2020-09-23 10:12:57 +08:00
|
|
|
package models
|
|
|
|
|
|
|
|
|
|
import (
|
2020-10-06 21:02:15 +08:00
|
|
|
"encoding/json"
|
|
|
|
|
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
|
2020-09-23 10:12:57 +08:00
|
|
|
_ "github.com/go-sql-driver/mysql"
|
|
|
|
|
"github.com/iwind/TeaGo/Tea"
|
|
|
|
|
"github.com/iwind/TeaGo/dbs"
|
2020-10-06 21:02:15 +08:00
|
|
|
"github.com/iwind/TeaGo/types"
|
2020-09-23 10:12:57 +08:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
HTTPFirewallRuleStateEnabled = 1 // 已启用
|
|
|
|
|
HTTPFirewallRuleStateDisabled = 0 // 已禁用
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type HTTPFirewallRuleDAO dbs.DAO
|
|
|
|
|
|
|
|
|
|
func NewHTTPFirewallRuleDAO() *HTTPFirewallRuleDAO {
|
|
|
|
|
return dbs.NewDAO(&HTTPFirewallRuleDAO{
|
|
|
|
|
DAOObject: dbs.DAOObject{
|
|
|
|
|
DB: Tea.Env,
|
|
|
|
|
Table: "edgeHTTPFirewallRules",
|
|
|
|
|
Model: new(HTTPFirewallRule),
|
|
|
|
|
PkName: "id",
|
|
|
|
|
},
|
|
|
|
|
}).(*HTTPFirewallRuleDAO)
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-13 20:05:13 +08:00
|
|
|
var SharedHTTPFirewallRuleDAO *HTTPFirewallRuleDAO
|
|
|
|
|
|
|
|
|
|
func init() {
|
|
|
|
|
dbs.OnReady(func() {
|
|
|
|
|
SharedHTTPFirewallRuleDAO = NewHTTPFirewallRuleDAO()
|
|
|
|
|
})
|
|
|
|
|
}
|
2020-09-23 10:12:57 +08:00
|
|
|
|
2022-03-22 19:30:30 +08:00
|
|
|
// Init 初始化
|
2020-09-26 08:06:40 +08:00
|
|
|
func (this *HTTPFirewallRuleDAO) Init() {
|
2021-01-17 16:48:00 +08:00
|
|
|
_ = this.DAOObject.Init()
|
2020-09-26 08:06:40 +08:00
|
|
|
}
|
|
|
|
|
|
2022-03-22 19:30:30 +08:00
|
|
|
// EnableHTTPFirewallRule 启用条目
|
2021-01-01 23:31:30 +08:00
|
|
|
func (this *HTTPFirewallRuleDAO) EnableHTTPFirewallRule(tx *dbs.Tx, id int64) error {
|
|
|
|
|
_, err := this.Query(tx).
|
2020-09-23 10:12:57 +08:00
|
|
|
Pk(id).
|
|
|
|
|
Set("state", HTTPFirewallRuleStateEnabled).
|
|
|
|
|
Update()
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-22 19:30:30 +08:00
|
|
|
// DisableHTTPFirewallRule 禁用条目
|
2021-01-17 16:48:00 +08:00
|
|
|
func (this *HTTPFirewallRuleDAO) DisableHTTPFirewallRule(tx *dbs.Tx, ruleId int64) error {
|
2021-01-01 23:31:30 +08:00
|
|
|
_, err := this.Query(tx).
|
2021-01-17 16:48:00 +08:00
|
|
|
Pk(ruleId).
|
2020-09-23 10:12:57 +08:00
|
|
|
Set("state", HTTPFirewallRuleStateDisabled).
|
|
|
|
|
Update()
|
2021-01-17 16:48:00 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
return this.NotifyUpdate(tx, ruleId)
|
2020-09-23 10:12:57 +08:00
|
|
|
}
|
|
|
|
|
|
2022-03-22 19:30:30 +08:00
|
|
|
// FindEnabledHTTPFirewallRule 查找启用中的条目
|
2021-01-01 23:31:30 +08:00
|
|
|
func (this *HTTPFirewallRuleDAO) FindEnabledHTTPFirewallRule(tx *dbs.Tx, id int64) (*HTTPFirewallRule, error) {
|
|
|
|
|
result, err := this.Query(tx).
|
2020-09-23 10:12:57 +08:00
|
|
|
Pk(id).
|
|
|
|
|
Attr("state", HTTPFirewallRuleStateEnabled).
