diff --git a/src/server/botd-firewall/updateFirewallRule.test.ts b/src/server/botd-firewall/updateFirewallRule.test.ts new file mode 100644 index 00000000..a956d9c7 --- /dev/null +++ b/src/server/botd-firewall/updateFirewallRule.test.ts @@ -0,0 +1,66 @@ +import { buildFirewallRules } from './updateFirewallRule'; +import { describe, expect, it } from 'vitest'; + +describe('buildFirewallRules', () => { + it('should build a single firewall rule correctly', async () => { + const blockedIps = ['192.168.0.1', '10.0.0.1', '172.16.0.1']; + const expectedRules = [ + { + action: 'block', + description: 'Block Bot IP addresses #1', + expression: 'http.x_forwarded_for in {"192.168.0.1" "10.0.0.1" "172.16.0.1"}', + }, + ]; + const rules = await buildFirewallRules(blockedIps); + + expect(rules).toEqual(expectedRules); + }); + + // Add more test cases here... + it('should build multiple firewall rules correctly', async () => { + const blockedIps = [ + '68.237.223.37', + '53.40.210.202', + '140.184.133.152', + '253.221.155.217', + '195.43.16.78', + '2.2.2.2', + '2.2.2.2', + '2.2.2.2', + '2.2.2.2', + '2.2.2.2', + '3.3.3.3', + '3.3.3.3', + '3.3.3.3', + '3.3.3.3', + '3.3.3.3', + '4.4.4.4', + '4.4.4.4', + ]; + const expectedRules = [ + { + action: 'block', + description: 'Block Bot IP addresses #1', + expression: + 'http.x_forwarded_for in {"68.237.223.37" "53.40.210.202" "140.184.133.152" "253.221.155.217" "195.43.16.78"}', + }, + { + action: 'block', + description: 'Block Bot IP addresses #2', + expression: 'http.x_forwarded_for in {"2.2.2.2" "2.2.2.2" "2.2.2.2" "2.2.2.2" "2.2.2.2"}', + }, + { + action: 'block', + description: 'Block Bot IP addresses #3', + expression: 'http.x_forwarded_for in {"3.3.3.3" "3.3.3.3" "3.3.3.3" "3.3.3.3" "3.3.3.3"}', + }, + { + action: 'block', + description: 'Block Bot IP addresses #4', + expression: 'http.x_forwarded_for in {"4.4.4.4" "4.4.4.4"}', + }, + ]; + const rules = await buildFirewallRules(blockedIps, 5); + expect(rules).toEqual(expectedRules); + }); +}); diff --git a/src/server/botd-firewall/updateFirewallRule.ts b/src/server/botd-firewall/updateFirewallRule.ts index 92bd2e35..ba499363 100644 --- a/src/server/botd-firewall/updateFirewallRule.ts +++ b/src/server/botd-firewall/updateFirewallRule.ts @@ -24,9 +24,12 @@ export const getBlockedIps = async (): Promise => { return blockedIps.map((ip) => ip.ip); }; -export const buildFirewallRules = async (blockedIps: string[]): Promise => { +export const buildFirewallRules = async ( + blockedIps: string[], + maxIpsPerRule = MAX_IPS_PER_RULE, +): Promise => { // Split the list of blocked IPs into chunks of MAX_IPS_PER_RULE length - const chunks = chunk(blockedIps, MAX_IPS_PER_RULE); + const chunks = chunk(blockedIps, maxIpsPerRule); // Build the rule expression for each chunk const ruleExpressions = chunks.map((chunk) => {