Fix 1262 pgsql conflict resolve (#1363)

* Fix api for all dbs (#1310) * DB agnostic lapi sanitize Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com> * Update ent Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com> * Fix go dep mess. Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
2025-05-11 12:25:53 +02:00 · 2022-03-17 18:42:13 +05:30 · 2022-03-17 18:42:13 +05:30 · c5566e92f3
commit c5566e92f3
parent f7f4ca9541
29 changed files with 1041 additions and 318 deletions
--- a/pkg/apiserver/decisions_test.go
+++ b/pkg/apiserver/decisions_test.go
@ -257,7 +257,7 @@ func TestGetDecision(t *testing.T) {
 	router.ServeHTTP(w, req)

 	assert.Equal(t, 200, w.Code)
-	assert.Contains(t, w.Body.String(), "\"id\":1,\"origin\":\"test\",\"scenario\":\"crowdsecurity/test\",\"scope\":\"Ip\",\"type\":\"ban\",\"value\":\"127.0.0.1\"}]")
+	assert.Contains(t, w.Body.String(), "\"id\":3,\"origin\":\"test\",\"scenario\":\"crowdsecurity/test\",\"scope\":\"Ip\",\"type\":\"ban\",\"value\":\"127.0.0.1\"}]")

 	// Get Decision with invalid filter. It should ignore this filter
 	w = httptest.NewRecorder()
@ -267,7 +267,7 @@ func TestGetDecision(t *testing.T) {
 	router.ServeHTTP(w, req)

 	assert.Equal(t, 200, w.Code)
-	assert.Contains(t, w.Body.String(), "\"id\":1,\"origin\":\"test\",\"scenario\":\"crowdsecurity/test\",\"scope\":\"Ip\",\"type\":\"ban\",\"value\":\"127.0.0.1\"}]")
+	assert.Contains(t, w.Body.String(), "\"id\":3,\"origin\":\"test\",\"scenario\":\"crowdsecurity/test\",\"scope\":\"Ip\",\"type\":\"ban\",\"value\":\"127.0.0.1\"}]")

 }

@ -377,7 +377,7 @@ func TestDeleteDecision(t *testing.T) {
 	router.ServeHTTP(w, req)

 	assert.Equal(t, 200, w.Code)
-	assert.Equal(t, "{\"nbDeleted\":\"1\"}", w.Body.String())
+	assert.Equal(t, "{\"nbDeleted\":\"3\"}", w.Body.String())

 }

@ -388,7 +388,7 @@ func TestStreamDecision(t *testing.T) {
 	}

 	// Create Valid Alert
-	alertContentBytes, err := ioutil.ReadFile("./tests/alert_stream_fixture.json")
+	alertContentBytes, err := ioutil.ReadFile("./tests/alert_sample.json")
 	if err != nil {
 		log.Fatal(err)
 	}
@ -431,6 +431,95 @@ func TestStreamDecision(t *testing.T) {
 	req.Header.Add("X-Api-Key", APIKey)
 	router.ServeHTTP(w, req)

