feat collect ban data to a log file fix #8

Author: rrd108

README.md

@@ -66,6 +66,11 @@ export default defineNuxtConfig({
     delayOnBan: true  // delay every response with +1sec when the user is banned, default is true
     errorMessage: "Too Many Requests",  // error message when the user is banned, default is "Too Many Requests"
     retryAfterHeader: false, // when the user is banned add the Retry-After header to the response, default is false
+    log: false, // request logging into a file, it accepts a boolean `false`, or an object, default is false - no logging
+    log: {
+      path: "logs", // path to the log file, every day a new log file will be created
+      attempts: 100,    // if an IP reach 100 requests, all the requests will be logged, can be used for further analysis or blocking for example with fail2ban
+    }
     */
   },
 });

playground/nuxt.config.ts

@@ -8,6 +8,10 @@ export default defineNuxtConfig({
     },
     delayOnBan: true,
     retryAfterHeader: true,
+    log: {
+      path: "logs",
+      attempts: 5,
+    },
   },
   nitro: {
     storage: {

src/module.ts

@@ -15,6 +15,7 @@ export interface ModuleOptions {
   delayOnBan: boolean;
   errorMessage: string;
   retryAfterHeader: boolean;
+  log: boolean | { path: string; attempts: number };
 }
 
 export default defineNuxtModule<ModuleOptions>({
@@ -31,6 +32,7 @@ export default defineNuxtModule<ModuleOptions>({
     delayOnBan: true,
     errorMessage: "Too Many Requests",
     retryAfterHeader: false,
+    log: false,
   },
   setup(options, nuxt) {
     const resolver = createResolver(import.meta.url);

src/runtime/server/middleware/shield.ts

@@ -2,6 +2,7 @@ import { createError, defineEventHandler, getRequestIP } from "h3";
 import { useRuntimeConfig, useStorage } from "#imports";
 import type { RateLimit } from "../types/RateLimit";
 import isBanExpired from "../utils/isBanExpired";
+import shieldLog from "../utils/shieldLog";
 
 export default defineEventHandler(async (event) => {
   if (!event.node.req.url?.startsWith("/api/")) {
@@ -21,6 +22,8 @@ export default defineEventHandler(async (event) => {
   const req = await shieldStorage.getItem(`ip:${requestIP}`);
   req.count++;
 
+  shieldLog(req, requestIP, event.node.req.url);
+
   if (isNotRateLimited(req)) {
     return await shieldStorage.setItem(`ip:${requestIP}`, {
       count: req.count,

src/runtime/server/utils/shieldLog.ts

@@ -0,0 +1,29 @@
+import type { RateLimit } from "../types/RateLimit";
+import { useRuntimeConfig } from "#imports";
+import { access, appendFile, mkdir } from "node:fs/promises";
+
+const shieldLog = async (req: RateLimit, requestIP: string, url: string) => {
+  const options = useRuntimeConfig().public.nuxtApiShield;
+  if (options.log?.attempts && req.count >= options.log.attempts) {
+    const logLine = `${requestIP} - (${req.count}) - ${new Date(
+      req.time
+    ).toISOString()} - ${url}\n`;
+
+    const date = new Date().toISOString().split("T")[0].replace(/-/g, "");
+
+    try {
+      await access(options.log.path);
+      await appendFile(`${options.log.path}/shield-${date}.log`, logLine);
+    } catch (error) {
+      if (error.code === "ENOENT") {
+        await mkdir(options.log.path);
+        await appendFile(`${options.log.path}/shield-${date}.log`, logLine);
+      } else {
+        console.error("Unexpected error:", error);
+        // Handle other potential errors
+      }
+    }
+  }
+};
+
+export default shieldLog;

test/basic.test.ts

@@ -2,6 +2,7 @@ import { describe, it, expect } from "vitest";
 import { fileURLToPath } from "node:url";
 import { setup, $fetch } from "@nuxt/test-utils/e2e";
 import { beforeEach } from "vitest";
+import { readFile } from "node:fs/promises";
 
 beforeEach(async () => {
   // TODO await useStorage().clear();
@@ -60,4 +61,11 @@ describe("shield", async () => {
     const response = await $fetch("/api/example", { method: "GET" });
     expect(response.name).toBe("Gauranga");
   });
+
+  it("should created a log file", async () => {
+    const logDate = new Date().toISOString().split("T")[0].replace(/-/g, "");
+    const logFile = `logs/shield-${logDate}.log`;
+    const contents = await readFile(logFile, { encoding: "utf8" });
+    expect(contents).toContain("127.0.0.1");
+  });
 });

test/fixtures/basic/nuxt.config.ts

@@ -10,6 +10,10 @@ export default defineNuxtConfig({
     },
     errorMessage: "Leave me alone",
     retryAfterHeader: true,
+    log: {
+      path: "logs",
+      attempts: 5,
+    },
   },
   nitro: {
     storage: {