Baffle-WAF/baffle-hub
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

First commit!

Browse Source
This commit is contained in:
Dan Milne
2025-11-03 17:37:28 +11:00
commit 429d41eead
141 changed files with 5890 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
Dockerfile Normal file
View File

@@ -0,0 +1,76 @@
# syntax=docker/dockerfile:1
# check=error=true
# This Dockerfile is designed for production, not development. Use with Kamal or build'n'run by hand:
# docker build -t baffle_hub .
# docker run -d -p 80:80 -e RAILS_MASTER_KEY=<value from config/master.key> --name baffle_hub baffle_hub
# For a containerized dev environment, see Dev Containers: https://guides.rubyonrails.org/getting_started_with_devcontainer.html
# Make sure RUBY_VERSION matches the Ruby version in .ruby-version
ARG RUBY_VERSION=3.4.7
FROM docker.io/library/ruby:$RUBY_VERSION-slim AS base
# Rails app lives here
WORKDIR /rails
# Install base packages
RUN apt-get update -qq && \
apt-get install --no-install-recommends -y curl libjemalloc2 libvips sqlite3 && \
ln -s /usr/lib/$(uname -m)-linux-gnu/libjemalloc.so.2 /usr/local/lib/libjemalloc.so && \
rm -rf /var/lib/apt/lists /var/cache/apt/archives
# Set production environment variables and enable jemalloc for reduced memory usage and latency.
ENV RAILS_ENV="production" \
BUNDLE_DEPLOYMENT="1" \
BUNDLE_PATH="/usr/local/bundle" \
BUNDLE_WITHOUT="development" \
LD_PRELOAD="/usr/local/lib/libjemalloc.so"
# Throw-away build stage to reduce size of final image
FROM base AS build
# Install packages needed to build gems
RUN apt-get update -qq && \
apt-get install --no-install-recommends -y build-essential git libyaml-dev pkg-config && \
rm -rf /var/lib/apt/lists /var/cache/apt/archives
# Install application gems
COPY Gemfile Gemfile.lock vendor ./
RUN bundle install && \
rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git && \
# -j 1 disable parallel compilation to avoid a QEMU bug: https://github.com/rails/bootsnap/issues/495
bundle exec bootsnap precompile -j 1 --gemfile
# Copy application code
COPY . .
# Precompile bootsnap code for faster boot times.
# -j 1 disable parallel compilation to avoid a QEMU bug: https://github.com/rails/bootsnap/issues/495
RUN bundle exec bootsnap precompile -j 1 app/ lib/
# Precompiling assets for production without requiring secret RAILS_MASTER_KEY
RUN SECRET_KEY_BASE_DUMMY=1 ./bin/rails assets:precompile
# Final stage for app image
FROM base
# Run and own only the runtime files as a non-root user for security
RUN groupadd --system --gid 1000 rails && \
useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash
USER 1000:1000
# Copy built artifacts: gems, application
COPY --chown=rails:rails --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}"
COPY --chown=rails:rails --from=build /rails /rails
# Entrypoint prepares the database.
ENTRYPOINT ["/rails/bin/docker-entrypoint"]
# Start server via Thruster by default, this can be overwritten at runtime
EXPOSE 80
CMD ["./bin/thrust", "./bin/rails", "server"]

71
Gemfile Normal file
View File

@@ -0,0 +1,71 @@
source "https://rubygems.org"
# Bundle edge Rails instead: gem "rails", github: "rails/rails", branch: "main"
gem "rails", "~> 8.1.1"
# The modern asset pipeline for Rails [https://github.com/rails/propshaft]
gem "propshaft"
# Use sqlite3 as the database for Active Record
gem "sqlite3", ">= 2.1"
# Use the Puma web server [https://github.com/puma/puma]
gem "puma", ">= 5.0"
# Use JavaScript with ESM import maps [https://github.com/rails/importmap-rails]
gem "importmap-rails"
# Hotwire's SPA-like page accelerator [https://turbo.hotwired.dev]
gem "turbo-rails"
# Hotwire's modest JavaScript framework [https://stimulus.hotwired.dev]
gem "stimulus-rails"
# Use Tailwind CSS [https://github.com/rails/tailwindcss-rails]
gem "tailwindcss-rails"
# Build JSON APIs with ease [https://github.com/rails/jbuilder]
gem "jbuilder"
# Use Active Model has_secure_password [https://guides.rubyonrails.org/active_model_basics.html#securepassword]
# gem "bcrypt", "~> 3.1.7"
# Windows does not include zoneinfo files, so bundle the tzinfo-data gem
gem "tzinfo-data", platforms: %i[ windows jruby ]
# Use the database-backed adapters for Rails.cache, Active Job, and Action Cable
gem "solid_cache"
gem "solid_queue"
gem "solid_cable"
# Reduces boot times through caching; required in config/boot.rb
gem "bootsnap", require: false
# Deploy this application anywhere as a Docker container [https://kamal-deploy.org]
gem "kamal", require: false
# Add HTTP asset caching/compression and X-Sendfile acceleration to Puma [https://github.com/basecamp/thruster/]
gem "thruster", require: false
# Use Active Storage variants [https://guides.rubyonrails.org/active_storage_overview.html#transforming-images]
gem "image_processing", "~> 1.2"
# Pagination
gem "pagy"
group :development, :test do
# See https://guides.rubyonrails.org/debugging_rails_applications.html#debugging-with-the-debug-gem
gem "debug", platforms: %i[ mri windows ], require: "debug/prelude"
# Audits gems for known security defects (use config/bundler-audit.yml to ignore issues)
gem "bundler-audit", require: false
# Static analysis for security vulnerabilities [https://brakemanscanner.org/]
gem "brakeman", require: false
# Omakase Ruby styling [https://github.com/rails/rubocop-rails-omakase/]
gem "rubocop-rails-omakase", require: false
end
group :development do
# Use console on exceptions pages [https://github.com/rails/web-console]
gem "web-console"
end
group :test do
# Use system testing [https://guides.rubyonrails.org/testing.html#system-testing]
gem "capybara"
gem "selenium-webdriver"
end

427
Gemfile.lock Normal file
View File

@@ -0,0 +1,427 @@
GEM
remote: https://rubygems.org/
specs:
action_text-trix (2.1.15)
railties
actioncable (8.1.1)
actionpack (= 8.1.1)
activesupport (= 8.1.1)
nio4r (~> 2.0)
websocket-driver (>= 0.6.1)
zeitwerk (~> 2.6)
actionmailbox (8.1.1)
actionpack (= 8.1.1)
activejob (= 8.1.1)
activerecord (= 8.1.1)
activestorage (= 8.1.1)
activesupport (= 8.1.1)
mail (>= 2.8.0)
actionmailer (8.1.1)
actionpack (= 8.1.1)
actionview (= 8.1.1)
activejob (= 8.1.1)
activesupport (= 8.1.1)
mail (>= 2.8.0)
rails-dom-testing (~> 2.2)
actionpack (8.1.1)
actionview (= 8.1.1)
activesupport (= 8.1.1)
nokogiri (>= 1.8.5)
rack (>= 2.2.4)
rack-session (>= 1.0.1)
rack-test (>= 0.6.3)
rails-dom-testing (~> 2.2)
rails-html-sanitizer (~> 1.6)
useragent (~> 0.16)
actiontext (8.1.1)
action_text-trix (~> 2.1.15)
actionpack (= 8.1.1)
activerecord (= 8.1.1)
activestorage (= 8.1.1)
activesupport (= 8.1.1)
globalid (>= 0.6.0)
nokogiri (>= 1.8.5)
actionview (8.1.1)
activesupport (= 8.1.1)
builder (~> 3.1)
erubi (~> 1.11)
rails-dom-testing (~> 2.2)
rails-html-sanitizer (~> 1.6)
activejob (8.1.1)
activesupport (= 8.1.1)
globalid (>= 0.3.6)
activemodel (8.1.1)
activesupport (= 8.1.1)
activerecord (8.1.1)
activemodel (= 8.1.1)
activesupport (= 8.1.1)
timeout (>= 0.4.0)
activestorage (8.1.1)
actionpack (= 8.1.1)
activejob (= 8.1.1)
activerecord (= 8.1.1)
activesupport (= 8.1.1)
marcel (~> 1.0)
activesupport (8.1.1)
base64
bigdecimal
concurrent-ruby (~> 1.0, >= 1.3.1)
connection_pool (>= 2.2.5)
drb
i18n (>= 1.6, < 2)
json
logger (>= 1.4.2)
minitest (>= 5.1)
securerandom (>= 0.3)
tzinfo (~> 2.0, >= 2.0.5)
uri (>= 0.13.1)
addressable (2.8.7)
public_suffix (>= 2.0.2, < 7.0)
ast (2.4.3)
base64 (0.3.0)
bcrypt_pbkdf (1.1.1)
bigdecimal (3.3.1)
bindex (0.8.1)
bootsnap (1.18.6)
msgpack (~> 1.2)
brakeman (7.1.0)
racc
builder (3.3.0)
bundler-audit (0.9.2)
bundler (>= 1.2.0, < 3)
thor (~> 1.0)
capybara (3.40.0)
addressable
matrix
mini_mime (>= 0.1.3)
nokogiri (~> 1.11)
rack (>= 1.6.0)
rack-test (>= 0.6.3)
regexp_parser (>= 1.5, < 3.0)
xpath (~> 3.2)
concurrent-ruby (1.3.5)
connection_pool (2.5.4)
crass (1.0.6)
date (3.5.0)
debug (1.11.0)
irb (~> 1.10)
reline (>= 0.3.8)
dotenv (3.1.8)
drb (2.2.3)
ed25519 (1.4.0)
erb (5.1.3)
erubi (1.13.1)
et-orbi (1.4.0)
tzinfo
ffi (1.17.2-aarch64-linux-gnu)
ffi (1.17.2-aarch64-linux-musl)
ffi (1.17.2-arm-linux-gnu)
ffi (1.17.2-arm-linux-musl)
ffi (1.17.2-arm64-darwin)
ffi (1.17.2-x86_64-linux-gnu)
ffi (1.17.2-x86_64-linux-musl)
fugit (1.12.1)
et-orbi (~> 1.4)
raabro (~> 1.4)
globalid (1.3.0)
activesupport (>= 6.1)
i18n (1.14.7)
concurrent-ruby (~> 1.0)
image_processing (1.14.0)
mini_magick (>= 4.9.5, < 6)
ruby-vips (>= 2.0.17, < 3)
importmap-rails (2.2.2)
actionpack (>= 6.0.0)
activesupport (>= 6.0.0)
railties (>= 6.0.0)
io-console (0.8.1)
irb (1.15.3)
pp (>= 0.6.0)
rdoc (>= 4.0.0)
reline (>= 0.4.2)
jbuilder (2.14.1)
actionview (>= 7.0.0)
activesupport (>= 7.0.0)
json (2.15.2)
kamal (2.8.2)
activesupport (>= 7.0)
base64 (~> 0.2)
bcrypt_pbkdf (~> 1.0)
concurrent-ruby (~> 1.2)
dotenv (~> 3.1)
ed25519 (~> 1.4)
net-ssh (~> 7.3)
sshkit (>= 1.23.0, < 2.0)
thor (~> 1.3)
zeitwerk (>= 2.6.18, < 3.0)
language_server-protocol (3.17.0.5)
lint_roller (1.1.0)
logger (1.7.0)
loofah (2.24.1)
crass (~> 1.0.2)
nokogiri (>= 1.12.0)
mail (2.9.0)
logger
mini_mime (>= 0.1.1)
net-imap
net-pop
net-smtp
marcel (1.1.0)
matrix (0.4.3)
mini_magick (5.3.1)
logger
mini_mime (1.1.5)
minitest (5.26.0)
msgpack (1.8.0)
net-imap (0.5.12)
date
net-protocol
net-pop (0.1.2)
net-protocol
net-protocol (0.2.2)
timeout
net-scp (4.1.0)
net-ssh (>= 2.6.5, < 8.0.0)
net-sftp (4.0.0)
net-ssh (>= 5.0.0, < 8.0.0)
net-smtp (0.5.1)
net-protocol
net-ssh (7.3.0)
nio4r (2.7.5)
nokogiri (1.18.10-aarch64-linux-gnu)
racc (~> 1.4)
nokogiri (1.18.10-aarch64-linux-musl)
racc (~> 1.4)
nokogiri (1.18.10-arm-linux-gnu)
racc (~> 1.4)
nokogiri (1.18.10-arm-linux-musl)
racc (~> 1.4)
nokogiri (1.18.10-arm64-darwin)
racc (~> 1.4)
nokogiri (1.18.10-x86_64-linux-gnu)
racc (~> 1.4)
nokogiri (1.18.10-x86_64-linux-musl)
racc (~> 1.4)
ostruct (0.6.3)
pagy (9.4.0)
parallel (1.27.0)
parser (3.3.10.0)
ast (~> 2.4.1)
racc
pp (0.6.3)
prettyprint
prettyprint (0.2.0)
prism (1.6.0)
propshaft (1.3.1)
actionpack (>= 7.0.0)
activesupport (>= 7.0.0)
rack
psych (5.2.6)
date
stringio
public_suffix (6.0.2)
puma (7.1.0)
nio4r (~> 2.0)
raabro (1.4.0)
racc (1.8.1)
rack (3.2.3)
rack-session (2.1.1)
base64 (>= 0.1.0)
rack (>= 3.0.0)
rack-test (2.2.0)
rack (>= 1.3)
rackup (2.2.1)
rack (>= 3)
rails (8.1.1)
actioncable (= 8.1.1)
actionmailbox (= 8.1.1)
actionmailer (= 8.1.1)
actionpack (= 8.1.1)
actiontext (= 8.1.1)
actionview (= 8.1.1)
activejob (= 8.1.1)
activemodel (= 8.1.1)
activerecord (= 8.1.1)
activestorage (= 8.1.1)
activesupport (= 8.1.1)
bundler (>= 1.15.0)
railties (= 8.1.1)
rails-dom-testing (2.3.0)
activesupport (>= 5.0.0)
minitest
nokogiri (>= 1.6)
rails-html-sanitizer (1.6.2)
loofah (~> 2.21)
nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0)
railties (8.1.1)
actionpack (= 8.1.1)
activesupport (= 8.1.1)
irb (~> 1.13)
rackup (>= 1.0.0)
rake (>= 12.2)
thor (~> 1.0, >= 1.2.2)
tsort (>= 0.2)
zeitwerk (~> 2.6)
rainbow (3.1.1)
rake (13.3.1)
rdoc (6.15.1)
erb
psych (>= 4.0.0)
tsort
regexp_parser (2.11.3)
reline (0.6.2)
io-console (~> 0.5)
rexml (3.4.4)
rubocop (1.81.7)
json (~> 2.3)
language_server-protocol (~> 3.17.0.2)
lint_roller (~> 1.1.0)
parallel (~> 1.10)
parser (>= 3.3.0.2)
rainbow (>= 2.2.2, < 4.0)
regexp_parser (>= 2.9.3, < 3.0)
rubocop-ast (>= 1.47.1, < 2.0)
ruby-progressbar (~> 1.7)
unicode-display_width (>= 2.4.0, < 4.0)
rubocop-ast (1.47.1)
parser (>= 3.3.7.2)
prism (~> 1.4)
rubocop-performance (1.26.1)
lint_roller (~> 1.1)
rubocop (>= 1.75.0, < 2.0)
rubocop-ast (>= 1.47.1, < 2.0)
rubocop-rails (2.33.4)
activesupport (>= 4.2.0)
lint_roller (~> 1.1)
rack (>= 1.1)
rubocop (>= 1.75.0, < 2.0)
rubocop-ast (>= 1.44.0, < 2.0)
rubocop-rails-omakase (1.1.0)
rubocop (>= 1.72)
rubocop-performance (>= 1.24)
rubocop-rails (>= 2.30)
ruby-progressbar (1.13.0)
ruby-vips (2.2.5)
ffi (~> 1.12)
logger
rubyzip (3.2.1)
securerandom (0.4.1)
selenium-webdriver (4.38.0)
base64 (~> 0.2)
logger (~> 1.4)
rexml (~> 3.2, >= 3.2.5)
rubyzip (>= 1.2.2, < 4.0)
websocket (~> 1.0)
solid_cable (3.0.12)
actioncable (>= 7.2)
activejob (>= 7.2)
activerecord (>= 7.2)
railties (>= 7.2)
solid_cache (1.0.8)
activejob (>= 7.2)
activerecord (>= 7.2)
railties (>= 7.2)
solid_queue (1.2.4)
activejob (>= 7.1)
activerecord (>= 7.1)
concurrent-ruby (>= 1.3.1)
fugit (~> 1.11)
railties (>= 7.1)
thor (>= 1.3.1)
sqlite3 (2.7.4-aarch64-linux-gnu)
sqlite3 (2.7.4-aarch64-linux-musl)
sqlite3 (2.7.4-arm-linux-gnu)
sqlite3 (2.7.4-arm-linux-musl)
sqlite3 (2.7.4-arm64-darwin)
sqlite3 (2.7.4-x86_64-linux-gnu)
sqlite3 (2.7.4-x86_64-linux-musl)
sshkit (1.24.0)
base64
logger
net-scp (>= 1.1.2)
net-sftp (>= 2.1.2)
net-ssh (>= 2.8.0)
ostruct
stimulus-rails (1.3.4)
railties (>= 6.0.0)
stringio (3.1.7)
tailwindcss-rails (4.4.0)
railties (>= 7.0.0)
tailwindcss-ruby (~> 4.0)
tailwindcss-ruby (4.1.16)
tailwindcss-ruby (4.1.16-aarch64-linux-gnu)
tailwindcss-ruby (4.1.16-aarch64-linux-musl)
tailwindcss-ruby (4.1.16-arm64-darwin)
tailwindcss-ruby (4.1.16-x86_64-linux-gnu)
tailwindcss-ruby (4.1.16-x86_64-linux-musl)
thor (1.4.0)
thruster (0.1.16)
thruster (0.1.16-aarch64-linux)
thruster (0.1.16-arm64-darwin)
thruster (0.1.16-x86_64-linux)
timeout (0.4.4)
tsort (0.2.0)
turbo-rails (2.0.20)
actionpack (>= 7.1.0)
railties (>= 7.1.0)
tzinfo (2.0.6)
concurrent-ruby (~> 1.0)
unicode-display_width (3.2.0)
unicode-emoji (~> 4.1)
unicode-emoji (4.1.0)
uri (1.1.0)
useragent (0.16.11)
web-console (4.2.1)
actionview (>= 6.0.0)
activemodel (>= 6.0.0)
bindex (>= 0.4.0)
railties (>= 6.0.0)
websocket (1.2.11)
websocket-driver (0.8.0)
base64
websocket-extensions (>= 0.1.0)
websocket-extensions (0.1.5)
xpath (3.2.0)
nokogiri (~> 1.8)
zeitwerk (2.7.3)
PLATFORMS
aarch64-linux
aarch64-linux-gnu
aarch64-linux-musl
arm-linux-gnu
arm-linux-musl
arm64-darwin-24
x86_64-linux
x86_64-linux-gnu
x86_64-linux-musl
DEPENDENCIES
bootsnap
brakeman
bundler-audit
capybara
debug
image_processing (~> 1.2)
importmap-rails
jbuilder
kamal
pagy
propshaft
puma (>= 5.0)
rails (~> 8.1.1)
rubocop-rails-omakase
selenium-webdriver
solid_cable
solid_cache
solid_queue
sqlite3 (>= 2.1)
stimulus-rails
tailwindcss-rails
thruster
turbo-rails
tzinfo-data
web-console
BUNDLED WITH
2.6.9

