EdgeAPI/internal/db/models/http_firewall_policy_dao.go

package models

import (
	"encoding/json"
	"github.com/TeaOSLab/EdgeAPI/internal/errors"
	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
	_ "github.com/go-sql-driver/mysql"
	"github.com/iwind/TeaGo/Tea"
	"github.com/iwind/TeaGo/dbs"
	"github.com/iwind/TeaGo/types"
)

const (
	HTTPFirewallPolicyStateEnabled  = 1 // 已启用
	HTTPFirewallPolicyStateDisabled = 0 // 已禁用
)

type HTTPFirewallPolicyDAO dbs.DAO

func NewHTTPFirewallPolicyDAO() *HTTPFirewallPolicyDAO {
	return dbs.NewDAO(&HTTPFirewallPolicyDAO{
		DAOObject: dbs.DAOObject{
			DB:     Tea.Env,
			Table:  "edgeHTTPFirewallPolicies",
			Model:  new(HTTPFirewallPolicy),
			PkName: "id",
		},
	}).(*HTTPFirewallPolicyDAO)
}

var SharedHTTPFirewallPolicyDAO *HTTPFirewallPolicyDAO

func init() {
	dbs.OnReady(func() {
		SharedHTTPFirewallPolicyDAO = NewHTTPFirewallPolicyDAO()
	})
}

// 初始化
func (this *HTTPFirewallPolicyDAO) Init() {
	this.DAOObject.Init()
	this.DAOObject.OnUpdate(func() error {
		return SharedSysEventDAO.CreateEvent(nil, NewServerChangeEvent())
	})
	this.DAOObject.OnInsert(func() error {
		return SharedSysEventDAO.CreateEvent(nil, NewServerChangeEvent())
	})
	this.DAOObject.OnDelete(func() error {
		return SharedSysEventDAO.CreateEvent(nil, NewServerChangeEvent())
	})
}

// 启用条目
func (this *HTTPFirewallPolicyDAO) EnableHTTPFirewallPolicy(tx *dbs.Tx, id int64) error {
	_, err := this.Query(tx).
		Pk(id).
		Set("state", HTTPFirewallPolicyStateEnabled).
		Update()
	return err
}

// 禁用条目
func (this *HTTPFirewallPolicyDAO) DisableHTTPFirewallPolicy(tx *dbs.Tx, id int64) error {
	_, err := this.Query(tx).
		Pk(id).
		Set("state", HTTPFirewallPolicyStateDisabled).
		Update()
	return err
}

// 查找启用中的条目
func (this *HTTPFirewallPolicyDAO) FindEnabledHTTPFirewallPolicy(tx *dbs.Tx, id int64) (*HTTPFirewallPolicy, error) {
	result, err := this.Query(tx).
		Pk(id).
		Attr("state", HTTPFirewallPolicyStateEnabled).
		Find()
	if result == nil {
		return nil, err
	}
	return result.(*HTTPFirewallPolicy), err
}

// 根据主键查找名称
func (this *HTTPFirewallPolicyDAO) FindHTTPFirewallPolicyName(tx *dbs.Tx, id int64) (string, error) {
	return this.Query(tx).
		Pk(id).
		Result("name").
		FindStringCol("")
}

// 查找所有可用策略
func (this *HTTPFirewallPolicyDAO) FindAllEnabledFirewallPolicies(tx *dbs.Tx) (result []*HTTPFirewallPolicy, err error) {
	_, err = this.Query(tx).
		State(HTTPFirewallPolicyStateEnabled).
		DescPk().
		Slice(&result).
		FindAll()
	return
}

// 创建策略
func (this *HTTPFirewallPolicyDAO) CreateFirewallPolicy(tx *dbs.Tx, userId int64, isOn bool, name string, description string, inboundJSON []byte, outboundJSON []byte) (int64, error) {
	op := NewHTTPFirewallPolicyOperator()
	op.UserId = userId
	op.State = HTTPFirewallPolicyStateEnabled
	op.IsOn = isOn
	op.Name = name
	op.Description = description
	if len(inboundJSON) > 0 {
		op.Inbound = inboundJSON
	}
	if len(outboundJSON) > 0 {
		op.Outbound = outboundJSON
	}
	err := this.Save(tx, op)
	return types.Int64(op.Id), err
}

