CrowdSec LAPI fails to handle gzipped requests from Agent >= v1.7.0

[Fittoni]

Hello,

Since the CrowdSec Agent v1.7.0, the client uses Content-Encoding: gzip for requests larger than 5KB to the LAPI, as introduced in crowdsecurity/crowdsec#3709

The server-side endpoint managed by the os-crowdsec plugin on OPNsense does not correctly handle this Content-Encoding. The gzipped request body is not being decompressed before it is processed, which causes the LAPI to fail when it attempts to parse the binary gzip data as JSON.

This results in the LAPI returning a 400 Bad Request with the error message: {"message":"invalid character '\x1f' looking for beginning of value"}.

Affected Versions:
os-crowdsec (OPNsense Plugin): 1.0.12
crowdsecurity/crowdsec Docker Container >= v1.7.0

Steps to Reproduce:
- Install and configure os-crowdsec on OPNsense.
- Connect a CrowdSec agent with version v1.7.0 or newer.
- Do a scan that results in an Alert
- Observe the communication failure and the 400 Bad Request errors from the server.

Workaround:
Pinning the agent to a version prior to this change (e.g., crowdsecurity/crowdsec:v1.6.11) resolves the issue.

[OPNsense-bot]

Thank you for creating an issue.
Since the ticket doesn't seem to be using one of our templates, we're marking this issue as low priority until further notice.

For more information about the policies for this repository,
please read https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md for further details.

The easiest option to gain traction is to close this ticket and open a new one using one of our templates.