feat(*): Add config to disable bouncing feature and a config for curl

Author: julienloizelet

.github/workflows/end-to-end-auto-prepend-test-suite.yml

@@ -76,6 +76,12 @@ jobs:
           sudo chmod -R 777 ${{ github.workspace }}/wp-content
           sudo chmod -R 777 ${{ github.workspace }}/my-own-modules
 
+      - name: Some DEBUG information
+        run: |
+          ddev --version
+          ddev exec php -v
+          ddev exec -s crowdsec crowdsec -version
+
       - name: Install WordPress ${{ matrix.wp-version }} with PHP ${{ matrix.php-version }}
         run: |
           wget https://wordpress.org/wordpress-${{ matrix.wp-version }}.tar.gz

.github/workflows/end-to-end-test-suite.yml

@@ -76,6 +76,12 @@ jobs:
           sudo chmod -R 777 ${{ github.workspace }}/wp-content
           sudo chmod -R 777 ${{ github.workspace }}/my-own-modules
 
+      - name: Some DEBUG information
+        run: |
+          ddev --version
+          ddev exec php -v
+          ddev exec -s crowdsec crowdsec -version
+
       - name: Install WordPress ${{ matrix.wp-version }} with PHP ${{ matrix.php-version }}
         run: |
           wget https://wordpress.org/wordpress-${{ matrix.wp-version }}.tar.gz

composer.json

@@ -19,7 +19,7 @@
 		}
 	},
 	"require": {
-		"crowdsec/bouncer": "0.26.0",
+		"crowdsec/bouncer": "0.27.0",
 		"symfony/polyfill-mbstring": "1.20.0",
 		"symfony/service-contracts": "2.4.1"
 	},

composer.lock

@@ -72,6 +72,13 @@ also be able to test your settings.
 
 ***
 
+`Bouncing feature → Disable bouncing feature`
+
+Until you have configured all the required parameters, you should disable the bouncing feature.
+
+***
+
+
 `Connection details → LAPI URL`
 
 Url to join your CrowdSec LAPI.
@@ -82,6 +89,16 @@ Url to join your CrowdSec LAPI.
 
 Key generated by the cscli command.
 
+
+***
+
+`Connection details → Use cURL to call LAPI`
+
+By default, `file_get_contents` method is used to call LAPI. This method requires to have enabled the option 
+`allow_url_fopen`. 
+Here, you can choose to use `cURL` requests instead. Beware that in this case, you need to have php `cURL` extension 
+installed and enabled on your system.
+
 ***
 
 `Bouncing → Bouncing level`

docs/USER_GUIDE.md

@@ -1,5 +1,5 @@
 <?php
-
+declare(strict_types=1);
 
 use CrowdSecBouncer\AbstractBounce;
 use CrowdSecBouncer\Bouncer;
@@ -18,11 +18,10 @@
  */
 class Bounce extends AbstractBounce
 {
-    public function init(array $crowdSecConfig, array $forcedConfigs = []): Bouncer
+    public function init(array $configs): Bouncer
     {
-        $finalConfigs = array_merge($crowdSecConfig, $forcedConfigs);
-
-        return $this->getBouncerInstance($finalConfigs);
+        $this->settings = $configs;
+        return $this->getBouncerInstance($this->settings);
     }
 
     protected function escape(string $value)
@@ -38,14 +37,15 @@ protected function specialcharsDecodeEntQuotes(string $value)
     /**
      * @return Bouncer get the bouncer instance
      */
-    public function getBouncerInstance(array $settings, bool $forceReload = false): Bouncer
+    public function getBouncerInstance(array $settings): Bouncer
     {
-        $this->settings = $settings;
+        $this->settings = array_merge($this->settings, $settings);
 
         $configs = [
             // LAPI connection
             'api_key' => $this->escape($this->getStringSettings('crowdsec_api_key')),
             'api_url' => $this->escape($this->getStringSettings('crowdsec_api_url')),
+            'use_curl' => $this->getBoolSettings('crowdsec_use_curl'),
             'api_user_agent' => Constants::CROWDSEC_BOUNCER_USER_AGENT,
             'api_timeout' => Constants::API_TIMEOUT,
             // Debug
@@ -82,7 +82,7 @@ public function getBouncerInstance(array $settings, bool $forceReload = false):
             ]
         ];
 