// 修改策略的Inbound和Outbound
func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicyInboundAndOutbound(tx *dbs.Tx, policyId int64, inboundJSON []byte, outboundJSON []byte) error {
	if policyId <= 0 {
		return errors.New("invalid policyId")
	}
	op := NewHTTPFirewallPolicyOperator()
	op.Id = policyId
	if len(inboundJSON) > 0 {
		op.Inbound = inboundJSON
	} else {
		op.Inbound = "null"
	}
	if len(outboundJSON) > 0 {
		op.Outbound = outboundJSON
	} else {
		op.Outbound = "null"
	}
	err := this.Save(tx, op)
	return err
}

// 修改策略的Inbound
func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicyInbound(tx *dbs.Tx, policyId int64, inboundJSON []byte) error {
	if policyId <= 0 {
		return errors.New("invalid policyId")
	}
	op := NewHTTPFirewallPolicyOperator()
	op.Id = policyId
	if len(inboundJSON) > 0 {
		op.Inbound = inboundJSON
	} else {
		op.Inbound = "null"
	}
	err := this.Save(tx, op)
	return err
}

// 修改策略
func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicy(tx *dbs.Tx, policyId int64, isOn bool, name string, description string, inboundJSON []byte, outboundJSON []byte, blockOptionsJSON []byte) error {
	if policyId <= 0 {
		return errors.New("invalid policyId")
	}
	op := NewHTTPFirewallPolicyOperator()
	op.Id = policyId
	op.IsOn = isOn
	op.Name = name
	op.Description = description
	if len(inboundJSON) > 0 {
		op.Inbound = inboundJSON
	} else {
		op.Inbound = "null"
	}
	if len(outboundJSON) > 0 {
		op.Outbound = outboundJSON
	} else {
		op.Outbound = "null"
	}
	if len(blockOptionsJSON) > 0 {
		op.BlockOptions = blockOptionsJSON
	}
	err := this.Save(tx, op)
	return err
}

// 计算所有可用的策略数量
func (this *HTTPFirewallPolicyDAO) CountAllEnabledFirewallPolicies(tx *dbs.Tx) (int64, error) {
	return this.Query(tx).
		State(HTTPFirewallPolicyStateEnabled).
		Attr("userId", 0).
		Count()
}

// 列出单页的策略
func (this *HTTPFirewallPolicyDAO) ListEnabledFirewallPolicies(tx *dbs.Tx, offset int64, size int64) (result []*HTTPFirewallPolicy, err error) {
	_, err = this.Query(tx).
		State(HTTPFirewallPolicyStateEnabled).
		Attr("userId", 0).
		Offset(offset).
		Limit(size).
		DescPk().
		Slice(&result).
		FindAll()
	return
}

// 组合策略配置
func (this *HTTPFirewallPolicyDAO) ComposeFirewallPolicy(tx *dbs.Tx, policyId int64) (*firewallconfigs.HTTPFirewallPolicy, error) {
	policy, err := this.FindEnabledHTTPFirewallPolicy(tx, policyId)
	if err != nil {
		return nil, err
	}
	if policy == nil {
		return nil, nil
	}

	config := &firewallconfigs.HTTPFirewallPolicy{}
	config.Id = int64(policy.Id)
	config.IsOn = policy.IsOn == 1
	config.Name = policy.Name
	config.Description = policy.Description

	// Inbound
	inbound := &firewallconfigs.HTTPFirewallInboundConfig{}
	if IsNotNull(policy.Inbound) {
		err = json.Unmarshal([]byte(policy.Inbound), inbound)
		if err != nil {
			return nil, err
		}
		if len(inbound.GroupRefs) > 0 {
			resultGroupRefs := []*firewallconfigs.HTTPFirewallRuleGroupRef{}
			resultGroups := []*firewallconfigs.HTTPFirewallRuleGroup{}

			for _, groupRef := range inbound.GroupRefs {
				groupConfig, err := SharedHTTPFirewallRuleGroupDAO.ComposeFirewallRuleGroup(tx, groupRef.GroupId)
				if err != nil {
					return nil, err
				}
				if groupConfig != nil {
					resultGroupRefs = append(resultGroupRefs, groupRef)
					resultGroups = append(resultGroups, groupConfig)
				}
			}

			inbound.GroupRefs = resultGroupRefs
			inbound.Groups = resultGroups
		}
	}
	config.Inbound = inbound