2
Procfile.dev Normal file
View File

@@ -0,0 +1,2 @@
web: bin/rails server -b 0.0.0.0 -p 3041
css: bin/rails tailwindcss:watch

24
README.md Normal file
View File

@@ -0,0 +1,24 @@
# README
This README would normally document whatever steps are necessary to get the
application up and running.
Things you may want to cover:
* Ruby version
* System dependencies
* Configuration
* Database creation
* Database initialization
* How to run the test suite
* Services (job queues, cache servers, search engines, etc.)
* Deployment instructions
* ...

6
Rakefile Normal file
View File

@@ -0,0 +1,6 @@
# Add your own tasks in files placed in lib/tasks ending in .rake,
# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
require_relative "config/application"
Rails.application.load_tasks

0
app/assets/builds/.keep Normal file
View File

0
app/assets/images/.keep Normal file
View File

10
app/assets/stylesheets/application.css Normal file
View File

@@ -0,0 +1,10 @@
/*
* This is a manifest file that'll be compiled into application.css.
*
* With Propshaft, assets are served efficiently without preprocessing steps. You can still include
* application-wide styles in this file, but keep in mind that CSS precedence will follow the standard
* cascading order, meaning styles declared later in the document or manifest will override earlier ones,
* depending on specificity.
*
* Consider organizing styles into separate files for maintainability.
*/

1
app/assets/tailwind/application.css Normal file
View File

@@ -0,0 +1 @@
@import "tailwindcss";

75
app/controllers/api/events_controller.rb Normal file
View File

@@ -0,0 +1,75 @@
# frozen_string_literal: true
class Api::EventsController < ApplicationController
skip_before_action :verify_authenticity_token
# POST /api/:project_id/events
def create
project = authenticate_project!
return head :not_found unless project
# Parse the incoming WAF event data
event_data = parse_event_data(request)
# Create event asynchronously
ProcessWafEventJob.perform_later(
project_id: project.id,
event_data: event_data,
headers: extract_serializable_headers(request)
)
# Always return 200 OK to avoid agent retries
head :ok
rescue DsnAuthenticationService::AuthenticationError => e
Rails.logger.warn "DSN authentication failed: #{e.message}"
head :unauthorized
rescue JSON::ParserError => e
Rails.logger.error "Invalid JSON in event data: #{e.message}"
head :bad_request
end
private
def authenticate_project!
DsnAuthenticationService.authenticate(request, params[:project_id])
end
def parse_event_data(request)
# Handle different content types
content_type = request.content_type || "application/json"
case content_type
when /application\/json/
JSON.parse(request.body.read)
when /application\/x-www-form-urlencoded/
# Convert form data to JSON-like hash
request.request_parameters
else
# Try to parse as JSON anyway
JSON.parse(request.body.read)
end
rescue => e
Rails.logger.error "Failed to parse event data: #{e.message}"
{}
ensure
request.body.rewind if request.body.respond_to?(:rewind)
end
def extract_serializable_headers(request)
# Only extract the headers we need for analytics, avoiding IO objects
important_headers = %w[
User-Agent Content-Type Content-Length Accept
X-Forwarded-For X-Real-IP X-Forwarded-Proto
Authorization X-Baffle-Auth X-Sentry-Auth
Referer Accept-Language Accept-Encoding
]
headers = {}
important_headers.each do |header|
value = request.headers[header]
headers[header] = value if value.present?
end
headers
end
end

9
app/controllers/application_controller.rb Normal file
View File

@@ -0,0 +1,9 @@
class ApplicationController < ActionController::Base
# Only allow modern browsers supporting webp images, web push, badges, import maps, CSS nesting, and CSS :has.
allow_browser versions: :modern
# Changes to the importmap will invalidate the etag for HTML responses
stale_when_importmap_changes
include Pagy::Backend
end

0
app/controllers/concerns/.keep Normal file
View File

33
app/controllers/events_controller.rb Normal file
View File

@@ -0,0 +1,33 @@
# frozen_string_literal: true
class EventsController < ApplicationController
before_action :set_project
def index
@events = @project.events.order(timestamp: :desc)
Rails.logger.debug "Found project? #{@project.name} / #{@project.events.count} / #{@events.count}"
Rails.logger.debug "Action: #{params[:waf_action]}"
# Apply filters
@events = @events.by_ip(params[:ip]) if params[:ip].present?
@events = @events.by_waf_action(params[:waf_action]) if params[:waf_action].present?
@events = @events.where(country_code: params[:country]) if params[:country].present?
Rails.logger.debug "after filter #{@project.name} / #{@project.events.count} / #{@events.count}"
# Debug info
Rails.logger.debug "Events count before pagination: #{@events.count}"
Rails.logger.debug "Project: #{@project&.name} (ID: #{@project&.id})"
# Paginate
@pagy, @events = pagy(@events, items: 50)
Rails.logger.debug "Events count after pagination: #{@events.count}"
Rails.logger.debug "Pagy info: #{@pagy.count} total, #{@pagy.pages} pages"
end
private
def set_project
@project = Project.find(params[:project_id]) || Project.find_by(slug: params[:project_id])
redirect_to projects_path, alert: "Project not found" unless @project
end
end

99
app/controllers/projects_controller.rb Normal file
View File

@@ -0,0 +1,99 @@
# frozen_string_literal: true
class ProjectsController < ApplicationController
before_action :set_project, only: [:show, :edit, :update, :events, :analytics]
def index
@projects = Project.order(created_at: :desc)
end
def show
@recent_events = @project.recent_events(limit: 10)
@event_count = @project.event_count(24.hours.ago)
@blocked_count = @project.blocked_count(24.hours.ago)
@waf_status = @project.waf_status
end
def new
@project = Project.new
end
def create
@project = Project.new(project_params)
if @project.save
redirect_to @project, notice: "Project was successfully created. Use this DSN for your baffle-agent: #{@project.dsn}"
else
render :new, status: :unprocessable_entity
end
end
def edit
end
def update
if @project.update(project_params)
redirect_to @project, notice: "Project was successfully updated."
else
render :edit, status: :unprocessable_entity
end
end
def events
@events = @project.events.recent.includes(:project)
# Apply filters
@events = @events.by_ip(params[:ip]) if params[:ip].present?
@events = @events.by_action(params[:action]) if params[:action].present?
@events = @events.where(country_code: params[:country]) if params[:country].present?
# Debug info
Rails.logger.debug "Events count before pagination: #{@events.count}"
Rails.logger.debug "Project: #{@project&.name} (ID: #{@project&.id})"
# Paginate
@pagy, @events = pagy(@events, items: 50)
Rails.logger.debug "Events count after pagination: #{@events.count}"
Rails.logger.debug "Pagy info: #{@pagy.count} total, #{@pagy.pages} pages"
end
def analytics
@time_range = params[:time_range]&.to_i || 24 # hours
# Basic analytics
@total_events = @project.event_count(@time_range.hours.ago)
@blocked_events = @project.blocked_count(@time_range.hours.ago)
@allowed_events = @project.allowed_count(@time_range.hours.ago)
# Top blocked IPs
@top_blocked_ips = @project.top_blocked_ips(limit: 10, time_range: @time_range.hours.ago)
# Country distribution
@country_stats = @project.events
.where(timestamp: @time_range.hours.ago..Time.current)
.where.not(country_code: nil)
.group(:country_code)
.select('country_code, COUNT(*) as count')
.order('count DESC')
.limit(10)
# Action distribution
@action_stats = @project.events
.where(timestamp: @time_range.hours.ago..Time.current)
.group(:action)
.select('action, COUNT(*) as count')
.order('count DESC')
end
private
def set_project
@project = Project.find_by(slug: params[:id]) || Project.find_by(id: params[:id])
redirect_to projects_path, alert: "Project not found" unless @project
end
def project_params
params.require(:project).permit(:name, :enabled, settings: {})
end
end

53
app/controllers/rule_sets_controller.rb Normal file
View File

@@ -0,0 +1,53 @@
# frozen_string_literal: true
class RuleSetsController < ApplicationController
before_action :set_rule_set, only: [:show, :edit, :update, :push_to_agents]
def index
@rule_sets = RuleSet.includes(:rules).by_priority
end
def show
@rules = @rule_set.rules.includes(:rule_set).by_priority
end
def new
@rule_set = RuleSet.new
end
def create
@rule_set = RuleSet.new(rule_set_params)
if @rule_set.save
redirect_to @rule_set, notice: "Rule set was successfully created."
else
render :new, status: :unprocessable_entity
end
end
def edit
end
def update
if @rule_set.update(rule_set_params)
redirect_to @rule_set, notice: "Rule set was successfully updated."
else
render :edit, status: :unprocessable_entity
end
end
def push_to_agents
@rule_set.push_to_agents!
redirect_to @rule_set, notice: "Rule set pushed to agents successfully."
end
private
def set_rule_set
@rule_set = RuleSet.find_by(slug: params[:id]) || RuleSet.find(params[:id])
end
def rule_set_params
params.require(:rule_set).permit(:name, :description, :enabled, :priority)
end
end

3
app/helpers/application_helper.rb Normal file
View File

@@ -0,0 +1,3 @@
module ApplicationHelper
include Pagy::Frontend if defined?(Pagy)
end

3
app/javascript/application.js Normal file
View File

@@ -0,0 +1,3 @@
// Configure your import map in config/importmap.rb. Read more: https://github.com/rails/importmap-rails
import "@hotwired/turbo-rails"
import "controllers"

9
app/javascript/controllers/application.js Normal file
View File

@@ -0,0 +1,9 @@
import { Application } from "@hotwired/stimulus"
const application = Application.start()
// Configure Stimulus development experience
application.debug = false
window.Stimulus = application
export { application }

7
app/javascript/controllers/hello_controller.js Normal file
View File

@@ -0,0 +1,7 @@
import { Controller } from "@hotwired/stimulus"
export default class extends Controller {
connect() {
this.element.textContent = "Hello World!"
}
}

4
app/javascript/controllers/index.js Normal file
View File

@@ -0,0 +1,4 @@
// Import and register all your controllers from the importmap via controllers/**/*_controller
import { application } from "controllers/application"
import { eagerLoadControllersFrom } from "@hotwired/stimulus-loading"
eagerLoadControllersFrom("controllers", application)

7
app/jobs/application_job.rb Normal file
View File

@@ -0,0 +1,7 @@
class ApplicationJob < ActiveJob::Base
# Automatically retry jobs that encountered a deadlock
# retry_on ActiveRecord::Deadlocked
# Most jobs are safe to ignore if the underlying records are no longer available
# discard_on ActiveJob::DeserializationError
end

87
app/jobs/event_normalization_job.rb Normal file
View File

@@ -0,0 +1,87 @@
# frozen_string_literal: true
class EventNormalizationJob < ApplicationJob
queue_as :default
# Normalize all existing events
def perform_all_events(batch_size: 1000)
total_events = Event.where(request_host_id: nil).count
Rails.logger.info "Starting normalization of #{total_events} events"
offset = 0
processed = 0
loop do
events = Event.where(request_host_id: nil)
.limit(batch_size)
.offset(offset)
.includes(:project)
break if events.empty?
events.each do |event|
begin
EventNormalizer.normalize_event!(event)
event.save!
processed += 1
rescue => e
Rails.logger.error "Failed to normalize event #{event.id}: #{e.message}"
end
end
Rails.logger.info "Processed #{processed}/#{total_events} events"
offset += batch_size
end
Rails.logger.info "Completed normalization of #{processed} events"
end
# Normalize a specific event
def perform(event_id)
event = Event.find(event_id)
EventNormalizer.normalize_event!(event)
event.save!
Rails.logger.info "Successfully normalized event #{event_id}"
rescue ActiveRecord::RecordNotFound
Rails.logger.error "Event #{event_id} not found for normalization"
rescue => e
Rails.logger.error "Failed to normalize event #{event_id}: #{e.message}"
raise
end
# Normalize events for a specific project
def perform_for_project(project_id, batch_size: 1000)
project = Project.find(project_id)
total_events = project.events.where(request_host_id: nil).count
Rails.logger.info "Starting normalization of #{total_events} events for project #{project.name}"
offset = 0
processed = 0
loop do
events = project.events
.where(request_host_id: nil)
.limit(batch_size)
.offset(offset)
break if events.empty?
events.each do |event|
begin
EventNormalizer.normalize_event!(event)
event.save!
processed += 1
rescue => e
Rails.logger.error "Failed to normalize event #{event.id}: #{e.message}"
end
end
Rails.logger.info "Processed #{processed}/#{total_events} events for project #{project.name}"
offset += batch_size
end
Rails.logger.info "Completed normalization of #{processed} events for project #{project.name}"
end
end

171
app/jobs/generate_waf_rules_job.rb Normal file
View File

@@ -0,0 +1,171 @@
# frozen_string_literal: true
class GenerateWafRulesJob < ApplicationJob
queue_as :waf_rules
def perform(project_id:, event_id:)
project = Project.find(project_id)
event = Event.find(event_id)
# Only analyze blocked events for rule generation
return unless event.blocked?
# Generate different types of rules based on patterns
generate_ip_rules(project, event)
generate_path_rules(project, event)
generate_user_agent_rules(project, event)
generate_parameter_rules(project, event)
# Notify project of new rules
project.broadcast_rules_refresh
rescue => e
Rails.logger.error "Error generating WAF rules: #{e.message}"
Rails.logger.error e.backtrace.join("\n")
end
private
def generate_ip_rules(project, event)
return unless event.ip_address.present?
# Check if this IP has multiple violations
violation_count = project.events
.by_ip(event.ip_address)
.blocked
.where(timestamp: 24.hours.ago..Time.current)
.count
# Auto-block IPs with 10+ violations in 24 hours
if violation_count >= 10 && !project.blocked_ips.include?(event.ip_address)
project.add_ip_rule(
event.ip_address,
'block',
expires_at: 7.days.from_now,
reason: "Auto-generated: #{violation_count} violations in 24 hours"
)
Rails.logger.info "Auto-blocked IP #{event.ip_address} for project #{project.slug}"
end
end
def generate_path_rules(project, event)
return unless event.request_path.present?
# Look for repeated attack patterns on specific paths
path_violations = project.events
.where(request_path: event.request_path)
.blocked
.where(timestamp: 1.hour.ago..Time.current)
.count
# Suggest path rules if 20+ violations on same path
if path_violations >= 20
suggest_path_rule(project, event.request_path, path_violations)
end
end
def generate_user_agent_rules(project, event)
return unless event.user_agent.present?
# Look for malicious user agents
ua_violations = project.events
.by_user_agent(event.user_agent)
.blocked
.where(timestamp: 1.hour.ago..Time.current)
.count
# Suggest user agent rules if 15+ violations from same UA
if ua_violations >= 15
suggest_user_agent_rule(project, event.user_agent, ua_violations)
end
end
def generate_parameter_rules(project, event)
params = event.query_params
return unless params.present?
# Look for suspicious parameter patterns
params.each do |key, value|
next unless value.is_a?(String)
# Check for common attack patterns in parameter values
if contains_attack_pattern?(value)
param_violations = project.events
.where("payload LIKE ?", "%#{key}%#{value}%")
.blocked
.where(timestamp: 6.hours.ago..Time.current)
.count
if param_violations >= 5
suggest_parameter_rule(project, key, value, param_violations)
end
end
end
end
def suggest_path_rule(project, path, violation_count)
# Create an issue for manual review
Issue.create!(
project: project,
title: "Suggested Path Rule",
description: "Path '#{path}' has #{violation_count} violations in 1 hour",
severity: "low",
metadata: {
type: "path_rule",
path: path,
violation_count: violation_count,
suggested_action: "block"
}
)
end
def suggest_user_agent_rule(project, user_agent, violation_count)
# Create an issue for manual review
Issue.create!(
project: project,
title: "Suggested User Agent Rule",
description: "User Agent '#{user_agent}' has #{violation_count} violations in 1 hour",
severity: "low",
metadata: {
type: "user_agent_rule",
user_agent: user_agent,
violation_count: violation_count,
suggested_action: "block"
}
)
end
def suggest_parameter_rule(project, param_name, param_value, violation_count)
# Create an issue for manual review
Issue.create!(
project: project,
title: "Suggested Parameter Rule",
description: "Parameter '#{param_name}' with suspicious values has #{violation_count} violations",
severity: "medium",
metadata: {
type: "parameter_rule",
param_name: param_name,
param_value: param_value,
violation_count: violation_count,
suggested_action: "block"
}
)
end
def contains_attack_pattern?(value)
# Common attack patterns
attack_patterns = [
/<script/i, # XSS
/union.*select/i, # SQL injection
/\.\./, # Directory traversal
/\/etc\/passwd/i, # File inclusion
/cmd\.exe/i, # Command injection
/eval\(/i, # Code injection
/javascript:/i, # JavaScript protocol
/onload=/i, # Event handler injection
]
attack_patterns.any? { |pattern| value.match?(pattern) }
end
end

