habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

policies: add GeoIP policy (#10454)

Browse Source 
* add GeoIP policy

* handle empty lists of ASNs and countries

* handle missing GeoIP database or missing IP from the database

The exceptions raised here are `PolicyException`s to let admins bypass
an execution failure.

* fix translations

whoops

* remove `GeoIPPolicyMode`

Use the policy binding's `negate` option instead

* fix `DataProvision` typing

`ak-dual-select-provider` can handle unpaginated data

* use `django-countries` instead of a static list of countries for ISO-3166

* simplify `GeoIPPolicyForm`

* pass `GeoIPPolicy` on empty policy

* add backend tests to `GeoIPPolicy`

* revise translations

* move `iso-3166/` to `policies/geoip_iso3166/`

* add client-side caching to ISO3166 API call

* fix `GeoIPPolicy` creation

The automatically generated APIs can't seem to handle `CountryField`,
so I'll have to do this by hand too.

* add docs for GeoIP Policy

* docs: stylize

add review suggestions from @tanberry

* refactor `GeoIPPolicy` API

It is now as declarative as I could make it.

* clean up `api.py` and `views.py`
This commit is contained in:
Simonyi Gergő
2024-08-06 12:37:29 +02:00
committed by GitHub
parent 87858afaf3
commit f7b16ed723
22 changed files with 1650 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
website/docs/policies/expression.mdx
View File

@ -55,6 +55,10 @@ import Objects from "../expressions/_objects.md";
- `geoip`: GeoIP dictionary. The following fields are available:
:::info
For basic country matching, consider using a [GeoIP policy](index.md#geoip-policy).
:::
- `continent`: a two character continent code like `NA` (North America) or `OC` (Oceania).
- `country`: the two character [ISO 3166-1](https://en.wikipedia.org/wiki/ISO_3166-1) alpha code for the country.
- `lat`: the approximate latitude of the location associated with the IP address.
@ -62,11 +66,15 @@ import Objects from "../expressions/_objects.md";
- `city`: the name of the city. May be empty.
```python
return context["geoip"]["country"] == "US"
return context["geoip"]["continent"] == "EU"
```
- `asn`: ASN dictionary. The follow fields are available:
:::info
For basic ASN matching, consider using a [GeoIP policy](index.md#geoip-policy).
:::
- `asn`: the autonomous system number associated with the IP address.
- `as_org`: the organization associated with the registered autonomous system number for the IP address.
- `network`: the network associated with the record. In particular, this is the largest network where all of the fields except `ip_address` have the same value.