	// Outbound
	outbound := &firewallconfigs.HTTPFirewallOutboundConfig{}
	if IsNotNull(policy.Outbound) {
		err = json.Unmarshal([]byte(policy.Outbound), outbound)
		if err != nil {
			return nil, err
		}
		if len(outbound.GroupRefs) > 0 {
			resultGroupRefs := []*firewallconfigs.HTTPFirewallRuleGroupRef{}
			resultGroups := []*firewallconfigs.HTTPFirewallRuleGroup{}

			for _, groupRef := range outbound.GroupRefs {
				groupConfig, err := SharedHTTPFirewallRuleGroupDAO.ComposeFirewallRuleGroup(tx, groupRef.GroupId)
				if err != nil {
					return nil, err
				}
				if groupConfig != nil {
					resultGroupRefs = append(resultGroupRefs, groupRef)
					resultGroups = append(resultGroups, groupConfig)
				}
			}

			outbound.GroupRefs = resultGroupRefs
			outbound.Groups = resultGroups
		}
	}
	config.Outbound = outbound

	// Block动作配置
	if IsNotNull(policy.BlockOptions) {
		blockAction := &firewallconfigs.HTTPFirewallBlockAction{}
		err = json.Unmarshal([]byte(policy.BlockOptions), blockAction)
		if err != nil {
			return config, err
		}
		config.BlockOptions = blockAction
	}

	return config, nil
}

// 检查用户防火墙策略
func (this *HTTPFirewallPolicyDAO) CheckUserFirewallPolicy(tx *dbs.Tx, userId int64, firewallPolicyId int64) error {
	ok, err := this.Query(tx).
		Pk(firewallPolicyId).
		Attr("userId", userId).
		Exist()
	if err != nil {
		return err
	}
	if !ok {
		return ErrNotFound
	}
	return nil
}
实现防火墙配置 2020-09-20 20:12:47 +08:00			`package models`

			`import (`
实现WAF策略部分功能 2020-10-06 21:02:15 +08:00			`"encoding/json"`
			`"github.com/TeaOSLab/EdgeAPI/internal/errors"`
			`"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"`
实现防火墙配置 2020-09-20 20:12:47 +08:00			`_ "github.com/go-sql-driver/mysql"`
			`"github.com/iwind/TeaGo/Tea"`
			`"github.com/iwind/TeaGo/dbs"`
实现WAF策略部分功能 2020-10-06 21:02:15 +08:00			`"github.com/iwind/TeaGo/types"`
实现防火墙配置 2020-09-20 20:12:47 +08:00			`)`

			`const (`
			`HTTPFirewallPolicyStateEnabled = 1 // 已启用`
			`HTTPFirewallPolicyStateDisabled = 0 // 已禁用`
			`)`

			`type HTTPFirewallPolicyDAO dbs.DAO`

			`func NewHTTPFirewallPolicyDAO() *HTTPFirewallPolicyDAO {`
			`return dbs.NewDAO(&HTTPFirewallPolicyDAO{`
			`DAOObject: dbs.DAOObject{`
			`DB: Tea.Env,`
			`Table: "edgeHTTPFirewallPolicies",`
			`Model: new(HTTPFirewallPolicy),`
			`PkName: "id",`
			`},`
			`}).(*HTTPFirewallPolicyDAO)`
			`}`

初步实现安装界面 2020-10-13 20:05:13 +08:00			`var SharedHTTPFirewallPolicyDAO *HTTPFirewallPolicyDAO`

			`func init() {`
			`dbs.OnReady(func() {`
			`SharedHTTPFirewallPolicyDAO = NewHTTPFirewallPolicyDAO()`
			`})`
			`}`
实现防火墙配置 2020-09-20 20:12:47 +08:00
实现HTTP部分功能 2020-09-26 08:06:40 +08:00			`// 初始化`
			`func (this *HTTPFirewallPolicyDAO) Init() {`
			`this.DAOObject.Init()`
			`this.DAOObject.OnUpdate(func() error {`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00			`return SharedSysEventDAO.CreateEvent(nil, NewServerChangeEvent())`
实现HTTP部分功能 2020-09-26 08:06:40 +08:00			`})`
			`this.DAOObject.OnInsert(func() error {`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00			`return SharedSysEventDAO.CreateEvent(nil, NewServerChangeEvent())`
实现HTTP部分功能 2020-09-26 08:06:40 +08:00			`})`
			`this.DAOObject.OnDelete(func() error {`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00			`return SharedSysEventDAO.CreateEvent(nil, NewServerChangeEvent())`
实现HTTP部分功能 2020-09-26 08:06:40 +08:00			`})`
			`}`

