Remove ML model artifacts from git and add FCM push notifications

.env.example

@@ -0,0 +1,12 @@
+# Environment Configuration Template for Idéfix WAF
+# Copy this file to .env and fill in your actual values
+
+# Firebase Cloud Messaging Configuration
+# Get your FCM server key from Firebase Console > Project Settings > Cloud Messaging
+FCM_SERVER_KEY=your_firebase_server_key_here
+
+# Device Tokens File Path (optional)
+# Default: device_tokens.json in the same directory
+# DEVICE_TOKENS_FILE=/path/to/device_tokens.json
+
+# Note: Never commit the actual .env file to git!

.github/workflows/build-models.yml

@@ -0,0 +1,57 @@
+name: Build ML Models
+
+on:
+  workflow_dispatch:
+  push:
+    paths:
+      - 'Moulinette_Dev/Datasets/**'
+      - 'Moulinette_Dev/Scripts/Build/**'
+
+jobs:
+  build-models:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install tensorflow scikit-learn pandas tqdm
+
+      - name: Build models
+        run: |
+          cd Moulinette_Dev/Scripts/Build
+          echo "Building XSS model..."
+          python build_model_xss.py || echo "XSS model build failed"
+          echo "Building SQL model..."
+          python build_model_sql.py || echo "SQL model build failed"
+          echo "Building Path Traversal model..."
+          python build_model_path_traversal.py || echo "Path Traversal model build failed"
+          echo "Building General model..."
+          python build_model_general.py || echo "General model build failed"
+
+      - name: Upload model artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: ml-models
+          path: |
+            Moulinette_Dev/IA/Models/*.h5
+            Moulinette_Dev/IA/Models/*.tflite
+            Moulinette_Dev/IA/Tokens/*.tokens
+          retention-days: 30
+          if-no-files-found: warn
+
+      - name: Clean up old artifacts
+        uses: geekyeggo/delete-artifact@v5
+        with:
+          name: ml-models
+          useGlob: false
+          failOnError: false
+          # Keep only the latest artifact
+          token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/clean-artifacts.yml

@@ -0,0 +1,65 @@
+name: Clean Old Artifacts
+
+on:
+  schedule:
+    # Run daily at midnight UTC
+    - cron: '0 0 * * *'
+  workflow_dispatch:
+
+jobs:
+  clean-artifacts:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Clean old artifacts
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const owner = context.repo.owner;
+            const repo = context.repo.repo;
+
+            console.log('Fetching artifacts for repository:', owner + '/' + repo);
+
+            // Get all artifacts
+            const artifacts = await github.rest.actions.listArtifactsForRepo({
+              owner,
+              repo,
+              per_page: 100
+            });
+
+            console.log(`Found ${artifacts.data.artifacts.length} artifacts`);
+
+            // Group artifacts by name
+            const artifactGroups = {};
+            for (const artifact of artifacts.data.artifacts) {
+              if (!artifactGroups[artifact.name]) {
+                artifactGroups[artifact.name] = [];
+              }
+              artifactGroups[artifact.name].push(artifact);
+            }
+
+            // For each artifact name, keep only the latest one and delete the rest
+            for (const [name, group] of Object.entries(artifactGroups)) {
+              console.log(`Processing artifact group: ${name} (${group.length} artifacts)`);
+
+              // Sort by created_at descending (newest first)
+              group.sort((a, b) => new Date(b.created_at) - new Date(a.created_at));
+
+              // Keep the first one (newest), delete the rest
+              for (let i = 1; i < group.length; i++) {
+                const artifact = group[i];
+                console.log(`Deleting old artifact: ${artifact.name} (ID: ${artifact.id}, created: ${artifact.created_at})`);
+                try {
+                  await github.rest.actions.deleteArtifact({
+                    owner,
+                    repo,
+                    artifact_id: artifact.id
+                  });
+                  console.log(`Successfully deleted artifact ${artifact.id}`);
+                } catch (error) {
+                  console.error(`Failed to delete artifact ${artifact.id}:`, error.message);
+                }
+              }
+            }
+
+            console.log('Artifact cleanup completed');

.gitignore

@@ -0,0 +1,34 @@
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+.venv/
+venv/
+ENV/
+env/
+
+# OS
+.DS_Store
+Thumbs.db
+
+# ML Models and Tokens (build artifacts)
+*.h5
+*.tflite
+*.tokens
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+
+# Build artifacts
+*.log
+*.tmp
+
+# Configuration files with secrets
+device_tokens.json
+.env

IMPLEMENTATION_SUMMARY.md

@@ -0,0 +1,137 @@
+# Implementation Summary
+
+## Overview
+This implementation addresses the two requirements from the problem statement:
+1. ✅ Clean actions artifacts once files are added to the repository
+2. ✅ Add push notifications to the app
+
+## What Was Done
+
+### 1. Artifact Cleanup (Models no longer in Git)
+
+**Problem**: Large ML model files (100MB+) were committed to git, bloating the repository.
+
+**Solution**:
+- Removed all model files (.h5, .tflite) and token files (.tokens) from git tracking
+- Added comprehensive `.gitignore` to prevent future commits
+- Created GitHub Actions workflows to build models and store as artifacts
+- Implemented automatic cleanup of old artifacts (keeps only latest)
+
+**Files Removed from Git**:
+- 8 model files (.h5 and .tflite) totaling ~100MB
+- 4 token files totaling ~3MB
+- Additional production model copies
+
+**New Workflows**:
+1. `build-models.yml`: Builds models on dataset/script changes
+2. `clean-artifacts.yml`: Daily cleanup of old artifacts
+
+### 2. Push Notifications
+
+**Problem**: No push notifications were sent when malicious requests were detected.
+
+**Solution**:
+- Implemented Firebase Cloud Messaging (FCM) integration
+- Added `notification_service.py` with async HTTP support using aiohttp
+- Integrated into both Dev and Prod server main loops
+- Sends notifications when malicious requests are detected (URI or Body)
+
+**Features**:
+- ✅ Real-time alerts for malicious requests
+- ✅ Configurable via environment variables (FCM_SERVER_KEY)
+- ✅ Support for multiple device tokens
+- ✅ Detailed notification payload with timestamp, client IP, and verdict
+- ✅ Graceful degradation when notifications are disabled
+
+**Notification Format**:
+```json
+{
+  "title": "🚨 Malicious Request Detected",
+  "body": "Source: [IP]\nTime: [timestamp]\nType: [URI/Body]",
+  "data": {
+    "timestamp": "...",
+    "client": "...",
+    "uri": "...",
+    "verdict_uri": "MALICIOUS",
+    "verdict_body": "SAFE",
+    "type": "malicious_request"
+  }
+}
+```
+
+## Files Modified
+
+### Core Changes
+- `server_socket_main.py` (Dev) - Added notification service integration
+- `server_socket_main.py` (Prod) - Added notification service integration
+- `.gitignore` (root) - Exclude models, tokens, secrets
+- `Moulinette_Dev/.gitignore` - Enhanced with model exclusions
+- `requirements.txt` - Added aiohttp dependency
+
+### New Files
+- `.github/workflows/build-models.yml` - Model building workflow
+- `.github/workflows/clean-artifacts.yml` - Artifact cleanup workflow
+- `notification_service.py` (Dev & Prod) - Push notification service
+- `device_tokens.json.example` - Device token template
+- `.env.example` - Environment configuration template
+- `SETUP_GUIDE.md` - Comprehensive setup instructions
+- `QUICK_REFERENCE.md` - Quick reference for common tasks
+- `test_notification_service.py` - Unit tests
+
+### Updated Documentation
+- `README.md` - Added features list and quick start
+
+## Testing
+
+All changes have been validated:
+- ✅ Python syntax validated for all modified files
+- ✅ YAML syntax validated for all workflows
+- ✅ Unit tests created and passing for notification service
+- ✅ Model files successfully removed from git tracking
+- ✅ Model files still present locally for runtime use
+
+## Usage
+
+### Setting Up Push Notifications
+1. Get Firebase Server Key from Firebase Console
+2. Set environment variable: `export FCM_SERVER_KEY="your_key"`
+3. Copy `device_tokens.json.example` to `device_tokens.json`
+4. Add your FCM device tokens to the JSON file
+5. Start the server - notifications will be sent automatically
+
+### Managing ML Models
+- **Build locally**: Run scripts in `Moulinette_Dev/Scripts/Build/`
+- **Build via Actions**: Trigger "Build ML Models" workflow
+- **Download**: Get artifacts from GitHub Actions
+
+## Architecture
+
+```
+Request → WAF Proxy → Main Server → ML Hearts (XSS, SQL, Path Traversal)
+                           ↓
+                    Notification Service → Firebase FCM → Mobile Apps
+```
+
+## Security Notes
+- ⚠️ Never commit `device_tokens.json` or `.env` files
+- ⚠️ FCM server key should be kept secret
+- ⚠️ All sensitive files are now in `.gitignore`
+
+## Impact
+- **Repository size**: Reduced by ~100MB
+- **Developer experience**: Models built via CI/CD
+- **Security monitoring**: Real-time push notifications
+- **Maintainability**: Clear documentation and examples
+
+## Next Steps for Users
+1. Set up Firebase project and get FCM server key
+2. Configure device tokens for target devices
+3. Set up mobile app to receive FCM notifications
+4. Run the workflows to verify artifact management works
+5. Test notifications by sending malicious requests
+
+## References
+- [SETUP_GUIDE.md](SETUP_GUIDE.md) - Detailed setup instructions
+- [QUICK_REFERENCE.md](QUICK_REFERENCE.md) - Common tasks
+- [.env.example](.env.example) - Environment variables
+- [device_tokens.json.example](Moulinette_Dev/Scripts/Sockets/Servers/device_tokens.json.example) - Token configuration

Moulinette_Dev/.gitignore

@@ -1,4 +1,10 @@
 # Ignore the virtual environment directory
 .venv/
 # Ignorer les fichiers .DS_Store
-.DS_Store
+.DS_Store
+# Ignore ML model files and tokens (build artifacts)
+IA/Models/*.h5
+IA/Models/*.tflite
+IA/Tokens/*.tokens
+Moulinette_docker_V2/*.tflite
+Moulinette_docker_V2/*.tokens

Moulinette_Dev/Deployment/requirements.txt

@@ -1,3 +1,4 @@
 tensorflow
 scikit-learn
-tqdm
+tqdm
+aiohttp

Moulinette_Dev/Scripts/Sockets/Servers/device_tokens.json.example

@@ -0,0 +1,6 @@
+{
+  "tokens": [
+    "EXAMPLE_DEVICE_TOKEN_1",
+    "EXAMPLE_DEVICE_TOKEN_2"
+  ]
+}