Skip to content

Commit

Permalink
chore: refactor and clean up
Browse files Browse the repository at this point in the history
  • Loading branch information
JuroUhlar committed Dec 21, 2023
1 parent 25c0748 commit 78371e8
Show file tree
Hide file tree
Showing 4 changed files with 24 additions and 7 deletions.
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -56,3 +56,6 @@ tsconfig.tsbuildinfo

# MacOS Finder
.DS_Store

# Local experiments
.scratchpad/*
18 changes: 15 additions & 3 deletions src/pages/api/bot-firewall/block-bot-ip.ts
Original file line number Diff line number Diff line change
@@ -1,6 +1,10 @@
import { NextApiRequest, NextApiResponse } from 'next';
import { deleteBlockedIp, saveBlockedIp } from '../../../server/botd-firewall/saveBlockedIp';
import { syncCloudflareBotFirewallRule } from '../../../server/botd-firewall/updateFirewallRule';
import {
buildFirewallRules,
getBlockedIps,
updateFirewallRuleset as updateCloudflareRuleset,
} from '../../../server/botd-firewall/updateFirewallRule';
import { FingerprintJsServerApiClient, isEventError } from '@fingerprintjs/fingerprintjs-pro-server-api';
import { ALLOWED_REQUEST_TIMESTAMP_DIFF_MS, BACKEND_REGION, SERVER_API_KEY } from '../../../server/const';
import { ensurePostRequest } from '../../../server/server';
Expand All @@ -27,23 +31,31 @@ export default async function blockIp(req: NextApiRequest, res: NextApiResponse)
return;
}

// Validate block/unblock request
const { ip, blocked, requestId } = req.body as BlockIpPayload;

const { okay, message } = await validateBlockIpRequest(requestId, ip, req);
if (!okay) {
return res.status(403).json({ result: 'error', message } satisfies BlockIpResponse);
}

try {
// Save or remove blocked IP from database
if (blocked) {
await saveBlockedIp(ip);
} else {
await deleteBlockedIp(ip);
}
await syncCloudflareBotFirewallRule();

// Construct updated firewall rules from the blocked IP database and apply them to your Cloudflare application
const blockedIps = await getBlockedIps();
const newRules = await buildFirewallRules(blockedIps);
console.log(JSON.stringify(await updateCloudflareRuleset(newRules), null, 2));

// Return success
return res.status(200).json({ result: 'success', message: 'OK', ip, blocked } satisfies BlockIpResponse);
} catch (error) {
console.log(error);
// Catch unexpected errors and return 500 to the client
return res.status(500).json({ result: 'error', message: 'Internal server error.' } satisfies BlockIpResponse);
}
}
Expand Down
2 changes: 1 addition & 1 deletion src/pages/api/bot-firewall/get-blocked-ips.ts
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
import { NextApiRequest, NextApiResponse } from 'next';
import { BlockedIp, BlockedIpDbModel } from '../../../server/botd-firewall/saveBlockedIp';

export default async function getBlockedIps(req: NextApiRequest, res: NextApiResponse<BlockedIp[]>) {
export default async function handler(req: NextApiRequest, res: NextApiResponse<BlockedIp[]>) {
const blockedIps = await BlockedIpDbModel.findAll();
res.status(200).json(blockedIps);
}
8 changes: 5 additions & 3 deletions src/server/botd-firewall/updateFirewallRule.ts
Original file line number Diff line number Diff line change
Expand Up @@ -16,19 +16,21 @@ const MAX_IPS_PER_RULE = 84;
const MAX_RULES = 5;
const MAX_IPS = MAX_IPS_PER_RULE * MAX_RULES; // 420

export const getFirewallRules = async (): Promise<CloudflareRule[]> => {
// Get the list of blocked IPs from the database
export const getBlockedIps = async (): Promise<string[]> => {
const blockedIps = await BlockedIpDbModel.findAll({
order: [['timestamp', 'DESC']],
limit: MAX_IPS,
});
return blockedIps.map((ip) => ip.ip);
};

export const buildFirewallRules = async (blockedIps: string[]): Promise<CloudflareRule[]> => {
// Split the list of blocked IPs into chunks of MAX_IPS_PER_RULE length
const chunks = chunk(blockedIps, MAX_IPS_PER_RULE);

// Build the rule expression for each chunk
const ruleExpressions = chunks.map((chunk) => {
const ipList = chunk.map((ip) => `"${ip.ip}"`).join(' ');
const ipList = chunk.map((ip) => `"${ip}"`).join(' ');
return `http.x_forwarded_for in {${ipList}}`;
});

Expand Down

0 comments on commit 78371e8

Please sign in to comment.