实现防火墙配置 2020-09-20 20:12:47 +08:00			`// 启用条目`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00			`func (this HTTPFirewallPolicyDAO) EnableHTTPFirewallPolicy(tx dbs.Tx, id int64) error {`
			`_, err := this.Query(tx).`
实现防火墙配置 2020-09-20 20:12:47 +08:00			`Pk(id).`
			`Set("state", HTTPFirewallPolicyStateEnabled).`
			`Update()`
			`return err`
			`}`

			`// 禁用条目`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00			`func (this HTTPFirewallPolicyDAO) DisableHTTPFirewallPolicy(tx dbs.Tx, id int64) error {`
			`_, err := this.Query(tx).`
实现防火墙配置 2020-09-20 20:12:47 +08:00			`Pk(id).`
			`Set("state", HTTPFirewallPolicyStateDisabled).`
			`Update()`
			`return err`
			`}`

			`// 查找启用中的条目`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00			`func (this HTTPFirewallPolicyDAO) FindEnabledHTTPFirewallPolicy(tx dbs.Tx, id int64) (*HTTPFirewallPolicy, error) {`
			`result, err := this.Query(tx).`
实现防火墙配置 2020-09-20 20:12:47 +08:00			`Pk(id).`
			`Attr("state", HTTPFirewallPolicyStateEnabled).`
			`Find()`
			`if result == nil {`
			`return nil, err`
			`}`
			`return result.(*HTTPFirewallPolicy), err`
			`}`

			`// 根据主键查找名称`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00			`func (this HTTPFirewallPolicyDAO) FindHTTPFirewallPolicyName(tx dbs.Tx, id int64) (string, error) {`
			`return this.Query(tx).`
实现防火墙配置 2020-09-20 20:12:47 +08:00			`Pk(id).`
			`Result("name").`
			`FindStringCol("")`
			`}`

			`// 查找所有可用策略`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00			`func (this HTTPFirewallPolicyDAO) FindAllEnabledFirewallPolicies(tx dbs.Tx) (result []*HTTPFirewallPolicy, err error) {`
			`_, err = this.Query(tx).`
实现防火墙配置 2020-09-20 20:12:47 +08:00			`State(HTTPFirewallPolicyStateEnabled).`
			`DescPk().`
			`Slice(&result).`
			`FindAll()`
			`return`
			`}`
实现WAF策略部分功能 2020-10-06 21:02:15 +08:00
			`// 创建策略`
用户端可以添加WAF 黑白名单 2021-01-03 20:18:07 +08:00			`func (this HTTPFirewallPolicyDAO) CreateFirewallPolicy(tx dbs.Tx, userId int64, isOn bool, name string, description string, inboundJSON []byte, outboundJSON []byte) (int64, error) {`
实现WAF策略部分功能 2020-10-06 21:02:15 +08:00			`op := NewHTTPFirewallPolicyOperator()`
用户端可以添加WAF 黑白名单 2021-01-03 20:18:07 +08:00			`op.UserId = userId`
实现WAF策略部分功能 2020-10-06 21:02:15 +08:00			`op.State = HTTPFirewallPolicyStateEnabled`
			`op.IsOn = isOn`
			`op.Name = name`
			`op.Description = description`
			`if len(inboundJSON) > 0 {`
			`op.Inbound = inboundJSON`
			`}`
			`if len(outboundJSON) > 0 {`
			`op.Outbound = outboundJSON`
			`}`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00			`err := this.Save(tx, op)`
实现WAF策略部分功能 2020-10-06 21:02:15 +08:00			`return types.Int64(op.Id), err`
			`}`

			`// 修改策略的Inbound和Outbound`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00			`func (this HTTPFirewallPolicyDAO) UpdateFirewallPolicyInboundAndOutbound(tx dbs.Tx, policyId int64, inboundJSON []byte, outboundJSON []byte) error {`
实现WAF策略部分功能 2020-10-06 21:02:15 +08:00			`if policyId <= 0 {`
			`return errors.New("invalid policyId")`
			`}`
			`op := NewHTTPFirewallPolicyOperator()`
			`op.Id = policyId`
			`if len(inboundJSON) > 0 {`
			`op.Inbound = inboundJSON`
			`} else {`
			`op.Inbound = "null"`
			`}`
			`if len(outboundJSON) > 0 {`
			`op.Outbound = outboundJSON`
			`} else {`
			`op.Outbound = "null"`
			`}`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00			`err := this.Save(tx, op)`
实现WAF策略部分功能 2020-10-06 21:02:15 +08:00			`return err`
			`}`

