fix the cache management for live mode. (#104)

sabban · web-flow · commit 77e151a1ba3c · 2025-03-20T18:44:36.000+01:00
* fix(crowdsec): correct configuration key and cache key format

Changed ~CAPTCHA_EXPIRATION~ to ~CACHE_EXPIRATION~ in ~csmod.allowIp~ function. Updated cache key format in ~live_query~ function to include "decision_cache" prefix.

* fix(caching): correct cache key format in live_query function

Ensure the cache key format includes the "decision_cache/" prefix to prevent key conflicts and improve cache management.

* mark debug
* fix the test as well
diff --git a/lib/crowdsec.lua b/lib/crowdsec.lua
@@ -355,6 +355,7 @@ function csmod.allowIp(ip)
   local key_type = key_parts[1]
   if key_type == "normal" then
     local decision_string, flag_id = runtime.cache:get("decision_cache/" .. key)
+    ngx.log(ngx.DEBUG, "[CACHE] Looking for '" .. key .. "' in cache")
     local  t = utils.split_on_delimiter(decision_string,"/")
     if t == nil then
       return true, nil, "Failed to split decision string"
@@ -382,9 +383,10 @@ function csmod.allowIp(ip)
       item = key_type.."_"..table.concat(netmask, ":").."_"..iputils.ipv6_band(ip_network_address, netmask)
     end
     local decision_string, flag_id = runtime.cache:get("decision_cache/" .. item)
+    ngx.log(ngx.DEBUG, "[CACHE] Looking for '" .. key .. "' in cache")
     if decision_string ~= nil then -- we have it in cache
       if decision_string == "none" then
-        ngx.log(ngx.DEBUG, "'" .. key .. "' is in cache with value'" .. decision_string .. "'")
+        ngx.log(ngx.DEBUG, "[CACHE]'" .. key .. "' is in cache with value'" .. decision_string .. "'")
         return true, nil, nil
       end
       ngx.log(ngx.DEBUG, "'" .. key .. "' is in cache with value'" .. decision_string .. "'")
@@ -413,7 +415,7 @@ function csmod.allowIp(ip)
       ip,
       runtime.conf["API_URL"],
       runtime.conf["REQUEST_TIMEOUT"],
-      runtime.conf["CAPTCHA_EXPIRATION"],
+      runtime.conf["CACHE_EXPIRATION"],
       REMEDIATION_API_KEY_HEADER,
       runtime.conf['API_KEY'],
       runtime.userAgent,
diff --git a/lib/plugins/crowdsec/live.lua b/lib/plugins/crowdsec/live.lua
@@ -48,9 +48,9 @@ function live:live_query(ip, api_url, timeout, cache_expiration, api_key_header,
   if body == "null" then -- no result from API, no decision for this IP
     -- set ip in cache and DON'T block it
     local key,_ = utils.item_to_string(ip, "ip")
-    local succ, err, forcible = live.cache:set(key, "none", cache_expiration, 1)
+    local succ, err, forcible = live.cache:set("decision_cache/" .. key, "none", cache_expiration, 1)
     --
-    ngx.log(ngx.DEBUG, "Adding '" .. key .. "' in cache for '" .. cache_expiration .. "' seconds") --debug
+    ngx.log(ngx.DEBUG, "[CACHE] Adding '" .. key .. "' in cache for '" .. cache_expiration .. "' seconds") --debug
     if not succ then
       ngx.log(ngx.ERR, "failed to add ip '" .. ip .. "' in cache: ".. err)
     end
@@ -66,8 +66,8 @@ function live:live_query(ip, api_url, timeout, cache_expiration, api_key_header,
   end
   local cache_value = decision.type .. "/" .. decision.origin
   local key,_ = utils.item_to_string(decision.value, decision.scope)
-  local succ, err, forcible = live.cache:set(key, cache_value, cache_expiration, 0)
-  ngx.log(ngx.DEBUG, "Adding '" .. key .. "' in cache for '" .. cache_expiration .. "' seconds with decision type'" .. decision.type .. "'with origin'" .. decision.origin ) --debug
+  local succ, err, forcible = live.cache:set("decision_cache/" .. key, cache_value, cache_expiration, 0)
+  ngx.log(ngx.DEBUG, "[CACHE] Adding '" .. key .. "' in cache for '" .. cache_expiration .. "' seconds with decision type'" .. decision.type .. "'with origin'" .. decision.origin ) --debug
   if not succ then
     ngx.log(ngx.ERR, "failed to add ".. decision.value .." : "..err)
   end
diff --git a/t/10_live_ban_and_cache.t b/t/10_live_ban_and_cache.t
@@ -135,19 +135,17 @@ qr/DEBUG CACHE:[^ ]*/
 DEBUG CACHE:metrics_first_run:false
 DEBUG CACHE:metrics_processed/ip_type=ipv4&:1
 DEBUG CACHE:metrics_all:processed/ip_type=ipv4&,
-DEBUG CACHE:ipv4_4294967295_16843010:none
+DEBUG CACHE:decision_cache/ipv4_4294967295_16843010:none
 DEBUG CACHE:captcha_ok:false
-DEBUG CACHE:ipv4_4294967295_16843010:none
 DEBUG CACHE:metrics_first_run:false
 DEBUG CACHE:metrics_processed/ip_type=ipv4&:2
-DEBUG CACHE:ipv4_4294967295_16843009:ban/CAPI
+DEBUG CACHE:decision_cache/ipv4_4294967295_16843009:ban/CAPI
 DEBUG CACHE:metrics_dropped/ip_type=ipv4&origin=CAPI&:1
 DEBUG CACHE:metrics_all:processed/ip_type=ipv4&,dropped/ip_type=ipv4&origin=CAPI&,
 DEBUG CACHE:captcha_ok:false
-DEBUG CACHE:ipv4_4294967295_16843010:none
 DEBUG CACHE:metrics_first_run:false
 DEBUG CACHE:metrics_processed/ip_type=ipv4&:3
-DEBUG CACHE:ipv4_4294967295_16843009:ban/CAPI
+DEBUG CACHE:decision_cache/ipv4_4294967295_16843009:ban/CAPI
 DEBUG CACHE:metrics_dropped/ip_type=ipv4&origin=CAPI&:2
 DEBUG CACHE:metrics_all:processed/ip_type=ipv4&,dropped/ip_type=ipv4&origin=CAPI&,
 DEBUG CACHE:captcha_ok:false
