EdgeAPI/internal/rpc/services/service_http_firewall_rule_group.go

package services

import (
	"context"
	"encoding/json"

	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
	"github.com/TeaOSLab/EdgeAPI/internal/errors"
	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
)

// HTTPFirewallRuleGroupService WAF规则分组相关服务
type HTTPFirewallRuleGroupService struct {
	BaseService
}

// UpdateHTTPFirewallRuleGroupIsOn 设置是否启用分组
func (this *HTTPFirewallRuleGroupService) UpdateHTTPFirewallRuleGroupIsOn(ctx context.Context, req *pb.UpdateHTTPFirewallRuleGroupIsOnRequest) (*pb.RPCSuccess, error) {
	// 校验请求
	_, userId, err := this.ValidateAdminAndUser(ctx, true)
	if err != nil {
		return nil, err
	}

	if userId > 0 {
		// 校验权限
		err = models.SharedHTTPFirewallRuleGroupDAO.CheckUserRuleGroup(nil, userId, req.FirewallRuleGroupId)
		if err != nil {
			return nil, err
		}
	}

	var tx = this.NullTx()

	err = models.SharedHTTPFirewallRuleGroupDAO.UpdateGroupIsOn(tx, req.FirewallRuleGroupId, req.IsOn)
	if err != nil {
		return nil, err
	}

	return this.Success()
}

// CreateHTTPFirewallRuleGroup 创建分组
func (this *HTTPFirewallRuleGroupService) CreateHTTPFirewallRuleGroup(ctx context.Context, req *pb.CreateHTTPFirewallRuleGroupRequest) (*pb.CreateHTTPFirewallRuleGroupResponse, error) {
	// 校验请求
	_, _, err := this.ValidateAdminAndUser(ctx, true)
	if err != nil {
		return nil, err
	}

	var tx = this.NullTx()

	groupId, err := models.SharedHTTPFirewallRuleGroupDAO.CreateGroup(tx, req.IsOn, req.Name, req.Code, req.Description)
	if err != nil {
		return nil, err
	}
	return &pb.CreateHTTPFirewallRuleGroupResponse{FirewallRuleGroupId: groupId}, nil
}

// UpdateHTTPFirewallRuleGroup 修改分组
func (this *HTTPFirewallRuleGroupService) UpdateHTTPFirewallRuleGroup(ctx context.Context, req *pb.UpdateHTTPFirewallRuleGroupRequest) (*pb.RPCSuccess, error) {
	// 校验请求
	_, userId, err := this.ValidateAdminAndUser(ctx, true)
	if err != nil {
		return nil, err
	}

	if userId > 0 {
		// 校验权限
		err = models.SharedHTTPFirewallRuleGroupDAO.CheckUserRuleGroup(nil, userId, req.FirewallRuleGroupId)
		if err != nil {
			return nil, err
		}
	}

	var tx = this.NullTx()

	err = models.SharedHTTPFirewallRuleGroupDAO.UpdateGroup(tx, req.FirewallRuleGroupId, req.IsOn, req.Name, req.Code, req.Description)
	if err != nil {
		return nil, err
	}

	return this.Success()
}

// FindEnabledHTTPFirewallRuleGroupConfig 获取分组配置
func (this *HTTPFirewallRuleGroupService) FindEnabledHTTPFirewallRuleGroupConfig(ctx context.Context, req *pb.FindEnabledHTTPFirewallRuleGroupConfigRequest) (*pb.FindEnabledHTTPFirewallRuleGroupConfigResponse, error) {
	// 校验请求
	_, userId, err := this.ValidateAdminAndUser(ctx, true)
	if err != nil {
		return nil, err
	}

	if userId > 0 {
		// 校验权限
		err = models.SharedHTTPFirewallRuleGroupDAO.CheckUserRuleGroup(nil, userId, req.FirewallRuleGroupId)
		if err != nil {
			return nil, err
		}
	}

	var tx = this.NullTx()

	groupConfig, err := models.SharedHTTPFirewallRuleGroupDAO.ComposeFirewallRuleGroup(tx, req.FirewallRuleGroupId, false)
	if err != nil {
		return nil, err
	}
	if groupConfig == nil {
		return &pb.FindEnabledHTTPFirewallRuleGroupConfigResponse{FirewallRuleGroupJSON: nil}, nil
	}
	groupConfigJSON, err := json.Marshal(groupConfig)
	if err != nil {
		return nil, err
	}
	return &pb.FindEnabledHTTPFirewallRuleGroupConfigResponse{FirewallRuleGroupJSON: groupConfigJSON}, nil
}

