1
<?php
2
/**
3
 * This file is part of the Shieldon package.
4
 *
5
 * (c) Terry L. <contact@terryl.in>
6
 *
7
 * For the full copyright and license information, please view the LICENSE
8
 * file that was distributed with this source code.
9
 * 
10
 * php version 7.1.0
11
 * 
12
 * @category  Web-security
13
 * @package   Shieldon
14
 * @author    Terry Lin <contact@terryl.in>
15
 * @copyright 2019 terrylinooo
16
 * @license   https://github.com/terrylinooo/shieldon/blob/2.x/LICENSE MIT
17
 * @link      https://github.com/terrylinooo/shieldon
18
 * @see       https://shieldon.io
19
 */
20

21
declare(strict_types=1);
22

23
namespace Shieldon\Firewall\Log;
24

25
use Shieldon\Firewall\Log\ActionLogger as Logger;
26

27
use function date;
28
use function round;
29
use function strtotime;
30

31
/**
32
 * Parse the log files that created by ActionLogger.
33
 */
34
final class ActionLogParser
35
{
36
    // Log codes. Same as Shieldon action codes.
37
    const LOG_BAN = 0;
38
    const LOG_ALLOW = 1;    
39
    const LOG_TEMPORARILY_BAN = 2;
40
    const LOG_UNBAN = 9;
41
    
42
    const LOG_LIMIT = 3;
43
    const LOG_PAGEVIEW = 11;
44
    const LOG_BLACKLIST = 98;
45
    const LOG_CAPTCHA = 99;
46

47
    /**
48
     * Statistic data fields.
49
     *
50
     * @var array
51
     */
52
    protected $fields = [];
53
    
54
    /**
55
     * Period type of the statistic data.
56
     *
57
     * @var array
58
     */
59
    protected $periods = [];
60

61
    /**
62
     * Data detail.
63
     * 
64
     * For example:
65
     * $this->periodDetail['today']['12:00 am'][$field] = 7;
66
     *
67
     * @var array
68
     */
69
    protected $periodDetail = [];
70

71
    /**
72
     * IP Detail
73
     * 
74
     * For example:
75
     * $this->ipDetail['today']['127.0.0.1'][$fields] = 6;
76
     *
77
     * @var array
78
     */
79
    protected $ipDetail = [];
80

81
    /**
82
     * ActionLogger instance.
83
     *
84
     * @var ActionLogger
85
     */
86
    protected $logger;
87

88
    /**
89
     * Period type.
90
     *
91
     * @var string
92
     */
93
    protected $type = 'today';
94

95
    /**
96
     * Constructer.
97
     *
98
     * @param string $directory The directory where to store the logs in.
99
     */
100 3
    public function __construct(string $directory = '') 
101
    {
102 3
        if (!isset($this->logger)) {
103 3
            $this->logger = new Logger($directory);
104
        }
105

106 3
        $this->fields = [
107
            'captcha_count',
108
            'captcha_success_count',
109
            'captcha_failure_count',
110
            'pageview_count',
111
            'action_ban_count',
112
            'action_temp_ban_count',
113
            'action_unban_count',
114
            'blacklist_count',
115
            'session_limit_count',
116
            'captcha_failure_percentage',
117
            'captcha_success_percentage',
118
        ];
119

120
        // range: today ~ now
121 3
        $this->periods['today'] = [
122 3
            'timestamp_begin' => strtotime('today'),
123 3
            'timestamp_end'   => strtotime('tomorrow'),
124 3
            'display_format' =>'h:00 a',
125 3
            'display_count'  => 24,
126 3
            'period'         => 3600,
127
        ];
128
        
129
        // range: yesterday ~ today
130 3
        $this->periods['yesterday'] = [
131 3
            'timestamp_begin' => strtotime('yesterday'),
132 3
            'timestamp_end'   => strtotime('today'),
133 3
            'display_format' =>'H:00',
134 3
            'display_count'  => 24,
135 3
            'period'         => 3600,
136
        ];
137

138
        // range: past_seven_hours ~ now
139 3
        $this->periods['past_seven_hours'] = [
140 3
            'timestamp_begin' => strtotime(date('Y-m-d H:00:00', strtotime('-7 hours'))),
141 3
            'timestamp_end'   => strtotime(date('Y-m-d H:00:00', strtotime('-1 hours'))),
142 3
            'display_format' =>'H:00',
143 3
            'display_count'  => 7,
144 3
            'period'         => 3600,
145
        ];
146

