feat(*): Add AppSec support (#14)

* feat(*): Add getAppSecDecision method to bouncer client * style(*): Use constants for header names * fix(*): Fix constants source * feat(appsec): Remove useless method param * feat(appsec): Handle AppSec timeout * feat(appsec): Rename appsec timeout configurations * docs(user guide): Update timeout configuration description * test(appsec): Update script for appsec * test(integration): Add timeout test * style(*): Pass through code format tools
crowdsecurity · Oct 4, 2024 · b988b9a · b988b9a
1 parent 8984128
commit b988b9a
Show file tree

Hide file tree

Showing 23 changed files with 771 additions and 51 deletions.
diff --git a/.github/workflows/coding-standards.yml b/.github/workflows/coding-standards.yml
@@ -49,13 +49,13 @@ jobs:
       - name: Add-ons install
         run: ddev get julienloizelet/ddev-tools
 
-      - name: Add Redis, Memcached and X-Debug
-        if: ${{ matrix.php-version == '8.3' }}
-        run: |
-          cp .ddev/okaeli-add-on/common/custom_files/config.php83missing.yaml .ddev/config.php83missing.yaml
-
-      - name: Start DDEV  with PHP ${{ matrix.php-version }}
-        run: ddev start
+      - name: Start DDEV
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 5
+          max_attempts: 3
+          shell: bash
+          command: ddev start
 
       - name: Some DEBUG information
         run: |

diff --git a/.github/workflows/markdown.yml → .github/workflows/doc-links.yml b/.github/workflows/markdown.yml → .github/workflows/doc-links.yml
@@ -1,12 +1,16 @@
 on:
   workflow_dispatch:
-
-name: Markdown files test and update
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
 
 permissions:
-  contents: write
-  pull-requests: write
+  contents: read
 
+name: Documentation links
 jobs:
   markdown-test-and-update:
     name: Markdown files test and update
@@ -34,12 +38,3 @@ jobs:
           cd extension
           awesome_bot --files README.md --allow-dupe --allow 401 --skip-save-results --white-list ddev.site --base-url http://localhost:8080/
           awesome_bot docs/*.md --skip-save-results --allow-dupe --allow 401 --white-list crowdsec.net/v2,ddev.site,https://crowdsec,your-crowdsec-lapi-url --base-url http://localhost:8080/docs/
-
-      - name: Generate table of contents
-        uses: technote-space/toc-generator@v4
-        with:
-          MAX_HEADER_LEVEL: 5
-          COMMIT_NAME: CrowdSec Dev Bot
-          TARGET_PATHS: 'docs/*.md'
-          CHECK_ONLY_DEFAULT_BRANCH: true
-          CREATE_PR: true
diff --git a/.github/workflows/unit-and-integration-test.yml b/.github/workflows/unit-and-integration-test.yml
@@ -57,18 +57,18 @@ jobs:
           ddev get julienloizelet/ddev-tools
           ddev get julienloizelet/ddev-crowdsec-php
 
-      - name: Add Redis, Memcached and X-Debug
-        if: ${{ matrix.php-version == '8.3' }}
-        run: |
-          cp .ddev/okaeli-add-on/common/custom_files/config.php83missing.yaml .ddev/config.php83missing.yaml
-
       - name: Prepare for TLS tests
         run: |
           mkdir ${{ github.workspace }}/cfssl
           cp -r .ddev/okaeli-add-on/custom_files/crowdsec/cfssl/* ${{ github.workspace }}/cfssl    
 
-      - name: Start DDEV  with PHP ${{ matrix.php-version }}
-        run: ddev start
+      - name: Start DDEV
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 5
+          max_attempts: 3
+          shell: bash
+          command: ddev start
 
       - name: Some DEBUG information
         run: |
@@ -104,10 +104,19 @@ jobs:
         if: |
           github.event.inputs.integration_tests == 'true' ||
           github.event_name == 'push'
-        run:  ddev exec BOUNCER_KEY=${{ env.BOUNCER_KEY }} AGENT_TLS_PATH=/var/www/html/cfssl LAPI_URL=https://crowdsec:8080 /usr/bin/php ./${{env.EXTENSION_PATH}}/vendor/bin/phpunit --testdox --colors --exclude-group ignore ./${{env.EXTENSION_PATH}}/tests/Integration
+        run:  ddev exec BOUNCER_KEY=${{ env.BOUNCER_KEY }} AGENT_TLS_PATH=/var/www/html/cfssl APPSEC_URL=http://crowdsec:7422 LAPI_URL=https://crowdsec:8080 /usr/bin/php ./${{env.EXTENSION_PATH}}/vendor/bin/phpunit --testdox --colors --exclude-group timeout ./${{env.EXTENSION_PATH}}/tests/Integration
 