// FindEnabledHTTPFirewallRuleGroup 获取分组信息
func (this *HTTPFirewallRuleGroupService) FindEnabledHTTPFirewallRuleGroup(ctx context.Context, req *pb.FindEnabledHTTPFirewallRuleGroupRequest) (*pb.FindEnabledHTTPFirewallRuleGroupResponse, error) {
	// 校验请求
	_, userId, err := this.ValidateAdminAndUser(ctx, true)
	if err != nil {
		return nil, err
	}

	if userId > 0 {
		// 校验权限
		err = models.SharedHTTPFirewallRuleGroupDAO.CheckUserRuleGroup(nil, userId, req.FirewallRuleGroupId)
		if err != nil {
			return nil, err
		}
	}

	var tx = this.NullTx()

	group, err := models.SharedHTTPFirewallRuleGroupDAO.FindEnabledHTTPFirewallRuleGroup(tx, req.FirewallRuleGroupId)
	if err != nil {
		return nil, err
	}
	if group == nil {
		return &pb.FindEnabledHTTPFirewallRuleGroupResponse{
			FirewallRuleGroup: nil,
		}, nil
	}

	return &pb.FindEnabledHTTPFirewallRuleGroupResponse{
		FirewallRuleGroup: &pb.HTTPFirewallRuleGroup{
			Id:          int64(group.Id),
			Name:        group.Name,
			IsOn:        group.IsOn,
			Description: group.Description,
			Code:        group.Code,
		},
	}, nil
}

// UpdateHTTPFirewallRuleGroupSets 修改分组的规则集
func (this *HTTPFirewallRuleGroupService) UpdateHTTPFirewallRuleGroupSets(ctx context.Context, req *pb.UpdateHTTPFirewallRuleGroupSetsRequest) (*pb.RPCSuccess, error) {
	// 校验请求
	_, userId, err := this.ValidateAdminAndUser(ctx, true)
	if err != nil {
		return nil, err
	}

	if userId > 0 {
		// 校验权限
		err = models.SharedHTTPFirewallRuleGroupDAO.CheckUserRuleGroup(nil, userId, req.FirewallRuleGroupId)
		if err != nil {
			return nil, err
		}
	}

	var tx = this.NullTx()

	err = models.SharedHTTPFirewallRuleGroupDAO.UpdateGroupSets(tx, req.GetFirewallRuleGroupId(), req.FirewallRuleSetsJSON)
	if err != nil {
		return nil, err
	}
	return this.Success()
}

// AddHTTPFirewallRuleGroupSet 添加规则集
func (this *HTTPFirewallRuleGroupService) AddHTTPFirewallRuleGroupSet(ctx context.Context, req *pb.AddHTTPFirewallRuleGroupSetRequest) (*pb.RPCSuccess, error) {
	// 校验请求
	_, userId, err := this.ValidateAdminAndUser(ctx, true)
	if err != nil {
		return nil, err
	}

	if userId > 0 {
		// 校验权限
		err = models.SharedHTTPFirewallRuleGroupDAO.CheckUserRuleGroup(nil, userId, req.FirewallRuleGroupId)
		if err != nil {
			return nil, err
		}
	}

	var tx = this.NullTx()

