feat(*): Use crowdsec/remediation-engine 2.0.0 and crowdsec/common

Author: julienloizelet

CHANGELOG.md

@@ -2,7 +2,31 @@
 All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/)
-and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## Public API
+
+The purpose of this section is to declare the public API of this library as required by  [item 1 of semantic versioning specification](https://semver.org/spec/v2.0.0.html#spec-item-1).
+
+The public API of this library consists of all public or protected methods, properties and constants belonging to 
+the `src` folder.
+
+---
+
+## [1.0.0](https://github.com/crowdsecurity/php-cs-bouncer/releases/tag/v1.0.0) - 2023-??-??
+[_Compare with previous release_](https://github.com/crowdsecurity/php-cs-bouncer/compare/v0.36.0...v1.0.0)
+
+### Changed
+- Change version to `1.0.0`: first stable release
+- Use `crowdsec/common` package
+
+### Added
+
+- Add public API declaration
+
+
+
+---
 
 
 ## [0.36.0](https://github.com/crowdsecurity/php-cs-bouncer/releases/tag/v0.36.0) - 2023-01-26

composer.json

@@ -40,7 +40,8 @@
     ],
     "require": {
         "php": ">=7.2.5",
-        "crowdsec/remediation-engine": "0.6.1",
+        "crowdsec/remediation-engine": "^2.0.0",
+        "crowdsec/common": "^1.2.0",
         "symfony/config": "^4.4.27 || ^5.2 || ^6.0",
         "twig/twig": "^3.4.2",
         "gregwar/captcha": "^1.1",

docs/USER_GUIDE.md

@@ -88,12 +88,26 @@ Once you set up your server as below, every browser access to a php script will
 
 You will have to :
 
+- copy sources of the lib in some `/path/to/the/crowdsec-lib` folder
+
 - give the correct permission for the folder that contains the lib
 
 - copy the `scripts/auto-prepend/settings.example.php` to a `scripts/auto-prepend/settings.php` file
 
+- run the composer installation process to retrieve all necessary dependencies
+
 - set an `auto_prepend_file` directive in your PHP setup.
 
+- Optionally, if you want to use the standalone bouncer in stream mode, you wil have to set a cron task to refresh 
+  cache periodically.
+
+### Copy sources
+
+Create a folder `crowdsec-lib` and clone the sources: 
+
+```
+mkdir -p /path/to/the/crowdsec-lib && git clone git@github.com:crowdsecurity/php-cs-bouncer.git /path/to/the/crowdsec-lib
+```
 
 ### Files permission
 
@@ -105,6 +119,14 @@ You can achieve it by running command like:
 sudo chown www-data /path/to/the/crowdsec-lib
 ```
 
+### Composer
+
+You should run the composer installation process: 
+
+```
+cd /path/to/the/crowdsec-lib && composer install
+```
+
 ### Settings file
 
 Please copy the `scripts/auto-prepend/settings.example.php` to a `scripts/auto-prepend/settings.php`
@@ -154,6 +176,26 @@ or modify your `Virtual Host` accordingly:
 ```
 
 
+### Stream mode cron task
+
+To use the stream mode, you first have to set the `stream_mode` setting value to `true` in your 
+`scripts/auto-prepend/settings.php` file.
+
+Then, you could edit the webserver user (e.g. `www-data`) crontab: 
+
+```
+sudo -u www-data crontab -e
+
+```
+
+and add the following line
+
+```
+* * * * * /usr/bin/php /absolute/path/to/scripts/auto-prepend/refresh-cache.php
+```
+
+In this example, cache is refreshed every minute, but you can modify the cron expression depending on your needs.
+
 ## Create your own bouncer
 
 ### Implementation

scripts/auto-prepend/bounce.php

@@ -19,6 +19,6 @@
 } catch (\Throwable $e) {
     $displayErrors = $crowdSecStandaloneBouncerConfig['display_errors'] ?? false;
     if (true === $displayErrors) {
-        throw new BouncerException($e->getMessage(), $e->getCode(), $e);
+        throw new BouncerException($e->getMessage(), (int)$e->getCode(), $e);
     }
 }

scripts/auto-prepend/refresh-cache.php

@@ -13,4 +13,3 @@
 
 $bouncer = new StandaloneBouncer($crowdSecStandaloneBouncerConfig);
 $bouncer->refreshBlocklistCache();
-echo 'Cache has been refreshed (if stream mode is enabled)' . \PHP_EOL;

scripts/auto-prepend/settings.example.php

@@ -164,7 +164,7 @@
     'api_url' => Constants::DEFAULT_LAPI_URL,
 
     // In seconds. The timeout when calling LAPI. Must be greater or equal than 1. Defaults to 1 sec.
-    'api_timeout' => 1,
+    'api_timeout' => Constants::API_TIMEOUT,
 