147
        // range: past_seven_days ~ today
148 3
        $this->periods['past_seven_days'] = [
149 3
            'timestamp_begin' => strtotime(date('Ymd', strtotime('-7 days'))),
150 3
            'timestamp_end'   => strtotime('today'),
151 3
            'display_format' => 'D',
152 3
            'display_count'  => 7,
153 3
            'period'         => 86400,
154
        ];
155

156
        // range: last_month ~ today
157 3
        $this->periods['this_month'] = [
158 3
            'timestamp_begin' => strtotime(gmdate('Ym' . '01')),
159 3
            'timestamp_end'   => strtotime('today'),
160 3
            'display_format' =>'Y.m.d',
161 3
            'display_count'  => gmdate('j'),
162 3
            'period'         => 86400,   
163
        ];
164

165
        // range: last_month ~ this_month
166 3
        $this->periods['last_month'] = [
167 3
            'timestamp_begin' => strtotime(gmdate('Ym' . '01', strtotime('-1 months'))),
168 3
            'timestamp_end'   => strtotime(gmdate('Ym' . '01')),
169 3
            'display_format' =>'Y.m.d',
170 3
            'display_count'  => gmdate('j', strtotime('-1 months')),
171 3
            'period'         => 86400,          
172
        ];
173
    }
174

175
    /**
176
     * Get the start and end date depends on the log type.
177
     *
178
     * @return array
179
     */
180 3
    protected function getStartEndDate(): array
181
    {
182
        $dataRange = [
183
            'yesterday' => [
184 3
                'start' => date('Ymd', strtotime('yesterday')),
185 3
                'end'   => date('Ymd'),
186
            ],
187
            'past_seven_days' => [
188 3
                'start' => date('Ymd', strtotime('-7 days')),
189 3
                'end'   => date('Ymd'),
190
            ],
191
            'this_month' => [
192 3
                'start' => date('Ym') . '01',
193 3
                'end'   => date('Ym') . '31',
194
            ],
195
            'last_month' => [
196 3
                'start' => date('Ym', strtotime('-1 month')) . '01',
197 3
                'end'   => date('Ym', strtotime('-1 month')) . '31',
198
            ],
199
            'past_seven_hours' => [
200 3
                'start' => date('Ymd', strtotime('yesterday')),
201 3
                'end'   => date('Ymd'),
202
            ],
203
            'today' => [
204 3
                'start' => date('Ymd'),
205 3
                'end'   => '',
206
            ],
207
        ];
208

209 3
        if (empty($dataRange[$this->type])) {
210 3
            if (preg_match('/past_([0-9]+)_days/', $this->type, $matches) ) {
211 3
                $dayCount = $matches[1];
212 3
                $startDate = date('Ymd', strtotime('-' . $dayCount . ' days'));
213 3
                $endDate = date('Ymd');
214

215 3
                $this->periods['past_' . $dayCount . '_days'] = [
216 3
                    'timestamp_begin' => strtotime(date('Ymd', strtotime('-' . $dayCount . ' days'))),
217 3
                    'timestamp_end'   => strtotime('today'),
218 3
                    'display_format' => 'D',
219 3
                    'display_count'  => $dayCount,
220 3
                    'period'         => 86400,
221
                ];
222
            } else {
223 3
                $startDate = date('Ymd');
224 3
                $endDate = '';
225 3
                $this->periods[$this->type] = $this->periods['today'];
226
            }
227
        } else {
228 3
            $startDate = $dataRange[$this->type]['start'];
229 3
            $endDate = $dataRange[$this->type]['end'];
230
        }
231

232
        return [
233 3
            'start' => $startDate,
234 3
            'end' => $endDate,
235
        ];
236
    }
237

238
    /**
239
     * Parse specific period of time of data.
240
     * 
241
     * Warning: This method may take long time to generate real-time stats on a high-traffic website.
242
     * Aprroximately 10,000 rows for 3-5 seconds, depnonds on your server's CPU speed.
243
     *
244
     * @return void
245
     */
246 3
    public function parsePeriodData(): void
247
    {
248 3
        $dateRange = $this->getStartEndDate();
249 3
        $startDate = $dateRange['start'];
250 3
        $endDate = $dateRange['end'];
251

