@liberstudio/cloudflare-list 2.0.14 → 2.0.16

package/README.md

@@ -7,9 +7,9 @@
 3. Manage Account > Configuration > List > Create List
 4. Account API tokens > Create Token > Create Custom Token (Permission: Account > Account WAF > Edit, Account > Account Filter List > Edit)
 5. Salvare il token API senza scadenza
-6. Domains > Scegliere il dominio da utilizzare 
+6. Domains > Scegliere il dominio da utilizzare
 7. Andare nella categoria Security > Security Rules > Create rule > Custom Rules
-8. Nome: <Name>, Field: <IP Source Address , is in, scegli la lista creata prima>, Action: Block 
+8. Nome: <Name>, Field: <IP Source Address , is in, scegli la lista creata prima>, Action: Block
 9. Salvare la regola
 
 ## Installazione
@@ -34,6 +34,7 @@ import { CloudflareAttacksModule } from "@liberstudio/cloudflare-list";
       listId: "<list_id>",
       apiToken: "<api_token>",
       comment: "<comment>",
+      logPath: "<logPath>",
     }),
   ],
 })
@@ -54,7 +55,8 @@ import { CloudflareAttacksModule } from "@liberstudio/cloudflare-list";
         apiToken: config.getOrThrow<string>('CLOUDFLARE_API_TOKEN'),
         accountId: config.getOrThrow<string>('CLOUDFLARE_ACCOUNT_ID'),
         listId: config.getOrThrow<string>('CLOUDFLARE_LIST_ID'),
-        comment: config.get<string>('CLOUDFLARE_LIST_COMMENT') || 'Blocked'
+        comment: config.get<string>('CLOUDFLARE_LIST_COMMENT') || 'Blocked',
+        logPath: config.get<string>('CLOUDFLARE_LIST_LOG_PATH') || '/var/log/nestjs-attacks.log',
       })
     }),
   ],
@@ -63,4 +65,4 @@ export class AppModule {}
 ```
 
 ## License
-This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
+This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.

package/dist/attacks.module.js

@@ -14,17 +14,19 @@ const core_1 = require("@nestjs/core");
 const filters_1 = require("./filters");
 const attacks_service_1 = require("./attacks.service");
 const middleware_1 = require("./middleware");
+const utils_1 = require("./utils");
 let CloudflareAttacksModule = CloudflareAttacksModule_1 = class CloudflareAttacksModule {
     configure(consumer) {
         consumer.apply(middleware_1.AttackLoggerMiddleware).forRoutes("*");
     }
     static forRoot(options) {
+        (0, utils_1.validateOptions)(options);
         return {
             module: CloudflareAttacksModule_1,
             imports: [axios_1.HttpModule],
             providers: [
                 {
-                    provide: "CLOUDFLARE_OPTIONS",
+                    provide: utils_1.CLOUDFLARE_OPTIONS,
                     useValue: options,
                 },
             ],
@@ -36,8 +38,12 @@ let CloudflareAttacksModule = CloudflareAttacksModule_1 = class CloudflareAttack
             imports: [axios_1.HttpModule, ...(options.imports || [])],
             providers: [
                 {
-                    provide: "CLOUDFLARE_OPTIONS",
-                    useFactory: options.useFactory,
+                    provide: utils_1.CLOUDFLARE_OPTIONS,
+                    useFactory: async (...args) => {
+                        const opts = await options.useFactory(...args);
+                        (0, utils_1.validateOptions)(opts);
+                        return opts;
+                    },
                     inject: options.inject || [],
                 },
             ],

package/dist/attacks.service.js

@@ -21,6 +21,7 @@ const common_1 = require("@nestjs/common");
 const axios_1 = require("@nestjs/axios");
 const axios_2 = __importDefault(require("axios"));
 const rxjs_1 = require("rxjs");
+const utils_1 = require("./utils");
 let AttacksService = class AttacksService {
     constructor(httpService, options) {
         this.httpService = httpService;
@@ -57,6 +58,6 @@ let AttacksService = class AttacksService {
 exports.AttacksService = AttacksService;
 exports.AttacksService = AttacksService = __decorate([