126
app/jobs/process_waf_analytics_job.rb Normal file
View File

@@ -0,0 +1,126 @@
# frozen_string_literal: true
class ProcessWafAnalyticsJob < ApplicationJob
queue_as :waf_analytics
def perform(project_id:, event_id:)
project = Project.find(project_id)
event = Event.find(event_id)
# Analyze event patterns
analyze_traffic_patterns(project, event)
analyze_geographic_distribution(project, event)
analyze_attack_vectors(project, event)
# Update project analytics cache
update_project_analytics(project)
rescue => e
Rails.logger.error "Error processing WAF analytics: #{e.message}"
Rails.logger.error e.backtrace.join("\n")
end
private
def analyze_traffic_patterns(project, event)
# Look for unusual traffic spikes
recent_events = project.events.where(timestamp: 5.minutes.ago..Time.current)
if recent_events.count > project.rate_limit_threshold * 5
# High traffic detected - create an issue
Issue.create!(
project: project,
title: "High Traffic Spike Detected",
description: "Detected #{recent_events.count} requests in the last 5 minutes",
severity: "medium",
event_id: event.id,
metadata: {
event_count: recent_events.count,
time_window: "5 minutes",
threshold: project.rate_limit_threshold * 5
}
)
end
end
def analyze_geographic_distribution(project, event)
return unless event.country_code.present?
# Check if this country is unusual for this project
country_events = project.events
.where(country_code: event.country_code)
.where(timestamp: 1.hour.ago..Time.current)
# If this is the first event from this country or unusual spike
if country_events.count == 1 || country_events.count > 100
Rails.logger.info "Unusual geographic activity from #{event.country_code} for project #{project.slug}"
end
end
def analyze_attack_vectors(project, event)
return unless event.blocked?
# Analyze common attack patterns
analyze_ip_reputation(project, event)
analyze_user_agent_patterns(project, event)
analyze_path_attacks(project, event)
end
def analyze_ip_reputation(project, event)
return unless event.ip_address.present?
# Count recent blocks from this IP
recent_blocks = project.events
.by_ip(event.ip_address)
.blocked
.where(timestamp: 1.hour.ago..Time.current)
if recent_blocks.count >= 5
# Suggest automatic IP block
project.add_ip_rule(
event.ip_address,
'block',
expires_at: 24.hours.from_now,
reason: "Automated block: #{recent_blocks.count} violations in 1 hour"
)
end
end
def analyze_user_agent_patterns(project, event)
return unless event.user_agent.present?
# Look for common bot/user agent patterns
suspicious_patterns = [
/bot/i, /crawler/i, /spider/i, /scanner/i,
/python/i, /curl/i, /wget/i, /nmap/i
]
if suspicious_patterns.any? { |pattern| event.user_agent.match?(pattern) }
# Log suspicious user agent for potential rule generation
Rails.logger.info "Suspicious user agent detected: #{event.user_agent}"
end
end
def analyze_path_attacks(project, event)
return unless event.request_path.present?
# Look for common attack paths
attack_patterns = [
/\.\./, # Directory traversal
/admin/i, # Admin panel access
/wp-admin/i, # WordPress admin
/\.php/i, # PHP files
/union.*select/i, # SQL injection
/script.*>/i # XSS attempts
]
if attack_patterns.any? { |pattern| event.request_path.match?(pattern) }
Rails.logger.info "Potential attack path detected: #{event.request_path}"
end
end
def update_project_analytics(project)
# Update cached analytics for faster dashboard loading
Rails.cache.delete("project_#{project.id}_analytics")
end
end

52
app/jobs/process_waf_event_job.rb Normal file
View File

@@ -0,0 +1,52 @@
# frozen_string_literal: true
class ProcessWafEventJob < ApplicationJob
queue_as :waf_events
def perform(project_id:, event_data:, headers:)
project = Project.find(project_id)
# Handle both single event and events array
events_to_process = []
if event_data.key?('events') && event_data['events'].is_a?(Array)
# Multiple events in an array
events_to_process = event_data['events']
elsif event_data.key?('event_id')
# Single event
events_to_process = [event_data]
else
Rails.logger.warn "Invalid event data format: missing event_id or events array"
return
end
events_to_process.each do |single_event_data|
begin
# Generate unique event ID if not provided
event_id = single_event_data['event_id'] || SecureRandom.uuid
# Create the WAF event record
event = Event.create_from_waf_payload!(event_id, single_event_data, project)
# Trigger analytics processing
ProcessWafAnalyticsJob.perform_later(project_id: project_id, event_id: event.id)
# Check for automatic rule generation opportunities
GenerateWafRulesJob.perform_later(project_id: project_id, event_id: event.id)
Rails.logger.info "Processed WAF event #{event_id} for project #{project.slug}"
rescue ActiveRecord::RecordInvalid => e
Rails.logger.error "Failed to create WAF event: #{e.message}"
Rails.logger.error e.record.errors.full_messages.join(", ")
rescue => e
Rails.logger.error "Error processing WAF event: #{e.message}"
Rails.logger.error e.backtrace.join("\n")
end
end
# Broadcast real-time updates once per batch
project.broadcast_events_refresh
Rails.logger.info "Processed #{events_to_process.count} WAF events for project #{project.slug}"
end
end

4
app/mailers/application_mailer.rb Normal file
View File

@@ -0,0 +1,4 @@
class ApplicationMailer < ActionMailer::Base
default from: "from@example.com"
layout "mailer"
end

3
app/models/application_record.rb Normal file
View File

@@ -0,0 +1,3 @@
class ApplicationRecord < ActiveRecord::Base
primary_abstract_class
end

0
app/models/concerns/.keep Normal file
View File

16
app/models/current.rb Normal file
View File

@@ -0,0 +1,16 @@
# frozen_string_literal: true
class Current < ActiveSupport::CurrentAttributes
attribute :baffle_host
attribute :baffle_internal_host
attribute :project
attribute :ip
def self.baffle_host
@baffle_host || ENV.fetch("BAFFLE_HOST", "localhost:3000")
end
def self.baffle_internal_host
@baffle_internal_host || ENV.fetch("BAFFLE_INTERNAL_HOST", nil)
end
end

287
app/models/event.rb Normal file
View File

@@ -0,0 +1,287 @@
# frozen_string_literal: true
class Event < ApplicationRecord
belongs_to :project
# Normalized association for hosts (most valuable compression)
belongs_to :request_host, optional: true
# Enums for fixed value sets
enum :waf_action, {
allow: 0, # allow/pass
deny: 1, # deny/block
redirect: 2, # redirect
challenge: 3 # challenge (future implementation)
}, default: :allow, scopes: false
enum :request_method, {
get: 0, # GET
post: 1, # POST
put: 2, # PUT
patch: 3, # PATCH
delete: 4, # DELETE
head: 5, # HEAD
options: 6 # OPTIONS
}, default: :get, scopes: false
# Serialize segment IDs as array for easy manipulation in Railssqit
serialize :request_segment_ids, type: Array, coder: JSON
validates :event_id, presence: true, uniqueness: true
validates :timestamp, presence: true
scope :recent, -> { order(timestamp: :desc) }
scope :by_ip, ->(ip) { where(ip_address: ip) }
scope :by_user_agent, ->(user_agent) { where(user_agent: user_agent) }
scope :by_waf_action, ->(waf_action) { where(waf_action: waf_action) }
scope :blocked, -> { where(waf_action: ['block', 'deny']) }
scope :allowed, -> { where(waf_action: ['allow', 'pass']) }
scope :rate_limited, -> { where(waf_action: 'rate_limit') }
# Path prefix matching using range queries (uses B-tree index efficiently)
scope :with_path_prefix, ->(prefix_segment_ids) {
return none if prefix_segment_ids.blank?
# Use range queries instead of LIKE for index usage
# Example: [1,2] prefix matches [1,2], [1,2,3], [1,2,3,4], etc.
prefix_str = prefix_segment_ids.to_json # "[1,2]"
# For exact match: request_segment_ids = "[1,2]"
# For prefix match: "[1,2," <= request_segment_ids < "[1,3,"
# This works because JSON arrays sort lexicographically
# Build the range upper bound by incrementing last segment ID
upper_prefix = prefix_segment_ids[0..-2] + [prefix_segment_ids.last + 1]
upper_str = upper_prefix.to_json
lower_prefix_str = "#{prefix_str[0..-2]}," # "[1,2," - matches longer paths
# Use raw SQL to bypass serializer (it expects Array but we're comparing strings)
where("request_segment_ids = ? OR (request_segment_ids >= ? AND request_segment_ids < ?)",
prefix_str, lower_prefix_str, upper_str)
}
# Path depth queries
scope :path_depth, ->(depth) {
where("json_array_length(request_segment_ids) = ?", depth)
}
scope :path_depth_greater_than, ->(depth) {
where("json_array_length(request_segment_ids) > ?", depth)
}
# Helper methods
def path_depth
request_segment_ids&.length || 0
end
def reconstructed_path
return request_path if request_segment_ids.blank?
segments = PathSegment.where(id: request_segment_ids).index_by(&:id)
'/' + request_segment_ids.map { |id| segments[id]&.segment }.compact.join('/')
end
# Extract key fields from payload before saving
before_validation :extract_fields_from_payload
# Normalize event fields after extraction
after_validation :normalize_event_fields, if: :should_normalize?
def self.create_from_waf_payload!(event_id, payload, project)
# Create the WAF request event
create!(
project: project,
event_id: event_id,
timestamp: parse_timestamp(payload["timestamp"]),
payload: payload,
# WAF-specific fields
ip_address: payload.dig("request", "ip"),
user_agent: payload.dig("request", "headers", "User-Agent"),
request_method: payload.dig("request", "method")&.downcase,
request_path: payload.dig("request", "path"),
request_url: payload.dig("request", "url"),
request_protocol: payload.dig("request", "protocol"),
response_status: payload.dig("response", "status_code"),
response_time_ms: payload.dig("response", "duration_ms"),
waf_action: normalize_action(payload["waf_action"]), # Normalize incoming action values
rule_matched: payload["rule_matched"],
blocked_reason: payload["blocked_reason"],
# Server/Environment info
server_name: payload["server_name"],
environment: payload["environment"],
# Geographic data
country_code: payload.dig("geo", "country_code"),
city: payload.dig("geo", "city"),
# WAF agent info
agent_version: payload.dig("agent", "version"),
agent_name: payload.dig("agent", "name")
)
end
def self.normalize_action(action)
return "allow" if action.nil? || action.blank?
case action.to_s.downcase
when "allow", "pass", "allowed"
"allow"
when "deny", "block", "blocked", "deny_access"
"deny"
when "challenge"
"challenge"
when "redirect"
"redirect"
else
Rails.logger.warn "Unknown action '#{action}', defaulting to 'allow'"
"allow"
end
end
def self.parse_timestamp(timestamp)
case timestamp
when String
Time.parse(timestamp)
when Numeric
# Sentry timestamps can be in seconds with decimals
Time.at(timestamp)
when Time
timestamp
else
Time.current
end
rescue => e
Rails.logger.error "Failed to parse timestamp #{timestamp}: #{e.message}"
Time.current
end
def request_details
return {} unless payload.present?
request_data = payload.dig("request") || {}
{
ip: request_data["ip"],
method: request_data["method"],
path: request_data["path"],
url: request_data["url"],
protocol: request_data["protocol"],
headers: request_data["headers"] || {},
query: request_data["query"] || {},
body_size: request_data["body_size"]
}
end
def response_details
return {} unless payload.present?
response_data = payload.dig("response") || {}
{
status_code: response_data["status_code"],
duration_ms: response_data["duration_ms"],
size: response_data["size"]
}
end
def geo_details
return {} unless payload.present?
payload.dig("geo") || {}
end
def tags
payload&.dig("tags") || {}
end
def headers
payload&.dig("request", "headers") || {}
end
def query_params
payload&.dig("request", "query") || {}
end
def blocked?
waf_action.in?(['block', 'deny'])
end
def allowed?
waf_action.in?(['allow', 'pass'])
end
def rate_limited?
waf_action == 'rate_limit'
end
def challenged?
waf_action == 'challenge'
end
def rule_matched?
rule_matched.present?
end
# New path methods for normalization
def path_segments
return [] unless request_path.present?
request_path.split('/').reject(&:blank?)
end
def path_segments_array
@path_segments_array ||= path_segments
end
def request_hostname
return nil unless request_url.present?
URI.parse(request_url).hostname rescue nil
end
private
def should_normalize?
request_host_id.nil? || request_segment_ids.blank?
end
def normalize_event_fields
EventNormalizer.normalize_event!(self)
rescue => e
Rails.logger.error "Failed to normalize event #{id}: #{e.message}"
end
def extract_fields_from_payload
return unless payload.present?
# Extract WAF-specific fields for direct querying
request_data = payload.dig("request") || {}
response_data = payload.dig("response") || {}
self.ip_address = request_data["ip"]
self.user_agent = request_data.dig("headers", "User-Agent")
self.request_path = request_data["path"]
self.request_url = request_data["url"]
self.response_status = response_data["status_code"]
self.response_time_ms = response_data["duration_ms"]
self.rule_matched = payload["rule_matched"]
self.blocked_reason = payload["blocked_reason"]
# Store original values for normalization (these will be normalized to IDs)
@raw_request_method = request_data["method"]
@raw_request_protocol = request_data["protocol"]
@raw_action = payload["waf_action"]
# Extract server/environment info
self.server_name = payload["server_name"]
self.environment = payload["environment"]
# Extract geographic data
geo_data = payload.dig("geo") || {}
self.country_code = geo_data["country_code"]
self.city = geo_data["city"]
# Extract agent info
agent_data = payload.dig("agent") || {}
self.agent_version = agent_data["version"]
self.agent_name = agent_data["name"]
end
end

97
app/models/issue.rb Normal file
View File

@@ -0,0 +1,97 @@
# frozen_string_literal: true
class Issue < ApplicationRecord
belongs_to :project
has_many :events, dependent: :nullify
enum :status, { open: 0, resolved: 1, ignored: 2 }
validates :title, presence: true
scope :recent, -> { order(last_seen: :desc) }
scope :by_frequency, -> { order(count: :desc) }
# Callbacks for email notifications
after_create :notify_new_issue, if: :should_notify_new_issue?
after_update :notify_issue_reopened, if: :was_reopened?
# Real-time updates
after_create_commit do
broadcast_refresh_to(project)
end
after_update_commit do
broadcast_refresh # Refreshes the issue show page
broadcast_refresh_to(project, "issues") # Refreshes the project's issues index
end
def self.group_event(event_payload, project)
fingerprint = generate_fingerprint(event_payload)
find_or_create_by(project: project, fingerprint: fingerprint) do |issue|
issue.title = extract_title(event_payload)
issue.exception_type = extract_exception_type(event_payload)
issue.first_seen = Time.current
issue.last_seen = Time.current
issue.status = :open
end
end
def self.generate_fingerprint(payload)
# Use Sentry's fingerprint if provided
if payload["fingerprint"].present?
payload["fingerprint"].join("::")
else
# Generate from exception type + location
type = payload.dig("exception", "values", 0, "type")
file = payload.dig("exception", "values", 0, "stacktrace", "frames", -1, "filename")
line = payload.dig("exception", "values", 0, "stacktrace", "frames", -1, "lineno")
# Fallback to message if no exception
if type.blank?
message = payload["message"] || "Unknown Error"
Digest::MD5.hexdigest(message)
else
"#{type}::#{file}::#{line}"
end
end
end
def self.extract_title(payload)
payload.dig("exception", "values", 0, "value") ||
payload["message"] ||
payload.dig("exception", "values", 0, "type") ||
"Unknown Error"
end
def self.extract_exception_type(payload)
payload.dig("exception", "values", 0, "type")
end
def record_event!(timestamp: Time.current)
update!(
count: count + 1,
last_seen: timestamp
)
end
private
def notify_new_issue
IssueMailer.new_issue(self).deliver_later
end
def notify_issue_reopened
IssueMailer.issue_reopened(self).deliver_later
end
def should_notify_new_issue?
# Only notify for new issues in production environment or if explicitly enabled
Rails.env.production? || ENV['SPLAT_EMAIL_NOTIFICATIONS'] == 'true'
end
def was_reopened?
# Check if status changed from resolved to open
saved_change_to_status?(from: 1, to: 0) # resolved=1, open=0
end
end