252
        // Fetch data from log files.
253 3
        $logs = $this->logger->get($startDate, $endDate);
254

255 3
        foreach ($logs as $log) {
256

257 3
            $logTimesamp = (int) $log['timestamp'];
258 3
            $logIp = $log['ip'];
259

260
            // Add a new field `datetime` that original logs don't have.
261 3
            $log['datetime'] = date('Y-m-d H:i:s', $logTimesamp);
262
            
263 3
            foreach (array_keys($this->periods) as $t) {
264

265 3
                for ($i = 0; $i < $this->periods[$t]['display_count']; $i++) {
266

267 3
                    $kTimesamp = $this->periods[$t]['timestamp_begin'] + ($i * $this->periods[$t]['period']);
268

269 3
                    $detailTimesampBegin = $kTimesamp;
270 3
                    $detailTimesampEnd = $kTimesamp + $this->periods[$t]['period'];
271

272 3
                    $k = date($this->periods[$t]['display_format'], $kTimesamp);
273

274
                    // Initialize all the counters.
275 3
                    foreach ($this->fields as $field) {
276 3
                        if (!isset($this->periodDetail[$t][$k][$field])) {
277 3
                            $this->periodDetail[$t][$k][$field] = 0;
278
                        }
279

280 3
                        if ($logTimesamp >= $detailTimesampBegin && $logTimesamp < $detailTimesampEnd) {
281 3
                            if (!isset($this->ipDetail[$t][$logIp][$field])) {
282 3
                                $this->ipDetail[$t][$logIp][$field] = 0;
283
                            }
284
                        }
285
                    }
286

287
                    // Initialize all the counters.
288 3
                    if ($logTimesamp >= $detailTimesampBegin && $logTimesamp < $detailTimesampEnd) {
289 3
                        $this->parse($log, $t, $k);
290
                    }
291
                }
292
            }
293
        }
294
    }
295
    
296
    /**
297
     * Prepare data.
298
     *
299
     * @param string $type Period type.
300
     *
301
     * @return void
302
     */
303 3
    public function prepare(string $type = 'today'): void
304
    {
305 3
        $this->type = $type;
306

307 3
        $this->parsePeriodData();
308
    }
309

310
    /**
311
     * Get data
312
     *
313
     * @return array
314
     */
315 3
    public function getPeriodData()
316
    {
317 3
        if (!empty($this->periodDetail[$this->type])) {
318 3
            return $this->periodDetail[$this->type];
319
        }
320 3
        return [];
321
    }
322

323
    /**
324
     * Get data
325
     *
326
     * @return array
327
     */
328 3
    public function getIpData()
329
    {
330 3
        if (!empty($this->ipDetail[$this->type])) {
331 3
            return $this->ipDetail[$this->type];
332
        }
333 3
        return [];
334
    }
335

336
    /**
337
     * Get parsed perid data.
338
     *
339
     * @param string $ip The IP address.
340
     *
341
     * @return array
342
     */
343 3
    public function getParsedIpData($ip = ''): array
344
    {
345 3
        if (empty($ip)) {
346 3
            return [];
347
        }
348

349 3
        $results = [];
350

351 3
        $results['captcha_chart_string']       = ''; // string
352 3
        $results['pageview_chart_string']      = ''; // string
353 3
        $results['captcha_success_count']      = 0;  // integer
354 3
        $results['captcha_failure_count']      = 0;  // integer
355 3
        $results['captcha_count']              = 0;  // integer
356 3
        $results['pageview_count']             = 0;  // integer
357 3
        $results['captcha_percentageage']      = 0;  // integer
358 3
        $results['captcha_failure_percentage'] = 0;  // integer
359 3
        $results['captcha_success_percentage'] = 0;  // integer
360 3
        $results['action_ban_count']           = 0;  // integer
361 3
        $results['action_temp_ban_count']      = 0;  // integer
362 3
        $results['action_unban_count']         = 0;  // integer
363 3
        $results['blacklist_count']            = 0;  // integer
364 3
        $results['session_limit_count']        = 0;  // integer
365

