The service accepts a JSON POST request with data about an IP Access with the following structure:
{"username": "bob", "unix_timestamp": 1514764006, "event_uuid": "85ad929a-db03-4bf4-9541-8f728fa12e46", "ip_address": "203.2.218.214"}
An SQLite database is used to store the IP Access along with the coordinates of the IP Access. The database contains the following fields.
When a new IP Access is posted to the API, a database query for previous and subsequent IP Accesses by the user executes. The query results go into a JSON IP Access Report
containing data about the current, previous, and subsequent IP Access. The report also contains the best guess about whether the previous or subsequent IP Access is suspicious. The IP Access Report
is returned to the API caller and has the following structure:
{"currentGeo":{"lat":39.211,"lon":-76.8362,"radius":5},"travelToCurrentGeoSuspicious":false,"travelFromCurrentGeoSuspicious":true,"precedingIpAccess":{"ip":"","speed":0,"lat":0,"lon":0,"radius":0,"timestamp":0},"subsequentIpAccess":{"ip":"203.2.218.214","speed":11331113,"lat":-33.8919,"lon":151.1554,"radius":500,"timestamp":1514764006}}
If a user would need to travel over 500 km an hour to each destination to sign in - the IP Access is considered suspicious. The service can check the "travel speed" of a user by examining the timestamp and coordinates of the previous and subsequent IP Accesses.
For the Object Relational Mapper
github.com/jinzhu/gorm v1.9.10
For the Geo IP coordinate lookups
github.com/oschwald/geoip2-golang v1.3.0 github.com/oschwald/maxminddb-golang v1.3.1 // indirect
For calculating the distance between coordinates
github.com/umahmood/haversine v0.0.0-20151105152445-808ab04add26
Clone or download this repository into you Go workspace
$ git clone https://github.com/NEPDAVE/supermanDetector.git
cd
into the supermanDetector
directory, build the binary, and run the program
$ cd supermanDetector
$ go build
$ ./supermanDetector
To create an IP Access report run curl -X POST -d '{"username": "bob", "unix_timestamp": 1514764007, "event_uuid": "85ad929a-db03-4bf4-9541-8f728fa12e47", "ip_address": "203.2.218.214"}' http://localhost:5000/v1/ipaccess
$ docker pull dstreck/superman-detector
$ docker run -p 5000:5000 dstreck/superman-detector:latest
$ curl -X POST -d '{"username": "bob", "unix_timestamp": 1514764007, "event_uuid": "85ad929a-db03-4bf4-9541-8f728fa12e47", "ip_address": "203.2.218.214"}' http://localhost:5000/v1/ipaccess`
Addtional Curl commands for manual testing:
Hong_Kong
curl -X POST -d '{"username": "bob", "unix_timestamp": 1514764000, "event_uuid": "85ad929a-db03-4bf4-9541-8f728fa12e40", "ip_address": "119.28.48.231"}' http://localhost:5000/v1/ipaccess
New York
curl -X POST -d '{"username": "bob", "unix_timestamp": 1514764001, "event_uuid": "85ad929a-db03-4bf4-9541-8f728fa12e41", "ip_address": "206.81.252.6"}' http://localhost:5000/v1/ipaccess
Moscow
curl -X POST -d '{"username": "bob", "unix_timestamp": 1514764002, "event_uuid": "85ad929a-db03-4bf4-9541-8f728fa12e42", "ip_address": "31.173.221.5"}' http://localhost:5000/v1/ipaccess
Sydney - 6,4
curl -X POST -d '{"username": "bob", "unix_timestamp": 1514764006, "event_uuid": "85ad929a-db03-4bf4-9541-8f728fa12e46", "ip_address": "203.2.218.214"}' http://localhost:5000/v1/ipaccess