     (0, common_1.Injectable)(),
-    __param(1, (0, common_1.Inject)("CLOUDFLARE_OPTIONS")),
+    __param(1, (0, common_1.Inject)(utils_1.CLOUDFLARE_OPTIONS)),
     __metadata("design:paramtypes", [axios_1.HttpService, Object])
 ], AttacksService);

package/dist/filters/all-exceptions.filter.js

@@ -33,13 +33,13 @@ let AllExceptionsFilter = AllExceptionsFilter_1 = class AllExceptionsFilter {
             message,
             stack: exception instanceof Error ? exception.stack : undefined,
         };
-        const isMissingToken = message === "Invalid or missing token";
-        if (status >= 500) {
-            this.logger.error(`[${ip}] [${request.method}] ${request.url} → ${status}`, isMissingToken ? null : JSON.stringify(errorLog, null, 2));
-        }
-        else {
-            this.logger.warn(`[${ip}] [${request.method}] ${request.url} → ${status}`, isMissingToken ? null : JSON.stringify(errorLog, null, 2));
-        }
+        /* const isMissingToken = message === "Invalid or missing token"; */
+        this.logger.error(`[${ip}] [${request.method}] ${request.url} → ${status}`);
+        /*     if (status >= 500) {
+          this.logger.error(`[${ip}] [${request.method}] ${request.url} → ${status}`, isMissingToken ? null : JSON.stringify(errorLog, null, 2));
+        } else {
+          this.logger.warn(`[${ip}] [${request.method}] ${request.url} → ${status}`, isMissingToken ? null : JSON.stringify(errorLog, null, 2));
+        } */
         response.status(status).json({
             statusCode: status,
             timestamp: errorLog.timestamp,

package/dist/interfaces/cloudflare-attacks.interface.d.ts

@@ -3,6 +3,7 @@ export interface CloudflareAttacksOptions {
     accountId: string;
     listId: string;
     comment: string;
+    logPath: string;
 }
 export interface CloudflareAttacksAsyncOptions {
     imports?: any[];

package/dist/middleware/attack-logger.middleware.d.ts

@@ -1,17 +1,20 @@
-import { NestMiddleware } from "@nestjs/common";
-import { NextFunction, Request, Response } from "express";
+import { NestMiddleware, OnModuleDestroy } from "@nestjs/common";
 import { AttacksService } from "../attacks.service";
-export declare class AttackLoggerMiddleware implements NestMiddleware {
+import type { NextFunction, Request, Response } from "express";
+import type { CloudflareAttacksOptions } from "../interfaces";
+export declare class AttackLoggerMiddleware implements NestMiddleware, OnModuleDestroy {
     private readonly attSrv;
+    private readonly options;
     private readonly logger;
-    private readonly logPath;
     private readonly recentIps;
-    private readonly THROTTLE_MS;
-    private writeQueue;
-    constructor(attSrv: AttacksService);
+    private readonly throttleMs;
+    private readonly stream;
+    constructor(attSrv: AttacksService, options: CloudflareAttacksOptions);
     use(req: Request, res: Response, next: NextFunction): void;
-    private enqueue;
-    private processSuspiciousRequest;
+    private handleSuspicious;
     private isThrottled;
     private getClientIp;
+    private sanitize;
+    private ensureDirectoryExists;
+    onModuleDestroy(): void;
 }

package/dist/middleware/attack-logger.middleware.js

@@ -1,107 +1,83 @@
 "use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
 var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
     var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
     if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
     else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
     return c > 3 && r && Object.defineProperty(target, key, r), r;
 };
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
 var __metadata = (this && this.__metadata) || function (k, v) {
     if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 };
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+var AttackLoggerMiddleware_1;
