2020-11-07 19:40:24 +08:00
|
|
|
package models
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"github.com/TeaOSLab/EdgeAPI/internal/errors"
|
2021-11-17 19:51:00 +08:00
|
|
|
"github.com/TeaOSLab/EdgeAPI/internal/utils"
|
2021-08-08 15:47:48 +08:00
|
|
|
"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
|
2021-11-17 16:14:55 +08:00
|
|
|
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
|
2020-11-07 19:40:24 +08:00
|
|
|
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/ipconfigs"
|
|
|
|
|
_ "github.com/go-sql-driver/mysql"
|
|
|
|
|
"github.com/iwind/TeaGo/Tea"
|
|
|
|
|
"github.com/iwind/TeaGo/dbs"
|
2021-01-17 16:48:00 +08:00
|
|
|
"github.com/iwind/TeaGo/lists"
|
2020-11-07 19:40:24 +08:00
|
|
|
"github.com/iwind/TeaGo/types"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
IPListStateEnabled = 1 // 已启用
|
|
|
|
|
IPListStateDisabled = 0 // 已禁用
|
|
|
|
|
)
|
|
|
|
|
|
2021-11-17 16:14:55 +08:00
|
|
|
var listTypeCacheMap = map[int64]*IPList{} // listId => *IPList
|
2021-11-17 19:51:00 +08:00
|
|
|
var DefaultGlobalIPList = &IPList{
|
|
|
|
|
Id: uint32(firewallconfigs.GlobalListId),
|
|
|
|
|
Name: "全局封锁名单",
|
|
|
|
|
IsPublic: 1,
|
|
|
|
|
IsGlobal: 1,
|
|
|
|
|
Type: "black",
|
|
|
|
|
State: IPListStateEnabled,
|
2022-03-22 21:45:07 +08:00
|
|
|
IsOn: true,
|
2021-11-17 19:51:00 +08:00
|
|
|
}
|
2021-02-06 17:38:04 +08:00
|
|
|
|
2020-11-07 19:40:24 +08:00
|
|
|
type IPListDAO dbs.DAO
|
|
|
|
|
|
|
|
|
|
func NewIPListDAO() *IPListDAO {
|
|
|
|
|
return dbs.NewDAO(&IPListDAO{
|
|
|
|
|
DAOObject: dbs.DAOObject{
|
|
|
|
|
DB: Tea.Env,
|
|
|
|
|
Table: "edgeIPLists",
|
|
|
|
|
Model: new(IPList),
|
|
|
|
|
PkName: "id",
|
|
|
|
|
},
|
|
|
|
|
}).(*IPListDAO)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var SharedIPListDAO *IPListDAO
|
|
|
|
|
|
|
|
|
|
func init() {
|
|
|
|
|
dbs.OnReady(func() {
|
|
|
|
|
SharedIPListDAO = NewIPListDAO()
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-23 13:12:54 +08:00
|
|
|
// EnableIPList 启用条目
|
2021-01-01 23:31:30 +08:00
|
|
|
func (this *IPListDAO) EnableIPList(tx *dbs.Tx, id int64) error {
|
|
|
|
|
_, err := this.Query(tx).
|
2020-11-07 19:40:24 +08:00
|
|
|
Pk(id).
|
|
|
|
|
Set("state", IPListStateEnabled).
|
|
|
|
|
Update()
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-23 13:12:54 +08:00
|
|
|
// DisableIPList 禁用条目
|
2021-01-01 23:31:30 +08:00
|
|
|
func (this *IPListDAO) DisableIPList(tx *dbs.Tx, id int64) error {
|
|
|
|
|
_, err := this.Query(tx).
|
2020-11-07 19:40:24 +08:00
|
|
|
Pk(id).
|
|
|
|
|
Set("state", IPListStateDisabled).
