Merge pull request #56 from crowdsecurity/feature/add-magento2-bouncer-php-lib-update

Feature/add magento2 bouncer php lib update

Author: mobula9

composer.json

@@ -30,9 +30,9 @@
     ],
     "require": {
         "php": "^7.2 || ^8.0",
-        "symfony/config": "^5.2",
+        "symfony/config": "^4.4.27 || ^5.2",
         "symfony/cache": "^5.2",
-        "monolog/monolog": "^2.1",
+        "monolog/monolog": "^1.17 || ^2.1",
         "gregwar/captcha": "^1.1",
         "mlocati/ip-lib": "^1.14"
     },

composer.lock

@@ -9,13 +9,13 @@ RUN apk update \
     && docker-php-source delete \
     && docker-php-ext-install pdo_mysql \
     && docker-php-ext-install gd \
-    && echo "xdebug.remote_enable=on" >> /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini \
+    && echo "xdebug.mode=debug" >> /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini \
     && echo "xdebug.remote_autostart=off" >> /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini \
-    && echo "xdebug.remote_port=9001" >> /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini \
+    && echo "xdebug.client_port=9001" >> /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini \
     && echo "xdebug.remote_handler=dbgp" >> /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini \
-    && echo "xdebug.remote_connect_back=0" >> /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini \
+    && echo "xdebug.discover_client_host=0" >> /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini \
     && echo "xdebug.idekey=mertblog.net" >> /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini \
-    && echo "xdebug.remote_host=docker.for.mac.localhost" >> /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini \
+    && echo "xdebug.client_host=docker.for.mac.localhost" >> /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini \
     && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \
     && rm -rf /tmp/*
 

docker/php-8.0.Dockerfile

@@ -104,15 +104,15 @@ $cacheAdapter = new PhpFilesAdapter('', 0, __DIR__.'/.cache');
 
 $requestedIp = $argv[1];
 if (!$requestedIp) {
-    die('Usage: php check-ip.php <api_key>');
+    die('Usage: php check-ip.php <IP>');
 }
 
 // Init
-$bouncer = new Bouncer();
+$bouncer = new Bouncer($cacheAdapter);
 $bouncer->configure([
     'api_key' => getenv('BOUNCER_KEY'),
     'api_url' => 'http://crowdsec:8080'
-    ], $cacheAdapter
+    ]
 );
 
 // Ask remediation to LAPI
@@ -267,7 +267,7 @@ $bouncer->configure([
     'api_key' => getenv('BOUNCER_KEY'),
     'api_url' => 'http://crowdsec:8080',
     'max_remediation_level' => 'captcha' // <== ADD THIS LINE!
-    ], $cacheAdapter
+    ]
 );
 ```
 
@@ -309,7 +309,7 @@ and replace these lines:
 
 ```php
 // Instanciate the bouncer
-$bouncer = new Bouncer();
+$bouncer = new Bouncer($cacheAdapter);
 ```
 
 with:
@@ -328,7 +328,7 @@ $fileHandler = new RotatingFileHandler(__DIR__.'/crowdsec.log', 0, Logger::WARNI
 $logger->pushHandler($fileHandler);
 
 // Instanciate the bouncer
-$bouncer = new Bouncer($logger);
+$bouncer = new Bouncer($cacheAdapter, $logger);
 ```
 
 ## Important note about cache expiration
@@ -371,12 +371,12 @@ use Monolog\Logger;
 $cacheAdapter = new MemcachedAdapter(MemcachedAdapter::createConnection('memcached://memcached:11211'));
 
 
-// Instanciate the Stream logger with info level(optional)
+// Instantiate the Stream logger with info level(optional)
 $logger = new Logger('example');
 $fileHandler = new RotatingFileHandler(__DIR__.'/crowdsec.log', 0, Logger::WARNING);
 $logger->pushHandler($fileHandler);
 
-// Instanciate the bouncer
+// Instantiate the bouncer
 $bouncer = new Bouncer($cacheAdapter, $logger);
 $bouncer->configure([
     'api_key' => getenv('BOUNCER_KEY'),

docs/complete-guide.md

@@ -10,34 +10,38 @@ Here is the development environment for this library:
 ## The guidelines
 
 -   We use TDD to code the library, with PHP Unit
--   CI via Github actions: run all tests over each PHP versions
--   Git workflow: [Github Flow](https://guides.github.com/introduction/flow/)
+-   CI via GitHub actions: run all tests over each PHP versions
+-   Git workflow: [GitHub Flow](https://guides.github.com/introduction/flow/)
 -   PHP Source fully documented
 -   Versioning system: Semver
 -   Code coverage (not now)
 -   Coding standards using [php-cs-fixer](https://cs.symfony.com/) configuration in **.php_cs**
 
 ## Run tests
 
-First of all, install composer dependencies:
-
-```bash
-docker-compose run app composer install
-```
-
-Then run tests:
+Run tests with:
 
 ```bash
 ./tests-local.sh # This will test with PHP 7.2 version
 ```
 
