---
--- Generated by MC(https://www.magentochina.org/)
--- Created by Shua1.
--- DateTime: 2024/04/29 14:32
---
local log = require("waf.log")
local _M = {
    version = 0.1,
    name = "request-log2file"
}
-- 内存队列，用于缓存日志数据
local logQueue = {}
-- 获取当前日期
local function getCurrentDate()
    return os.date("%Y-%m-%d")
end
-- 日志文件路径
local logFilePath = "/uuwaf/logs/access_log_" .. getCurrentDate() .. ".json"
-- 记录的请求数量阈值,降低IOPS
local LOG_THRESHOLD = 10
-- 计数器，用于跟踪已记录的请求数量
local requestCounter = 0

-- 将日志信息写入文件
local function logToFile(filename, logs)
    local file = io.open(filename, "a")
    if not file then
        ngx.log(ngx.ERR, "Failed to open log file: ", filename)
        return
    end

    for _, info in ipairs(logs) do
        local json_str = log.encodeJson(info)
        file:write(json_str .. "\n")
    end

    file:close()
end

-- 判断是否应该记录该请求
local function shouldLogRequest(waf)
    -- 如果是POST请求，则无论URI是否匹配静态文件，都记录
    if ngx.var.request_method == "POST" then
        return true
    end
    -- 排除以静态文件格式为结尾的请求，可根据自身需求修改
    local uri = ngx.var.uri
    if uri:match("/[^/]*%.(js|css|jpg|jpeg|png|gif|svg|webp)$") then
        return false
    end
    return true
end

-- 将日志信息写入内存队列
local function logToMemory(info)
    table.insert(logQueue, info)
    -- 写入文件
    logToFile(logFilePath, logQueue)
end

-- 将内存队列中的日志写入文件
local function flushLogsToFile(premature, filename)
    if not premature then
        if #logQueue > 0 then
            logToFile(filename, logQueue)
            logQueue = {}  -- 清空内存队列
        end
    end
end

-- 截断字符串到指定长度并进行Base64处理
local function truncateString(str, length)
    if str and #str > length then
        str = str:sub(1, length)
    end
    return ngx.encode_base64(str)
end

-- 请求阶段后过滤
function _M.log_pre_filter(waf)
    -- 判断是否应该记录该请求
    if shouldLogRequest(waf) then
        local request_body_short = ""
        local block_action = ""
        local waf_rule_id = ""
        if ngx.var.request_method == "POST" and waf.reqContentLength > 2 then
            local body_data = (waf.form and waf.form["RAW"]) or ''
            if body_data then
                request_body_short = truncateString(body_data, 1000)  -- 截断 request_body_short 并进行 Base64 处理
            end
        end
        if waf.msg then
            block_action = "uuWaf"
            waf_rule_id = waf.rule_id
        end
        local info = {
            ["__time__"] = math.floor(ngx.var.msec),
            ["block_action"] = block_action,
            ["waf_rule_id"] = waf_rule_id,
            ["time"] = ngx.var.time_iso8601,
            ["real_client_ip"] = waf.ip,
            ["server_addr"] = ngx.var.server_addr,
            ["remote_addr"] = ngx.var.http_x_forwarded_for,
            ["scheme"] = ngx.var.scheme,
            ["request_method"] = ngx.var.request_method,
            ["request_uri"] = ngx.var.request_uri,
            ["request_length"] = ngx.var.request_length,
            ["uri"] = ngx.var.uri,
            ["request_time"] = ngx.var.request_time,
            ["body_bytes_sent"] = ngx.var.body_bytes_sent,
            ["request_body"] = request_body_short,
            ["bytes_sent"] = ngx.var.bytes_sent,
            ["status"] = ngx.var.status,
            ["upstream_time"] = ngx.var.upstream_response_time,
            ["upstream_host"] = ngx.var.upstream_addr,
            ["upstream_status"] = ngx.var.upstream_status,
            ["host"] = ngx.var.host,
            ["http_referer"] = ngx.var.http_referer,
            ["http_user_agent"] = ngx.var.http_user_agent,
            ["http_cookie"] = ngx.var.http_cookie
        }
        -- 将日志信息存入内存队列
        table.insert(logQueue, info)
        -- 更新计数器
        requestCounter = requestCounter + 1
        -- 如果达到记录阈值，则执行写入操作，并重置计数器
        if requestCounter >= LOG_THRESHOLD then
            logToFile(logFilePath, logQueue)
            logQueue = {}  -- 清空内存队列
            requestCounter = 0  -- 重置计数器
        end
    end
end

return _M