crowdsecurity
diff --git a/‎composer.json‎
Lines changed: 1 addition & 1 deletion b/‎composer.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎composer.lock‎
Lines changed: 26 additions & 28 deletions b/‎composer.lock‎
Lines changed: 26 additions & 28 deletions
diff --git a/‎geolocation/.gitignore‎
Lines changed: 1 addition & 0 deletions b/‎geolocation/.gitignore‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎inc/Bounce.php‎
Lines changed: 19 additions & 9 deletions b/‎inc/Bounce.php‎
Lines changed: 19 additions & 9 deletions
diff --git a/‎inc/admin/advanced-settings.php‎
Lines changed: 78 additions & 4 deletions b/‎inc/admin/advanced-settings.php‎
Lines changed: 78 additions & 4 deletions
diff --git a/‎inc/bouncer-instance.php‎
Lines changed: 12 additions & 1 deletion b/‎inc/bouncer-instance.php‎
Lines changed: 12 additions & 1 deletion
@@ -19,7 +19,7 @@
 		}
 	},
 	"require": {
-		"crowdsec/bouncer": "0.22.1",
+		"crowdsec/bouncer": "0.24.0",
 		"symfony/polyfill-mbstring": "1.20.0",
 		"symfony/service-contracts": "2.4.1"
 	},
 
@@ -0,0 +1 @@
+*.mmdb
@@ -18,18 +18,20 @@
  * @copyright Copyright (c) 2020+ CrowdSec
  * @license   MIT License
  */
-class Bounce extends AbstractBounce implements IBounce
+class Bounce extends AbstractBounce
 {
     public function init(array $crowdSecConfig, array $forcedConfigs = []): Bouncer
     {
-        $this->settings = $crowdSecConfig;
-        $crowdsecRandomLogFolder = $this->settings['crowdsec_random_log_folder'];
+        $finalConfigs = array_merge($crowdSecConfig, $forcedConfigs);
+        $crowdsecRandomLogFolder = $finalConfigs['crowdsec_random_log_folder'];
         crowdsecDefineConstants($crowdsecRandomLogFolder);
-        $this->setDebug($crowdSecConfig['crowdsec_debug_mode']??false);
-        $this->setDisplayErrors($crowdSecConfig['crowdsec_display_errors'] ?? false);
+        $this->setDebug($finalConfigs['crowdsec_debug_mode']??false);
+        $this->setDisplayErrors($finalConfigs['crowdsec_display_errors'] ?? false);
         $this->initLogger();
 
-        return $this->getBouncerInstance($this->settings);
+
+
+        return $this->getBouncerInstance($finalConfigs);
     }
 
     protected function escape(string $value)
@@ -49,8 +51,8 @@ public function getBouncerInstance(array $settings, bool $forceReload = false):
     {
         $crowdSecLogPath = CROWDSEC_LOG_PATH;
         $crowdSecDebugLogPath = CROWDSEC_DEBUG_LOG_PATH;
-
         $this->logger = getStandaloneCrowdSecLoggerInstance($crowdSecLogPath, $this->debug, $crowdSecDebugLogPath);
+        $this->settings = $settings;
 