     // ============================================================================#
     // Remediation engine configs

src/AbstractBouncer.php

@@ -5,8 +5,8 @@
 namespace CrowdSecBouncer;
 
 use CrowdSec\LapiClient\Bouncer as BouncerClient;
-use CrowdSec\LapiClient\RequestHandler\Curl;
-use CrowdSec\LapiClient\RequestHandler\FileGetContents;
+use CrowdSec\Common\Client\RequestHandler\Curl;
+use CrowdSec\Common\Client\RequestHandler\FileGetContents;
 use CrowdSec\RemediationEngine\AbstractRemediation;
 use CrowdSec\RemediationEngine\CacheStorage\AbstractCache;
 use CrowdSec\RemediationEngine\CacheStorage\CacheStorageException;
@@ -94,10 +94,15 @@ public function bounceCurrentIp(): void
      * @return bool If the cache has been successfully cleared or not
      *
      *
+     * @throws BouncerException
      */
     public function clearCache(): bool
     {
-        return $this->getRemediationEngine()->clearCache();
+        try {
+            return $this->getRemediationEngine()->clearCache();
+        } catch (\Exception $e) {
+            throw new BouncerException($e->getMessage(), (int)$e->getCode(), $e);
+        }
     }
 
     /**
@@ -180,12 +185,33 @@ abstract public function getRequestUri(): string;
      * This method prune the cache: it removes all the expired cache items.
      *
      * @return bool If the cache has been successfully pruned or not
-     * @throws CacheStorageException
      *
+     * @throws BouncerException
      */
     public function pruneCache(): bool
     {
-        return $this->getRemediationEngine()->pruneCache();
+        try {
+            return $this->getRemediationEngine()->pruneCache();
+        } catch (\Exception $e) {
+            throw new BouncerException($e->getMessage(), (int)$e->getCode(), $e);
+        }
+    }
+
+    /**
+     * Process a simple cache test
+     *
+     * @return void
+     * @throws BouncerException
+     * @throws InvalidArgumentException
+     */
+    public function testCacheConnection(): void
+    {
+        try {
+            $cache = $this->getRemediationEngine()->getCacheStorage();
+            $cache->getItem(AbstractCache::CONFIG);
+        } catch (\Exception $e) {
+            throw new BouncerException($e->getMessage(), (int)$e->getCode(), $e);
+        }
     }
 
     /**
@@ -194,11 +220,15 @@ public function pruneCache(): bool
      *
      * @return array Number of deleted and new decisions
      *
-     *
+     * @throws BouncerException
      */
     public function refreshBlocklistCache(): array
     {
-        return $this->getRemediationEngine()->refreshDecisions();
+        try {
+            return $this->getRemediationEngine()->refreshDecisions();
+        } catch (\Exception $e) {
+            throw new BouncerException($e->getMessage(), (int)$e->getCode(), $e);
+        }
     }
 
     /**
@@ -227,7 +257,7 @@ public function run(): bool
                 'line' => $e->getLine(),
             ]);
             if (true === $this->getConfig('display_errors')) {
-                throw new BouncerException($e->getMessage(), $e->getCode(), $e);
+                throw new BouncerException($e->getMessage(), (int)$e->getCode(), $e);
             }
         }
 

src/BouncerException.php

@@ -4,7 +4,7 @@
 
 namespace CrowdSecBouncer;
 
-use RuntimeException;
+use CrowdSec\Common\Exception;
 
 /**
  * Exception interface for all exceptions thrown by CrowdSec Bouncer.
@@ -16,6 +16,6 @@
  * @copyright Copyright (c) 2020+ CrowdSec
  * @license   MIT License
  */
-class BouncerException extends RuntimeException
+class BouncerException extends Exception
 {
 }

src/Configuration.php

@@ -4,11 +4,11 @@
 
 namespace CrowdSecBouncer;
 
