crowdsecurity
diff --git a/‎.github/workflows/markdown.yml
Lines changed: 38 additions & 0 deletions b/‎.github/workflows/markdown.yml
Lines changed: 38 additions & 0 deletions
diff --git a/‎.github/workflows/test-suite.yml
Lines changed: 129 additions & 0 deletions b/‎.github/workflows/test-suite.yml
Lines changed: 129 additions & 0 deletions
diff --git a/‎.gitignore
Lines changed: 6 additions & 2 deletions b/‎.gitignore
Lines changed: 6 additions & 2 deletions
diff --git a/‎.php_cs renamed to ‎.php-cs-fixer.dist.php
Lines changed: 4 additions & 3 deletions b/‎.php_cs renamed to ‎.php-cs-fixer.dist.php
Lines changed: 4 additions & 3 deletions
diff --git a/‎README.md
Lines changed: 1 addition & 3 deletions b/‎README.md
Lines changed: 1 addition & 3 deletions
diff --git a/‎composer.json
Lines changed: 5 additions & 2 deletions b/‎composer.json
Lines changed: 5 additions & 2 deletions
diff --git a/‎docs/api/ApiCache.md
Lines changed: 4 additions & 3 deletions b/‎docs/api/ApiCache.md
Lines changed: 4 additions & 3 deletions
diff --git a/‎docs/configuration-reference.md
Lines changed: 74 additions & 10 deletions b/‎docs/configuration-reference.md
Lines changed: 74 additions & 10 deletions
@@ -0,0 +1,38 @@
+on:
+  workflow_dispatch:
+
+name: Markdown files test and update
+jobs:
+  markdown-test-and-update:
+    name: Markdown files test and update
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Clone sources
+        uses: actions/checkout@v2
+        with:
+          path: extension
+
+      - name: Launch localhost server
+        run: |
+          sudo npm install --global http-server
+          http-server ./extension &
+
+      - name: Set up Ruby 2.6
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 2.6
+
+      - name: Check links in Markdown files
+        run: |
+          gem install awesome_bot
+          cd extension
+          awesome_bot --files README.md,docs/ddev.md --allow-dupe --allow 401 --skip-save-results --white-list ddev.site,crowdsec --base-url http://localhost:8080/
+
+      - name: Generate table of contents
+        uses: technote-space/toc-generator@v4
+        with:
+          MAX_HEADER_LEVEL: 5
+          COMMIT_NAME: CrowdSec Dev Bot
+          TARGET_PATHS: 'docs/ddev.md'
+          CHECK_ONLY_DEFAULT_BRANCH: true
@@ -0,0 +1,129 @@
+name: Test suite
+on:
+  push:
+  pull_request:
+    branches:
+      - main
+  workflow_dispatch:
+
+jobs:
+  test-suite:
+    strategy:
+      fail-fast: false
+      matrix:
+        php-version: ['7.2', '7.3', '7.4', '8.0', '8.1']
+
+    name: Test suite
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Clone DDEV files
+        uses: actions/checkout@v2
+        with:
+          path: .ddev
+          repository: julienloizelet/ddev-php
+
+      - name: Install DDEV
+        env:
+          DDEV_VERSION: v1.18.2
+        run: |
+          # @see https://ddev.readthedocs.io/en/stable/#installationupgrade-script-linux-and-macos-armarm64-and-amd64-architectures
+          sudo apt-get -qq update
+          sudo apt-get -qq -y install libnss3-tools
+          curl -LO https://raw.githubusercontent.com/drud/ddev/master/scripts/install_ddev.sh
+          bash install_ddev.sh ${{env.DDEV_VERSION}}
+          ddev config global --instrumentation-opt-in=false --omit-containers=dba,ddev-ssh-agent
+          rm install_ddev.sh
+
+      - name: Set PHP_VERSION_CODE env
+        # used in some directory path and conventional file naming
+        # Example : 7.4 => 74
+        run: |
+           echo "PHP_VERSION_CODE=$(echo php${{ matrix.php-version }} | sed 's/\.//g' )" >> $GITHUB_ENV
+
+
+      - name: Start DDEV  with PHP ${{ matrix.php-version }}
+        run: |
+          cp .ddev/config_overrides/config.${{ env.PHP_VERSION_CODE }}.yaml .ddev/config.${{ env.PHP_VERSION_CODE }}.yaml
+          cp .ddev/additional_docker_compose/docker-compose.crowdsec.yaml .ddev/docker-compose.crowdsec.yaml
+          cp .ddev/additional_docker_compose/docker-compose.playwright.yaml .ddev/docker-compose.playwright.yaml
+          ddev start
+
+      - name: Set BOUNCER_KEY and PROXY_IP env
+        run: |
+          echo "BOUNCER_KEY=$(ddev create-bouncer)" >> $GITHUB_ENV
+          echo "PROXY_IP=$(ddev find-ip ddev-router)" >> $GITHUB_ENV
+
+      - name: Some DEBUG information
+        run: |