|
|
|
|
|
Find()
|
|
|
|
|
if result == nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return result.(*HTTPFirewallRule), err
|
|
|
|
|
}
|
2020-10-06 21:02:15 +08:00
|
|
|
|
2022-03-22 19:30:30 +08:00
|
|
|
// ComposeFirewallRule 组合配置
|
2021-01-01 23:31:30 +08:00
|
|
|
func (this *HTTPFirewallRuleDAO) ComposeFirewallRule(tx *dbs.Tx, ruleId int64) (*firewallconfigs.HTTPFirewallRule, error) {
|
|
|
|
|
rule, err := this.FindEnabledHTTPFirewallRule(tx, ruleId)
|
2020-10-06 21:02:15 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if rule == nil {
|
|
|
|
|
return nil, nil
|
|
|
|
|
}
|
|
|
|
|
config := &firewallconfigs.HTTPFirewallRule{}
|
|
|
|
|
config.Id = int64(rule.Id)
|
2022-03-22 21:45:07 +08:00
|
|
|
config.IsOn = rule.IsOn
|
2020-10-06 21:02:15 +08:00
|
|
|
config.Param = rule.Param
|
2020-11-21 20:43:52 +08:00
|
|
|
|
|
|
|
|
paramFilters := []*firewallconfigs.ParamFilter{}
|
|
|
|
|
if IsNotNull(rule.ParamFilters) {
|
2022-03-22 19:30:30 +08:00
|
|
|
err = json.Unmarshal(rule.ParamFilters, ¶mFilters)
|
2020-11-21 20:43:52 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
config.ParamFilters = paramFilters
|
|
|
|
|
|
2020-10-06 21:02:15 +08:00
|
|
|
config.Operator = rule.Operator
|
|
|
|
|
config.Value = rule.Value
|
|
|
|
|
config.IsCaseInsensitive = rule.IsCaseInsensitive == 1
|
|
|
|
|
|
|
|
|
|
if IsNotNull(rule.CheckpointOptions) {
|
|
|
|
|
checkpointOptions := map[string]interface{}{}
|
2022-03-22 19:30:30 +08:00
|
|
|
err = json.Unmarshal(rule.CheckpointOptions, &checkpointOptions)
|
2020-10-06 21:02:15 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
config.CheckpointOptions = checkpointOptions
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
config.Description = rule.Description
|
|
|
|
|
|
|
|
|
|
return config, nil
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-22 19:30:30 +08:00
|
|
|
// CreateOrUpdateRuleFromConfig 从配置中配置规则
|
2021-01-01 23:31:30 +08:00
|
|
|
func (this *HTTPFirewallRuleDAO) CreateOrUpdateRuleFromConfig(tx *dbs.Tx, ruleConfig *firewallconfigs.HTTPFirewallRule) (int64, error) {
|
2020-10-06 21:02:15 +08:00
|
|
|
op := NewHTTPFirewallRuleOperator()
|
2020-10-08 11:11:49 +08:00
|
|
|
op.Id = ruleConfig.Id
|
2020-10-06 21:02:15 +08:00
|
|
|
op.State = HTTPFirewallRuleStateEnabled
|
|
|
|
|
op.IsOn = ruleConfig.IsOn
|
|
|
|
|
op.Description = ruleConfig.Description
|
|
|
|
|
op.Param = ruleConfig.Param
|
2020-11-21 20:43:52 +08:00
|
|
|
|
|
|
|
|
if len(ruleConfig.ParamFilters) == 0 {
|
|
|
|
|
op.ParamFilters = "[]"
|
|
|
|
|
} else {
|
|
|
|
|
paramFilters, err := json.Marshal(ruleConfig.ParamFilters)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return 0, err
|
|
|
|
|
}
|
|
|
|
|
op.ParamFilters = paramFilters
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-06 21:02:15 +08:00
|
|
|
op.Value = ruleConfig.Value
|
|
|
|
|
op.IsCaseInsensitive = ruleConfig.IsCaseInsensitive
|
|
|
|
|
op.Operator = ruleConfig.Operator
|
|
|
|
|
|
|
|
|
|
if ruleConfig.CheckpointOptions != nil {
|
|
|
|
|
checkpointOptionsJSON, err := json.Marshal(ruleConfig.CheckpointOptions)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return 0, err
|
|
|
|
|
}
|
|
|
|
|
op.CheckpointOptions = checkpointOptionsJSON
|
|
|
|
|
}
|
2021-01-01 23:31:30 +08:00
|
|
|
err := this.Save(tx, op)
|
2020-10-06 21:02:15 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return 0, err
|
|
|
|
|
}
|
2021-01-17 16:48:00 +08:00
|
|
|
|
|
|
|
|
// 通知更新
|
|
|
|
|
if ruleConfig.Id > 0 {
|
|
|
|
|
err := this.NotifyUpdate(tx, ruleConfig.Id)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return 0, err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-06 21:02:15 +08:00
|
|
|
return types.Int64(op.Id), nil
|
|
|
|
|
}
|
2021-01-17 16:48:00 +08:00
|
|
|
|
2022-03-22 19:30:30 +08:00
|
|
|
// NotifyUpdate 通知更新
|
2021-01-17 16:48:00 +08:00
|
|
|
func (this *HTTPFirewallRuleDAO) NotifyUpdate(tx *dbs.Tx, ruleId int64) error {
|
|
|
|
|
setId, err := SharedHTTPFirewallRuleSetDAO.FindEnabledRuleSetIdWithRuleId(tx, ruleId)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
if setId > 0 {
|
|
|
|
|
return SharedHTTPFirewallRuleSetDAO.NotifyUpdate(tx, setId)
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
