Baffle-WAF/baffle-hub
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Fix rules, fix OIDC loggin

Browse Source
This commit is contained in:
Dan Milne
2025-11-07 16:12:39 +11:00
parent d153fd436f
commit f50ebe666e
3 changed files with 27 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
app/models/rule.rb
View File

@@ -143,20 +143,39 @@ class Rule < ApplicationRecord
format = { format = {
id: id, id: id,
rule_type: rule_type, rule_type: rule_type,
action: action, waf_action: action, # Agents expect 'waf_action' field
conditions: agent_conditions, conditions: agent_conditions,
priority: agent_priority, priority: agent_priority,
expires_at: expires_at&.iso8601, expires_at: expires_at&.to_i, # Agents expect Unix timestamps
enabled: enabled, enabled: enabled,
source: source, source: source,
metadata: metadata || {}, metadata: metadata || {},
created_at: created_at.iso8601, created_at: created_at.to_i, # Agents expect Unix timestamps
updated_at: updated_at.iso8601 updated_at: updated_at.to_i # Agents expect Unix timestamps
} }
# Add network intelligence for debugging (optional) # For network rules, resolve the network range to actual IP data
if network_rule? && network_range if network_rule? && network_range
format[:network_intelligence] = network_intelligence begin
ip_range = IPAddr.new(network_range.cidr)
range = ip_range.to_range
if ip_range.ipv4?
format[:network_start] = range.first.to_i
format[:network_end] = range.last.to_i
else
# IPv6 - use binary representation
format[:network_start] = range.first.hton
format[:network_end] = range.last.hton
end
format[:network_prefix] = network_range.prefix_length
format[:network_intelligence] = network_intelligence
rescue => e
Rails.logger.error "Failed to resolve network range #{network_range.cidr}: #{e.message}"
# Fallback to CIDR format
format[:conditions] = { cidr: network_range.cidr }
end
end end
format format

2
config/database.yml
View File

@@ -12,7 +12,7 @@ postgres_default: &postgres_default
adapter: postgresql adapter: postgresql
encoding: unicode encoding: unicode
pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %> pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %>
host: localhost host: postgres
port: 5432 port: 5432
development: development:

2
config/initializers/omniauth.rb
View File

@@ -8,7 +8,7 @@ Rails.application.config.middleware.use OmniAuth::Builder do
client_options: { client_options: {
identifier: ENV['OIDC_CLIENT_ID'], identifier: ENV['OIDC_CLIENT_ID'],
secret: ENV['OIDC_CLIENT_SECRET'], secret: ENV['OIDC_CLIENT_SECRET'],
redirect_uri: ENV['OIDC_REDIRECT_URI'] || "#{Rails.application.routes.url_helpers.root_url}auth/oidc/callback", redirect_uri: ENV['OIDC_REDIRECT_URI'],
discovery: true, discovery: true,
authorization_endpoint: nil, authorization_endpoint: nil,
token_endpoint: nil, token_endpoint: nil,