2020-09-20 20:12:47 +08:00
|
|
|
|
package services
|
|
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
|
"context"
|
2020-10-06 21:02:15 +08:00
|
|
|
|
"encoding/json"
|
2020-09-20 20:12:47 +08:00
|
|
|
|
"github.com/TeaOSLab/EdgeAPI/internal/db/models"
|
2020-10-06 21:02:15 +08:00
|
|
|
|
"github.com/TeaOSLab/EdgeAPI/internal/errors"
|
2021-02-02 19:29:36 +08:00
|
|
|
|
"github.com/TeaOSLab/EdgeAPI/internal/utils"
|
2022-08-21 20:38:34 +08:00
|
|
|
|
"github.com/TeaOSLab/EdgeCommon/pkg/iplibrary"
|
2020-09-20 20:12:47 +08:00
|
|
|
|
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
|
2020-10-06 21:02:15 +08:00
|
|
|
|
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
|
|
|
|
|
|
"github.com/iwind/TeaGo/lists"
|
2021-02-02 19:29:36 +08:00
|
|
|
|
"net"
|
2020-09-20 20:12:47 +08:00
|
|
|
|
)
|
|
|
|
|
|
|
2021-06-07 08:58:26 +08:00
|
|
|
|
// HTTPFirewallPolicyService HTTP防火墙(WAF)相关服务
|
2020-09-20 20:12:47 +08:00
|
|
|
|
type HTTPFirewallPolicyService struct {
|
2020-11-24 15:02:44 +08:00
|
|
|
|
BaseService
|
2020-09-20 20:12:47 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-06-07 08:58:26 +08:00
|
|
|
|
// FindAllEnabledHTTPFirewallPolicies 获取所有可用策略
|
2020-09-20 20:12:47 +08:00
|
|
|
|
func (this *HTTPFirewallPolicyService) FindAllEnabledHTTPFirewallPolicies(ctx context.Context, req *pb.FindAllEnabledHTTPFirewallPoliciesRequest) (*pb.FindAllEnabledHTTPFirewallPoliciesResponse, error) {
|
|
|
|
|
|
// 校验请求
|
2022-07-22 14:35:17 +08:00
|
|
|
|
_, err := this.ValidateAdmin(ctx)
|
2020-09-20 20:12:47 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2022-07-22 15:05:30 +08:00
|
|
|
|
var tx = this.NullTx()
|
2021-01-01 23:31:30 +08:00
|
|
|
|
|
|
|
|
|
|
policies, err := models.SharedHTTPFirewallPolicyDAO.FindAllEnabledFirewallPolicies(tx)
|
2020-09-20 20:12:47 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
result := []*pb.HTTPFirewallPolicy{}
|
|
|
|
|
|
for _, p := range policies {
|
|
|
|
|
|
result = append(result, &pb.HTTPFirewallPolicy{
|
2022-01-09 17:05:36 +08:00
|
|
|
|
Id: int64(p.Id),
|
|
|
|
|
|
Name: p.Name,
|
|
|
|
|
|
Description: p.Description,
|
2022-03-22 21:45:07 +08:00
|
|
|
|
IsOn: p.IsOn,
|
2022-03-22 19:30:30 +08:00
|
|
|
|
InboundJSON: p.Inbound,
|
|
|
|
|
|
OutboundJSON: p.Outbound,
|
2022-01-09 17:05:36 +08:00
|
|
|
|
Mode: p.Mode,
|
|
|
|
|
|
UseLocalFirewall: p.UseLocalFirewall == 1,
|
2020-09-20 20:12:47 +08:00
|
|
|
|
})
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return &pb.FindAllEnabledHTTPFirewallPoliciesResponse{FirewallPolicies: result}, nil
|
|
|
|
|
|
}
|
2020-10-06 21:02:15 +08:00
|
|
|
|
|
2021-06-07 08:58:26 +08:00
|
|
|
|
// CreateHTTPFirewallPolicy 创建防火墙策略
|
2020-10-06 21:02:15 +08:00
|
|
|
|
func (this *HTTPFirewallPolicyService) CreateHTTPFirewallPolicy(ctx context.Context, req *pb.CreateHTTPFirewallPolicyRequest) (*pb.CreateHTTPFirewallPolicyResponse, error) {
|
|
|
|
|
|
// 校验请求
|
2022-09-17 16:07:37 +08:00
|
|
|
|
_, userId, err := this.ValidateAdminAndUser(ctx, true)
|
2020-10-06 21:02:15 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2022-07-22 15:05:30 +08:00
|
|
|
|
var tx = this.NullTx()
|
2021-01-01 23:31:30 +08:00
|
|
|
|
|
2021-10-07 16:47:21 +08:00
|
|
|
|
policyId, err := models.SharedHTTPFirewallPolicyDAO.CreateFirewallPolicy(tx, userId, req.ServerGroupId, req.ServerId, req.IsOn, req.Name, req.Description, nil, nil)
|
2020-10-06 21:02:15 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 初始化
|
|
|
|
|
|
inboundConfig := &firewallconfigs.HTTPFirewallInboundConfig{IsOn: true}
|
|
|
|
|
|
outboundConfig := &firewallconfigs.HTTPFirewallOutboundConfig{IsOn: true}
|
|
|
|
|
|
templatePolicy := firewallconfigs.HTTPFirewallTemplate()
|
|
|
|
|
|
if templatePolicy.Inbound != nil {
|
|
|
|
|
|
for _, group := range templatePolicy.Inbound.Groups {
|
2020-12-17 15:51:02 +08:00
|
|
|
|
isOn := lists.ContainsString(req.HttpFirewallGroupCodes, group.Code)
|
2020-10-06 21:02:15 +08:00
|
|
|
|
group.IsOn = isOn
|
|
|
|
|
|
|
2021-01-01 23:31:30 +08:00
|
|
|
|
groupId, err := models.SharedHTTPFirewallRuleGroupDAO.CreateGroupFromConfig(tx, group)
|
2020-10-06 21:02:15 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
inboundConfig.GroupRefs = append(inboundConfig.GroupRefs, &firewallconfigs.HTTPFirewallRuleGroupRef{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
GroupId: groupId,
|
|
|
|
|
|
})
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
if templatePolicy.Outbound != nil {
|
|
|
|
|
|
for _, group := range templatePolicy.Outbound.Groups {