-Alternatively, you can tests with various php versions:
+Alternatively, you can test with various php versions:
 
 ```bash
    ./tests-local-php7.3.sh
    ./tests-local-php7.4.sh
    ./tests-local-php8.0.sh
 ```
+N.B: If you have a permission error message while launching these scripts, you should try to remove first the
+`var/docker-data` (if exists) folder and build the images separately:
+
+```bash
+docker-compose build app
+docker-compose build app-php7.4
+docker-compose build app-php7.3
+docker-compose build app-php8.0
+```
+
 
 ## How to lint the code
 

docs/contribute.md

@@ -0,0 +1,124 @@
+# DDEV stack
+
+There are many ways to install this library on a local PHP environment.
+
+We are using [DDEV-Local](https://ddev.readthedocs.io/en/stable/) because it is quite simple to use and customize.
+
+You may use your own local stack, but we provide here some useful tools that depends on DDEV.
+
+
+<!-- START doctoc generated TOC please keep comment here to allow auto update -->
+
+<!-- END doctoc generated TOC please keep comment here to allow auto update -->
+
+
+## DDEV-Local setup
+
+For a quick start, follow the below steps.
+
+
+### DDEV installation
+
+Please follow the [official instructions](https://ddev.readthedocs.io/en/stable/#installation). On a Linux
+distribution, this should be as simple as
+
+    sudo apt-get install linuxbrew-wrapper
+    brew tap drud/ddev && brew install ddev
+
+
+### Prepare DDEV PHP environment
+
+The final structure of the project will look like below.
+
+```
+php-project-sources
+│   
+│ (your php project sources; could be a simple index.html file)    
+│
+└───.ddev
+│   │   
+│   │ (Cloned sources of a PHP specific ddev repo)
+│   
+└───my-own-modules
+    │   
+    │
+    └───crowdsec-php-lib
+       │   
+       │ (Clone of this repo)
+         
+```
+
+- Create an empty folder that will contain all necessary sources:
+```
+mkdir php-project-sources
+```
+- Create an empty `.ddev` folder for DDEV and clone our pre-configured DDEV repo:
+
+```
+mkdir php-project-sources/.ddev && cd php-project-sources/.ddev && git clone git@github.com:julienloizelet/ddev-php.
+git ./
+```
+- Copy some configurations file:
+
+By default, ddev will launch a PHP 7.2 container. If you want to work with another PHP version, copy the 
+corresponding config file. For example:
+
+```
+cp .ddev/config_overrides/config.php74.yaml .ddev/config.php74.yaml
+```
+- Launch DDEV
+
+```
+cd .ddev && ddev start
+```
+This should take some times on the first launch as this will download all necessary docker images.
+
+ 
+## Usage
+
+
+### Add CrowdSec bouncer and watcher
+
+- To create a new bouncer in the crowdsec container, run:
+
+```
+ddev create-bouncer [name]
+```
+
+It will return the bouncer key.
+
+- To create a new watcher, run:
+
+```
+ddev create-watcher [name] [password]
+```
+
+
+### Use composer to update or install the lib
+
+Run:
+
+```
+ddev composer update --working-dir ./my-own-modules/crowdsec-php-lib
+```
+
+### Unit test
+
+First, create a bouncer and keep the result key. 
+
+```
+ddev create-bouncer
+```
+
+Then, create a specific watcher for unit test:
+
+```
+ddev create-watcher PhpUnitTestMachine PhpUnitTestMachinePassword
+```
+
+Finally, run 
+
+
+```
+ddev exec BOUNCER_KEY=your-bouncer-key LAPI_URL=http://crowdsec:8080 MEMCACHED_DSN=memcached://memcached:11211 REDIS_DSN=redis://redis:6379 /usr/bin/php ./my-own-modules/crowdsec-php-lib/vendor/bin/phpunit --testdox --colors --exclude-group ignore ./my-own-modules/crowdsec-php-lib/tests/IpVerificationTest.php
+```

docs/ddev.md

@@ -22,11 +22,11 @@
 $logPath = __DIR__ . '/.crowdsec.log';
 $cachePath = __DIR__ . '/.cache';
 
-// Instanciate a the "PhpFilesAdapter" cache adapter
+// Instantiate a the "PhpFilesAdapter" cache adapter
 // Note: to select another cache adapter (Memcached, Redis, ...), try other examples.
 $cacheAdapter = new Symfony\Component\Cache\Adapter\PhpFilesAdapter('', 0, $cachePath);
 
-// Instanciate the Stream logger with info level(optional)
+// Instantiate the Stream logger with info level(optional)
 $logger = new Logger('example');
 
 // Display logs with INFO verbosity
@@ -38,7 +38,7 @@
 $fileHandler = new RotatingFileHandler($logPath, 0, Logger::WARNING);
 $logger->pushHandler($fileHandler);
 
