Cache IP intelligence and add allowed filter

internal/store/store.go

@@ -545,6 +545,43 @@ func (s *Store) ListRecentIPRows(ctx context.Context, since time.Time, limit int
 	return items, nil
 }
 
+func (s *Store) ListIPsWithoutInvestigation(ctx context.Context, since time.Time, limit int) ([]string, error) {
+	if limit <= 0 {
+		limit = 200
+	}
+	query := `
+		SELECT s.ip
+		FROM ip_state s
+		LEFT JOIN ip_investigations i ON i.ip = s.ip
+		WHERE i.ip IS NULL`
+	args := make([]any, 0, 2)
+	if !since.IsZero() {
+		query += ` AND s.last_seen_at >= ?`
+		args = append(args, formatTime(since))
+	}
+	query += ` ORDER BY s.last_seen_at DESC, s.ip ASC LIMIT ?`
+	args = append(args, limit)
+
+	rows, err := s.db.QueryContext(ctx, query, args...)
+	if err != nil {
+		return nil, fmt.Errorf("list ips without investigation: %w", err)
+	}
+	defer rows.Close()
+
+	items := make([]string, 0, limit)
+	for rows.Next() {
+		var ip string
+		if err := rows.Scan(&ip); err != nil {
+			return nil, fmt.Errorf("scan ip without investigation: %w", err)
+		}
+		items = append(items, ip)
+	}
+	if err := rows.Err(); err != nil {
+		return nil, fmt.Errorf("iterate ips without investigation: %w", err)
+	}
+	return items, nil
+}
+
 func (s *Store) GetIPDetails(ctx context.Context, ip string, eventLimit, decisionLimit, actionLimit int) (model.IPDetails, error) {
 	state, _, err := s.GetIPState(ctx, ip)
 	if err != nil {

internal/store/store_test.go

@@ -153,4 +153,11 @@ func TestStoreRecordsEventsAndState(t *testing.T) {
 	if len(userAgents) != 1 || userAgents[0] != event.UserAgent {
 		t.Fatalf("unexpected user agents: %#v", userAgents)
 	}
+	missingInvestigationIPs, err := db.ListIPsWithoutInvestigation(ctx, time.Time{}, 10)
+	if err != nil {
+		t.Fatalf("list ips without investigation: %v", err)
+	}
+	if len(missingInvestigationIPs) != 0 {
+		t.Fatalf("expected no IPs without investigation, got %#v", missingInvestigationIPs)
+	}
 }