63
app/models/network_range.rb Normal file
View File

@@ -0,0 +1,63 @@
class NetworkRange < ApplicationRecord
validates :ip_address, presence: true
validates :network_prefix, presence: true, numericality: {greater_than_or_equal_to: 0, less_than_or_equal_to: 128}
validates :ip_version, presence: true, inclusion: {in: [4, 6]}
# Convenience methods for JSON fields
def abuser_scores_hash
abuser_scores ? JSON.parse(abuser_scores) : {}
end
def abuser_scores_hash=(hash)
self.abuser_scores = hash.to_json
end
def additional_data_hash
additional_data ? JSON.parse(additional_data) : {}
end
def additional_data_hash=(hash)
self.additional_data = hash.to_json
end
# Scope methods for common queries
scope :ipv4, -> { where(ip_version: 4) }
scope :ipv6, -> { where(ip_version: 6) }
scope :datacenter, -> { where(is_datacenter: true) }
scope :proxy, -> { where(is_proxy: true) }
scope :vpn, -> { where(is_vpn: true) }
scope :by_country, ->(country) { where(ip_api_country: country) }
scope :by_company, ->(company) { where(company: company) }
scope :by_asn, ->(asn) { where(asn: asn) }
# Find network ranges that contain a specific IP address
def self.contains_ip(ip_string)
ip_bytes = IPAddr.new(ip_string).hton
version = ip_string.include?(":") ? 6 : 4
where(ip_version: version).select do |range|
range.contains_ip_bytes?(ip_bytes)
end
end
def contains_ip?(ip_string)
contains_ip_bytes?(IPAddr.new(ip_string).hton)
end
def to_s
"#{ip_address_to_s}/#{network_prefix}"
end
private
def contains_ip_bytes?(ip_bytes)
# This is a simplified version - you'll need proper network math here
# For now, just check if the IP matches exactly
ip_address == ip_bytes
end
def ip_address_to_s
# Convert binary IP back to string representation
IPAddr.ntop(ip_address)
end
end

17
app/models/path_segment.rb Normal file
View File

@@ -0,0 +1,17 @@
class PathSegment < ApplicationRecord
validates :segment, presence: true, uniqueness: true
validates :usage_count, presence: true, numericality: { greater_than: 0 }
# Class method to find or create a segment
def self.find_or_create_segment(segment)
find_or_create_by(segment: segment) do |path_segment|
path_segment.usage_count = 1
path_segment.first_seen_at = Time.current
end
end
# Increment usage count
def increment_usage!
increment!(:usage_count)
end
end

211
app/models/project.rb Normal file
View File

@@ -0,0 +1,211 @@
# frozen_string_literal: true
class Project < ApplicationRecord
has_many :events, dependent: :destroy
validates :name, presence: true
validates :slug, presence: true, uniqueness: true
validates :public_key, presence: true, uniqueness: true
scope :by_slug, ->(slug) { where(slug: slug) }
scope :by_public_key, ->(key) { where(public_key: key) }
scope :enabled, -> { where(enabled: true) }
before_validation :generate_slug, if: :name?
before_validation :generate_public_key, if: -> { public_key.blank? }
before_validation :set_default_settings, if: -> { settings.blank? }
def broadcast_events_refresh
# Broadcast to the events stream for this project
broadcast_refresh_to(self, "events")
end
def broadcast_rules_refresh
# Broadcast to the rules stream for this project (for future rule management UI)
broadcast_refresh_to(self, "rules")
end
def self.find_by_dsn(dsn)
# Parse DSN: https://public_key@host/project_id
return nil unless dsn.present?
# Extract public_key from DSN
match = dsn.match(/https?:\/\/([^@]+)@/)
return nil unless match
public_key = match[1]
find_by(public_key: public_key)
end
def self.find_by_project_id(project_id)
# Try slug first (nicer URLs), then fall back to ID
find_by(slug: project_id.to_s) || find_by(id: project_id.to_i)
end
def dsn
host = Current.baffle_host || "localhost:3000"
protocol = host.include?("localhost") ? "http" : "https"
"#{protocol}://#{public_key}@#{host}/#{slug}"
end
def internal_dsn
return nil unless Current.baffle_internal_host.present?
host = Current.baffle_internal_host
protocol = "http" # Internal connections use HTTP
"#{protocol}://#{public_key}@#{host}/#{slug}"
end
# WAF Analytics Methods
def recent_events(limit: 100)
events.recent.limit(limit)
end
def recent_blocked_events(limit: 100)
events.blocked.recent.limit(limit)
end
def recent_rate_limited_events(limit: 100)
events.rate_limited.recent.limit(limit)
end
def top_blocked_ips(limit: 10, time_range: 1.hour.ago)
events.blocked
.where(timestamp: time_range)
.group(:ip_address)
.select('ip_address, COUNT(*) as count')
.order('count DESC')
.limit(limit)
end
def event_count(time_range = nil)
if time_range
events.where(timestamp: time_range).count
else
events.count
end
end
def blocked_count(time_range = nil)
if time_range
events.blocked.where(timestamp: time_range).count
else
events.blocked.count
end
end
def allowed_count(time_range = nil)
if time_range
events.allowed.where(timestamp: time_range).count
else
events.allowed.count
end
end
# Helper method to parse settings safely
def parsed_settings
if settings.is_a?(String)
JSON.parse(settings || '{}')
else
settings || {}
end
rescue JSON::ParserError
{}
end
# WAF Configuration Methods
def rate_limit_enabled?
parsed_settings.dig('rate_limiting', 'enabled') != false
end
def rate_limit_threshold
parsed_settings.dig('rate_limiting', 'threshold') || 100
end
def custom_rules_enabled?
parsed_settings.dig('custom_rules', 'enabled') == true
end
def block_by_country_enabled?
parsed_settings.dig('geo_blocking', 'enabled') == true
end
def blocked_countries
parsed_settings.dig('geo_blocking', 'blocked_countries') || []
end
def block_datacenters_enabled?
parsed_settings.dig('datacenter_blocking', 'enabled') == true
end
# WAF Rule Management
def add_ip_rule(ip_address, action, expires_at: nil, reason: nil)
# This will integrate with the IP rules storage system
# For now, store in settings as a temporary solution
current_settings = parsed_settings
ip_rules = current_settings['ip_rules'] || {}
ip_rules[ip_address] = {
action: action,
expires_at: expires_at&.iso8601,
reason: reason,
created_at: Time.current.iso8601
}
update(settings: current_settings.merge('ip_rules' => ip_rules))
end
def remove_ip_rule(ip_address)
current_settings = parsed_settings
ip_rules = current_settings['ip_rules'] || {}
ip_rules.delete(ip_address)
update(settings: current_settings.merge('ip_rules' => ip_rules))
end
def blocked_ips
ip_rules = parsed_settings['ip_rules'] || {}
ip_rules.select { |_ip, rule| rule['action'] == 'block' }.keys
end
def waf_status
return 'disabled' unless enabled?
return 'active' if events.where(timestamp: 1.hour.ago..).exists?
'idle'
end
private
def generate_slug
self.slug = name&.parameterize&.downcase
end
def generate_public_key
# Generate a random 32-character hex string for WAF authentication
self.public_key = SecureRandom.hex(16)
end
def set_default_settings
self.settings = {
'rate_limiting' => {
'enabled' => true,
'threshold' => 100, # requests per minute
'window' => 60 # seconds
},
'geo_blocking' => {
'enabled' => false,
'blocked_countries' => []
},
'datacenter_blocking' => {
'enabled' => false,
'allow_known_datacenters' => true
},
'custom_rules' => {
'enabled' => false,
'rules' => []
},
'ip_rules' => {},
'challenge' => {
'enabled' => true,
'provider' => 'recaptcha'
}
}
end
end

19
app/models/request_host.rb Normal file
View File

@@ -0,0 +1,19 @@
class RequestHost < ApplicationRecord
validates :hostname, presence: true, uniqueness: true
validates :usage_count, presence: true, numericality: { greater_than: 0 }
has_many :events, dependent: :nullify
# Class method to find or create a host
def self.find_or_create_host(hostname)
find_or_create_by(hostname: hostname) do |host|
host.usage_count = 1
host.first_seen_at = Time.current
end
end
# Increment usage count
def increment_usage!
increment!(:usage_count)
end
end

126
app/models/rule.rb Normal file
View File

@@ -0,0 +1,126 @@
# frozen_string_literal: true
class Rule < ApplicationRecord
belongs_to :rule_set
validates :rule_type, presence: true, inclusion: { in: RuleSet::RULE_TYPES }
validates :target, presence: true
validates :action, presence: true, inclusion: { in: RuleSet::ACTIONS }
validates :priority, presence: true, numericality: { greater_than: 0 }
scope :enabled, -> { where(enabled: true) }
scope :by_priority, -> { order(priority: :desc, created_at: :desc) }
scope :expired, -> { where("expires_at < ?", Time.current) }
scope :not_expired, -> { where("expires_at IS NULL OR expires_at > ?", Time.current) }
# Check if rule is currently active
def active?
enabled? && (expires_at.nil? || expires_at > Time.current)
end
# Check if rule matches given request context
def matches?(context)
return false unless active?
case rule_type
when 'ip'
match_ip_rule?(context)
when 'cidr'
match_cidr_rule?(context)
when 'path'
match_path_rule?(context)
when 'user_agent'
match_user_agent_rule?(context)
when 'parameter'
match_parameter_rule?(context)
when 'method'
match_method_rule?(context)
when 'country'
match_country_rule?(context)
else
false
end
end
def to_waf_format
{
id: id,
type: rule_type,
target: target,
action: action,
conditions: conditions || {},
priority: priority,
expires_at: expires_at,
active: active?
}
end
private
def match_ip_rule?(context)
return false unless context[:ip_address]
target == context[:ip_address]
end
def match_cidr_rule?(context)
return false unless context[:ip_address]
begin
range = IPAddr.new(target)
range.include?(context[:ip_address])
rescue IPAddr::InvalidAddressError
false
end
end
def match_path_rule?(context)
return false unless context[:request_path]
# Support exact match and regex patterns
if conditions&.dig('regex') == true
Regexp.new(target).match?(context[:request_path])
else
context[:request_path].start_with?(target)
end
end
def match_user_agent_rule?(context)
return false unless context[:user_agent]
# Support exact match and regex patterns
if conditions&.dig('regex') == true
Regexp.new(target, Regexp::IGNORECASE).match?(context[:user_agent])
else
context[:user_agent].downcase.include?(target.downcase)
end
end
def match_parameter_rule?(context)
return false unless context[:query_params]
param_name = conditions&.dig('parameter_name') || target
param_value = context[:query_params][param_name]
return false unless param_value
# Check if parameter value matches pattern
if conditions&.dig('regex') == true
Regexp.new(target, Regexp::IGNORECASE).match?(param_value.to_s)
else
param_value.to_s.downcase.include?(target.downcase)
end
end
def match_method_rule?(context)
return false unless context[:request_method]
target.upcase == context[:request_method].upcase
end
def match_country_rule?(context)
return false unless context[:country_code]
target.upcase == context[:country_code].upcase
end
end

108
app/models/rule_set.rb Normal file
View File

@@ -0,0 +1,108 @@
# frozen_string_literal: true
class RuleSet < ApplicationRecord
has_many :rules, dependent: :destroy
validates :name, presence: true, uniqueness: true
validates :slug, presence: true, uniqueness: true
scope :enabled, -> { where(enabled: true) }
scope :by_priority, -> { order(priority: :desc, created_at: :desc) }
before_validation :generate_slug, if: :name?
before_validation :set_default_values
# Rule Types
RULE_TYPES = %w[ip cidr path user_agent parameter method rate_limit country].freeze
ACTIONS = %w[allow deny challenge rate_limit].freeze
def to_waf_rules
return [] unless enabled?
rules.enabled.by_priority.map do |rule|
{
id: rule.id,
type: rule.rule_type,
target: rule.target,
action: rule.action,
conditions: rule.conditions,
priority: rule.priority,
expires_at: rule.expires_at
}
end
end
def add_rule(rule_type, target, action, conditions: {}, expires_at: nil, priority: 100)
rules.create!(
rule_type: rule_type,
target: target,
action: action,
conditions: conditions,
expires_at: expires_at,
priority: priority
)
end
def remove_rule(rule_id)
rules.find(rule_id).destroy
end
def block_ip(ip_address, expires_at: nil, reason: nil)
add_rule('ip', ip_address, 'deny', expires_at: expires_at, priority: 1000)
end
def allow_ip(ip_address, expires_at: nil)
add_rule('ip', ip_address, 'allow', expires_at: expires_at, priority: 1000)
end
def block_cidr(cidr, expires_at: nil, reason: nil)
add_rule('cidr', cidr, 'deny', expires_at: expires_at, priority: 900)
end
def block_path(path, conditions: {}, expires_at: nil)
add_rule('path', path, 'deny', conditions: conditions, expires_at: expires_at, priority: 500)
end
def block_user_agent(user_agent_pattern, expires_at: nil)
add_rule('user_agent', user_agent_pattern, 'deny', expires_at: expires_at, priority: 600)
end
def push_to_agents!
# This would integrate with the agent distribution system
Rails.logger.info "Pushing rule set '#{name}' with #{rules.count} rules to agents"
# Broadcast update to connected projects
projects = Project.where(id: projects_subscription || [])
projects.each(&:broadcast_rules_refresh)
end
def active_projects
return Project.none unless projects_subscription.present?
Project.where(id: projects_subscription).enabled
end
def subscribe_project(project)
subscriptions = projects_subscription || []
subscriptions << project.id unless subscriptions.include?(project.id)
update(projects_subscription: subscriptions.uniq)
end
def unsubscribe_project(project)
subscriptions = projects_subscription || []
subscriptions.delete(project.id)
update(projects_subscription: subscriptions)
end
private
def generate_slug
self.slug = name&.parameterize&.downcase
end
def set_default_values
self.enabled = true if enabled.nil?
self.priority = 100 if priority.nil?
self.projects_subscription = [] if projects_subscription.nil?
end
end

81
app/services/dsn_authentication_service.rb Normal file
View File

@@ -0,0 +1,81 @@
# frozen_string_literal: true
class DsnAuthenticationService
class AuthenticationError < StandardError; end
def self.authenticate(request, project_id)
# Try multiple authentication methods in order of preference
# Method 1: Query parameter authentication
public_key = extract_key_from_query_params(request)
return find_project(public_key, project_id) if public_key
# Method 2: X-Baffle-Auth header (similar to X-Sentry-Auth)
public_key = extract_key_from_baffle_auth_header(request)
return find_project(public_key, project_id) if public_key
# Method 3: Authorization Bearer token
public_key = extract_key_from_authorization_header(request)
return find_project(public_key, project_id) if public_key
# Method 4: Basic auth (username is the public_key)
public_key = extract_key_from_basic_auth(request)
return find_project(public_key, project_id) if public_key
raise AuthenticationError, "No valid authentication method found"
end
private
def self.extract_key_from_query_params(request)
# Support both baffle_key and sentry_key for compatibility
request.GET['baffle_key'] || request.GET['sentry_key'] || request.GET['glitchtip_key']
end
def self.extract_key_from_baffle_auth_header(request)
auth_header = request.headers['X-Baffle-Auth'] || request.headers['X-Sentry-Auth']
return nil unless auth_header
# Parse: Baffle baffle_key=public_key, baffle_version=1
# Or: Sentry sentry_key=public_key, sentry_version=7
match = auth_header.match(/(?:baffle_key|sentry_key)=([^,\s]+)/)
match&.[](1)
end
def self.extract_key_from_authorization_header(request)
authorization_header = request.headers['Authorization']
return nil unless authorization_header
# Parse: Bearer public_key
if authorization_header.start_with?('Bearer ')
authorization_header[7..-1].strip
end
end
def self.extract_key_from_basic_auth(request)
authorization_header = request.headers['Authorization']
return nil unless authorization_header&.start_with?('Basic ')
# Decode basic auth: username:password (password is ignored)
credentials = Base64.decode64(authorization_header[6..-1])
username = credentials.split(':').first
username
end
def self.find_project(public_key, project_id)
return nil unless public_key.present? && project_id.present?
# Find project by public_key first
project = Project.find_by(public_key: public_key)
raise AuthenticationError, "Invalid public_key" unless project
# Verify project_id matches (supports both slug and ID)
project_matches = Project.find_by_project_id(project_id)
raise AuthenticationError, "Invalid project_id" unless project_matches == project
# Ensure project is enabled
raise AuthenticationError, "Project is disabled" unless project.enabled?
project
end
end