+          ddev --version
+          ddev exec php -v
+          ddev exec -s crowdsec crowdsec -version
+
+      - name: Clone PHP lib Crowdsec files
+        uses: actions/checkout@v2
+        with:
+          path: my-own-modules/crowdsec-php-lib
+
+      - name: Install CrowdSec lib dependencies
+        run: |
+          ddev composer update --working-dir ./my-own-modules/crowdsec-php-lib
+
+      - name: Prepare PHP UNIT tests
+        run: |
+          ddev create-watcher PhpUnitTestMachine PhpUnitTestMachinePassword
+          ddev maxmind-download DEFAULT GeoLite2-City /var/www/html/my-own-modules/crowdsec-php-lib/tests
+          ddev maxmind-download DEFAULT GeoLite2-Country /var/www/html/my-own-modules/crowdsec-php-lib/tests
+          cd my-own-modules/crowdsec-php-lib/tests
+          sha256sum -c GeoLite2-Country.tar.gz.sha256.txt
+          sha256sum -c GeoLite2-City.tar.gz.sha256.txt
+          tar -xf GeoLite2-Country.tar.gz
+          tar -xf GeoLite2-City.tar.gz
+          rm GeoLite2-Country.tar.gz GeoLite2-Country.tar.gz.sha256.txt GeoLite2-City.tar.gz GeoLite2-City.tar.gz.sha256.txt
+
+      - name: Run PHP UNIT tests
+        run: |
+          ddev exec BOUNCER_KEY=${{ env.BOUNCER_KEY }} LAPI_URL=http://crowdsec:8080 MEMCACHED_DSN=memcached://memcached:11211 REDIS_DSN=redis://redis:6379 /usr/bin/php ./my-own-modules/crowdsec-php-lib/vendor/bin/phpunit --testdox --colors --exclude-group ignore ./my-own-modules/crowdsec-php-lib/tests/IpVerificationTest.php
+          ddev exec BOUNCER_KEY=${{ env.BOUNCER_KEY }} LAPI_URL=http://crowdsec:8080  /usr/bin/php ./my-own-modules/crowdsec-php-lib/vendor/bin/phpunit --testdox --colors --exclude-group ignore ./my-own-modules/crowdsec-php-lib/tests/GeolocationTest.php
+
+      - name: Prepare END TO END tests
+        run: |
+          ddev create-watcher
+          cd ${{ github.workspace }}/.ddev
+          ddev crowdsec-prepend-nginx
+          cd ${{ github.workspace }}
+          cp .ddev/custom_files/crowdsec-lib-settings.php crowdsec-lib-settings.php
+          sed -i -e 's/REPLACE_API_KEY/${{ env.BOUNCER_KEY }}/g' crowdsec-lib-settings.php
+          sed -i -e 's/REPLACE_PROXY_IP/${{ env.PROXY_IP }}/g' crowdsec-lib-settings.php
+          mv crowdsec-lib-settings.php my-own-modules/crowdsec-php-lib/examples/auto-prepend/settings.php
+          cd ${{ github.workspace }}/my-own-modules/crowdsec-php-lib/tests/end-to-end/__scripts__
+          chmod +x test-init.sh
+          ./test-init.sh
+          chmod +x run-tests.sh
+            
+      - name: Run End to end test (live mode without geolocation)
+        run: |
+          cd ${{ github.workspace }}/my-own-modules/crowdsec-php-lib/tests/end-to-end/__scripts__
+          ./run-tests.sh ci "./__tests__/1-live-mode.js"
+
+      - name: Run End to end test (live mode with geolocation)
+        run: |
+          cd ${{ github.workspace }}/my-own-modules/crowdsec-php-lib
+          sed -i  's/\x27enabled\x27 => false/\x27enabled\x27 => true/g' examples/auto-prepend/settings.php
+          sed -i  's/\x27forced_test_ip\x27 => \x27\x27/\x27forced_test_ip\x27 => \x27210.249.74.42\x27/g' examples/auto-prepend/settings.php
+          cd ${{ github.workspace }}/my-own-modules/crowdsec-php-lib/tests/end-to-end/__scripts__
+          ./run-tests.sh ci "./__tests__/2-live-mode-with-geolocation.js"
+
+      - name: Run End to end test (stream mode without geolocation)
+        run: |
+          cd ${{ github.workspace }}/my-own-modules/crowdsec-php-lib
+          sed -i  's/\x27enabled\x27 => true/\x27enabled\x27 => false/g' examples/auto-prepend/settings.php
+          sed -i  's/\x27forced_test_ip\x27 => \x27210.249.74.42\x27/\x27forced_test_ip\x27 => \x27\x27/g' examples/auto-prepend/settings.php
+          sed -i  's/\x27stream_mode\x27 => false/\x27stream_mode\x27 => true/g' examples/auto-prepend/settings.php
+          cd ${{ github.workspace }}/my-own-modules/crowdsec-php-lib/tests/end-to-end/__scripts__
+          ./run-tests.sh ci "./__tests__/3-stream-mode.js"
+
+      - name: Run End to end test (standalone geolocation)
+        run: |
+          cd ${{ github.workspace }}/my-own-modules/crowdsec-php-lib/tests/end-to-end/__scripts__
+          ./run-tests.sh ci "./__tests__/4-geolocation.js"
@@ -7,7 +7,8 @@ vendor
 
