Compare commits
9 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
8a146a2e1d
|
||
|
|
1ab6e1a969
|
||
|
|
e27a98ca89
|
||
|
|
7b22fd9a4e
|
||
|
|
0706c47a33
|
||
|
|
378c41ddb2
|
||
|
|
65b161dfc6
|
||
|
|
75dca88164
|
||
|
|
fe7683f5b1
|
@@ -42,6 +42,7 @@ DOMAIN_NAME=localhost
|
||||
|
||||
ENABLE_CORS=false
|
||||
CORS_DOMAIN_NAME=localhost
|
||||
SENTRY_DSN=
|
||||
|
||||
# Media Limits (in KB)
|
||||
MAX_IMAGE_SIZE_KB=512
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "@memegoat/backend",
|
||||
"version": "1.9.6",
|
||||
"version": "1.10.1",
|
||||
"description": "",
|
||||
"author": "",
|
||||
"private": true,
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import { CacheModule } from "@nestjs/cache-manager";
|
||||
import { MiddlewareConsumer, Module, NestModule } from "@nestjs/common";
|
||||
import { Logger, MiddlewareConsumer, Module, NestModule } from "@nestjs/common";
|
||||
import { ConfigModule, ConfigService } from "@nestjs/config";
|
||||
import { ScheduleModule } from "@nestjs/schedule";
|
||||
import { ThrottlerModule } from "@nestjs/throttler";
|
||||
@@ -70,12 +70,24 @@ import { UsersModule } from "./users/users.module";
|
||||
isGlobal: true,
|
||||
imports: [ConfigModule],
|
||||
inject: [ConfigService],
|
||||
useFactory: async (config: ConfigService) => ({
|
||||
store: await redisStore({
|
||||
url: `redis://${config.get("REDIS_HOST")}:${config.get("REDIS_PORT")}`,
|
||||
}),
|
||||
ttl: 600, // 10 minutes
|
||||
}),
|
||||
useFactory: async (config: ConfigService) => {
|
||||
const logger = new Logger("RedisCache");
|
||||
return {
|
||||
store: await redisStore({
|
||||
url: `redis://${config.get("REDIS_HOST")}:${config.get("REDIS_PORT")}`,
|
||||
socket: {
|
||||
reconnectStrategy: (retries) => {
|
||||
const delay = Math.min(retries * 50, 2000);
|
||||
logger.warn(
|
||||
`Redis connection lost. Retrying in ${delay}ms (attempt ${retries})`,
|
||||
);
|
||||
return delay;
|
||||
},
|
||||
},
|
||||
}),
|
||||
ttl: 600, // 10 minutes
|
||||
};
|
||||
},
|
||||
}),
|
||||
],
|
||||
controllers: [AppController, HealthController],
|
||||
|
||||
@@ -103,10 +103,9 @@ export class AuthService {
|
||||
}
|
||||
|
||||
async login(dto: LoginDto, userAgent?: string, ip?: string) {
|
||||
this.logger.log(`Login attempt for email: ${dto.email}`);
|
||||
const { email, password } = dto;
|
||||
|
||||
const emailHash = await this.hashingService.hashEmail(email);
|
||||
const emailHash = await this.hashingService.hashEmail(dto.email);
|
||||
this.logger.log(`Login attempt for email hash: ${emailHash}`);
|
||||
const { password } = dto;
|
||||
const user = await this.usersService.findByEmailHash(emailHash);
|
||||
|
||||
if (!user) {
|
||||
|
||||
@@ -15,8 +15,12 @@ export class CategoriesService {
|
||||
) {}
|
||||
|
||||
private async clearCategoriesCache() {
|
||||
this.logger.log("Clearing categories cache");
|
||||
await this.cacheManager.del("categories/all");
|
||||
try {
|
||||
this.logger.log("Clearing categories cache");
|
||||
await this.cacheManager.del("categories/all");
|
||||
} catch (error) {
|
||||
this.logger.error(`Error clearing categories cache: ${error.message}`);
|
||||
}
|
||||
}
|
||||
|
||||
async findAll() {
|
||||
|
||||
90
backend/src/common/filters/http-exception.filter.spec.ts
Normal file
90
backend/src/common/filters/http-exception.filter.spec.ts
Normal file
@@ -0,0 +1,90 @@
|
||||
import { ArgumentsHost, HttpException, HttpStatus } from "@nestjs/common";