	// 已经有的规则
	config, err := models.SharedHTTPFirewallRuleGroupDAO.ComposeFirewallRuleGroup(tx, req.FirewallRuleGroupId, false)
	if err != nil {
		return nil, err
	}
	if config == nil {
		return nil, errors.New("can not find group")
	}
	var setRefs = config.SetRefs

	var set = &firewallconfigs.HTTPFirewallRuleSet{}
	err = json.Unmarshal(req.FirewallRuleSetConfigJSON, set)
	if err != nil {
		return nil, err
	}

	if set.Id > 0 {
		setRefs = append(setRefs, &firewallconfigs.HTTPFirewallRuleSetRef{
			IsOn:  true,
			SetId: set.Id,
		})
	} else {
		setId, err := models.SharedHTTPFirewallRuleSetDAO.CreateOrUpdateSetFromConfig(tx, set)
		if err != nil {
			return nil, err
		}
		setRefs = append(setRefs, &firewallconfigs.HTTPFirewallRuleSetRef{
			IsOn:  true,
			SetId: setId,
		})
	}

	setRefsJSON, err := json.Marshal(setRefs)
	if err != nil {
		return nil, err
	}

	err = models.SharedHTTPFirewallRuleGroupDAO.UpdateGroupSets(tx, req.FirewallRuleGroupId, setRefsJSON)
	if err != nil {
		return nil, err
	}
	return this.Success()
}
实现WAF部分功能 2020-10-07 11:18:12 +08:00			`package services`

			`import (`
			`"context"`
			`"encoding/json"`
v1.4.1 2024-07-27 14:15:25 +08:00
实现WAF部分功能 2020-10-07 11:18:12 +08:00			`"github.com/TeaOSLab/EdgeAPI/internal/db/models"`
增加为WAF分组添加规则集的API 2021-10-25 12:01:16 +08:00			`"github.com/TeaOSLab/EdgeAPI/internal/errors"`
实现WAF部分功能 2020-10-07 11:18:12 +08:00			`"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"`
增加为WAF分组添加规则集的API 2021-10-25 12:01:16 +08:00			`"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"`
实现WAF部分功能 2020-10-07 11:18:12 +08:00			`)`

修复WAF用户检查的Bug 2021-06-27 08:31:10 +08:00			`// HTTPFirewallRuleGroupService WAF规则分组相关服务`
实现WAF部分功能 2020-10-07 11:18:12 +08:00			`type HTTPFirewallRuleGroupService struct {`
调整SSL证书目录结构 2020-11-24 15:02:44 +08:00			`BaseService`
实现WAF部分功能 2020-10-07 11:18:12 +08:00			`}`

修复WAF用户检查的Bug 2021-06-27 08:31:10 +08:00			`// UpdateHTTPFirewallRuleGroupIsOn 设置是否启用分组`
实现基本的集群DNS列表、设置、简单数据同步 2020-11-13 18:22:22 +08:00			`func (this HTTPFirewallRuleGroupService) UpdateHTTPFirewallRuleGroupIsOn(ctx context.Context, req pb.UpdateHTTPFirewallRuleGroupIsOnRequest) (*pb.RPCSuccess, error) {`
实现WAF部分功能 2020-10-07 11:18:12 +08:00			`// 校验请求`
优化接口权限 2022-09-17 16:07:37 +08:00			`_, userId, err := this.ValidateAdminAndUser(ctx, true)`
实现WAF部分功能 2020-10-07 11:18:12 +08:00			`if err != nil {`
			`return nil, err`
			`}`

部分API对user角色开放 2021-01-18 21:28:51 +08:00			`if userId > 0 {`
			`// 校验权限`
			`err = models.SharedHTTPFirewallRuleGroupDAO.CheckUserRuleGroup(nil, userId, req.FirewallRuleGroupId)`
			`if err != nil {`
			`return nil, err`
			`}`
			`}`

优化代码 2022-07-22 15:05:30 +08:00			`var tx = this.NullTx()`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00
			`err = models.SharedHTTPFirewallRuleGroupDAO.UpdateGroupIsOn(tx, req.FirewallRuleGroupId, req.IsOn)`
实现WAF部分功能 2020-10-07 11:18:12 +08:00			`if err != nil {`
			`return nil, err`
			`}`

调整SSL证书目录结构 2020-11-24 15:02:44 +08:00			`return this.Success()`
实现WAF部分功能 2020-10-07 11:18:12 +08:00			`}`