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AttackLoggerMiddleware = void 0;
-const fs = __importStar(require("fs/promises"));
 const common_1 = require("@nestjs/common");
+const fs_1 = require("fs");
+const path_1 = require("path");
 const attacks_service_1 = require("../attacks.service");
-let AttackLoggerMiddleware = class AttackLoggerMiddleware {
-    constructor(attSrv) {
+const utils_1 = require("../utils");
+let AttackLoggerMiddleware = AttackLoggerMiddleware_1 = class AttackLoggerMiddleware {
+    constructor(attSrv, options) {
         this.attSrv = attSrv;
-        this.logger = new common_1.Logger("AttackLogger");
-        this.logPath = "/var/log/nestjs-attacks.log";
-        // Throttle per IP: evita flood verso Cloudflare
+        this.options = options;
+        this.logger = new common_1.Logger(AttackLoggerMiddleware_1.name);
         this.recentIps = new Map();
-        this.THROTTLE_MS = 5_000;
-        // Coda serializzata (fire-and-forget, non awaited dall'esterno)
-        this.writeQueue = Promise.resolve();
+        this.throttleMs = 5_000;
+        if (!options.logPath || typeof options.logPath !== "string") {
+            throw new Error("CloudflareAttacksOptions.logPath deve essere una stringa valida");
+        }
+        const absolutePath = (0, path_1.resolve)(options.logPath);
+        this.ensureDirectoryExists(absolutePath);
+        this.stream = (0, fs_1.createWriteStream)(absolutePath, {
+            flags: "a",
+            encoding: "utf8",
+            highWaterMark: 64 * 1024,
+        });
+        this.stream.on("error", (err) => {
+            this.logger.error(`Errore nello stream del log (${absolutePath}): ${err.message}`);
+        });
     }
     use(req, res, next) {
         res.on("finish", () => {
             if (res.statusCode === 404) {
-                this.enqueue(req);
+                this.handleSuspicious(req);
             }
         });
         next();
     }
-    enqueue(req) {
-        this.writeQueue = this.writeQueue
-            .then(() => this.processSuspiciousRequest(req))
-            .catch((err) => {
-            const msg = err instanceof Error ? err.message : "Unknown error";
-            this.logger.error(`Errore processing richiesta: ${msg}`);
-        });
-    }
-    async processSuspiciousRequest(req) {
+    handleSuspicious(req) {
         const ip = this.getClientIp(req);
-        if (ip === "unknown")
-            return;
-        if (this.isThrottled(ip))
+        if (!ip || this.isThrottled(ip))
             return;
-        const safeUrl = req.url.replace(/[\r\n]/g, "_");
-        const logEntry = `${new Date().toISOString()} [ATTACK] IP=${ip} METHOD=${req.method} URL=${safeUrl}\n`;
-        this.logger.debug(logEntry.trimEnd());
-        // Esegue in parallelo: log su file + update Cloudflare
-        await Promise.allSettled([
-            fs.appendFile(this.logPath, logEntry).catch((error) => {
-                const msg = error instanceof Error ? error.message : "FS Error";
-                this.logger.error(`Impossibile scrivere log su ${this.logPath}: ${msg}`);
-            }),
-            this.attSrv.updateIpList(ip).catch((error) => {
-                const msg = error instanceof Error ? error.message : "Service Error";
-                this.logger.error(`Impossibile aggiornare IP list: ${msg}`);
-            }),
-        ]);
+        const entry = {
+            timestamp: new Date().toISOString(),
+            type: "ATTACK",
+            ip,
+            method: req.method,
+            url: this.sanitize(req.url),
+        };
+        const line = JSON.stringify(entry) + "\n";
+        if (!this.stream.write(line)) {
+            this.stream.once("drain", () => {
+                this.logger.debug("Stream del log degli attacchi svuotato");
+            });
+        }
+        this.attSrv.updateIpList(ip).catch((err) => {
