changed workflow from live computation to scheduled job to support previous structure

src/handler.py

@@ -512,7 +512,6 @@ class Handler(BaseHTTPRequestHandler):
         if self.config.dashboard_secret_path and self.path.startswith(
             f"{self.config.dashboard_secret_path}/static/"
         ):
-            import os
 
             file_path = self.path.replace(
                 f"{self.config.dashboard_secret_path}/static/", ""
@@ -563,7 +562,6 @@ class Handler(BaseHTTPRequestHandler):
                         stats, self.config.dashboard_secret_path
                     ).encode()
                 )
-                self.wfile.write(generate_dashboard(stats, self.config.dashboard_secret_path).encode())
             except BrokenPipeError:
                 pass
             except Exception as e:
@@ -811,7 +809,7 @@ class Handler(BaseHTTPRequestHandler):
                 result = db.get_top_ips_paginated(
                     page=page,
                     page_size=page_size,
-                    pathsort_by=sort_by,
+                    sort_by=sort_by,
                     sort_order=sort_order,
                 )
                 self.wfile.write(json.dumps(result).encode())
@@ -941,38 +939,42 @@ class Handler(BaseHTTPRequestHandler):
 
         # API endpoint for downloading malicious IPs blocklist file
         if (
-            self.config.dashboard_secret_path and
+            self.config.dashboard_secret_path
-            request_path == f"{self.config.dashboard_secret_path}/api/get_banlist"
+            and request_path == f"{self.config.dashboard_secret_path}/api/get_banlist"
         ):
 
             # get fwtype from request params
             fwtype = query_params.get("fwtype", ["iptables"])[0]
 
-            # Query distinct suspicious IPs
+            file_path = os.path.join(
-            results = (
+                os.path.dirname(__file__), "exports", f"{fwtype}.txt"
-                session.query(distinct(AccessLog.ip))
-                .filter(AccessLog.is_suspicious == True)
-                .all()
             )
-
+            try:
-            # Filter out local/private IPs and the server's own IP
+                if os.path.exists(file_path):
-            config = get_config()
+                    with open(file_path, "rb") as f:
-            server_ip = config.get_server_ip()
+                        content = f.read()
-            public_ips = [ip for (ip,) in results if is_valid_public_ip(ip, server_ip)]
-
-            # get specific fwtype based on query parameter
-            fwtype_parser = FWType.create(fwtype)
-            banlist = fwtype_parser.getBanlist(public_ips)
-
                     self.send_response(200)
                     self.send_header("Content-type", "text/plain")
                     self.send_header(
                         "Content-Disposition",
                         f'attachment; filename="{fwtype}.txt"',
                     )
-            self.send_header("Content-Length", str(len(banlist)))
+                    self.send_header("Content-Length", str(len(content)))
                     self.end_headers()
-            self.wfile.write(banlist.encode())
+                    self.wfile.write(content)
+                else:
+                    self.send_response(404)
+                    self.send_header("Content-type", "text/plain")
+                    self.end_headers()
+                    self.wfile.write(b"File not found")
+            except BrokenPipeError:
+                pass
+            except Exception as e:
+                self.app_logger.error(f"Error serving malicious IPs file: {e}")
+                self.send_response(500)
+                self.send_header("Content-type", "text/plain")
+                self.end_headers()
+                self.wfile.write(b"Internal server error")
             return
 
         # API endpoint for downloading malicious IPs file

src/tasks/top_attacking_ips.py

@@ -4,8 +4,12 @@ import os
 from logger import get_app_logger
 from database import get_database
 from config import get_config
-from models import IpStats
+from models import IpStats, AccessLog
 from ip_utils import is_valid_public_ip
+from sqlalchemy import distinct
+from firewall.fwtype import FWType
+from firewall.iptables import Iptables
+from firewall.raw import Raw
 
 app_logger = get_app_logger()
 
@@ -61,13 +65,19 @@ def main():
         os.makedirs(EXPORTS_DIR, exist_ok=True)
 
         # Write IPs to file (one per line)
-        with open(OUTPUT_FILE, "w") as f:
+        for fwname in FWType._registry:
-            for ip in public_ips:
+
-                f.write(f"{ip}\n")
+            # get banlist for specific ip
+            fw = FWType.create(fwname)
+            banlist = fw.getBanlist(public_ips)
+
+            output_file = os.path.join(EXPORTS_DIR, f"{fwname}.txt")
+            with open(output_file, "w") as f:
+                f.write(f"{banlist}\n")
 
                 app_logger.info(
-            f"[Background Task] {task_name} exported {len(public_ips)} attacker IPs "
+                    f"[Background Task] {task_name} exported {len(public_ips)} in {fwname} public IPs"
-            f"(filtered {len(attackers) - len(public_ips)} local/private IPs) to {OUTPUT_FILE}"
+                    f"(filtered {len(attackers) - len(public_ips)} local/private IPs) to {output_file}"
                 )
 
     except Exception as e: