feat(geolocation): Handle stream mode for country scope

Author: julienloizelet

.github/workflows/test-suite.yml

@@ -81,7 +81,6 @@ jobs:
           tar -xf GeoLite2-City.tar.gz
           rm GeoLite2-Country.tar.gz GeoLite2-Country.tar.gz.sha256.txt GeoLite2-City.tar.gz GeoLite2-City.tar.gz.sha256.txt
 
-
       - name: Run PHP UNIT tests
         run: |
           ddev exec BOUNCER_KEY=${{ env.BOUNCER_KEY }} LAPI_URL=http://crowdsec:8080 MEMCACHED_DSN=memcached://memcached:11211 REDIS_DSN=redis://redis:6379 /usr/bin/php ./my-own-modules/crowdsec-php-lib/vendor/bin/phpunit --testdox --colors --exclude-group ignore ./my-own-modules/crowdsec-php-lib/tests/IpVerificationTest.php
@@ -102,16 +101,24 @@ jobs:
           ./test-init.sh
           chmod +x run-tests.sh
             
-      - name: Run End to end test without geolocation
+      - name: Run End to end test (live mode without geolocation)
         run: |
           cd ${{ github.workspace }}/my-own-modules/crowdsec-php-lib/tests/end-to-end/__scripts__
           ./run-tests.sh ci "./__tests__/1-live-mode.js"
 
-      - name: Run End to end test with geolocation
+      - name: Run End to end test (live mode with geolocation)
         run: |
           cd ${{ github.workspace }}/my-own-modules/crowdsec-php-lib
           sed -i  's/\x27enabled\x27 => false/\x27enabled\x27 => true/g' examples/auto-prepend/settings.php
+          sed -i  's/\x27forced_test_ip\x27 => \x27\x27/\x27forced_test_ip\x27 => \x27210.249.74.42\x27/g' examples/auto-prepend/settings.php
           cd ${{ github.workspace }}/my-own-modules/crowdsec-php-lib/tests/end-to-end/__scripts__
           ./run-tests.sh ci "./__tests__/2-live-mode-with-geolocation.js"
-      
 
+      - name: Run End to end test (stream mode without geolocation)
+        run: |
+          cd ${{ github.workspace }}/my-own-modules/crowdsec-php-lib
+          sed -i  's/\x27enabled\x27 => true/\x27enabled\x27 => false/g' examples/auto-prepend/settings.php
+          sed -i  's/\x27forced_test_ip\x27 => \x27210.249.74.42\x27/\x27forced_test_ip\x27 => \x27\x27/g' examples/auto-prepend/settings.php
+          sed -i  's/\x27stream_mode\x27 => false/\x27stream_mode\x27 => true/g' examples/auto-prepend/settings.php
+          cd ${{ github.workspace }}/my-own-modules/crowdsec-php-lib/tests/end-to-end/__scripts__
+          ./run-tests.sh ci "./__tests__/3-stream-mode.js"

examples/auto-prepend/scripts/cache-actions.php

@@ -0,0 +1,51 @@
+<?php
+
+require_once __DIR__.'/../../../vendor/autoload.php';
+require_once __DIR__.'/../settings.php';
+
+use CrowdSecBouncer\StandAloneBounce;
+
+if (isset($_GET['action']) && in_array($_GET['action'],['refresh', 'clear', 'prune', 'warm-up'])) {
+    $action = $_GET['action'];
+    $bounce = new StandAloneBounce();
+    $bounce->setDebug($crowdSecStandaloneBouncerConfig['debug_mode']??false);
+    $bounce->setDisplayErrors($crowdSecStandaloneBouncerConfig['display_errors'] ?? false);
+    $bounce->init($crowdSecStandaloneBouncerConfig);
+    $bouncer = $bounce->getBouncerInstance();
+    switch ($action) {
+        case 'refresh':
+            $bouncer->refreshBlocklistCache();
+            break;
+        case 'clear':
+            $bouncer->clearCache();
+            break;
+        case 'prune':
+            $bouncer->pruneCache();
+            break;
+        case 'warm-up':
+            $bouncer->warmBlocklistCacheUp();
+            break;
+        default:
+            throw new Exception("Unknown cache action type:$action");
+    }
+
+    echo "
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset='utf-8'/>
+    <title>Cache action: $action</title>
+</head>
+
+<body>
+    <h1>Cache action has been done: $action</h1>
+</body>
+</html>
+";
+} else {
+    die('You must pass an "action" param (refresh or clear)' . PHP_EOL);
+}
+
+
+
+

examples/auto-prepend/scripts/cron-refresh-decisions.php

@@ -11,6 +11,7 @@
     'fs_cache_path' => __DIR__.'/.cache', // [FILL ME] Important note: be sur this path won't be publicly accessible!
 
     'bouncing_level' => Constants::BOUNCING_LEVEL_NORMAL,
+    'forced_test_ip' => '', // Set a specific for test purpose only (testing geolocation for example).
 