         $configs = [
             // LAPI connection
@@ -62,6 +64,7 @@ public function getBouncerInstance(array $settings, bool $forceReload = false):
             'debug_mode' => $this->getBoolSettings('crowdsec_debug_mode'),
             'log_directory_path' => CROWDSEC_LOG_BASE_PATH,
             'forced_test_ip' => $this->getStringSettings('crowdsec_forced_test_ip'),
+            'forced_test_forwarded_ip' => $this->getStringSettings('crowdsec_forced_test_forwarded_ip'),
             'display_errors' => $this->getBoolSettings('crowdsec_display_errors'),
             // Bouncer
             'bouncing_level' => $this->getStringSettings('crowdsec_bouncing_level'),
@@ -80,10 +83,17 @@ public function getBouncerInstance(array $settings, bool $forceReload = false):
             'geolocation_cache_duration' => $this->getIntegerSettings('crowdsec_geolocation_cache_duration')
                 ?:Constants::CACHE_EXPIRATION_FOR_GEO,
             // Geolocation
-            'geolocation' => []
+            'geolocation' => [
+                'enabled' => $this->getBoolSettings('crowdsec_geolocation_enabled'),
+                'type' => $this->getStringSettings('crowdsec_geolocation_type')?:Constants::GEOLOCATION_TYPE_MAXMIND,
+                'save_result' => $this->getBoolSettings('crowdsec_geolocation_save_result'),
+                'maxmind' => [
+                    'database_type' => $this->getStringSettings('crowdsec_geolocation_maxmind_database_type')?:Constants::MAXMIND_COUNTRY,
+                    'database_path' => CROWDSEC_BOUNCER_GEOLOCATION_DIR. '/'.ltrim((string) esc_attr(get_option('crowdsec_geolocation_maxmind_database_path')), '/'),
+                ]
+            ]
         ];
 
-
         $this->bouncer = getBouncerInstanceStandalone($configs, $forceReload);
 
         return $this->bouncer;
 
@@ -196,13 +196,24 @@ function adminAdvancedSettings()
         return (int) $input > 0 ? (int) $input : Constants::CACHE_EXPIRATION_FOR_CAPTCHA ;
     }, ' seconds. <p>The lifetime of cached captcha flow for some IP. <br>If a user has to interact with a captcha wall, we store in cache some values in order to know if he has to resolve or not the captcha again.<br>Minimum 1 second. Default: '.Constants::CACHE_EXPIRATION_FOR_CAPTCHA.'.', Constants::CACHE_EXPIRATION_FOR_CAPTCHA, 'width: 115px;', 'number');
 
+    // Field "crowdsec_geolocation_cache_duration"
+    addFieldString('crowdsec_geolocation_cache_duration', 'Geolocation cache duration', 'crowdsec_plugin_advanced_settings', 'crowdsec_advanced_settings', 'crowdsec_admin_advanced_cache', function ($input) {
+        if ( (int) $input <= 0) {
+            add_settings_error('Geolocation cache duration', 'crowdsec_error', 'Geolocation cache duration: Minimum is 1 second.');
+
+            return Constants::CACHE_EXPIRATION_FOR_GEO;
+        }
+
+        return (int) $input > 0 ? (int) $input : Constants::CACHE_EXPIRATION_FOR_CAPTCHA ;
+    }, ' seconds. <p>The lifetime of cached country geolocation result for some IP.<br>Minimum 1 second. Default: '.Constants::CACHE_EXPIRATION_FOR_GEO.'.', Constants::CACHE_EXPIRATION_FOR_GEO, 'width: 115px;', 'number');
+
 
     /***************************
      ** Section "Remediation" **
      **************************/
 
     add_settings_section('crowdsec_admin_advanced_remediations', 'Remediations', function () {
-        echo 'Configuration some details about remediations.';
+        echo 'Configure some details about remediations.';
     }, 'crowdsec_advanced_settings');
 
     // Field "crowdsec_fallback_remediation"
@@ -271,9 +282,51 @@ function convertInlineIpRangesToComparableIpBounds(string $inlineIpRanges): arra
     '<br><strong>Comma (,)</strong> separated ips or ips ranges. Example: 1.2.3.4/24, 2.3.4.5, 3.4.5.6/27.<br><br>Some common CDN IP list: <a href="https://www.cloudflare.com/fr-fr/ips/" target="_blank">Cloudflare</a>, <a href="https://api.fastly.com/public-ip-list" target="_blank">Fastly</a>',
     'fill the IPs or IPs ranges here...', '');
 
