@liberstudio/cloudflare-list 2.0.11 → 2.0.13

package/dist/attacks.module.js

@@ -10,11 +10,13 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.CloudflareAttacksModule = void 0;
 const common_1 = require("@nestjs/common");
 const axios_1 = require("@nestjs/axios");
+const core_1 = require("@nestjs/core");
+const filters_1 = require("./filters");
 const attacks_service_1 = require("./attacks.service");
 const middleware_1 = require("./middleware");
 let CloudflareAttacksModule = CloudflareAttacksModule_1 = class CloudflareAttacksModule {
     configure(consumer) {
-        consumer.apply(middleware_1.AttackLoggerMiddleware).forRoutes("*"); // Oppure specifica rotte precise
+        consumer.apply(middleware_1.AttackLoggerMiddleware).forRoutes("*");
     }
     static forRoot(options) {
         return {
@@ -46,7 +48,14 @@ exports.CloudflareAttacksModule = CloudflareAttacksModule;
 exports.CloudflareAttacksModule = CloudflareAttacksModule = CloudflareAttacksModule_1 = __decorate([
     (0, common_1.Module)({
         imports: [axios_1.HttpModule],
-        providers: [attacks_service_1.AttacksService, middleware_1.AttackLoggerMiddleware],
+        providers: [
+            attacks_service_1.AttacksService,
+            middleware_1.AttackLoggerMiddleware,
+            {
+                provide: core_1.APP_FILTER,
+                useClass: filters_1.AllExceptionsFilter,
+            },
+        ],
         exports: [attacks_service_1.AttacksService, axios_1.HttpModule],
     })
 ], CloudflareAttacksModule);

package/dist/filters/all-exceptions.filter.d.ts

@@ -0,0 +1,5 @@
+import { ArgumentsHost, ExceptionFilter } from "@nestjs/common";
+export declare class AllExceptionsFilter implements ExceptionFilter {
+    private readonly logger;
+    catch(exception: unknown, host: ArgumentsHost): void;
+}

package/dist/filters/all-exceptions.filter.js

@@ -0,0 +1,53 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var AllExceptionsFilter_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AllExceptionsFilter = void 0;
+const common_1 = require("@nestjs/common");
+const get_client_ip_util_1 = require("../utils/get-client-ip.util");
+let AllExceptionsFilter = AllExceptionsFilter_1 = class AllExceptionsFilter {
+    constructor() {
+        this.logger = new common_1.Logger(AllExceptionsFilter_1.name);
+    }
+    catch(exception, host) {
+        const ctx = host.switchToHttp();
+        const request = ctx.getRequest();
+        const response = ctx.getResponse();
+        const status = exception instanceof common_1.HttpException ? exception.getStatus() : common_1.HttpStatus.INTERNAL_SERVER_ERROR;
+        const message = exception instanceof common_1.HttpException ? exception.getResponse() : "Internal server error";
+        const ip = (0, get_client_ip_util_1.getClientIp)(request);
+        const errorLog = {
+            ip,
+            timestamp: new Date().toISOString(),
+            statusCode: status,
+            path: request.url,
+            method: request.method,
+            body: request.body,
+            query: request.query,
+            params: request.params,
+            message,
+            stack: exception instanceof Error ? exception.stack : undefined,
+        };
+        if (status >= 500) {
+            this.logger.error(`[${ip}] [${request.method}] ${request.url} → ${status}`, JSON.stringify(errorLog, null, 2));
+        }
+        else {
+            this.logger.warn(`[${ip}] [${request.method}] ${request.url} → ${status}`, JSON.stringify(errorLog, null, 2));
+        }
+        response.status(status).json({
+            statusCode: status,
+            timestamp: errorLog.timestamp,
+            path: request.url,
+            message,
+        });
+    }
+};
+exports.AllExceptionsFilter = AllExceptionsFilter;
+exports.AllExceptionsFilter = AllExceptionsFilter = AllExceptionsFilter_1 = __decorate([
+    (0, common_1.Catch)()
+], AllExceptionsFilter);

package/dist/filters/index.d.ts

@@ -0,0 +1 @@
+export * from './all-exceptions.filter';

