anti
ffc275f051
Populates Attacker.country_code + country_source (MVP) using the five RIR delegated-stats files (ARIN/RIPE/APNIC/LACNIC/AFRINIC). Offline, license-free, no outbound traffic that could burn honeypot stealth. - decnet.geoip package with factory/base/lookup + rir/ subpackage (fetch/parse/provider) mirroring the db + bus factory convention - Profiler._build_record calls enrich_ip on every upsert - Idempotent ALTER TABLE migrations for both SQLite and MySQL - decnet geoip refresh/lookup CLI (master-only) - /var/lib/decnet/geoip seeded by decnet init - DECNET_GEOIP_ENABLED=false kill-switch; set in tests/conftest.py so unit tests never trigger the first-access fetch
35 lines
1009 B
Python
35 lines
1009 B
Python
"""GeoIP provider protocol.
|
|
|
|
Concrete providers (:mod:`decnet.geoip.rir`, future ``dbip``, ``maxmind``)
|
|
implement this. Callers must go through
|
|
:func:`~decnet.geoip.factory.get_provider`; never import a concrete
|
|
provider class directly.
|
|
"""
|
|
from __future__ import annotations
|
|
|
|
from abc import ABC, abstractmethod
|
|
from pathlib import Path
|
|
from typing import Sequence
|
|
|
|
from decnet.geoip.lookup import Lookup
|
|
|
|
|
|
class Provider(ABC):
|
|
"""Abstract GeoIP data provider."""
|
|
|
|
#: Short tag written to ``Attacker.country_source`` (e.g. ``'rir'``).
|
|
name: str
|
|
|
|
@abstractmethod
|
|
def refresh(self) -> None:
|
|
"""Download / regenerate the provider's raw data files."""
|
|
|
|
@abstractmethod
|
|
def build_lookup(self) -> Lookup:
|
|
"""Parse the on-disk data files and return a ready-to-query Lookup."""
|
|
|
|
@abstractmethod
|
|
def data_paths(self) -> Sequence[Path]:
|
|
"""Return the list of files this provider manages — used for staleness
|
|
detection. Order is not significant."""
|