feat: call SetupStream and SetupMetrics from nginx configuration

lib/crowdsec.lua

@@ -40,6 +40,10 @@ function csmod.debug_metrics()
     ngx.log(ngx.DEBUG, "Shortening metrics period to 15 seconds")
 end
 
+function csmod.get_mode()
+  return runtime.conf["MODE"]
+end
+
 --- init function
 -- init function called by nginx in init_by_lua_block
 -- @param configFile path to the configuration file
@@ -166,7 +170,7 @@ end
 --- The idea here is to setup the timer that will trigger the metrics sending
 --- If first run then just fire the new timer to run the function again in METRICS_PERIOD
 --- If not send metrics and run the timer again in METRICS_PERIOD
-local function Setup_metrics()
+function csmod.SetupMetrics()
   -- if no API_URL, we don't setup metrics
   if runtime.conf["API_URL"] == "" then
     return
@@ -177,7 +181,7 @@ local function Setup_metrics()
       ngx.log(ngx.INFO, "worker is exiting, not setting up metrics timer")
       return
     end
-    local ok, err = ngx.timer.at(METRICS_PERIOD, Setup_metrics)
+    local ok, err = ngx.timer.at(METRICS_PERIOD, csmod.SetupMetrics)
     if not ok then
       error("Failed to create the timer: " .. (err or "unknown"))
     else
@@ -252,7 +256,7 @@ function csmod.GetCaptchaBackendKey()
   return captcha.GetCaptchaBackendKey()
 end
 
-local function SetupStream()
+function csmod.SetupStream()
   local function SetupStreamTimer()
     if ngx.worker.exiting() then
       ngx.log(ngx.INFO, "worker is exiting, not setting up stream timer")
@@ -336,11 +340,6 @@ function csmod.allowIp(ip)
     return true, nil, nil
   end
 
-  if runtime.conf["MODE"] == "stream" then
-    ngx.log(ngx.DEBUG, "stream mode")
-    SetupStream()
-  end
-
   local key, ip_version = utils.item_to_string(ip, "ip")
   if key == nil then
     return true, nil, "Check failed '" .. ip .. "' has no valid IP address"
@@ -548,8 +547,6 @@ function csmod.Allow(ip)
     end
   end
 
-  Setup_metrics()
-
   local ok, remediation, err = csmod.allowIp(ip)
   if err ~= nil then
     ngx.log(ngx.ERR, "[Crowdsec] bouncer error: " .. err)

t/01lua_config.t

@@ -34,6 +34,21 @@ access_by_lua_block {
                 cs.Allow(ngx.var.remote_addr)
         end
 }
+
+init_worker_by_lua_block {
+        cs = require "crowdsec"
+        local mode = cs.get_mode()
+        if string.lower(mode) == "stream" then
+           ngx.log(ngx.INFO, "Initilizing stream mode for worker " .. tostring(ngx.worker.id()))
+           cs.SetupStream()
+        end
+
+        if ngx.worker.id() == 0 then
+           ngx.log(ngx.INFO, "Initilizing metrics for worker " .. tostring(ngx.worker.id()))
+           cs.SetupMetrics()
+        end
+}
+
 --- config
 location = /t {
     content_by_lua_block {

t/05stream_and_ban.t

@@ -55,6 +55,20 @@ access_by_lua_block {
         cs.Allow(ngx.var.remote_addr)
 }
 
+init_worker_by_lua_block {
+        cs = require "crowdsec"
+        local mode = cs.get_mode()
+        if string.lower(mode) == "stream" then
+           ngx.log(ngx.INFO, "Initilizing stream mode for worker " .. tostring(ngx.worker.id()))
+           cs.SetupStream()
+        end
+
+        if ngx.worker.id() == 0 then
+           ngx.log(ngx.INFO, "Initilizing metrics for worker " .. tostring(ngx.worker.id()))
+           cs.SetupMetrics()
+        end
+}
+
 server {
     listen 8081;
 
