2020-11-07 19:40:24 +08:00
|
|
|
|
package services
|
|
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
|
"context"
|
|
|
|
|
|
"github.com/TeaOSLab/EdgeAPI/internal/db/models"
|
2021-01-03 21:37:47 +08:00
|
|
|
|
"github.com/TeaOSLab/EdgeAPI/internal/errors"
|
2020-11-07 19:40:24 +08:00
|
|
|
|
rpcutils "github.com/TeaOSLab/EdgeAPI/internal/rpc/utils"
|
2021-06-23 13:12:54 +08:00
|
|
|
|
"github.com/TeaOSLab/EdgeAPI/internal/utils"
|
2020-11-07 19:40:24 +08:00
|
|
|
|
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
|
2021-11-17 20:25:36 +08:00
|
|
|
|
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
|
2021-01-03 21:37:47 +08:00
|
|
|
|
"net"
|
2021-11-21 08:43:26 +08:00
|
|
|
|
"time"
|
2020-11-07 19:40:24 +08:00
|
|
|
|
)
|
|
|
|
|
|
|
2021-06-23 13:12:54 +08:00
|
|
|
|
// IPItemService IP条目相关服务
|
2020-11-07 19:40:24 +08:00
|
|
|
|
type IPItemService struct {
|
2020-11-24 15:02:44 +08:00
|
|
|
|
BaseService
|
2020-11-07 19:40:24 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-06-23 13:12:54 +08:00
|
|
|
|
// CreateIPItem 创建IP
|
2020-11-07 19:40:24 +08:00
|
|
|
|
func (this *IPItemService) CreateIPItem(ctx context.Context, req *pb.CreateIPItemRequest) (*pb.CreateIPItemResponse, error) {
|
|
|
|
|
|
// 校验请求
|
2021-07-18 15:52:34 +08:00
|
|
|
|
userType, _, userId, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin, rpcutils.UserTypeUser, rpcutils.UserTypeNode, rpcutils.UserTypeDNS)
|
2020-11-07 19:40:24 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-01-03 21:37:47 +08:00
|
|
|
|
if len(req.IpFrom) == 0 {
|
|
|
|
|
|
return nil, errors.New("'ipFrom' should not be empty")
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
ipFrom := net.ParseIP(req.IpFrom)
|
|
|
|
|
|
if ipFrom == nil {
|
|
|
|
|
|
return nil, errors.New("invalid 'ipFrom'")
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if len(req.IpTo) > 0 {
|
|
|
|
|
|
ipTo := net.ParseIP(req.IpTo)
|
|
|
|
|
|
if ipTo == nil {
|
|
|
|
|
|
return nil, errors.New("invalid 'ipTo'")
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-01-01 23:31:30 +08:00
|
|
|
|
tx := this.NullTx()
|
|
|
|
|
|
|
2021-07-18 15:52:34 +08:00
|
|
|
|
if userType == rpcutils.UserTypeUser {
|
|
|
|
|
|
if userId <= 0 {
|
|
|
|
|
|
return nil, errors.New("invalid userId")
|
|
|
|
|
|
} else {
|
|
|
|
|
|
err = models.SharedIPListDAO.CheckUserIPList(tx, userId, req.IpListId)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
2021-01-03 20:18:07 +08:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-02-02 15:25:40 +08:00
|
|
|
|
if len(req.Type) == 0 {
|
|
|
|
|
|
req.Type = models.IPItemTypeIPv4
|
2020-11-07 19:40:24 +08:00
|
|
|
|
}
|
2020-11-10 09:22:10 +08:00
|
|
|
|
|
2021-07-18 15:52:34 +08:00
|
|
|
|
// 删除以前的
|
|
|
|
|
|
err = models.SharedIPItemDAO.DisableOldIPItem(tx, req.IpListId, req.IpFrom, req.IpTo)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-11-16 16:10:48 +08:00
|
|
|
|
