From fc2f5214b1babca7a5f465bc4092f5d303a02dbb Mon Sep 17 00:00:00 2001
From: Mathis HERRIOT <197931332+0x485254@users.noreply.github.com>
Date: Thu, 29 Jan 2026 14:02:49 +0100
Subject: [PATCH] feat: implement IP banning in crawler-detection middleware
 using cache manager

- Added Redis-based temporary IP banning for suspicious activity detected by the middleware.
- Injected `CACHE_MANAGER` into the middleware to manage banned IPs.
- Enhanced logging to track banned IP attempts.
- Adjusted middleware logic to handle asynchronous IP checks and updates.
---
 .../crawler-detection.middleware.ts           | 26 +++++++++++++++----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/backend/src/common/middlewares/crawler-detection.middleware.ts b/backend/src/common/middlewares/crawler-detection.middleware.ts
index 01149d1..2d42ec3 100644
--- a/backend/src/common/middlewares/crawler-detection.middleware.ts
+++ b/backend/src/common/middlewares/crawler-detection.middleware.ts
@@ -1,10 +1,14 @@
-import { Injectable, Logger, NestMiddleware } from "@nestjs/common";
+import { CACHE_MANAGER } from "@nestjs/cache-manager";
+import { Inject, Injectable, Logger, NestMiddleware } from "@nestjs/common";
+import type { Cache } from "cache-manager";
 import type { NextFunction, Request, Response } from "express";
 
 @Injectable()
 export class CrawlerDetectionMiddleware implements NestMiddleware {
 	private readonly logger = new Logger("CrawlerDetection");
 
+	constructor(@Inject(CACHE_MANAGER) private cacheManager: Cache) {}
+
 	private readonly SUSPICIOUS_PATTERNS = [
 		/\.env/,
 		/wp-admin/,
@@ -24,7 +28,7 @@ export class CrawlerDetectionMiddleware implements NestMiddleware {
 		/db\./,
 		/backup\./,
 		/cgi-bin/,
-		/\.well-known\/security\.txt/, // Bien que légitime, souvent scanné
+		/\.well-known\/security\.txt/,
 	];
 
 	private readonly BOT_USER_AGENTS = [
@@ -40,11 +44,21 @@ export class CrawlerDetectionMiddleware implements NestMiddleware {
 		/masscan/i,
 	];
 
-	use(req: Request, res: Response, next: NextFunction) {
+	async use(req: Request, res: Response, next: NextFunction) {
 		const { method, url, ip } = req;
 		const userAgent = req.get("user-agent") || "unknown";
 
-		res.on("finish", () => {
+		// Vérifier si l'IP est bannie
+		const isBanned = await this.cacheManager.get(`banned_ip:${ip}`);
+		if (isBanned) {
+			this.logger.warn(`Banned IP attempt: ${ip} -> ${method} ${url}`);
+			res.status(403).json({
+				message: "Access denied: Your IP has been temporarily banned.",
+			});
+			return;
+		}
+
+		res.on("finish", async () => {
 			if (res.statusCode === 404) {
 				const isSuspiciousPath = this.SUSPICIOUS_PATTERNS.some((pattern) =>
 					pattern.test(url),
@@ -57,7 +71,9 @@ export class CrawlerDetectionMiddleware implements NestMiddleware {
 					this.logger.warn(
 						`Potential crawler detected: [${ip}] ${method} ${url} - User-Agent: ${userAgent}`,
 					);
-					// Ici, on pourrait ajouter une logique pour bannir l'IP temporairement via Redis
+
+					// Bannir l'IP pour 24h via Redis
+					await this.cacheManager.set(`banned_ip:${ip}`, true, 86400000);
 				}
 			}
 		});