修复WAF用户检查的Bug 2021-06-27 08:31:10 +08:00			`// CreateHTTPFirewallRuleGroup 创建分组`
实现WAF部分功能 2020-10-07 11:18:12 +08:00			`func (this HTTPFirewallRuleGroupService) CreateHTTPFirewallRuleGroup(ctx context.Context, req pb.CreateHTTPFirewallRuleGroupRequest) (*pb.CreateHTTPFirewallRuleGroupResponse, error) {`
			`// 校验请求`
优化接口权限 2022-09-17 16:07:37 +08:00			`_, _, err := this.ValidateAdminAndUser(ctx, true)`
实现WAF部分功能 2020-10-07 11:18:12 +08:00			`if err != nil {`
			`return nil, err`
			`}`

优化代码 2022-07-22 15:05:30 +08:00			`var tx = this.NullTx()`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00
创建WAF分组时也记录代号 2021-10-25 19:02:20 +08:00			`groupId, err := models.SharedHTTPFirewallRuleGroupDAO.CreateGroup(tx, req.IsOn, req.Name, req.Code, req.Description)`
实现WAF部分功能 2020-10-07 11:18:12 +08:00			`if err != nil {`
			`return nil, err`
			`}`
			`return &pb.CreateHTTPFirewallRuleGroupResponse{FirewallRuleGroupId: groupId}, nil`
			`}`

修复WAF用户检查的Bug 2021-06-27 08:31:10 +08:00			`// UpdateHTTPFirewallRuleGroup 修改分组`
实现基本的集群DNS列表、设置、简单数据同步 2020-11-13 18:22:22 +08:00			`func (this HTTPFirewallRuleGroupService) UpdateHTTPFirewallRuleGroup(ctx context.Context, req pb.UpdateHTTPFirewallRuleGroupRequest) (*pb.RPCSuccess, error) {`
实现WAF部分功能 2020-10-07 11:18:12 +08:00			`// 校验请求`
优化接口权限 2022-09-17 16:07:37 +08:00			`_, userId, err := this.ValidateAdminAndUser(ctx, true)`
实现WAF部分功能 2020-10-07 11:18:12 +08:00			`if err != nil {`
			`return nil, err`
			`}`

部分API对user角色开放 2021-01-18 21:28:51 +08:00			`if userId > 0 {`
			`// 校验权限`
			`err = models.SharedHTTPFirewallRuleGroupDAO.CheckUserRuleGroup(nil, userId, req.FirewallRuleGroupId)`
			`if err != nil {`
			`return nil, err`
			`}`
			`}`

优化代码 2022-07-22 15:05:30 +08:00			`var tx = this.NullTx()`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00
WAF策略：可以修改分组代号/导入时可以根据名称合并 2021-12-12 20:24:36 +08:00			`err = models.SharedHTTPFirewallRuleGroupDAO.UpdateGroup(tx, req.FirewallRuleGroupId, req.IsOn, req.Name, req.Code, req.Description)`
实现WAF部分功能 2020-10-07 11:18:12 +08:00			`if err != nil {`
			`return nil, err`
			`}`

调整SSL证书目录结构 2020-11-24 15:02:44 +08:00			`return this.Success()`
实现WAF部分功能 2020-10-07 11:18:12 +08:00			`}`

修复WAF用户检查的Bug 2021-06-27 08:31:10 +08:00			`// FindEnabledHTTPFirewallRuleGroupConfig 获取分组配置`
实现点击访问日志显示详情窗口 2020-11-02 21:15:31 +08:00			`func (this HTTPFirewallRuleGroupService) FindEnabledHTTPFirewallRuleGroupConfig(ctx context.Context, req pb.FindEnabledHTTPFirewallRuleGroupConfigRequest) (*pb.FindEnabledHTTPFirewallRuleGroupConfigResponse, error) {`
实现WAF部分功能 2020-10-07 11:18:12 +08:00			`// 校验请求`
优化接口权限 2022-09-17 16:07:37 +08:00			`_, userId, err := this.ValidateAdminAndUser(ctx, true)`
实现WAF部分功能 2020-10-07 11:18:12 +08:00			`if err != nil {`
			`return nil, err`
			`}`

部分API对user角色开放 2021-01-18 21:28:51 +08:00			`if userId > 0 {`
			`// 校验权限`
			`err = models.SharedHTTPFirewallRuleGroupDAO.CheckUserRuleGroup(nil, userId, req.FirewallRuleGroupId)`
			`if err != nil {`
			`return nil, err`
			`}`
			`}`