@@ -118,8 +132,8 @@ DEBUG CACHE:metrics_processed/ip_type=ipv4&:1
 DEBUG CACHE:metrics_all:processed/ip_type=ipv4&,
 DEBUG CACHE:captcha_ok:false
 DEBUG CACHE:first_run:true
-DEBUG CACHE:startup:false
 DEBUG CACHE:metrics_first_run:false
+DEBUG CACHE:startup:false
 DEBUG CACHE:refreshing:false
 DEBUG CACHE:metrics_processed/ip_type=ipv4&:2
 DEBUG CACHE:decision_cache/ipv4_4294967295_16843009:ban/CAPI/ipv4

t/06stream_and_not_ban.t

@@ -57,6 +57,20 @@ access_by_lua_block {
         cs.Allow(ngx.var.remote_addr)
 }
 
+init_worker_by_lua_block {
+        cs = require "crowdsec"
+        local mode = cs.get_mode()
+        if string.lower(mode) == "stream" then
+           ngx.log(ngx.INFO, "Initilizing stream mode for worker " .. tostring(ngx.worker.id()))
+           cs.SetupStream()
+        end
+
+        if ngx.worker.id() == 0 then
+           ngx.log(ngx.INFO, "Initilizing metrics for worker " .. tostring(ngx.worker.id()))
+           cs.SetupMetrics()
+        end
+}
+
 server {
     listen 8081;
 

t/07stream_expiration_and_cache.t

@@ -82,6 +82,20 @@ access_by_lua_block {
         cs.Allow(ngx.var.remote_addr)
 }
 
+init_worker_by_lua_block {
+        cs = require "crowdsec"
+        local mode = cs.get_mode()
+        if string.lower(mode) == "stream" then
+           ngx.log(ngx.INFO, "Initilizing stream mode for worker " .. tostring(ngx.worker.id()))
+           cs.SetupStream()
+        end
+
+        if ngx.worker.id() == 0 then
+           ngx.log(ngx.INFO, "Initilizing metrics for worker " .. tostring(ngx.worker.id()))
+           cs.SetupMetrics()
+        end
+}
+
 server {
     listen 8081;
 
@@ -142,19 +156,19 @@ DEBUG CACHE:metrics_processed/ip_type=ipv4&:1
 DEBUG CACHE:metrics_all:processed/ip_type=ipv4&,
 DEBUG CACHE:captcha_ok:false
 DEBUG CACHE:first_run:true
-DEBUG CACHE:startup:false
 DEBUG CACHE:metrics_first_run:false
+DEBUG CACHE:startup:false
 DEBUG CACHE:refreshing:false
 DEBUG CACHE:metrics_processed/ip_type=ipv4&:2
 DEBUG CACHE:decision_cache/ipv4_4294967295_16843009:ban/CAPI/ipv4
 DEBUG CACHE:metrics_dropped/ip_type=ipv4&origin=CAPI&:1
 DEBUG CACHE:metrics_all:processed/ip_type=ipv4&,dropped/ip_type=ipv4&origin=CAPI&,
 DEBUG CACHE:captcha_ok:false
 DEBUG CACHE:first_run:true
-DEBUG CACHE:startup:false
-DEBUG CACHE:metrics_dropped/ip_type=ipv4&origin=CAPI&:1
 DEBUG CACHE:metrics_first_run:false
+DEBUG CACHE:startup:false
 DEBUG CACHE:refreshing:false
+DEBUG CACHE:metrics_dropped/ip_type=ipv4&origin=CAPI&:1
 DEBUG CACHE:metrics_processed/ip_type=ipv4&:3
 DEBUG CACHE:metrics_all:processed/ip_type=ipv4&,dropped/ip_type=ipv4&origin=CAPI&,
 DEBUG CACHE:captcha_ok:false

t/08_stream_ban_and_cache.t

@@ -80,6 +80,20 @@ access_by_lua_block {
         cs.Allow(ngx.var.remote_addr)
 }
 
+init_worker_by_lua_block {
+        cs = require "crowdsec"
+        local mode = cs.get_mode()
+        if string.lower(mode) == "stream" then
+           ngx.log(ngx.INFO, "Initilizing stream mode for worker " .. tostring(ngx.worker.id()))
+           cs.SetupStream()
+        end
+
+        if ngx.worker.id() == 0 then
+           ngx.log(ngx.INFO, "Initilizing metrics for worker " .. tostring(ngx.worker.id()))
+           cs.SetupMetrics()
+        end
+}
+
 server {
     listen 8081;
 
