feat(geoip): country-code enrichment via RIR delegated-stats

Populates Attacker.country_code + country_source (MVP) using the five RIR delegated-stats files (ARIN/RIPE/APNIC/LACNIC/AFRINIC). Offline, license-free, no outbound traffic that could burn honeypot stealth. - decnet.geoip package with factory/base/lookup + rir/ subpackage (fetch/parse/provider) mirroring the db + bus factory convention - Profiler._build_record calls enrich_ip on every upsert - Idempotent ALTER TABLE migrations for both SQLite and MySQL - decnet geoip refresh/lookup CLI (master-only) - /var/lib/decnet/geoip seeded by decnet init - DECNET_GEOIP_ENABLED=false kill-switch; set in tests/conftest.py so unit tests never trigger the first-access fetch
2026-04-23 21:12:38 -04:00
parent 07bf3dc8cb
commit ffc275f051
24 changed files with 969 additions and 6 deletions
--- a/decnet/web/db/sqlite/repository.py
+++ b/decnet/web/db/sqlite/repository.py
@@ -26,11 +26,33 @@ class SQLiteRepository(SQLModelRepository):
        )

    async def _migrate_attackers_table(self) -> None:
-        """Drop the old attackers table if it lacks the uuid column (pre-UUID schema)."""
+        """Drop the old attackers table if it lacks the uuid column (pre-UUID schema).
+
+        Also adds the GeoIP columns (``country_code``, ``country_source``)
+        to existing tables that predate them. SQLite's
+        ``ALTER TABLE ADD COLUMN`` is idempotent only if we gate on
+        ``PRAGMA table_info`` first — re-adding raises.
+        """
        async with self.engine.begin() as conn:
            rows = (await conn.execute(text("PRAGMA table_info(attackers)"))).fetchall()
            if rows and not any(r[1] == "uuid" for r in rows):
                await conn.execute(text("DROP TABLE attackers"))
+                return  # create_all() rebuilds fresh — no need to patch columns.
+            if not rows:
+                return  # table absent; create_all() handles it.
+            existing_cols = {r[1] for r in rows}
+            if "country_code" not in existing_cols:
+                await conn.execute(text(
+                    "ALTER TABLE attackers ADD COLUMN country_code VARCHAR(2)"
+                ))
+                await conn.execute(text(
+                    "CREATE INDEX IF NOT EXISTS ix_attackers_country_code "
+                    "ON attackers (country_code)"
+                ))
+            if "country_source" not in existing_cols:
+                await conn.execute(text(
+                    "ALTER TABLE attackers ADD COLUMN country_source VARCHAR(16)"
+                ))

    def _json_field_equals(self, key: str):
        # SQLite stores JSON as text; json_extract is the canonical accessor.