FINERACT-2314: Geolocation tracking

Author: Juan Pablo Alvarez Hernandez

fineract-core/src/main/java/org/apache/fineract/commands/domain/CommandSource.java

@@ -34,6 +34,7 @@
 import org.apache.fineract.infrastructure.core.data.CommandProcessingResult;
 import org.apache.fineract.infrastructure.core.domain.AbstractPersistableCustom;
 import org.apache.fineract.infrastructure.core.domain.ExternalId;
+import org.apache.fineract.infrastructure.core.filters.ClientIpHolder;
 import org.apache.fineract.infrastructure.core.service.DateUtils;
 import org.apache.fineract.useradministration.domain.AppUser;
 
@@ -137,6 +138,9 @@ public class CommandSource extends AbstractPersistableCustom<Long> {
     @Column(name = "loan_external_id", length = 100)
     private ExternalId loanExternalId;
 
+    @Column(name = "client_ip", nullable = true)
+    private String clientIp;
+
     @Column(name = "is_sanitized", nullable = false)
     private boolean sanitized;
 
@@ -162,6 +166,7 @@ public static CommandSource fullEntryFrom(final CommandWrapper wrapper, final Js
                 .transactionId(command.getTransactionId()) //
                 .creditBureauId(command.getCreditBureauId()) //
                 .organisationCreditBureauId(command.getOrganisationCreditBureauId()) //
+                .clientIp(ClientIpHolder.getClientIp()) //
                 .loanExternalId(command.getLoanExternalId()).sanitized(sanitized).build(); //
     }
 

fineract-core/src/main/java/org/apache/fineract/infrastructure/core/config/FineractProperties.java

@@ -50,6 +50,8 @@ public class FineractProperties {
 
     private FineractCorrelationProperties correlation;
 
+    private FineractGeolocationProperties geolocation;
+
     private FineractPartitionedJob partitionedJob;
 
     private FineractRemoteJobMessageHandlerProperties remoteJobMessageHandler;
@@ -153,6 +155,13 @@ public static class FineractCorrelationProperties {
         private String headerName;
     }
 
+    @Getter
+    @Setter
+    public static class FineractGeolocationProperties {
+
+        private boolean enabled;
+    }
+
     @Getter
     @Setter
     public static class FineractPartitionedJob {

fineract-core/src/main/java/org/apache/fineract/infrastructure/core/filters/ClientIpHolder.java

@@ -0,0 +1,37 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.fineract.infrastructure.core.filters;
+
+public class ClientIpHolder {
+
+    private static final ThreadLocal<String> clientIpHolder = new ThreadLocal<>();
+
+    public static void setClientIp(String ip) {
+        clientIpHolder.set(ip);
+    }
+
+    public static String getClientIp() {
+        return clientIpHolder.get();
+    }
+
+    public static void clear() {
+        clientIpHolder.remove();
+    }
+}

fineract-core/src/main/java/org/apache/fineract/infrastructure/core/filters/GeolocationHeaderFilter.java

@@ -0,0 +1,93 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.fineract.infrastructure.core.filters;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.fineract.infrastructure.core.config.FineractProperties;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+@RequiredArgsConstructor
+@Slf4j
+public class GeolocationHeaderFilter extends OncePerRequestFilter {
+
+    private final FineractProperties fineractProperties;
+
+    private static final String[] IP_HEADER_CANDIDATES = { "X-Forwarded-For", "Proxy-Client-IP", "WL-Proxy-Client-IP",
+            "HTTP_X_FORWARDED_FOR", "HTTP_X_FORWARDED", "HTTP_X_CLUSTER_CLIENT_IP", "HTTP_CLIENT_IP", "HTTP_FORWARDED_FOR",
+            "HTTP_FORWARDED", "HTTP_VIA", "REMOTE_ADDR" };
+
+    public static String getClientIpAddress(HttpServletRequest request) {
+        for (String header : IP_HEADER_CANDIDATES) {
+            String ip = request.getHeader(header);
+            if (ip != null && ip.length() != 0 && !"unknown".equalsIgnoreCase(ip)) {
+                log.debug("SEND IP : {}", ip);
+                return ip;
+            }
+        }
+        log.debug("getRemoteAddr method : {}", request.getRemoteAddr());
+        return request.getRemoteAddr();
+    }
+
+    @Override
+    protected void doFilterInternal(final HttpServletRequest request, final HttpServletResponse response, final FilterChain filterChain)
+            throws IOException, ServletException {
+        FineractProperties.FineractGeolocationProperties geolocationProperties = fineractProperties.getGeolocation();
+        if (geolocationProperties.isEnabled()) {
+            handleClientIp(request, response, filterChain, geolocationProperties);
+        } else {
+            filterChain.doFilter(request, response);
+        }
+
+    }
+
+    private void handleClientIp(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain,
+            FineractProperties.FineractGeolocationProperties geolocationProperties) throws IOException, ServletException {
+        try {
+            String clientIpAddress = getClientIpAddress(request);
+            if (StringUtils.isNotBlank(clientIpAddress)) {
+                log.info("Found Client IP in header : {}", clientIpAddress);
+                ClientIpHolder.setClientIp(clientIpAddress);
+            }
+            filterChain.doFilter(request, response);
+        } catch (Exception e) {
+            e.printStackTrace();
+        } finally {
+            ClientIpHolder.clear();
+        }
+    }
+
+    @Override
+    protected boolean isAsyncDispatch(final HttpServletRequest request) {
+        return false;
+    }
+
+    @Override
+    protected boolean shouldNotFilterErrorDispatch() {
+        return false;
+    }
+
+}