122
app/services/event_normalizer.rb Normal file
View File

@@ -0,0 +1,122 @@
# frozen_string_literal: true
class EventNormalizer
class NormalizationError < StandardError; end
# Normalize an event by populating all the normalized fields
def self.normalize_event!(event)
normalizer = new(event)
normalizer.normalize!
event
end
def initialize(event)
@event = event
end
def normalize!
return unless @event.present?
normalize_host
normalize_action
normalize_method
normalize_protocol
normalize_path_segments
end
private
def normalize_host
hostname = extract_hostname
return unless hostname
host = RequestHost.find_or_create_host(hostname)
host.increment_usage! unless host.new_record?
@event.request_host = host
end
def normalize_action
raw_action = @event.instance_variable_get(:@raw_action)
return unless raw_action.present?
action_enum = case raw_action.to_s.downcase
when 'allow', 'pass' then :allow
when 'deny', 'block' then :deny
when 'challenge' then :challenge
when 'redirect' then :redirect
else :allow
end
@event.action = action_enum
end
def normalize_method
raw_method = @event.instance_variable_get(:@raw_request_method)
return unless raw_method.present?
method_enum = case raw_method.to_s.upcase
when 'GET' then :get
when 'POST' then :post
when 'PUT' then :put
when 'PATCH' then :patch
when 'DELETE' then :delete
when 'HEAD' then :head
when 'OPTIONS' then :options
else :get
end
@event.request_method = method_enum
end
def normalize_protocol
raw_protocol = @event.instance_variable_get(:@raw_request_protocol)
return unless raw_protocol.present?
# Store the protocol directly (HTTP/1.1, HTTP/2, etc.)
# Could normalize to enum if needed, but keeping as string for flexibility
@event.request_protocol = raw_protocol
end
def normalize_path_segments
segments = @event.path_segments_array
return if segments.empty?
segment_ids = segments.map do |segment|
path_segment = PathSegment.find_or_create_segment(segment)
path_segment.increment_usage! unless path_segment.new_record?
path_segment.id
end
@event.request_segment_ids = segment_ids
end
def extract_hostname
# Try to extract hostname from various sources
return @event.request_hostname if @event.respond_to?(:request_hostname)
# Extract from request URL if available
if @event.request_url.present?
begin
uri = URI.parse(@event.request_url)
return uri.hostname
rescue URI::InvalidURIError
nil
end
end
# Extract from payload as fallback
if @event.payload.present?
url = @event.payload.dig("request", "url")
if url.present?
begin
uri = URI.parse(url)
return uri.hostname
rescue URI::InvalidURIError
nil
end
end
end
nil
end
end

112
app/views/events/index.html.erb Normal file
View File

@@ -0,0 +1,112 @@
<div class="d-flex justify-content-between align-items-center mb-4">
<h1><%= @project.name %> - Events</h1>
<div>
<%= link_to "← Back to Project", @project, class: "btn btn-secondary" %>
<%= link_to "Analytics", analytics_project_path(@project), class: "btn btn-info" %>
</div>
</div>
<!-- Filters -->
<div class="card mb-4">
<div class="card-header">
<h5>Filters</h5>
</div>
<div class="card-body">
<%= form_with url: project_events_path(@project), method: :get, local: true, class: "row g-3" do |form| %>
<div class="col-md-3">
<%= form.label :ip, "IP Address", class: "form-label" %>
<%= form.text_field :ip, value: params[:ip], class: "form-control", placeholder: "Filter by IP" %>
</div>
<div class="col-md-3">
<%= form.label :waf_action, "Action", class: "form-label" %>
<%= form.select :waf_action,
options_for_select([['All', ''], ['Allow', 'allow'], ['Block', 'block'], ['Challenge', 'challenge']], params[:waf_action]),
{}, { class: "form-select" } %>
</div>
<div class="col-md-3">
<%= form.label :country, "Country", class: "form-label" %>
<%= form.text_field :country, value: params[:country], class: "form-control", placeholder: "Country code (e.g. US)" %>
</div>
<div class="col-md-3 d-flex align-items-end">
<%= form.submit "Apply Filters", class: "btn btn-primary me-2" %>
<%= link_to "Clear", project_events_path(@project), class: "btn btn-outline-secondary" %>
</div>
<% end %>
</div>
</div>
<!-- Events Table -->
<div class="card">
<div class="card-header d-flex justify-content-between align-items-center">
<h5>Events (<%= @events.count %>)</h5>
</div>
<div class="card-body">
<% if @events.any? %>
<div class="table-responsive">
<table class="table">
<thead>
<tr>
<th>Time</th>
<th>IP Address</th>
<th>Action</th>
<th>Path</th>
<th>Method</th>
<th>Status</th>
<th>Country</th>
<th>User Agent</th>
</tr>
</thead>
<tbody>
<% @events.each do |event| %>
<tr>
<td><%= event.timestamp.strftime("%Y-%m-%d %H:%M:%S") %></td>
<td><code><%= event.ip_address %></code></td>
<td>
<span class="badge bg-<%= event.blocked? ? 'danger' : event.allowed? ? 'success' : 'warning' %>">
<%= event.waf_action %>
</span>
</td>
<td><code><%= event.request_path %></code></td>
<td><%= event.request_method %></td>
<td><%= event.response_status %></td>
<td>
<% if event.country_code.present? %>
<span class="badge bg-light text-dark"><%= event.country_code %></span>
<% else %>
<span class="text-muted">-</span>
<% end %>
</td>
<td class="text-truncate" style="max-width: 200px;" title="<%= event.user_agent %>">
<%= event.user_agent&.truncate(30) || '-' %>
</td>
</tr>
<% end %>
</tbody>
</table>
</div>
<!-- Pagination -->
<% if @pagy.pages > 1 %>
<div class="d-flex justify-content-center mt-4">
<%== pagy_nav(@pagy) %>
</div>
<div class="text-center text-muted mt-2">
Showing <%= @pagy.from %> to <%= @pagy.to %> of <%= @pagy.count %> events
</div>
<% end %>
<% else %>
<div class="text-center py-5">
<p class="text-muted mb-3">
<% if params[:ip].present? || params[:waf_action].present? || params[:country].present? %>
No events found matching your filters.
<% else %>
No events have been received yet.
<% end %>
</p>
<% if params[:ip].present? || params[:waf_action].present? || params[:country].present? %>
<%= link_to "Clear Filters", project_events_path(@project), class: "btn btn-outline-primary" %>
<% end %>
</div>
<% end %>
</div>
</div>

85
app/views/layouts/application.html.erb Normal file
View File

@@ -0,0 +1,85 @@
<!DOCTYPE html>
<html>
<head>
<title><%= content_for(:title) || "Baffle Hub - WAF Analytics" %></title>
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="application-name" content="Baffle Hub">
<meta name="mobile-web-app-capable" content="yes">
<%= csrf_meta_tags %>
<%= csp_meta_tag %>
<%= yield :head %>
<%# Enable PWA manifest for installable apps (make sure to enable in config/routes.rb too!) %>
<%#= tag.link rel: "manifest", href: pwa_manifest_path(format: :json) %>
<link rel="icon" href="/icon.png" type="image/png">
<link rel="icon" href="/icon.svg" type="image/svg+xml">
<link rel="apple-touch-icon" href="/icon.png">
<!-- Bootstrap CSS -->
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet">
<%# Includes all stylesheet files in app/assets/stylesheets %>
<%= stylesheet_link_tag :app, "data-turbo-track": "reload" %>
<%= javascript_importmap_tags %>
<style>
.badge { font-size: 0.8em; }
code {
background-color: #f8f9fa;
padding: 0.2rem 0.4rem;
border-radius: 0.25rem;
font-size: 0.875em;
}
.navbar-brand {
font-weight: bold;
}
</style>
</head>
<body>
<nav class="navbar navbar-expand-lg navbar-dark bg-dark">
<div class="container">
<%= link_to "Baffle Hub", root_path, class: "navbar-brand" %>
<button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarNav">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbarNav">
<ul class="navbar-nav me-auto">
<li class="nav-item">
<%= link_to "Projects", projects_path, class: "nav-link" %>
</li>
<li class="nav-item">
<%= link_to "Rule Sets", rule_sets_path, class: "nav-link" %>
</li>
</ul>
</div>
</div>
</nav>
<div class="container mt-4">
<% if notice %>
<div class="alert alert-success alert-dismissible fade show" role="alert">
<%= notice %>
<button type="button" class="btn-close" data-bs-dismiss="alert"></button>
</div>
<% end %>
<% if alert %>
<div class="alert alert-danger alert-dismissible fade show" role="alert">
<%= alert %>
<button type="button" class="btn-close" data-bs-dismiss="alert"></button>
</div>
<% end %>
<%= yield %>
</div>
<!-- Bootstrap JS -->
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script>
</body>
</html>

13
app/views/layouts/mailer.html.erb Normal file
View File

@@ -0,0 +1,13 @@
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style>
/* Email styles need to be inline */
</style>
</head>
<body>
<%= yield %>
</body>
</html>

1
app/views/layouts/mailer.text.erb Normal file
View File

@@ -0,0 +1 @@
<%= yield %>

200
app/views/projects/analytics.html.erb Normal file
View File

@@ -0,0 +1,200 @@
<div class="d-flex justify-content-between align-items-center mb-4">
<h1><%= @project.name %> - Analytics</h1>
<div>
<%= link_to "← Back to Project", project_path(@project), class: "btn btn-secondary" %>
</div>
</div>
<!-- Time Range Selector -->
<div class="card mb-4">
<div class="card-header">
<h5>Time Range</h5>
</div>
<div class="card-body">
<%= form_with url: analytics_project_path(@project), method: :get, local: true do |form| %>
<div class="row align-items-end">
<div class="col-md-6">
<%= form.label :time_range, "Time Range", class: "form-label" %>
<%= form.select :time_range,
options_for_select([
["Last Hour", 1],
["Last 6 Hours", 6],
["Last 24 Hours", 24],
["Last 7 Days", 168],
["Last 30 Days", 720]
], @time_range),
{}, class: "form-select" %>
</div>
<div class="col-md-6">
<%= form.submit "Update", class: "btn btn-primary" %>
</div>
</div>
<% end %>
</div>
</div>
<!-- Summary Stats -->
<div class="row mb-4">
<div class="col-md-4">
<div class="card text-center">
<div class="card-body">
<h3 class="text-primary"><%= number_with_delimiter(@total_events) %></h3>
<p class="card-text">Total Events</p>
</div>
</div>
</div>
<div class="col-md-4">
<div class="card text-center">
<div class="card-body">
<h3 class="text-success"><%= number_with_delimiter(@allowed_events) %></h3>
<p class="card-text">Allowed</p>
</div>
</div>
</div>
<div class="col-md-4">
<div class="card text-center">
<div class="card-body">
<h3 class="text-danger"><%= number_with_delimiter(@blocked_events) %></h3>
<p class="card-text">Blocked</p>
</div>
</div>
</div>
</div>
<div class="row">
<!-- Top Blocked IPs -->
<div class="col-md-6">
<div class="card">
<div class="card-header">
<h5>Top Blocked IPs</h5>
</div>
<div class="card-body">
<% if @top_blocked_ips.any? %>
<div class="table-responsive">
<table class="table table-sm">
<thead>
<tr>
<th>IP Address</th>
<th>Blocked Count</th>
</tr>
</thead>
<tbody>
<% @top_blocked_ips.each do |stat| %>
<tr>
<td><code><%= stat.ip_address %></code></td>
<td><%= number_with_delimiter(stat.count) %></td>
</tr>
<% end %>
</tbody>
</table>
</div>
<% else %>
<p class="text-muted">No blocked events in this time range.</p>
<% end %>
</div>
</div>
</div>
<!-- Country Distribution -->
<div class="col-md-6">
<div class="card">
<div class="card-header">
<h5>Top Countries</h5>
</div>
<div class="card-body">
<% if @country_stats.any? %>
<div class="table-responsive">
<table class="table table-sm">
<thead>
<tr>
<th>Country</th>
<th>Events</th>
</tr>
</thead>
<tbody>
<% @country_stats.each do |stat| %>
<tr>
<td><%= stat.country_code || 'Unknown' %></td>
<td><%= number_with_delimiter(stat.count) %></td>
</tr>
<% end %>
</tbody>
</table>
</div>
<% else %>
<p class="text-muted">No country data available.</p>
<% end %>
</div>
</div>
</div>
</div>
<!-- Action Distribution -->
<div class="row mt-4">
<div class="col-md-12">
<div class="card">
<div class="card-header">
<h5>Action Distribution</h5>
</div>
<div class="card-body">
<% if @action_stats.any? %>
<div class="row">
<% @action_stats.each do |stat| %>
<div class="col-md-3 text-center mb-3">
<div class="card">
<div class="card-body">
<h4><%= stat.action.upcase %></h4>
<p class="card-text">
<span class="badge bg-<%=
case stat.action
when 'allow', 'pass' then 'success'
when 'block', 'deny' then 'danger'
when 'challenge' then 'warning'
when 'rate_limit' then 'info'
else 'secondary'
end %>">
<%= number_with_delimiter(stat.count) %>
</span>
</p>
</div>
</div>
</div>
<% end %>
</div>
<% else %>
<p class="text-muted">No action data available.</p>
<% end %>
</div>
</div>
</div>
</div>
<% if @total_events > 0 %>
<div class="row mt-4">
<div class="col-md-12">
<div class="card">
<div class="card-header">
<h5>Block Rate</h5>
</div>
<div class="card-body">
<div class="progress" style="height: 30px;">
<% blocked_percentage = (@blocked_events.to_f / @total_events * 100).round(1) %>
<% allowed_percentage = (@allowed_events.to_f / @total_events * 100).round(1) %>
<div class="progress-bar bg-success" style="width: <%= allowed_percentage %>%">
<%= allowed_percentage %>% Allowed
</div>
<div class="progress-bar bg-danger" style="width: <%= blocked_percentage %>%">
<%= blocked_percentage %>% Blocked
</div>
</div>
</div>
</div>
</div>
</div>
<% end %>
<div class="mt-4">
<%= link_to "View Events", events_project_path(@project), class: "btn btn-primary" %>
<%= link_to "Export Data", "#", class: "btn btn-secondary", onclick: "alert('Export feature coming soon!')" %>
</div>

49
app/views/projects/index.html.erb Normal file
View File

@@ -0,0 +1,49 @@
<h1>Projects</h1>
<%= link_to "New Project", new_project_path, class: "btn btn-primary mb-3" %>
<div class="row">
<% @projects.each do |project| %>
<div class="col-md-6 col-lg-4 mb-4">
<div class="card">
<div class="card-header d-flex justify-content-between align-items-center">
<h5 class="mb-0"><%= project.name %></h5>
<span class="badge <%= project.enabled? ? 'bg-success' : 'bg-secondary' %>">
<%= project.enabled? ? 'Active' : 'Disabled' %>
</span>
</div>
<div class="card-body">
<p class="card-text">
<strong>Status:</strong>
<span class="badge bg-<%= project.waf_status == 'active' ? 'success' : project.waf_status == 'idle' ? 'warning' : 'danger' %>">
<%= project.waf_status %>
</span>
</p>
<p class="card-text">
<strong>Events (24h):</strong> <%= project.event_count(24.hours.ago) %>
</p>
<p class="card-text">
<strong>Blocked (24h):</strong> <%= project.blocked_count(24.hours.ago) %>
</p>
<small class="text-muted">
<strong>DSN:</strong><br>
<code><%= project.dsn %></code>
</small>
</div>
<div class="card-footer">
<%= link_to "View", project_path(project), class: "btn btn-primary btn-sm" %>
<%= link_to "Events", events_project_path(project), class: "btn btn-secondary btn-sm" %>
<%= link_to "Analytics", analytics_project_path(project), class: "btn btn-info btn-sm" %>
</div>
</div>
</div>
<% end %>
</div>
<% if @projects.empty? %>
<div class="text-center my-5">
<h3>No projects yet</h3>
<p>Create your first project to start monitoring WAF events.</p>
<%= link_to "Create Project", new_project_path, class: "btn btn-primary" %>
</div>
<% end %>

32
app/views/projects/new.html.erb Normal file
View File

@@ -0,0 +1,32 @@
<h1>New Project</h1>
<%= form_with(model: @project, local: true) do |form| %>
<% if @project.errors.any? %>
<div class="alert alert-danger">
<h4><%= pluralize(@project.errors.count, "error") %> prohibited this project from being saved:</h4>
<ul>
<% @project.errors.full_messages.each do |message| %>
<li><%= message %></li>
<% end %>
</ul>
</div>
<% end %>
<div class="mb-3">
<%= form.label :name, class: "form-label" %>
<%= form.text_field :name, class: "form-control" %>
</div>
<div class="mb-3">
<%= form.label :enabled, class: "form-label" %>
<div class="form-check">
<%= form.check_box :enabled, class: "form-check-input" %>
<%= form.label :enabled, "Enable this project", class: "form-check-label" %>
</div>
</div>
<div class="mb-3">
<%= form.submit "Create Project", class: "btn btn-primary" %>
<%= link_to "Cancel", projects_path, class: "btn btn-secondary" %>
</div>
<% end %>

