2020-10-07 11:18:12 +08:00
|
|
|
package services
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
|
|
|
|
"encoding/json"
|
|
|
|
|
"github.com/TeaOSLab/EdgeAPI/internal/db/models"
|
|
|
|
|
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
|
|
|
|
|
)
|
|
|
|
|
|
2021-06-27 08:31:10 +08:00
|
|
|
// HTTPFirewallRuleGroupService WAF规则分组相关服务
|
2020-10-07 11:18:12 +08:00
|
|
|
type HTTPFirewallRuleGroupService struct {
|
2020-11-24 15:02:44 +08:00
|
|
|
BaseService
|
2020-10-07 11:18:12 +08:00
|
|
|
}
|
|
|
|
|
|
2021-06-27 08:31:10 +08:00
|
|
|
// UpdateHTTPFirewallRuleGroupIsOn 设置是否启用分组
|
2020-11-13 18:22:22 +08:00
|
|
|
func (this *HTTPFirewallRuleGroupService) UpdateHTTPFirewallRuleGroupIsOn(ctx context.Context, req *pb.UpdateHTTPFirewallRuleGroupIsOnRequest) (*pb.RPCSuccess, error) {
|
2020-10-07 11:18:12 +08:00
|
|
|
// 校验请求
|
2021-01-18 21:28:51 +08:00
|
|
|
_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
|
2020-10-07 11:18:12 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-18 21:28:51 +08:00
|
|
|
if userId > 0 {
|
|
|
|
|
// 校验权限
|
|
|
|
|
err = models.SharedHTTPFirewallRuleGroupDAO.CheckUserRuleGroup(nil, userId, req.FirewallRuleGroupId)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-01 23:31:30 +08:00
|
|
|
tx := this.NullTx()
|
|
|
|
|
|
|
|
|
|
err = models.SharedHTTPFirewallRuleGroupDAO.UpdateGroupIsOn(tx, req.FirewallRuleGroupId, req.IsOn)
|
2020-10-07 11:18:12 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-24 15:02:44 +08:00
|
|
|
return this.Success()
|
2020-10-07 11:18:12 +08:00
|
|
|
}
|
|
|
|
|
|
2021-06-27 08:31:10 +08:00
|
|
|
// CreateHTTPFirewallRuleGroup 创建分组
|
2020-10-07 11:18:12 +08:00
|
|
|
func (this *HTTPFirewallRuleGroupService) CreateHTTPFirewallRuleGroup(ctx context.Context, req *pb.CreateHTTPFirewallRuleGroupRequest) (*pb.CreateHTTPFirewallRuleGroupResponse, error) {
|
|
|
|
|
// 校验请求
|
2021-01-18 21:28:51 +08:00
|
|
|
_, _, err := this.ValidateAdminAndUser(ctx, 0, 0)
|
2020-10-07 11:18:12 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-01 23:31:30 +08:00
|
|
|
tx := this.NullTx()
|
|
|
|
|
|
|
|
|
|
groupId, err := models.SharedHTTPFirewallRuleGroupDAO.CreateGroup(tx, req.IsOn, req.Name, req.Description)
|
2020-10-07 11:18:12 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return &pb.CreateHTTPFirewallRuleGroupResponse{FirewallRuleGroupId: groupId}, nil
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-27 08:31:10 +08:00
|
|
|
// UpdateHTTPFirewallRuleGroup 修改分组
|
2020-11-13 18:22:22 +08:00
|
|
|
func (this *HTTPFirewallRuleGroupService) UpdateHTTPFirewallRuleGroup(ctx context.Context, req *pb.UpdateHTTPFirewallRuleGroupRequest) (*pb.RPCSuccess, error) {
|
2020-10-07 11:18:12 +08:00
|
|
|
// 校验请求
|
2021-01-18 21:28:51 +08:00
|
|
|
_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
|
2020-10-07 11:18:12 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-18 21:28:51 +08:00
|
|
|
if userId > 0 {
|
|
|
|
|
// 校验权限
|
|
|
|
|
err = models.SharedHTTPFirewallRuleGroupDAO.CheckUserRuleGroup(nil, userId, req.FirewallRuleGroupId)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-01 23:31:30 +08:00
|
|
|
tx := this.NullTx()
|
|
|
|
|
|
|
|
|
|
err = models.SharedHTTPFirewallRuleGroupDAO.UpdateGroup(tx, req.FirewallRuleGroupId, req.IsOn, req.Name, req.Description)
|
2020-10-07 11:18:12 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-24 15:02:44 +08:00
|
|
|
return this.Success()
|
2020-10-07 11:18:12 +08:00
|
|
|
}
|
|
|
|
|
|
2021-06-27 08:31:10 +08:00
|
|
|
// FindEnabledHTTPFirewallRuleGroupConfig 获取分组配置
|
2020-11-02 21:15:31 +08:00
|
|
|
func (this *HTTPFirewallRuleGroupService) FindEnabledHTTPFirewallRuleGroupConfig(ctx context.Context, req *pb.FindEnabledHTTPFirewallRuleGroupConfigRequest) (*pb.FindEnabledHTTPFirewallRuleGroupConfigResponse, error) {
