rluisr/index.js

## index.js
'use strict';

const aws = require('aws-sdk');
const zlib = require('zlib');
const Promise = require('bluebird');

const waf = new aws.WAF({apiVersion: '2015-08-24'});
const s3 = new aws.S3({apiVersion: '2006-03-01'});

let banIPList = [];

// config here
const IP_SET_ID = '';
// =========== //

const updateWaf = params => new Promise((resolve, reject) => {
    waf.updateIPSet(params, (err, data) => {
        if (err) reject(err);
        else resolve();
    });
});

const getChangeToken = () => new Promise((resolve, reject) => {
    const params = {};
    waf.getChangeToken(params, (err, data) => {
        if (err) console.log(err, err.stack);
        else resolve(data.ChangeToken);
    });
});

const updateIPSet = token => new Promise((resolve, reject) => {
    for (let i = 0; i < banIPList.length; i += 1) {
        const params = {
            ChangeToken: token,
            IPSetId: IP_SET_ID,
            Updates: [{
                Action: 'INSERT',
                IPSetDescriptor: {
                    Type: 'IPV4',
                    Value: banIPList[i] + '/32'
                }
            }]
        };
        updateWaf(params);
    }
    resolve();
});

exports.handler = (event, context, callback) => {
    const bucket = event.Records[0].s3.bucket.name;
    const key = decodeURIComponent(event.Records[0].s3.object.key.replace(/\+/g,
        ' '));
    const params = {
        Bucket: bucket,
        Key: key,
    };
    s3.getObject(params, (err, data) => {
        if (err) {
            console.log(err);
            const message =
                `Error getting object ${key} from bucket ${bucket}. Make sure they exist and your bucket is in the same region as this function.`;
            console.log(message);
            callback(message);
        } else {
            const bodyBuf = zlib.gunzipSync(data.Body);
            const body = bodyBuf.toString('UTF-8');
            const bodyArr = body.split(/\r\n|\r|\n/);

            for (let i = 0; i < bodyArr.length; i += 1) {
                const accessLogArr = bodyArr[i].split(/\s/);
                const httpStatusCode = accessLogArr[8];

                if (typeof httpStatusCode !== 'undefined') {
                    if (httpStatusCode.indexOf(0) != -1 && httpStatusCode !== 200)
                        banIPList.push(accessLogArr[4]);
                }
            }

            banIPList = banIPList.filter((x, i, self) => {
                return self.indexOf(x) === i;
            });

            if (banIPList.length > 0) {
                getChangeToken()
                    .then(token => token)
                    .then(Promise.coroutine(function* (token) {
                        console.log('token is: ', token);
                        yield updateIPSet(token);
                    }))
                    .then(() => callback(null, null))
                    .catch(err => console.log(err));
            }
            callback(null, null);
        }
    });
};
	'use strict';

	const aws = require('aws-sdk');
	const zlib = require('zlib');
	const Promise = require('bluebird');

	const waf = new aws.WAF({apiVersion: '2015-08-24'});
	const s3 = new aws.S3({apiVersion: '2006-03-01'});

	let banIPList = [];

	// config here
	const IP_SET_ID = '';
	// =========== //

	const updateWaf = params => new Promise((resolve, reject) => {
	waf.updateIPSet(params, (err, data) => {
	if (err) reject(err);
	else resolve();
	});
	});

	const getChangeToken = () => new Promise((resolve, reject) => {
	const params = {};
	waf.getChangeToken(params, (err, data) => {
	if (err) console.log(err, err.stack);
	else resolve(data.ChangeToken);
	});
	});

	const updateIPSet = token => new Promise((resolve, reject) => {
	for (let i = 0; i < banIPList.length; i += 1) {
	const params = {
	ChangeToken: token,
	IPSetId: IP_SET_ID,
	Updates: [{
	Action: 'INSERT',
	IPSetDescriptor: {
	Type: 'IPV4',
	Value: banIPList[i] + '/32'
	}
	}]
	};
	updateWaf(params);
	}
	resolve();
	});

	exports.handler = (event, context, callback) => {
	const bucket = event.Records[0].s3.bucket.name;
	const key = decodeURIComponent(event.Records[0].s3.object.key.replace(/\+/g,
	' '));
	const params = {
	Bucket: bucket,
	Key: key,
	};
	s3.getObject(params, (err, data) => {
	if (err) {
	console.log(err);
	const message =
	`Error getting object ${key} from bucket ${bucket}. Make sure they exist and your bucket is in the same region as this function.`;
	console.log(message);
	callback(message);
	} else {
	const bodyBuf = zlib.gunzipSync(data.Body);
	const body = bodyBuf.toString('UTF-8');
	const bodyArr = body.split(/\r\n\|\r\|\n/);

	for (let i = 0; i < bodyArr.length; i += 1) {
	const accessLogArr = bodyArr[i].split(/\s/);
	const httpStatusCode = accessLogArr[8];

	if (typeof httpStatusCode !== 'undefined') {
	if (httpStatusCode.indexOf(0) != -1 && httpStatusCode !== 200)
	banIPList.push(accessLogArr[4]);
	}
	}

	banIPList = banIPList.filter((x, i, self) => {
	return self.indexOf(x) === i;
	});

	if (banIPList.length > 0) {
	getChangeToken()
	.then(token => token)
	.then(Promise.coroutine(function* (token) {
	console.log('token is: ', token);
	yield updateIPSet(token);
	}))
	.then(() => callback(null, null))
	.catch(err => console.log(err));
	}
	callback(null, null);
	}
	});
	};