|
2020-12-17 15:51:02 +08:00
|
|
|
|
isOn := lists.ContainsString(req.HttpFirewallGroupCodes, group.Code)
|
2020-10-06 21:02:15 +08:00
|
|
|
|
group.IsOn = isOn
|
|
|
|
|
|
|
2021-01-01 23:31:30 +08:00
|
|
|
|
groupId, err := models.SharedHTTPFirewallRuleGroupDAO.CreateGroupFromConfig(tx, group)
|
2020-10-06 21:02:15 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
outboundConfig.GroupRefs = append(outboundConfig.GroupRefs, &firewallconfigs.HTTPFirewallRuleGroupRef{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
GroupId: groupId,
|
|
|
|
|
|
})
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
inboundConfigJSON, err := json.Marshal(inboundConfig)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
outboundConfigJSON, err := json.Marshal(outboundConfig)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-08-25 11:18:37 +08:00
|
|
|
|
err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicyInboundAndOutbound(tx, policyId, inboundConfigJSON, outboundConfigJSON, false)
|
2020-10-06 21:02:15 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-12-17 15:51:02 +08:00
|
|
|
|
return &pb.CreateHTTPFirewallPolicyResponse{HttpFirewallPolicyId: policyId}, nil
|
2020-10-06 21:02:15 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-06-07 08:58:26 +08:00
|
|
|
|
// CreateEmptyHTTPFirewallPolicy 创建空防火墙策略
|
2021-01-18 20:40:57 +08:00
|
|
|
|
func (this *HTTPFirewallPolicyService) CreateEmptyHTTPFirewallPolicy(ctx context.Context, req *pb.CreateEmptyHTTPFirewallPolicyRequest) (*pb.CreateEmptyHTTPFirewallPolicyResponse, error) {
|
|
|
|
|
|
// 校验请求
|
2022-09-17 16:07:37 +08:00
|
|
|
|
_, userId, err := this.ValidateAdminAndUser(ctx, true)
|
2021-01-18 20:40:57 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-01-20 14:19:29 +08:00
|
|
|
|
if userId > 0 {
|
|
|
|
|
|
if req.ServerId > 0 {
|
|
|
|
|
|
err = models.SharedServerDAO.CheckUserServer(nil, userId, req.ServerId)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2022-07-22 15:05:30 +08:00
|
|
|
|
var tx = this.NullTx()
|
2021-01-18 20:40:57 +08:00
|
|
|
|
|
2021-10-07 16:47:21 +08:00
|
|
|
|
policyId, err := models.SharedHTTPFirewallPolicyDAO.CreateFirewallPolicy(tx, userId, req.ServerGroupId, req.ServerId, req.IsOn, req.Name, req.Description, nil, nil)
|
2021-01-18 20:40:57 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 初始化
|
|
|
|
|
|
inboundConfig := &firewallconfigs.HTTPFirewallInboundConfig{IsOn: true}
|
|
|
|
|
|
outboundConfig := &firewallconfigs.HTTPFirewallOutboundConfig{IsOn: true}
|
|
|
|
|
|
|
|
|
|
|
|
inboundConfigJSON, err := json.Marshal(inboundConfig)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
outboundConfigJSON, err := json.Marshal(outboundConfig)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-08-25 11:18:37 +08:00
|
|
|
|
err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicyInboundAndOutbound(tx, policyId, inboundConfigJSON, outboundConfigJSON, false)
|
2021-01-18 20:40:57 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return &pb.CreateEmptyHTTPFirewallPolicyResponse{HttpFirewallPolicyId: policyId}, nil
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-06-07 08:58:26 +08:00
|
|
|
|
// UpdateHTTPFirewallPolicy 修改防火墙策略
|
2020-11-13 18:22:22 +08:00
|
|
|
|
func (this *HTTPFirewallPolicyService) UpdateHTTPFirewallPolicy(ctx context.Context, req *pb.UpdateHTTPFirewallPolicyRequest) (*pb.RPCSuccess, error) {
|
2020-10-06 21:02:15 +08:00
|
|
|
|
// 校验请求
|
2022-07-22 14:35:17 +08:00
|
|
|
|
_, err := this.ValidateAdmin(ctx)
|
2020-10-06 21:02:15 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2022-05-20 22:07:23 +08:00
|
|
|
|
var templatePolicy = firewallconfigs.HTTPFirewallTemplate()
|
2020-10-06 21:02:15 +08:00
|
|
|
|
|
2022-07-22 15:05:30 +08:00
|
|
|
|
var tx = this.NullTx()
|
2021-01-01 23:31:30 +08:00
|
|
|
|
|
2020-10-06 21:02:15 +08:00
|
|
|
|
// 已经有的数据
|
2021-08-22 11:35:33 +08:00
|
|
|
|
firewallPolicy, err := models.SharedHTTPFirewallPolicyDAO.ComposeFirewallPolicy(tx, req.HttpFirewallPolicyId, nil)
|
2020-10-06 21:02:15 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
if firewallPolicy == nil {
|
|
|
|
|
|
return nil, errors.New("can not found firewall policy")
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2022-05-20 22:07:23 +08:00
|
|
|
|
var inboundConfig = firewallPolicy.Inbound
|
2020-10-06 21:02:15 +08:00
|
|
|
|
if inboundConfig == nil {
|
|
|
|
|
|
inboundConfig = &firewallconfigs.HTTPFirewallInboundConfig{IsOn: true}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2022-05-20 22:07:23 +08:00