-    // Field "crowdsec_hide_mentions"
-    addFieldCheckbox('crowdsec_hide_mentions', 'Hide CrowdSec mentions', 'crowdsec_plugin_advanced_settings', 'crowdsec_advanced_settings', 'crowdsec_admin_advanced_remediations', function () {}, function () {}, '
-    <p>Enable if you want to hide CrowdSec mentions on the Ban and Captcha pages</p>');
+
+
+    /***************************
+     ** Section "Geolocation" **
+     **************************/
+
+    add_settings_section('crowdsec_admin_advanced_geolocation', 'Geolocation', function () {
+        echo 'Configure some details about geolocation.';
+    }, 'crowdsec_advanced_settings');
+
+    // Field "Geolocation enabled"
+    addFieldCheckbox('crowdsec_geolocation_enabled', 'Enable geolocation feature', 'crowdsec_plugin_advanced_settings',
+        'crowdsec_advanced_settings', 'crowdsec_admin_advanced_geolocation', function () {}, function () {}, '
+    <p>Enable if you want to use also CrowdSec country scoped decisions.<br>If enabled, bounced IP will be geolocalized and the final remediation will take into account any country related decision.</p>');
+
+    $geolocationTypes = [Constants::GEOLOCATION_TYPE_MAXMIND => 'MaxMind database' ];
+    addFieldSelect('crowdsec_geolocation_type', 'Geolocation type', 'crowdsec_plugin_advanced_settings', 'crowdsec_advanced_settings',
+        'crowdsec_admin_advanced_geolocation', function ($input) {
+            if ($input !== Constants::GEOLOCATION_TYPE_MAXMIND) {
+                $input = Constants::GEOLOCATION_TYPE_MAXMIND;
+                add_settings_error('Geolocation type', 'crowdsec_error', 'Geolocation type: Incorrect geolocation type selected.');
+            }
+
+            return $input;
+        }, '<p>For now, only Maxmind database type is allowed</p>', $geolocationTypes);
+
+    $maxmindDatabaseTypes = [Constants::MAXMIND_COUNTRY => 'Country', Constants::MAXMIND_CITY => 'City'];
+    addFieldSelect('crowdsec_geolocation_maxmind_database_type', 'MaxMind database type', 'crowdsec_plugin_advanced_settings', 'crowdsec_advanced_settings',
+        'crowdsec_admin_advanced_geolocation', function ($input) {
+            if (!in_array($input, [Constants::MAXMIND_COUNTRY, Constants::MAXMIND_CITY])) {
+                $input = Constants::MAXMIND_COUNTRY;
+                add_settings_error('Geolocation MaxMind database type', 'crowdsec_error', 'MaxMind database type: Incorrect type selected.');
+            }
+
+            return $input;
+        }, '<p></p>', $maxmindDatabaseTypes);
+
+    addFieldString('crowdsec_geolocation_maxmind_database_path', 'Path to the MaxMind database', 'crowdsec_plugin_advanced_settings', 'crowdsec_advanced_settings', 'crowdsec_admin_advanced_geolocation', function ($input) {
+        return $input;
+    }, '<p>Relative path from <i>wp-content/plugins/cs-wordpress-bouncer/geolocation</i> folder</p>', 'GeoLite2-Country.mmdb', '');
+
+    addFieldCheckbox('crowdsec_geolocation_save_result', 'Save geolocalized country in cache', 'crowdsec_plugin_advanced_settings',
+        'crowdsec_advanced_settings', 'crowdsec_admin_advanced_geolocation', function () {}, function () {}, '
+    <p>Enabling this will avoid multiple call to the geolocation system (e.g. MaxMind database)</p> If enabled, the geolocalized country associated to the IP will be saved in cache.<br>See the <i>Geolocation cache duration</i> setting above to set the lifetime of this result.');
+
 
