Merge pull request #143 from julienloizelet/feat/multisite

Feat/multisite

Author: julienloizelet

.github/workflows/end-to-end-multisite.yml

@@ -0,0 +1,193 @@
+name: End-to-end multisite
+on:
+  push:
+    branches:
+      - main
+      - feat/multisite
+    paths-ignore:
+      - '**.md'
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+env:
+  # Allow ddev get to use a GitHub token to prevent rate limiting by tests
+  DDEV_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+jobs:
+  end-to-end-multisite:
+    strategy:
+      fail-fast: false
+      matrix:
+        wp-version: [ "4.9", "6.2" ]
+        php-version: [ "7.2" ]
+        subsite: ["site1", "site2"]
+
+    name: End-to-end Multisite
+    runs-on: ubuntu-latest
+    if: ${{ !contains(github.event.head_commit.message, 'chore(') }}
+
+    env:
+      EXTENSION_NAME: "CrowdSec_Bouncer"
+      EXTENSION_PATH: "wp-content/plugins/crowdsec"
+
+    steps:
+
+      - name: Install DDEV
+        # @see https://ddev.readthedocs.io/en/stable/#installationupgrade-script-linux-and-macos-armarm64-and-amd64-architectures
+        run: |
+          curl -fsSL https://apt.fury.io/drud/gpg.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/ddev.gpg > /dev/null
+          echo "deb [signed-by=/etc/apt/trusted.gpg.d/ddev.gpg] https://apt.fury.io/drud/ * *" | sudo tee /etc/apt/sources.list.d/ddev.list
+          sudo apt-get -q update
+          sudo apt-get -q -y install libnss3-tools ddev
+          mkcert -install
+          ddev config global --instrumentation-opt-in=false --omit-containers=dba,ddev-ssh-agent
+
+
+      - name: Set WP_VERSION_CODE env
+        # used in some directory path and conventional file naming
+        # Example : 5.6.5 => wp565
+        run: |
+          echo "WP_VERSION_CODE=$(echo wp${{ matrix.wp-version }} | sed 's/\.//g' )" >> $GITHUB_ENV
+
+      - name: Create empty WordPress DDEV project (with Apache)
+        run: ddev config --project-type=wordpress --project-name=${{ env.WP_VERSION_CODE }} --php-version=${{ matrix.php-version }} --webserver-type=apache-fpm
+
+      - name: Add Redis, Memcached, Crowdsec and Playwright
+        run: |
+          ddev get ddev/ddev-redis
+          ddev get ddev/ddev-memcached
+          ddev get julienloizelet/ddev-playwright
+          # override redis.conf
+          ddev get julienloizelet/ddev-tools
+          ddev get julienloizelet/ddev-crowdsec-php
+
+      - name: Start DDEV
+        run: ddev start
+
+      - name: Download WordPress
+        run: ddev wp core download --version=${{ matrix.wp-version }}
+
+      - name: Setup Multisite WordPress ${{ matrix.wp-version }} with PHP ${{ matrix.php-version }}
+        run: |
+          ddev wp core multisite-install --url='https://${{ env.WP_VERSION_CODE }}.ddev.site' --title='WordPress' --admin_user='admin' --admin_password='admin123' --admin_email='admin@admin.com'
+
+      - name: Copy multisite .htaccess
+        run: cp .ddev/okaeli-add-on/wordpress/custom_files/.htaccess-multisite-subfolder .htaccess
+
+      - name: Prepare multisite config
+        run: |
+          sed -i -e 's/#ddev-generated//g' wp-config-ddev.php
+          sed -i -e 's/REPLACE_SUBDOMAIN_INSTALL/false/g' .ddev/okaeli-add-on/wordpress/custom_files/multisite-config.php
+          sed -i -e 's/REPLACE_PROJECT_URI/${{ env.WP_VERSION_CODE }}.ddev.site/g' .ddev/okaeli-add-on/wordpress/custom_files/multisite-config.php
+          sed -i '/DB_HOST/ r .ddev/okaeli-add-on/wordpress/custom_files/multisite-config.php' wp-config-ddev.php
+          sed -i -e 's/#ddev-generated//g' wp-config-ddev.php
+
+      - name: Create sub sites
+        run: |
+          ddev wp site create --slug="site1" --title="WordPress Site1"
+          ddev wp site create --slug="site2" --title="WordPress Site2"  
+
+      - name: Clone ${{ env.EXTENSION_NAME }} files
+        uses: actions/checkout@v3
+        with:
+          path: ${{ env.EXTENSION_PATH }}
+
+      - name: Prepare for playwright test
+        run: |
+          mkdir -p crowdsec/tls
+          mkdir -p crowdsec/geolocation
+          cp .ddev/okaeli-add-on/wordpress/custom_files/crowdsec/php/cache-actions-from-plugin-folder.php cache-actions.php
+          cp -r .ddev/okaeli-add-on/custom_files/crowdsec/cfssl/* crowdsec/tls
+          ddev maxmind-download DEFAULT GeoLite2-City crowdsec/geolocation
+          ddev maxmind-download DEFAULT GeoLite2-Country crowdsec/geolocation
+          cd crowdsec/geolocation
+          sha256sum -c GeoLite2-Country.tar.gz.sha256.txt
+          sha256sum -c GeoLite2-City.tar.gz.sha256.txt
+          tar -xf GeoLite2-Country.tar.gz
+          tar -xf GeoLite2-City.tar.gz
+          rm GeoLite2-Country.tar.gz GeoLite2-Country.tar.gz.sha256.txt GeoLite2-City.tar.gz GeoLite2-City.tar.gz.sha256.txt
+          cd ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev/__scripts__
+          chmod +x test-init.sh
+          ./test-init.sh
+          chmod +x run-tests.sh   
+
+      - name: Some DEBUG information
+        run: |
+          ddev --version
+          ddev exec php -v
+          ddev exec -s crowdsec crowdsec -version
+
+      - name: Run Plugin activation tests
+        uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
+        with:
+          test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
+          file_path: 1-activate-plugin.js
+          subsite: ${{ matrix.subsite }}
+
+      - name: Configure CrowdSec and Wordpress bouncer plugin
+        run: |
+          ddev crowdsec-config
+
+      - name: Run Live mode remediation tests
+        uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
+        with:
+          test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
+          file_path: 2-live-mode-remediations.js
+          subsite: ${{ matrix.subsite }}
+
+      - name: Run more Live mode remediation tests
+        uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
+        with:
+          test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
+          file_path: 3-live-mode-more.js
+          subsite: ${{ matrix.subsite }}
+
+      - name: Run Live mode cache tests
+        uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
+        with:
+          test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
+          file_path: 4-live-mode-cache.js
+          subsite: ${{ matrix.subsite }}
+
+      - name: Prepare cron usage
+        run: |
+          sed -i  's/fastcgi_finish_request/\/\/fastcgi_finish_request/g' wp-cron.php
+
+      - name: Run Stream mode tests
+        uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
+        with:
+          test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
+          file_path: 5-stream-mode.js
+          subsite: ${{ matrix.subsite }}
+
+      - name: Run Redis tests
+        uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
+        with:
+          test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
+          file_path: 6-redis.js
+          subsite: ${{ matrix.subsite }}
+
+      - name: Run Memcached tests
+        uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
+        with:
+          test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
+          file_path: 7-memcached.js
+          subsite: ${{ matrix.subsite }}
+
+      - name: Run Geolocation tests
+        uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
+        with:
+          test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
+          file_path: 8-geolocation.js
+          subsite: ${{ matrix.subsite }}
+
+
+      - name: tmate debugging session
+        uses: mxschmitt/action-tmate@v3
+        with:
+          limit-access-to-actor: true
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+        timeout-minutes: 15
+        if: failure()