|
|
|
|
var outboundConfig = firewallPolicy.Outbound
|
2020-10-06 21:02:15 +08:00
|
|
|
|
if outboundConfig == nil {
|
|
|
|
|
|
outboundConfig = &firewallconfigs.HTTPFirewallOutboundConfig{IsOn: true}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 更新老的
|
2022-05-20 22:07:23 +08:00
|
|
|
|
var oldCodes = []string{}
|
2020-10-06 21:02:15 +08:00
|
|
|
|
if firewallPolicy.Inbound != nil {
|
|
|
|
|
|
for _, g := range firewallPolicy.Inbound.Groups {
|
|
|
|
|
|
if len(g.Code) > 0 {
|
|
|
|
|
|
oldCodes = append(oldCodes, g.Code)
|
|
|
|
|
|
if lists.ContainsString(req.FirewallGroupCodes, g.Code) {
|
2021-01-01 23:31:30 +08:00
|
|
|
|
err = models.SharedHTTPFirewallRuleGroupDAO.UpdateGroupIsOn(tx, g.Id, true)
|
2020-10-06 21:02:15 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
} else {
|
2021-01-01 23:31:30 +08:00
|
|
|
|
err = models.SharedHTTPFirewallRuleGroupDAO.UpdateGroupIsOn(tx, g.Id, false)
|
2020-10-06 21:02:15 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
if firewallPolicy.Outbound != nil {
|
|
|
|
|
|
for _, g := range firewallPolicy.Outbound.Groups {
|
|
|
|
|
|
if len(g.Code) > 0 {
|
|
|
|
|
|
oldCodes = append(oldCodes, g.Code)
|
|
|
|
|
|
if lists.ContainsString(req.FirewallGroupCodes, g.Code) {
|
2021-01-01 23:31:30 +08:00
|
|
|
|
err = models.SharedHTTPFirewallRuleGroupDAO.UpdateGroupIsOn(tx, g.Id, true)
|
2020-10-06 21:02:15 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
} else {
|
2021-01-01 23:31:30 +08:00
|
|
|
|
err = models.SharedHTTPFirewallRuleGroupDAO.UpdateGroupIsOn(tx, g.Id, false)
|
2020-10-06 21:02:15 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 加入新的
|
|
|
|
|
|
if templatePolicy.Inbound != nil {
|
|
|
|
|
|
for _, group := range templatePolicy.Inbound.Groups {
|
|
|
|
|
|
if lists.ContainsString(oldCodes, group.Code) {
|
|
|
|
|
|
continue
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
isOn := lists.ContainsString(req.FirewallGroupCodes, group.Code)
|
|
|
|
|
|
group.IsOn = isOn
|
|
|
|
|
|
|
2021-01-01 23:31:30 +08:00
|
|
|
|
groupId, err := models.SharedHTTPFirewallRuleGroupDAO.CreateGroupFromConfig(tx, group)
|
2020-10-06 21:02:15 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
inboundConfig.GroupRefs = append(inboundConfig.GroupRefs, &firewallconfigs.HTTPFirewallRuleGroupRef{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
GroupId: groupId,
|
|
|
|
|
|
})
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
if templatePolicy.Outbound != nil {
|
|
|
|
|
|
for _, group := range templatePolicy.Outbound.Groups {
|
|
|
|
|
|
if lists.ContainsString(oldCodes, group.Code) {
|
|
|
|
|
|
continue
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
isOn := lists.ContainsString(req.FirewallGroupCodes, group.Code)
|
|
|
|
|
|
group.IsOn = isOn
|
|
|
|
|
|
|
2021-01-01 23:31:30 +08:00
|
|
|
|
groupId, err := models.SharedHTTPFirewallRuleGroupDAO.CreateGroupFromConfig(tx, group)
|
2020-10-06 21:02:15 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
outboundConfig.GroupRefs = append(outboundConfig.GroupRefs, &firewallconfigs.HTTPFirewallRuleGroupRef{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
GroupId: groupId,
|
|
|
|
|
|
})
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
inboundConfigJSON, err := json.Marshal(inboundConfig)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
outboundConfigJSON, err := json.Marshal(outboundConfig)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2022-01-10 19:54:37 +08:00
|
|
|
|
var synFloodConfig = &firewallconfigs.SYNFloodConfig{}
|
|
|
|
|
|
if len(req.SynFloodJSON) > 0 {
|
|
|
|
|
|
err = json.Unmarshal(req.SynFloodJSON, synFloodConfig)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2022-04-21 20:00:56 +08:00
|
|
|
|
var logConfig = &firewallconfigs.HTTPFirewallPolicyLogConfig{}
|
|
|
|
|
|
if len(req.LogJSON) > 0 {
|
|
|
|
|
|
err = json.Unmarshal(req.LogJSON, logConfig)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2022-05-20 22:07:23 +08:00
|
|
|
|
err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicy(tx, req.HttpFirewallPolicyId, req.IsOn, req.Name, req.Description, inboundConfigJSON, outboundConfigJSON, req.BlockOptionsJSON, req.CaptchaOptionsJSON, req.Mode, req.UseLocalFirewall, synFloodConfig, logConfig)
|
2020-10-06 21:02:15 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-11-24 15:02:44 +08:00
|
|
|
|
return this.Success()
|
2020-10-06 21:02:15 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-06-07 08:58:26 +08:00
|
|
|
|
