Merge pull request #57 from me-shaon/feat/ip-referrer-filter

me-shaon · web-flow · commit 786116d7772d · 2025-09-24T20:11:41.000+06:00
feat: add skip ip and referrer option
diff --git a/README.md b/README.md
@@ -103,6 +103,20 @@ return [
 
     'ignore-paths' => [
         env('REQUEST_ANALYTICS_PATHNAME', 'analytics'),
+        'broadcasting/auth',
+        'livewire/*',
+    ],
+
+    'skip_ips' => [
+        // '127.0.0.1',
+        // '192.168.1.0/24',
+        // Add IP addresses or CIDR blocks to skip tracking
+    ],
+
+    'skip_referrers' => [
+        // 'spam-site.com',
+        // 'unwanted-referrer.com',
+        // Add referrer domains to skip tracking
     ],
 
     'pruning' => [
@@ -213,6 +227,8 @@ protected function schedule(Schedule $schedule): void
 
 ### Intelligence & Detection
 - **Advanced Bot Detection**: Filters search engines, social bots, and crawlers
+- **IP Address Filtering**: Skip tracking for specific IP addresses or CIDR blocks (e.g., internal IPs, admin IPs)
+- **Referrer Filtering**: Exclude tracking for requests from specific referrer domains (e.g., spam sites, unwanted sources)
 - **Device Recognition**: Browser, OS, and device type identification
 - **Geolocation Services**: Multiple provider support (IP-API, IPGeolocation, MaxMind)
 - **Visitor Tracking**: Cookie-based unique visitor identification
@@ -262,6 +278,12 @@ php artisan model:prune --model="MeShaon\RequestAnalytics\Models\RequestAnalytic
 ### Path Filtering
 - `ignore-paths`: Array of paths to exclude from tracking (e.g., admin routes, health checks)
 
+### IP and Referrer Filtering
+Filter out unwanted traffic to improve data quality and protect privacy by excluding specific IP addresses and referrer domains from analytics tracking.
+
+- `skip_ips`: Array of IP addresses or CIDR blocks to skip tracking. Supports exact IP matches (e.g., `'127.0.0.1'`) and CIDR notation for IP ranges (e.g., `'192.168.1.0/24'`). Useful for excluding internal networks, admin IPs, or development environments.
+- `skip_referrers`: Array of referrer domains to exclude from tracking. Filters out spam referrers, bot traffic, or internal tools (e.g., `'spam-site.com'`, `'internal-tool.com'`) to maintain clean analytics data.
+
 ### Data Retention
 - `pruning.enabled`: Automatic data cleanup (default: `true`)
 - `pruning.days`: Days to retain data (default: 90)
diff --git a/config/request-analytics.php b/config/request-analytics.php
@@ -40,6 +40,18 @@
         'livewire/*',
     ],
 
+    'skip_ips' => [
+        // '127.0.0.1',
+        // '192.168.1.0/24',
+        // Add IP addresses or CIDR blocks to skip tracking
+    ],
+
+    'skip_referrers' => [
+        // 'spam-site.com',
+        // 'unwanted-referrer.com',
+        // Add referrer domains to skip tracking
+    ],
+
     'pruning' => [
         'enabled' => env('REQUEST_ANALYTICS_PRUNING_ENABLED', true),
         'days' => env('REQUEST_ANALYTICS_PRUNING_DAYS', 90),
diff --git a/src/Traits/CaptureRequest.php b/src/Traits/CaptureRequest.php
@@ -7,6 +7,7 @@
 use MeShaon\RequestAnalytics\Services\BotDetectionService;
 use MeShaon\RequestAnalytics\Services\GeolocationService;
 use MeShaon\RequestAnalytics\Services\VisitorTrackingService;
+use Symfony\Component\HttpFoundation\IpUtils;
 use Symfony\Component\HttpFoundation\Response;
 
 trait CaptureRequest
@@ -22,6 +23,16 @@ public function capture(Request $request, Response $response, string $requestCat
             return null;
         }
 
+        // Skip if IP address is in the skip list
+        if ($this->shouldSkipIp($request)) {
+            return null;
+        }
+
+        // Skip if referrer is in the skip list
+        if ($this->shouldSkipReferrer($request)) {
+            return null;
+        }
+
         return $this->prepareRequestData($request, $response, $requestCategory);
     }
 
