feat(*): Add usage metrics support (#135)

* feat(*): Use bouncing_level and capRemediation from remediation engine

* feat(*): Add pushUsageMetrics method and catch Throwable wherever possible

* feat(*): Increment clean origin count when should not bounce is detected

* feat(*): Restrict bouncer to LAPI remediation only

* docs(changelog): Mention unpublished release

* feat(cache): Decrement clean origin count if appsec is used

* feat(captcha): Handle captcha origin count when solved

* feat(metrics): Update origins count after remediation

* feat(origin): Handle clean origin for appsec

* docs(changelog): Prepare next release

* ci(doc links): Add trigger for pull request [skip ci]

Author: julienloizelet

.github/workflows/doc-links.yml

@@ -3,11 +3,14 @@ on:
   push:
     branches:
       - main
+  pull_request:
+    branches:
+      - main
 
 permissions:
   contents: read
 
-name: Documentation links
+name: Documentation links check
 jobs:
   markdown-test:
     name: Markdown files test

CHANGELOG.md

@@ -9,6 +9,32 @@ The [public API](https://semver.org/spec/v2.0.0.html#spec-item-1) of this librar
 
 As far as possible, we try to adhere to [Symfony guidelines](https://symfony.com/doc/current/contributing/code/bc.html#working-on-symfony-code) when deciding whether a change is a breaking change or not.
 
+---
+
+## [4.0.0](https://github.com/crowdsecurity/php-cs-bouncer/releases/tag/v4.0.0) - 202?-??-??
+[_Compare with previous release_](https://github.com/crowdsecurity/php-cs-bouncer/compare/v3.2.0...HEAD)
+
+**This release is not yet published**
+
+### Added
+
+- Add `pushUsageMetrics` method to `AbstractBouncer` class
+- Save origins count item in cache after a remediation has been applied
+
+### Changed
+
+- **Breaking change**: `AbstractBouncer::getRemediationForIp` method returns now an array with `remediation` and 
+  `origin` keys.
+- **Breaking change**: `$remediationEngine` params of `AbstractBouncer` constructor is now a `LapiRemediationEngine` instance
+- **Breaking change**: `AbstractBouncer::getAppSecRemediationForIp` don't need `$remediationEngine` param anymore
+- **Breaking change**: `AbstractBouncer::handleRemediation` requires a new `origin` param
+- Update `crowdsec/remediation-engine` dependency to `v4.0.0`
+
+### Removed
+
+- **Breaking change**: Remove `bouncing_level` constants and configuration as it is now in `crowdsec/remediation-engine` package
+
+
 ---
 
 ## [3.2.0](https://github.com/crowdsecurity/php-cs-bouncer/releases/tag/v3.2.0) - 2024-10-23

composer.json

@@ -41,7 +41,7 @@
     ],
     "require": {
         "php": ">=7.2.5",
-        "crowdsec/remediation-engine": "^3.5.0",
+        "crowdsec/remediation-engine": "^4.0.0",
         "crowdsec/common": "^2.3.2",
         "symfony/config": "^4.4.27 || ^5.2 || ^6.0",
         "twig/twig": "^3.4.2",
@@ -52,6 +52,7 @@
     },
     "require-dev": {
         "phpunit/phpunit": "^8.5.30 || ^9.3",
-        "mikey179/vfsstream": "^1.6.11"
+        "mikey179/vfsstream": "^1.6.11",
+        "nikic/php-parser": "^4.18"
     }
 }

docs/DEVELOPER.md

@@ -146,6 +146,13 @@ Run:
 ddev composer update --working-dir ./my-code/crowdsec-bouncer-lib
 ```
 
+For advanced usage, you can create a `composer-dev.json` file in the `my-code/crowdsec-bouncer-lib` folder and run:
+
+```bash
+ddev exec COMPOSER=composer-dev.json composer update --working-dir ./my-code/crowdsec-bouncer-lib
+```
+
+
 #### Find IP of your docker services
 
 In most cases, you will test to bounce your current IP. As we are running on a docker stack, this is the local host IP.
@@ -222,6 +229,17 @@ We set up some coding standards tools that you will find in the `tools/coding-st
 ddev composer update --working-dir=./my-code/crowdsec-bouncer-lib/tools/coding-standards
 ```
 
+For advanced usage, you can create a `composer-dev.json` file in the 
+`my-code/crowdsec-bouncer-lib/tools/coding-standards` folder and 
+run:
+
+```bash
+ddev exec COMPOSER=composer-dev.json composer update --working-dir ./my-code/crowdsec-bouncer-lib/tools/coding-standards
+```
+
+Then, you can use the following commands:
+
+
 ##### PHPCS Fixer
 
 We are using the [PHP Coding Standards Fixer](https://cs.symfony.com/). With ddev, you can do the following:

docs/USER_GUIDE.md

@@ -30,7 +30,7 @@
 
 ## Description
 
-This library allows you to create CrowdSec bouncers for PHP applications or frameworks like e-commerce, blog or other 
+This library allows you to create CrowdSec LAPI bouncers for PHP applications or frameworks like e-commerce, blog or other 
 exposed applications.
 
 ## Prerequisites
@@ -45,11 +45,11 @@ Please note that first and foremost a CrowdSec agent must be installed on a serv
   - Handle `ip`, `range` and `country` scoped decisions
   - `Live mode` or `Stream mode`
   - AppSec support
+  - Usage metrics support
 - Support IpV4 and Ipv6 (Ipv6 range decisions are yet only supported in `Live mode`) 
 - Large PHP matrix compatibility: from 7.2 to 8.4
 - Built-in support for the most known cache systems Redis, Memcached and PhpFiles
   - Clear, prune and refresh the bouncer cache
-- Cap remediation level (ex: for sensitives websites: ban will be capped to captcha)
 
 
 ## Usage