Baffle-WAF/baffle-hub
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
5e5198f113b7d360ab9ba1d3fbf6ee3b68f97ead
baffle-hub/app/controllers/waf_policies_controller.rb
Dan Milne 772fae7e8b Add WafPolicies
2025-11-10 14:10:37 +11:00

165 lines
4.6 KiB
Ruby
Raw Blame History

# frozen_string_literal: true
class WafPoliciesController < ApplicationController
# Follow proper before_action order:
# 1. Authentication/Authorization
# All actions require authentication
# 2. Resource loading
before_action :set_waf_policy, only: [:show, :edit, :update, :destroy, :activate, :deactivate]
# GET /waf_policies
def index
@pagy, @waf_policies = pagy(policy_scope(WafPolicy).includes(:user, :generated_rules).order(created_at: :desc))
@policy_types = WafPolicy::POLICY_TYPES
@actions = WafPolicy::ACTIONS
end
# GET /waf_policies/new
def new
authorize WafPolicy
@waf_policy = WafPolicy.new
@policy_types = WafPolicy::POLICY_TYPES
@actions = WafPolicy::ACTIONS
# Set default values from URL parameters
@waf_policy.policy_type = params[:policy_type] if params[:policy_type].present?
@waf_policy.action = params[:action] if params[:action].present?
@waf_policy.targets = params[:targets] if params[:targets].present?
end
# POST /waf_policies
def create
authorize WafPolicy
@waf_policy = WafPolicy.new(waf_policy_params)
@waf_policy.user = Current.user
@policy_types = WafPolicy::POLICY_TYPES
@actions = WafPolicy::ACTIONS
if @waf_policy.save
# Trigger policy processing for existing network ranges
ProcessWafPoliciesJob.perform_later(waf_policy_id: @waf_policy.id)
redirect_to @waf_policy, notice: 'WAF policy was successfully created.'
else
render :new, status: :unprocessable_entity
end
end
# GET /waf_policies/:id
def show
@generated_rules = @waf_policy.generated_rules.includes(:network_range).order(created_at: :desc).limit(20)
@effectiveness_stats = @waf_policy.effectiveness_stats
end
# GET /waf_policies/:id/edit
def edit
@policy_types = WafPolicy::POLICY_TYPES
@actions = WafPolicy::ACTIONS
end
# PATCH/PUT /waf_policies/:id
def update
@policy_types = WafPolicy::POLICY_TYPES
@actions = WafPolicy::ACTIONS
if @waf_policy.update(waf_policy_params)
# Re-process policies for existing network ranges if policy was changed
if @waf_policy.saved_change_to_targets? || @waf_policy.saved_change_to_action?
ProcessWafPoliciesJob.reprocess_for_policy(@waf_policy)
end
redirect_to @waf_policy, notice: 'WAF policy was successfully updated.'
else
render :edit, status: :unprocessable_entity
end
end
# DELETE /waf_policies/:id
def destroy
policy_name = @waf_policy.name
# Soft delete by disabling and expiring the policy
@waf_policy.update!(enabled: false, expires_at: Time.current)
redirect_to waf_policies_url, notice: "WAF policy '#{policy_name}' was disabled."
end
# POST /waf_policies/:id/activate
def activate
@waf_policy.activate!
# Re-process policies for existing network ranges
ProcessWafPoliciesJob.reprocess_for_policy(@waf_policy)
redirect_to @waf_policy, notice: 'WAF policy was activated.'
end
# POST /waf_policies/:id/deactivate
def deactivate
@waf_policy.deactivate!
redirect_to @waf_policy, notice: 'WAF policy was deactivated.'
end
# GET /waf_policies/new_country
def new_country
authorize WafPolicy
@waf_policy = WafPolicy.new(policy_type: 'country', action: 'deny')
@policy_types = WafPolicy::POLICY_TYPES
@actions = WafPolicy::ACTIONS
end
# POST /waf_policies/create_country
def create_country
authorize WafPolicy
countries = params[:countries]&.reject(&:blank?) || []
action = params[:action] || 'deny'
if countries.empty?
redirect_to new_country_waf_policies_path, alert: 'Please select at least one country.'
return
end
@waf_policy = WafPolicy.create_country_policy(
countries,
action: action,
user: Current.user,
description: params[:description]
)
if @waf_policy.persisted?
# Trigger policy processing for existing network ranges
ProcessWafPoliciesJob.reprocess_for_policy(@waf_policy)
redirect_to @waf_policy, notice: "Country blocking policy was successfully created for #{countries.join(', ')}."
else
@policy_types = WafPolicy::POLICY_TYPES
@actions = WafPolicy::ACTIONS
render :new_country, status: :unprocessable_entity
end
end
private
def set_waf_policy
@waf_policy = WafPolicy.find(params[:id])
authorize @waf_policy
rescue ActiveRecord::RecordNotFound
redirect_to waf_policies_path, alert: 'WAF policy not found.'
end
def waf_policy_params
params.require(:waf_policy).permit(
:name,
:description,
:policy_type,
:action,
:enabled,
:expires_at,
targets: [],
additional_data: {}
)
end
end
Reference in New Issue View Git Blame Copy Permalink