 #Tools
 super-linter.log
-.php_cs.cache
+.php-cs-fixer.cache
+.php-cs-fixer.php
 
 # App
 /var/
@@ -17,4 +18,7 @@ super-linter.log
 # Auto prepend demo
 examples/auto-prepend/settings.php
 examples/auto-prepend/.logs
-examples/auto-prepend/.cache
+examples/auto-prepend/.cache
+
+# MaxMind databases
+*.mmdb
@@ -1,10 +1,11 @@
 <?php
 
 if (!file_exists(__DIR__.'/src')) {
-    exit(0);
+    exit(1);
 }
 
-return PhpCsFixer\Config::create()
+$config = new PhpCsFixer\Config("crowdsec-php-lib");
+return $config
     ->setRules([
         '@Symfony' => true,
         '@Symfony:risky' => true,
@@ -22,6 +23,6 @@
     ->setFinder(
         PhpCsFixer\Finder::create()
             ->in(__DIR__.'/src')
-            ->in(__DIR__.'/tests')
+            ->in(__DIR__.'/tests')->depth(0)
     )
 ;
@@ -1,6 +1,4 @@
-<p align="center">
-<img src="https://raw.githubusercontent.com/crowdsecurity/crowdsec-docs/main/docs/assets/images/crowdsec_logo.png" alt="CrowdSec" title="CrowdSec" width="200" height="120"/>
-</p>
+![CrowdSec Logo](docs/images/logo_crowdsec.png)
 