|
||||
import { Test, TestingModule } from "@nestjs/testing";
|
||||
import * as Sentry from "@sentry/nestjs";
|
||||
import { AllExceptionsFilter } from "./http-exception.filter";
|
||||
|
||||
jest.mock("@sentry/nestjs", () => ({
|
||||
captureException: jest.fn(),
|
||||
withScope: jest.fn((callback) => {
|
||||
const scope = {
|
||||
setUser: jest.fn(),
|
||||
setTag: jest.fn(),
|
||||
setExtra: jest.fn(),
|
||||
};
|
||||
callback(scope);
|
||||
return scope;
|
||||
}),
|
||||
}));
|
||||
|
||||
describe("AllExceptionsFilter", () => {
|
||||
let filter: AllExceptionsFilter;
|
||||
|
||||
beforeEach(async () => {
|
||||
const module: TestingModule = await Test.createTestingModule({
|
||||
providers: [AllExceptionsFilter],
|
||||
}).compile();
|
||||
|
||||
filter = module.get<AllExceptionsFilter>(AllExceptionsFilter);
|
||||
});
|
||||
|
||||
it("should hash the IP address and send it to Sentry for 500 errors", () => {
|
||||
const mockResponse = {
|
||||
status: jest.fn().mockReturnThis(),
|
||||
json: jest.fn().mockReturnThis(),
|
||||
};
|
||||
const mockRequest = {
|
||||
url: "/test",
|
||||
method: "GET",
|
||||
ip: "127.0.0.1",
|
||||
user: { sub: "user-123" },
|
||||
};
|
||||
const mockArgumentsHost = {
|
||||
switchToHttp: () => ({
|
||||
getResponse: () => mockResponse,
|
||||
getRequest: () => mockRequest,
|
||||
}),
|
||||
} as ArgumentsHost;
|
||||
|
||||
const exception = new Error("Internal Server Error");
|
||||
|
||||
filter.catch(exception, mockArgumentsHost);
|
||||
|
||||
expect(mockResponse.status).toHaveBeenCalledWith(
|
||||
HttpStatus.INTERNAL_SERVER_ERROR,
|
||||
);
|
||||
expect(Sentry.withScope).toHaveBeenCalled();
|
||||
|
||||
// Vérifier que captureException a été appelé (via withScope)
|
||||
expect(Sentry.captureException).toHaveBeenCalledWith(exception);
|
||||
});
|
||||
|
||||
it("should include hashed IP in logs", () => {
|
||||
const loggerSpy = jest.spyOn((filter as any).logger, "warn");
|
||||
const mockResponse = {
|
||||
status: jest.fn().mockReturnThis(),
|
||||
json: jest.fn().mockReturnThis(),
|
||||
};
|
||||
const mockRequest = {
|
||||
url: "/test",
|
||||
method: "GET",
|
||||
ip: "1.2.3.4",
|
||||
};
|
||||
const mockArgumentsHost = {
|
||||
switchToHttp: () => ({
|
||||
getResponse: () => mockResponse,
|
||||
getRequest: () => mockRequest,
|
||||
}),
|
||||
} as ArgumentsHost;
|
||||
|
||||
const exception = new HttpException("Bad Request", HttpStatus.BAD_REQUEST);
|
||||
|
||||
filter.catch(exception, mockArgumentsHost);
|
||||
|
||||
expect(mockResponse.status).toHaveBeenCalledWith(HttpStatus.BAD_REQUEST);
|
||||
|
||||
// L'IP 1.2.3.4 hachée en SHA256 contient un hash de 64 caractères
|
||||
const logCall = loggerSpy.mock.calls[0][0];
|
||||
expect(logCall).toMatch(/[a-f0-9]{64}/);
|
||||
expect(logCall).not.toContain("1.2.3.4");
|
||||
});
|
||||
});
|
||||
@@ -1,3 +1,4 @@
|
||||
import { createHash } from "node:crypto";
|
||||
import {
|
||||
ArgumentsHost,
|
||||
Catch,
|
||||
@@ -39,6 +40,11 @@ export class AllExceptionsFilter implements ExceptionFilter {
|
||||
const userId = request.user?.sub || request.user?.id;
|
||||
const userPart = userId ? `[User: ${userId}] ` : "";
|
||||
|
||||
const ip = request.ip || "unknown";
|
||||
const hashedIp = createHash("sha256")
|
||||
.update(ip as string)
|
||||
.digest("hex");
|
||||
|
||||
const errorResponse = {
|
||||
statusCode: status,
|
||||
timestamp: new Date().toISOString(),
|
||||
@@ -51,14 +57,20 @@ export class AllExceptionsFilter implements ExceptionFilter {
|
||||
};
|
||||
|
||||
if (status === HttpStatus.INTERNAL_SERVER_ERROR) {
|
||||
Sentry.captureException(exception);
|
||||
Sentry.withScope((scope) => {
|
||||
scope.setUser({
|
||||
id: userId,
|
||||
ip_address: hashedIp,
|
||||
});
|
||||
Sentry.captureException(exception);
|
||||
});
|
||||
this.logger.error(
|
||||
`${userPart}${request.method} ${request.url} - Error: ${exception instanceof Error ? exception.message : "Unknown error"}`,
|
||||
`${userPart}${hashedIp} ${request.method} ${request.url} - Error: ${exception instanceof Error ? exception.message : "Unknown error"}`,
|
||||
exception instanceof Error ? exception.stack : "",
|
||||
);
|
||||
} else {
|
||||
this.logger.warn(
|
||||
`${userPart}${request.method} ${request.url} - Status: ${status} - Message: ${JSON.stringify(message)}`,
|
||||
`${userPart}${hashedIp} ${request.method} ${request.url} - Status: ${status} - Message: ${JSON.stringify(message)}`,
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
import { createHash } from "node:crypto";
|
||||
import { CACHE_MANAGER } from "@nestjs/cache-manager";
|
||||
import { Inject, Injectable, Logger, NestMiddleware } from "@nestjs/common";
|
||||
import type { Cache } from "cache-manager";
|
||||
@@ -48,14 +49,25 @@ export class CrawlerDetectionMiddleware implements NestMiddleware {
|
||||
const { method, url, ip } = req;
|
||||
const userAgent = req.get("user-agent") || "unknown";
|
||||
|
||||
const hashedIp = createHash("sha256")
|
||||
.update(ip as string)
|
||||
.digest("hex");
|
||||
|
||||
// Vérifier si l'IP est bannie
|
||||
const isBanned = await this.cacheManager.get(`banned_ip:${ip}`);
|
||||
if (isBanned) {
|
||||
this.logger.warn(`Banned IP attempt: ${ip} -> ${method} ${url}`);
|
||||
res.status(403).json({
|
||||
message: "Access denied: Your IP has been temporarily banned.",
|
||||
});
|
||||
return;
|
||||
try {
|
||||
const isBanned = await this.cacheManager.get(`banned_ip:${ip}`);
|
||||
if (isBanned) {
|
||||
this.logger.warn(`Banned IP attempt: ${hashedIp} -> ${method} ${url}`);
|
||||
res.status(403).json({
|
||||
message: "Access denied: Your IP has been temporarily banned.",
|
||||
});
|
||||
return;
|
||||
}
|
||||
} catch (error) {
|
||||
this.logger.error(
|
||||
`Error checking ban status for IP ${hashedIp}: ${error.message}`,
|
||||
);
|
||||
// On continue même en cas d'erreur Redis pour ne pas bloquer les utilisateurs légitimes
|
||||
}
|
||||
|
||||
res.on("finish", async () => {
|
||||
@@ -69,11 +81,15 @@ export class CrawlerDetectionMiddleware implements NestMiddleware {
|
||||
|
||||
if (isSuspiciousPath || isBotUserAgent) {
|
||||
this.logger.warn(
|
||||
`Potential crawler detected: [${ip}] ${method} ${url} - User-Agent: ${userAgent}`,
|
||||
`Potential crawler detected: [${hashedIp}] ${method} ${url} - User-Agent: ${userAgent}`,
|
||||
);
|
||||
|
||||
// Bannir l'IP pour 24h via Redis
|
||||
await this.cacheManager.set(`banned_ip:${ip}`, true, 86400000);
|
||||
try {
|
||||
await this.cacheManager.set(`banned_ip:${ip}`, true, 86400000);
|
||||
} catch (error) {
|
||||
this.logger.error(`Error banning IP ${hashedIp}: ${error.message}`);
|
||||
}
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
@@ -34,8 +34,12 @@ export class ContentsService {
|
||||
) {}
|
||||
|
||||
private async clearContentsCache() {