// UpdateHTTPFirewallPolicyGroups 修改分组信息
|
2020-11-13 18:22:22 +08:00
|
|
|
|
func (this *HTTPFirewallPolicyService) UpdateHTTPFirewallPolicyGroups(ctx context.Context, req *pb.UpdateHTTPFirewallPolicyGroupsRequest) (*pb.RPCSuccess, error) {
|
2020-10-07 11:18:12 +08:00
|
|
|
|
// 校验请求
|
2022-09-17 16:07:37 +08:00
|
|
|
|
_, userId, err := this.ValidateAdminAndUser(ctx, true)
|
2020-10-07 11:18:12 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-01-18 21:28:51 +08:00
|
|
|
|
if userId > 0 {
|
|
|
|
|
|
err = models.SharedHTTPFirewallPolicyDAO.CheckUserFirewallPolicy(nil, userId, req.HttpFirewallPolicyId)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2022-07-22 15:05:30 +08:00
|
|
|
|
var tx = this.NullTx()
|
2021-01-01 23:31:30 +08:00
|
|
|
|
|
2021-08-25 11:18:37 +08:00
|
|
|
|
err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicyInboundAndOutbound(tx, req.HttpFirewallPolicyId, req.InboundJSON, req.OutboundJSON, true)
|
2020-10-07 11:18:12 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-11-24 15:02:44 +08:00
|
|
|
|
return this.Success()
|
2020-10-07 11:18:12 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-06-07 08:58:26 +08:00
|
|
|
|
// UpdateHTTPFirewallInboundConfig 修改inbound信息
|
2020-11-13 18:22:22 +08:00
|
|
|
|
func (this *HTTPFirewallPolicyService) UpdateHTTPFirewallInboundConfig(ctx context.Context, req *pb.UpdateHTTPFirewallInboundConfigRequest) (*pb.RPCSuccess, error) {
|
2020-11-06 11:02:53 +08:00
|
|
|
|
// 校验请求
|
2022-09-17 16:07:37 +08:00
|
|
|
|
_, userId, err := this.ValidateAdminAndUser(ctx, true)
|
2020-11-06 11:02:53 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2022-07-22 15:05:30 +08:00
|
|
|
|
var tx = this.NullTx()
|
2021-01-01 23:31:30 +08:00
|
|
|
|
|
2021-01-03 20:18:07 +08:00
|
|
|
|
if userId > 0 {
|
|
|
|
|
|
err = models.SharedHTTPFirewallPolicyDAO.CheckUserFirewallPolicy(tx, userId, req.HttpFirewallPolicyId)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-01-01 23:31:30 +08:00
|
|
|
|
err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicyInbound(tx, req.HttpFirewallPolicyId, req.InboundJSON)
|
2020-11-06 11:02:53 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-11-24 15:02:44 +08:00
|
|
|
|
return this.Success()
|
2020-11-06 11:02:53 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-06-07 08:58:26 +08:00
|
|
|
|
// CountAllEnabledHTTPFirewallPolicies 计算可用的防火墙策略数量
|
2020-12-17 15:51:02 +08:00
|
|
|
|
func (this *HTTPFirewallPolicyService) CountAllEnabledHTTPFirewallPolicies(ctx context.Context, req *pb.CountAllEnabledHTTPFirewallPoliciesRequest) (*pb.RPCCountResponse, error) {
|
2020-10-06 21:02:15 +08:00
|
|
|
|
// 校验请求
|
2022-07-22 14:35:17 +08:00
|
|
|
|
_, err := this.ValidateAdmin(ctx)
|
2020-10-06 21:02:15 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2022-07-22 15:05:30 +08:00
|
|
|
|
var tx = this.NullTx()
|
2021-01-01 23:31:30 +08:00
|
|
|
|
|
2022-01-11 15:46:41 +08:00
|
|
|
|
count, err := models.SharedHTTPFirewallPolicyDAO.CountAllEnabledFirewallPolicies(tx, req.NodeClusterId, req.Keyword)
|
2020-10-06 21:02:15 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
2020-11-24 17:36:47 +08:00
|
|
|
|
return this.SuccessCount(count)
|
2020-10-06 21:02:15 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-06-07 08:58:26 +08:00
|
|
|
|
// ListEnabledHTTPFirewallPolicies 列出单页的防火墙策略
|
2020-12-17 15:51:02 +08:00
|
|
|
|
func (this *HTTPFirewallPolicyService) ListEnabledHTTPFirewallPolicies(ctx context.Context, req *pb.ListEnabledHTTPFirewallPoliciesRequest) (*pb.ListEnabledHTTPFirewallPoliciesResponse, error) {
|
2020-10-06 21:02:15 +08:00
|
|
|
|
// 校验请求
|
2022-07-22 14:35:17 +08:00
|
|
|
|
_, err := this.ValidateAdmin(ctx)
|
2020-10-06 21:02:15 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2022-07-22 15:05:30 +08:00
|
|
|
|
var tx = this.NullTx()
|
2021-01-01 23:31:30 +08:00
|
|
|
|
|
2022-01-11 15:46:41 +08:00
|
|
|
|
policies, err := models.SharedHTTPFirewallPolicyDAO.ListEnabledFirewallPolicies(tx, req.NodeClusterId, req.Keyword, req.Offset, req.Size)
|
2020-10-06 21:02:15 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
result := []*pb.HTTPFirewallPolicy{}
|
|
|
|
|
|
for _, p := range policies {
|
|
|
|
|
|
result = append(result, &pb.HTTPFirewallPolicy{
|
2022-01-09 17:05:36 +08:00
|
|
|
|
Id: int64(p.Id),
|
|
|
|
|
|
Name: p.Name,
|
|
|
|
|
|
Description: p.Description,
|
2022-03-22 21:45:07 +08:00
|
|
|
|
IsOn: p.IsOn,
|
2022-03-22 19:30:30 +08:00
|
|
|
|
InboundJSON: p.Inbound,
|
|
|
|
|
|
OutboundJSON: p.Outbound,
|