增加国家/地区封禁管理 2020-11-06 11:02:53 +08:00			`// 修改策略的Inbound`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00			`func (this HTTPFirewallPolicyDAO) UpdateFirewallPolicyInbound(tx dbs.Tx, policyId int64, inboundJSON []byte) error {`
增加国家/地区封禁管理 2020-11-06 11:02:53 +08:00			`if policyId <= 0 {`
			`return errors.New("invalid policyId")`
			`}`
			`op := NewHTTPFirewallPolicyOperator()`
			`op.Id = policyId`
			`if len(inboundJSON) > 0 {`
			`op.Inbound = inboundJSON`
			`} else {`
			`op.Inbound = "null"`
			`}`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00			`err := this.Save(tx, op)`
增加国家/地区封禁管理 2020-11-06 11:02:53 +08:00			`return err`
			`}`

实现WAF策略部分功能 2020-10-06 21:02:15 +08:00			`// 修改策略`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00			`func (this HTTPFirewallPolicyDAO) UpdateFirewallPolicy(tx dbs.Tx, policyId int64, isOn bool, name string, description string, inboundJSON []byte, outboundJSON []byte, blockOptionsJSON []byte) error {`
实现WAF策略部分功能 2020-10-06 21:02:15 +08:00			`if policyId <= 0 {`
			`return errors.New("invalid policyId")`
			`}`
			`op := NewHTTPFirewallPolicyOperator()`
			`op.Id = policyId`
			`op.IsOn = isOn`
			`op.Name = name`
			`op.Description = description`
			`if len(inboundJSON) > 0 {`
			`op.Inbound = inboundJSON`
			`} else {`
			`op.Inbound = "null"`
			`}`
			`if len(outboundJSON) > 0 {`
			`op.Outbound = outboundJSON`
			`} else {`
			`op.Outbound = "null"`
			`}`
[waf]可以配置阻止动作的状态码和提示内容 2020-11-22 16:54:48 +08:00			`if len(blockOptionsJSON) > 0 {`
			`op.BlockOptions = blockOptionsJSON`
			`}`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00			`err := this.Save(tx, op)`
实现WAF策略部分功能 2020-10-06 21:02:15 +08:00			`return err`
			`}`

			`// 计算所有可用的策略数量`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00			`func (this HTTPFirewallPolicyDAO) CountAllEnabledFirewallPolicies(tx dbs.Tx) (int64, error) {`
			`return this.Query(tx).`
实现WAF策略部分功能 2020-10-06 21:02:15 +08:00			`State(HTTPFirewallPolicyStateEnabled).`
管理员查询WAF策略时隐藏用户创建的 2021-01-05 14:11:00 +08:00			`Attr("userId", 0).`
实现WAF策略部分功能 2020-10-06 21:02:15 +08:00			`Count()`
			`}`

			`// 列出单页的策略`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00			`func (this HTTPFirewallPolicyDAO) ListEnabledFirewallPolicies(tx dbs.Tx, offset int64, size int64) (result []*HTTPFirewallPolicy, err error) {`
			`_, err = this.Query(tx).`
实现WAF策略部分功能 2020-10-06 21:02:15 +08:00			`State(HTTPFirewallPolicyStateEnabled).`
管理员查询WAF策略时隐藏用户创建的 2021-01-05 14:11:00 +08:00			`Attr("userId", 0).`
实现WAF策略部分功能 2020-10-06 21:02:15 +08:00			`Offset(offset).`
			`Limit(size).`
			`DescPk().`
			`Slice(&result).`
			`FindAll()`
			`return`
			`}`

			`// 组合策略配置`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00			`func (this HTTPFirewallPolicyDAO) ComposeFirewallPolicy(tx dbs.Tx, policyId int64) (*firewallconfigs.HTTPFirewallPolicy, error) {`
			`policy, err := this.FindEnabledHTTPFirewallPolicy(tx, policyId)`
实现WAF策略部分功能 2020-10-06 21:02:15 +08:00			`if err != nil {`
			`return nil, err`
			`}`
			`if policy == nil {`
			`return nil, nil`
			`}`