itemId, err := models.SharedIPItemDAO.CreateIPItem(tx, req.IpListId, req.IpFrom, req.IpTo, req.ExpiredAt, req.Reason, req.Type, req.EventLevel, req.NodeId, req.ServerId, req.SourceNodeId, req.SourceServerId, req.SourceHTTPFirewallPolicyId, req.SourceHTTPFirewallRuleGroupId, req.SourceHTTPFirewallRuleSetId)
|
2021-01-17 16:48:00 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-11-07 19:40:24 +08:00
|
|
|
|
return &pb.CreateIPItemResponse{IpItemId: itemId}, nil
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-06-23 13:12:54 +08:00
|
|
|
|
// UpdateIPItem 修改IP
|
2020-11-13 18:22:22 +08:00
|
|
|
|
func (this *IPItemService) UpdateIPItem(ctx context.Context, req *pb.UpdateIPItemRequest) (*pb.RPCSuccess, error) {
|
2020-11-07 19:40:24 +08:00
|
|
|
|
// 校验请求
|
2021-01-03 20:18:07 +08:00
|
|
|
|
_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
|
2020-11-07 19:40:24 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-01-01 23:31:30 +08:00
|
|
|
|
tx := this.NullTx()
|
|
|
|
|
|
|
2021-01-03 20:18:07 +08:00
|
|
|
|
if userId > 0 {
|
|
|
|
|
|
listId, err := models.SharedIPItemDAO.FindItemListId(tx, req.IpItemId)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
err = models.SharedIPListDAO.CheckUserIPList(tx, userId, listId)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-02-02 15:25:40 +08:00
|
|
|
|
if len(req.Type) == 0 {
|
|
|
|
|
|
req.Type = models.IPItemTypeIPv4
|
2020-11-07 19:40:24 +08:00
|
|
|
|
}
|
2021-01-17 16:48:00 +08:00
|
|
|
|
|
2021-02-06 17:38:04 +08:00
|
|
|
|
err = models.SharedIPItemDAO.UpdateIPItem(tx, req.IpItemId, req.IpFrom, req.IpTo, req.ExpiredAt, req.Reason, req.Type, req.EventLevel)
|
2021-01-17 16:48:00 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-11-24 15:02:44 +08:00
|
|
|
|
return this.Success()
|
2020-11-07 19:40:24 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-06-23 13:12:54 +08:00
|
|
|
|
// DeleteIPItem 删除IP
|
2020-11-13 18:22:22 +08:00
|
|
|
|
func (this *IPItemService) DeleteIPItem(ctx context.Context, req *pb.DeleteIPItemRequest) (*pb.RPCSuccess, error) {
|
2020-11-07 19:40:24 +08:00
|
|
|
|
// 校验请求
|
2021-01-03 20:18:07 +08:00
|
|
|
|
_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
|
2020-11-07 19:40:24 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-01-01 23:31:30 +08:00
|
|
|
|
tx := this.NullTx()
|
|
|
|
|
|
|
2021-01-03 20:18:07 +08:00
|
|
|
|
if userId > 0 {
|
|
|
|
|
|
listId, err := models.SharedIPItemDAO.FindItemListId(tx, req.IpItemId)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
err = models.SharedIPListDAO.CheckUserIPList(tx, userId, listId)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-01-01 23:31:30 +08:00
|
|
|
|
err = models.SharedIPItemDAO.DisableIPItem(tx, req.IpItemId)
|
2020-11-07 19:40:24 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
2021-01-17 16:48:00 +08:00
|
|
|
|
|
2020-11-24 15:02:44 +08:00
|
|
|
|
return this.Success()
|
