From b1e429ad681072cf3310cb295b5ad803a18f5b0a Mon Sep 17 00:00:00 2001
From: timbastin <bastin.tim@gmail.com>
Date: Fri, 30 Aug 2024 14:29:01 +0200
Subject: [PATCH] increases timeout for database queries, adds caching header

---
 packages/honeypot/http.go  |  4 +++-
 packages/store/dbstore.go  | 36 ++++++++++++++++++------------------
 packages/transport/http.go | 37 ++++++++++++++++++++++++++-----------
 3 files changed, 47 insertions(+), 30 deletions(-)

diff --git a/packages/honeypot/http.go b/packages/honeypot/http.go
index 7e02ea5..df881a8 100644
--- a/packages/honeypot/http.go
+++ b/packages/honeypot/http.go
@@ -16,6 +16,7 @@ import (
 	"github.com/l3montree-dev/oh-my-honeypot/packages/types"
 	"github.com/l3montree-dev/oh-my-honeypot/packages/utils"
 	"github.com/sethvargo/go-password/password"
+
 	"github.com/spf13/viper"
 )
 
@@ -353,7 +354,8 @@ func (h *httpHoneypot) Start() error {
 			}
 			err := svc.ListenAndServeTLS(h.cert, h.key)
 			if err != nil {
-				slog.Error("Error starting HTTPS server", "port", h.port, "err", err)
+				slog.Error("Error starting HTTPS server", "port", 443, "err", err)
+				break
 			}
 		}
 	}()
diff --git a/packages/store/dbstore.go b/packages/store/dbstore.go
index 1bae523..3c84e59 100644
--- a/packages/store/dbstore.go
+++ b/packages/store/dbstore.go
@@ -181,7 +181,7 @@ func (p *PostgreSQL) Listen() chan<- types.Set {
 
 // Insert the attack into the database and sanitize the input by using prepared statements
 func (p *PostgreSQL) attackInsert(attackID string, honeypot_id string, t int, port int, ip string, country string, attackType string) {
-	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
 	defer cancel()
 
 	_, err := p.DB.Exec(ctx, `
@@ -194,7 +194,7 @@ func (p *PostgreSQL) attackInsert(attackID string, honeypot_id string, t int, po
 }
 
 func (p *PostgreSQL) loginAttemptInsert(attackID string, service string, username string, password string) {
-	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
 	defer cancel()
 	_, err := p.DB.Exec(ctx, `
 	INSERT INTO login_attempt (Attack_ID,service,Username,Password)
@@ -206,7 +206,7 @@ func (p *PostgreSQL) loginAttemptInsert(attackID string, service string, usernam
 }
 
 func (p *PostgreSQL) httpInsert(attackID string, method string, path string, acceptLanguage string, useragent []string, referrer string) {
-	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
 	defer cancel()
 	_, err := p.DB.Exec(ctx, `
 	INSERT INTO http_request (Attack_ID,method,path,accept_language,system,rendering_engine,platform,referrer)
@@ -218,7 +218,7 @@ func (p *PostgreSQL) httpInsert(attackID string, method string, path string, acc
 }
 
 func (p *PostgreSQL) bodyInsert(attackID string, contentType string, payloadSize string) {
-	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
 	defer cancel()
 	_, err := p.DB.Exec(ctx, `
 	INSERT INTO http_body (Attack_ID,content_type,payload_size)
@@ -230,7 +230,7 @@ func (p *PostgreSQL) bodyInsert(attackID string, contentType string, payloadSize
 }
 