 # PHP Bouncer Library
 
 
@@ -34,12 +34,15 @@
         "symfony/cache": "^5.2",
         "monolog/monolog": "^1.17 || ^2.1",
         "gregwar/captcha": "^1.1",
-        "mlocati/ip-lib": "^1.14"
+        "mlocati/ip-lib": "^1.18",
+        "geoip2/geoip2": "^2.12.2"
     },
     "require-dev": {
         "bramus/monolog-colored-line-formatter": "^3.0",
         "symfony/var-dumper": "^5.2",
         "phpunit/phpunit": "8.5.21",
-        "clean/phpdoc-md": "^0.19.1"
+        "clean/phpdoc-md": "^0.19.1",
+        "phpmd/phpmd": "@stable",
+        "squizlabs/php_codesniffer": "^3.6.2"
     }
 }
@@ -75,7 +75,8 @@ The cache mecanism to store every decisions from LAPI/CAPI. Symfony Cache compon
 **Description**
 
 ```php
-public configure (bool $liveMode, string $apiUrl, int $timeout, string $userAgent, string $apiKey, int $cacheExpirationForCleanIp, int $cacheExpirationForBadIp, string $fallbackRemediation)
+public configure (bool $streamMode, string $apiUrl, int $timeout, string $userAgent, string $apiKey, int 
+$cacheExpirationForCleanIp, int $cacheExpirationForBadIp, string $fallbackRemediation)
 ```
 
 Configure this instance. 
@@ -84,8 +85,8 @@ Configure this instance.
 
 **Parameters**
 
-* `(bool) $liveMode`
-: If we use the live mode (else we use the stream mode)  
+* `(bool) $streamMode`
+: If we use the stream mode (else we use the live mode)  
 * `(string) $apiUrl`
 : The URL of the LAPI  
 * `(int) $timeout`
 
@@ -1,6 +1,7 @@
 # Full configuration reference
 
-```bash
+```php
+   use CrowdSecBouncer\StandAloneBounce;
    $config = [
        // Required. The bouncer api key to access LAPI or CAPI.
        'api_key'=> 'YOUR_BOUNCER_API_KEY',
@@ -11,25 +12,88 @@
        // Optional. HTTP user agent used to call CAPI or LAPI. Default to this library name/current version.
        'api_user_agent'=> 'CrowdSec PHP Library/x.x.x',
 
-       // Optional. In seconds. The timeout when calling CAPI/LAPI. Defaults to 2 sec.
-       'api_timeout'=> 2,
+       // Optional. In seconds. The timeout when calling CAPI/LAPI. Defaults to 1 sec.
+       'api_timeout'=> 1,
+       
+       // Optional. Select from 'bouncing_disabled', 'normal_bouncing' or 'flex_bouncing'.
+       'bouncing_level' => 'normal_bouncing',
+       
+       // Optional. Absolute path to store log files.
+       'log_directory_path' => __DIR__.'/.logs',
+       
+       // Optional. Select from 'phpfs' (File system cache), 'redis' or 'memcached'.
+       'cache_system' => 'phpfs',
+       
+       // Optional. Will be used only if you choose File system as cache_system
+       'fs_cache_path' => __DIR__.'/.cache',
+       
+       // Optional. Will be used only if you choose Redis cache as cache_system
+       'redis_dsn' => 'redis://localhost:6379',
+       
+       // Optional. Will be used only if you choose Memcached as cache_system
+       'memcached_dsn' => 'memcached://localhost:11211',
+       
+       // Optional. If you use a CDN, a reverse proxy or a load balancer, set an array of IPs.
+       // For other IPs, the bouncer will not trust the X-Forwarded-For header.
+       'trust_ip_forward_array' => [],
 
-       // Optional. true to enable live mode, false to enable the stream mode. Default to true.
-       'live_mode'=> true,
+       // Optional. true to enable stream mode, true to enable the stream mode. Default to false.
+       'stream_mode'=> false,
+       
+       // Optional. true to enable verbose debug log.
+       'debug_mode' => false,
+       
+       // Optional. true to stop the process and display errors if any.
+       'display_errors' => false,
 