2020-11-07 19:40:24 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-11-21 09:42:57 +08:00
|
|
|
|
// DeleteIPItems 批量删除IP
|
|
|
|
|
|
func (this *IPItemService) DeleteIPItems(ctx context.Context, req *pb.DeleteIPItemsRequest) (*pb.RPCSuccess, error) {
|
|
|
|
|
|
_, err := this.ValidateAdmin(ctx, 0)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
tx := this.NullTx()
|
|
|
|
|
|
for _, itemId := range req.IpItemIds {
|
|
|
|
|
|
err = models.SharedIPItemDAO.DisableIPItem(tx, itemId)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
return this.Success()
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-06-23 13:12:54 +08:00
|
|
|
|
// CountIPItemsWithListId 计算IP数量
|
2020-11-12 14:41:28 +08:00
|
|
|
|
func (this *IPItemService) CountIPItemsWithListId(ctx context.Context, req *pb.CountIPItemsWithListIdRequest) (*pb.RPCCountResponse, error) {
|
2020-11-07 19:40:24 +08:00
|
|
|
|
// 校验请求
|
2021-01-03 20:18:07 +08:00
|
|
|
|
_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
|
2020-11-07 19:40:24 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-01-01 23:31:30 +08:00
|
|
|
|
tx := this.NullTx()
|
|
|
|
|
|
|
2021-01-03 20:18:07 +08:00
|
|
|
|
if userId > 0 {
|
|
|
|
|
|
err = models.SharedIPListDAO.CheckUserIPList(tx, userId, req.IpListId)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-10-26 09:17:33 +08:00
|
|
|
|
count, err := models.SharedIPItemDAO.CountIPItemsWithListId(tx, req.IpListId, req.Keyword, req.IpFrom, req.IpTo)
|
2020-11-07 19:40:24 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
2020-11-24 17:36:47 +08:00
|
|
|
|
return this.SuccessCount(count)
|
2020-11-07 19:40:24 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-06-23 13:12:54 +08:00
|
|
|
|
// ListIPItemsWithListId 列出单页的IP
|
2020-11-07 19:40:24 +08:00
|
|
|
|
func (this *IPItemService) ListIPItemsWithListId(ctx context.Context, req *pb.ListIPItemsWithListIdRequest) (*pb.ListIPItemsWithListIdResponse, error) {
|
|
|
|
|
|
// 校验请求
|
2021-01-03 20:18:07 +08:00
|
|
|
|
_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
|
2020-11-07 19:40:24 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-01-01 23:31:30 +08:00
|
|
|
|
tx := this.NullTx()
|
|
|
|
|
|
|
2021-01-03 20:18:07 +08:00
|
|
|
|
if userId > 0 {
|
|
|
|
|
|
err = models.SharedIPListDAO.CheckUserIPList(tx, userId, req.IpListId)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-10-26 09:17:33 +08:00
|
|
|
|
items, err := models.SharedIPItemDAO.ListIPItemsWithListId(tx, req.IpListId, req.Keyword, req.IpFrom, req.IpTo, req.Offset, req.Size)
|
2020-11-07 19:40:24 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
result := []*pb.IPItem{}
|
|
|
|
|
|
for _, item := range items {
|
2021-02-02 15:25:40 +08:00
|
|
|
|
if len(item.Type) == 0 {
|
|
|
|
|
|
item.Type = models.IPItemTypeIPv4
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-11-16 16:10:48 +08:00
|
|
|
|
// server
|
|
|
|
|
|
var pbSourceServer *pb.Server
|
|
|
|
|
|