     'stream_mode' => false,
 
@@ -52,12 +53,11 @@
 
     'geolocation' => [
         'save_in_session' => true, // Set to true to avoid multiple call to the geolocation database
-        'test_public_ip' => '210.249.74.42', // Only if you test on a local network (docker, etc.)
         'enabled' => true, // Set to true if you want to geo-localize IP
         'type' => 'maxmind', // At this moment, only 'maxmind' type is available
         'maxmind' => [ // MaxMind settings
-            'database_type' => 'city', // You can set 'city' or 'country'
-            'database_path' => '/var/www/html/GeoLite2-City.mmdb' // Absolute path to the MaxMind database
+            'database_type' => 'country', // You can set 'city' or 'country'
+            'database_path' => '/var/www/html/GeoLite2-Country.mmdb' // Absolute path to the MaxMind database
         ]
     ]
 ];

examples/auto-prepend/settings.example.php

@@ -78,6 +78,11 @@ class ApiCache
      */
     private $cacheKey = [];
 
+    /**
+     * @var array|null
+     */
+    private $scopes;
+
     /**
      * @param LoggerInterface      $logger      The logger to use
      * @param ApiClient|null       $apiClient   The APIClient instance to use
@@ -140,6 +145,21 @@ public function configure(
         $this->apiClient->configure($apiUrl, $timeout, $userAgent, $apiKey);
     }
 
+    /**
+     * @return array
+     */
+    private function getScopes(): ?array
+    {
+        if($this->scopes === null){
+            $scopes = [Constants::SCOPE_IP, Constants::SCOPE_RANGE];
+            if (!empty($this->geolocConfig['enabled'])) {
+                $scopes[] =  Constants::SCOPE_COUNTRY;
+            }
+            $this->scopes = $scopes;
+        }
+        return $this->scopes;
+    }
+
     /**
      * Add remediation to a Symfony Cache Item identified by a cache key.
      *
@@ -556,7 +576,7 @@ public function warmUp(): array
             $this->clear();
         }
         $this->logger->debug('', ['type' => 'START_CACHE_WARMUP']);
-        $decisionsDiff = $this->apiClient->getStreamedDecisions(true);
+        $decisionsDiff = $this->apiClient->getStreamedDecisions(true, $this->getScopes());
         $newDecisions = $decisionsDiff['new'];
 
         $nbNew = 0;
@@ -602,7 +622,7 @@ public function pullUpdates(): array
         }
 
         $this->logger->debug('', ['type' => 'START_CACHE_UPDATE']);
-        $decisionsDiff = $this->apiClient->getStreamedDecisions();
+        $decisionsDiff = $this->apiClient->getStreamedDecisions(false, $this->getScopes());
         $newDecisions = $decisionsDiff['new'];
         $deletedDecisions = $decisionsDiff['deleted'];
 

src/ApiCache.php

@@ -56,13 +56,20 @@ public function getFilteredDecisions(array $filter): array
         return $this->restClient->request('/v1/decisions', $filter) ?: [];
     }
 
+
     /**
      * Request decisions using the stream mode. When the $startup flag is used, all the decisions are returned.
      * Else only the decisions updates (add or remove) from the last stream call are returned.
+     * @param bool $startup
+     * @param array $scopes
+     * @return array
      */
-    public function getStreamedDecisions(bool $startup = false): array
+    public function getStreamedDecisions(bool $startup = false, array $scopes = [Constants::SCOPE_IP, Constants::SCOPE_RANGE]): array
     {
         /** @var array */
-        return $this->restClient->request('/v1/decisions/stream', $startup ? ['startup' => 'true'] : null);
+        return $this->restClient->request(
+            '/v1/decisions/stream',
+            ['startup' => $startup ? 'true': 'false', 'scopes' => implode(',', $scopes)]
+        );
     }
 }

src/ApiClient.php

@@ -53,6 +53,7 @@ public function __construct(AbstractAdapter $cacheAdapter = null, LoggerInterfac
      * Configure this instance.
      *
      * @param array $config An array with all configuration parameters
+     * @throws \Psr\Cache\InvalidArgumentException
      */
     public function configure(array $config): void
     {
@@ -107,12 +108,14 @@ private function capRemediationLevel(string $remediation): string
      * @param string $ip The IP to check
      *
      * @return string the remediation to apply (ex: 'ban', 'captcha', 'bypass')
+     * @throws \Psr\Cache\InvalidArgumentException
      */
     public function getRemediationForIp(string $ip): string
     {
-        $address = Factory::parseAddressString($ip, ParseStringFlag::MAY_INCLUDE_ZONEID);
+        $ipToCheck = !empty($this->config['forced_test_ip']) ? $this->config['forced_test_ip'] : $ip;
+        $address = Factory::parseAddressString($ipToCheck, ParseStringFlag::MAY_INCLUDE_ZONEID);
         if (null === $address) {
-            throw new BouncerException("IP $ip format is invalid.");
+            throw new BouncerException("IP $ipToCheck format is invalid.");
         }
         $remediation = $this->apiCache->get($address);
 