118
app/views/projects/show.html.erb Normal file
View File

@@ -0,0 +1,118 @@
<div class="d-flex justify-content-between align-items-center mb-4">
<h1><%= @project.name %></h1>
<div>
<%= link_to "Edit", edit_project_path(@project), class: "btn btn-secondary" %>
<%= link_to "Events", events_project_path(@project), class: "btn btn-primary" %>
<%= link_to "Analytics", analytics_project_path(@project), class: "btn btn-info" %>
</div>
</div>
<div class="row">
<div class="col-md-6">
<div class="card">
<div class="card-header">
<h5>Project Status</h5>
</div>
<div class="card-body">
<p><strong>Status:</strong>
<span class="badge bg-<%= @waf_status == 'active' ? 'success' : @waf_status == 'idle' ? 'warning' : 'danger' %>">
<%= @waf_status %>
</span>
</p>
<p><strong>Enabled:</strong>
<span class="badge bg-<%= @project.enabled? ? 'success' : 'secondary' %>">
<%= @project.enabled? ? 'Yes' : 'No' %>
</span>
</p>
<p><strong>Events (24h):</strong> <%= @event_count %></p>
<p><strong>Blocked (24h):</strong> <%= @blocked_count %></p>
</div>
</div>
</div>
<div class="col-md-6">
<div class="card">
<div class="card-header">
<h5>DSN Configuration</h5>
</div>
<div class="card-body">
<p><strong>DSN:</strong></p>
<code><%= @project.dsn %></code>
<button class="btn btn-sm btn-outline-primary ms-2" onclick="copyDSN()">Copy</button>
<% if @project.internal_dsn.present? %>
<hr>
<p><strong>Internal DSN:</strong></p>
<code><%= @project.internal_dsn %></code>
<% end %>
</div>
</div>
</div>
</div>
<div class="mt-4">
<div class="card">
<div class="card-header">
<h5>Recent Events</h5>
</div>
<div class="card-body">
<% if @recent_events.any? %>
<div class="table-responsive">
<table class="table table-sm">
<thead>
<tr>
<th>Time</th>
<th>IP</th>
<th>Action</th>
<th>Path</th>
<th>Status</th>
</tr>
</thead>
<tbody>
<% @recent_events.limit(5).each do |event| %>
<tr>
<td><%= event.timestamp.strftime("%H:%M:%S") %></td>
<td><%= event.ip_address %></td>
<td>
<span class="badge bg-<%= event.blocked? ? 'danger' : event.allowed? ? 'success' : 'warning' %>">
<%= event.action %>
</span>
</td>
<td><code><%= event.request_path %></code></td>
<td><%= event.response_status %></td>
</tr>
<% end %>
</tbody>
</table>
</div>
<div class="text-end">
<%= link_to "View All Events", events_project_path(@project), class: "btn btn-primary btn-sm" %>
</div>
<% else %>
<p class="text-muted">No events received yet.</p>
<% end %>
</div>
</div>
</div>
<script>
function copyDSN() {
const dsnElement = document.querySelector('code');
const textArea = document.createElement('textarea');
textArea.value = dsnElement.textContent;
document.body.appendChild(textArea);
textArea.select();
document.execCommand('copy');
document.body.removeChild(textArea);
// Show feedback
const button = event.target;
const originalText = button.textContent;
button.textContent = 'Copied!';
button.classList.add('btn-success');
setTimeout(() => {
button.textContent = originalText;
button.classList.remove('btn-success');
}, 2000);
}
</script>

22
app/views/pwa/manifest.json.erb Normal file
View File

@@ -0,0 +1,22 @@
{
"name": "BaffleHub",
"icons": [
{
"src": "/icon.png",
"type": "image/png",
"sizes": "512x512"
},
{
"src": "/icon.png",
"type": "image/png",
"sizes": "512x512",
"purpose": "maskable"
}
],
"start_url": "/",
"display": "standalone",
"scope": "/",
"description": "BaffleHub.",
"theme_color": "red",
"background_color": "red"
}

26
app/views/pwa/service-worker.js Normal file
View File

@@ -0,0 +1,26 @@
// Add a service worker for processing Web Push notifications:
//
// self.addEventListener("push", async (event) => {
// const { title, options } = await event.data.json()
// event.waitUntil(self.registration.showNotification(title, options))
// })
//
// self.addEventListener("notificationclick", function(event) {
// event.notification.close()
// event.waitUntil(
// clients.matchAll({ type: "window" }).then((clientList) => {
// for (let i = 0; i < clientList.length; i++) {
// let client = clientList[i]
// let clientPath = (new URL(client.url)).pathname
//
// if (clientPath == event.notification.data.path && "focus" in client) {
// return client.focus()
// }
// }
//
// if (clients.openWindow) {
// return clients.openWindow(event.notification.data.path)
// }
// })
// )
// })

7
bin/brakeman Executable file
View File

@@ -0,0 +1,7 @@
#!/usr/bin/env ruby
require "rubygems"
require "bundler/setup"
ARGV.unshift("--ensure-latest")
load Gem.bin_path("brakeman", "brakeman")

6
bin/bundler-audit Executable file
View File

@@ -0,0 +1,6 @@
#!/usr/bin/env ruby
require_relative "../config/boot"
require "bundler/audit/cli"
ARGV.concat %w[ --config config/bundler-audit.yml ] if ARGV.empty? || ARGV.include?("check")
Bundler::Audit::CLI.start

6
bin/ci Executable file
View File

@@ -0,0 +1,6 @@
#!/usr/bin/env ruby
require_relative "../config/boot"
require "active_support/continuous_integration"
CI = ActiveSupport::ContinuousIntegration
require_relative "../config/ci.rb"

16
bin/dev Executable file
View File

@@ -0,0 +1,16 @@
#!/usr/bin/env sh
if ! gem list foreman -i --silent; then
echo "Installing foreman..."
gem install foreman
fi
# Default to port 3000 if not specified
export PORT="${PORT:-3000}"
# Let the debug gem allow remote connections,
# but avoid loading until `debugger` is called
export RUBY_DEBUG_OPEN="true"
export RUBY_DEBUG_LAZY="true"
exec foreman start -f Procfile.dev "$@"

8
bin/docker-entrypoint Executable file
View File

@@ -0,0 +1,8 @@
#!/bin/bash -e
# If running the rails server then create or migrate existing database
if [ "${@: -2:1}" == "./bin/rails" ] && [ "${@: -1:1}" == "server" ]; then
./bin/rails db:prepare
fi
exec "${@}"

4
bin/importmap Executable file
View File

@@ -0,0 +1,4 @@
#!/usr/bin/env ruby
require_relative "../config/application"
require "importmap/commands"

6
bin/jobs Executable file
View File

@@ -0,0 +1,6 @@
#!/usr/bin/env ruby
require_relative "../config/environment"
require "solid_queue/cli"
SolidQueue::Cli.start(ARGV)

27
bin/kamal Executable file
View File

@@ -0,0 +1,27 @@
#!/usr/bin/env ruby
# frozen_string_literal: true
#
# This file was generated by Bundler.
#
# The application 'kamal' is installed as part of a gem, and
# this file is here to facilitate running it.
#
ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
bundle_binstub = File.expand_path("bundle", __dir__)
if File.file?(bundle_binstub)
if File.read(bundle_binstub, 300).include?("This file was generated by Bundler")
load(bundle_binstub)
else
abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
end
end
require "rubygems"
require "bundler/setup"
load Gem.bin_path("kamal", "kamal")

4
bin/rails Executable file
View File

@@ -0,0 +1,4 @@
#!/usr/bin/env ruby
APP_PATH = File.expand_path("../config/application", __dir__)
require_relative "../config/boot"
require "rails/commands"

4
bin/rake Executable file
View File

@@ -0,0 +1,4 @@
#!/usr/bin/env ruby
require_relative "../config/boot"
require "rake"
Rake.application.run

8
bin/rubocop Executable file
View File

@@ -0,0 +1,8 @@
#!/usr/bin/env ruby
require "rubygems"
require "bundler/setup"
# Explicit RuboCop config increases performance slightly while avoiding config confusion.
ARGV.unshift("--config", File.expand_path("../.rubocop.yml", __dir__))
load Gem.bin_path("rubocop", "rubocop")

35
bin/setup Executable file
View File

@@ -0,0 +1,35 @@
#!/usr/bin/env ruby
require "fileutils"
APP_ROOT = File.expand_path("..", __dir__)
def system!(*args)
system(*args, exception: true)
end
FileUtils.chdir APP_ROOT do
# This script is a way to set up or update your development environment automatically.
# This script is idempotent, so that you can run it at any time and get an expectable outcome.
# Add necessary setup steps to this file.
puts "== Installing dependencies =="
system("bundle check") || system!("bundle install")
# puts "\n== Copying sample files =="
# unless File.exist?("config/database.yml")
# FileUtils.cp "config/database.yml.sample", "config/database.yml"
# end
puts "\n== Preparing database =="
system! "bin/rails db:prepare"
system! "bin/rails db:reset" if ARGV.include?("--reset")
puts "\n== Removing old logs and tempfiles =="
system! "bin/rails log:clear tmp:clear"
unless ARGV.include?("--skip-server")
puts "\n== Starting development server =="
STDOUT.flush # flush the output before exec(2) so that it displays
exec "bin/dev"
end
end

5
bin/thrust Executable file
View File

@@ -0,0 +1,5 @@
#!/usr/bin/env ruby
require "rubygems"
require "bundler/setup"
load Gem.bin_path("thruster", "thrust")

6
config.ru Normal file
View File

@@ -0,0 +1,6 @@
# This file is used by Rack-based servers to start the application.
require_relative "config/environment"
run Rails.application
Rails.application.load_server

35
config/application.rb Normal file
View File

@@ -0,0 +1,35 @@
require_relative "boot"
require "rails/all"
# Require the gems listed in Gemfile, including any gems
# you've limited to :test, :development, or :production.
Bundler.require(*Rails.groups)
# Ensure pagy is loaded
require 'pagy'
module BaffleHub
class Application < Rails::Application
# Initialize configuration defaults for originally generated Rails version.
config.load_defaults 8.1
# Please, add to the `ignore` list any other `lib` subdirectories that do
# not contain `.rb` files, or that should not be reloaded or eager loaded.
# Common ones are `templates`, `generators`, or `middleware`, for example.
config.autoload_lib(ignore: %w[assets tasks])
# Configure trusted proxies for proper client IP detection
# This allows Rails to properly detect real client IPs behind reverse proxies
config.action_dispatch.trusted_proxies = [
# Docker network ranges where your reverse proxy might be
IPAddr.new("172.16.0.0/12"), # Docker default bridge network range
IPAddr.new("10.0.0.0/8"), # Internal networks
IPAddr.new("192.168.0.0/16"), # Private networks
IPAddr.new("172.64.66.1") # Your specific Caddy container IP
]
# Enable IP spoofing check for security
config.action_dispatch.ip_spoofing_check = true
end
end

4
config/boot.rb Normal file
View File

@@ -0,0 +1,4 @@
ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
require "bundler/setup" # Set up gems listed in the Gemfile.
require "bootsnap/setup" # Speed up boot time by caching expensive operations.

5
config/bundler-audit.yml Normal file
View File

@@ -0,0 +1,5 @@
# Audit all gems listed in the Gemfile for known security problems by running bin/bundler-audit.
# CVEs that are not relevant to the application can be enumerated on the ignore list below.
ignore:
- CVE-THAT-DOES-NOT-APPLY

17
config/cable.yml Normal file
View File

@@ -0,0 +1,17 @@
# Async adapter only works within the same process, so for manually triggering cable updates from a console,
# and seeing results in the browser, you must do so from the web console (running inside the dev process),
# not a terminal started via bin/rails console! Add "console" to any action or any ERB template view
# to make the web console appear.
development:
adapter: async
test:
adapter: test
production:
adapter: solid_cable
connects_to:
database:
writing: cable
polling_interval: 0.1.seconds
message_retention: 1.day

16
config/cache.yml Normal file
View File

@@ -0,0 +1,16 @@
default: &default
store_options:
# Cap age of oldest cache entry to fulfill retention policies
# max_age: <%= 60.days.to_i %>
max_size: <%= 256.megabytes %>
namespace: <%= Rails.env %>
development:
<<: *default
test:
<<: *default
production:
database: cache
<<: *default

23
config/ci.rb Normal file
View File

@@ -0,0 +1,23 @@
# Run using bin/ci
CI.run do
step "Setup", "bin/setup --skip-server"
step "Style: Ruby", "bin/rubocop"
step "Security: Gem audit", "bin/bundler-audit"
step "Security: Importmap vulnerability audit", "bin/importmap audit"
step "Security: Brakeman code analysis", "bin/brakeman --quiet --no-pager --exit-on-warn --exit-on-error"
step "Tests: Rails", "bin/rails test"
step "Tests: System", "bin/rails test:system"
step "Tests: Seeds", "env RAILS_ENV=test bin/rails db:seed:replant"
# Optional: set a green GitHub commit status to unblock PR merge.
# Requires the `gh` CLI and `gh extension install basecamp/gh-signoff`.
# if success?
# step "Signoff: All systems go. Ready for merge and deploy.", "gh signoff"
# else
# failure "Signoff: CI failed. Do not merge or deploy.", "Fix the issues and try again."
# end
end

41
config/database.yml Normal file
View File

@@ -0,0 +1,41 @@
# SQLite. Versions 3.8.0 and up are supported.
# gem install sqlite3
#
# Ensure the SQLite 3 gem is defined in your Gemfile
# gem "sqlite3"
#
default: &default
adapter: sqlite3
max_connections: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %>
timeout: 5000
development:
<<: *default
database: storage/development.sqlite3
# Warning: The database defined as "test" will be erased and
# re-generated from your development database when you run "rake".
# Do not set this db to the same as development or production.
test:
<<: *default
database: storage/test.sqlite3
# Store production database in the storage/ directory, which by default
# is mounted as a persistent Docker volume in config/deploy.yml.
production:
primary:
<<: *default
database: storage/production.sqlite3
cache:
<<: *default
database: storage/production_cache.sqlite3
migrations_paths: db/cache_migrate
queue:
<<: *default
database: storage/production_queue.sqlite3
migrations_paths: db/queue_migrate
cable:
<<: *default
database: storage/production_cable.sqlite3
migrations_paths: db/cable_migrate

120
config/deploy.yml Normal file
View File

@@ -0,0 +1,120 @@
# Name of your application. Used to uniquely configure containers.
service: baffle_hub
# Name of the container image (use your-user/app-name on external registries).
image: baffle_hub
# Deploy to these servers.
servers:
web:
- 192.168.0.1
# job:
# hosts:
# - 192.168.0.1
# cmd: bin/jobs
# Enable SSL auto certification via Let's Encrypt and allow for multiple apps on a single web server.
# If used with Cloudflare, set encryption mode in SSL/TLS setting to "Full" to enable CF-to-app encryption.
#
# Using an SSL proxy like this requires turning on config.assume_ssl and config.force_ssl in production.rb!
#
# Don't use this when deploying to multiple web servers (then you have to terminate SSL at your load balancer).
#
# proxy:
# ssl: true
# host: app.example.com
# Where you keep your container images.
registry:
# Alternatives: hub.docker.com / registry.digitalocean.com / ghcr.io / ...
server: localhost:5555
# Needed for authenticated registries.
# username: your-user
# Always use an access token rather than real password when possible.
# password:
# - KAMAL_REGISTRY_PASSWORD
# Inject ENV variables into containers (secrets come from .kamal/secrets).
env:
secret:
- RAILS_MASTER_KEY
clear:
# Run the Solid Queue Supervisor inside the web server's Puma process to do jobs.
# When you start using multiple servers, you should split out job processing to a dedicated machine.
SOLID_QUEUE_IN_PUMA: true
# Set number of processes dedicated to Solid Queue (default: 1)
# JOB_CONCURRENCY: 3
# Set number of cores available to the application on each server (default: 1).
# WEB_CONCURRENCY: 2
# Match this to any external database server to configure Active Record correctly
# Use baffle_hub-db for a db accessory server on same machine via local kamal docker network.
# DB_HOST: 192.168.0.2
# Log everything from Rails
# RAILS_LOG_LEVEL: debug
# Aliases are triggered with "bin/kamal <alias>". You can overwrite arguments on invocation:
# "bin/kamal logs -r job" will tail logs from the first server in the job section.
aliases:
console: app exec --interactive --reuse "bin/rails console"
shell: app exec --interactive --reuse "bash"
logs: app logs -f
dbc: app exec --interactive --reuse "bin/rails dbconsole --include-password"
# Use a persistent storage volume for sqlite database files and local Active Storage files.
# Recommended to change this to a mounted volume path that is backed up off server.
volumes:
- "baffle_hub_storage:/rails/storage"
# Bridge fingerprinted assets, like JS and CSS, between versions to avoid
# hitting 404 on in-flight requests. Combines all files from new and old
# version inside the asset_path.
asset_path: /rails/public/assets
# Configure the image builder.
builder:
arch: amd64
# # Build image via remote server (useful for faster amd64 builds on arm64 computers)
# remote: ssh://docker@docker-builder-server
#
# # Pass arguments and secrets to the Docker build process
# args:
# RUBY_VERSION: 3.4.7
# secrets:
# - GITHUB_TOKEN
# - RAILS_MASTER_KEY
# Use a different ssh user than root
# ssh:
# user: app
# Use accessory services (secrets come from .kamal/secrets).
# accessories:
# db:
# image: mysql:8.0
# host: 192.168.0.2
# # Change to 3306 to expose port to the world instead of just local network.
# port: "127.0.0.1:3306:3306"
# env:
# clear:
# MYSQL_ROOT_HOST: '%'
# secret:
# - MYSQL_ROOT_PASSWORD
# files:
# - config/mysql/production.cnf:/etc/mysql/my.cnf
# - db/production.sql:/docker-entrypoint-initdb.d/setup.sql
# directories:
# - data:/var/lib/mysql
# redis:
# image: valkey/valkey:8
# host: 192.168.0.2
# port: 6379
# directories:
# - data:/data

5
config/environment.rb Normal file
View File

@@ -0,0 +1,5 @@
# Load the Rails application.
require_relative "application"
# Initialize the Rails application.
Rails.application.initialize!

78
config/environments/development.rb Normal file
View File

@@ -0,0 +1,78 @@
require "active_support/core_ext/integer/time"
Rails.application.configure do
# Settings specified here will take precedence over those in config/application.rb.
# Make code changes take effect immediately without server restart.
config.enable_reloading = true
# Do not eager load code on boot.
config.eager_load = false
# Show full error reports.
config.consider_all_requests_local = true
# Enable server timing.
config.server_timing = true
# Enable/disable Action Controller caching. By default Action Controller caching is disabled.
# Run rails dev:cache to toggle Action Controller caching.
if Rails.root.join("tmp/caching-dev.txt").exist?
config.action_controller.perform_caching = true
config.action_controller.enable_fragment_cache_logging = true
config.public_file_server.headers = { "cache-control" => "public, max-age=#{2.days.to_i}" }
else
config.action_controller.perform_caching = false
end
# Change to :null_store to avoid any caching.
config.cache_store = :memory_store
# Store uploaded files on the local file system (see config/storage.yml for options).
config.active_storage.service = :local
# Don't care if the mailer can't send.
config.action_mailer.raise_delivery_errors = false
# Make template changes take effect immediately.
config.action_mailer.perform_caching = false
# Set localhost to be used by links generated in mailer templates.
config.action_mailer.default_url_options = { host: "localhost", port: 3000 }
# Print deprecation notices to the Rails logger.
config.active_support.deprecation = :log
# Raise an error on page load if there are pending migrations.
config.active_record.migration_error = :page_load
# Highlight code that triggered database queries in logs.
config.active_record.verbose_query_logs = true
# Append comments with runtime information tags to SQL queries in logs.
config.active_record.query_log_tags_enabled = true
# Highlight code that enqueued background job in logs.
config.active_job.verbose_enqueue_logs = true
# Highlight code that triggered redirect in logs.
config.action_dispatch.verbose_redirect_logs = true
# Suppress logger output for asset requests.
config.assets.quiet = true
# Raises error for missing translations.
# config.i18n.raise_on_missing_translations = true
# Annotate rendered view with file names.
config.action_view.annotate_rendered_view_with_filenames = true
# Uncomment if you wish to allow Action Cable access from any origin.
# config.action_cable.disable_request_forgery_protection = true
# Raise error when a before_action's only/except options reference missing actions.
config.action_controller.raise_on_missing_callback_actions = true
# Apply autocorrection by RuboCop to files generated by `bin/rails generate`.
# config.generators.apply_rubocop_autocorrect_after_generate!
end

90
config/environments/production.rb Normal file
View File

@@ -0,0 +1,90 @@
require "active_support/core_ext/integer/time"
Rails.application.configure do
# Settings specified here will take precedence over those in config/application.rb.
# Code is not reloaded between requests.
config.enable_reloading = false
# Eager load code on boot for better performance and memory savings (ignored by Rake tasks).
config.eager_load = true
# Full error reports are disabled.
config.consider_all_requests_local = false
# Turn on fragment caching in view templates.
config.action_controller.perform_caching = true
# Cache assets for far-future expiry since they are all digest stamped.
config.public_file_server.headers = { "cache-control" => "public, max-age=#{1.year.to_i}" }
# Enable serving of images, stylesheets, and JavaScripts from an asset server.
# config.asset_host = "http://assets.example.com"
# Store uploaded files on the local file system (see config/storage.yml for options).
config.active_storage.service = :local
# Assume all access to the app is happening through a SSL-terminating reverse proxy.
# config.assume_ssl = true
# Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
# config.force_ssl = true
# Skip http-to-https redirect for the default health check endpoint.
# config.ssl_options = { redirect: { exclude: ->(request) { request.path == "/up" } } }
# Log to STDOUT with the current request id as a default log tag.
config.log_tags = [ :request_id ]
config.logger = ActiveSupport::TaggedLogging.logger(STDOUT)
# Change to "debug" to log everything (including potentially personally-identifiable information!).
config.log_level = ENV.fetch("RAILS_LOG_LEVEL", "info")
# Prevent health checks from clogging up the logs.
config.silence_healthcheck_path = "/up"
# Don't log any deprecations.
config.active_support.report_deprecations = false
# Replace the default in-process memory cache store with a durable alternative.
config.cache_store = :solid_cache_store
# Replace the default in-process and non-durable queuing backend for Active Job.
config.active_job.queue_adapter = :solid_queue
config.solid_queue.connects_to = { database: { writing: :queue } }
# Ignore bad email addresses and do not raise email delivery errors.
# Set this to true and configure the email server for immediate delivery to raise delivery errors.
# config.action_mailer.raise_delivery_errors = false
# Set host to be used by links generated in mailer templates.
config.action_mailer.default_url_options = { host: "example.com" }
# Specify outgoing SMTP server. Remember to add smtp/* credentials via bin/rails credentials:edit.
# config.action_mailer.smtp_settings = {
# user_name: Rails.application.credentials.dig(:smtp, :user_name),
# password: Rails.application.credentials.dig(:smtp, :password),
# address: "smtp.example.com",
# port: 587,
# authentication: :plain
# }
# Enable locale fallbacks for I18n (makes lookups for any locale fall back to
# the I18n.default_locale when a translation cannot be found).
config.i18n.fallbacks = true
# Do not dump schema after migrations.
config.active_record.dump_schema_after_migration = false
# Only use :id for inspections in production.
config.active_record.attributes_for_inspect = [ :id ]
# Enable DNS rebinding protection and other `Host` header attacks.
# config.hosts = [
# "example.com", # Allow requests from example.com
# /.*\.example\.com/ # Allow requests from subdomains like `www.example.com`
# ]
#
# Skip DNS rebinding protection for the default health check endpoint.
# config.host_authorization = { exclude: ->(request) { request.path == "/up" } }
end

53
config/environments/test.rb Normal file
View File

@@ -0,0 +1,53 @@
# The test environment is used exclusively to run your application's
# test suite. You never need to work with it otherwise. Remember that
# your test database is "scratch space" for the test suite and is wiped
# and recreated between test runs. Don't rely on the data there!
Rails.application.configure do
# Settings specified here will take precedence over those in config/application.rb.
# While tests run files are not watched, reloading is not necessary.
config.enable_reloading = false
# Eager loading loads your entire application. When running a single test locally,
# this is usually not necessary, and can slow down your test suite. However, it's
# recommended that you enable it in continuous integration systems to ensure eager
# loading is working properly before deploying your code.
config.eager_load = ENV["CI"].present?
# Configure public file server for tests with cache-control for performance.
config.public_file_server.headers = { "cache-control" => "public, max-age=3600" }
# Show full error reports.
config.consider_all_requests_local = true
config.cache_store = :null_store
# Render exception templates for rescuable exceptions and raise for other exceptions.
config.action_dispatch.show_exceptions = :rescuable
# Disable request forgery protection in test environment.
config.action_controller.allow_forgery_protection = false
# Store uploaded files on the local file system in a temporary directory.
config.active_storage.service = :test
# Tell Action Mailer not to deliver emails to the real world.
# The :test delivery method accumulates sent emails in the
# ActionMailer::Base.deliveries array.
config.action_mailer.delivery_method = :test
# Set host to be used by links generated in mailer templates.
config.action_mailer.default_url_options = { host: "example.com" }
# Print deprecation notices to the stderr.
config.active_support.deprecation = :stderr
# Raises error for missing translations.
# config.i18n.raise_on_missing_translations = true
# Annotate rendered view with file names.
# config.action_view.annotate_rendered_view_with_filenames = true
# Raise error when a before_action's only/except options reference missing actions.
config.action_controller.raise_on_missing_callback_actions = true
end

7
config/importmap.rb Normal file
View File

@@ -0,0 +1,7 @@
# Pin npm packages by running ./bin/importmap
pin "application"
pin "@hotwired/turbo-rails", to: "turbo.min.js"
pin "@hotwired/stimulus", to: "stimulus.min.js"
pin "@hotwired/stimulus-loading", to: "stimulus-loading.js"
pin_all_from "app/javascript/controllers", under: "controllers"

7
config/initializers/assets.rb Normal file
View File

@@ -0,0 +1,7 @@
# Be sure to restart your server when you modify this file.
# Version of your assets, change this if you want to expire all your assets.
Rails.application.config.assets.version = "1.0"
# Add additional assets to the asset load path.
# Rails.application.config.assets.paths << Emoji.images_path

29
config/initializers/content_security_policy.rb Normal file
View File

@@ -0,0 +1,29 @@
# Be sure to restart your server when you modify this file.
# Define an application-wide content security policy.
# See the Securing Rails Applications Guide for more information:
# https://guides.rubyonrails.org/security.html#content-security-policy-header
# Rails.application.configure do
# config.content_security_policy do |policy|
# policy.default_src :self, :https
# policy.font_src :self, :https, :data
# policy.img_src :self, :https, :data
# policy.object_src :none
# policy.script_src :self, :https
# policy.style_src :self, :https
# # Specify URI for violation reports
# # policy.report_uri "/csp-violation-report-endpoint"
# end
#
# # Generate session nonces for permitted importmap, inline scripts, and inline styles.
# config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s }
# config.content_security_policy_nonce_directives = %w(script-src style-src)
#
# # Automatically add `nonce` to `javascript_tag`, `javascript_include_tag`, and `stylesheet_link_tag`
# # if the corresponding directives are specified in `content_security_policy_nonce_directives`.
# # config.content_security_policy_nonce_auto = true
#
# # Report violations without enforcing the policy.
# # config.content_security_policy_report_only = true
# end

8
config/initializers/filter_parameter_logging.rb Normal file
View File

@@ -0,0 +1,8 @@
# Be sure to restart your server when you modify this file.
# Configure parameters to be partially matched (e.g. passw matches password) and filtered from the log file.
# Use this to limit dissemination of sensitive information.
# See the ActiveSupport::ParameterFilter documentation for supported notations and behaviors.
Rails.application.config.filter_parameters += [
:passw, :email, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn, :cvv, :cvc
]

16
config/initializers/inflections.rb Normal file
View File

@@ -0,0 +1,16 @@
# Be sure to restart your server when you modify this file.
# Add new inflection rules using the following format. Inflections
# are locale specific, and you may define rules for as many different
# locales as you wish. All of these examples are active by default:
# ActiveSupport::Inflector.inflections(:en) do |inflect|
# inflect.plural /^(ox)$/i, "\\1en"
# inflect.singular /^(ox)en/i, "\\1"
# inflect.irregular "person", "people"
# inflect.uncountable %w( fish sheep )
# end
# These inflection rules are supported but not enabled by default:
# ActiveSupport::Inflector.inflections(:en) do |inflect|
# inflect.acronym "RESTful"
# end

6
config/initializers/pagy.rb Normal file
View File

@@ -0,0 +1,6 @@
# frozen_string_literal: true
# Pagy configuration
# require 'pagy'
# Pagy::VARS[:items] = 50 # default items per page

31
config/locales/en.yml Normal file
View File

@@ -0,0 +1,31 @@
# Files in the config/locales directory are used for internationalization and
# are automatically loaded by Rails. If you want to use locales other than
# English, add the necessary files in this directory.
#
# To use the locales, use `I18n.t`:
#
# I18n.t "hello"
#
# In views, this is aliased to just `t`:
#
# <%= t("hello") %>
#
# To use a different locale, set it with `I18n.locale`:
#
# I18n.locale = :es
#
# This would use the information in config/locales/es.yml.
#
# To learn more about the API, please read the Rails Internationalization guide
# at https://guides.rubyonrails.org/i18n.html.
#
# Be aware that YAML interprets the following case-insensitive strings as
# booleans: `true`, `false`, `on`, `off`, `yes`, `no`. Therefore, these strings
# must be quoted to be interpreted as strings. For example:
#
# en:
# "yes": yup
# enabled: "ON"
en:
hello: "Hello world"

42
config/puma.rb Normal file
View File

@@ -0,0 +1,42 @@
# This configuration file will be evaluated by Puma. The top-level methods that
# are invoked here are part of Puma's configuration DSL. For more information
# about methods provided by the DSL, see https://puma.io/puma/Puma/DSL.html.
#
# Puma starts a configurable number of processes (workers) and each process
# serves each request in a thread from an internal thread pool.
#
# You can control the number of workers using ENV["WEB_CONCURRENCY"]. You
# should only set this value when you want to run 2 or more workers. The
# default is already 1. You can set it to `auto` to automatically start a worker
# for each available processor.
#
# The ideal number of threads per worker depends both on how much time the
# application spends waiting for IO operations and on how much you wish to
# prioritize throughput over latency.
#
# As a rule of thumb, increasing the number of threads will increase how much
# traffic a given process can handle (throughput), but due to CRuby's
# Global VM Lock (GVL) it has diminishing returns and will degrade the
# response time (latency) of the application.
#
# The default is set to 3 threads as it's deemed a decent compromise between
# throughput and latency for the average Rails application.
#
# Any libraries that use a connection pool or another resource pool should
# be configured to provide at least as many connections as the number of
# threads. This includes Active Record's `pool` parameter in `database.yml`.
threads_count = ENV.fetch("RAILS_MAX_THREADS", 3)
threads threads_count, threads_count
# Specifies the `port` that Puma will listen on to receive requests; default is 3000.
port ENV.fetch("PORT", 3000)
# Allow puma to be restarted by `bin/rails restart` command.
plugin :tmp_restart
# Run the Solid Queue supervisor inside of Puma for single-server deployments.
plugin :solid_queue if ENV["SOLID_QUEUE_IN_PUMA"]
# Specify the PID file. Defaults to tmp/pids/server.pid in development.
# In other environments, only set the PID file if requested.
pidfile ENV["PIDFILE"] if ENV["PIDFILE"]

18
config/queue.yml Normal file
View File

@@ -0,0 +1,18 @@
default: &default
dispatchers:
- polling_interval: 1
batch_size: 500
workers:
- queues: "*"
threads: 3
processes: <%= ENV.fetch("JOB_CONCURRENCY", 1) %>
polling_interval: 0.1
development:
<<: *default
test:
<<: *default
production:
<<: *default

15
config/recurring.yml Normal file
View File

@@ -0,0 +1,15 @@
# examples:
# periodic_cleanup:
# class: CleanSoftDeletedRecordsJob
# queue: background
# args: [ 1000, { batch_size: 500 } ]
# schedule: every hour
# periodic_cleanup_with_command:
# command: "SoftDeletedRecord.due.delete_all"
# priority: 2
# schedule: at 5am every day
production:
clear_solid_queue_finished_jobs:
command: "SolidQueue::Job.clear_finished_in_batches(sleep_between_batches: 0.3)"
schedule: every hour at minute 12

30
config/routes.rb Normal file
View File

@@ -0,0 +1,30 @@
Rails.application.routes.draw do
# Define your application routes per the DSL in https://guides.rubyonrails.org/routing.html
# Reveal health status on /up that returns 200 if the app boots with no exceptions, otherwise 500.
# Can be used by load balancers and uptime monitors to verify that the app is live.
get "up" => "rails/health#show", as: :rails_health_check
# WAF Event Ingestion API
namespace :api, defaults: { format: :json } do
post ":project_id/events", to: "events#create"
end
# Root path - projects dashboard
root "projects#index"
# Project management
resources :projects, only: [:index, :new, :create, :show, :edit, :update] do
resources :events, only: [:index]
member do
get :analytics
end
end
# Rule management
resources :rule_sets, only: [:index, :new, :create, :show, :edit, :update] do
member do
post :push_to_agents
end
end
end

27
config/storage.yml Normal file
View File

@@ -0,0 +1,27 @@
test:
service: Disk
root: <%= Rails.root.join("tmp/storage") %>
local:
service: Disk
root: <%= Rails.root.join("storage") %>
# Use bin/rails credentials:edit to set the AWS secrets (as aws:access_key_id|secret_access_key)
# amazon:
# service: S3
# access_key_id: <%= Rails.application.credentials.dig(:aws, :access_key_id) %>
# secret_access_key: <%= Rails.application.credentials.dig(:aws, :secret_access_key) %>
# region: us-east-1
# bucket: your_own_bucket-<%= Rails.env %>
# Remember not to checkin your GCS keyfile to a repository
# google:
# service: GCS
# project: your_project
# credentials: <%= Rails.root.join("path/to/gcs.keyfile") %>
# bucket: your_own_bucket-<%= Rails.env %>
# mirror:
# service: Mirror
# primary: local
# mirrors: [ amazon, google, microsoft ]

11
db/cable_schema.rb Normal file
View File

@@ -0,0 +1,11 @@
ActiveRecord::Schema[7.1].define(version: 1) do
create_table "solid_cable_messages", force: :cascade do |t|
t.binary "channel", limit: 1024, null: false
t.binary "payload", limit: 536870912, null: false
t.datetime "created_at", null: false
t.integer "channel_hash", limit: 8, null: false
t.index ["channel"], name: "index_solid_cable_messages_on_channel"
t.index ["channel_hash"], name: "index_solid_cable_messages_on_channel_hash"
t.index ["created_at"], name: "index_solid_cable_messages_on_created_at"
end
end

14
db/cache_schema.rb Normal file
View File

@@ -0,0 +1,14 @@
# frozen_string_literal: true
ActiveRecord::Schema[7.2].define(version: 1) do
create_table "solid_cache_entries", force: :cascade do |t|
t.binary "key", limit: 1024, null: false
t.binary "value", limit: 536870912, null: false
t.datetime "created_at", null: false
t.integer "key_hash", limit: 8, null: false
t.integer "byte_size", limit: 4, null: false
t.index ["byte_size"], name: "index_solid_cache_entries_on_byte_size"
t.index ["key_hash", "byte_size"], name: "index_solid_cache_entries_on_key_hash_and_byte_size"
t.index ["key_hash"], name: "index_solid_cache_entries_on_key_hash", unique: true
end
end

