decision-alert-history

Author: hhftechnology

cmd/server/main.go

@@ -24,6 +24,7 @@ import (
 	"crowdsec-manager/internal/cron"
 	"crowdsec-manager/internal/database"
 	"crowdsec-manager/internal/docker"
+	"crowdsec-manager/internal/history"
 	"crowdsec-manager/internal/logger"
 	"crowdsec-manager/internal/messaging"
 )
@@ -50,6 +51,13 @@ func main() {
 	defer db.Close()
 	logger.Info("Database initialized", "path", cfg.DatabasePath)
 
+	historyStore, err := history.NewStore(cfg.HistoryDatabasePath)
+	if err != nil {
+		logger.Fatal("Failed to initialize history database", "error", err)
+	}
+	defer historyStore.Close()
+	logger.Info("History database initialized", "path", cfg.HistoryDatabasePath)
+
 	// Initialize multi-host Docker client (falls back to single host if DOCKER_HOSTS is empty)
 	multiHost, err := docker.NewMultiHostClient(cfg.DockerHosts)
 	if err != nil {
@@ -75,6 +83,11 @@ func main() {
 	go hub.Run()
 	defer hub.Stop()
 
+	historyService := history.NewService(historyStore, dockerClient, cfg, hub)
+	historyService.Start()
+	defer historyService.Stop()
+	handlers.SetHistoryService(historyService)
+
 	// Initialize config validator for drift detection and recovery
 	validator := configvalidator.NewValidator(db, dockerClient, hub, cfg)
 	handlers.SetConfigValidator(validator)

internal/api/handlers/alerts_inspect.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"net/http"
 	"regexp"
+	"strconv"
 
 	"crowdsec-manager/internal/config"
 	"crowdsec-manager/internal/docker"
@@ -50,6 +51,13 @@ func DeleteAlert(dockerClient *docker.Client, cfg *config.Config) gin.HandlerFun
 			return
 		}
 
+		if historyService != nil {
+			alertIDInt, _ := strconv.ParseInt(alertID, 10, 64)
+			if err := historyService.MarkAlertDeleted(c.Request.Context(), alertIDInt); err != nil {
+				logger.Warn("Failed to mark alert history stale after delete", "alertID", alertID, "error", err)
+			}
+		}
+
 		logger.Info("Alert deleted", "alertID", alertID, "output", output)
 		c.JSON(http.StatusOK, models.Response{
 			Success: true,

internal/api/handlers/decisions.go

@@ -3,6 +3,7 @@ package handlers
 import (
 	"fmt"
 	"net/http"
+	"strconv"
 
 	"crowdsec-manager/internal/config"
 	"crowdsec-manager/internal/docker"
@@ -125,6 +126,13 @@ func DeleteDecision(dockerClient *docker.Client, cfg *config.Config) gin.Handler
 			return
 		}
 
+		if historyService != nil {
+			decisionID, _ := strconv.ParseInt(req.ID, 10, 64)
+			if err := historyService.MarkDecisionDeleted(c.Request.Context(), decisionID, req.Value); err != nil {
+				logger.Warn("Failed to mark decision history stale after delete", "id", req.ID, "value", req.Value, "error", err)
+			}
+		}
+
 		c.JSON(http.StatusOK, models.Response{
 			Success: true,
 			Message: "Decision(s) deleted successfully",

internal/api/handlers/handlers.go

@@ -2,18 +2,25 @@ package handlers
 
 import (
 	"crowdsec-manager/internal/configvalidator"
+	"crowdsec-manager/internal/history"
 	"crowdsec-manager/internal/logger"
 )
 
 // configValidator is the package-level validator used by handlers for auto-snapshotting.
 // Set via SetConfigValidator during server startup.
 var configValidator *configvalidator.Validator
+var historyService *history.Service
 
 // SetConfigValidator sets the package-level config validator for auto-snapshot hooks.
 func SetConfigValidator(v *configvalidator.Validator) {
 	configValidator = v
 }
 
