2020-09-23 10:12:57 +08:00
|
|
|
package models
|
|
|
|
|
|
|
|
|
|
import (
|
2020-10-06 21:02:15 +08:00
|
|
|
"encoding/json"
|
2020-10-08 11:11:49 +08:00
|
|
|
"github.com/TeaOSLab/EdgeAPI/internal/errors"
|
2020-10-06 21:02:15 +08:00
|
|
|
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
|
2020-09-23 10:12:57 +08:00
|
|
|
_ "github.com/go-sql-driver/mysql"
|
|
|
|
|
"github.com/iwind/TeaGo/Tea"
|
|
|
|
|
"github.com/iwind/TeaGo/dbs"
|
2020-10-06 21:02:15 +08:00
|
|
|
"github.com/iwind/TeaGo/maps"
|
|
|
|
|
"github.com/iwind/TeaGo/types"
|
2020-09-23 10:12:57 +08:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
HTTPFirewallRuleSetStateEnabled = 1 // 已启用
|
|
|
|
|
HTTPFirewallRuleSetStateDisabled = 0 // 已禁用
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type HTTPFirewallRuleSetDAO dbs.DAO
|
|
|
|
|
|
|
|
|
|
func NewHTTPFirewallRuleSetDAO() *HTTPFirewallRuleSetDAO {
|
|
|
|
|
return dbs.NewDAO(&HTTPFirewallRuleSetDAO{
|
|
|
|
|
DAOObject: dbs.DAOObject{
|
|
|
|
|
DB: Tea.Env,
|
|
|
|
|
Table: "edgeHTTPFirewallRuleSets",
|
|
|
|
|
Model: new(HTTPFirewallRuleSet),
|
|
|
|
|
PkName: "id",
|
|
|
|
|
},
|
|
|
|
|
}).(*HTTPFirewallRuleSetDAO)
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-13 20:05:13 +08:00
|
|
|
var SharedHTTPFirewallRuleSetDAO *HTTPFirewallRuleSetDAO
|
|
|
|
|
|
|
|
|
|
func init() {
|
|
|
|
|
dbs.OnReady(func() {
|
|
|
|
|
SharedHTTPFirewallRuleSetDAO = NewHTTPFirewallRuleSetDAO()
|
|
|
|
|
})
|
|
|
|
|
}
|
2020-09-23 10:12:57 +08:00
|
|
|
|
2020-09-26 08:06:40 +08:00
|
|
|
// 初始化
|
|
|
|
|
func (this *HTTPFirewallRuleSetDAO) Init() {
|
|
|
|
|
this.DAOObject.Init()
|
|
|
|
|
this.DAOObject.OnUpdate(func() error {
|
2021-01-01 23:31:30 +08:00
|
|
|
return SharedSysEventDAO.CreateEvent(nil, NewServerChangeEvent())
|
2020-09-26 08:06:40 +08:00
|
|
|
})
|
|
|
|
|
this.DAOObject.OnInsert(func() error {
|
2021-01-01 23:31:30 +08:00
|
|
|
return SharedSysEventDAO.CreateEvent(nil, NewServerChangeEvent())
|
2020-09-26 08:06:40 +08:00
|
|
|
})
|
|
|
|
|
this.DAOObject.OnDelete(func() error {
|
2021-01-01 23:31:30 +08:00
|
|
|
return SharedSysEventDAO.CreateEvent(nil, NewServerChangeEvent())
|
2020-09-26 08:06:40 +08:00
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
2020-09-23 10:12:57 +08:00
|
|
|
// 启用条目
|
2021-01-01 23:31:30 +08:00
|
|
|
func (this *HTTPFirewallRuleSetDAO) EnableHTTPFirewallRuleSet(tx *dbs.Tx, id int64) error {
|
|
|
|
|
_, err := this.Query(tx).
|
2020-09-23 10:12:57 +08:00
|
|
|
Pk(id).
|
|
|
|
|
Set("state", HTTPFirewallRuleSetStateEnabled).
|
|
|
|
|
Update()
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// 禁用条目
|
2021-01-01 23:31:30 +08:00
|
|
|
func (this *HTTPFirewallRuleSetDAO) DisableHTTPFirewallRuleSet(tx *dbs.Tx, id int64) error {
|
|
|
|
|
_, err := this.Query(tx).
|
2020-09-23 10:12:57 +08:00
|
|
|
Pk(id).
|
|
|
|
|
Set("state", HTTPFirewallRuleSetStateDisabled).
|
|
|
|
|
Update()
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// 查找启用中的条目
|
2021-01-01 23:31:30 +08:00
|
|
|
func (this *HTTPFirewallRuleSetDAO) FindEnabledHTTPFirewallRuleSet(tx *dbs.Tx, id int64) (*HTTPFirewallRuleSet, error) {
|
|
|
|
|
result, err := this.Query(tx).
|
2020-09-23 10:12:57 +08:00
|
|
|
Pk(id).
|
|
|
|
|
Attr("state", HTTPFirewallRuleSetStateEnabled).
|
|
|
|
|
Find()
|
|
|
|
|
if result == nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return result.(*HTTPFirewallRuleSet), err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// 根据主键查找名称
|
2021-01-01 23:31:30 +08:00
|
|
|
func (this *HTTPFirewallRuleSetDAO) FindHTTPFirewallRuleSetName(tx *dbs.Tx, id int64) (string, error) {
|
|
|
|
|
return this.Query(tx).
|
2020-09-23 10:12:57 +08:00
|
|
|
Pk(id).
|
|
|
|
|
Result("name").
