Add WafPolicies
This commit is contained in:
Dan Milne
@@ -14,17 +14,20 @@ class NetworkRangesController < ApplicationController
|
||||
|
||||
# GET /network_ranges
|
||||
def index
|
||||
@pagy, @network_ranges = pagy(policy_scope(NetworkRange.includes(:rules))
|
||||
.order(updated_at: :desc))
|
||||
# Start with base scope
|
||||
base_scope = policy_scope(NetworkRange.includes(:rules)).order(updated_at: :desc)
|
||||
|
||||
# Apply filters
|
||||
@network_ranges = apply_filters(@network_ranges)
|
||||
# Apply filters BEFORE pagination
|
||||
base_scope = apply_filters(base_scope)
|
||||
|
||||
# Apply search
|
||||
# Apply search BEFORE pagination
|
||||
if params[:search].present?
|
||||
@network_ranges = search_network_ranges(@network_ranges, params[:search])
|
||||
base_scope = search_network_ranges(base_scope, params[:search])
|
||||
end
|
||||
|
||||
# Apply pagination to the filtered scope
|
||||
@pagy, @network_ranges = pagy(base_scope)
|
||||
|
||||
# Statistics
|
||||
@total_ranges = NetworkRange.count
|
||||
@ranges_with_intelligence = NetworkRange.where.not(asn: nil).or(NetworkRange.where.not(company: nil)).count
|
||||
@@ -41,14 +44,23 @@ class NetworkRangesController < ApplicationController
|
||||
# GET /network_ranges/:id
|
||||
def show
|
||||
authorize @network_range
|
||||
@related_events = Event.joins("JOIN network_ranges ON events.ip_address <<= network_ranges.network")
|
||||
.where("network_ranges.id = ?", @network_range.id)
|
||||
.recent
|
||||
.limit(100)
|
||||
|
||||
if @network_range.persisted?
|
||||
# Real network - use existing logic
|
||||
@related_events = Event.joins("JOIN network_ranges ON events.ip_address <<= network_ranges.network")
|
||||
.where("network_ranges.id = ?", @network_range.id)
|
||||
.recent
|
||||
.limit(100)
|
||||
else
|
||||
# Virtual network - find events by IP range containment
|
||||
@related_events = Event.where("ip_address <<= ?::inet", @network_range.to_s)
|
||||
.recent
|
||||
.limit(100)
|
||||
end
|
||||
|
||||
@child_ranges = @network_range.child_ranges.limit(20)
|
||||
@parent_ranges = @network_range.parent_ranges.limit(10)
|
||||
@associated_rules = @network_range.rules.includes(:user).order(created_at: :desc)
|
||||
@associated_rules = @network_range.persisted? ? @network_range.rules.includes(:user).order(created_at: :desc) : []
|
||||
|
||||
# Traffic analytics (if we have events)
|
||||
@traffic_stats = calculate_traffic_stats(@network_range)
|
||||
@@ -57,7 +69,7 @@ class NetworkRangesController < ApplicationController
|
||||
# GET /network_ranges/new
|
||||
def new
|
||||
authorize NetworkRange
|
||||
@network_range = NetworkRange.new
|
||||
@network_range = NetworkRange.new(network: params[:network])
|
||||
end
|
||||
|
||||
# POST /network_ranges
|
||||
@@ -154,7 +166,12 @@ class NetworkRangesController < ApplicationController
|
||||
def set_network_range
|
||||
# Handle CIDR slugs (e.g., "40.77.167.100_32" -> "40.77.167.100/32")
|
||||
cidr = params[:id].gsub('_', '/')
|
||||
@network_range = NetworkRange.find_by!(network: cidr)
|
||||
@network_range = NetworkRange.find_by(network: cidr)
|
||||
|
||||
# If network doesn't exist, create a virtual (unsaved) instance
|
||||
if @network_range.nil?
|
||||
@network_range = NetworkRange.new(network: cidr)
|
||||
end
|
||||
end
|
||||
|
||||
def network_range_params
|
||||
@@ -194,15 +211,43 @@ class NetworkRangesController < ApplicationController
|
||||
end
|
||||
|
||||
def calculate_traffic_stats(network_range)
|
||||
# Use the cached events_count for total requests (much more performant)
|
||||
# For detailed breakdown, we still need to query but we can optimize with a limit
|
||||
if network_range.events_count > 0
|
||||
events = Event.joins("JOIN network_ranges ON events.ip_address <<= network_ranges.network")
|
||||
.where("network_ranges.id = ?", network_range.id)
|
||||
.limit(1000) # Limit the sample for performance
|
||||
if network_range.persisted?
|
||||
# Real network - use cached events_count for total requests (much more performant)
|
||||
if network_range.events_count > 0
|
||||
events = Event.joins("JOIN network_ranges ON events.ip_address <<= network_ranges.network")
|
||||
.where("network_ranges.id = ?", network_range.id)
|
||||
.limit(1000) # Limit the sample for performance
|
||||
|
||||
{
|
||||
total_requests: network_range.events_count, # Use cached count
|
||||
unique_ips: events.distinct.count(:ip_address),
|
||||
blocked_requests: events.blocked.count,
|
||||
allowed_requests: events.allowed.count,
|
||||
top_paths: events.group(:request_path).count.sort_by { |_, count| -count }.first(10),
|
||||
top_user_agents: events.group(:user_agent).count.sort_by { |_, count| -count }.first(5),
|
||||
recent_activity: events.recent.limit(20)
|
||||
}
|
||||
else
|
||||
# No events - return empty stats
|
||||
{
|
||||
total_requests: 0,
|
||||
unique_ips: 0,
|
||||
blocked_requests: 0,
|
||||
allowed_requests: 0,
|
||||
top_paths: {},
|
||||
top_user_agents: {},
|
||||
recent_activity: []
|
||||
}
|
||||
end
|
||||
else
|
||||
# Virtual network - calculate stats from events within range
|
||||
events = Event.where("ip_address <<= ?::inet", network_range.to_s)
|
||||
.limit(1000) # Limit the sample for performance
|
||||
|
||||
total_events = Event.where("ip_address <<= ?::inet", network_range.to_s).count
|
||||
|
||||
{
|
||||
total_requests: network_range.events_count, # Use cached count
|
||||
total_requests: total_events,
|
||||
unique_ips: events.distinct.count(:ip_address),
|
||||
blocked_requests: events.blocked.count,
|
||||
allowed_requests: events.allowed.count,
|
||||
@@ -210,17 +255,6 @@ class NetworkRangesController < ApplicationController
|
||||
top_user_agents: events.group(:user_agent).count.sort_by { |_, count| -count }.first(5),
|
||||
recent_activity: events.recent.limit(20)
|
||||
}
|
||||
else
|
||||
# No events - return empty stats
|
||||
{
|
||||
total_requests: 0,
|
||||
unique_ips: 0,
|
||||
blocked_requests: 0,
|
||||
allowed_requests: 0,
|
||||
top_paths: {},
|
||||
top_user_agents: {},
|
||||
recent_activity: []
|
||||
}
|
||||
end
|
||||
end
|
||||
end
|
||||
Reference in New Issue
Block a user