fineract-core/src/main/java/org/apache/fineract/infrastructure/core/service/migration/TenantDataSourceFactory.java

@@ -63,8 +63,8 @@ public HikariDataSource create(FineractPlatformTenant tenant) {
         dataSource.setUsername(tenantConnection.getSchemaUsername());
         dataSource.setPassword(databasePasswordEncryptor.decrypt(tenantConnection.getSchemaPassword()));
         String protocol = toProtocol(tenantDataSource);
-        String tenantJdbcUrl = toJdbcUrl(protocol, tenantConnection.getSchemaServer(), tenantConnection.getSchemaServerPort(),
-                tenantConnection.getSchemaName(), tenantConnection.getSchemaConnectionParameters());
+        String tenantJdbcUrl = toJdbcUrl(protocol, tenantConnection.getSchemaServer(), tenantConnection.getSchemaServerPort(), tenantConnection.getSchemaName(),
+                tenantConnection.getSchemaConnectionParameters());
         LOG.debug("JDBC URL for tenant {} is {}", tenant.getTenantIdentifier(), tenantJdbcUrl);
         dataSource.setJdbcUrl(tenantJdbcUrl);
         return dataSource;

fineract-provider/src/main/java/org/apache/fineract/commands/data/AuditData.java

@@ -56,4 +56,5 @@ public final class AuditData implements Serializable {
     private final Long clientId;
     private final Long loanId;
     private final String url;
+    private final String ip;
 }

fineract-provider/src/main/java/org/apache/fineract/commands/service/AuditReadPlatformServiceImpl.java

@@ -110,11 +110,12 @@ public String schema(final boolean includeJson, final String hierarchy) {
                     + "ck.username as checker, aud.checked_on_date as checkedOnDate, aud.checked_on_date_utc as checkedOnDateUTC,  ev.enum_message_property as processingResult "
                     + commandAsJsonString + ", "
                     + " o.name as officeName, gl.level_name as groupLevelName, g.display_name as groupName, c.display_name as clientName, "
-                    + " l.account_no as loanAccountNo, s.account_no as savingsAccountNo " + " from m_portfolio_command_source aud "
-                    + " left join m_appuser mk on mk.id = aud.maker_id" + " left join m_appuser ck on ck.id = aud.checker_id"
-                    + " left join m_office o on o.id = aud.office_id" + " left join m_group g on g.id = aud.group_id"
-                    + " left join m_group_level gl on gl.id = g.level_id" + " left join m_client c on c.id = aud.client_id"
-                    + " left join m_loan l on l.id = aud.loan_id" + " left join m_savings_account s on s.id = aud.savings_account_id"
+                    + " l.account_no as loanAccountNo, s.account_no as savingsAccountNo , aud.client_ip  as ip "
+                    + " from m_portfolio_command_source aud " + " left join m_appuser mk on mk.id = aud.maker_id"
+                    + " left join m_appuser ck on ck.id = aud.checker_id" + " left join m_office o on o.id = aud.office_id"
+                    + " left join m_group g on g.id = aud.group_id" + " left join m_group_level gl on gl.id = g.level_id"
+                    + " left join m_client c on c.id = aud.client_id" + " left join m_loan l on l.id = aud.loan_id"
+                    + " left join m_savings_account s on s.id = aud.savings_account_id"
                     + " left join r_enum_value ev on ev.enum_name = 'status' and ev.enum_id = aud.status";
 