2022-01-09 17:05:36 +08:00
|
|
|
|
Mode: p.Mode,
|
|
|
|
|
|
UseLocalFirewall: p.UseLocalFirewall == 1,
|
2020-10-06 21:02:15 +08:00
|
|
|
|
})
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-12-17 15:51:02 +08:00
|
|
|
|
return &pb.ListEnabledHTTPFirewallPoliciesResponse{HttpFirewallPolicies: result}, nil
|
2020-10-06 21:02:15 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-06-07 08:58:26 +08:00
|
|
|
|
// DeleteHTTPFirewallPolicy 删除某个防火墙策略
|
2020-12-17 15:51:02 +08:00
|
|
|
|
func (this *HTTPFirewallPolicyService) DeleteHTTPFirewallPolicy(ctx context.Context, req *pb.DeleteHTTPFirewallPolicyRequest) (*pb.RPCSuccess, error) {
|
2020-10-06 21:02:15 +08:00
|
|
|
|
// 校验请求
|
2022-07-22 14:35:17 +08:00
|
|
|
|
_, err := this.ValidateAdmin(ctx)
|
2020-10-06 21:02:15 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2022-07-22 15:05:30 +08:00
|
|
|
|
var tx = this.NullTx()
|
2021-01-01 23:31:30 +08:00
|
|
|
|
|
|
|
|
|
|
err = models.SharedHTTPFirewallPolicyDAO.DisableHTTPFirewallPolicy(tx, req.HttpFirewallPolicyId)
|
2020-10-06 21:02:15 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-11-24 15:02:44 +08:00
|
|
|
|
return this.Success()
|
2020-10-06 21:02:15 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-06-07 08:58:26 +08:00
|
|
|
|
// FindEnabledHTTPFirewallPolicyConfig 查找单个防火墙配置
|
2020-12-17 15:51:02 +08:00
|
|
|
|
func (this *HTTPFirewallPolicyService) FindEnabledHTTPFirewallPolicyConfig(ctx context.Context, req *pb.FindEnabledHTTPFirewallPolicyConfigRequest) (*pb.FindEnabledHTTPFirewallPolicyConfigResponse, error) {
|
2020-10-06 21:02:15 +08:00
|
|
|
|
// 校验请求
|
2022-09-17 16:07:37 +08:00
|
|
|
|
_, userId, err := this.ValidateAdminAndUser(ctx, true)
|
2020-10-06 21:02:15 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-01-18 21:28:51 +08:00
|
|
|
|
if userId > 0 {
|
|
|
|
|
|
// 校验权限
|
|
|
|
|
|
err = models.SharedHTTPFirewallPolicyDAO.CheckUserFirewallPolicy(nil, userId, req.HttpFirewallPolicyId)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2022-07-22 15:05:30 +08:00
|
|
|
|
var tx = this.NullTx()
|
2021-01-01 23:31:30 +08:00
|
|
|
|
|
2021-08-22 11:35:33 +08:00
|
|
|
|
config, err := models.SharedHTTPFirewallPolicyDAO.ComposeFirewallPolicy(tx, req.HttpFirewallPolicyId, nil)
|
2020-10-06 21:02:15 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
if config == nil {
|
2020-12-17 15:51:02 +08:00
|
|
|
|
return &pb.FindEnabledHTTPFirewallPolicyConfigResponse{HttpFirewallPolicyJSON: nil}, nil
|
2020-10-06 21:02:15 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
configJSON, err := json.Marshal(config)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-12-17 15:51:02 +08:00
|
|
|
|
return &pb.FindEnabledHTTPFirewallPolicyConfigResponse{HttpFirewallPolicyJSON: configJSON}, nil
|
2020-10-06 21:02:15 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-06-07 08:58:26 +08:00
|
|
|
|
// FindEnabledHTTPFirewallPolicy 获取防火墙的基本信息
|
2020-12-17 15:51:02 +08:00
|
|
|
|
func (this *HTTPFirewallPolicyService) FindEnabledHTTPFirewallPolicy(ctx context.Context, req *pb.FindEnabledHTTPFirewallPolicyRequest) (*pb.FindEnabledHTTPFirewallPolicyResponse, error) {
|
2020-10-06 21:02:15 +08:00
|
|
|
|
// 校验请求
|
2022-09-17 16:07:37 +08:00
|
|
|
|
_, userId, err := this.ValidateAdminAndUser(ctx, true)
|
2020-10-06 21:02:15 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-01-18 21:28:51 +08:00
|
|
|
|
if userId > 0 {
|
|
|
|
|
|
err = models.SharedHTTPFirewallPolicyDAO.CheckUserFirewallPolicy(nil, userId, req.HttpFirewallPolicyId)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2022-07-22 15:05:30 +08:00
|
|
|
|
var tx = this.NullTx()
|
2021-01-01 23:31:30 +08:00
|
|
|
|
|
|
|
|
|
|
policy, err := models.SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicy(tx, req.HttpFirewallPolicyId)
|
2020-10-06 21:02:15 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
if policy == nil {
|
2020-12-17 15:51:02 +08:00
|
|
|
|
return &pb.FindEnabledHTTPFirewallPolicyResponse{HttpFirewallPolicy: nil}, nil
|
2020-10-06 21:02:15 +08:00
|
|
|
|
}
|
2020-12-17 15:51:02 +08:00
|
|
|
|
return &pb.FindEnabledHTTPFirewallPolicyResponse{HttpFirewallPolicy: &pb.HTTPFirewallPolicy{
|
2020-10-06 21:02:15 +08:00
|
|
|
|
Id: int64(policy.Id),
|
2022-01-14 10:43:22 +08:00
|
|
|
|
ServerId: int64(policy.ServerId),
|
2020-10-06 21:02:15 +08:00
|
|
|
|
Name: policy.Name,
|
|
|
|
|
|
Description: policy.Description,
|
2022-03-22 21:45:07 +08:00
|
|
|
|
IsOn: policy.IsOn,
|
2022-03-22 19:30:30 +08:00
|
|
|
|
InboundJSON: policy.Inbound,
