add query to get recent URLs hit by a given IP address

Author: GyulyVGC

src/db/datastore_wrapper.rs

@@ -5,6 +5,7 @@ use crate::db::installation_code::InstallationCode;
 use crate::db::tables::DbTable;
 use crate::firewall::firewall::Firewall;
 use crate::proto::appguard::{AppGuardIpInfo, Log};
+use chrono::Utc;
 use ipnetwork::IpNetwork;
 use nullnet_libdatastore::{
     AdvanceFilter, BatchCreateBody, BatchCreateRequest, BatchDeleteBody, BatchDeleteRequest,
@@ -19,7 +20,9 @@ use nullnet_liberror::{location, Error, ErrorHandler, Location};
 use serde_json::{json, Value};
 use std::collections::HashMap;
 use std::net::IpAddr;
+use std::ops::Sub;
 use std::str::FromStr;
+use std::time::Duration;
 
 #[derive(Debug, Clone)]
 pub struct DatastoreWrapper {
@@ -1231,6 +1234,91 @@ impl DatastoreWrapper {
 
         Ok(id)
     }
+
+    pub async fn get_recent_urls_for_ip(
+        &self,
+        token: &str,
+        ip: IpAddr,
+        period: usize,
+    ) -> Result<Vec<String>, Error> {
+        let table = DbTable::HttpRequest.to_str();
+        let filter_1 = AdvanceFilter {
+            r#type: String::from("criteria"),
+            field: String::from("ip"),
+            operator: String::from("equal"),
+            entity: String::from(table),
+            values: format!("[\"{ip}\"]"),
+        };
+
+        let filter_2 = AdvanceFilter {
+            r#type: String::from("operator"),
+            field: String::new(),
+            operator: String::from("and"),
+            entity: String::new(),
+            values: String::new(),
+        };
+
+        let timestamp = Utc::now()
+            .sub(Duration::from_secs(
+                u64::try_from(period).handle_err(location!())?,
+            ))
+            .to_rfc3339();
+        let filter_3 = AdvanceFilter {
+            r#type: String::from("criteria"),
+            field: String::from("timestamp"),
+            operator: String::from("greater_than_or_equal"),
+            entity: String::from(table),
+            values: format!("[\"{timestamp}\"]"),
+        };
+
+        let request = GetByFilterRequest {
+            body: Some(GetByFilterBody {
+                pluck: vec!["id".into(), "original_url".into()],
+                advance_filters: vec![filter_1, filter_2, filter_3],
+                order_by: String::new(),
+                limit: i32::MAX,
+                offset: 0,
+                order_direction: String::new(),
+                joins: vec![],
+                multiple_sort: vec![],
+                pluck_object: HashMap::new(),
+                date_format: String::new(),
+                is_case_sensitive_sorting: true,
+            }),
+            params: Some(Params {
+                id: String::new(),
+                table: table.to_string(),
+                r#type: String::from("root"),
+            }),
+        };
+
+        let result = self.inner.clone().get_by_filter(request, token).await?.data;
+
+        Self::internal_recent_urls_for_ip_parse_response_data(result)
+    }
+
+    fn internal_recent_urls_for_ip_parse_response_data(data: String) -> Result<Vec<String>, Error> {
+        let array_val = serde_json::from_str::<serde_json::Value>(&data).handle_err(location!())?;
+        let array = array_val
+            .as_array()
+            .ok_or("Failed to parse response")
+            .handle_err(location!())?;
+
+        let mut ret_val = Vec::new();
+
+        for i in array {
+            let Some(map) = i.as_object() else { continue };
+            let Some(original_url_val) = map.get("original_url") else {
+                continue;
+            };
+            let Some(original_url) = original_url_val.as_str() else {
+                continue;
+            };
+            ret_val.push(original_url.to_string());
+        }
+
+        Ok(ret_val)
+    }
 }
 
 #[cfg(test)]

src/firewall/items/http_request.rs

@@ -40,7 +40,7 @@ impl HttpRequestField {
     //     }
     // }
 
-    fn get_compare_fields<'a>(
+    async fn get_compare_fields<'a>(
         &'a self,
         item: &'a AppGuardHttpRequest,
         context: &AppContext,
@@ -72,8 +72,11 @@ impl HttpRequestField {
                 .map(|user_agent| FirewallCompareType::String((user_agent, v))),
             HttpRequestField::HttpRequestRateLimit(rate_limit) => {
                 // TODO: only if matches this item's URL??
-                let db_urls = rate_limit.get_urls(context, item.get_remote_ip());
-                Some(FirewallCompareType::RateLimit((db_urls, rate_limit)))
+                rate_limit
+                    .get_urls(context, item.get_remote_ip())
+                    .await
+                    .ok()
+                    .map(|db_urls| FirewallCompareType::RateLimit((db_urls, rate_limit)))
             }
         }
     }
@@ -97,7 +100,7 @@ impl PredicateEvaluator for AppGuardHttpRequest {
         if let FirewallRuleField::HttpRequest(f) = &predicate.field {
             predicate
                 .condition
-                .compare(f.get_compare_fields(self, context))
+                .compare(f.get_compare_fields(self, context).await)
         } else {
             self.tcp_info
                 .as_ref()

src/firewall/rate_limit.rs

@@ -1,4 +1,5 @@
 use crate::app_context::AppContext;
+use nullnet_liberror::Error;
 use serde::{Deserialize, Serialize};
 use std::net::IpAddr;
 
@@ -10,9 +11,11 @@ pub struct RateLimit {
 }
 
 impl RateLimit {
-    // TODO!
-    pub fn get_urls(&self, ctx: &AppContext, ip: IpAddr) -> Vec<String> {
-        // get from datastore all the urls queried by this ip in the last period seconds
-        vec![]
+    pub async fn get_urls(&self, ctx: &AppContext, ip: IpAddr) -> Result<Vec<String>, Error> {
+        let token = ctx.root_token_provider.get().await?;
+        let jwt = &token.jwt;
+        ctx.datastore
+            .get_recent_urls_for_ip(jwt, ip, self.period)
+            .await
     }
 }