|
|
|
|
|
Update()
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-23 13:12:54 +08:00
|
|
|
// FindEnabledIPList 查找启用中的条目
|
2021-11-17 19:51:00 +08:00
|
|
|
func (this *IPListDAO) FindEnabledIPList(tx *dbs.Tx, id int64, cacheMap *utils.CacheMap) (*IPList, error) {
|
|
|
|
|
if id == firewallconfigs.GlobalListId {
|
|
|
|
|
return DefaultGlobalIPList, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var cacheKey = this.Table + ":FindEnabledIPList:" + types.String(id)
|
|
|
|
|
if cacheMap != nil {
|
|
|
|
|
cache, ok := cacheMap.Get(cacheKey)
|
|
|
|
|
if ok {
|
|
|
|
|
return cache.(*IPList), nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-01 23:31:30 +08:00
|
|
|
result, err := this.Query(tx).
|
2020-11-07 19:40:24 +08:00
|
|
|
Pk(id).
|
|
|
|
|
Attr("state", IPListStateEnabled).
|
|
|
|
|
Find()
|
|
|
|
|
if result == nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2021-11-17 19:51:00 +08:00
|
|
|
|
|
|
|
|
if cacheMap != nil {
|
|
|
|
|
cacheMap.Put(cacheKey, result)
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-07 19:40:24 +08:00
|
|
|
return result.(*IPList), err
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-23 13:12:54 +08:00
|
|
|
// FindIPListName 根据主键查找名称
|
2021-01-01 23:31:30 +08:00
|
|
|
func (this *IPListDAO) FindIPListName(tx *dbs.Tx, id int64) (string, error) {
|
|
|
|
|
return this.Query(tx).
|
2020-11-07 19:40:24 +08:00
|
|
|
Pk(id).
|
|
|
|
|
Result("name").
|
|
|
|
|
FindStringCol("")
|
|
|
|
|
}
|
|
|
|
|
|
2021-11-17 16:14:55 +08:00
|
|
|
// FindIPListCacheable 获取名单
|
|
|
|
|
func (this *IPListDAO) FindIPListCacheable(tx *dbs.Tx, listId int64) (*IPList, error) {
|
|
|
|
|
// 全局黑名单
|
|
|
|
|
if listId == firewallconfigs.GlobalListId {
|
2021-11-17 19:51:00 +08:00
|
|
|
return DefaultGlobalIPList, nil
|
2021-11-17 16:14:55 +08:00
|
|
|
}
|
|
|
|
|
|
2021-02-06 17:38:04 +08:00
|
|
|
// 检查缓存
|
|
|
|
|
SharedCacheLocker.RLock()
|
2021-11-17 16:14:55 +08:00
|
|
|
list, ok := listTypeCacheMap[listId]
|
2021-02-06 17:38:04 +08:00
|
|
|
SharedCacheLocker.RUnlock()
|
|
|
|
|
if ok {
|
2021-11-17 16:14:55 +08:00
|
|
|
return list, nil
|
2021-02-06 17:38:04 +08:00
|
|
|
}
|
|
|
|
|
|
2021-11-17 16:14:55 +08:00
|
|
|
one, err := this.Query(tx).
|
2021-02-06 17:38:04 +08:00
|
|
|
Pk(listId).
|
2021-11-17 16:14:55 +08:00
|
|
|
Result("isGlobal", "type", "state", "id", "isPublic", "isGlobal").
