Merge pull request #64 from strausmann/fix/bouncer-status-revoked-field

hhftechnology · web-flow · commit 904092ac5f4e · 2026-03-23T19:47:11.000+05:30
fix: derive bouncer Valid status from revoked field (CrowdSec &gt;= v1.7.x)
diff --git a/internal/api/handlers/health_diagnostics.go b/internal/api/handlers/health_diagnostics.go
@@ -31,30 +31,49 @@ func parseBouncersJSON(bouncerOutput string, computeStatus bool) ([]models.Bounc
 		if ipAddr, err := jsonparser.GetString(value, "ip_address"); err == nil {
 			bouncer.IPAddress = ipAddr
 		}
-		if valid, err := jsonparser.GetBoolean(value, "valid"); err == nil {
-			bouncer.Valid = valid
-		}
-		if lastPull, err := jsonparser.GetString(value, "last_pull"); err == nil {
-			for _, layout := range []string{time.RFC3339Nano, time.RFC3339} {
-				if t, err := time.Parse(layout, lastPull); err == nil {
-					bouncer.LastPull = t
-					break
+		// Parse timestamps with multiple format support
+		parseTime := func(key string) time.Time {
+			if s, err := jsonparser.GetString(value, key); err == nil {
+				for _, layout := range []string{time.RFC3339Nano, time.RFC3339} {
+					if t, err := time.Parse(layout, s); err == nil {
+						return t
+					}
 				}
 			}
+			return time.Time{}
 		}
+
+		bouncer.LastPull = parseTime("last_pull")
+		bouncer.CreatedAt = parseTime("created_at")
+		bouncer.UpdatedAt = parseTime("updated_at")
+
 		if bouncerType, err := jsonparser.GetString(value, "type"); err == nil {
 			bouncer.Type = bouncerType
 		}
 		if version, err := jsonparser.GetString(value, "version"); err == nil {
 			bouncer.Version = version
 		}
 
+		// A bouncer that exists in the list is valid by definition.
+		// CrowdSec deletes revoked bouncers rather than marking them,
+		// so the "revoked" and legacy "valid" fields are not reliable
+		// indicators of actual connectivity (confirmed by CrowdSec team, see #47).
+		bouncer.Valid = true
+
 		if computeStatus {
-			if !bouncer.Valid {
-				bouncer.Status = "disconnected"
-			} else if bouncer.LastPull.IsZero() {
-				bouncer.Status = "pending" // valid key, never pulled yet
-			} else if time.Since(bouncer.LastPull) <= 60*time.Minute {
+			// Determine last activity: prefer last_pull, fall back to updated_at
+			// if the bouncer has been active since registration (updated_at > created_at + 5s).
+			lastActivity := bouncer.LastPull
+			if lastActivity.IsZero() &&
+				bouncer.UpdatedAt.After(bouncer.CreatedAt.Add(5*time.Second)) {
+				lastActivity = bouncer.UpdatedAt
+			}
+
+			if !lastActivity.IsZero() && time.Since(lastActivity) <= 5*time.Minute {
+				bouncer.Status = "connected"
+			} else if lastActivity.IsZero() {
+				bouncer.Status = "registered" // enrolled but never pulled
+			} else if time.Since(lastActivity) <= 60*time.Minute {
 				bouncer.Status = "connected"
 			} else {
 				bouncer.Status = "stale"
@@ -99,7 +118,12 @@ func checkBouncersHealth(dockerClient *docker.Client, containerName string) mode
 
 	activeBouncers := 0
 	for _, b := range bouncers {
-		if b.Valid && time.Since(b.LastPull) <= 60*time.Minute {
+		lastActivity := b.LastPull
+		if lastActivity.IsZero() &&
+			b.UpdatedAt.After(b.CreatedAt.Add(5*time.Second)) {
+			lastActivity = b.UpdatedAt
+		}
+		if !lastActivity.IsZero() && time.Since(lastActivity) <= 60*time.Minute {
 			activeBouncers++
 		}
 	}
diff --git a/internal/models/models.go b/internal/models/models.go
@@ -151,6 +151,8 @@ type Bouncer struct {
 	IPAddress string    `json:"ip_address"`
 	Valid     bool      `json:"valid"`
 	LastPull  time.Time `json:"last_pull"`
+	CreatedAt time.Time `json:"created_at"`
+	UpdatedAt time.Time `json:"updated_at"`
 	Type      string    `json:"type"`
 	Version   string    `json:"version"`
 	Status    string    `json:"status"`
diff --git a/web/src/components/health/BouncerStatusMonitor.tsx b/web/src/components/health/BouncerStatusMonitor.tsx
@@ -51,8 +51,14 @@ function BouncerStatusMonitor({ bouncers, className }: BouncerStatusMonitorProps
               <TableCell>{bouncer.type || '-'}</TableCell>
               <TableCell>{bouncer.version || '-'}</TableCell>
               <TableCell>
-                <Badge variant={bouncer.valid ? 'success' : 'destructive'}>
-                  {bouncer.valid ? 'Valid' : 'Invalid'}
+                <Badge variant={
+                  bouncer.status === 'connected' ? 'success' :
+                  bouncer.status === 'stale' ? 'warning' :
+                  bouncer.status === 'registered' ? 'outline' :
+                  bouncer.status === 'disconnected' ? 'destructive' :
+                  bouncer.valid ? 'success' : 'destructive'
+                }>
+                  {bouncer.status || (bouncer.valid ? 'Valid' : 'Invalid')}
                 </Badge>
               </TableCell>
               <TableCell className="text-sm text-muted-foreground">
diff --git a/web/src/pages/Bouncers.tsx b/web/src/pages/Bouncers.tsx
@@ -124,6 +124,8 @@ export default function Bouncers() {
         return <Badge variant="warning">Stale</Badge>
       case 'pending':
         return <Badge variant="warning">Pending</Badge>
+      case 'registered':
+        return <Badge variant="outline">Registered</Badge>
       default:
         return <Badge variant="secondary">{status || 'Unknown'}</Badge>
     }

Original file line number	Diff line number	Diff line change
`@@ -124,6 +124,8 @@ export default function Bouncers() {`
`124`	`124`	`return <Badge variant="warning">Stale</Badge>`
`125`	`125`	`case 'pending':`
`126`	`126`	`return <Badge variant="warning">Pending</Badge>`
	`127`	`+ case 'registered':`
	`128`	`+ return <Badge variant="outline">Registered</Badge>`
`127`	`129`	`default:`
`128`	`130`	`return <Badge variant="secondary">{status \|\| 'Unknown'}</Badge>`
`129`	`131`	`}`