|
||||
this.logger.log("Clearing contents cache");
|
||||
await this.cacheManager.clear();
|
||||
try {
|
||||
this.logger.log("Clearing contents cache");
|
||||
await this.cacheManager.del("contents/all");
|
||||
} catch (error) {
|
||||
this.logger.error(`Error clearing contents cache: ${error.message}`);
|
||||
}
|
||||
}
|
||||
|
||||
async getUploadUrl(userId: string, fileName: string) {
|
||||
|
||||
@@ -1,6 +1,8 @@
|
||||
import { createHash } from "node:crypto";
|
||||
import { Logger, ValidationPipe } from "@nestjs/common";
|
||||
import { ConfigService } from "@nestjs/config";
|
||||
import { NestFactory } from "@nestjs/core";
|
||||
import { NestExpressApplication } from "@nestjs/platform-express";
|
||||
import * as Sentry from "@sentry/nestjs";
|
||||
import { nodeProfilingIntegration } from "@sentry/profiling-node";
|
||||
import helmet from "helmet";
|
||||
@@ -8,10 +10,13 @@ import { AppModule } from "./app.module";
|
||||
import { AllExceptionsFilter } from "./common/filters/http-exception.filter";
|
||||
|
||||
async function bootstrap() {
|
||||
const app = await NestFactory.create(AppModule);
|
||||
const app = await NestFactory.create<NestExpressApplication>(AppModule);
|
||||
const configService = app.get(ConfigService);
|
||||
const logger = new Logger("Bootstrap");
|
||||
|
||||
// Activer trust proxy pour récupérer l'IP réelle derrière un reverse proxy
|
||||
app.set("trust proxy", true);
|
||||
|
||||
const sentryDsn = configService.get<string>("SENTRY_DSN");
|
||||
if (sentryDsn) {
|
||||
Sentry.init({
|
||||
@@ -20,6 +25,15 @@ async function bootstrap() {
|
||||
tracesSampleRate: 1.0,
|
||||
profilesSampleRate: 1.0,
|
||||
sendDefaultPii: false, // RGPD
|
||||
beforeSend(event) {
|
||||
// Hachage de l'IP utilisateur pour Sentry si elle est présente
|
||||
if (event.user?.ip_address) {
|
||||
event.user.ip_address = createHash("sha256")
|
||||
.update(event.user.ip_address)
|
||||
.digest("hex");
|
||||
}
|
||||
return event;
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
@@ -33,8 +33,12 @@ export class UsersService {
|
||||
) {}
|
||||
|
||||
private async clearUserCache(username?: string) {
|
||||
if (username) {
|
||||
await this.cacheManager.del(`users/profile/${username}`);
|
||||
try {
|
||||
if (username) {
|
||||
await this.cacheManager.del(`users/profile/${username}`);
|
||||
}
|
||||
} catch (error) {
|
||||
this.logger.error(`Error clearing user cache: ${error.message}`);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -104,6 +104,7 @@ services:
|
||||
ENABLE_CORS: ${ENABLE_CORS:-true}
|
||||
CLAMAV_HOST: memegoat-clamav
|
||||
CLAMAV_PORT: 3310
|
||||
SENTRY_DSN: ${SENTRY_DSN}
|
||||
MAX_IMAGE_SIZE_KB: 1024
|
||||
MAX_GIF_SIZE_KB: 4096
|
||||
|
||||
|
||||
@@ -98,6 +98,7 @@ services:
|
||||
ENABLE_CORS: ${ENABLE_CORS:-true}
|
||||
CLAMAV_HOST: clamav
|
||||
CLAMAV_PORT: 3310
|
||||
SENTRY_DSN: ${SENTRY_DSN}
|
||||
|
||||
clamav:
|
||||
image: clamav/clamav:1.4
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "@memegoat/frontend",
|
||||
"version": "1.9.6",
|
||||
"version": "1.10.1",
|
||||
"private": true,
|
||||
"scripts": {
|
||||
"dev": "next dev",
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "@memegoat/source",
|
||||
"version": "1.9.6",
|
||||
"version": "1.10.1",
|
||||
"description": "",
|
||||
"scripts": {
|
||||
"version:get": "cmake -P version.cmake GET",
|
||||
|
||||
Reference in New Issue
Block a user