-       // Optional. Cap the remediation to the selected one. Select from 'bypass' (minimum remediation), 'captcha' or 'ban' (maximum remediation). Defaults to 'ban'.
+       // Optional. true to hide CrowdSec mentions on ban and captcha walls.
+       'hide_mentions' => false,
+       
+       // Optional. Only for test or debug purpose.
+       // If not empty, it will be used for all remediation and geolocation processes.
+       // Default to empty
+       'forced_test_ip' => '1.2.3.4',
+       
+       // Optional. Cap the remediation to the selected one.
+       // Select from 'bypass' (minimum remediation),'captcha' or 'ban' (maximum remediation).
+       // Default to 'ban'.
        'max_remediation_level'=> 'ban',
 
-       // Optional. Handle unknown remediations as. Select from 'bypass' (minimum remediation), 'captcha' or 'ban' (maximum remediation). Defaults to 'captcha'.
+       // Optional. Handle unknown remediations as.
+       // Select from 'bypass' (minimum remediation), 'captcha' or 'ban' (maximum remediation).
+       // Default to 'captcha'.
        'fallback_remediation'=> 'captcha',
 
        // Optional. Set the duration we keep in cache the fact that an IP is clean. In seconds. Defaults to 5.
        'cache_expiration_for_clean_ip'=> '5',
 
        // Optional. Set the duration we keep in cache the fact that an IP is bad. In seconds. Defaults to 20.
        'cache_expiration_for_bad_ip'=> '20',
+       
+       // Optional. Settings for geolocation remediation (i.e. country based remediation).
+       'geolocation' => [
+             // Optional. true to enable remediation based on country.
+             // Default to false.
+             'enabled' => false,
+             // Optional. Geolocation system. Only 'maxmind' is available for the moment. 
+             // Default to 'maxmind'
+             'type' => 'maxmind',
+             // Optional. true to store the geolocalized country in session
+             // Setting true will avoid multiple call to the geolocalized system (e.g. maxmind database)
+             // Default to true.
+             'save_in_session' => true,
+             // Optional. MaxMind settings
+             'maxmind' => [
+                       // Optional. Select from 'country' or 'city'.
+                       // These are the two available MaxMind database types.
+                       // Default to 'country'
+                       'database_type' => 'country',
+                       // Optional. Absolute path to the MaxMind database (mmdb file).
+                       'database_path' => '/some/path/GeoLite2-Country.mmdb',
+             ]
+        ]       
    ]
-   $cacheAdapter = (...)
-   $bouncer = new Bouncer($cacheAdapter);
-   $bouncer->configure($config);
+   $bouncer = new StandAloneBounce();
+   $bouncer->init($config);
+   $bouncer->safelyBounce();
 ```
Original file line number	Diff line number	Diff line change
`@@ -1,10 +1,11 @@`
`1`	`1`	`<?php`
`2`	`2`
`3`	`3`	`if (!file_exists(__DIR__.'/src')) {`
`4`		`- exit(0);`
	`4`	`+ exit(1);`
`5`	`5`	`}`
`6`	`6`
`7`		`-return PhpCsFixer\Config::create()`
	`7`	`+$config = new PhpCsFixer\Config("crowdsec-php-lib");`
	`8`	`+return $config`
`8`	`9`	`->setRules([`
`9`	`10`	`'@Symfony' => true,`
`10`	`11`	`'@Symfony:risky' => true,`
`@@ -22,6 +23,6 @@`
`22`	`23`	`->setFinder(`
`23`	`24`	`PhpCsFixer\Finder::create()`
`24`	`25`	`->in(__DIR__.'/src')`
`25`		`- ->in(__DIR__.'/tests')`
	`26`	`+ ->in(__DIR__.'/tests')->depth(0)`
`26`	`27`	`)`
`27`	`28`	`;`