+            const msg = err instanceof Error ? err.message : "Errore sconosciuto";
+            ;
+            this.logger.error(`Aggiornamento Cloudflare fallito: ${msg}`);
+        });
     }
     isThrottled(ip) {
-        const now = Date.now();
-        const last = this.recentIps.get(ip);
-        if (last && now - last < this.THROTTLE_MS)
+        if (this.recentIps.has(ip))
             return true;
-        if (this.recentIps.size > 10_000)
-            this.recentIps.clear();
-        this.recentIps.set(ip, now);
+        const timeout = setTimeout(() => {
+            this.recentIps.delete(ip);
+        }, this.throttleMs);
+        this.recentIps.set(ip, timeout);
         return false;
     }
     getClientIp(req) {
@@ -115,11 +91,29 @@ let AttackLoggerMiddleware = class AttackLoggerMiddleware {
         if (typeof xForwardedFor === "string") {
             return xForwardedFor.split(",")[0].trim();
         }
-        return req.socket.remoteAddress ?? "unknown";
+        return req.socket.remoteAddress ?? null;
+    }
+    sanitize(value) {
+        return value.replace(/[\r\n]/g, "_");
+    }
+    ensureDirectoryExists(filePath) {
+        const dir = (0, path_1.dirname)(filePath);
+        if (!(0, fs_1.existsSync)(dir)) {
+            (0, fs_1.mkdirSync)(dir, { recursive: true });
+            this.logger.log(`Cartella dei log creata: ${dir}`);
+        }
+    }
+    onModuleDestroy() {
+        this.stream.end();
+        for (const timeout of this.recentIps.values()) {
+            clearTimeout(timeout);
+        }
+        this.recentIps.clear();
     }
 };
 exports.AttackLoggerMiddleware = AttackLoggerMiddleware;
-exports.AttackLoggerMiddleware = AttackLoggerMiddleware = __decorate([
+exports.AttackLoggerMiddleware = AttackLoggerMiddleware = AttackLoggerMiddleware_1 = __decorate([
     (0, common_1.Injectable)(),
-    __metadata("design:paramtypes", [attacks_service_1.AttacksService])
+    __param(1, (0, common_1.Inject)(utils_1.CLOUDFLARE_OPTIONS)),
+    __metadata("design:paramtypes", [attacks_service_1.AttacksService, Object])
 ], AttackLoggerMiddleware);

package/dist/utils/cloudflare.constants.d.ts

@@ -0,0 +1 @@
+export declare const CLOUDFLARE_OPTIONS: unique symbol;

package/dist/utils/cloudflare.constants.js

@@ -0,0 +1,4 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CLOUDFLARE_OPTIONS = void 0;
+exports.CLOUDFLARE_OPTIONS = Symbol('CLOUDFLARE_OPTIONS');

package/dist/utils/index.d.ts

@@ -1 +1,3 @@
+export * from './cloudflare.constants';
 export * from './get-client-ip.util';
+export * from './options.validator';

package/dist/utils/index.js

@@ -14,4 +14,6 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./cloudflare.constants"), exports);
 __exportStar(require("./get-client-ip.util"), exports);
+__exportStar(require("./options.validator"), exports);

package/dist/utils/options.validator.d.ts

@@ -0,0 +1,2 @@
+import type { CloudflareAttacksOptions } from "../interfaces";
+export declare function validateOptions(opzioni: CloudflareAttacksOptions): void;

package/dist/utils/options.validator.js

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validateOptions = validateOptions;
+function validateOptions(opzioni) {
+    if (!opzioni)
+        throw new Error("CloudflareAttacksOptions è obbligatorio");
+    const campiObbligatori = ["apiToken", "accountId", "listId", "comment", "logPath"];
+    for (const campo of campiObbligatori) {
+        const valore = opzioni[campo];
+        if (typeof valore !== "string" || valore.trim().length === 0) {
+            throw new Error(`CloudflareAttacksOptions.${campo} deve essere una stringa non vuota`);
+        }
+    }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@liberstudio/cloudflare-list",
-  "version": "2.0.14",
+  "version": "2.0.16",
   "description": "Modulo NestJS per gestione IP List Cloudflare",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",