 TARGET.seek(0,2)
 
@@ -23,6 +25,11 @@ def blocker(ip):
     run(["iptables", "-I", "DOCKER-USER", "-i", "eth0", "-s", ip, "-j", "DROP"], stdout=PIPE, check=True)
     # print("iptables -I DOCKER-USER -i eth0 -s {0} -j DROP".format(ip))
 
+def unblocker(ip):
+    # Utility function to unblock given ip as string
+    run(["iptables", "-D", "DOCKER-USER", "-i", "eth0", "-s", ip, "-j", "DROP"], stdout=PIPE, check=True)
+    # print("iptables -D DOCKER-USER -i eth0 -s {0} -j DROP".format(ip))
+
 def is_bad(line):
     # Given line, attempt to parse... then is there a issue with it
     # Returns a python dict with ip and time in log
@@ -37,6 +44,15 @@ def is_bad(line):
         except JSONDecodeError:
             log.error("Failed to decode line, '{0}'".format(line))
 
+def checkup():
+    # Check all our blocks
+    unblocks = check_blocks()
+    if unblocks:
+        for ip in unblocks:
+            log.info("Unblock {0}".format(ip))
+            unblocker(ip)
+            rm_block(ip)
+
 class EventHandler(ProcessEvent):
     def process_IN_MODIFY(self, event):
         if myfile not in join(event.path, event.name):
@@ -47,6 +63,8 @@ class EventHandler(ProcessEvent):
                 blocker(luser["ip"])
                 now = pendulum.now().to_datetime_string()
                 log.info("Blocked {0} at {1}".format(luser["ip"], now))
+                add_block(luser["ip"], now)
+
 
     def process_IN_MOVE_SELF(self, event):
         log.debug("Log file moved... continuing read on stale log!")
@@ -71,9 +89,15 @@ WM.add_watch(myfile[:index], dirmask)
 
 while True:
     try:
+        now = pendulum.now()
+        last = pendulum.parse(myConfig["last_unblock"])
+        if now.diff(last).in_hours():
+            myConfig["last_unblock"] = now.to_datetime_string()
+            checkup()
         notifier.process_events()
         if notifier.check_events():
             notifier.read_events()
+            # Also check any of our blocks too
     except KeyboardInterrupt:
         break