if item.SourceServerId > 0 {
|
|
|
|
|
|
serverName, err := models.SharedServerDAO.FindEnabledServerName(tx, int64(item.SourceServerId))
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
pbSourceServer = &pb.Server{
|
|
|
|
|
|
Id: int64(item.SourceServerId),
|
|
|
|
|
|
Name: serverName,
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// WAF策略
|
|
|
|
|
|
var pbSourcePolicy *pb.HTTPFirewallPolicy
|
|
|
|
|
|
if item.SourceHTTPFirewallPolicyId > 0 {
|
|
|
|
|
|
policy, err := models.SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicyBasic(tx, int64(item.SourceHTTPFirewallPolicyId))
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
if policy != nil {
|
|
|
|
|
|
pbSourcePolicy = &pb.HTTPFirewallPolicy{
|
|
|
|
|
|
Id: int64(item.SourceHTTPFirewallPolicyId),
|
|
|
|
|
|
Name: policy.Name,
|
|
|
|
|
|
ServerId: int64(policy.ServerId),
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// WAF分组
|
|
|
|
|
|
var pbSourceGroup *pb.HTTPFirewallRuleGroup
|
|
|
|
|
|
if item.SourceHTTPFirewallRuleGroupId > 0 {
|
|
|
|
|
|
groupName, err := models.SharedHTTPFirewallRuleGroupDAO.FindHTTPFirewallRuleGroupName(tx, int64(item.SourceHTTPFirewallRuleGroupId))
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
pbSourceGroup = &pb.HTTPFirewallRuleGroup{
|
|
|
|
|
|
Id: int64(item.SourceHTTPFirewallRuleGroupId),
|
|
|
|
|
|
Name: groupName,
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// WAF规则集
|
|
|
|
|
|
var pbSourceSet *pb.HTTPFirewallRuleSet
|
|
|
|
|
|
if item.SourceHTTPFirewallRuleSetId > 0 {
|
|
|
|
|
|
setName, err := models.SharedHTTPFirewallRuleSetDAO.FindHTTPFirewallRuleSetName(tx, int64(item.SourceHTTPFirewallRuleSetId))
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
pbSourceSet = &pb.HTTPFirewallRuleSet{
|
|
|
|
|
|
Id: int64(item.SourceHTTPFirewallRuleSetId),
|
|
|
|
|
|
Name: setName,
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-11-07 19:40:24 +08:00
|
|
|
|
result = append(result, &pb.IPItem{
|
2021-11-16 16:10:48 +08:00
|
|
|
|
Id: int64(item.Id),
|
|
|
|
|
|
IpFrom: item.IpFrom,
|
|
|
|
|
|
IpTo: item.IpTo,
|
|
|
|
|
|
Version: int64(item.Version),
|
|
|
|
|
|
CreatedAt: int64(item.CreatedAt),
|
|
|
|
|
|
ExpiredAt: int64(item.ExpiredAt),
|
|
|
|
|
|
Reason: item.Reason,
|
|
|
|
|
|
Type: item.Type,
|
|
|
|
|
|
EventLevel: item.EventLevel,
|
|
|
|
|
|
NodeId: int64(item.NodeId),
|
|
|
|
|
|
ServerId: int64(item.ServerId),
|
|
|
|
|
|
SourceNodeId: int64(item.SourceNodeId),
|
|
|
|
|
|
SourceServerId: int64(item.SourceServerId),
|
|
|
|
|
|
SourceHTTPFirewallPolicyId: int64(item.SourceHTTPFirewallPolicyId),
|
|
|
|
|
|
SourceHTTPFirewallRuleGroupId: int64(item.SourceHTTPFirewallRuleGroupId),
|
|
|
|
|
|
SourceHTTPFirewallRuleSetId: int64(item.SourceHTTPFirewallRuleSetId),
|
|
|
|
|
|
SourceServer: pbSourceServer,
|
|
|
|
|
|
SourceHTTPFirewallPolicy: pbSourcePolicy,
|
|
|
|
|
|
SourceHTTPFirewallRuleGroup: pbSourceGroup,
|
|
|
|
|
|