366 3
        $ipdData = $this->getIpData();
367

368 3
        if (!empty($ipdData)) {
369

370 3
            foreach ($ipdData as $ipKey => $ipInfo) {
371

372 3
                if ($ipKey === $ip) {
373 3
                    $results['captcha_success_count'] += $ipInfo['captcha_success_count'];
374 3
                    $results['captcha_failure_count'] += $ipInfo['captcha_failure_count'];
375 3
                    $results['captcha_count']         += $ipInfo['captcha_count'];
376 3
                    $results['pageview_count']        += $ipInfo['pageview_count'];
377 3
                    $results['action_ban_count']      += $ipInfo['action_ban_count'];
378 3
                    $results['action_temp_ban_count'] += $ipInfo['action_temp_ban_count'];
379 3
                    $results['action_unban_count']    += $ipInfo['action_unban_count'];
380 3
                    $results['blacklist_count']       += $ipInfo['blacklist_count'];
381 3
                    $results['session_limit_count']   += $ipInfo['session_limit_count'];
382
                }
383
            }
384

385 3
            if ($results['captcha_count'] > 0) {
386 3
                $results['captcha_percentageage'] = (int) (round($results['captcha_count'] / ($results['captcha_count'] + $results['pageview_count']), 2) * 100);
387 3
                $results['captcha_failure_percentage'] = (int) (round($results['captcha_failure_count'] / $results['captcha_count'], 2) * 100);
388 3
                $results['captcha_success_percentage'] = (int) (round($results['captcha_success_count'] / $results['captcha_count'], 2) * 100);
389
            }
390
        }
391

392 3
        return $results;
393
    }
394

395
    /**
396
     * Get parsed perid data.
397
     *
398
     * @return array
399
     */
400 3
    public function getParsedPeriodData(): array
401
    {
402 3
        $periodData = $this->getPeriodData();
403

404 3
        $results = [];
405

406 3
        $results['label_chart_string']         = ''; // string
407 3
        $results['captcha_chart_string']       = ''; // string
408 3
        $results['pageview_chart_string']      = ''; // string
409 3
        $results['captcha_success_count']      = 0;  // integer
410 3
        $results['captcha_failure_count']      = 0;  // integer
411 3
        $results['captcha_count']              = 0;  // integer
412 3
        $results['pageview_count']             = 0;  // integer
413 3
        $results['captcha_percentageage']      = 0;  // integer
414 3
        $results['captcha_failure_percentage'] = 0;  // integer
415 3
        $results['captcha_success_percentage'] = 0;  // integer
416 3
        $results['action_ban_count']           = 0;  // integer
417 3
        $results['action_temp_ban_count']      = 0;  // integer
418 3
        $results['action_unban_count']         = 0;  // integer
419 3
        $results['blacklist_count']            = 0;  // integer
420 3
        $results['session_limit_count']        = 0;  // integer
421

422 3
        if (!empty($periodData)) {
423

424 3
            $chartCaptcha = [];
425 3
            $chartPageview = [];
426 3
            $chartCaptchaSuccess = [];
427 3
            $chartCaptchaFailure = [];
428 3
            $labels = [];
429

430 3
            foreach ($periodData as $label => $period) {
431 3
                $labels[] = $label;
432

433 3
                $chartCaptcha[]        = $period['captcha_count'];
434 3
                $chartPageview[]       = $period['pageview_count'];
435 3
                $chartCaptchaSuccess[] = $period['captcha_success_count'];
436 3
                $chartCaptchaFailure[] = $period['captcha_failure_count'];
437
    
438 3
                $results['captcha_success_count'] += $period['captcha_success_count'];
439 3
                $results['captcha_failure_count'] += $period['captcha_failure_count'];
440 3
                $results['captcha_count']         += $period['captcha_count'];
441 3
                $results['pageview_count']        += $period['pageview_count'];
442 3
                $results['action_ban_count']      += $period['action_ban_count'];
443 3
                $results['action_temp_ban_count'] += $period['action_temp_ban_count'];
444 3
                $results['action_unban_count']    += $period['action_unban_count'];
445 3
                $results['blacklist_count']       += $period['blacklist_count'];
446 3
                $results['session_limit_count']   += $period['session_limit_count'];
447
            }
448

449 3
            $results['captcha_chart_string']         = implode(',', $chartCaptcha);
450 3
            $results['pageview_chart_string']        = implode(',', $chartPageview);
451 3
            $results['captcha_success_chart_string'] = implode(',', $chartCaptchaSuccess);
452 3
            $results['captcha_failure_chart_string'] = implode(',', $chartCaptchaFailure);
453 3
            $results['label_chart_string']           = "'" . implode("','", $labels) . "'";
454