|
|
|
|
|
Find()
|
|
|
|
|
if err != nil || one == nil {
|
|
|
|
|
return nil, err
|
2021-02-06 17:38:04 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// 保存缓存
|
|
|
|
|
SharedCacheLocker.Lock()
|
2021-11-17 16:14:55 +08:00
|
|
|
listTypeCacheMap[listId] = one.(*IPList)
|
2021-02-06 17:38:04 +08:00
|
|
|
SharedCacheLocker.Unlock()
|
|
|
|
|
|
2021-11-17 16:14:55 +08:00
|
|
|
return one.(*IPList), nil
|
2021-02-06 17:38:04 +08:00
|
|
|
}
|
|
|
|
|
|
2021-06-23 13:12:54 +08:00
|
|
|
// CreateIPList 创建名单
|
2021-11-17 16:14:55 +08:00
|
|
|
func (this *IPListDAO) CreateIPList(tx *dbs.Tx, userId int64, listType ipconfigs.IPListType, name string, code string, timeoutJSON []byte, description string, isPublic bool, isGlobal bool) (int64, error) {
|
2020-11-07 19:40:24 +08:00
|
|
|
op := NewIPListOperator()
|
|
|
|
|
op.IsOn = true
|
2021-01-03 20:18:07 +08:00
|
|
|
op.UserId = userId
|
2020-11-07 19:40:24 +08:00
|
|
|
op.State = IPListStateEnabled
|
|
|
|
|
op.Type = listType
|
|
|
|
|
op.Name = name
|
|
|
|
|
op.Code = code
|
|
|
|
|
if len(timeoutJSON) > 0 {
|
|
|
|
|
op.Timeout = timeoutJSON
|
|
|
|
|
}
|
2021-06-23 13:12:54 +08:00
|
|
|
op.Description = description
|
|
|
|
|
op.IsPublic = isPublic
|
2021-11-17 16:14:55 +08:00
|
|
|
op.IsGlobal = isGlobal
|
2021-01-01 23:31:30 +08:00
|
|
|
err := this.Save(tx, op)
|
2020-11-07 19:40:24 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return 0, err
|
|
|
|
|
}
|
|
|
|
|
return types.Int64(op.Id), nil
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-23 13:12:54 +08:00
|
|
|
// UpdateIPList 修改名单
|
|
|
|
|
func (this *IPListDAO) UpdateIPList(tx *dbs.Tx, listId int64, name string, code string, timeoutJSON []byte, description string) error {
|
2020-11-07 19:40:24 +08:00
|
|
|
if listId <= 0 {
|
|
|
|
|
return errors.New("invalid listId")
|
|
|
|
|
}
|
|
|
|
|
op := NewIPListOperator()
|
|
|
|
|
op.Id = listId
|
|
|
|
|
op.Name = name
|
|
|
|
|
op.Code = code
|
|
|
|
|
if len(timeoutJSON) > 0 {
|
|
|
|
|
op.Timeout = timeoutJSON
|
|
|
|
|
} else {
|
|
|
|
|
op.Timeout = "null"
|
|
|
|
|
}
|
2021-06-23 13:12:54 +08:00
|
|
|
op.Description = description
|
2021-01-01 23:31:30 +08:00
|
|
|
err := this.Save(tx, op)
|
2020-11-07 19:40:24 +08:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-23 13:12:54 +08:00
|
|
|
// IncreaseVersion 增加版本
|
2021-01-01 23:31:30 +08:00
|
|
|
func (this *IPListDAO) IncreaseVersion(tx *dbs.Tx) (int64, error) {
|
2021-02-02 15:25:40 +08:00
|
|
|
return SharedSysLockerDAO.Increase(tx, "IP_LIST_VERSION", 1000000)
|
2020-11-07 19:40:24 +08:00
|
|
|
}
|
2021-01-03 20:18:07 +08:00
|
|
|
|
2021-06-23 13:12:54 +08:00
|
|
|
// CheckUserIPList 检查用户权限
|
2021-01-03 20:18:07 +08:00
|
|
|
func (this *IPListDAO) CheckUserIPList(tx *dbs.Tx, userId int64, listId int64) error {
|
2022-03-10 15:59:00 +08:00
|
|
|
if userId == 0 || listId == 0 {
|
|
|
|
|
return ErrNotFound
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-03 20:18:07 +08:00
|
|
|
ok, err := this.Query(tx).
|
|
|
|
|
Pk(listId).
|
|
|
|
|
Attr("userId", userId).
|
|
|
|
|
Exist()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
if ok {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
2022-03-10 15:59:00 +08:00
|
|
|
|
|
|
|
|
// 检查是否被用户的服务所使用
|
|
|
|
|
policyIds, err := SharedHTTPFirewallPolicyDAO.FindEnabledFirewallPolicyIdsWithIPListId(tx, listId)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
for _, policyId := range policyIds {
|
|
|
|
|
if SharedHTTPFirewallPolicyDAO.CheckUserFirewallPolicy(tx, userId, policyId) == nil {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-03 20:18:07 +08:00
|
|
|
return ErrNotFound
|
|
|
|
|
}
|
2021-01-17 16:48:00 +08:00
|
|
|
|
2021-06-23 13:12:54 +08:00
|
|
|
// CountAllEnabledIPLists 计算名单数量
|
|
|
|
|
func (this *IPListDAO) CountAllEnabledIPLists(tx *dbs.Tx, listType string, isPublic bool, keyword string) (int64, error) {
|
|
|
|
|
var query = this.Query(tx).
