infrastructure/caddy-opnsense-blocker
2
Fork 0
Code Issues Activity

Add background IP intel and restore dashboard stats

Browse Source
This commit is contained in:
Codex, agent ChatGPT
2026-03-12 11:10:59 +01:00
parent 14a711038b
commit 1822e2148a
9 changed files with 506 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@@ -7,8 +7,9 @@
- Real-time ingestion of multiple Caddy JSON log files.
- One heuristic profile per log source.
- Persistent local state in SQLite.
- Local-only web UI with a sortable “Recent IPs” view for the last 24 hours and a full request history for each selected address.
- Local-only web UI with summary cards, a sortable “Recent IPs” view for the last 24 hours, bot badges, and a full request history for each selected address.
- On-demand IP investigation with persistent caching for bot verification, reverse DNS, RDAP, and Spamhaus lookups.
- Background IP investigation workers so cached intelligence appears without blocking page loads.
- Manual block, unblock, and clear-override actions with OPNsense-aware UI state.
- OPNsense alias backend with automatic alias creation.
- Concurrent polling across multiple log files.
@@ -31,7 +32,7 @@ This keeps the application usable immediately while leaving room for a more adva
- `internal/caddylog`: parses default Caddy JSON access logs
- `internal/engine`: evaluates requests against a profile
- `internal/investigation`: performs on-demand bot verification and IP enrichment
- `internal/investigation`: performs bot verification and IP enrichment
- `internal/store`: persists events, IP state, manual decisions, backend actions, and source offsets
- `internal/opnsense`: manages the target OPNsense alias through its API
- `internal/service`: runs concurrent log followers and applies automatic decisions
@@ -63,6 +64,7 @@ Important points:
- Each source references exactly one profile.
- `initial_position: end` means “start following new lines only” on first boot.
- The `investigation` section controls how long IP enrichment is cached and whether on-demand Spamhaus lookups are enabled.
- The investigation worker can refresh recent IP intelligence in the background so the dashboard stays fast while bot badges and cached intel keep filling in.
- The web UI should stay bound to a local address such as `127.0.0.1:9080`.
## Web UI and API