 func (p *PostgreSQL) injectionInsert(attackID string, username string, password string, bot string) {
-	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
 	defer cancel()
 	_, err := p.DB.Exec(ctx, `
 	INSERT INTO http_injection (Attack_ID,username,password,bot)
@@ -241,7 +241,7 @@ func (p *PostgreSQL) injectionInsert(attackID string, username string, password
 	}
 }
 func (p *PostgreSQL) pwsInsert(attackID string, password string) {
-	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
 	defer cancel()
 	_, err := p.DB.Exec(ctx, `
 	INSERT INTO generated_pws (Attack_ID,password)
@@ -407,7 +407,7 @@ func (p *PostgreSQL) GetCountIn24HoursByCountry() types.CountIn24HoursByCountryR
 	wg := errgroup.Group{}
 	wg.SetLimit(10)
 	mut := sync.Mutex{}
-	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
 	defer cancel()
 
 	for _, honeypotID := range honeypotIDs {
@@ -470,7 +470,7 @@ func (p *PostgreSQL) GetLatestAttacks() types.SetResponse {
 	wg := errgroup.Group{}
 	wg.SetLimit(10)
 	mut := sync.Mutex{}
-	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
 	defer cancel()
 
 	for _, honeypotID := range honeypotIDs {
@@ -542,7 +542,7 @@ func (p *PostgreSQL) GetCountIn24Hours() types.CountIn24HoursStatsResponse {
 	wg := errgroup.Group{}
 	wg.SetLimit(10)
 	mut := sync.Mutex{}
-	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
 	defer cancel()
 	for _, honeypotID := range honeypotIDs {
 		wg.Go(func() error {
@@ -595,7 +595,7 @@ func (p *PostgreSQL) GetCountIn7Days() types.CountIn7DaysStatsResponse {
 	wg := errgroup.Group{}
 	wg.SetLimit(10)
 	mut := sync.Mutex{}
-	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
 	defer cancel()
 	for _, honeypotID := range honeypotIDs {
 		wg.Go(func() error {
@@ -646,7 +646,7 @@ func (p *PostgreSQL) GetCountIn6Months() types.CountIn6MonthsStatsResponse {
 	wg := errgroup.Group{}
 	wg.SetLimit(10)
 	mut := sync.Mutex{}
-	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
 	defer cancel()
 	for _, honeypotID := range honeypotIDs {
 		wg.Go(func() error {
@@ -697,7 +697,7 @@ func (p *PostgreSQL) GetCountryStats() types.CountryStatsResponse {
 	wg := errgroup.Group{}
 	wg.SetLimit(10)
 	mut := sync.Mutex{}
-	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
 	defer cancel()
 	for _, honeypotID := range honeypotIDs {
 		wg.Go(func() error {
@@ -746,7 +746,7 @@ func (p *PostgreSQL) GetIPStats() types.IPStatsResponse {
 	wg := errgroup.Group{}
 	wg.SetLimit(10)
 	mut := sync.Mutex{}
-	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
 	defer cancel()
 	for _, honeypotID := range honeypotIDs {
 		wg.Go(func() error {
@@ -797,7 +797,7 @@ func (p *PostgreSQL) GetUsernameStats() types.UsernameStatsResponse {
 	wg := errgroup.Group{}
 	wg.SetLimit(10)
 	mut := sync.Mutex{}
-	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
 	defer cancel()
 	for _, honeypotID := range honeypotIDs {
 		wg.Go(func() error {
@@ -847,7 +847,7 @@ func (p *PostgreSQL) GetPasswordStats() types.PasswordStatsResponse {
 	wg := errgroup.Group{}
 	wg.SetLimit(10)
 	mut := sync.Mutex{}
-	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
 	defer cancel()
 	for _, honeypotID := range honeypotIDs {
 		wg.Go(func() error {
@@ -897,7 +897,7 @@ func (p *PostgreSQL) GetPortStats() types.PortStatsResponse {
 	wg := errgroup.Group{}
 	wg.SetLimit(10)
 	mut := sync.Mutex{}
-	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
 	defer cancel()
 	for _, honeypotID := range honeypotIDs {
 		wg.Go(func() error {
@@ -946,7 +946,7 @@ func (p *PostgreSQL) GetPathStats() types.PathStatsResponse {
 	wg := errgroup.Group{}
 	wg.SetLimit(10)
 	mut := sync.Mutex{}
-	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
 	defer cancel()
 	for _, honeypotID := range honeypotIDs {
 		wg.Go(func() error {
@@ -1003,7 +1003,7 @@ func (p *PostgreSQL) honeypotIds() []string {
 }
 