+// SetHistoryService sets the package-level history service for history APIs/hooks.
+func SetHistoryService(s *history.Service) {
+	historyService = s
+}
+
 // autoSnapshot takes a snapshot of a config type after a successful write.
 // Safe to call when configValidator is nil (no-op).
 func autoSnapshot(configType string) {

internal/api/handlers/history.go

@@ -0,0 +1,178 @@
+package handlers
+
+import (
+	"net/http"
+	"strconv"
+
+	"crowdsec-manager/internal/models"
+
+	"github.com/gin-gonic/gin"
+)
+
+func parseStaleFilter(raw string) (*bool, error) {
+	if raw == "" {
+		return nil, nil
+	}
+	value, err := strconv.ParseBool(raw)
+	if err != nil {
+		return nil, err
+	}
+	return &value, nil
+}
+
+// GetHistoryConfig returns history retention config.
+func GetHistoryConfig() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		if historyService == nil {
+			c.JSON(http.StatusServiceUnavailable, models.Response{Success: false, Error: "history service unavailable"})
+			return
+		}
+
+		cfg, err := historyService.GetHistoryConfig(c.Request.Context())
+		if err != nil {
+			c.JSON(http.StatusInternalServerError, models.Response{Success: false, Error: "failed to read history config: " + err.Error()})
+			return
+		}
+
+		c.JSON(http.StatusOK, models.Response{Success: true, Data: cfg})
+	}
+}
+
+// UpdateHistoryConfig updates history retention config.
+func UpdateHistoryConfig() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		if historyService == nil {
+			c.JSON(http.StatusServiceUnavailable, models.Response{Success: false, Error: "history service unavailable"})
+			return
+		}
+
+		var req struct {
+			RetentionDays int `json:"retention_days"`
+		}
+		if err := c.ShouldBindJSON(&req); err != nil {
+			c.JSON(http.StatusBadRequest, models.Response{Success: false, Error: "invalid request: " + err.Error()})
+			return
+		}
+
+		if req.RetentionDays < 1 || req.RetentionDays > 365 {
+			c.JSON(http.StatusBadRequest, models.Response{Success: false, Error: "retention_days must be between 1 and 365"})
+			return
+		}
+
+		cfg, err := historyService.UpdateRetentionDays(c.Request.Context(), req.RetentionDays)
+		if err != nil {
+			c.JSON(http.StatusInternalServerError, models.Response{Success: false, Error: "failed to update history config: " + err.Error()})
+			return
+		}
+
+		c.JSON(http.StatusOK, models.Response{Success: true, Message: "History config updated", Data: cfg})
+	}
+}
+
+// GetDecisionHistory returns persisted decision history entries.
+func GetDecisionHistory() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		if historyService == nil {
+			c.JSON(http.StatusServiceUnavailable, models.Response{Success: false, Error: "history service unavailable"})
+			return
+		}
+
+		stale, err := parseStaleFilter(c.Query("stale"))
+		if err != nil {
+			c.JSON(http.StatusBadRequest, models.Response{Success: false, Error: "invalid stale filter"})
+			return
+		}
+
+		limit, _ := strconv.Atoi(c.DefaultQuery("limit", "50"))
+		offset, _ := strconv.Atoi(c.DefaultQuery("offset", "0"))
+		filter := models.DecisionHistoryFilter{
+			Stale:    stale,
+			Value:    c.Query("value"),
+			Scenario: c.Query("scenario"),
+			Since:    c.Query("since"),
+			Limit:    limit,
+			Offset:   offset,
+		}
+
+		records, total, err := historyService.ListDecisionHistory(c.Request.Context(), filter)
+		if err != nil {
+			c.JSON(http.StatusInternalServerError, models.Response{Success: false, Error: "failed to load decision history: " + err.Error()})
+			return
+		}
+
+		c.JSON(http.StatusOK, models.Response{
+			Success: true,
+			Data: gin.H{
+				"decisions": records,
+				"count":     len(records),
+				"total":     total,
+			},
+		})
+	}
+}
+
+// GetAlertHistory returns persisted alert history entries.
+func GetAlertHistory() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		if historyService == nil {
+			c.JSON(http.StatusServiceUnavailable, models.Response{Success: false, Error: "history service unavailable"})
+			return
+		}
+
+		stale, err := parseStaleFilter(c.Query("stale"))
+		if err != nil {
+			c.JSON(http.StatusBadRequest, models.Response{Success: false, Error: "invalid stale filter"})
+			return
+		}
+
+		limit, _ := strconv.Atoi(c.DefaultQuery("limit", "50"))
+		offset, _ := strconv.Atoi(c.DefaultQuery("offset", "0"))
+		filter := models.AlertHistoryFilter{
+			Stale:    stale,
+			Value:    c.Query("value"),
+			Scenario: c.Query("scenario"),
+			Since:    c.Query("since"),
+			Limit:    limit,
+			Offset:   offset,
+		}
+
+		records, total, err := historyService.ListAlertHistory(c.Request.Context(), filter)
+		if err != nil {
+			c.JSON(http.StatusInternalServerError, models.Response{Success: false, Error: "failed to load alert history: " + err.Error()})
+			return
+		}
+
+		c.JSON(http.StatusOK, models.Response{
+			Success: true,
+			Data: gin.H{
+				"alerts": records,
+				"count":  len(records),
+				"total":  total,
+			},
+		})
+	}
+}
+
+// GetRepeatedOffenders returns repeated offenders from persisted history.
+func GetRepeatedOffenders() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		if historyService == nil {
+			c.JSON(http.StatusServiceUnavailable, models.Response{Success: false, Error: "history service unavailable"})
+			return
+		}
+
+		offenders, err := historyService.ListRepeatedOffenders(c.Request.Context())
+		if err != nil {
+			c.JSON(http.StatusInternalServerError, models.Response{Success: false, Error: "failed to load repeated offenders: " + err.Error()})
+			return
+		}
+
+		c.JSON(http.StatusOK, models.Response{
+			Success: true,
+			Data: gin.H{
+				"offenders": offenders,
+				"count":     len(offenders),
+			},
+		})
+	}
+}