@@ -140,22 +154,20 @@ DEBUG CACHE:metrics_processed/ip_type=ipv4&:1
 DEBUG CACHE:metrics_all:processed/ip_type=ipv4&,
 DEBUG CACHE:captcha_ok:false
 DEBUG CACHE:first_run:true
-DEBUG CACHE:startup:false
 DEBUG CACHE:metrics_first_run:false
+DEBUG CACHE:startup:false
 DEBUG CACHE:refreshing:false
 DEBUG CACHE:metrics_processed/ip_type=ipv4&:2
 DEBUG CACHE:decision_cache/ipv4_4294967295_16843009:ban/CAPI/ipv4
 DEBUG CACHE:metrics_dropped/ip_type=ipv4&origin=CAPI&:1
 DEBUG CACHE:metrics_all:processed/ip_type=ipv4&,dropped/ip_type=ipv4&origin=CAPI&,
 DEBUG CACHE:captcha_ok:false
 DEBUG CACHE:first_run:true
-DEBUG CACHE:startup:false
 DEBUG CACHE:metrics_first_run:false
+DEBUG CACHE:startup:false
 DEBUG CACHE:refreshing:false
 DEBUG CACHE:metrics_processed/ip_type=ipv4&:3
 DEBUG CACHE:decision_cache/ipv4_4294967295_16843009:ban/CAPI/ipv4
 DEBUG CACHE:metrics_dropped/ip_type=ipv4&origin=CAPI&:2
 DEBUG CACHE:metrics_all:processed/ip_type=ipv4&,dropped/ip_type=ipv4&origin=CAPI&,
 DEBUG CACHE:captcha_ok:false
-
-

t/09_stream_ban_and_metrics.t

@@ -82,6 +82,20 @@ access_by_lua_block {
         cs.Allow(ngx.var.remote_addr)
 }
 
+init_worker_by_lua_block {
+        cs = require "crowdsec"
+        local mode = cs.get_mode()
+        if string.lower(mode) == "stream" then
+           ngx.log(ngx.INFO, "Initilizing stream mode for worker " .. tostring(ngx.worker.id()))
+           cs.SetupStream()
+        end
+
+        if ngx.worker.id() == 0 then
+           ngx.log(ngx.INFO, "Initilizing metrics for worker " .. tostring(ngx.worker.id()))
+           cs.SetupMetrics()
+        end
+}
+
 server {
     listen 8081;
 

t/10_live_ban_and_cache.t

@@ -80,6 +80,20 @@ access_by_lua_block {
         cs.Allow(ngx.var.remote_addr)
 }
 
+init_worker_by_lua_block {
+        cs = require "crowdsec"
+        local mode = cs.get_mode()
+        if string.lower(mode) == "stream" then
+           ngx.log(ngx.INFO, "Initilizing stream mode for worker " .. tostring(ngx.worker.id()))
+           cs.SetupStream()
+        end
+
+        if ngx.worker.id() == 0 then
+           ngx.log(ngx.INFO, "Initilizing metrics for worker " .. tostring(ngx.worker.id()))
+           cs.SetupMetrics()
+        end
+}
+
 server {
     listen 8081;
     location = /v1/decisions {

t/11_live_ban_and_metrics.t

@@ -82,6 +82,20 @@ access_by_lua_block {
         cs.Allow(ngx.var.remote_addr)
 }
 
+init_worker_by_lua_block {
+        cs = require "crowdsec"
+        local mode = cs.get_mode()
+        if string.lower(mode) == "stream" then
+           ngx.log(ngx.INFO, "Initilizing stream mode for worker " .. tostring(ngx.worker.id()))
+           cs.SetupStream()
+        end
+
+        if ngx.worker.id() == 0 then
+           ngx.log(ngx.INFO, "Initilizing metrics for worker " .. tostring(ngx.worker.id()))
+           cs.SetupMetrics()
+        end
+}
+
 server {
     listen 8081;
 

t/12_stream_ban_and_deletion.t

@@ -80,6 +80,20 @@ access_by_lua_block {
         cs.Allow(ngx.var.remote_addr)
 }
 
+init_worker_by_lua_block {
+        cs = require "crowdsec"
+        local mode = cs.get_mode()
+        if string.lower(mode) == "stream" then
+           ngx.log(ngx.INFO, "Initilizing stream mode for worker " .. tostring(ngx.worker.id()))
+           cs.SetupStream()
+        end
+
+        if ngx.worker.id() == 0 then
+           ngx.log(ngx.INFO, "Initilizing metrics for worker " .. tostring(ngx.worker.id()))
+           cs.SetupMetrics()
+        end
+}
+
 server {
     listen 8081;
 