package/dist/filters/index.js

@@ -0,0 +1,17 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./all-exceptions.filter"), exports);

package/dist/middleware/attack-logger.middleware.d.ts

@@ -5,8 +5,13 @@ export declare class AttackLoggerMiddleware implements NestMiddleware {
     private readonly attSrv;
     private readonly logger;
     private readonly logPath;
+    private readonly recentIps;
+    private readonly THROTTLE_MS;
+    private writeQueue;
     constructor(attSrv: AttacksService);
     use(req: Request, res: Response, next: NextFunction): void;
+    private enqueue;
     private processSuspiciousRequest;
+    private isThrottled;
     private getClientIp;
 }

package/dist/middleware/attack-logger.middleware.js

@@ -43,7 +43,7 @@ var __metadata = (this && this.__metadata) || function (k, v) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AttackLoggerMiddleware = void 0;
-const fs = __importStar(require("fs/promises")); // Passiamo alla versione asincrona
+const fs = __importStar(require("fs/promises"));
 const common_1 = require("@nestjs/common");
 const attacks_service_1 = require("../attacks.service");
 let AttackLoggerMiddleware = class AttackLoggerMiddleware {
@@ -51,32 +51,58 @@ let AttackLoggerMiddleware = class AttackLoggerMiddleware {
         this.attSrv = attSrv;
         this.logger = new common_1.Logger("AttackLogger");
         this.logPath = "/var/log/nestjs-attacks.log";
+        // Throttle per IP: evita flood verso Cloudflare
+        this.recentIps = new Map();
+        this.THROTTLE_MS = 5_000;
+        // Coda serializzata (fire-and-forget, non awaited dall'esterno)
+        this.writeQueue = Promise.resolve();
     }
     use(req, res, next) {
         res.on("finish", () => {
             if (res.statusCode === 404) {
-                this.processSuspiciousRequest(req).catch((err) => {
-                    const msg = err instanceof Error ? err.message : "Unknown error";
-                    this.logger.error(`Errore nel processando la richiesta verso Cloudflare: ${msg}`);
-                });
+                this.enqueue(req);
             }
         });
         next();
     }
+    enqueue(req) {
+        this.writeQueue = this.writeQueue
+            .then(() => this.processSuspiciousRequest(req))
+            .catch((err) => {
+            const msg = err instanceof Error ? err.message : "Unknown error";
+            this.logger.error(`Errore processing richiesta: ${msg}`);
+        });
+    }
     async processSuspiciousRequest(req) {
         const ip = this.getClientIp(req);
         if (ip === "unknown")
             return;
-        const logEntry = `${new Date().toISOString()} [ATTACK] IP=${ip} METHOD=${req.method} URL=${req.url}\n`;
-        this.logger.debug(logEntry);
-        await this.attSrv.updateIpList(ip);
-        try {
-            await fs.appendFile(this.logPath, logEntry);
-        }
-        catch (error) {
-            const msg = error instanceof Error ? error.message : "FS Error";
-            this.logger.error(`Impossibile scrivere log su ${this.logPath}: ${msg}`);
-        }
+        if (this.isThrottled(ip))
+            return;
+        const safeUrl = req.url.replace(/[\r\n]/g, "_");
+        const logEntry = `${new Date().toISOString()} [ATTACK] IP=${ip} METHOD=${req.method} URL=${safeUrl}\n`;
+        this.logger.debug(logEntry.trimEnd());
+        // Esegue in parallelo: log su file + update Cloudflare
+        await Promise.allSettled([
+            fs.appendFile(this.logPath, logEntry).catch((error) => {
+                const msg = error instanceof Error ? error.message : "FS Error";
+                this.logger.error(`Impossibile scrivere log su ${this.logPath}: ${msg}`);
+            }),
+            this.attSrv.updateIpList(ip).catch((error) => {
+                const msg = error instanceof Error ? error.message : "Service Error";
+                this.logger.error(`Impossibile aggiornare IP list: ${msg}`);
+            }),
+        ]);
+    }
+    isThrottled(ip) {
+        const now = Date.now();
+        const last = this.recentIps.get(ip);
+        if (last && now - last < this.THROTTLE_MS)
+            return true;
+        if (this.recentIps.size > 10_000)
+            this.recentIps.clear();
+        this.recentIps.set(ip, now);
+        return false;
     }
     getClientIp(req) {
         const cfIp = req.headers["cf-connecting-ip"];

