Add WafPolicies

2025-11-10 14:10:37 +11:00
parent af7413c899
commit 772fae7e8b
22 changed files with 1784 additions and 147 deletions
--- a/db/migrate/20251110015542_remove_geo_fields_from_events.rb
+++ b/db/migrate/20251110015542_remove_geo_fields_from_events.rb
@@ -0,0 +1,6 @@
+class RemoveGeoFieldsFromEvents < ActiveRecord::Migration[8.1]
+  def change
+    remove_column :events, :country_code, :string
+    remove_column :events, :city, :string
+  end
+end
--- a/db/migrate/20251110023053_create_waf_policies.rb
+++ b/db/migrate/20251110023053_create_waf_policies.rb
@@ -0,0 +1,23 @@
+class CreateWafPolicies < ActiveRecord::Migration[8.1]
+  def change
+    create_table :waf_policies do |t|
+      t.string :name, null: false
+      t.text :description
+      t.string :policy_type, null: false, default: 'country'
+      t.string :action, null: false, default: 'deny'
+      t.json :targets, default: []
+      t.boolean :enabled, default: true, null: false
+      t.datetime :expires_at
+      t.references :user, null: false, foreign_key: true
+      t.json :additional_data, default: {}
+
+      t.timestamps
+    end
+
+    # Add indexes for efficient policy matching
+    add_index :waf_policies, [:policy_type, :enabled], name: "idx_waf_policies_type_enabled"
+    add_index :waf_policies, :enabled
+    add_index :waf_policies, :expires_at
+    add_index :waf_policies, :name, unique: true
+  end
+end
--- a/db/migrate/20251110023232_add_waf_policy_to_rules.rb
+++ b/db/migrate/20251110023232_add_waf_policy_to_rules.rb
@@ -0,0 +1,6 @@
+class AddWafPolicyToRules < ActiveRecord::Migration[8.1]
+  def change
+    add_reference :rules, :waf_policy, null: true, foreign_key: true
+    add_index :rules, :waf_policy_id, name: "idx_rules_waf_policy"
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.

-ActiveRecord::Schema[8.1].define(version: 2025_11_08_042936) do
+ActiveRecord::Schema[8.1].define(version: 2025_11_10_023232) do
  # These are extensions that must be enabled in order to support this database
  enable_extension "pg_catalog.plpgsql"

@@ -27,8 +27,6 @@ ActiveRecord::Schema[8.1].define(version: 2025_11_08_042936) do
    t.string "agent_name"
    t.string "agent_version"
    t.text "blocked_reason"
-    t.string "city"
-    t.string "country_code"
    t.datetime "created_at", null: false
    t.string "environment"
    t.string "event_id", null: false
@@ -140,6 +138,7 @@ ActiveRecord::Schema[8.1].define(version: 2025_11_08_042936) do
    t.string "source", limit: 100, default: "manual"
    t.datetime "updated_at", null: false
    t.bigint "user_id"
+    t.bigint "waf_policy_id"
    t.index ["action"], name: "index_rules_on_action"
    t.index ["enabled", "expires_at"], name: "idx_rules_active"
    t.index ["enabled"], name: "index_rules_on_enabled"
@@ -151,6 +150,8 @@ ActiveRecord::Schema[8.1].define(version: 2025_11_08_042936) do
    t.index ["source"], name: "index_rules_on_source"
    t.index ["updated_at", "id"], name: "idx_rules_sync"
    t.index ["user_id"], name: "index_rules_on_user_id"
+    t.index ["waf_policy_id"], name: "idx_rules_waf_policy"
+    t.index ["waf_policy_id"], name: "index_rules_on_waf_policy_id"
  end

  create_table "sessions", force: :cascade do |t|
@@ -171,9 +172,30 @@ ActiveRecord::Schema[8.1].define(version: 2025_11_08_042936) do
    t.index ["email_address"], name: "index_users_on_email_address", unique: true
  end

+  create_table "waf_policies", force: :cascade do |t|
+    t.string "action", default: "deny", null: false
+    t.json "additional_data", default: {}
+    t.datetime "created_at", null: false
+    t.text "description"
+    t.boolean "enabled", default: true, null: false
+    t.datetime "expires_at"
+    t.string "name", null: false
+    t.string "policy_type", default: "country", null: false
+    t.json "targets", default: []
+    t.datetime "updated_at", null: false
+    t.bigint "user_id", null: false
+    t.index ["enabled"], name: "index_waf_policies_on_enabled"
+    t.index ["expires_at"], name: "index_waf_policies_on_expires_at"
+    t.index ["name"], name: "index_waf_policies_on_name", unique: true
+    t.index ["policy_type", "enabled"], name: "idx_waf_policies_type_enabled"
+    t.index ["user_id"], name: "index_waf_policies_on_user_id"
+  end
+
  add_foreign_key "events", "request_hosts"
  add_foreign_key "network_ranges", "users"
  add_foreign_key "rules", "network_ranges"
  add_foreign_key "rules", "users"
+  add_foreign_key "rules", "waf_policies"
  add_foreign_key "sessions", "users"
+  add_foreign_key "waf_policies", "users"
 end