✨keep only highest priority behavior in blocklist

TarradeMarc · TarradeMarc · commit ecd33482d8b5 · 2025-06-04T15:05:26.000+02:00
diff --git a/controlpanel/api/services/configmanager.js b/controlpanel/api/services/configmanager.js
@@ -3,6 +3,7 @@ const Config = require('../models/Config-data')
 const Decoy = require('../models/Decoy-data')
 const Blocklist = require('../models/Blocklist')
 const protectedAppService = require('./protected-app')
+const { sortBlocklistDuplicates } = require('../util/blocklist')
 
 module.exports = {
     /**
@@ -42,10 +43,12 @@ module.exports = {
             const protectedApp = await ProtectedApp.findOne({ where: { namespace, application } });
             if (!protectedApp) return { type: 'error', code: 404, message: 'Invalid namespace or application supplied' };
             if (!blocklist) return { type: 'error', code: 400, message: 'Invalid blocklist supplied' };
-            if (blocklist.blocklist && blocklist.blocklist.length)
-                Blocklist.bulkCreate(blocklist.blocklist.map(item => ({ pa_id: protectedApp.id, content: item, type: 'blocklist' })));
-            if (blocklist.throttle && blocklist.throttle.length)
-                Blocklist.bulkCreate(blocklist.throttle.map(item => ({ pa_id: protectedApp.id, content: item, type: 'throttle' })));
+            const blocklistToUpdate = await sortBlocklistDuplicates(blocklist, protectedApp.id);
+
+            if (blocklistToUpdate.blocklist && blocklistToUpdate.blocklist.length)
+                Blocklist.bulkCreate(blocklistToUpdate.blocklist.map(item => ({ pa_id: protectedApp.id, content: item, type: 'blocklist' })));
+            if (blocklistToUpdate.throttle && blocklistToUpdate.throttle.length)
+                Blocklist.bulkCreate(blocklistToUpdate.throttle.map(item => ({ pa_id: protectedApp.id, content: item, type: 'throttle' })));
             return { type: 'success', code: 200, message: 'Successful operation' };
         } catch(e) {
             throw e;
diff --git a/controlpanel/api/util/blocklist.js b/controlpanel/api/util/blocklist.js
@@ -0,0 +1,62 @@
+const Blocklist = require('../models/Blocklist')
+const { Op } = require('sequelize');
+
+async function sortBlocklistDuplicates(newBlocklist, pa_id) {
+    const finalBlocklist = [];
+    const finaleThrottlelist = [];
+    const allSources = Object.fromEntries(['SourceIp', 'Session', 'UserAgent']
+    .map(key => [key, [...newBlocklist.blocklist, ...newBlocklist.throttle].find(item => item[key])?.[key]])
+    .filter(([, value]) => value !== undefined));
+    const existingBlocklist = await Blocklist.findAll({ where: {
+        pa_id,
+        type: 'blocklist',
+        [Op.or]: Object.entries(allSources).map(([key, value]) => ({
+            [`content.${key}`]: value
+        }))}
+    });
+    const existingThrottlelist = await Blocklist.findAll({ where: {
+        pa_id,
+        type: 'throttle',
+        [Op.or]: Object.entries(allSources).map(([key, value]) => ({
+            [`content.${key}`]: value
+        }))}
+    });
+    for (const newItem of newBlocklist.blocklist) {
+        const sourceKeys = ['SourceIp', 'Session', 'UserAgent'].filter(key => newItem[key] !== undefined);
+        const match = existingBlocklist.find(existing => 
+        sourceKeys.length > 0 &&
+        sourceKeys.every(key => existing.content[key] === newItem[key]) &&
+        sourceKeys.every(key => existing.content[key] !== undefined) &&
+        sourceKeys.length === Object.keys(existing.content).filter(key => sourceKeys.includes(key) && existing.content[key] !== undefined).length);
+        if (!match) {
+            finalBlocklist.push(newItem);
+            continue;
+        }
+        if(isNewBlocklistBehaviorPriority(match, newItem)) {
+            Blocklist.destroy({ where: { id: match.id } })
+            finalBlocklist.push(newItem);
+        }
+    }
+    for (const newItem of newBlocklist.throttle) {
+        const sourceKeys = ['SourceIp', 'Session', 'UserAgent'].filter(key => newItem[key] !== undefined);
+        const match = existingThrottlelist.find(existing => 
+        sourceKeys.length > 0 &&
+        sourceKeys.every(key => existing.content[key] === newItem[key]) &&
+        sourceKeys.every(key => existing.content[key] !== undefined) &&
+        sourceKeys.length === Object.keys(existing.content).filter(key => sourceKeys.includes(key) && existing.content[key] !== undefined).length);
+        if (match && isNewBlocklistBehaviorPriority(match, newItem)) {
+            Blocklist.destroy({ where: { id: match.id } })
+            finaleThrottlelist.push(newItem);
+        }
+    }
+    return { blocklist: finalBlocklist, throttle: finaleThrottlelist };
+}
+
+function isNewBlocklistBehaviorPriority(existingBlocklist, newBlocklist) {
+    const priorities = { clone: 1, exhaust: 2, drop: 3, error: 4 };
+    return priorities[newBlocklist.Behavior] < priorities[existingBlocklist.content.Behavior]
+}
+
+module.exports = {
+    sortBlocklistDuplicates
+}