.github/workflows/end-to-end/run-single-test/action.yaml

@@ -10,14 +10,18 @@ inputs:
     required: true
     description: "Path to the js test file"
 
+  subsite:
+    required: false
+    description: "Subsite for Multisite frontend test"
+
 runs:
   using: "composite"
   steps:
     - name: Run test
       shell: bash
       run: |
         cd ${{ inputs.test_path }}/__scripts__
-        ./run-tests.sh ci "./__tests__/${{ inputs.file_path }}"
+        ./run-tests.sh ci "./__tests__/${{ inputs.file_path }}" "${{ inputs.subsite }}"
         cd ${{ inputs.test_path }}
         PENDING_TESTS=$(grep -oP '"numPendingTests":\K(.*),"numRuntimeErrorTestSuites"' .test-results.json | sed  's/,"numRuntimeErrorTestSuites"//g')
         if [[ $PENDING_TESTS == "0" ]]

.github/workflows/release.yml

@@ -125,7 +125,7 @@ jobs:
             -   name: WordPress Plugin Deploy
                 if: github.event.inputs.deploy_to_wordpress == 'true'
                 id: deploy
-                uses: 10up/action-wordpress-plugin-deploy@2.1.1
+                uses: 10up/action-wordpress-plugin-deploy@2.2.0
                 with:
                     generate-zip: true
                 env:
@@ -333,4 +333,4 @@ jobs:
                   limit-access-to-actor: true
                   github-token: ${{ secrets.GITHUB_TOKEN }}
               timeout-minutes: 30
-              if: failure()
+              if: failure()

CHANGELOG.md

@@ -5,6 +5,17 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en)
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 
+## [2.5.0](https://github.com/crowdsecurity/cs-wordpress-bouncer/releases/tag/v2.5.0) - 2023-06-01
+[_Compare with previous release_](https://github.com/crowdsecurity/cs-wordpress-bouncer/compare/v2.4.1...v2.5.0)
+
+### Added
+
+- Add WordPress multisite compatibility 
+
+
+---
+
+
 ## [2.4.1](https://github.com/crowdsecurity/cs-wordpress-bouncer/releases/tag/v2.4.1) - 2023-04-28
 [_Compare with previous release_](https://github.com/crowdsecurity/cs-wordpress-bouncer/compare/v2.4.0...v2.4.1)
 
@@ -13,11 +24,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - No change. Release to test update process hook.
 
 
-
 ---
 
 
-
 ## [2.4.0](https://github.com/crowdsecurity/cs-wordpress-bouncer/releases/tag/v2.4.0) - 2023-04-28
 [_Compare with previous release_](https://github.com/crowdsecurity/cs-wordpress-bouncer/compare/v2.3.1...v2.4.0)
 

crowdsec.php

@@ -4,7 +4,7 @@
  * Plugin URI: https://github.com/crowdsecurity/cs-wordpress-bouncer
  * Description: Safer Together. Protect your WordPress application with CrowdSec.
  * Tags: crowdsec-bouncer, wordpress, security, firewall, captcha, ip-scanner, ip-blocker, ip-blocking, ip-address, ip-database, ip-range-check, crowdsec, ban-hosts, ban-management, anti-hacking, hacker-protection, captcha-image, captcha-generator, captcha-generation, captcha-service
- * Version: 2.4.1
+ * Version: 2.5.0
  * Author: CrowdSec
  * Author URI: https://www.crowdsec.net/
  * Github: https://github.com/crowdsecurity/cs-wordpress-bouncer
@@ -13,7 +13,7 @@
  * Requires PHP: 7.2
  * Requires at least: 4.9
  * Tested up to: 6.2
- * Stable tag: 2.4.1
+ * Stable tag: 2.5.0
  * Text Domain: crowdsec-wp
  * First release: 2021.
  */

docs/USER_GUIDE.md

@@ -61,7 +61,6 @@ Please note that it is possible to customize all the colors of these pages in a
 
 On the other hand, all texts are also fully customizable. This will allow you, for example, to present translated pages in your users’ language.
 
-
 ### Configurations
 
 This plugin comes with configurations that you will find under `CrowdSec` admin section.
@@ -592,7 +591,18 @@ If you are using Apache, you should add this line to your `.htaccess` file:
 
     php_value auto_prepend_file "/wordpress-root-directory/wp-content/plugins/crowdsec/inc/standalone-bounce.php"
 
+### Multisite usage
+
+If you are using the [`multisite` WordPress feature](https://wordpress.org/documentation/article/wordpress-glossary/#multisite), the bouncer plugin has to be network activated and 
+configurations will be used for all sites of the network. This means that every individual site on your network will be protected by the bouncer with the same settings.
+
+#### Differences with a single installation
+
+In a WordPress multisite installation, `CrowdSec` configurations are accessible via the `My Sites -> Network admin` left panel.
+
+![Multisite admin](./images/screenshots/admin-multisite.jpg)
 
+Settings are stored in the `wp_sitemeta` table instead of the `wp_options` table for a single WordPress installation.
 
 ## Resources
 

docs/images/screenshots/admin-multisite.jpg

@@ -20,5 +20,5 @@ class Constants extends LibConstants
     public const LOG_BASE_PATH = __DIR__ . '/../logs/';
     public const CACHE_PATH = __DIR__ . '/../.cache';
     public const CONFIG_PATH = __DIR__ . '/standalone-settings.php';
-    public const VERSION = 'v2.4.1';
+    public const VERSION = 'v2.5.0';
 }