+use CrowdSec\Common\Configuration\AbstractConfiguration;
 use InvalidArgumentException;
 use Symfony\Component\Config\Definition\Builder\ArrayNodeDefinition;
 use Symfony\Component\Config\Definition\Builder\NodeDefinition;
 use Symfony\Component\Config\Definition\Builder\TreeBuilder;
-use Symfony\Component\Config\Definition\ConfigurationInterface;
 
 /**
  * The Library configuration. You'll find here all configuration possible. Used when instantiating the library.
@@ -20,7 +20,7 @@
  * @copyright Copyright (c) 2020+ CrowdSec
  * @license   MIT License
  */
-class Configuration implements ConfigurationInterface
+class Configuration extends AbstractConfiguration
 {
     /**
      * @var string[]
@@ -44,16 +44,6 @@ class Configuration implements ConfigurationInterface
         'text',
     ];
 
-    /**
-     * Keep only necessary configs
-     * @param array $configs
-     * @return array
-     */
-    public function cleanConfigs(array $configs): array
-    {
-        return array_intersect_key($configs, array_flip($this->keys));
-    }
-
     /**
      * {@inheritdoc}
      * @throws InvalidArgumentException

src/Constants.php

@@ -4,6 +4,8 @@
 
 namespace CrowdSecBouncer;
 
+use CrowdSec\RemediationEngine\Constants as RemConstants;
+
 /**
  * Every constant of the library are set here.
  *
@@ -14,28 +16,16 @@
  * @copyright Copyright (c) 2020+ CrowdSec
  * @license   MIT License
  */
-class Constants
+class Constants extends RemConstants
 {
-    /** @var int The timeout when calling LAPI */
-    public const API_TIMEOUT = 120;
-    /** @var string The API-KEY auth type */
-    public const AUTH_KEY = 'api_key';
-    /** @var string The TLS auth type */
-    public const AUTH_TLS = 'tls';
     /** @var string The "disabled" bouncing level */
     public const BOUNCING_LEVEL_DISABLED = 'bouncing_disabled';
     /** @var string The "flex" bouncing level */
     public const BOUNCING_LEVEL_FLEX = 'flex_bouncing';
     /** @var string The "normal" bouncing level */
     public const BOUNCING_LEVEL_NORMAL = 'normal_bouncing';
-    /** @var int The duration we keep a bad IP in cache */
-    public const CACHE_EXPIRATION_FOR_BAD_IP = 20;
     /** @var int The duration we keep a captcha flow in cache */
     public const CACHE_EXPIRATION_FOR_CAPTCHA = 86400;
-    /** @var int The duration we keep a clean IP in cache */
-    public const CACHE_EXPIRATION_FOR_CLEAN_IP = 5;
-    /** @var int The duration we keep a geolocation result in cache */
-    public const CACHE_EXPIRATION_FOR_GEO = 86400;
     /** @var string The "MEMCACHED" cache system */
     public const CACHE_SYSTEM_MEMCACHED = 'memcached';
     /** @var string The "PHPFS" cache system */
@@ -46,26 +36,10 @@ class Constants
     public const CACHE_TAG_CAPTCHA = 'captcha';
     /** @var string The Default URL of the CrowdSec LAPI */
     public const DEFAULT_LAPI_URL = 'http://localhost:8080';
-    /** @var string The "MaxMind" geolocation type */
-    public const GEOLOCATION_TYPE_MAXMIND = 'maxmind';
-    /** @var string The Maxmind "Country" database type */
-    public const MAXMIND_COUNTRY = 'country';
-    /** @var string The ban remediation */
-    public const REMEDIATION_BAN = 'ban';
-    /** @var string The bypass remediation */
-    public const REMEDIATION_BYPASS = 'bypass';
-    /** @var string The captcha remediation */
-    public const REMEDIATION_CAPTCHA = 'captcha';
-    /** @var string The CrowdSec country scope for decisions */
-    public const SCOPE_COUNTRY = 'country';
-    /** @var string The CrowdSec Ip scope for decisions */
-    public const SCOPE_IP = 'ip';
-    /** @var string The CrowdSec Range scope for decisions */
-    public const SCOPE_RANGE = 'range';
     /** @var string Path for html templates folder (e.g. ban and captcha wall) */
     public const TEMPLATES_DIR = __DIR__ . "/templates";
     /** @var string The last version of this library */
-    public const VERSION = 'v0.36.0';
+    public const VERSION = 'v1.0.0';
     /** @var string The "disabled" x-forwarded-for setting */
     public const X_FORWARDED_DISABLED = 'no_forward';
 }