SourceHTTPFirewallRuleSet: pbSourceSet,
|
2020-11-07 19:40:24 +08:00
|
|
|
|
})
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return &pb.ListIPItemsWithListIdResponse{IpItems: result}, nil
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-06-23 13:12:54 +08:00
|
|
|
|
// FindEnabledIPItem 查找单个IP
|
2020-11-07 19:40:24 +08:00
|
|
|
|
func (this *IPItemService) FindEnabledIPItem(ctx context.Context, req *pb.FindEnabledIPItemRequest) (*pb.FindEnabledIPItemResponse, error) {
|
|
|
|
|
|
// 校验请求
|
2021-01-03 20:18:07 +08:00
|
|
|
|
_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
|
2020-11-07 19:40:24 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-01-01 23:31:30 +08:00
|
|
|
|
tx := this.NullTx()
|
|
|
|
|
|
|
|
|
|
|
|
item, err := models.SharedIPItemDAO.FindEnabledIPItem(tx, req.IpItemId)
|
2020-11-07 19:40:24 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
if item == nil {
|
|
|
|
|
|
return &pb.FindEnabledIPItemResponse{IpItem: nil}, nil
|
|
|
|
|
|
}
|
2021-01-03 20:18:07 +08:00
|
|
|
|
|
|
|
|
|
|
if userId > 0 {
|
|
|
|
|
|
err = models.SharedIPListDAO.CheckUserIPList(tx, userId, int64(item.ListId))
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-02-02 15:25:40 +08:00
|
|
|
|
if len(item.Type) == 0 {
|
|
|
|
|
|
item.Type = models.IPItemTypeIPv4
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-11-07 19:40:24 +08:00
|
|
|
|
return &pb.FindEnabledIPItemResponse{IpItem: &pb.IPItem{
|
2021-02-06 17:38:04 +08:00
|
|
|
|
Id: int64(item.Id),
|
|
|
|
|
|
IpFrom: item.IpFrom,
|
|
|
|
|
|
IpTo: item.IpTo,
|
|
|
|
|
|
Version: int64(item.Version),
|
2021-11-15 11:31:27 +08:00
|
|
|
|
CreatedAt: int64(item.CreatedAt),
|
2021-02-06 17:38:04 +08:00
|
|
|
|
ExpiredAt: int64(item.ExpiredAt),
|
|
|
|
|
|
Reason: item.Reason,
|
|
|
|
|
|
Type: item.Type,
|
|
|
|
|
|
EventLevel: item.EventLevel,
|
2021-11-16 16:10:48 +08:00
|
|
|
|
NodeId: int64(item.NodeId),
|
|
|
|
|
|
ServerId: int64(item.ServerId),
|
2020-11-07 19:40:24 +08:00
|
|
|
|
}}, nil
|
|
|
|
|
|
}
|
2020-11-09 10:44:00 +08:00
|
|
|
|
|
2021-06-23 13:12:54 +08:00
|
|
|
|
// ListIPItemsAfterVersion 根据版本列出一组IP
|
2020-11-09 10:44:00 +08:00
|
|
|
|
func (this *IPItemService) ListIPItemsAfterVersion(ctx context.Context, req *pb.ListIPItemsAfterVersionRequest) (*pb.ListIPItemsAfterVersionResponse, error) {
|
|
|
|
|
|
// 校验请求
|
2021-07-11 18:05:57 +08:00
|
|
|
|
_, _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin, rpcutils.UserTypeNode)
|
2020-11-09 10:44:00 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-01-01 23:31:30 +08:00
|
|
|
|
tx := this.NullTx()
|
|
|
|
|
|
|
2020-11-09 10:44:00 +08:00
|
|
|
|
result := []*pb.IPItem{}
|
2021-01-01 23:31:30 +08:00
|
|
|
|
items, err := models.SharedIPItemDAO.ListIPItemsAfterVersion(tx, req.Version, req.Size)
|
2020-11-09 10:44:00 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
for _, item := range items {
|
2021-11-21 08:43:26 +08:00
|
|
|
|