			`config := &firewallconfigs.HTTPFirewallPolicy{}`
			`config.Id = int64(policy.Id)`
			`config.IsOn = policy.IsOn == 1`
			`config.Name = policy.Name`
			`config.Description = policy.Description`

			`// Inbound`
实现WAF部分功能 2020-10-07 11:18:12 +08:00			`inbound := &firewallconfigs.HTTPFirewallInboundConfig{}`
实现WAF策略部分功能 2020-10-06 21:02:15 +08:00			`if IsNotNull(policy.Inbound) {`
			`err = json.Unmarshal([]byte(policy.Inbound), inbound)`
			`if err != nil {`
			`return nil, err`
			`}`
			`if len(inbound.GroupRefs) > 0 {`
			`resultGroupRefs := []*firewallconfigs.HTTPFirewallRuleGroupRef{}`
			`resultGroups := []*firewallconfigs.HTTPFirewallRuleGroup{}`

			`for _, groupRef := range inbound.GroupRefs {`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00			`groupConfig, err := SharedHTTPFirewallRuleGroupDAO.ComposeFirewallRuleGroup(tx, groupRef.GroupId)`
实现WAF策略部分功能 2020-10-06 21:02:15 +08:00			`if err != nil {`
			`return nil, err`
			`}`
			`if groupConfig != nil {`
			`resultGroupRefs = append(resultGroupRefs, groupRef)`
			`resultGroups = append(resultGroups, groupConfig)`
			`}`
			`}`

			`inbound.GroupRefs = resultGroupRefs`
			`inbound.Groups = resultGroups`
			`}`
			`}`
实现WAF部分功能 2020-10-07 11:18:12 +08:00			`config.Inbound = inbound`
实现WAF策略部分功能 2020-10-06 21:02:15 +08:00
			`// Outbound`
实现WAF部分功能 2020-10-07 11:18:12 +08:00			`outbound := &firewallconfigs.HTTPFirewallOutboundConfig{}`
实现WAF策略部分功能 2020-10-06 21:02:15 +08:00			`if IsNotNull(policy.Outbound) {`
			`err = json.Unmarshal([]byte(policy.Outbound), outbound)`
			`if err != nil {`
			`return nil, err`
			`}`
			`if len(outbound.GroupRefs) > 0 {`
			`resultGroupRefs := []*firewallconfigs.HTTPFirewallRuleGroupRef{}`
			`resultGroups := []*firewallconfigs.HTTPFirewallRuleGroup{}`

			`for _, groupRef := range outbound.GroupRefs {`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00			`groupConfig, err := SharedHTTPFirewallRuleGroupDAO.ComposeFirewallRuleGroup(tx, groupRef.GroupId)`
实现WAF策略部分功能 2020-10-06 21:02:15 +08:00			`if err != nil {`
			`return nil, err`
			`}`
			`if groupConfig != nil {`
			`resultGroupRefs = append(resultGroupRefs, groupRef)`
			`resultGroups = append(resultGroups, groupConfig)`
			`}`
			`}`

			`outbound.GroupRefs = resultGroupRefs`
			`outbound.Groups = resultGroups`
			`}`
			`}`
实现WAF部分功能 2020-10-07 11:18:12 +08:00			`config.Outbound = outbound`
实现WAF策略部分功能 2020-10-06 21:02:15 +08:00
[waf]可以配置阻止动作的状态码和提示内容 2020-11-22 16:54:48 +08:00			`// Block动作配置`
			`if IsNotNull(policy.BlockOptions) {`
			`blockAction := &firewallconfigs.HTTPFirewallBlockAction{}`
			`err = json.Unmarshal([]byte(policy.BlockOptions), blockAction)`
			`if err != nil {`
			`return config, err`
			`}`
			`config.BlockOptions = blockAction`
			`}`

实现WAF策略部分功能 2020-10-06 21:02:15 +08:00			`return config, nil`
			`}`
用户端可以添加WAF 黑白名单 2021-01-03 20:18:07 +08:00
			`// 检查用户防火墙策略`
			`func (this HTTPFirewallPolicyDAO) CheckUserFirewallPolicy(tx dbs.Tx, userId int64, firewallPolicyId int64) error {`
			`ok, err := this.Query(tx).`
			`Pk(firewallPolicyId).`
			`Attr("userId", userId).`
			`Exist()`
			`if err != nil {`
			`return err`
			`}`
			`if !ok {`
			`return ErrNotFound`
			`}`
			`return nil`
			`}`