+	// the decision with id=3 is only returned because it's the longest decision
+	assert.Equal(t, 200, w.Code)
+	assert.Contains(t, w.Body.String(), "\"id\":3,\"origin\":\"test\",\"scenario\":\"crowdsecurity/test\",\"scope\":\"Ip\",\"type\":\"ban\",\"value\":\"127.0.0.1\"}]}")
+	assert.NotContains(t, w.Body.String(), "\"id\":2")
+	assert.NotContains(t, w.Body.String(), "\"id\":1")
+	assert.Contains(t, w.Body.String(), "2h")
+
+	// id=3 decision is deleted, this won't affect `deleted`, because there are decisions
+	// targetting same IP
+	req, _ = http.NewRequest("DELETE", "/v1/decisions/3", strings.NewReader(""))
+	AddAuthHeaders(req, loginResp)
+	router.ServeHTTP(w, req)
+	assert.Equal(t, 200, w.Code)
+
+	w = httptest.NewRecorder()
+	req, _ = http.NewRequest("GET", "/v1/decisions/stream?startup=true", strings.NewReader(""))
+	req.Header.Add("X-Api-Key", APIKey)
+	router.ServeHTTP(w, req)
+
+	assert.Equal(t, 200, w.Code)
+	// the decision with id=2 is only returned because it's the longest decision
+	assert.Contains(t, w.Body.String(), "\"id\":2,\"origin\":\"test\",\"scenario\":\"crowdsecurity/test\",\"scope\":\"Ip\",\"type\":\"ban\",\"value\":\"127.0.0.1\"}]}")
+	assert.NotContains(t, w.Body.String(), "\"id\":3")
+	assert.NotContains(t, w.Body.String(), "\"id\":1")
+	assert.Contains(t, w.Body.String(), "1h")
+	assert.Contains(t, w.Body.String(), "\"deleted\":null")
+
+	// We delete another decision, yet don't receive it in stream, since there's another decision on same IP
+	req, _ = http.NewRequest("DELETE", "/v1/decisions/2", strings.NewReader(""))
+	AddAuthHeaders(req, loginResp)
+	router.ServeHTTP(w, req)
+
+	w = httptest.NewRecorder()
+	req, _ = http.NewRequest("GET", "/v1/decisions/stream", strings.NewReader(""))
+	req.Header.Add("X-Api-Key", APIKey)
+	router.ServeHTTP(w, req)
+
+	assert.Equal(t, 200, w.Code)
+	assert.Equal(t, "{\"deleted\":null,\"new\":null}", w.Body.String())
+
+	// Now all decisions for this IP are deleted, we should receive it in stream
+	req, _ = http.NewRequest("DELETE", "/v1/decisions/1", strings.NewReader(""))
+	AddAuthHeaders(req, loginResp)
+	router.ServeHTTP(w, req)
+}
+func TestStreamDecisionFilters(t *testing.T) {
+
+	router, loginResp, err := InitMachineTest()
+	if err != nil {
+		log.Fatalln(err.Error())
+	}
+
+	// Create Valid Alert
+	alertContentBytes, err := ioutil.ReadFile("./tests/alert_stream_fixture.json")
+	if err != nil {
+		log.Fatal(err)
+	}
+	alerts := make([]*models.Alert, 0)
+	if err := json.Unmarshal(alertContentBytes, &alerts); err != nil {
+		log.Fatal(err)
+	}
+
+	for _, alert := range alerts {
+		*alert.StartAt = time.Now().UTC().Format(time.RFC3339)
+		*alert.StopAt = time.Now().UTC().Format(time.RFC3339)
+	}
+
+	alertContent, err := json.Marshal(alerts)
+	if err != nil {
+		log.Fatal(err)
+	}
+	w := httptest.NewRecorder()
+	req, err := http.NewRequest("POST", "/v1/alerts", strings.NewReader(string(alertContent)))
+	if err != nil {
+		log.Fatalf("%s", err.Error())
+	}
+	req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", loginResp.Token))
+	router.ServeHTTP(w, req)
+
+	APIKey, err := CreateTestBouncer()
+	if err != nil {
+		log.Fatalf("%s", err.Error())
+	}
+
+	w = httptest.NewRecorder()
+	req, _ = http.NewRequest("GET", "/v1/decisions/stream?startup=true", strings.NewReader(""))
+	req.Header.Add("X-Api-Key", APIKey)
+	router.ServeHTTP(w, req)
+
 	assert.Equal(t, 200, w.Code)
 	assert.Contains(t, w.Body.String(), "\"id\":1,\"origin\":\"test1\",\"scenario\":\"crowdsecurity/http_bf\",\"scope\":\"Ip\",\"type\":\"ban\",\"value\":\"127.0.0.1\"")
 	assert.Contains(t, w.Body.String(), "\"id\":2,\"origin\":\"test2\",\"scenario\":\"crowdsecurity/ssh_bf\",\"scope\":\"Ip\",\"type\":\"ban\",\"value\":\"127.0.0.1\"")