@@ -140,19 +154,19 @@ DEBUG CACHE:metrics_processed/ip_type=ipv4&:1
 DEBUG CACHE:metrics_all:processed/ip_type=ipv4&,
 DEBUG CACHE:captcha_ok:false
 DEBUG CACHE:first_run:true
-DEBUG CACHE:startup:false
 DEBUG CACHE:metrics_first_run:false
+DEBUG CACHE:startup:false
 DEBUG CACHE:refreshing:false
 DEBUG CACHE:metrics_processed/ip_type=ipv4&:2
 DEBUG CACHE:decision_cache/ipv4_4294967295_16843009:ban/CAPI/ipv4
 DEBUG CACHE:metrics_dropped/ip_type=ipv4&origin=CAPI&:1
 DEBUG CACHE:metrics_all:processed/ip_type=ipv4&,dropped/ip_type=ipv4&origin=CAPI&,
 DEBUG CACHE:captcha_ok:false
 DEBUG CACHE:first_run:true
+DEBUG CACHE:metrics_first_run:false
 DEBUG CACHE:metrics_dropped/ip_type=ipv4&origin=CAPI&:1
 DEBUG CACHE:decision_cache/ipv4_4294967295_16843010:ban/CAPI/ipv4
 DEBUG CACHE:startup:false
-DEBUG CACHE:metrics_first_run:false
 DEBUG CACHE:refreshing:false
 DEBUG CACHE:metrics_processed/ip_type=ipv4&:3
 DEBUG CACHE:metrics_all:processed/ip_type=ipv4&,dropped/ip_type=ipv4&origin=CAPI&,

t/13_stream_captcha_and_deletion.t

@@ -8,7 +8,7 @@ run_tests();
 
 __DATA__
 
-=== TEST 5: Stream mode block test
+=== TEST 13: Stream mode block test
 
 --- init
 
@@ -94,6 +94,20 @@ access_by_lua_block {
         cs.Allow(ngx.var.remote_addr)
 }
 
+init_worker_by_lua_block {
+        cs = require "crowdsec"
+        local mode = cs.get_mode()
+        if string.lower(mode) == "stream" then
+           ngx.log(ngx.INFO, "Initilizing stream mode for worker " .. tostring(ngx.worker.id()))
+           cs.SetupStream()
+        end
+
+        if ngx.worker.id() == 0 then
+           ngx.log(ngx.INFO, "Initilizing metrics for worker " .. tostring(ngx.worker.id()))
+           cs.SetupMetrics()
+        end
+}
+
 server {
     listen 8081;
 
@@ -154,8 +168,8 @@ DEBUG CACHE:metrics_processed/ip_type=ipv4&:1
 DEBUG CACHE:metrics_all:processed/ip_type=ipv4&,
 DEBUG CACHE:captcha_ok:true
 DEBUG CACHE:first_run:true
-DEBUG CACHE:startup:false
 DEBUG CACHE:metrics_first_run:false
+DEBUG CACHE:startup:false
 DEBUG CACHE:refreshing:false
 DEBUG CACHE:metrics_processed/ip_type=ipv4&:2
 DEBUG CACHE:decision_cache/ipv4_4294967295_16843009:captcha/CAPI/ipv4
@@ -164,10 +178,10 @@ DEBUG CACHE:metrics_all:processed/ip_type=ipv4&,dropped/ip_type=ipv4&origin=CAPI
 DEBUG CACHE:captcha_ok:true
 DEBUG CACHE:captcha_1.1.1.1:/t
 DEBUG CACHE:first_run:true
+DEBUG CACHE:metrics_first_run:false
 DEBUG CACHE:metrics_dropped/ip_type=ipv4&origin=CAPI&:1
 DEBUG CACHE:decision_cache/ipv4_4294967295_16843010:ban/CAPI/ipv4
 DEBUG CACHE:startup:false
-DEBUG CACHE:metrics_first_run:false
 DEBUG CACHE:refreshing:false
 DEBUG CACHE:metrics_processed/ip_type=ipv4&:3
 DEBUG CACHE:metrics_all:processed/ip_type=ipv4&,dropped/ip_type=ipv4&origin=CAPI&,