|
|
|
|
|
|
OutboundJSON: policy.Outbound,
|
2021-09-30 11:30:45 +08:00
|
|
|
|
Mode: policy.Mode,
|
2022-03-22 19:30:30 +08:00
|
|
|
|
SynFloodJSON: policy.SynFlood,
|
2020-10-06 21:02:15 +08:00
|
|
|
|
}}, nil
|
|
|
|
|
|
}
|
2020-12-02 16:09:15 +08:00
|
|
|
|
|
2021-06-07 08:58:26 +08:00
|
|
|
|
// ImportHTTPFirewallPolicy 导入策略数据
|
2020-12-02 16:09:15 +08:00
|
|
|
|
func (this *HTTPFirewallPolicyService) ImportHTTPFirewallPolicy(ctx context.Context, req *pb.ImportHTTPFirewallPolicyRequest) (*pb.RPCSuccess, error) {
|
2022-07-22 14:35:17 +08:00
|
|
|
|
_, err := this.ValidateAdmin(ctx)
|
2020-12-02 16:09:15 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// TODO 检查权限
|
|
|
|
|
|
|
2022-07-22 15:05:30 +08:00
|
|
|
|
var tx = this.NullTx()
|
2021-01-01 23:31:30 +08:00
|
|
|
|
|
2021-08-22 11:35:33 +08:00
|
|
|
|
oldConfig, err := models.SharedHTTPFirewallPolicyDAO.ComposeFirewallPolicy(tx, req.HttpFirewallPolicyId, nil)
|
2020-12-02 16:09:15 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
if oldConfig == nil {
|
|
|
|
|
|
return nil, errors.New("can not find policy")
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 解析数据
|
|
|
|
|
|
newConfig := &firewallconfigs.HTTPFirewallPolicy{}
|
2020-12-17 15:51:02 +08:00
|
|
|
|
err = json.Unmarshal(req.HttpFirewallPolicyJSON, newConfig)
|
2020-12-02 16:09:15 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 入站分组
|
|
|
|
|
|
if newConfig.Inbound != nil {
|
|
|
|
|
|
for _, g := range newConfig.Inbound.Groups {
|
2021-12-12 20:24:36 +08:00
|
|
|
|
var oldGroup *firewallconfigs.HTTPFirewallRuleGroup
|
|
|
|
|
|
|
|
|
|
|
|
// 使用代号查找
|
2020-12-02 16:09:15 +08:00
|
|
|
|
if len(g.Code) > 0 {
|
2021-12-12 20:24:36 +08:00
|
|
|
|
oldGroup = oldConfig.FindRuleGroupWithCode(g.Code)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 再次根据Name查找
|
|
|
|
|
|
if oldGroup == nil && len(g.Name) > 0 {
|
|
|
|
|
|
oldGroup = oldConfig.FindRuleGroupWithName(g.Name)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if oldGroup == nil {
|
|
|
|
|
|
// 新创建分组
|
2021-01-01 23:31:30 +08:00
|
|
|
|
groupId, err := models.SharedHTTPFirewallRuleGroupDAO.CreateGroupFromConfig(tx, g)
|
2020-12-02 16:09:15 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
oldConfig.Inbound.GroupRefs = append(oldConfig.Inbound.GroupRefs, &firewallconfigs.HTTPFirewallRuleGroupRef{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
GroupId: groupId,
|
|
|
|
|
|
})
|
2021-12-12 20:24:36 +08:00
|
|
|
|
} else {
|
|
|
|
|
|
setRefs := []*firewallconfigs.HTTPFirewallRuleSetRef{}
|
|
|
|
|
|
for _, set := range g.Sets {
|
|
|
|
|
|
setId, err := models.SharedHTTPFirewallRuleSetDAO.CreateOrUpdateSetFromConfig(tx, set)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
setRefs = append(setRefs, &firewallconfigs.HTTPFirewallRuleSetRef{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
SetId: setId,
|
|
|
|
|
|
})
|
|
|
|
|
|
}
|
|
|
|
|
|
setsJSON, err := json.Marshal(setRefs)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
err = models.SharedHTTPFirewallRuleGroupDAO.UpdateGroup(tx, oldGroup.Id, g.IsOn, g.Name, g.Code, g.Description)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
err = models.SharedHTTPFirewallRuleGroupDAO.UpdateGroupSets(tx, oldGroup.Id, setsJSON)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
2020-12-02 16:09:15 +08:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 出站分组
|
|
|
|
|
|
if newConfig.Outbound != nil {
|
|
|
|
|
|
for _, g := range newConfig.Outbound.Groups {
|
2021-12-12 20:24:36 +08:00
|
|
|
|
var oldGroup *firewallconfigs.HTTPFirewallRuleGroup
|
|
|
|
|
|
|
|
|
|
|
|
// 使用代号查找
|
2020-12-02 16:09:15 +08:00
|
|
|
|
if len(g.Code) > 0 {
|
2021-12-12 20:24:36 +08:00
|
|
|
|
oldGroup = oldConfig.FindRuleGroupWithCode(g.Code)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 再次根据Name查找
|
|
|
|
|
|
if oldGroup == nil && len(g.Name) > 0 {
|
|
|
|
|
|
oldGroup = oldConfig.FindRuleGroupWithName(g.Name)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if oldGroup == nil {
|
|
|
|
|
|
// 新创建分组
|
2021-01-01 23:31:30 +08:00
|
|
|
|
groupId, err := models.SharedHTTPFirewallRuleGroupDAO.CreateGroupFromConfig(tx, g)
|
2020-12-02 16:09:15 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
oldConfig.Outbound.GroupRefs = append(oldConfig.Outbound.GroupRefs, &firewallconfigs.HTTPFirewallRuleGroupRef{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
GroupId: groupId,
|
|
|
|
|
|
})
|
2021-12-12 20:24:36 +08:00
|
|
|
|
} else {
|
|
|
|
|
|
setRefs := []*firewallconfigs.HTTPFirewallRuleSetRef{}
|
|
|
|
|
|
for _, set := range g.Sets {
|
|
|
|
|
|
setId, err := models.SharedHTTPFirewallRuleSetDAO.CreateOrUpdateSetFromConfig(tx, set)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
setRefs = append(setRefs, &firewallconfigs.HTTPFirewallRuleSetRef{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
SetId: setId,
|
|
|
|
|
|
})
|
|
|
|
|
|
}
|
|
|
|
|
|
setsJSON, err := json.Marshal(setRefs)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
err = models.SharedHTTPFirewallRuleGroupDAO.UpdateGroup(tx, oldGroup.Id, g.IsOn, g.Name, g.Code, g.Description)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
err = models.SharedHTTPFirewallRuleGroupDAO.UpdateGroupSets(tx, oldGroup.Id, setsJSON)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
2020-12-02 16:09:15 +08:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 保存Inbound和Outbound
|
|
|
|
|
|
oldConfig.Inbound.Groups = nil
|
|
|
|
|
|
oldConfig.Outbound.Groups = nil
|
|
|
|
|
|
|
|
|
|
|
|
inboundJSON, err := json.Marshal(oldConfig.Inbound)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
outboundJSON, err := json.Marshal(oldConfig.Outbound)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-08-25 11:18:37 +08:00
|
|
|
|
err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicyInboundAndOutbound(tx, req.HttpFirewallPolicyId, inboundJSON, outboundJSON, true)
|
2020-12-02 16:09:15 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return this.Success()
|
|
|
|
|
|
}
|
2021-02-02 19:29:36 +08:00
|
|
|
|
|
2021-06-07 08:58:26 +08:00
|
|
|
|
// CheckHTTPFirewallPolicyIPStatus 检查IP状态
|
2021-02-02 19:29:36 +08:00
|
|
|
|
func (this *HTTPFirewallPolicyService) CheckHTTPFirewallPolicyIPStatus(ctx context.Context, req *pb.CheckHTTPFirewallPolicyIPStatusRequest) (*pb.CheckHTTPFirewallPolicyIPStatusResponse, error) {
|
2022-07-22 14:35:17 +08:00
|
|
|
|
_, err := this.ValidateAdmin(ctx)
|
2021-02-02 19:29:36 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 校验IP
|
|
|
|
|
|
ip := net.ParseIP(req.Ip)
|
|
|
|
|
|
if len(ip) == 0 {
|
|
|
|
|
|
return &pb.CheckHTTPFirewallPolicyIPStatusResponse{
|
|
|
|
|
|
IsOk: false,
|
|
|
|
|
|
Error: "请输入正确的IP",
|
|
|
|
|
|
}, nil
|
|
|
|
|
|
}
|
|
|
|
|
|
ipLong := utils.IP2Long(req.Ip)
|
|
|
|
|
|
|
2022-07-22 15:05:30 +08:00
|
|
|
|
var tx = this.NullTx()
|
2021-08-22 11:35:33 +08:00
|
|
|
|
firewallPolicy, err := models.SharedHTTPFirewallPolicyDAO.ComposeFirewallPolicy(tx, req.HttpFirewallPolicyId, nil)
|
2021-02-02 19:29:36 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
if firewallPolicy == nil {
|
|
|
|
|
|
return &pb.CheckHTTPFirewallPolicyIPStatusResponse{
|
|
|
|
|
|
IsOk: false,
|
|
|
|
|
|
Error: "找不到策略信息",
|
|
|
|
|
|
}, nil
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 检查白名单
|
|
|
|
|
|
if firewallPolicy.Inbound != nil &&
|
|
|
|
|
|
firewallPolicy.Inbound.IsOn &&
|
|
|
|
|
|
firewallPolicy.Inbound.AllowListRef != nil &&
|
|
|
|
|
|
firewallPolicy.Inbound.AllowListRef.IsOn &&
|
|
|
|
|
|
firewallPolicy.Inbound.AllowListRef.ListId > 0 {
|
2021-07-13 15:49:16 +08:00
|
|
|
|
|
|
|
|
|
|
var listIds = []int64{}
|
|
|
|
|
|
if firewallPolicy.Inbound.AllowListRef.ListId > 0 {
|
|
|
|
|
|
listIds = append(listIds, firewallPolicy.Inbound.AllowListRef.ListId)
|
2021-02-02 19:29:36 +08:00
|
|
|
|
}
|
2021-07-13 15:49:16 +08:00
|
|
|
|
if len(firewallPolicy.Inbound.PublicAllowListRefs) > 0 {
|
|
|
|
|
|
for _, ref := range firewallPolicy.Inbound.PublicAllowListRefs {
|
|
|
|
|
|
if !ref.IsOn {
|
|
|
|
|
|
continue
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
listIds = append(listIds, ref.ListId)
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
for _, listId := range listIds {
|
|
|
|
|
|
item, err := models.SharedIPItemDAO.FindEnabledItemContainsIP(tx, listId, ipLong)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
if item != nil {
|
|
|
|
|
|
listName, err := models.SharedIPListDAO.FindIPListName(tx, listId)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
if len(listName) == 0 {
|
|
|
|
|
|
listName = "白名单"
|
|
|
|
|
|
}
|
|
|
|
|
|
return &pb.CheckHTTPFirewallPolicyIPStatusResponse{
|
|
|
|
|
|
IsOk: true,
|
|
|
|
|
|
Error: "",
|
|
|
|
|
|
IsFound: true,
|
|
|
|
|
|
IsAllowed: true,
|
|
|
|
|
|
IpList: &pb.IPList{Name: listName, Id: listId},
|
|
|
|
|
|
IpItem: &pb.IPItem{
|
|
|
|
|
|
Id: int64(item.Id),
|
|
|
|
|
|
IpFrom: item.IpFrom,
|
|
|
|
|
|
IpTo: item.IpTo,
|
|
|
|
|
|
ExpiredAt: int64(item.ExpiredAt),
|
|
|
|
|
|
Reason: item.Reason,
|
|
|
|
|
|
Type: item.Type,
|
|
|
|
|
|
EventLevel: item.EventLevel,
|
|
|
|
|
|
},
|
|
|
|
|
|
RegionCountry: nil,
|
|
|
|
|
|
RegionProvince: nil,
|
|
|
|
|
|
}, nil
|
|
|
|
|
|
}
|
2021-02-02 19:29:36 +08:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 检查黑名单
|
|
|
|
|
|
if firewallPolicy.Inbound != nil &&
|
|
|
|
|
|
firewallPolicy.Inbound.IsOn &&
|
2021-08-06 14:48:05 +08:00
|
|
|
|
firewallPolicy.Inbound.DenyListRef != nil &&
|
|
|
|
|
|
firewallPolicy.Inbound.DenyListRef.IsOn &&
|
|
|
|
|
|
firewallPolicy.Inbound.DenyListRef.ListId > 0 {
|
2021-07-13 15:49:16 +08:00
|
|
|
|
var listIds = []int64{}
|
|
|
|
|
|
if firewallPolicy.Inbound.DenyListRef.ListId > 0 {
|
|
|
|
|
|
listIds = append(listIds, firewallPolicy.Inbound.DenyListRef.ListId)
|
|
|
|
|
|
}
|
|
|
|
|
|
if len(firewallPolicy.Inbound.PublicDenyListRefs) > 0 {
|
|
|
|
|
|
for _, ref := range firewallPolicy.Inbound.PublicDenyListRefs {
|
|
|
|
|
|
if !ref.IsOn {
|
|
|
|
|
|
continue
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
listIds = append(listIds, ref.ListId)
|
|
|
|
|
|
}
|
2021-02-02 19:29:36 +08:00
|
|
|
|
}
|
2021-07-13 15:49:16 +08:00
|
|
|
|
|
|
|
|
|
|
for _, listId := range listIds {
|
|
|
|
|
|
item, err := models.SharedIPItemDAO.FindEnabledItemContainsIP(tx, listId, ipLong)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
if item != nil {
|
|
|
|
|
|
listName, err := models.SharedIPListDAO.FindIPListName(tx, listId)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
if len(listName) == 0 {
|
|
|
|
|
|
listName = "黑名单"
|
|
|
|
|
|
}
|
|
|
|
|
|
return &pb.CheckHTTPFirewallPolicyIPStatusResponse{
|
|
|
|
|
|
IsOk: true,
|
|
|
|
|
|
Error: "",
|
|
|
|
|
|
IsFound: true,
|
|
|
|
|
|
IsAllowed: false,
|
|
|
|
|
|
IpList: &pb.IPList{Name: listName, Id: listId},
|
|
|
|
|
|
IpItem: &pb.IPItem{
|
|
|
|
|
|
Id: int64(item.Id),
|
|
|
|
|
|
IpFrom: item.IpFrom,
|
|
|
|
|
|
IpTo: item.IpTo,
|
|
|
|
|
|
ExpiredAt: int64(item.ExpiredAt),
|
|
|
|
|
|
Reason: item.Reason,
|
|
|
|
|
|
Type: item.Type,
|
|
|
|
|
|
EventLevel: item.EventLevel,
|
|
|
|
|
|
},
|
|
|
|
|
|
RegionCountry: nil,
|
|
|
|
|
|
RegionProvince: nil,
|
|
|
|
|
|
}, nil
|
|
|
|
|
|
}
|
2021-02-02 19:29:36 +08:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 检查封禁的地区和省份
|
2022-08-21 20:38:34 +08:00
|
|
|
|
var info = iplibrary.LookupIP(req.Ip)
|
|
|
|
|
|
if info != nil && info.IsOk() {
|
2021-02-02 19:29:36 +08:00
|
|
|
|
if firewallPolicy.Inbound != nil &&
|
|
|
|
|
|
firewallPolicy.Inbound.IsOn &&
|
|
|
|
|
|
firewallPolicy.Inbound.Region != nil &&
|
|
|
|
|
|
firewallPolicy.Inbound.Region.IsOn {
|
|
|
|
|
|
// 检查封禁的地区
|
2022-08-21 20:38:34 +08:00
|
|
|
|
var countryId = info.CountryId()
|
2021-02-02 19:29:36 +08:00
|
|
|
|
if countryId > 0 && lists.ContainsInt64(firewallPolicy.Inbound.Region.DenyCountryIds, countryId) {
|
|
|
|
|
|
return &pb.CheckHTTPFirewallPolicyIPStatusResponse{
|
|
|
|
|
|
IsOk: true,
|
|
|
|
|
|
Error: "",
|
|
|
|
|
|
IsFound: true,
|
|
|
|
|
|
IsAllowed: false,
|
|
|
|
|
|
IpList: nil,
|
|
|
|
|
|
IpItem: nil,
|
|
|
|
|
|
RegionCountry: &pb.RegionCountry{
|
|
|
|
|
|
Id: countryId,
|
2022-08-21 20:38:34 +08:00
|
|
|
|
Name: info.CountryName(),
|
2021-02-02 19:29:36 +08:00
|
|
|
|
},
|
|
|
|
|
|
RegionProvince: nil,
|
|
|
|
|
|
}, nil
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 检查封禁的省份
|
|
|
|
|
|
if countryId > 0 {
|
2022-08-21 20:38:34 +08:00
|
|
|
|
var provinceId = info.ProvinceId()
|
2021-02-02 19:29:36 +08:00
|
|
|
|
if provinceId > 0 && lists.ContainsInt64(firewallPolicy.Inbound.Region.DenyProvinceIds, provinceId) {
|
|
|
|
|
|
return &pb.CheckHTTPFirewallPolicyIPStatusResponse{
|
|
|
|
|
|
IsOk: true,
|
|
|
|
|
|
Error: "",
|
|
|
|
|
|
IsFound: true,
|
|
|
|
|
|
IsAllowed: false,
|
|
|
|
|
|
IpList: nil,
|
|
|
|
|
|
IpItem: nil,
|
|
|
|
|
|
RegionCountry: &pb.RegionCountry{
|
|
|
|
|
|
Id: countryId,
|
2022-08-21 20:38:34 +08:00
|
|
|
|
Name: info.CountryName(),
|
2021-02-02 19:29:36 +08:00
|
|
|
|
},
|
|
|
|
|
|
RegionProvince: &pb.RegionProvince{
|
|
|
|
|
|
Id: provinceId,
|
2022-08-21 20:38:34 +08:00
|
|
|
|
Name: info.ProvinceName(),
|
2021-02-02 19:29:36 +08:00
|
|
|
|
},
|
|
|
|
|
|
}, nil
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return &pb.CheckHTTPFirewallPolicyIPStatusResponse{
|
|
|
|
|
|
IsOk: true,
|
|
|
|
|
|
Error: "",
|
|
|
|
|
|
IsFound: false,
|
|
|
|
|
|
IsAllowed: false,
|
|
|
|
|
|
IpList: nil,
|
|
|
|
|
|
IpItem: nil,
|
|
|
|
|
|
RegionCountry: nil,
|
|
|
|
|
|
RegionProvince: nil,
|
|
|
|
|
|
}, nil
|
|
|
|
|
|
}
|