       - name: Run Integration tests (with TLS)
         if: |
           github.event.inputs.integration_tests == 'true' ||
           github.event_name == 'push'
-        run: ddev exec AGENT_TLS_PATH=/var/www/html/cfssl BOUNCER_TLS_PATH=/var/www/html/cfssl LAPI_URL=https://crowdsec:8080 /usr/bin/php ./${{env.EXTENSION_PATH}}/vendor/bin/phpunit --testdox --colors --exclude-group ignore ./${{env.EXTENSION_PATH}}/tests/Integration
+        run: ddev exec AGENT_TLS_PATH=/var/www/html/cfssl BOUNCER_TLS_PATH=/var/www/html/cfssl APPSEC_URL=http://crowdsec:7422 LAPI_URL=https://crowdsec:8080 /usr/bin/php ./${{env.EXTENSION_PATH}}/vendor/bin/phpunit --testdox --colors --exclude-group timeout ./${{env.EXTENSION_PATH}}/tests/Integration
+
+      - name: Run Integration tests with timeout
+        if: |
+          github.event.inputs.integration_tests == 'true' ||
+          github.event_name == 'push'
+        run: |
+          ddev exec -s crowdsec apk add iproute2
+          ddev exec -s crowdsec tc qdisc add dev eth0 root netem delay 500ms
+          ddev exec BOUNCER_KEY=${{ env.BOUNCER_KEY }} AGENT_TLS_PATH=/var/www/html/cfssl APPSEC_URL=http://crowdsec:7422 LAPI_URL=https://crowdsec:8080 /usr/bin/php ./${{env.EXTENSION_PATH}}/vendor/bin/phpunit --testdox --colors --group timeout ./${{env.EXTENSION_PATH}}/tests/Integration
diff --git a/.gitignore b/.gitignore
@@ -1,6 +1,7 @@
 # Composer
 vendor
 composer.lock
+composer-dev*
 
 # Systems
 .DS_Store

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,6 +9,24 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 The [public API](https://semver.org/spec/v2.0.0.html#spec-item-1) of this library consists of all public or protected methods, properties and constants belonging to the `src` folder.
 
+As far as possible, we try to adhere to [Symfony guidelines](https://symfony.com/doc/current/contributing/code/bc.html#working-on-symfony-code) when deciding whether a change is a breaking change or not.
+
+---
+
+## [3.3.0](https://github.com/crowdsecurity/php-lapi-client/releases/tag/v3.3.0) - 2024-??-??
+[_Compare with previous release_](https://github.com/crowdsecurity/php-lapi-client/compare/v3.2.0...HEAD)
+
+### Added
+
+- Add `getAppSecDecision` method to `Bouncer` class
+- Add `appsec_url`, 'appsec_timeout' and `appsec_connect_timeout` configuration
+
+### Changed
+
+- Throws a `CrowdSec\LapiClient\TimeoutException` when a timeout is detected during client calls
+
+
+
 ---
 
 ## [3.2.0](https://github.com/crowdsecurity/php-lapi-client/releases/tag/v3.2.0) - 2023-12-07

diff --git a/composer.json b/composer.json
@@ -11,6 +11,7 @@
         "client",
         "curl",
         "lapi",
+        "appsec",
         "bouncer"
     ],
     "authors": [
@@ -36,7 +37,7 @@
     },
     "require": {
         "php": "^7.2.5 || ^8.0",
-        "crowdsec/common": "^2.2.0",
+        "crowdsec/common": "^2.3.0",
         "ext-json": "*",
         "symfony/config": "^4.4.44 || ^5.4.11 || ^6.0.11",
         "monolog/monolog": "^1.17 || ^2.1"

diff --git a/docs/DEVELOPER.md b/docs/DEVELOPER.md
@@ -17,14 +17,10 @@
     - [Unit test](#unit-test)
     - [Integration test](#integration-test)
     - [Coding standards](#coding-standards)
-      - [PHPCS Fixer](#phpcs-fixer)
-      - [PHPSTAN](#phpstan)
-      - [PHP Mess Detector](#php-mess-detector)
-      - [PHPCS and PHPCBF](#phpcs-and-phpcbf)
-      - [PSALM](#psalm)
-      - [PHP Unit Code coverage](#php-unit-code-coverage)
+    - [Testing timeout in the CrowdSec container](#testing-timeout-in-the-crowdsec-container)
 - [Commit message](#commit-message)
   - [Allowed message `type` values](#allowed-message-type-values)
+- [Update documentation table of contents](#update-documentation-table-of-contents)
 - [Release process](#release-process)
 