|
|
|
|
|
FindStringCol("")
|
|
|
|
|
}
|
2020-10-06 21:02:15 +08:00
|
|
|
|
|
|
|
|
// 组合配置
|
2021-01-01 23:31:30 +08:00
|
|
|
func (this *HTTPFirewallRuleSetDAO) ComposeFirewallRuleSet(tx *dbs.Tx, setId int64) (*firewallconfigs.HTTPFirewallRuleSet, error) {
|
|
|
|
|
set, err := this.FindEnabledHTTPFirewallRuleSet(tx, setId)
|
2020-10-06 21:02:15 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if set == nil {
|
|
|
|
|
return nil, nil
|
|
|
|
|
}
|
|
|
|
|
config := &firewallconfigs.HTTPFirewallRuleSet{}
|
|
|
|
|
config.Id = int64(set.Id)
|
|
|
|
|
config.IsOn = set.IsOn == 1
|
|
|
|
|
config.Name = set.Name
|
|
|
|
|
config.Description = set.Description
|
|
|
|
|
config.Code = set.Code
|
|
|
|
|
config.Connector = set.Connector
|
|
|
|
|
|
|
|
|
|
if IsNotNull(set.Rules) {
|
|
|
|
|
ruleRefs := []*firewallconfigs.HTTPFirewallRuleRef{}
|
|
|
|
|
err = json.Unmarshal([]byte(set.Rules), &ruleRefs)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
for _, ruleRef := range ruleRefs {
|
2021-01-01 23:31:30 +08:00
|
|
|
ruleConfig, err := SharedHTTPFirewallRuleDAO.ComposeFirewallRule(tx, ruleRef.RuleId)
|
2020-10-06 21:02:15 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if ruleConfig != nil {
|
|
|
|
|
config.RuleRefs = append(config.RuleRefs, ruleRef)
|
|
|
|
|
config.Rules = append(config.Rules, ruleConfig)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
config.Action = set.Action
|
|
|
|
|
if IsNotNull(set.ActionOptions) {
|
|
|
|
|
options := maps.Map{}
|
|
|
|
|
err = json.Unmarshal([]byte(set.ActionOptions), &options)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
config.ActionOptions = options
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return config, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// 从配置中创建规则集
|
2021-01-01 23:31:30 +08:00
|
|
|
func (this *HTTPFirewallRuleSetDAO) CreateOrUpdateSetFromConfig(tx *dbs.Tx, setConfig *firewallconfigs.HTTPFirewallRuleSet) (int64, error) {
|
2020-10-06 21:02:15 +08:00
|
|
|
op := NewHTTPFirewallRuleSetOperator()
|
|
|
|
|
op.State = HTTPFirewallRuleSetStateEnabled
|
2020-10-08 11:11:49 +08:00
|
|
|
op.Id = setConfig.Id
|
2020-10-06 21:02:15 +08:00
|
|
|
op.IsOn = setConfig.IsOn
|
|
|
|
|
op.Name = setConfig.Name
|
|
|
|
|
op.Description = setConfig.Description
|
|
|
|
|
op.Connector = setConfig.Connector
|
|
|
|
|
op.Action = setConfig.Action
|
|
|
|
|
op.Code = setConfig.Code
|
|
|
|
|
|
|
|
|
|
if setConfig.ActionOptions != nil {
|
|
|
|
|
actionOptionsJSON, err := json.Marshal(setConfig.ActionOptions)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return 0, err
|
|
|
|
|
}
|
|
|
|
|
op.ActionOptions = actionOptionsJSON
|
2020-10-08 11:11:49 +08:00
|
|
|
} else {
|
|
|
|
|
op.ActionOptions = "{}"
|
2020-10-06 21:02:15 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// rules
|
|
|
|
|
ruleRefs := []*firewallconfigs.HTTPFirewallRuleRef{}
|
|
|
|
|
for _, ruleConfig := range setConfig.Rules {
|
2021-01-01 23:31:30 +08:00
|
|
|
ruleId, err := SharedHTTPFirewallRuleDAO.CreateOrUpdateRuleFromConfig(tx, ruleConfig)
|
2020-10-06 21:02:15 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return 0, err
|
|
|
|
|
}
|
|
|
|
|
ruleRefs = append(ruleRefs, &firewallconfigs.HTTPFirewallRuleRef{
|
|
|
|
|
IsOn: true,
|
|
|
|
|
RuleId: ruleId,
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
ruleRefsJSON, err := json.Marshal(ruleRefs)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return 0, err
|
|
|
|
|
}
|
|
|
|
|
op.Rules = ruleRefsJSON
|
2021-01-01 23:31:30 +08:00
|
|
|
err = this.Save(tx, op)
|
2020-10-06 21:02:15 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return 0, err
|
|
|
|
|
}
|
|
|
|
|
return types.Int64(op.Id), nil
|
|
|
|
|
}
|
2020-10-08 11:11:49 +08:00
|
|
|
|
|
|
|
|
// 设置是否启用
|
2021-01-01 23:31:30 +08:00
|
|
|
func (this *HTTPFirewallRuleSetDAO) UpdateRuleSetIsOn(tx *dbs.Tx, ruleSetId int64, isOn bool) error {
|
2020-10-08 11:11:49 +08:00
|
|
|
if ruleSetId <= 0 {
|
|
|
|
|
return errors.New("invalid ruleSetId")
|
|
|
|
|
}
|
2021-01-01 23:31:30 +08:00
|
|
|
_, err := this.Query(tx).
|
2020-10-08 11:11:49 +08:00
|
|
|
Pk(ruleSetId).
|
|
|
|
|
Set("isOn", isOn).
|
|
|
|
|
Update()
|
|
|
|
|
return err
|
|
|
|
|
}
|