优化代码 2022-07-22 15:05:30 +08:00			`var tx = this.NullTx()`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00
生成节点时去除停用的WAF规则集 2023-08-13 10:51:52 +08:00			`groupConfig, err := models.SharedHTTPFirewallRuleGroupDAO.ComposeFirewallRuleGroup(tx, req.FirewallRuleGroupId, false)`
实现WAF部分功能 2020-10-07 11:18:12 +08:00			`if err != nil {`
			`return nil, err`
			`}`
			`if groupConfig == nil {`
实现点击访问日志显示详情窗口 2020-11-02 21:15:31 +08:00			`return &pb.FindEnabledHTTPFirewallRuleGroupConfigResponse{FirewallRuleGroupJSON: nil}, nil`
实现WAF部分功能 2020-10-07 11:18:12 +08:00			`}`
			`groupConfigJSON, err := json.Marshal(groupConfig)`
			`if err != nil {`
			`return nil, err`
			`}`
实现点击访问日志显示详情窗口 2020-11-02 21:15:31 +08:00			`return &pb.FindEnabledHTTPFirewallRuleGroupConfigResponse{FirewallRuleGroupJSON: groupConfigJSON}, nil`
			`}`

修复WAF用户检查的Bug 2021-06-27 08:31:10 +08:00			`// FindEnabledHTTPFirewallRuleGroup 获取分组信息`
实现点击访问日志显示详情窗口 2020-11-02 21:15:31 +08:00			`func (this HTTPFirewallRuleGroupService) FindEnabledHTTPFirewallRuleGroup(ctx context.Context, req pb.FindEnabledHTTPFirewallRuleGroupRequest) (*pb.FindEnabledHTTPFirewallRuleGroupResponse, error) {`
			`// 校验请求`
优化接口权限 2022-09-17 16:07:37 +08:00			`_, userId, err := this.ValidateAdminAndUser(ctx, true)`
实现点击访问日志显示详情窗口 2020-11-02 21:15:31 +08:00			`if err != nil {`
			`return nil, err`
			`}`

部分API对user角色开放 2021-01-18 21:28:51 +08:00			`if userId > 0 {`
			`// 校验权限`
			`err = models.SharedHTTPFirewallRuleGroupDAO.CheckUserRuleGroup(nil, userId, req.FirewallRuleGroupId)`
			`if err != nil {`
			`return nil, err`
			`}`
			`}`

优化代码 2022-07-22 15:05:30 +08:00			`var tx = this.NullTx()`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00
			`group, err := models.SharedHTTPFirewallRuleGroupDAO.FindEnabledHTTPFirewallRuleGroup(tx, req.FirewallRuleGroupId)`
实现点击访问日志显示详情窗口 2020-11-02 21:15:31 +08:00			`if err != nil {`
			`return nil, err`
			`}`
			`if group == nil {`
			`return &pb.FindEnabledHTTPFirewallRuleGroupResponse{`
			`FirewallRuleGroup: nil,`
			`}, nil`
			`}`

			`return &pb.FindEnabledHTTPFirewallRuleGroupResponse{`
			`FirewallRuleGroup: &pb.HTTPFirewallRuleGroup{`
			`Id: int64(group.Id),`
			`Name: group.Name,`
优化代码 2022-03-22 21:45:07 +08:00			`IsOn: group.IsOn,`
实现点击访问日志显示详情窗口 2020-11-02 21:15:31 +08:00			`Description: group.Description,`
			`Code: group.Code,`
			`},`
			`}, nil`
实现WAF部分功能 2020-10-07 11:18:12 +08:00			`}`
实现WAF部分功能 2020-10-08 11:11:49 +08:00
修复WAF用户检查的Bug 2021-06-27 08:31:10 +08:00			`// UpdateHTTPFirewallRuleGroupSets 修改分组的规则集`
实现基本的集群DNS列表、设置、简单数据同步 2020-11-13 18:22:22 +08:00			`func (this HTTPFirewallRuleGroupService) UpdateHTTPFirewallRuleGroupSets(ctx context.Context, req pb.UpdateHTTPFirewallRuleGroupSetsRequest) (*pb.RPCSuccess, error) {`
实现WAF部分功能 2020-10-08 11:11:49 +08:00			`// 校验请求`
优化接口权限 2022-09-17 16:07:37 +08:00			`_, userId, err := this.ValidateAdminAndUser(ctx, true)`
实现WAF部分功能 2020-10-08 11:11:49 +08:00			`if err != nil {`
			`return nil, err`
			`}`