@@ -249,4 +260,69 @@ protected function isBot(Request $request): bool
             $request->ip()
         );
     }
+
+    protected function shouldSkipIp(Request $request): bool
+    {
+        $skipIps = config('request-analytics.skip_ips', []);
+
+        if (empty($skipIps)) {
+            return false;
+        }
+
+        $clientIp = $request->ip();
+
+        foreach ($skipIps as $skipIp) {
+            // IpUtils::checkIp handles both exact IPs and CIDR ranges for IPv4 and IPv6
+            if (IpUtils::checkIp($clientIp, $skipIp)) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    protected function shouldSkipReferrer(Request $request): bool
+    {
+        $skipReferrers = config('request-analytics.skip_referrers', []);
+
+        if (empty($skipReferrers)) {
+            return false;
+        }
+
+        $referrer = $request->header('referer', '');
+
+        if (empty($referrer)) {
+            return false;
+        }
+
+        // Extract domain from referrer URL
+        $referrerDomain = $this->extractDomainFromUrl($referrer);
+
+        foreach ($skipReferrers as $skipReferrer) {
+            // Check exact match or if referrer domain is a subdomain of skip domain
+            if ($referrerDomain === $skipReferrer || str_ends_with($referrerDomain, '.'.$skipReferrer)) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    protected function extractDomainFromUrl(string $url): string
+    {
+        $parsed = parse_url($url);
+
+        if (! isset($parsed['host'])) {
+            return '';
+        }
+
+        $host = strtolower($parsed['host']);
+
+        // Remove www. prefix if present
+        if (str_starts_with($host, 'www.')) {
+            return substr($host, 4);
+        }
+
+        return $host;
+    }
 }
diff --git a/tests/Unit/Traits/CaptureRequestTest.php b/tests/Unit/Traits/CaptureRequestTest.php
@@ -68,6 +68,26 @@ public function testIsBot(Request $request): bool
             {
                 return $this->isBot($request);
             }
+
+            public function testShouldSkipIp(Request $request): bool
+            {
+                return $this->shouldSkipIp($request);
+            }
+
+            public function testShouldSkipReferrer(Request $request): bool
+            {
+                return $this->shouldSkipReferrer($request);
+            }
+
+            public function testIpInCidrRange(string $ip, string $cidr): bool
+            {
+                return $this->ipInCidrRange($ip, $cidr);
+            }
+
+            public function testExtractDomainFromUrl(string $url): string
+            {
+                return $this->extractDomainFromUrl($url);
+            }
         };
     }
 