     /*******************************
      ** Section "Debug mode" **
@@ -298,4 +351,25 @@ function convertInlineIpRangesToComparableIpBounds(string $inlineIpRanges): arra
 	// Field "crowdsec_display_errors"
 	addFieldCheckbox('crowdsec_display_errors', 'Enable errors display', 'crowdsec_plugin_advanced_settings', 'crowdsec_advanced_settings', 'crowdsec_admin_advanced_display_errors', function () {}, function () {}, '
     <p>Do not use in production. When this mode is enabled, you will see every unexpected bouncing errors in the browser.</p>');
+
+    /*******************************
+     ** Section "Test mode" **
+     ******************************/
+
+    add_settings_section('crowdsec_admin_advanced_test', 'Test settings', function () {
+        echo 'Configure some test parameters.';
+    }, 'crowdsec_advanced_settings');
+
+    // Field "test ip"
+    addFieldString('crowdsec_forced_test_ip', 'Forced test IP', 'crowdsec_plugin_advanced_settings', 'crowdsec_advanced_settings', 'crowdsec_admin_advanced_test', function ($input) {
+        return $input;
+    }, '<p>This Ip will be used instead of the current detected browser IP: '.$_SERVER['REMOTE_ADDR'].'.<br><strong>Must be empty in production.</strong></p>',
+    '1.2.3.4', '');
+
+    addFieldString('crowdsec_forced_test_forwarded_ip', 'Forced test X-Forwrded-For IP', 'crowdsec_plugin_advanced_settings', 'crowdsec_advanced_settings', 'crowdsec_admin_advanced_test', function ($input) {
+        return $input;
+    }, '<p>This Ip will be used instead of the current X-Forwarded-For Ip if any.<br><strong>Must be empty in production.</strong></p>',
+        '1.2.3.4', '');
+
+
 }
@@ -49,6 +49,7 @@ function getDatabaseSettings(): array
         'debug_mode' => !empty(get_option('crowdsec_debug_mode')),
         'log_directory_path' => CROWDSEC_LOG_BASE_PATH,
         'forced_test_ip' => esc_attr(get_option('crowdsec_forced_test_ip')),
+        'forced_test_forwarded_ip' => esc_attr(get_option('crowdsec_forced_test_forwarded_ip')),
         'display_errors' => !empty(get_option('crowdsec_display_errors')),
         // Bouncer
         'bouncing_level' => esc_attr(get_option('crowdsec_bouncing_level')),
@@ -66,8 +67,18 @@ function getDatabaseSettings(): array
             Constants::CACHE_EXPIRATION_FOR_BAD_IP,
         'captcha_cache_duration' => (int)get_option('crowdsec_captcha_cache_duration') ?:
             Constants::CACHE_EXPIRATION_FOR_CAPTCHA,
+        'geolocation_cache_duration' => (int)get_option('crowdsec_geolocation_cache_duration') ?:
+            Constants::CACHE_EXPIRATION_FOR_CAPTCHA,
         // Geolocation
-        'geolocation' => []
+        'geolocation' => [
+            'enabled' => !empty(get_option('crowdsec_geolocation_enabled')),
+            'type' => esc_attr(get_option('crowdsec_geolocation_type')),
+            'save_result' => !empty(get_option('crowdsec_geolocation_save_result')),
+            'maxmind' => [
+                'database_type' => esc_attr(get_option('crowdsec_geolocation_maxmind_database_type')),
+                'database_path' => CROWDSEC_BOUNCER_GEOLOCATION_DIR. '/'.ltrim(esc_attr(get_option('crowdsec_geolocation_maxmind_database_path')), '/'),
+            ]
+        ]
     ];
 }
Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,7 @@`
`19`	`19`	`}`
`20`	`20`	`},`
`21`	`21`	`"require": {`
`22`		`- "crowdsec/bouncer": "0.22.1",`
	`22`	`+ "crowdsec/bouncer": "0.24.0",`
`23`	`23`	`"symfony/polyfill-mbstring": "1.20.0",`
`24`	`24`	`"symfony/service-contracts": "2.4.1"`
`25`	`25`	`},`