Baffle-WAF/baffle-hub
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Lots of updates

Browse Source
This commit is contained in:
Dan Milne
2025-11-11 16:54:52 +11:00
parent 26216da9ca
commit cc8213f87a
41 changed files with 1463 additions and 614 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
app/jobs/process_waf_event_job.rb
View File

@@ -20,47 +20,53 @@ class ProcessWafEventJob < ApplicationJob
events_to_process.each do |single_event_data|
begin
event_start = Time.current
# Generate unique event ID if not provided
event_id = single_event_data['event_id'] || SecureRandom.uuid
# Create the WAF event record
create_start = Time.current
event = Event.create_from_waf_payload!(event_id, single_event_data)
Rails.logger.debug "Event creation took #{((Time.current - create_start) * 1000).round(2)}ms"
# Log geo-location data status (uses NetworkRange delegation)
if event.ip_address.present?
begin
unless event.has_geo_data?
Rails.logger.debug "No geo data available for event #{event.id} with IP #{event.ip_address}"
end
rescue => e
Rails.logger.warn "Failed to check geo data for event #{event.id}: #{e.message}"
end
end
# Ensure network range exists for this IP and process policies
# Ensure network range exists for this IP and evaluate policies if needed
if event.ip_address.present?
begin
network_start = Time.current
# Single lookup instead of checking has_geo_data? then querying again
existing_range = NetworkRange.contains_ip(event.ip_address.to_s).first
network_range = existing_range || NetworkRangeGenerator.find_or_create_for_ip(event.ip_address)
Rails.logger.debug "Network range lookup/creation took #{((Time.current - network_start) * 1000).round(2)}ms"
if network_range
Rails.logger.debug "Network range #{network_range.cidr} for event IP #{event.ip_address}"
# Process WAF policies for this network range
ProcessWafPoliciesJob.perform_later(network_range_id: network_range.id, event_id: event.id)
# Queue IPAPI enrichment if we don't have it yet
unless network_range.has_network_data_from?(:ipapi)
Rails.logger.info "Queueing IPAPI fetch for #{network_range.cidr}"
FetchIpapiDataJob.perform_later(network_range_id: network_range.id)
end
# Evaluate WAF policies inline if needed (lazy evaluation)
# Only runs when: network never evaluated OR policies changed since last evaluation
if network_range.needs_policy_evaluation?
policy_start = Time.current
result = WafPolicyMatcher.evaluate_and_mark!(network_range)
Rails.logger.debug "Policy evaluation took #{((Time.current - policy_start) * 1000).round(2)}ms"
if result[:generated_rules].any?
Rails.logger.info "Generated #{result[:generated_rules].length} rules for #{network_range.cidr}"
end
end
end
rescue => e
Rails.logger.warn "Failed to create network range for event #{event.id}: #{e.message}"
Rails.logger.warn "Failed to process network range for event #{event.id}: #{e.message}"
end
end
# Trigger analytics processing
ProcessWafAnalyticsJob.perform_later(event_id: event.id)
# Check for automatic rule generation opportunities
GenerateWafRulesJob.perform_later(event_id: event.id)
Rails.logger.info "Processed WAF event #{event_id}"
total_time = ((Time.current - event_start) * 1000).round(2)
Rails.logger.info "Processed WAF event #{event_id} in #{total_time}ms"
rescue ActiveRecord::RecordInvalid => e
Rails.logger.error "Failed to create WAF event: #{e.message}"
Rails.logger.error e.record.errors.full_messages.join(", ")
@@ -70,9 +76,6 @@ class ProcessWafEventJob < ApplicationJob
end
end
# Broadcast real-time updates once per batch
ActionCable.server.broadcast("events", { type: "refresh" })
Rails.logger.info "Processed #{events_to_process.count} WAF events"
end
end