30
db/migrate/20251102030111_create_network_ranges.rb Normal file
View File

@@ -0,0 +1,30 @@
class CreateNetworkRanges < ActiveRecord::Migration[8.1]
def change
create_table :network_ranges do |t|
t.binary :ip_address, null: false
t.integer :network_prefix, null: false
t.integer :ip_version, null: false
t.string :company
t.integer :asn
t.string :asn_org
t.boolean :is_datacenter, default: false
t.boolean :is_proxy, default: false
t.boolean :is_vpn, default: false
t.string :ip_api_country
t.string :geo2_country
t.text :abuser_scores
t.text :additional_data
t.timestamp :last_api_fetch
t.timestamps
end
# Indexes for common queries
add_index :network_ranges, [:ip_address, :network_prefix], name: 'idx_network_ranges_ip_range'
add_index :network_ranges, :asn, name: 'idx_network_ranges_asn'
add_index :network_ranges, :company, name: 'idx_network_ranges_company'
add_index :network_ranges, :ip_api_country, name: 'idx_network_ranges_country'
add_index :network_ranges, [:is_datacenter, :is_proxy, :is_vpn], name: 'idx_network_ranges_flags'
add_index :network_ranges, :ip_version, name: 'idx_network_ranges_version'
end
end

21
db/migrate/20251102044000_create_projects.rb Normal file
View File

@@ -0,0 +1,21 @@
class CreateProjects < ActiveRecord::Migration[8.1]
def change
create_table :projects do |t|
t.string :name, null: false
t.string :slug, null: false
t.string :public_key, null: false
t.boolean :enabled, default: true, null: false
t.integer :rate_limit_threshold, default: 100, null: false
t.integer :blocked_ip_count, default: 0, null: false
t.text :custom_rules, default: "{}", null: false
t.text :settings, default: "{}", null: false
t.timestamps
end
add_index :projects, :slug, unique: true
add_index :projects, :public_key, unique: true
add_index :projects, :enabled
add_index :projects, :name
end
end

37
db/migrate/20251102044052_create_events.rb Normal file
View File

@@ -0,0 +1,37 @@
class CreateEvents < ActiveRecord::Migration[8.1]
def change
create_table :events do |t|
t.references :project, null: false, foreign_key: true
t.string :event_id, null: false
t.datetime :timestamp, null: false
t.string :action
t.string :ip_address
t.text :user_agent
t.string :request_method
t.string :request_path
t.string :request_url
t.string :request_protocol
t.integer :response_status
t.integer :response_time_ms
t.string :rule_matched
t.text :blocked_reason
t.string :server_name
t.string :environment
t.string :country_code
t.string :city
t.string :agent_version
t.string :agent_name
t.json :payload
t.timestamps
end
add_index :events, :event_id, unique: true
add_index :events, :timestamp
add_index :events, [:project_id, :timestamp]
add_index :events, [:project_id, :action]
add_index :events, [:project_id, :ip_address]
add_index :events, :ip_address
add_index :events, :action
end
end

13
db/migrate/20251102080959_create_rule_sets.rb Normal file
View File

@@ -0,0 +1,13 @@
class CreateRuleSets < ActiveRecord::Migration[8.1]
def change
create_table :rule_sets do |t|
t.string :name
t.text :description
t.boolean :enabled
t.json :projects
t.json :rules
t.timestamps
end
end
end

17
db/migrate/20251102081014_create_rules.rb Normal file
View File

@@ -0,0 +1,17 @@
class CreateRules < ActiveRecord::Migration[8.1]
def change
create_table :rules do |t|
t.references :rule_set, null: false, foreign_key: true
t.string :rule_type
t.string :target
t.string :action
t.boolean :enabled
t.datetime :expires_at
t.integer :priority
t.json :conditions
t.json :metadata
t.timestamps
end
end
end

11
db/migrate/20251102081043_add_fields_to_rule_sets.rb Normal file
View File

@@ -0,0 +1,11 @@
class AddFieldsToRuleSets < ActiveRecord::Migration[8.1]
def change
add_column :rule_sets, :slug, :string
add_column :rule_sets, :priority, :integer
add_column :rule_sets, :projects_subscription, :json
add_index :rule_sets, :slug, unique: true
add_index :rule_sets, :enabled
add_index :rule_sets, :priority
end
end

15
db/migrate/20251102234055_add_simple_event_normalization.rb Normal file
View File

@@ -0,0 +1,15 @@
class AddSimpleEventNormalization < ActiveRecord::Migration[8.1]
def change
# Add foreign key for hosts (most valuable normalization)
add_column :events, :request_host_id, :integer
add_foreign_key :events, :request_hosts
add_index :events, :request_host_id
# Add path segment storage as string for LIKE queries
add_column :events, :request_segment_ids, :string
add_index :events, :request_segment_ids
# Add composite index for common WAF queries using enums
add_index :events, [:request_host_id, :request_method, :request_segment_ids], name: 'idx_events_host_method_path'
end
end

5
db/migrate/20251103035249_rename_action_to_waf_action_in_events.rb Normal file
View File

@@ -0,0 +1,5 @@
class RenameActionToWafActionInEvents < ActiveRecord::Migration[8.1]
def change
rename_column :events, :action, :waf_action
end
end

129
db/queue_schema.rb Normal file
View File

@@ -0,0 +1,129 @@
ActiveRecord::Schema[7.1].define(version: 1) do
create_table "solid_queue_blocked_executions", force: :cascade do |t|
t.bigint "job_id", null: false
t.string "queue_name", null: false
t.integer "priority", default: 0, null: false
t.string "concurrency_key", null: false
t.datetime "expires_at", null: false
t.datetime "created_at", null: false
t.index [ "concurrency_key", "priority", "job_id" ], name: "index_solid_queue_blocked_executions_for_release"
t.index [ "expires_at", "concurrency_key" ], name: "index_solid_queue_blocked_executions_for_maintenance"
t.index [ "job_id" ], name: "index_solid_queue_blocked_executions_on_job_id", unique: true
end
create_table "solid_queue_claimed_executions", force: :cascade do |t|
t.bigint "job_id", null: false
t.bigint "process_id"
t.datetime "created_at", null: false
t.index [ "job_id" ], name: "index_solid_queue_claimed_executions_on_job_id", unique: true
t.index [ "process_id", "job_id" ], name: "index_solid_queue_claimed_executions_on_process_id_and_job_id"
end
create_table "solid_queue_failed_executions", force: :cascade do |t|
t.bigint "job_id", null: false
t.text "error"
t.datetime "created_at", null: false
t.index [ "job_id" ], name: "index_solid_queue_failed_executions_on_job_id", unique: true
end
create_table "solid_queue_jobs", force: :cascade do |t|
t.string "queue_name", null: false
t.string "class_name", null: false
t.text "arguments"
t.integer "priority", default: 0, null: false
t.string "active_job_id"
t.datetime "scheduled_at"
t.datetime "finished_at"
t.string "concurrency_key"
t.datetime "created_at", null: false
t.datetime "updated_at", null: false
t.index [ "active_job_id" ], name: "index_solid_queue_jobs_on_active_job_id"
t.index [ "class_name" ], name: "index_solid_queue_jobs_on_class_name"
t.index [ "finished_at" ], name: "index_solid_queue_jobs_on_finished_at"
t.index [ "queue_name", "finished_at" ], name: "index_solid_queue_jobs_for_filtering"
t.index [ "scheduled_at", "finished_at" ], name: "index_solid_queue_jobs_for_alerting"
end
create_table "solid_queue_pauses", force: :cascade do |t|
t.string "queue_name", null: false
t.datetime "created_at", null: false
t.index [ "queue_name" ], name: "index_solid_queue_pauses_on_queue_name", unique: true
end
create_table "solid_queue_processes", force: :cascade do |t|
t.string "kind", null: false
t.datetime "last_heartbeat_at", null: false
t.bigint "supervisor_id"
t.integer "pid", null: false
t.string "hostname"
t.text "metadata"
t.datetime "created_at", null: false
t.string "name", null: false
t.index [ "last_heartbeat_at" ], name: "index_solid_queue_processes_on_last_heartbeat_at"
t.index [ "name", "supervisor_id" ], name: "index_solid_queue_processes_on_name_and_supervisor_id", unique: true
t.index [ "supervisor_id" ], name: "index_solid_queue_processes_on_supervisor_id"
end
create_table "solid_queue_ready_executions", force: :cascade do |t|
t.bigint "job_id", null: false
t.string "queue_name", null: false
t.integer "priority", default: 0, null: false
t.datetime "created_at", null: false
t.index [ "job_id" ], name: "index_solid_queue_ready_executions_on_job_id", unique: true
t.index [ "priority", "job_id" ], name: "index_solid_queue_poll_all"
t.index [ "queue_name", "priority", "job_id" ], name: "index_solid_queue_poll_by_queue"
end
create_table "solid_queue_recurring_executions", force: :cascade do |t|
t.bigint "job_id", null: false
t.string "task_key", null: false
t.datetime "run_at", null: false
t.datetime "created_at", null: false
t.index [ "job_id" ], name: "index_solid_queue_recurring_executions_on_job_id", unique: true
t.index [ "task_key", "run_at" ], name: "index_solid_queue_recurring_executions_on_task_key_and_run_at", unique: true
end
create_table "solid_queue_recurring_tasks", force: :cascade do |t|
t.string "key", null: false
t.string "schedule", null: false
t.string "command", limit: 2048
t.string "class_name"
t.text "arguments"
t.string "queue_name"
t.integer "priority", default: 0
t.boolean "static", default: true, null: false
t.text "description"
t.datetime "created_at", null: false
t.datetime "updated_at", null: false
t.index [ "key" ], name: "index_solid_queue_recurring_tasks_on_key", unique: true
t.index [ "static" ], name: "index_solid_queue_recurring_tasks_on_static"
end
create_table "solid_queue_scheduled_executions", force: :cascade do |t|
t.bigint "job_id", null: false
t.string "queue_name", null: false
t.integer "priority", default: 0, null: false
t.datetime "scheduled_at", null: false
t.datetime "created_at", null: false
t.index [ "job_id" ], name: "index_solid_queue_scheduled_executions_on_job_id", unique: true
t.index [ "scheduled_at", "priority", "job_id" ], name: "index_solid_queue_dispatch_all"
end
create_table "solid_queue_semaphores", force: :cascade do |t|
t.string "key", null: false
t.integer "value", default: 1, null: false
t.datetime "expires_at", null: false
t.datetime "created_at", null: false
t.datetime "updated_at", null: false
t.index [ "expires_at" ], name: "index_solid_queue_semaphores_on_expires_at"
t.index [ "key", "value" ], name: "index_solid_queue_semaphores_on_key_and_value"
t.index [ "key" ], name: "index_solid_queue_semaphores_on_key", unique: true
end
add_foreign_key "solid_queue_blocked_executions", "solid_queue_jobs", column: "job_id", on_delete: :cascade
add_foreign_key "solid_queue_claimed_executions", "solid_queue_jobs", column: "job_id", on_delete: :cascade
add_foreign_key "solid_queue_failed_executions", "solid_queue_jobs", column: "job_id", on_delete: :cascade
add_foreign_key "solid_queue_ready_executions", "solid_queue_jobs", column: "job_id", on_delete: :cascade
add_foreign_key "solid_queue_recurring_executions", "solid_queue_jobs", column: "job_id", on_delete: :cascade
add_foreign_key "solid_queue_scheduled_executions", "solid_queue_jobs", column: "job_id", on_delete: :cascade
end

161
db/schema.rb Normal file
View File

@@ -0,0 +1,161 @@
# This file is auto-generated from the current state of the database. Instead
# of editing this file, please use the migrations feature of Active Record to
# incrementally modify your database, and then regenerate this schema definition.
#
# This file is the source Rails uses to define your schema when running `bin/rails
# db:schema:load`. When creating a new database, `bin/rails db:schema:load` tends to
# be faster and is potentially less error prone than running all of your
# migrations from scratch. Old migrations may fail to apply correctly if those
# migrations use external dependencies or application code.
#
# It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema[8.1].define(version: 2025_11_03_035249) do
create_table "events", force: :cascade do |t|
t.string "agent_name"
t.string "agent_version"
t.text "blocked_reason"
t.string "city"
t.string "country_code"
t.datetime "created_at", null: false
t.string "environment"
t.string "event_id", null: false
t.string "ip_address"
t.json "payload"
t.integer "project_id", null: false
t.integer "request_host_id"
t.string "request_method"
t.string "request_path"
t.string "request_protocol"
t.string "request_segment_ids"
t.string "request_url"
t.integer "response_status"
t.integer "response_time_ms"
t.string "rule_matched"
t.string "server_name"
t.datetime "timestamp", null: false
t.datetime "updated_at", null: false
t.text "user_agent"
t.string "waf_action"
t.index ["event_id"], name: "index_events_on_event_id", unique: true
t.index ["ip_address"], name: "index_events_on_ip_address"
t.index ["project_id", "ip_address"], name: "index_events_on_project_id_and_ip_address"
t.index ["project_id", "timestamp"], name: "index_events_on_project_id_and_timestamp"
t.index ["project_id", "waf_action"], name: "index_events_on_project_id_and_waf_action"
t.index ["project_id"], name: "index_events_on_project_id"
t.index ["request_host_id", "request_method", "request_segment_ids"], name: "idx_events_host_method_path"
t.index ["request_host_id"], name: "index_events_on_request_host_id"
t.index ["request_segment_ids"], name: "index_events_on_request_segment_ids"
t.index ["timestamp"], name: "index_events_on_timestamp"
t.index ["waf_action"], name: "index_events_on_waf_action"
end
create_table "network_ranges", force: :cascade do |t|
t.text "abuser_scores"
t.text "additional_data"
t.integer "asn"
t.string "asn_org"
t.string "company"
t.datetime "created_at", null: false
t.string "geo2_country"
t.binary "ip_address", null: false
t.string "ip_api_country"
t.integer "ip_version", null: false
t.boolean "is_datacenter", default: false
t.boolean "is_proxy", default: false
t.boolean "is_vpn", default: false
t.datetime "last_api_fetch"
t.integer "network_prefix", null: false
t.datetime "updated_at", null: false
t.index ["asn"], name: "idx_network_ranges_asn"
t.index ["company"], name: "idx_network_ranges_company"
t.index ["ip_address", "network_prefix"], name: "idx_network_ranges_ip_range"
t.index ["ip_api_country"], name: "idx_network_ranges_country"
t.index ["ip_version"], name: "idx_network_ranges_version"
t.index ["is_datacenter", "is_proxy", "is_vpn"], name: "idx_network_ranges_flags"
end
create_table "path_segments", force: :cascade do |t|
t.datetime "created_at", null: false
t.datetime "first_seen_at", null: false
t.string "segment", null: false
t.datetime "updated_at", null: false
t.integer "usage_count", default: 1, null: false
t.index ["segment"], name: "index_path_segments_on_segment", unique: true
end
create_table "projects", force: :cascade do |t|
t.integer "blocked_ip_count", default: 0, null: false
t.datetime "created_at", null: false
t.text "custom_rules", default: "{}", null: false
t.boolean "enabled", default: true, null: false
t.string "name", null: false
t.string "public_key", null: false
t.integer "rate_limit_threshold", default: 100, null: false
t.text "settings", default: "{}", null: false
t.string "slug", null: false
t.datetime "updated_at", null: false
t.index ["enabled"], name: "index_projects_on_enabled"
t.index ["name"], name: "index_projects_on_name"
t.index ["public_key"], name: "index_projects_on_public_key", unique: true
t.index ["slug"], name: "index_projects_on_slug", unique: true
end
create_table "request_hosts", force: :cascade do |t|
t.datetime "created_at", null: false
t.datetime "first_seen_at", null: false
t.string "hostname", null: false
t.datetime "updated_at", null: false
t.integer "usage_count", default: 1, null: false
t.index ["hostname"], name: "index_request_hosts_on_hostname", unique: true
end
create_table "request_methods", force: :cascade do |t|
t.datetime "created_at", null: false
t.string "method", null: false
t.datetime "updated_at", null: false
t.index ["method"], name: "index_request_methods_on_method", unique: true
end
create_table "request_protocols", force: :cascade do |t|
t.datetime "created_at", null: false
t.string "protocol", null: false
t.datetime "updated_at", null: false
t.index ["protocol"], name: "index_request_protocols_on_protocol", unique: true
end
create_table "rule_sets", force: :cascade do |t|
t.datetime "created_at", null: false
t.text "description"
t.boolean "enabled"
t.string "name"
t.integer "priority"
t.json "projects"
t.json "projects_subscription"
t.json "rules"
t.string "slug"
t.datetime "updated_at", null: false
t.index ["enabled"], name: "index_rule_sets_on_enabled"
t.index ["priority"], name: "index_rule_sets_on_priority"
t.index ["slug"], name: "index_rule_sets_on_slug", unique: true
end
create_table "rules", force: :cascade do |t|
t.string "action"
t.json "conditions"
t.datetime "created_at", null: false
t.boolean "enabled"
t.datetime "expires_at"
t.json "metadata"
t.integer "priority"
t.integer "rule_set_id", null: false
t.string "rule_type"
t.string "target"
t.datetime "updated_at", null: false
t.index ["rule_set_id"], name: "index_rules_on_rule_set_id"
end
add_foreign_key "events", "projects"
add_foreign_key "events", "request_hosts"
add_foreign_key "rules", "rule_sets"
end

Some files were not shown because too many files have changed in this diff Show More