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
@@ -136,15 +132,17 @@ Finally, run
 In order to launch integration tests, we have to set some environment variables:
 
 ```bash
-ddev exec BOUNCER_KEY=<BOUNCER_KEY> AGENT_TLS_PATH=/var/www/html/cfssl LAPI_URL=https://crowdsec:8080 php ./my-code/lapi-client/vendor/bin/phpunit  ./my-code/lapi-client/tests/Integration --testdox     
+ddev exec BOUNCER_KEY=<BOUNCER_KEY> AGENT_TLS_PATH=/var/www/html/cfssl APPSEC_URL=http://crowdsec:7422 
+LAPI_URL=https://crowdsec:8080 php ./my-code/lapi-client/vendor/bin/phpunit  ./my-code/lapi-client/tests/Integration --testdox --exclude-group timeout     
 ```
 
 `<BOUNCER_KEY>` should have been created and retrieved before this test by running `ddev create-bouncer`.
 
 If you need to test with a TLS authentication, you should launch:
 
 ```bash
-ddev exec BOUNCER_TLS_PATH=/var/www/html/cfssl AGENT_TLS_PATH=/var/www/html/cfssl LAPI_URL=https://crowdsec:8080 php ./my-code/lapi-client/vendor/bin/phpunit  ./my-code/lapi-client/tests/Integration --testdox     
+ddev exec BOUNCER_TLS_PATH=/var/www/html/cfssl BOUNCER_KEY=<BOUNCER_KEY> AGENT_TLS_PATH=/var/www/html/cfssl 
+APPSEC_URL=http://crowdsec:7422 LAPI_URL=https://crowdsec:8080 php ./my-code/lapi-client/vendor/bin/phpunit  ./my-code/lapi-client/tests/Integration --testdox --exclude-group timeout     
 ```
 
 #### Coding standards
@@ -165,7 +163,6 @@ With ddev, you can do the following:
 
 ```bash
 ddev phpcsfixer my-code/lapi-client/tools/coding-standards/php-cs-fixer ../
-
 ```
 
 ##### PHPSTAN
@@ -235,6 +232,33 @@ If you want to generate a text report in the same folder:
 ddev php -dxdebug.mode=coverage ./my-code/lapi-client/tools/coding-standards/vendor/bin/phpunit --configuration ./my-code/lapi-client/tools/coding-standards/phpunit/phpunit.xml --coverage-text=./my-code/lapi-client/tools/coding-standards/phpunit/code-coverage/report.txt
 ```
 
+#### Testing timeout in the CrowdSec container
+
+If you need to test a timeout, you can use the following command:
+
+Install `iproute2`
+```bash
+ddev exec -s crowdsec apk add iproute2
+```
+Add the delay you want:
+```bash
+ddev exec -s crowdsec tc qdisc add dev eth0 root netem delay 500ms
+```
+
+To remove the delay:
+```bash
+ddev exec -s crowdsec tc qdisc del dev eth0 root netem
+```
+
+To execute integration tests with a timeout, you can run:
+
+```bash
+ddev exec BOUNCER_KEY=<BOUNCER_KEY> AGENT_TLS_PATH=/var/www/html/cfssl APPSEC_URL=http://crowdsec:7422 
+LAPI_URL=https://crowdsec:8080 php ./my-code/lapi-client/vendor/bin/phpunit  ./my-code/lapi-client/tests/Integration --testdox --group timeout     
+```
+
+
+
 ## Commit message
 
 In order to have an explicit commit history, we are using some commits message convention with the following format:
@@ -270,6 +294,24 @@ chmod +x .git/hooks/commit-msg
 - style (formatting; no production code change)
 - test (adding missing tests, refactoring tests; no production code change)
 
+
+## Update documentation table of contents
+
+To update the table of contents in the documentation, you can use [the `doctoc` tool](https://github.com/thlorenz/doctoc).
+
+First, install it:
+
+```bash
+npm install -g doctoc
+```
+
+Then, run it in the documentation folder:
+
+```bash
+doctoc docs/* --maxlevel 4  
+```
+
+
 ## Release process
 
 We are using [semantic versioning](https://semver.org/) to determine a version number. To verify the current tag,