internal/api/routes.go

@@ -148,9 +148,14 @@ func RegisterServicesRoutes(router *gin.RouterGroup, dockerClient *docker.Client
 		crowdsec.DELETE("/decisions", handlers.DeleteDecision(dockerClient, cfg))
 		crowdsec.POST("/decisions/import", handlers.ImportDecisions(dockerClient, cfg))
 		crowdsec.GET("/decisions/analysis", handlers.GetDecisionsAnalysis(dockerClient, cfg))
+		crowdsec.GET("/decisions/history", handlers.GetDecisionHistory())
+		crowdsec.GET("/decisions/repeated-offenders", handlers.GetRepeatedOffenders())
 		crowdsec.GET("/alerts/analysis", handlers.GetAlertsAnalysis(dockerClient, cfg, c))
+		crowdsec.GET("/alerts/history", handlers.GetAlertHistory())
 		crowdsec.GET("/alerts/:id", handlers.InspectAlert(dockerClient, cfg))
 		crowdsec.DELETE("/alerts/:id", handlers.DeleteAlert(dockerClient, cfg))
+		crowdsec.GET("/history/config", handlers.GetHistoryConfig())
+		crowdsec.PUT("/history/config", handlers.UpdateHistoryConfig())
 		crowdsec.GET("/metrics", handlers.GetMetrics(dockerClient, cfg, c))
 		crowdsec.POST("/enroll", handlers.EnrollCrowdSec(dockerClient, db, cfg))
 		crowdsec.POST("/enroll/finalize", handlers.FinalizeCrowdSecEnrollment(dockerClient, cfg))

internal/config/config.go

@@ -25,7 +25,8 @@ type Config struct {
 	ConfigDir   string
 
 	// Database
-	DatabasePath string
+	DatabasePath        string
+	HistoryDatabasePath string
 
 	// File paths (from environment or database)
 	TraefikDynamicConfig string
@@ -96,6 +97,7 @@ func Load() (*Config, error) {
 		PangolinDir:              getEnv("PANGOLIN_DIR", "."),
 		ConfigDir:                getEnv("CONFIG_DIR", "./config"),
 		DatabasePath:             getEnv("DATABASE_PATH", "./data/settings.db"),
+		HistoryDatabasePath:      getEnv("HISTORY_DATABASE_PATH", "./data/history.db"),
 		TraefikDynamicConfig:     getEnv("TRAEFIK_DYNAMIC_CONFIG", "/etc/traefik/dynamic_config.yml"),
 		TraefikStaticConfig:      getEnv("TRAEFIK_STATIC_CONFIG", "/etc/traefik/traefik_config.yml"),
 		TraefikAccessLog:         getEnv("TRAEFIK_ACCESS_LOG", "/var/log/traefik/access.log"),