             // data scoping: head office (hierarchy = ".") can see all audit
@@ -158,13 +159,14 @@ public AuditData mapRow(final ResultSet rs, @SuppressWarnings("unused") final in
             final String clientName = rs.getString("clientName");
             final String loanAccountNo = rs.getString("loanAccountNo");
             final String savingsAccountNo = rs.getString("savingsAccountNo");
+            final String ip = (rs.getString("ip") != null) ? rs.getString("ip") : "SN/IP";
 
             ZonedDateTime madeOnDate = madeOnDateUTC != null ? madeOnDateUTC.toZonedDateTime() : madeOnDateTenant;
             ZonedDateTime checkedOnDate = checkedOnDateUTC != null ? checkedOnDateUTC.toZonedDateTime() : checkedOnDateTenant;
 
             return new AuditData(id, actionName, entityName, resourceId, subresourceId, maker, madeOnDate, checker, checkedOnDate,
                     processingResult, commandAsJson, officeName, groupLevelName, groupName, clientName, loanAccountNo, savingsAccountNo,
-                    clientId, loanId, resourceGetUrl);
+                    clientId, loanId, resourceGetUrl, ip);
         }
     }
 

fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/config/SecurityConfig.java

@@ -33,6 +33,7 @@
 import org.apache.fineract.infrastructure.configuration.domain.ConfigurationDomainService;
 import org.apache.fineract.infrastructure.core.domain.FineractRequestContextHolder;
 import org.apache.fineract.infrastructure.core.filters.CorrelationHeaderFilter;
+import org.apache.fineract.infrastructure.core.filters.GeolocationHeaderFilter;
 import org.apache.fineract.infrastructure.core.filters.IdempotencyStoreFilter;
 import org.apache.fineract.infrastructure.core.filters.IdempotencyStoreHelper;
 import org.apache.fineract.infrastructure.core.filters.RequestResponseFilter;
@@ -165,7 +166,9 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                 .addFilterBefore(tenantAwareBasicAuthenticationFilter(), SecurityContextHolderFilter.class) //
                 .addFilterAfter(requestResponseFilter(), ExceptionTranslationFilter.class) //
                 .addFilterAfter(correlationHeaderFilter(), RequestResponseFilter.class) //
-                .addFilterAfter(fineractInstanceModeApiFilter(), CorrelationHeaderFilter.class); //
+                .addFilterAfter(fineractInstanceModeApiFilter(), CorrelationHeaderFilter.class) //
+                .addFilterAfter(fineractInstanceModeApiFilter(), CorrelationHeaderFilter.class) //
+                .addFilterAfter(geolocationHeaderFilter(), RequestResponseFilter.class); //
         if (!Objects.isNull(loanCOBFilterHelper)) {
             http.addFilterAfter(loanCOBApiFilter(), FineractInstanceModeApiFilter.class) //
                     .addFilterAfter(idempotencyStoreFilter(), LoanCOBApiFilter.class); //
@@ -227,6 +230,10 @@ public TenantAwareBasicAuthenticationFilter tenantAwareBasicAuthenticationFilter
         return filter;
     }
 
+    public GeolocationHeaderFilter geolocationHeaderFilter() {
+        return new GeolocationHeaderFilter(fineractProperties);
+    }
+
     @Bean
     public BasicAuthenticationEntryPoint basicAuthenticationEntryPoint() {
         BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint();

fineract-provider/src/main/resources/application.properties

@@ -62,6 +62,7 @@ fineract.correlation.enabled=${FINERACT_LOGGING_HTTP_CORRELATION_ID_ENABLED:fals
 fineract.correlation.header-name=${FINERACT_LOGGING_HTTP_CORRELATION_ID_HEADER_NAME:X-Correlation-ID}
 
 fineract.job.stuck-retry-threshold=${FINERACT_JOB_STUCK_RETRY_THRESHOLD:5}
+fineract.geolocation.enabled=${FINERACT_GEOLOCATION_ENABLED:true}
 fineract.job.loan-cob-enabled=${FINERACT_JOB_LOAN_COB_ENABLED:true}
 
 fineract.partitioned-job.partitioned-job-properties[0].job-name=LOAN_COB

fineract-provider/src/main/resources/db/changelog/tenant/changelog-tenant.xml

@@ -204,4 +204,5 @@
     <include file="parts/0183_add_LoanCapitalizedIncomeTransactionCreatedBusinessEvent.xml" relativeToChangelogFile="true" />
     <include file="parts/0184_add_document_event_configuration.xml" relativeToChangelogFile="true" />
     <include file="parts/0185_loan_buy_down_fee.xml" relativeToChangelogFile="true" />
+    <include file="parts/0186_add_column_ip.xml" relativeToChangelogFile="true" />
 </databaseChangeLog>