|
|
|
|
|
State(IPListStateEnabled).
|
|
|
|
|
Attr("type", listType).
|
|
|
|
|
Attr("isPublic", isPublic)
|
|
|
|
|
if len(keyword) > 0 {
|
|
|
|
|
query.Where("(name LIKE :keyword OR description LIKE :keyword)").
|
|
|
|
|
Param("keyword", "%"+keyword+"%")
|
|
|
|
|
}
|
|
|
|
|
return query.Count()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// ListEnabledIPLists 列出单页名单
|
|
|
|
|
func (this *IPListDAO) ListEnabledIPLists(tx *dbs.Tx, listType string, isPublic bool, keyword string, offset int64, size int64) (result []*IPList, err error) {
|
|
|
|
|
var query = this.Query(tx).
|
|
|
|
|
State(IPListStateEnabled).
|
|
|
|
|
Attr("type", listType).
|
|
|
|
|
Attr("isPublic", isPublic)
|
|
|
|
|
if len(keyword) > 0 {
|
|
|
|
|
query.Where("(name LIKE :keyword OR description LIKE :keyword)").
|
|
|
|
|
Param("keyword", "%"+keyword+"%")
|
|
|
|
|
}
|
|
|
|
|
_, err = query.Offset(offset).
|
|
|
|
|
Limit(size).
|
|
|
|
|
DescPk().
|
|
|
|
|
Slice(&result).
|
|
|
|
|
FindAll()
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// ExistsEnabledIPList 检查IP名单是否存在
|
|
|
|
|
func (this *IPListDAO) ExistsEnabledIPList(tx *dbs.Tx, listId int64) (bool, error) {
|
|
|
|
|
if listId <= 0 {
|
|
|
|
|
return false, nil
|
|
|
|
|
}
|
|
|
|
|
return this.Query(tx).
|
|
|
|
|
Pk(listId).
|
|
|
|
|
State(IPListStateEnabled).
|
|
|
|
|
Exist()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// NotifyUpdate 通知更新
|
2021-01-17 16:48:00 +08:00
|
|
|
func (this *IPListDAO) NotifyUpdate(tx *dbs.Tx, listId int64, taskType NodeTaskType) error {
|
|
|
|
|
httpFirewallPolicyIds, err := SharedHTTPFirewallPolicyDAO.FindEnabledFirewallPolicyIdsWithIPListId(tx, listId)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
resultClusterIds := []int64{}
|
|
|
|
|
for _, policyId := range httpFirewallPolicyIds {
|
|
|
|
|
// 集群
|
|
|
|
|
clusterIds, err := SharedNodeClusterDAO.FindAllEnabledNodeClusterIdsWithHTTPFirewallPolicyId(tx, policyId)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
for _, clusterId := range clusterIds {
|
|
|
|
|
if !lists.ContainsInt64(resultClusterIds, clusterId) {
|
|
|
|
|
resultClusterIds = append(resultClusterIds, clusterId)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// 服务
|
|
|
|
|
webIds, err := SharedHTTPWebDAO.FindAllWebIdsWithHTTPFirewallPolicyId(tx, policyId)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
if len(webIds) > 0 {
|
|
|
|
|
for _, webId := range webIds {
|
|
|
|
|
serverId, err := SharedServerDAO.FindEnabledServerIdWithWebId(tx, webId)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
if serverId > 0 {
|
|
|
|
|
clusterId, err := SharedServerDAO.FindServerClusterId(tx, serverId)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
if !lists.ContainsInt64(resultClusterIds, clusterId) {
|
|
|
|
|
resultClusterIds = append(resultClusterIds, clusterId)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if len(resultClusterIds) > 0 {
|
|
|
|
|
for _, clusterId := range resultClusterIds {
|
2022-01-19 22:15:01 +08:00
|
|
|
err = SharedNodeTaskDAO.CreateClusterTask(tx, nodeconfigs.NodeRoleNode, clusterId, 0, taskType)
|
2021-01-17 16:48:00 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