 func (p *PostgreSQL) getHoneypotIDs() ([]string, error) {
-	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
 	defer cancel()
 	rows, err := p.DB.Query(
 		ctx,
diff --git a/packages/transport/http.go b/packages/transport/http.go
index 517b135..a6a3737 100644
--- a/packages/transport/http.go
+++ b/packages/transport/http.go
@@ -62,22 +62,37 @@ func setDefaultHeaders(w http.ResponseWriter) {
 	w.Header().Set("Access-Control-Allow-Headers", "Content-Type")
 }
 
+func cacheControlMiddleware(maxAge int, staleWhileRevalidateMaxAge int) func(http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			// Set the Cache-Control header
+			w.Header().Set("Cache-Control", fmt.Sprintf("public, max-age=%d, stale-while-revalidate=%d", maxAge, staleWhileRevalidateMaxAge))
+
+			// Continue with the next handler
+			next.ServeHTTP(w, r)
+		})
+	}
+}
+
 func (h *httpTransport) Listen() {
 	// create a new http server
 	mux := http.NewServeMux()
+	// the response is fresh for 1 hour, it can be served stale for 1 day
+	cachingMiddleware := cacheControlMiddleware(60*60, 60*60*24)
+
 	mux.Handle("GET /realtime", h.handleSSE())
 	mux.Handle("GET /latest-attacks", h.handleLatestAttacks())
-	mux.Handle("GET /stats/count-in-24hours-by-country", h.handleCountIn24HoursByCountry())
-	mux.Handle("GET /stats/count-in-24hours", h.handleCountIn24Hours())
-	mux.Handle("GET /stats/count-in-7days", h.handleCountIn7Days())
-	mux.Handle("GET /stats/count-in-6months", h.handleCountIn6Monts())
-	mux.Handle("GET /stats/country", h.handleCountryStats())
-	mux.Handle("GET /stats/ip", h.handleIPStats())
-	mux.Handle("GET /stats/port", h.handlePortStats())
-	mux.Handle("GET /stats/username", h.handleUsernameStats())
-	mux.Handle("GET /stats/password", h.handlePasswordStats())
-	mux.Handle("GET /stats/path", h.handlePathStats())
-	mux.Handle("GET /health", h.handleHealth())
+	mux.Handle("GET /stats/count-in-24hours-by-country", cachingMiddleware(h.handleCountIn24HoursByCountry()))
+	mux.Handle("GET /stats/count-in-24hours", cachingMiddleware(h.handleCountIn24Hours()))
+	mux.Handle("GET /stats/count-in-7days", cachingMiddleware(h.handleCountIn7Days()))
+	mux.Handle("GET /stats/count-in-6months", cachingMiddleware(h.handleCountIn6Monts()))
+	mux.Handle("GET /stats/country", cachingMiddleware(h.handleCountryStats()))
+	mux.Handle("GET /stats/ip", cachingMiddleware(h.handleIPStats()))
+	mux.Handle("GET /stats/port", cachingMiddleware(h.handlePortStats()))
+	mux.Handle("GET /stats/username", cachingMiddleware(h.handleUsernameStats()))
+	mux.Handle("GET /stats/password", cachingMiddleware(h.handlePasswordStats()))
+	mux.Handle("GET /stats/path", cachingMiddleware(h.handlePathStats()))
+	mux.Handle("GET /health", cachingMiddleware(h.handleHealth()))
 
 	go http.ListenAndServe(":"+fmt.Sprintf("%d", h.port), mux) // nolint
 	slog.Info("HTTP transport listening", "port", h.port)