package/dist/utils/get-client-ip.util.d.ts

@@ -0,0 +1,2 @@
+import { Request } from "express";
+export declare function getClientIp(req: Request): string;

package/dist/utils/get-client-ip.util.js

@@ -0,0 +1,16 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getClientIp = getClientIp;
+function getClientIp(req) {
+    const cfIp = req.headers["cf-connecting-ip"];
+    if (typeof cfIp === "string")
+        return cfIp;
+    const xRealIp = req.headers["x-real-ip"];
+    if (typeof xRealIp === "string")
+        return xRealIp;
+    const xForwardedFor = req.headers["x-forwarded-for"];
+    if (typeof xForwardedFor === "string") {
+        return xForwardedFor.split(",")[0].trim();
+    }
+    return req.socket.remoteAddress ?? "unknown";
+}

package/dist/utils/index.d.ts

@@ -0,0 +1 @@
+export * from './get-client-ip.util';

package/dist/utils/index.js

@@ -0,0 +1,17 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./get-client-ip.util"), exports);

package/package.json

@@ -1,44 +1,45 @@
-{
-  "name": "@liberstudio/cloudflare-list",
-  "version": "2.0.11",
-  "description": "Modulo NestJS per gestione IP List Cloudflare",
-  "main": "dist/index.js",
-  "types": "dist/index.d.ts",
-  "license": "MIT",
-  "repository": {
-    "type": "git",
-    "url": "https://github.com/Liberstudio-Dev/lbr-cloudflare-list.git"
-  },
-  "files": [
-    "dist"
-  ],
-  "scripts": {
-    "build": "npx tsc",
-    "prepublishOnly": "npm run build",
-    "version:bump": "npm version patch --no-git-tag-version",
-    "pub": "npm run build && npm publish --access public"
-  },
-  "publishConfig": {
-    "access": "public"
-  },
-  "simple-git-hooks": {
-    "pre-commit": "npm run version:bump && git add package.json package-lock.json"
-  },
-  "dependencies": {},
-  "peerDependencies": {
-    "@nestjs/axios": ">=3.0.0",
-    "@nestjs/common": ">=10.0.0",
-    "axios": ">=1.0.0",
-    "rxjs": ">=7.0.0"
-  },
-  "devDependencies": {
-    "@nestjs/axios": ">=3.0.0",
-    "@nestjs/common": ">=10.0.0",
-    "axios": ">=1.0.0",
-    "rxjs": "^7.8.0",
-    "@types/express": "^5.0.6",
-    "@types/node": "^20.9.0",
-    "simple-git-hooks": "^2.13.1",
-    "typescript": ">=5.0.0"
-  }
-}
+{
+  "name": "@liberstudio/cloudflare-list",
+  "version": "2.0.13",
+  "description": "Modulo NestJS per gestione IP List Cloudflare",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/Liberstudio-Dev/lbr-cloudflare-list.git"
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "npx tsc",
+    "prepublishOnly": "npm run build",
+    "version:bump": "npm version patch --no-git-tag-version",
+    "pub": "npm publish --access public"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "simple-git-hooks": {
+    "pre-commit": "npm run version:bump && git add package.json package-lock.json"
+  },
+  "peerDependencies": {
+    "@nestjs/axios": ">=3.0.0",
+    "@nestjs/common": ">=10.0.0",
+    "@nestjs/core": ">=10.0.0",
+    "axios": ">=1.0.0",
+    "rxjs": ">=7.0.0"
+  },
+  "devDependencies": {
+    "@nestjs/axios": "^4.0.0",
+    "@nestjs/common": "^11.0.0",
+    "@nestjs/core": "^11.1.14",
+    "@types/express": "^5.0.6",
+    "@types/node": "^20.9.0",
+    "axios": "^1.0.0",
+    "rxjs": "^7.8.0",
+    "simple-git-hooks": "^2.13.1",
+    "typescript": "^5.0.0"
+  }
+}