@@ -166,6 +169,7 @@ public static function getCaptchaHtmlTemplate(bool $error, string $captchaImageS
      * This method should be called only to force a cache warm up.
      *
      * @return array "count": number of decisions added, "errors": decisions not added
+     * @throws \Psr\Cache\InvalidArgumentException
      */
     public function warmBlocklistCacheUp(): array
     {
@@ -177,6 +181,7 @@ public function warmBlocklistCacheUp(): array
      * This method should be called periodically (ex: crontab) in an asynchronous way to update the bouncer cache.
      *
      * @return array Number of deleted and new decisions, and errors when processing decisions
+     * @throws \Psr\Cache\InvalidArgumentException
      */
     public function refreshBlocklistCache(): array
     {
@@ -187,6 +192,7 @@ public function refreshBlocklistCache(): array
      * This method clear the full data in cache.
      *
      * @return bool If the cache has been successfully cleared or not
+     * @throws \Psr\Cache\InvalidArgumentException
      */
     public function clearCache(): bool
     {
@@ -218,7 +224,7 @@ public function getLogger(): LoggerInterface
      *
      * @return array an array composed of two items, a "phrase" string representing the phrase and a "inlineImage" representing the image data
      */
-    public static function buildCaptchaCouple()
+    public static function buildCaptchaCouple(): array
     {
         $captchaBuilder = new CaptchaBuilder();
 
@@ -238,7 +244,7 @@ public static function buildCaptchaCouple()
      *
      * @return bool If the captcha input was correct or not
      */
-    public function checkCaptcha(string $expected, string $try, string $ip)
+    public function checkCaptcha(string $expected, string $try, string $ip): bool
     {
         $solved = PhraseBuilder::comparePhrases($expected, $try);
         $this->logger->warning('', [
@@ -255,7 +261,7 @@ public function checkCaptcha(string $expected, string $try, string $ip)
      *
      * @return void If the connection was successful or not
      *
-     * @throws BouncerException if the connection was not successful
+     * @throws BouncerException|\Psr\Cache\InvalidArgumentException if the connection was not successful
      * */
     public function testConnection()
     {

src/Bouncer.php

@@ -33,6 +33,7 @@ public function getConfigTreeBuilder(): TreeBuilder
                 ->scalarNode('api_user_agent')->defaultValue(Constants::BASE_USER_AGENT)->end()
                 ->integerNode('api_timeout')->defaultValue(Constants::API_TIMEOUT)->end()
                 ->booleanNode('live_mode')->defaultValue(true)->end()
+                ->scalarNode('forced_test_ip')->end()
                 ->enumNode('max_remediation_level')
                     ->values(Constants::ORDERED_REMEDIATIONS)
                     ->defaultValue(Constants::REMEDIATION_BAN)
@@ -50,7 +51,6 @@ public function getConfigTreeBuilder(): TreeBuilder
                 ->arrayNode('geolocation')
                     ->addDefaultsIfNotSet()
                     ->children()
-                        ->scalarNode('test_public_ip')->end()
                         ->booleanNode('save_in_session')
                             ->defaultTrue()
                         ->end()

src/Configuration.php

@@ -85,12 +85,11 @@ public function getCountryResult(array $geolocConfig, string $ip): array
 
             return $result;
         }
-        $currentIp = empty($geolocConfig['test_public_ip']) ? $ip : $geolocConfig['test_public_ip'];
         switch ($geolocConfig['type']) {
             case Constants::GEOLOCATION_TYPE_MAXMIND:
                 $configPath = $geolocConfig[Constants::GEOLOCATION_TYPE_MAXMIND];
                 $result =
-                    $this->getMaxMindCountry($currentIp, $configPath['database_type'], $configPath['database_path']);
+                    $this->getMaxMindCountry($ip, $configPath['database_type'], $configPath['database_path']);
                 break;
             default:
                 throw new Exception('Unknown Geolocation type:'.$geolocConfig['type']);

src/Geolocation.php

@@ -99,6 +99,7 @@ public function getBouncerInstance(): Bouncer
         $fallbackRemediation = $this->getStringSettings('fallback_remediation');
         $bouncingLevel = $this->getStringSettings('bouncing_level');
         $geolocation = $this->getArraySettings('geolocation');
+        $forcedTestIp = $this->getStringSettings('forced_test_ip');
 
         // Init Bouncer instance
 
@@ -136,6 +137,7 @@ public function getBouncerInstance(): Bouncer
             'cache_expiration_for_clean_ip' => $cleanIpCacheDuration,
             'cache_expiration_for_bad_ip' => $badIpCacheDuration,
             'geolocation' => $geolocation,
+            'forced_test_ip' => $forcedTestIp
         ]);
 
         return $this->bouncer;