// 是否已过期
|
|
|
|
|
|
if item.ExpiredAt > 0 && int64(item.ExpiredAt) <= time.Now().Unix() {
|
|
|
|
|
|
item.State = models.IPItemStateDisabled
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-02-02 15:25:40 +08:00
|
|
|
|
if len(item.Type) == 0 {
|
|
|
|
|
|
item.Type = models.IPItemTypeIPv4
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-02-06 17:38:04 +08:00
|
|
|
|
// List类型
|
2021-11-17 16:14:55 +08:00
|
|
|
|
list, err := models.SharedIPListDAO.FindIPListCacheable(tx, int64(item.ListId))
|
2021-02-06 17:38:04 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
2021-11-17 16:14:55 +08:00
|
|
|
|
if list == nil {
|
|
|
|
|
|
continue
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 如果已经删除
|
|
|
|
|
|
if list.State != models.IPListStateEnabled {
|
|
|
|
|
|
item.State = models.IPItemStateDisabled
|
|
|
|
|
|
}
|
2021-02-06 17:38:04 +08:00
|
|
|
|
|
2020-11-09 10:44:00 +08:00
|
|
|
|
result = append(result, &pb.IPItem{
|
2021-02-06 17:38:04 +08:00
|
|
|
|
Id: int64(item.Id),
|
|
|
|
|
|
IpFrom: item.IpFrom,
|
|
|
|
|
|
IpTo: item.IpTo,
|
|
|
|
|
|
Version: int64(item.Version),
|
2021-11-15 11:31:27 +08:00
|
|
|
|
CreatedAt: int64(item.CreatedAt),
|
2021-02-06 17:38:04 +08:00
|
|
|
|
ExpiredAt: int64(item.ExpiredAt),
|
|
|
|
|
|
Reason: "", // 这里我们不需要这个数据
|
|
|
|
|
|
ListId: int64(item.ListId),
|
|
|
|
|
|
IsDeleted: item.State == 0,
|
|
|
|
|
|
Type: item.Type,
|
|
|
|
|
|
EventLevel: item.EventLevel,
|
2021-11-17 16:14:55 +08:00
|
|
|
|
ListType: list.Type,
|
|
|
|
|
|
IsGlobal: list.IsPublic == 1 && list.IsGlobal == 1,
|
2021-11-16 16:10:48 +08:00
|
|
|
|
NodeId: int64(item.NodeId),
|
|
|
|
|
|
ServerId: int64(item.ServerId),
|
2020-11-09 10:44:00 +08:00
|
|
|
|
})
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return &pb.ListIPItemsAfterVersionResponse{IpItems: result}, nil
|
|
|
|
|
|
}
|
2021-06-23 13:12:54 +08:00
|
|
|
|
|
|
|
|
|
|
// CheckIPItemStatus 检查IP状态
|
|
|
|
|
|
func (this *IPItemService) CheckIPItemStatus(ctx context.Context, req *pb.CheckIPItemStatusRequest) (*pb.CheckIPItemStatusResponse, error) {
|
|
|
|
|
|
_, err := this.ValidateAdmin(ctx, 0)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 校验IP
|
|
|
|
|
|
ip := net.ParseIP(req.Ip)
|
|
|
|
|
|
if len(ip) == 0 {
|
|
|
|
|
|
return &pb.CheckIPItemStatusResponse{
|
|
|
|
|
|
IsOk: false,
|
|
|
|
|
|
Error: "请输入正确的IP",
|
|
|
|
|
|
}, nil
|
|
|
|
|
|
}
|
|
|
|
|
|
ipLong := utils.IP2Long(req.Ip)
|
|
|
|
|
|
|
|
|
|
|
|
tx := this.NullTx()
|
|
|
|
|
|
|
|
|
|
|
|
// 名单类型
|
2021-11-17 19:51:00 +08:00
|
|
|
|
list, err := models.SharedIPListDAO.FindEnabledIPList(tx, req.IpListId, nil)
|
2021-06-23 13:12:54 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
if list == nil {
|
|
|
|
|
|
return &pb.CheckIPItemStatusResponse{
|
|
|
|
|
|
IsOk: false,
|
|
|
|
|
|
Error: "IP名单不存在",
|
|
|
|
|
|
}, nil
|
|
|
|
|
|
}
|
|
|
|
|
|
var isAllowed = list.Type == "white"
|
|
|
|
|
|
|
|
|
|
|
|
