1.1.3

index.js

@@ -48,19 +48,19 @@ const isIPReportedRecently = (rayId, ip, reportedIPs) => {
 const reportIP = async (event, country, hostname, endpoint, userAgent, cycleErrorCounts) => {
 	const uri = `${hostname}${endpoint}`;
 	if (!uri) {
-		logToCSV(event.rayName, event.clientIP, country, hostname, endpoint, event.userAgent, 'MISSING_URI');
+		logToCSV(event.rayName, event.clientIP, country, hostname, endpoint, event.userAgent, event.action, 'MISSING_URI');
 		log('warn', `Missing URL ${event.clientIP}; URI: ${uri}`);
 		return false;
 	}
 
 	if (event.clientIP === clientIp.address) {
-		logToCSV(event.rayName, event.clientIP, country, hostname, endpoint, event.userAgent, 'YOUR_IP_ADDRESS');
+		logToCSV(event.rayName, event.clientIP, country, hostname, endpoint, event.userAgent, event.action, 'YOUR_IP_ADDRESS');
 		log('log', `Your IP address (${event.clientIP}) was unexpectedly received from Cloudflare. URI: ${uri}; Ignoring...`);
 		return false;
 	}
 
 	if (uri.length > MAX_URL_LENGTH) {
-		logToCSV(event.rayName, event.clientIP, country, hostname, endpoint, event.userAgent, 'URI_TOO_LONG');
+		logToCSV(event.rayName, event.clientIP, country, hostname, endpoint, event.userAgent, event.action, 'URI_TOO_LONG');
 		log('log', `URL too long ${event.clientIP}; URI: ${uri}`);
 		return false;
 	}
@@ -72,13 +72,13 @@ const reportIP = async (event, country, hostname, endpoint, userAgent, cycleErro
 			comment: generateComment(event)
 		}, { headers: headers.ABUSEIPDB });
 
-		logToCSV(event.rayName, event.clientIP, country, hostname, endpoint, event.userAgent, 'REPORTED');
+		logToCSV(event.rayName, event.clientIP, country, hostname, endpoint, event.userAgent, event.action, 'REPORTED');
 		log('log', `Reported ${event.clientIP}; URI: ${uri}`);
 
 		return true;
 	} catch (err) {
 		if (err.response?.status === 429) {
-			logToCSV(event.rayName, event.clientIP, country, hostname, endpoint, event.userAgent, 'TOO_MANY_REQUESTS');
+			logToCSV(event.rayName, event.clientIP, country, hostname, endpoint, event.userAgent, event.action, 'TOO_MANY_REQUESTS');
 			log('log', `Rate limited while reporting ${event.clientIP} (${event.rayName}); Endpoint: ${endpoint}`);
 			cycleErrorCounts.blocked++;
 		} else {

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "cf-waf-to-abuseipdb",
-  "version": "1.1.2",
+  "version": "1.1.3",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "cf-waf-to-abuseipdb",
-      "version": "1.1.2",
+      "version": "1.1.3",
       "license": "MIT",
       "dependencies": {
         "axios": "^1.7.7",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "cf-waf-to-abuseipdb",
-  "version": "1.1.2",
+  "version": "1.1.3",
   "description": "A Node.js project that enables automatic reporting of incidents detected by Cloudflare WAF to the AbuseIPDB database.",
   "keywords": [
     "abuseipdb",

scripts/csv.js

@@ -4,7 +4,7 @@ const log = require('./log.js');
 
 const CSV_FILE_PATH = path.join(__dirname, '..', 'reported_ips.csv');
 const MAX_CSV_SIZE_BYTES = 4 * 1024 * 1024; // 4 MB
-const CSV_HEADER = 'Timestamp,CF RayID,IP,Country,Hostname,Endpoint,User-Agent,Action,SefinekAPI\n';
+const CSV_HEADER = 'Timestamp,CF RayID,IP,Country,Hostname,Endpoint,User-Agent,Action taken,Status,Sefinek API\n';
 
 if (!fs.existsSync(CSV_FILE_PATH)) fs.writeFileSync(CSV_FILE_PATH, CSV_HEADER);
 
@@ -21,9 +21,9 @@ const escapeCSVValue = value => {
 	return value || '';
 };
 
-const logToCSV = (rayId, ip, country, hostname, endpoint, useragent, action, sefinekAPI) => {
+const logToCSV = (rayId, ip, country = 'N/A', hostname, endpoint, useragent, actionTaken = 'N/A', status = 'N/A', sefinekAPI) => {
 	checkCSVSize();
-	const logLine = `${new Date().toISOString()},${rayId},${ip},${country || 'N/A'},${hostname},${escapeCSVValue(endpoint)},${escapeCSVValue(useragent)},${action},${sefinekAPI || false}`;
+	const logLine = `${new Date().toISOString()},${rayId},${ip},${country},${hostname},${escapeCSVValue(endpoint)},${escapeCSVValue(useragent)},${actionTaken.toUpperCase()},${status},${sefinekAPI || false}`;
 	fs.appendFileSync(CSV_FILE_PATH, logLine + '\n');
 };
 
@@ -48,7 +48,8 @@ const readReportedIPs = () => {
 				endpoint: parts[5],
 				useragent: parts[6].replace(/(^"|"$)/g, ''),
 				action: parts[7],
-				sefinekAPI: parts[8] === 'true'
+				status: parts[8],
+				sefinekAPI: parts[9] === 'true'
 			};
 		})
 		.filter(item => item !== null);
@@ -66,7 +67,7 @@ const updateSefinekAPIInCSV = (rayId, reportedToSefinekAPI) => {
 	const updatedLines = lines.map(line => {
 		const parts = line.split(/,(?=(?:[^"]*"[^"]*")*[^"]*$)/g);
 		if (parts.length >= 9 && parts[1] === rayId) {
-			parts[8] = reportedToSefinekAPI;
+			parts[9] = reportedToSefinekAPI;
 			return parts.join(',');
 		}
 		return line;

scripts/sefinekAPI.js

@@ -5,7 +5,7 @@ const log = require('./log.js');
 const SEFINEK_API_URL = process.env.SEFINEK_API_URL || `${process.env.NODE_ENV === 'production' ? 'https://api.sefinek.net' : 'http://127.0.0.1:4010'}/api/v2/cloudflare-waf-abuseipdb/post`;
 
 module.exports = async () => {
-	const reportedIPs = readReportedIPs().filter(ip => ip.action === 'REPORTED' && !ip.sefinekAPI);
+	const reportedIPs = readReportedIPs().filter(ip => ip.status === 'REPORTED' && !ip.sefinekAPI);
 	if (reportedIPs.length === 0) return log('log', 'No IPs with `action Reported` and `SefinekAPI false` to send to Sefinek API');
 
 	const uniqueLogs = reportedIPs.reduce((acc, ip) => {