-        $this->bouncer = getBouncerInstanceStandalone($configs, $forceReload);
+        $this->bouncer = getBouncerInstanceStandalone($configs);
 
         return $this->bouncer;
     }
@@ -210,6 +210,19 @@ public function getPostedVariable(string $name): ?string
      */
     public function shouldBounceCurrentIp(): bool
     {
+        $shouldNotBounce = $this->getBoolSettings('crowdsec_bouncer_disabled');
+        if ($shouldNotBounce) {
+            if($this->logger){
+                $this->logger->warning('', [
+                    'type' => 'WP_CONFIG_BOUNCER_DISABLED',
+                    'message' => 'Will not bounce because bouncing is disabled.',
+                ]);
+            }
+
+            return false;
+        }
+
+
         // We should not bounce when headers already sent
         if (headers_sent()) {
             return false;

docs/images/screenshots/config-connection.jpg

@@ -77,7 +77,7 @@ function adminAdvancedSettings()
             $settings = getDatabaseSettings();
             $oldDsn = $settings['redis_dsn'] ?? '';
             $settings['redis_dsn'] = $input;
-            $bouncer = getBouncerInstance($settings, true);
+            $bouncer = getBouncerInstance($settings);
             $bouncer->testConnection();
         } catch (Exception $e) {
             $message = __('There was an error while testing new DSN ('.$input.')');
@@ -98,7 +98,7 @@ function adminAdvancedSettings()
             $settings = getDatabaseSettings();
             $oldDsn = $settings['memcached_dsn'] ?? '';
             $settings['memcached_dsn'] = $input;
-            $bouncer = getBouncerInstance($settings, true);
+            $bouncer = getBouncerInstance($settings);
             $bouncer->testConnection();
         } catch (Exception $e) {
             $message = __('There was an error while testing new DSN ('.$input.')');
@@ -142,7 +142,7 @@ function adminAdvancedSettings()
         try {
             // Reload bouncer instance with the new cache system and so test if dsn is correct.
             $settings['cache_system'] = $input;
-            $bouncer = getBouncerInstance($settings, true);
+            $bouncer = getBouncerInstance($settings);
             $bouncer->testConnection();
         } catch (BouncerException $e) {
             $message = __('There was an error while testing new cache ('.$input.')');
@@ -155,7 +155,7 @@ function adminAdvancedSettings()
         }
 
         try {
-            if ((bool) get_option('crowdsec_stream_mode') && !$error) {
+            if (get_option('crowdsec_stream_mode') && !$error) {
                 // system
                 $result = $bouncer->warmBlocklistCacheUp();
                 $count = $result['count'];

inc/Bounce.php

@@ -3,6 +3,18 @@
 
 function adminSettings()
 {
+    /**********************************
+     ** Section "Bouncer feature" **
+     *********************************/
+    add_settings_section('crowdsec_admin_general', 'Bouncing feature', function () {
+    }, 'crowdsec_settings');
+
+    // Field "Disable bouncing"
+    addFieldCheckbox('crowdsec_bouncer_disabled', 'Disable bouncing feature', 'crowdsec_plugin_settings',
+        'crowdsec_settings', 'crowdsec_admin_general', function () {}, function () {}, '<p>If checked, the bouncer will not be instantiated at all.
+<br>This should be checked until you have configured all the required parameters.</p>');
+
+
     /**********************************
      ** Section "Connection details" **
      *********************************/
@@ -21,6 +33,11 @@ function adminSettings()
         return $input;
     }, '<p>Generated with the cscli command, ex: <em>cscli bouncers add wordpress-bouncer</em></p>', 'Your bouncer key', 'width: 280px;', 'text');
 
+    // Field "Use cURL"
+    addFieldCheckbox('crowdsec_use_curl', 'Use cURL to call LAPI', 'crowdsec_plugin_settings',
+        'crowdsec_settings', 'crowdsec_admin_connection', function () {}, function () {}, '<p>If checked, calls to LAPI will be done with <i>cURL</i> (be sure to have <i>cURL</i> enabled on your system before enabling).
+<br>If not checked, calls are done with <i>file_get_contents</i> method (<i>allow_url_fopen</i> is required for this).</p>');
+
     /************************************
      ** Section "Bouncing refinements" **
      ***********************************/
@@ -60,5 +77,5 @@ function adminSettings()
     }, function () {
         // Stream mode just deactivated.
         unscheduleBlocklistRefresh();
-    }, '<p>If enabled, the wp-admin is not bounced, only the public website</p><p><strong>Important note:</strong> the login page is a common page to both sections. If you want to bounce it, you have to disable "Public website only".</p>');
+    }, '<p>If checked, the wp-admin is not bounced, only the public website</p><p><strong>Important note:</strong> the login page is a common page to both sections. If you want to bounce it, you have to disable "Public website only".</p>');
 }

inc/admin/advanced-settings.php

@@ -38,14 +38,8 @@ function getStandaloneCrowdSecLoggerInstance(string $crowdsecLogPath, bool $debu
 
 $crowdSecBouncer = null;
 
-function getBouncerInstanceStandalone(array $configs, bool $forceReload = false): Bouncer
+function getBouncerInstanceStandalone(array $configs): Bouncer
 {
-    // Singleton for this function
-    global $crowdSecBouncer;
-    if (!$forceReload && $crowdSecBouncer) {
-        return $crowdSecBouncer;
-    }
-
     // Init Bouncer instance
     $bouncingLevel = $configs['bouncing_level'];
     switch ($bouncingLevel) {