test(geolocation): Add end to end tests for geolocation

Author: julienloizelet

.github/workflows/test-suite.yml

@@ -102,9 +102,16 @@ jobs:
           ./test-init.sh
           chmod +x run-tests.sh
             
-      - name: Run End to end test
+      - name: Run End to end test without geolocation
         run: |
           cd ${{ github.workspace }}/my-own-modules/crowdsec-php-lib/tests/end-to-end/__scripts__
           ./run-tests.sh ci "./__tests__/1-live-mode.js"
+
+      - name: Run End to end test with geolocation
+        run: |
+          cd ${{ github.workspace }}/my-own-modules/crowdsec-php-lib
+          sed -i  's/\x27enabled\x27 => false/\x27enabled\x27 => true/g' examples/auto-prepend/settings.php
+          cd ${{ github.workspace }}/my-own-modules/crowdsec-php-lib/tests/end-to-end/__scripts__
+          ./run-tests.sh ci "./__tests__/2-live-mode-with-geolocation.js"
       
 

tests/end-to-end/__scripts__/run-tests.sh

@@ -8,7 +8,7 @@
 YELLOW='\033[33m'
 RESET='\033[0m'
 if ! ddev --version >/dev/null 2>&1; then
-    printf "${YELLOW}Ddev is required for this script. Please see docs/ddev.md.${RESET}\n"
+    printf "%bDdev is required for this script. Please see docs/ddev.md.%b\n" "${YELLOW}" "${RESET}"
     exit 1
 fi
 
@@ -44,6 +44,7 @@ PHPVERSION=$(ddev exec printenv DDEV_PROJECT | sed 's/\r//g')
 PHP_URL=https://$HOSTNAME
 PROXY_IP=$(ddev find-ip ddev-router)
 BOUNCER_KEY=$(ddev exec grep "'api_key'" /var/www/html/my-own-modules/crowdsec-php-lib/examples/auto-prepend/settings.php | sed 's/api_key//g' | sed -e 's|[=>,"'\'']||g'  | sed s/'\s'//g)
+GEOLOC_ENABLED=$(ddev exec grep -E "'enabled'.*,$" /var/www/html/my-own-modules/crowdsec-php-lib/examples/auto-prepend/settings.php | sed 's/enabled//g' | sed -e 's|[=>,"'\'']||g'  | sed s/'\s'//g)
 JEST_PARAMS="--bail=true  --runInBand --verbose"
 # If FAIL_FAST, will exit on first individual test fail
 # @see CustomEnvironment.js
@@ -97,18 +98,19 @@ esac
 # Run command
 
 $COMMAND \
-PHP_URL=$PHP_URL \
+PHP_URL="$PHP_URL" \
 $DEBUG_STRING \
-BOUNCER_KEY=$BOUNCER_KEY \
-PROXY_IP=$PROXY_IP  \
+BOUNCER_KEY="$BOUNCER_KEY" \
+PROXY_IP="$PROXY_IP"  \
+GEOLOC_ENABLED="$GEOLOC_ENABLED" \
 LAPI_URL_FROM_PLAYWRIGHT=$LAPI_URL_FROM_PLAYWRIGHT \
-CURRENT_IP=$CURRENT_IP \
+CURRENT_IP="$CURRENT_IP" \
 TIMEOUT=$TIMEOUT \
 HEADLESS=$HEADLESS \
 FAIL_FAST=$FAIL_FAST \
 SLOWMO=$SLOWMO \
 yarn --cwd $YARN_PATH test \
-    $JEST_PARAMS \
+    "$JEST_PARAMS" \
     --json \
-    --outputFile=./.test-results-$PHPVERSION.json \
-    $FILE_LIST
+    --outputFile=./.test-results-"$PHPVERSION".json \
+    "$FILE_LIST"

tests/end-to-end/__scripts__/test-init.sh

@@ -5,7 +5,7 @@
 YELLOW='\033[33m'
 RESET='\033[0m'
 if ! ddev --version >/dev/null 2>&1; then
-    printf "${YELLOW}Ddev is required for this script. Please see docs/ddev.md.${RESET}\n"
+    printf "%bDdev is required for this script. Please see docs/ddev.md.%b\n" "${YELLOW}" "${RESET}"
     exit 1
 fi
 

tests/end-to-end/__tests__/1-live-mode.js

@@ -27,7 +27,6 @@ describe(`Live mode run`, () => {
         await publicHomepageShouldBeCaptchaWallWithMentions();
     });
 
-
     it("Should display a ban wall", async () => {
         await banIpForSeconds(15 * 60, CURRENT_IP);
         await publicHomepageShouldBeBanWall();
@@ -38,13 +37,10 @@ describe(`Live mode run`, () => {
         await publicHomepageShouldBeAccessible();
     });
 