部分API对user角色开放 2021-01-18 21:28:51 +08:00			`if userId > 0 {`
			`// 校验权限`
			`err = models.SharedHTTPFirewallRuleGroupDAO.CheckUserRuleGroup(nil, userId, req.FirewallRuleGroupId)`
			`if err != nil {`
			`return nil, err`
			`}`
			`}`
增加为WAF分组添加规则集的API 2021-10-25 12:01:16 +08:00
优化代码 2022-07-22 15:05:30 +08:00			`var tx = this.NullTx()`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00
			`err = models.SharedHTTPFirewallRuleGroupDAO.UpdateGroupSets(tx, req.GetFirewallRuleGroupId(), req.FirewallRuleSetsJSON)`
实现WAF部分功能 2020-10-08 11:11:49 +08:00			`if err != nil {`
			`return nil, err`
			`}`
调整SSL证书目录结构 2020-11-24 15:02:44 +08:00			`return this.Success()`
实现WAF部分功能 2020-10-08 11:11:49 +08:00			`}`
增加为WAF分组添加规则集的API 2021-10-25 12:01:16 +08:00
			`// AddHTTPFirewallRuleGroupSet 添加规则集`
			`func (this HTTPFirewallRuleGroupService) AddHTTPFirewallRuleGroupSet(ctx context.Context, req pb.AddHTTPFirewallRuleGroupSetRequest) (*pb.RPCSuccess, error) {`
			`// 校验请求`
优化接口权限 2022-09-17 16:07:37 +08:00			`_, userId, err := this.ValidateAdminAndUser(ctx, true)`
增加为WAF分组添加规则集的API 2021-10-25 12:01:16 +08:00			`if err != nil {`
			`return nil, err`
			`}`

			`if userId > 0 {`
			`// 校验权限`
			`err = models.SharedHTTPFirewallRuleGroupDAO.CheckUserRuleGroup(nil, userId, req.FirewallRuleGroupId)`
			`if err != nil {`
			`return nil, err`
			`}`
			`}`

优化代码 2022-07-22 15:05:30 +08:00			`var tx = this.NullTx()`
增加为WAF分组添加规则集的API 2021-10-25 12:01:16 +08:00
			`// 已经有的规则`
生成节点时去除停用的WAF规则集 2023-08-13 10:51:52 +08:00			`config, err := models.SharedHTTPFirewallRuleGroupDAO.ComposeFirewallRuleGroup(tx, req.FirewallRuleGroupId, false)`
增加为WAF分组添加规则集的API 2021-10-25 12:01:16 +08:00			`if err != nil {`
			`return nil, err`
			`}`
			`if config == nil {`
			`return nil, errors.New("can not find group")`
			`}`
			`var setRefs = config.SetRefs`

			`var set = &firewallconfigs.HTTPFirewallRuleSet{}`
			`err = json.Unmarshal(req.FirewallRuleSetConfigJSON, set)`
			`if err != nil {`
			`return nil, err`
			`}`

			`if set.Id > 0 {`
			`setRefs = append(setRefs, &firewallconfigs.HTTPFirewallRuleSetRef{`
			`IsOn: true,`
			`SetId: set.Id,`
			`})`
			`} else {`
			`setId, err := models.SharedHTTPFirewallRuleSetDAO.CreateOrUpdateSetFromConfig(tx, set)`
			`if err != nil {`
			`return nil, err`
			`}`
			`setRefs = append(setRefs, &firewallconfigs.HTTPFirewallRuleSetRef{`
			`IsOn: true,`
			`SetId: setId,`
			`})`
			`}`

			`setRefsJSON, err := json.Marshal(setRefs)`
			`if err != nil {`
			`return nil, err`
			`}`

			`err = models.SharedHTTPFirewallRuleGroupDAO.UpdateGroupSets(tx, req.FirewallRuleGroupId, setRefsJSON)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return this.Success()`
			`}`