Doc/updated documentation (#60)

* added documentation, updated repo pointer in the dashboard, added dashboard link highlighting and mionor fixes * added doc * added logo to dashboard * Fixed dashboard attack chart * Enhance fake data generation with varied request counts for better visualization * Add automatic migrations and support for latitude/longitude in IP stats * Update Helm chart version to 0.2.2 and add timezone configuration option --------- Co-authored-by: BlessedRebuS <patrick.difa@gmail.com>
2026-01-29 11:55:06 +01:00
parent 39d9d62247
commit e93bcb959a
34 changed files with 917 additions and 314 deletions
--- a/src/tasks/fetch_ip_rep.py
+++ b/src/tasks/fetch_ip_rep.py
@@ -45,6 +45,8 @@ def main():
                country_iso_code = geoip_data.get("country_iso_code")
                asn = geoip_data.get("asn_autonomous_system_number")
                asn_org = geoip_data.get("asn_autonomous_system_organization")
+                latitude = geoip_data.get("location_latitude")
+                longitude = geoip_data.get("location_longitude")

                # Extract city from coordinates using reverse geocoding
                city = extract_city_from_coordinates(geoip_data)
@@ -62,6 +64,8 @@ def main():
                    sanitized_asn_org,
                    sanitized_list_on,
                    sanitized_city,
+                    latitude,
+                    longitude,
                )
        except requests.RequestException as e:
            app_logger.warning(f"Failed to fetch IP rep for {ip}: {e}")
--- a/src/tasks/top_attacking_ips.py
+++ b/src/tasks/top_attacking_ips.py
@@ -6,7 +6,7 @@ from zoneinfo import ZoneInfo
 from logger import get_app_logger
 from database import get_database
 from config import get_config
-from models import AccessLog
+from models import AccessLog, IpStats
 from ip_utils import is_local_or_private_ip, is_valid_public_ip
 from sqlalchemy import distinct

@@ -44,7 +44,8 @@ def has_recent_honeypot_access(session, minutes: int = 5) -> bool:

 def main():
    """
-    Export all IPs flagged as suspicious to a text file.
+    Export all attacker IPs to a text file, matching the "Attackers by Total Requests" dashboard table.
+    Uses the same query as the dashboard: IpStats where category == "attacker", ordered by total_requests.
    TasksMaster will call this function based on the cron schedule.
    """
    task_name = TASK_CONFIG.get("name")
@@ -61,10 +62,11 @@ def main():
            )
            return

-        # Query distinct suspicious IPs
-        results = (
-            session.query(distinct(AccessLog.ip))
-            .filter(AccessLog.is_suspicious == True)
+        # Query attacker IPs from IpStats (same as dashboard "Attackers by Total Requests")
+        attackers = (
+            session.query(IpStats)
+            .filter(IpStats.category == "attacker")
+            .order_by(IpStats.total_requests.desc())
            .all()
        )

@@ -72,7 +74,11 @@ def main():
        config = get_config()
        server_ip = config.get_server_ip()

-        public_ips = [ip for (ip,) in results if is_valid_public_ip(ip, server_ip)]
+        public_ips = [
+            attacker.ip
+            for attacker in attackers
+            if is_valid_public_ip(attacker.ip, server_ip)
+        ]

        # Ensure exports directory exists
        os.makedirs(EXPORTS_DIR, exist_ok=True)
@@ -83,8 +89,8 @@ def main():
                f.write(f"{ip}\n")

        app_logger.info(
-            f"[Background Task] {task_name} exported {len(public_ips)} public IPs "
-            f"(filtered {len(results) - len(public_ips)} local/private IPs) to {OUTPUT_FILE}"
+            f"[Background Task] {task_name} exported {len(public_ips)} attacker IPs "
+            f"(filtered {len(attackers) - len(public_ips)} local/private IPs) to {OUTPUT_FILE}"
        )

    except Exception as e: