package IPblacklist;
use strict;
use warnings;
use Data::Dumper;

my %CONSTANTS =    (
                       outputfile  => "tmp/blacklist.csv",
                       threshold   => 200,
                       excludedip  => [],
                       eventtype   => [],
                       maxage      => "1D",
                    );

my %FORMAT   =      (  maxage     => qr/\d+[hdmHDM]/, );


sub run {
    my (undef, $modprefix, $cfg, $dbh, $db_engine) = @_;
    my $v = Constants::mergeConfigs($cfg, $modprefix, \%CONSTANTS, \%FORMAT);

    my $eventtype_query = DB::joinIN("type", \@{$v->{'eventtype'}});
    my $excluded_query  = DB::joinNotIN("source", \@{$v->{'excludedip'}});

    my $condition = substr($excluded_query . $eventtype_query, 0, -5);
    my @columns= ("source");
    my @params = ($condition, DB::getOldDataDB($db_engine, "NEWER", $v->{'maxage'}));
    my $query = DB::getQueryCondThreshold($db_engine, "events", \@columns, \@params, $v->{'threshold'});

    my @rows = Utils::fetchall_array_hashref($dbh, $query);

    sub record { my $r = shift; return "$r->{'source'},\n"; };
    
    my $ret = Utils::generateOutput($v->{'outputfile'}, \@rows, undef, \&record, undef, $v);
    return $ret;
}
1;