|
2020-10-07 11:18:12 +08:00
|
|
|
// 校验请求
|
2021-01-18 21:28:51 +08:00
|
|
|
_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
|
2020-10-07 11:18:12 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-18 21:28:51 +08:00
|
|
|
if userId > 0 {
|
|
|
|
|
// 校验权限
|
|
|
|
|
err = models.SharedHTTPFirewallRuleGroupDAO.CheckUserRuleGroup(nil, userId, req.FirewallRuleGroupId)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-01 23:31:30 +08:00
|
|
|
tx := this.NullTx()
|
|
|
|
|
|
|
|
|
|
groupConfig, err := models.SharedHTTPFirewallRuleGroupDAO.ComposeFirewallRuleGroup(tx, req.FirewallRuleGroupId)
|
2020-10-07 11:18:12 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if groupConfig == nil {
|
2020-11-02 21:15:31 +08:00
|
|
|
return &pb.FindEnabledHTTPFirewallRuleGroupConfigResponse{FirewallRuleGroupJSON: nil}, nil
|
2020-10-07 11:18:12 +08:00
|
|
|
}
|
|
|
|
|
groupConfigJSON, err := json.Marshal(groupConfig)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2020-11-02 21:15:31 +08:00
|
|
|
return &pb.FindEnabledHTTPFirewallRuleGroupConfigResponse{FirewallRuleGroupJSON: groupConfigJSON}, nil
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-27 08:31:10 +08:00
|
|
|
// FindEnabledHTTPFirewallRuleGroup 获取分组信息
|
2020-11-02 21:15:31 +08:00
|
|
|
func (this *HTTPFirewallRuleGroupService) FindEnabledHTTPFirewallRuleGroup(ctx context.Context, req *pb.FindEnabledHTTPFirewallRuleGroupRequest) (*pb.FindEnabledHTTPFirewallRuleGroupResponse, error) {
|
|
|
|
|
// 校验请求
|
2021-01-18 21:28:51 +08:00
|
|
|
_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
|
2020-11-02 21:15:31 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-18 21:28:51 +08:00
|
|
|
if userId > 0 {
|
|
|
|
|
// 校验权限
|
|
|
|
|
err = models.SharedHTTPFirewallRuleGroupDAO.CheckUserRuleGroup(nil, userId, req.FirewallRuleGroupId)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-01 23:31:30 +08:00
|
|
|
tx := this.NullTx()
|
|
|
|
|
|
|
|
|
|
group, err := models.SharedHTTPFirewallRuleGroupDAO.FindEnabledHTTPFirewallRuleGroup(tx, req.FirewallRuleGroupId)
|
2020-11-02 21:15:31 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if group == nil {
|
|
|
|
|
return &pb.FindEnabledHTTPFirewallRuleGroupResponse{
|
|
|
|
|
FirewallRuleGroup: nil,
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return &pb.FindEnabledHTTPFirewallRuleGroupResponse{
|
|
|
|
|
FirewallRuleGroup: &pb.HTTPFirewallRuleGroup{
|
|
|
|
|
Id: int64(group.Id),
|
|
|
|
|
Name: group.Name,
|
|
|
|
|
IsOn: group.IsOn == 1,
|
|
|
|
|
Description: group.Description,
|
|
|
|
|
Code: group.Code,
|
|
|
|
|
},
|
|
|
|
|
}, nil
|
2020-10-07 11:18:12 +08:00
|
|
|
}
|
2020-10-08 11:11:49 +08:00
|
|
|
|
2021-06-27 08:31:10 +08:00
|
|
|
// UpdateHTTPFirewallRuleGroupSets 修改分组的规则集
|
2020-11-13 18:22:22 +08:00
|
|
|
func (this *HTTPFirewallRuleGroupService) UpdateHTTPFirewallRuleGroupSets(ctx context.Context, req *pb.UpdateHTTPFirewallRuleGroupSetsRequest) (*pb.RPCSuccess, error) {
|
2020-10-08 11:11:49 +08:00
|
|
|
// 校验请求
|
2021-01-18 21:28:51 +08:00
|
|
|
_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
|
2020-10-08 11:11:49 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-18 21:28:51 +08:00
|
|
|
if userId > 0 {
|
|
|
|
|
// 校验权限
|
|
|
|
|
err = models.SharedHTTPFirewallRuleGroupDAO.CheckUserRuleGroup(nil, userId, req.FirewallRuleGroupId)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-01 23:31:30 +08:00
|
|
|
tx := this.NullTx()
|
|
|
|
|
|
|
|
|
|
err = models.SharedHTTPFirewallRuleGroupDAO.UpdateGroupSets(tx, req.GetFirewallRuleGroupId(), req.FirewallRuleSetsJSON)
|
2020-10-08 11:11:49 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2020-11-24 15:02:44 +08:00
|
|
|
return this.Success()
|
2020-10-08 11:11:49 +08:00
|
|
|
}
|