-// Instanciate the bouncer
+// Instantiate the bouncer
 $bouncer = new Bouncer($cacheAdapter, $logger);
 $bouncer->configure(['api_key' => $bouncerApiKey, 'api_url' => $apiUrl]);
 

examples/clear-cache.php

@@ -21,9 +21,9 @@ git_base_dir=`git rev-parse --show-toplevel`
 # Update version everywhere (add and commit changes), tag and release
 git checkout main
 if [[ $platform == 'linux' ]]; then
-   sed -i -E "s/v[0-9]+\.[0-9]+\.[0-9]/$NEW_GIT_VERSION/" $git_base_dir/src/Constants.php
+   sed -i -E "s/v[0-9]+\.[0-9]+\.[0-9]+/$NEW_GIT_VERSION/" $git_base_dir/src/Constants.php
 else
-   sed -i "" -E "s/v[0-9]+\.[0-9]+\.[0-9]/$NEW_GIT_VERSION/" $git_base_dir/src/Constants.php
+   sed -i "" -E "s/v[0-9]+\.[0-9]+\.[0-9]+/$NEW_GIT_VERSION/" $git_base_dir/src/Constants.php
 fi
 git add $git_base_dir/src/Constants.php
 

scripts/publish-release.sh

@@ -1,7 +1,9 @@
 #!/bin/sh
 
+CONTAINER_NAME=${1:-app}
+
 # Delete existing LAPI database.
-[ -e ./var/docker-data/crowdsec.db ] && rm ./var/docker-data/crowdsec.db
+[ -e ./var/docker-data/crowdsec.db ] && docker-compose exec crowdsec rm -f /var/lib/crowdsec/data/crowdsec.db
 
 # Start containers.
 docker-compose up --force-recreate -d crowdsec
@@ -14,4 +16,4 @@ docker-compose exec crowdsec /usr/local/bin/cscli bouncers add bouncer-php-libra
 docker-compose exec crowdsec cscli machines add PhpUnitTestMachine --password PhpUnitTestMachinePassword > /dev/null 2>&1
 
 # Ensure composer deps are presents
-docker-compose run app composer install
+docker-compose run $CONTAINER_NAME composer install

scripts/setup-local-crowdsec.sh

@@ -29,6 +29,9 @@ abstract class AbstractBounce
     /** @var bool */
     protected $debug = false;
 
+    /** @var bool */
+    protected $displayErrors = false;
+
     /** @var LoggerInterface */
     protected $logger;
 
@@ -60,6 +63,11 @@ public function setDebug(bool $debug)
         $this->debug = $debug;
     }
 
+    public function setDisplayErrors(bool $displayErrors)
+    {
+        $this->displayErrors = $displayErrors;
+    }
+
     protected function initLoggerHelper($logDirectoryPath, $loggerName): void
     {
         // Singleton for this function
@@ -112,12 +120,12 @@ protected function bounceCurrentIp()
             $this->logger->warning('', [
                 'type' => 'UNKNOWN_EXCEPTION_WHILE_BOUNCING',
                 'ip' => $ip,
-                'messsage' => $e->getMessage(),
+                'message' => $e->getMessage(),
                 'code' => $e->getCode(),
                 'file' => $e->getFile(),
                 'line' => $e->getLine(),
             ]);
-            if ($this->debug) {
+            if ($this->displayErrors) {
                 throw $e;
             }
         }
@@ -206,11 +214,14 @@ protected function handleCaptchaResolutionForm(string $ip)
                 $this->getPostedVariable('phrase'),
                 $ip)) {
                 // User has correctly fill the captcha
-
                 $this->setSessionVariable('crowdsec_captcha_has_to_be_resolved', false);
                 $this->unsetSessionVariable('crowdsec_captcha_phrase_to_guess');
                 $this->unsetSessionVariable('crowdsec_captcha_inline_image');
                 $this->unsetSessionVariable('crowdsec_captcha_resolution_failed');
+                $redirect = $this->getSessionVariable('crowdsec_captcha_resolution_redirect')??'/';
+                $this->unsetSessionVariable('crowdsec_captcha_resolution_redirect');
+                header("Location: $redirect");
+                exit(0);
             } else {
                 // The user failed to resolve the captcha.
                 $this->setSessionVariable('crowdsec_captcha_resolution_failed', true);
@@ -229,6 +240,9 @@ protected function handleCaptchaRemediation($ip)
             $this->storeNewCaptchaCoupleInSession();
             $this->setSessionVariable('crowdsec_captcha_has_to_be_resolved', true);
             $this->setSessionVariable('crowdsec_captcha_resolution_failed', false);
+            $this->setSessionVariable('crowdsec_captcha_resolution_redirect', 'POST' === $this->getHttpMethod() &&
+                                                                              !empty($_SERVER['HTTP_REFERER']) ?
+                $_SERVER['HTTP_REFERER'] : $_SERVER['REQUEST_URI']);
         }
 
         // Display captcha page if this is required.