JoshS/Cloudflare-WAF-To-AbuseIPDB
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Bug fixes

Browse source
This commit is contained in:
Sefinek 2024-09-10 17:58:41 +02:00
parent 3bb74b2748
commit 3e81810376
3 changed files with 13 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
index.js
View file

@ -29,8 +29,12 @@ const fetchBlockedIPs = async () => {
}
};
const isIPReportedRecently = (ip, reportedIPs) => {
const lastReport = reportedIPs.find(entry => entry.ip === ip && (entry.action === 'REPORTED' || entry.action === 'TOO_MANY_REQUESTS'));
const isIPReportedRecently = (rayId, ip, reportedIPs) => {
const lastReport = reportedIPs.find(entry =>
(entry.rayId === rayId || entry.ip === ip) &&
(entry.action === 'REPORTED' || entry.action === 'TOO_MANY_REQUESTS')
);
if (lastReport) {
const lastTimestamp = new Date(lastReport.timestamp).getTime();
const currentTime = Date.now();
@ -75,7 +79,7 @@ const reportIP = async (event, country, hostname, endpoint, userAgent, cycleErro
} catch (err) {
if (err.response?.status === 429) {
logToCSV(event.rayName, event.clientIP, country, hostname, endpoint, event.userAgent, 'TOO_MANY_REQUESTS');
log('log', `Rate limited (429) while reporting ${event.clientIP}; URI: ${uri}`);
log('log', `Rate limited while reporting ${event.clientIP} (${event.rayName}); Endpoint: ${endpoint}`);
cycleErrorCounts.blocked++;
} else {
log('error', `Error ${err.response?.status} while reporting ${event.clientIP}; URI: ${uri}; (${err.response?.data})`);
@ -125,11 +129,8 @@ const reportIP = async (event, country, hostname, endpoint, userAgent, cycleErro
for (const event of blockedIPEvents) {
cycleProcessedCount++;
const ip = event.clientIP;
const hostname = event.clientRequestHTTPHost;
const endpoint = event.clientRequestPath;
const country = event.clientCountryName;
const { recentlyReported, timeDifference } = isIPReportedRecently(ip, reportedIPs);
const { recentlyReported, timeDifference } = isIPReportedRecently(event.rayName, ip, reportedIPs);
if (recentlyReported) {
const hoursAgo = Math.floor(timeDifference / (1000 * 60 * 60));
const minutesAgo = Math.floor((timeDifference % (1000 * 60 * 60)) / (1000 * 60));
@ -142,8 +143,6 @@ const reportIP = async (event, country, hostname, endpoint, userAgent, cycleErro
if (isImageRequest(event.clientRequestPath)) {
cycleImageSkippedCount++;
if (!wasImageRequestLogged(ip, reportedIPs)) {
logToCSV(event.rayName, ip, country, hostname, endpoint, null, 'SKIPPED_IMAGE_REQUEST');
if (imageRequestLogged) continue;
log('log', 'Skipping image requests in this cycle...');
imageRequestLogged = true;
@ -152,7 +151,7 @@ const reportIP = async (event, country, hostname, endpoint, userAgent, cycleErro
continue;
}
const wasReported = await reportIP(event, country, hostname, endpoint, event.userAgent, cycleErrorCounts);
const wasReported = await reportIP(event, event.clientCountryName, event.clientRequestHTTPHost, event.clientRequestPath, event.userAgent, cycleErrorCounts);
if (wasReported) {
cycleReportedCount++;
await new Promise(resolve => setTimeout(resolve, SUCCESS_COOLDOWN_MS));

6
scripts/csv.js
View file

@ -36,11 +36,11 @@ const readReportedIPs = () => {
.slice(1)
.filter(line => line.trim() !== '')
.map(line => {
const parts = line.match(/(".*?"|[^",]+)(?=\s*,|\s*$)/g);
const parts = line.split(/,(?=(?:[^"]*"[^"]*")*[^"]*$)/g);
if (!parts || parts.length < 9) return null;
return {
timestamp: new Date(parts[0]),
timestamp: Date.parse(parts[0]),
rayId: parts[1],
ip: parts[2],
country: parts[3],
@ -48,7 +48,7 @@ const readReportedIPs = () => {
endpoint: parts[5],
useragent: parts[6].replace(/(^"|"$)/g, ''),
action: parts[7],
sefinekAPI: parts[8]
sefinekAPI: parts[8] === 'true'
};
})
.filter(item => item !== null);

2
scripts/sefinekAPI.js
View file

@ -5,7 +5,7 @@ const log = require('./log.js');
const SEFINEK_API_URL = process.env.SEFINEK_API_URL || `${process.env.NODE_ENV === 'production' ? 'https://api.sefinek.net' : 'http://127.0.0.1:4010'}/api/v2/cloudflare-waf-abuseipdb/post`;
module.exports = async () => {
const reportedIPs = readReportedIPs().filter(ip => ip.action === 'REPORTED' && ip.sefinekAPI === 'false');
const reportedIPs = readReportedIPs().filter(ip => ip.action === 'REPORTED' && !ip.sefinekAPI);
if (reportedIPs.length === 0) return log('log', 'No IPs with `action Reported` and `SefinekAPI false` to send to Sefinek API');
const uniqueLogs = reportedIPs.reduce((acc, ip) => {