-
     it("Should fallback to the selected remediation for unknown remediation", async () => {
         await removeAllDecisions();
         await addDecision(CURRENT_IP, "mfa", 15 * 60);
         await wait(1000);
         await publicHomepageShouldBeCaptchaWall();
-        
     });
 });
-

tests/end-to-end/__tests__/2-live-mode-with-geolocation.js

@@ -0,0 +1,54 @@
+/* eslint-disable no-undef */
+const {
+    CURRENT_IP,
+    GEOLOC_ENABLED,
+    GEOLOC_TEST_IP,
+    GEOLOC_BAD_COUNTRY,
+} = require("../utils/constants");
+
+const {
+    publicHomepageShouldBeBanWall,
+    publicHomepageShouldBeCaptchaWallWithMentions,
+    publicHomepageShouldBeAccessible,
+    publicHomepageShouldBeCaptchaWall,
+    banIpForSeconds,
+    captchaIpForSeconds,
+    removeAllDecisions,
+    wait,
+} = require("../utils/helpers");
+const { addDecision } = require("../utils/watcherClient");
+
+describe(`Live mode run with geolocation`, () => {
+    beforeAll(async () => {
+        if (!GEOLOC_ENABLED) {
+            const errorMessage = "Geolocation MUST be enabled to test this.";
+            console.error(errorMessage);
+            fail(errorMessage);
+        }
+        await removeAllDecisions();
+    });
+
+    it("Should bypass a clean IP with a clean country", async () => {
+        await publicHomepageShouldBeAccessible();
+    });
+
+    it("Should ban a bad IP (ban) with a clean country", async () => {
+        await banIpForSeconds(15 * 60, CURRENT_IP);
+        await publicHomepageShouldBeBanWall();
+    });
+
+    it("Should ban a clean IP with a bad country (ban)", async () => {
+        await removeAllDecisions();
+        await addDecision(GEOLOC_BAD_COUNTRY, "ban", 15 * 60, "Country");
+        await wait(1000);
+        await publicHomepageShouldBeBanWall();
+    });
+
+    it("Should ban a bad IP (ban) with a bad country (captcha)", async () => {
+        await removeAllDecisions();
+        await addDecision(GEOLOC_BAD_COUNTRY, "captcha", 15 * 60, "Country");
+        await addDecision(CURRENT_IP, "ban", 15 * 60);
+        await wait(1000);
+        await publicHomepageShouldBeBanWall();
+    });
+});

tests/end-to-end/utils/constants.js

@@ -2,6 +2,9 @@ const { PHP_URL } = process.env;
 
 const LAPI_URL_FROM_PHP = "http://crowdsec:8080";
 const PUBLIC_URL = '/my-own-modules/crowdsec-php-lib/examples/auto-prepend/public/protected-page.php'
+const GEOLOC_TEST_IP = "210.249.74.42";//JP
+const GEOLOC_ENABLED = process.env.GEOLOC_ENABLED == "true";
+const GEOLOC_BAD_COUNTRY = "JP";
 const { LAPI_URL_FROM_PLAYWRIGHT } = process.env;
 const { BOUNCER_KEY } = process.env;
 const WATCHER_LOGIN = "watcherLogin";
@@ -11,16 +14,20 @@ const { TIMEOUT } = process.env;
 const { CURRENT_IP } = process.env;
 const { PROXY_IP } = process.env;
 
+
 module.exports = {
     PHP_URL,
     BOUNCER_KEY,
     CURRENT_IP,
     DEBUG,
+    GEOLOC_TEST_IP,
     LAPI_URL_FROM_PHP,
     LAPI_URL_FROM_PLAYWRIGHT,
     PROXY_IP,
     PUBLIC_URL,
     TIMEOUT,
     WATCHER_LOGIN,
     WATCHER_PASSWORD,
+    GEOLOC_ENABLED,
+    GEOLOC_BAD_COUNTRY
 };

tests/end-to-end/utils/watcherClient.js

@@ -114,27 +114,30 @@ const auth = async () => {
 };
 
 module.exports.addDecision = async (
-    ipOrCidr,
-    remediation = "ban",
+    value,
+    remediation,
     durationInSeconds,
+    scope = "Ip"
 ) => {
     await auth();
-    let startIp;
-    let endIp;
-    if (ipOrCidr.split("/").length === 2) {
-        [startIp, endIp] = cidrToRange(ipOrCidr);
-    } else {
-        startIp = ipOrCidr;
-        endIp = ipOrCidr;
+    let finalScope = "Country";
+    if(["Ip", "Range"].includes(scope)){
+        let startIp;
+        let endIp;
+        if (value.split("/").length === 2) {
+            [startIp, endIp] = cidrToRange(value);
+        } else {
+            startIp = value;
+            endIp = value;
+        }
+        const startLongIp = ip2long(startIp);
+        const endLongIp = ip2long(endIp);
+        const isRange = startLongIp !== endLongIp;
+        finalScope = isRange ? "Range" : "Ip";
     }
-    const startLongIp = ip2long(startIp);
-    const endLongIp = ip2long(endIp);
-    const isRange = startLongIp !== endLongIp;
-    const scenario = `add ${remediation} to ${
-        isRange ? `range ${startIp} to ${endIp}` : `ip ${startIp}`
-    } for ${durationInSeconds} seconds for e2e tests`;
-    const scope = isRange ? "Range" : "Ip";
-    const value = ipOrCidr;
+    
+    const scenario = `add ${remediation} with scope/value ${scope}/${value} for ${durationInSeconds} seconds for e2e tests`;
+    
     const startAt = new Date();
     const stopAt = new Date();
     stopAt.setTime(stopAt.getTime() + durationInSeconds * 1000);
@@ -144,11 +147,9 @@ module.exports.addDecision = async (
             decisions: [
                 {
                     duration: `${durationInSeconds}s`,
-                    start_ip: startLongIp,
                     origin: "cscli",
                     scenario,
-                    scope,
-                    end_ip: endLongIp,
+                    scope: finalScope,
                     type: remediation,
                     value,
                 },
@@ -163,7 +164,7 @@ module.exports.addDecision = async (
             scenario_version: "",
             simulated: false,
             source: {
-                scope,
+                scope: finalScope,
                 value,
             },
             start_at: startAt.toISOString(),