Add WafPolicies

2025-11-10 14:10:37 +11:00
parent af7413c899
commit 772fae7e8b
22 changed files with 1784 additions and 147 deletions
--- a/app/controllers/waf_policies_controller.rb
+++ b/app/controllers/waf_policies_controller.rb
@@ -0,0 +1,165 @@
+# frozen_string_literal: true
+
+class WafPoliciesController < ApplicationController
+  # Follow proper before_action order:
+  # 1. Authentication/Authorization
+  # All actions require authentication
+
+  # 2. Resource loading
+  before_action :set_waf_policy, only: [:show, :edit, :update, :destroy, :activate, :deactivate]
+
+  # GET /waf_policies
+  def index
+    @pagy, @waf_policies = pagy(policy_scope(WafPolicy).includes(:user, :generated_rules).order(created_at: :desc))
+    @policy_types = WafPolicy::POLICY_TYPES
+    @actions = WafPolicy::ACTIONS
+  end
+
+  # GET /waf_policies/new
+  def new
+    authorize WafPolicy
+    @waf_policy = WafPolicy.new
+    @policy_types = WafPolicy::POLICY_TYPES
+    @actions = WafPolicy::ACTIONS
+
+    # Set default values from URL parameters
+    @waf_policy.policy_type = params[:policy_type] if params[:policy_type].present?
+    @waf_policy.action = params[:action] if params[:action].present?
+    @waf_policy.targets = params[:targets] if params[:targets].present?
+  end
+
+  # POST /waf_policies
+  def create
+    authorize WafPolicy
+    @waf_policy = WafPolicy.new(waf_policy_params)
+    @waf_policy.user = Current.user
+    @policy_types = WafPolicy::POLICY_TYPES
+    @actions = WafPolicy::ACTIONS
+
+    if @waf_policy.save
+      # Trigger policy processing for existing network ranges
+      ProcessWafPoliciesJob.perform_later(waf_policy_id: @waf_policy.id)
+
+      redirect_to @waf_policy, notice: 'WAF policy was successfully created.'
+    else
+      render :new, status: :unprocessable_entity
+    end
+  end
+
+  # GET /waf_policies/:id
+  def show
+    @generated_rules = @waf_policy.generated_rules.includes(:network_range).order(created_at: :desc).limit(20)
+    @effectiveness_stats = @waf_policy.effectiveness_stats
+  end
+
+  # GET /waf_policies/:id/edit
+  def edit
+    @policy_types = WafPolicy::POLICY_TYPES
+    @actions = WafPolicy::ACTIONS
+  end
+
+  # PATCH/PUT /waf_policies/:id
+  def update
+    @policy_types = WafPolicy::POLICY_TYPES
+    @actions = WafPolicy::ACTIONS
+
+    if @waf_policy.update(waf_policy_params)
+      # Re-process policies for existing network ranges if policy was changed
+      if @waf_policy.saved_change_to_targets? || @waf_policy.saved_change_to_action?
+        ProcessWafPoliciesJob.reprocess_for_policy(@waf_policy)
+      end
+
+      redirect_to @waf_policy, notice: 'WAF policy was successfully updated.'
+    else
+      render :edit, status: :unprocessable_entity
+    end
+  end
+
+  # DELETE /waf_policies/:id
+  def destroy
+    policy_name = @waf_policy.name
+
+    # Soft delete by disabling and expiring the policy
+    @waf_policy.update!(enabled: false, expires_at: Time.current)
+
+    redirect_to waf_policies_url, notice: "WAF policy '#{policy_name}' was disabled."
+  end
+
+  # POST /waf_policies/:id/activate
+  def activate
+    @waf_policy.activate!
+
+    # Re-process policies for existing network ranges
+    ProcessWafPoliciesJob.reprocess_for_policy(@waf_policy)
+
+    redirect_to @waf_policy, notice: 'WAF policy was activated.'
+  end
+
+  # POST /waf_policies/:id/deactivate
+  def deactivate
+    @waf_policy.deactivate!
+
+    redirect_to @waf_policy, notice: 'WAF policy was deactivated.'
+  end
+
+  # GET /waf_policies/new_country
+  def new_country
+    authorize WafPolicy
+    @waf_policy = WafPolicy.new(policy_type: 'country', action: 'deny')
+    @policy_types = WafPolicy::POLICY_TYPES
+    @actions = WafPolicy::ACTIONS
+  end
+
+  # POST /waf_policies/create_country
+  def create_country
+    authorize WafPolicy
+
+    countries = params[:countries]&.reject(&:blank?) || []
+    action = params[:action] || 'deny'
+
+    if countries.empty?
+      redirect_to new_country_waf_policies_path, alert: 'Please select at least one country.'
+      return
+    end
+
+    @waf_policy = WafPolicy.create_country_policy(
+      countries,
+      action: action,
+      user: Current.user,
+      description: params[:description]
+    )
+
+    if @waf_policy.persisted?
+      # Trigger policy processing for existing network ranges
+      ProcessWafPoliciesJob.reprocess_for_policy(@waf_policy)
+
+      redirect_to @waf_policy, notice: "Country blocking policy was successfully created for #{countries.join(', ')}."
+    else
+      @policy_types = WafPolicy::POLICY_TYPES
+      @actions = WafPolicy::ACTIONS
+      render :new_country, status: :unprocessable_entity
+    end
+  end
+
+  private
+
+  def set_waf_policy
+    @waf_policy = WafPolicy.find(params[:id])
+    authorize @waf_policy
+  rescue ActiveRecord::RecordNotFound
+    redirect_to waf_policies_path, alert: 'WAF policy not found.'
+  end
+
+  def waf_policy_params
+    params.require(:waf_policy).permit(
+      :name,
+      :description,
+      :policy_type,
+      :action,
+      :enabled,
+      :expires_at,
+      targets: [],
+      additional_data: {}
+    )
+  end
+end