455 3
            if ($results['captcha_count'] > 0) {
456 3
                $results['captcha_percentageage'] = (int) (round($results['captcha_count'] / ($results['captcha_count'] + $results['pageview_count']), 2) * 100);
457 3
                $results['captcha_failure_percentage'] = (int) (round($results['captcha_failure_count'] / $results['captcha_count'], 2) * 100);
458 3
                $results['captcha_success_percentage'] = (int) (round($results['captcha_success_count'] / $results['captcha_count'], 2) * 100);
459
            }
460
        }
461

462 3
        return $results;
463
    }
464

465
    /**
466
     * Parse log data for showing on dashboard.
467
     *
468
     * @param array  $log The log action code.
469
     * @param string $t   Time period type. (For example: `today`, `yesterday`, `past_seven_days`)
470
     * @param string $k   Time period key. (For example: `12:00 am`, `20190812`)
471
     *
472
     * @return void
473
     */
474 3
    private function parse($log, $t, $k): void
475
    {
476 3
        $logActionCode = (int) $log['action_code'];
477 3
        $ip = $log['ip'];
478 3
        $sessionId = $log['session_id'];
479

480 3
        $this->ipDetail[$t][$ip]['session_id'][$sessionId ] = 1;
481

482 3
        if ($logActionCode === self::LOG_TEMPORARILY_BAN) {
483 3
            $this->periodDetail[$t][$k]['action_temp_ban_count']++;
484 3
            $this->periodDetail[$t][$k]['captcha_count']++;
485 3
            $this->periodDetail[$t][$k]['captcha_failure_count']++;
486

487 3
            $this->ipDetail[$t][$ip]['action_temp_ban_count']++;
488 3
            $this->ipDetail[$t][$ip]['captcha_count']++;
489 3
            $this->ipDetail[$t][$ip]['captcha_failure_count']++;
490
        }
491

492 3
        if ($logActionCode === self::LOG_BAN) {
493 3
            $this->periodDetail[$t][$k]['action_ban_count']++;
494 3
            $this->ipDetail[$t][$ip]['action_ban_count']++;
495
        }
496

497 3
        if ($logActionCode === self::LOG_UNBAN) {
498 3
            $this->periodDetail[$t][$k]['action_unban_count']++;
499 3
            $this->periodDetail[$t][$k]['captcha_success_count']++;
500 3
            $this->periodDetail[$t][$k]['captcha_failure_count']--;
501

502 3
            $this->ipDetail[$t][$ip]['action_unban_count']++;
503 3
            $this->ipDetail[$t][$ip]['captcha_success_count']++;
504 3
            $this->ipDetail[$t][$ip]['captcha_failure_count']--;
505
        }
506

507 3
        if ($logActionCode === self::LOG_CAPTCHA) {
508 3
            $this->periodDetail[$t][$k]['captcha_count']++;
509 3
            $this->periodDetail[$t][$k]['captcha_failure_count']++;
510

511 3
            $this->ipDetail[$t][$ip]['captcha_count']++;
512 3
            $this->ipDetail[$t][$ip]['captcha_failure_count']++;
513
        }
514

515 3
        if ($logActionCode === self::LOG_BLACKLIST) {
516 3
            $this->periodDetail[$t][$k]['blacklist_count']++;
517 3
            $this->ipDetail[$t][$ip]['blacklist_count']++;
518
        }
519

520 3
        if ($logActionCode === self::LOG_PAGEVIEW) {
521 3
            $this->periodDetail[$t][$k]['pageview_count']++;
522 3
            $this->ipDetail[$t][$ip]['pageview_count']++;
523
        }
524

525 3
        if ($logActionCode === self::LOG_LIMIT) {
526 3
            $this->periodDetail[$t][$k]['session_limit_count']++;
527 3
            $this->ipDetail[$t][$ip]['session_limit_count']++;
528
        }
529
    }
530

531
    /**
532
     * Return current log's directory.
533
     *
534
     * @return string
535
     */
536 3
    public function getDirectory(): string
537
    {
538 3
        return $this->logger->getDirectory();
539
    }
540
}

Read our documentation on viewing source code .

Loading