@@ -302,4 +322,183 @@ public function it_detects_bots_correctly(): void
         $this->assertFalse($this->traitClass->testIsBot($humanRequest));
         $this->assertTrue($this->traitClass->testIsBot($botRequest));
     }
+
+    #[Test]
+    public function it_returns_null_when_ip_should_be_skipped(): void
+    {
+        config(['request-analytics.skip_ips' => ['127.0.0.1', '192.168.1.100']]);
+
+        $request = Request::create('/test', 'GET');
+        $request->server->set('REMOTE_ADDR', '127.0.0.1');
+        $response = new Response('content');
+
+        $result = $this->traitClass->testCapture($request, $response, 'web');
+
+        $this->assertNull($result);
+    }
+
+    #[Test]
+    public function it_returns_null_when_ip_is_in_cidr_range(): void
+    {
+        config(['request-analytics.skip_ips' => ['192.168.1.0/24']]);
+
+        $request = Request::create('/test', 'GET');
+        $request->server->set('REMOTE_ADDR', '192.168.1.50');
+        $response = new Response('content');
+
+        $result = $this->traitClass->testCapture($request, $response, 'web');
+
+        $this->assertNull($result);
+    }
+
+    #[Test]
+    public function it_returns_null_when_referrer_should_be_skipped(): void
+    {
+        config(['request-analytics.skip_referrers' => ['spam-site.com', 'unwanted-referrer.com']]);
+
+        $request = Request::create('/test', 'GET');
+        $request->headers->set('referer', 'https://spam-site.com/page');
+        $response = new Response('content');
+
+        $result = $this->traitClass->testCapture($request, $response, 'web');
+
+        $this->assertNull($result);
+    }
+
+    #[Test]
+    public function it_returns_data_when_ip_is_not_in_skip_list(): void
+    {
+        config([
+            'request-analytics.skip_ips' => ['127.0.0.1'],
+            'request-analytics.geolocation.enabled' => false,
+            'request-analytics.capture.bots' => true,
+        ]);
+
+        $request = Request::create('/test', 'GET');
+        $request->server->set('REMOTE_ADDR', '192.168.1.100');
+        $request->headers->set('User-Agent', 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36');
+        $response = new Response('content');
+
+        $result = $this->traitClass->testCapture($request, $response, 'web');
+
+        $this->assertInstanceOf(RequestDataDTO::class, $result);
+    }
+
+    #[Test]
+    public function it_returns_data_when_referrer_is_not_in_skip_list(): void
+    {
+        config([
+            'request-analytics.skip_referrers' => ['spam-site.com'],
+            'request-analytics.geolocation.enabled' => false,
+            'request-analytics.capture.bots' => true,
+        ]);
+
+        $request = Request::create('/test', 'GET');
+        $request->headers->set('referer', 'https://example.com/page');
+        $request->headers->set('User-Agent', 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36');
+        $response = new Response('content');
+
+        $result = $this->traitClass->testCapture($request, $response, 'web');
+
+        $this->assertInstanceOf(RequestDataDTO::class, $result);
+    }
+
+    #[Test]
+    public function it_should_skip_ip_correctly(): void
+    {
+        config(['request-analytics.skip_ips' => ['127.0.0.1', '10.0.0.1']]);
+
+        $skipRequest = Request::create('/test', 'GET');
+        $skipRequest->server->set('REMOTE_ADDR', '127.0.0.1');
+
+        $allowRequest = Request::create('/test', 'GET');
+        $allowRequest->server->set('REMOTE_ADDR', '192.168.1.1');
+
+        $this->assertTrue($this->traitClass->testShouldSkipIp($skipRequest));
+        $this->assertFalse($this->traitClass->testShouldSkipIp($allowRequest));
+    }
+
+    #[Test]
+    public function it_should_skip_referrer_correctly(): void
+    {
+        config(['request-analytics.skip_referrers' => ['spam-site.com', 'unwanted.com']]);
+
+        $skipRequest = Request::create('/test', 'GET');
+        $skipRequest->headers->set('referer', 'https://spam-site.com/some-page');
+
+        $skipWwwRequest = Request::create('/test', 'GET');
+        $skipWwwRequest->headers->set('referer', 'https://www.spam-site.com/some-page');
+
+        $allowRequest = Request::create('/test', 'GET');
+        $allowRequest->headers->set('referer', 'https://example.com/some-page');
+
+        $noReferrerRequest = Request::create('/test', 'GET');
+
+        $this->assertTrue($this->traitClass->testShouldSkipReferrer($skipRequest));
+        $this->assertTrue($this->traitClass->testShouldSkipReferrer($skipWwwRequest));
+        $this->assertFalse($this->traitClass->testShouldSkipReferrer($allowRequest));
+        $this->assertFalse($this->traitClass->testShouldSkipReferrer($noReferrerRequest));
+    }
+
+    #[Test]
+    #[DataProvider('cidrRangeProvider')]
+    public function it_checks_ip_in_cidr_range_correctly(string $ip, string $cidr, bool $expected): void
+    {
+        $result = $this->traitClass->testIpInCidrRange($ip, $cidr);
+
+        $this->assertEquals($expected, $result);
+    }
+
+    public static function cidrRangeProvider(): array
+    {
+        return [
+            ['192.168.1.1', '192.168.1.0/24', true],
+            ['192.168.1.255', '192.168.1.0/24', true],
+            ['192.168.2.1', '192.168.1.0/24', false],
+            ['10.0.0.1', '10.0.0.0/8', true],
+            ['11.0.0.1', '10.0.0.0/8', false],
+            ['172.16.0.1', '172.16.0.0/16', true],
+            ['172.17.0.1', '172.16.0.0/16', false],
+            ['127.0.0.1', '127.0.0.0/8', true],
+        ];
+    }
+
+    #[Test]
+    #[DataProvider('domainExtractionProvider')]
+    public function it_extracts_domain_from_url_correctly(string $url, string $expected): void
+    {
+        $result = $this->traitClass->testExtractDomainFromUrl($url);
+
+        $this->assertEquals($expected, $result);
+    }
+
+    public static function domainExtractionProvider(): array
+    {
+        return [
+            ['https://example.com', 'example.com'],
+            ['https://www.example.com', 'example.com'],
+            ['http://subdomain.example.com', 'subdomain.example.com'],
+            ['https://www.subdomain.example.com', 'subdomain.example.com'],
+            ['https://example.com/path/to/page', 'example.com'],
+            ['https://www.example.com/path?query=value#fragment', 'example.com'],
+            ['ftp://files.example.com', 'files.example.com'],
+            ['invalid-url', ''],
+        ];
+    }
+
+    #[Test]
+    public function it_handles_empty_skip_lists_correctly(): void
+    {
+        config([
+            'request-analytics.skip_ips' => [],
+            'request-analytics.skip_referrers' => [],
+        ]);
+
+        $request = Request::create('/test', 'GET');
+        $request->server->set('REMOTE_ADDR', '127.0.0.1');
+        $request->headers->set('referer', 'https://any-site.com');
+
+        $this->assertFalse($this->traitClass->testShouldSkipIp($request));
+        $this->assertFalse($this->traitClass->testShouldSkipReferrer($request));
+    }
 }
