First steps to implement a advanced-actions function to block recurring offenders before fail2ban

2026-04-19 06:53:14 +02:00 · 2025-11-18 15:02:50 +01:00
parent aa28738d43
commit 2fcc30b1b6
15 changed files with 1391 additions and 114 deletions
--- a/pkg/web/advanced_actions.go
+++ b/pkg/web/advanced_actions.go
@@ -0,0 +1,111 @@
+package web
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"log"
+	"strings"
+
+	"github.com/swissmakers/fail2ban-ui/internal/config"
+	"github.com/swissmakers/fail2ban-ui/internal/integrations"
+	"github.com/swissmakers/fail2ban-ui/internal/storage"
+)
+
+func evaluateAdvancedActions(ctx context.Context, settings config.AppSettings, server config.Fail2banServer, ip string) {
+	cfg := settings.AdvancedActions
+	if !cfg.Enabled || cfg.Threshold <= 0 || cfg.Integration == "" {
+		return
+	}
+
+	count, err := storage.CountBanEventsByIP(ctx, ip, server.ID)
+	if err != nil {
+		log.Printf("⚠️ Failed to count ban events for %s: %v", ip, err)
+		return
+	}
+	if int(count) < cfg.Threshold {
+		return
+	}
+
+	active, err := storage.IsPermanentBlockActive(ctx, ip, cfg.Integration)
+	if err != nil {
+		log.Printf("⚠️ Failed to check permanent block for %s: %v", ip, err)
+		return
+	}
+	if active {
+		return
+	}
+
+	if err := runAdvancedIntegrationAction(ctx, "block", ip, settings, server, map[string]any{
+		"reason":    "automatic_threshold",
+		"count":     count,
+		"threshold": cfg.Threshold,
+	}); err != nil {
+		log.Printf("⚠️ Failed to permanently block %s: %v", ip, err)
+	}
+}
+
+func runAdvancedIntegrationAction(ctx context.Context, action, ip string, settings config.AppSettings, server config.Fail2banServer, details map[string]any) error {
+	cfg := settings.AdvancedActions
+	if cfg.Integration == "" {
+		return fmt.Errorf("no integration configured")
+	}
+	integration, ok := integrations.Get(cfg.Integration)
+	if !ok {
+		return fmt.Errorf("integration %s not registered", cfg.Integration)
+	}
+
+	logger := func(format string, args ...interface{}) {
+		if settings.Debug {
+			log.Printf(format, args...)
+		}
+	}
+
+	req := integrations.Request{
+		Context: ctx,
+		IP:      ip,
+		Config:  cfg,
+		Server:  server,
+		Logger:  logger,
+	}
+
+	var err error
+	switch action {
+	case "block":
+		err = integration.BlockIP(req)
+	case "unblock":
+		err = integration.UnblockIP(req)
+	default:
+		return fmt.Errorf("unsupported action %s", action)
+	}
+
+	status := map[string]string{
+		"block":   "blocked",
+		"unblock": "unblocked",
+	}[action]
+
+	message := fmt.Sprintf("%s via %s", strings.Title(action), cfg.Integration)
+	if err != nil {
+		status = "error"
+		message = err.Error()
+	}
+
+	if details == nil {
+		details = map[string]any{}
+	}
+	details["action"] = action
+	detailsBytes, _ := json.Marshal(details)
+	rec := storage.PermanentBlockRecord{
+		IP:          ip,
+		Integration: cfg.Integration,
+		Status:      status,
+		Message:     message,
+		ServerID:    server.ID,
+		Details:     string(detailsBytes),
+	}
+	if err2 := storage.UpsertPermanentBlock(ctx, rec); err2 != nil {
+		log.Printf("⚠️ Failed to record permanent block entry: %v", err2)
+	}
+
+	return err
+}