Make geo lookups non-blocking with bulk DB writes and background tasks

2026-03-12 18:10:00 +01:00
parent a61c9dc969
commit 28f7b1cfcd
8 changed files with 496 additions and 36 deletions
--- a/backend/app/services/jail_service.py
+++ b/backend/app/services/jail_service.py
@@ -627,16 +627,34 @@ async def unban_ip(
 async def get_active_bans(
    socket_path: str,
    geo_enricher: Any | None = None,
+    http_session: Any | None = None,
+    app_db: Any | None = None,
 ) -> ActiveBanListResponse:
    """Return all currently banned IPs across every jail.

    For each jail the ``get <jail> banip --with-time`` command is used
    to retrieve ban start and expiry times alongside the IP address.

+    Geo enrichment strategy (highest priority first):
+
+    1. When *http_session* is provided the entire set of banned IPs is resolved
+       in a single :func:`~app.services.geo_service.lookup_batch` call (up to
+       100 IPs per HTTP request).  This is far more efficient than concurrent
+       per-IP lookups and stays within ip-api.com rate limits.
+    2. When only *geo_enricher* is provided (legacy / test path) each IP is
+       resolved individually via the supplied async callable.
+
    Args:
        socket_path: Path to the fail2ban Unix domain socket.
        geo_enricher: Optional async callable ``(ip) → GeoInfo | None``
            used to enrich each ban entry with country and ASN data.
+            Ignored when *http_session* is provided.
+        http_session: Optional shared :class:`aiohttp.ClientSession`.  When
+            provided, :func:`~app.services.geo_service.lookup_batch` is used
+            for efficient bulk geo resolution.
+        app_db: Optional BanGUI application database connection used to
+            persist newly resolved geo entries across restarts.  Only
+            meaningful when *http_session* is provided.

    Returns:
        :class:`~app.models.ban.ActiveBanListResponse` with all active bans.
@@ -645,6 +663,8 @@ async def get_active_bans(
        ~app.utils.fail2ban_client.Fail2BanConnectionError: If the socket
            cannot be reached.
    """
+    from app.services import geo_service  # noqa: PLC0415
+
    client = Fail2BanClient(socket_path=socket_path, timeout=_SOCKET_TIMEOUT)

    # Fetch jail names.
@@ -690,8 +710,23 @@ async def get_active_bans(
            if ban is not None:
                bans.append(ban)

-    # Enrich with geo data if an enricher was provided.
-    if geo_enricher is not None:
+    # Enrich with geo data — prefer batch lookup over per-IP enricher.
+    if http_session is not None and bans:
+        all_ips: list[str] = [ban.ip for ban in bans]
+        try:
+            geo_map = await geo_service.lookup_batch(all_ips, http_session, db=app_db)
+        except Exception:  # noqa: BLE001
+            log.warning("active_bans_batch_geo_failed")
+            geo_map = {}
+        enriched: list[ActiveBan] = []
+        for ban in bans:
+            geo = geo_map.get(ban.ip)
+            if geo is not None:
+                enriched.append(ban.model_copy(update={"country": geo.country_code}))
+            else:
+                enriched.append(ban)
+        bans = enriched
+    elif geo_enricher is not None:
        bans = await _enrich_bans(bans, geo_enricher)

    log.info("active_bans_fetched", total=len(bans))