feat(infra): Cloudflare Radar DDoS attacks + traffic anomaly endpoints (#2067)

Browse Source

* feat(infra): add Cloudflare Radar DDoS attacks + traffic anomaly endpoints

Extends the existing Cloudflare Radar integration (internet outages) with
two new data streams, both confirmed accessible with the current token:
- L3/L4 DDoS attack summaries (protocol + vector breakdowns, 7d window)
- Traffic anomaly events (DNS/BGP/ICMP anomalies with country + ASN context)

Changes:
- proto: add DdosAttackSummaryEntry + TrafficAnomaly messages; new
  list_internet_ddos_attacks.proto and list_internet_traffic_anomalies.proto;
  wire two new RPCs into InfrastructureService
- buf generate: regenerated server/client TypeScript from updated protos
- seed-internet-outages.mjs: add fetchDdosData() + fetchTrafficAnomalies()
  called inside fetchAll() before runSeed() (process.exit-safe pattern);
  writes cf:radar:ddos:v1 and cf:radar:traffic-anomalies:v1
- list-ddos-attacks.ts + list-traffic-anomalies.ts: read-from-seed handlers
- handler.ts: wire new handlers
- cache-keys.ts + api/bootstrap.js: add ddosAttacks + trafficAnomalies
  bootstrap keys (fast tier); kept in sync to pass bootstrap parity tests
- gateway.ts: add RPC_CACHE_TIER entries (slow) for new routes
- services/infrastructure: add fetchDdosAttacks() + fetchTrafficAnomalies()
  with circuit breakers + hydration support

UI surface (cards alongside outage map) deferred to follow-up.

Closes #2043

* fix(i18n): rename Internet Outages → Internet Disruptions

Broader term covers outages, DDoS events, and traffic anomalies now
seeded from Cloudflare Radar. Updated in en.json (layer label, tooltip,
country brief count strings), map-layer-definitions.ts fallback label,
and commands.ts search keywords.

Other locales retain their translated strings (not degraded — they
already use broader equivalents like "internet disruption" in many langs).

* feat(map): render traffic anomalies + DDoS target locations on disruptions layer

Adds geo-coordinates to both data types so they appear as map markers
under the Internet Disruptions toggle alongside existing outage circles.

- Proto: add latitude/longitude to TrafficAnomaly (fields 10/11), add new
  DdosLocationHit message, add top_target_locations to DdosAttacksResponse
- Seeder: resolve lat/lon from COUNTRY_COORDS for traffic anomalies; fetch
  CF Radar top/locations/target endpoint for DDoS top-target locations
- Server handler: pass topTargetLocations through from Redis seed cache
- DeckGLMap: amber trafficAnomaly layer + purple ddosHit layer with tooltips
- GlobeMap: TrafficAnomalyMarker + DdosHitMarker with emoji indicators
- MapContainer: expose setTrafficAnomalies() + setDdosLocations() setters
- data-loader: fire-and-forget anomaly/DDoS fetches after outages load

* fix(review): address code review findings + add Internet Disruptions panel

- fix: totalCount returns filtered count when country param is set
- fix: countryName uses clientCountryName fallback (was always empty)
- fix: remove duplicate toEpochMsFromIso (consolidate into toEpochMs)
- fix: anomalies guard >= 0 → > 0 (don't write empty array to Redis)
- fix: GlobeMap uses named top-level imports instead of inline imports
- feat: InternetDisruptionsPanel with 3 tabs (Outages / DDoS / Anomalies)

...

This commit is contained in:

Elie Habib

2026-03-22 22:58:41 +04:00

committed by GitHub

parent df29d59ff7

commit ddc6603cce

28 changed files with 1296 additions and 13 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

2

docs/api/InfrastructureService.openapi.json

File diff suppressed because one or more lines are too long