deghost

Documentation

Overview

Package deghost wraps the external fraud API used for IP reputation checks. It converts remote responses into local kill-policy decisions.

Index

• func ShouldKill(report *IPReport) bool
• type Client
  • func NewClient(baseURL string, timeout time.Duration) *Client
  • func (c *Client) CheckIP(ctx context.Context, ip string) (*IPReport, error)
• type IPReport
• type SecurityReport

Functions

func ShouldKill

func ShouldKill(report *IPReport) bool

ShouldKill reports whether the report matches the current kill policy.

Types

type Client

type Client struct {
	// contains filtered or unexported fields
}

Client calls the external fraud API used for IP reputation checks.

func NewClient

func NewClient(baseURL string, timeout time.Duration) *Client

NewClient creates a Client for the given API base URL.

func (*Client) CheckIP

func (c *Client) CheckIP(ctx context.Context, ip string) (*IPReport, error)

CheckIP fetches a fraud report for a single IP. It returns a nil report and nil error for HTTP 403 responses, which the API uses for private or reserved IPs.

type IPReport

type IPReport struct {
	IP       string         `json:"ip"`
	Security SecurityReport `json:"security"`
}

IPReport matches the API payload for IP fraud checks.

type SecurityReport

type SecurityReport struct {
	IsAbuser        bool `json:"is_abuser"`
	IsAttacker      bool `json:"is_attacker"`
	IsBogon         bool `json:"is_bogon"`
	IsCloudProvider bool `json:"is_cloud_provider"`
	IsProxy         bool `json:"is_proxy"`
	IsRelay         bool `json:"is_relay"`
	IsTor           bool `json:"is_tor"`
	IsTorExit       bool `json:"is_tor_exit"`
	IsVPN           bool `json:"is_vpn"`
	IsAnonymous     bool `json:"is_anonymous"`
	IsThreat        bool `json:"is_threat"`
}

SecurityReport describes fraud and anonymity signals for an IP.