// 检查IP名单
|
|
|
|
|
|
item, err := models.SharedIPItemDAO.FindEnabledItemContainsIP(tx, req.IpListId, ipLong)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
if item != nil {
|
|
|
|
|
|
return &pb.CheckIPItemStatusResponse{
|
|
|
|
|
|
IsOk: true,
|
|
|
|
|
|
Error: "",
|
|
|
|
|
|
IsFound: true,
|
|
|
|
|
|
IsAllowed: isAllowed,
|
|
|
|
|
|
IpItem: &pb.IPItem{
|
|
|
|
|
|
Id: int64(item.Id),
|
|
|
|
|
|
IpFrom: item.IpFrom,
|
|
|
|
|
|
IpTo: item.IpTo,
|
2021-11-15 11:31:27 +08:00
|
|
|
|
CreatedAt: int64(item.CreatedAt),
|
2021-06-23 13:12:54 +08:00
|
|
|
|
ExpiredAt: int64(item.ExpiredAt),
|
|
|
|
|
|
Reason: item.Reason,
|
|
|
|
|
|
Type: item.Type,
|
|
|
|
|
|
EventLevel: item.EventLevel,
|
|
|
|
|
|
},
|
|
|
|
|
|
}, nil
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return &pb.CheckIPItemStatusResponse{
|
|
|
|
|
|
IsOk: true,
|
|
|
|
|
|
Error: "",
|
|
|
|
|
|
IsFound: false,
|
|
|
|
|
|
IsAllowed: false,
|
|
|
|
|
|
IpItem: nil,
|
|
|
|
|
|
}, nil
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// ExistsEnabledIPItem 检查IP是否存在
|
|
|
|
|
|
func (this *IPItemService) ExistsEnabledIPItem(ctx context.Context, req *pb.ExistsEnabledIPItemRequest) (*pb.ExistsEnabledIPItemResponse, error) {
|
|
|
|
|
|
_, err := this.ValidateAdmin(ctx, 0)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var tx = this.NullTx()
|
|
|
|
|
|
b, err := models.SharedIPItemDAO.ExistsEnabledItem(tx, req.IpItemId)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
return &pb.ExistsEnabledIPItemResponse{Exists: b}, nil
|
|
|
|
|
|
}
|
2021-11-17 19:51:00 +08:00
|
|
|
|
|
|
|
|
|
|
// CountAllEnabledIPItems 计算所有IP数量
|
|
|
|
|
|
func (this *IPItemService) CountAllEnabledIPItems(ctx context.Context, req *pb.CountAllEnabledIPItemsRequest) (*pb.RPCCountResponse, error) {
|
|
|
|
|
|
_, err := this.ValidateAdmin(ctx, 0)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var tx = this.NullTx()
|
2021-11-17 20:25:36 +08:00
|
|
|
|
var listId int64 = 0
|
|
|
|
|
|
if req.GlobalOnly {
|
|
|
|
|
|
listId = firewallconfigs.GlobalListId
|
|
|
|
|
|
}
|
|
|
|
|
|
count, err := models.SharedIPItemDAO.CountAllEnabledIPItems(tx, req.Ip, listId)
|
2021-11-17 19:51:00 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
return this.SuccessCount(count)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// ListAllEnabledIPItems 搜索IP
|
|
|
|
|
|
func (this *IPItemService) ListAllEnabledIPItems(ctx context.Context, req *pb.ListAllEnabledIPItemsRequest) (*pb.ListAllEnabledIPItemsResponse, error) {
|
|
|
|
|
|
_, err := this.ValidateAdmin(ctx, 0)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var results = []*pb.ListAllEnabledIPItemsResponse_Result{}
|
|
|
|
|
|
var tx = this.NullTx()
|
2021-11-17 20:25:36 +08:00
|
|
|
|
var listId int64 = 0
|
|
|
|
|
|
if req.GlobalOnly {
|
|
|
|
|
|
listId = firewallconfigs.GlobalListId
|
|
|
|
|
|
}
|
|
|
|
|
|
items, err := models.SharedIPItemDAO.ListAllEnabledIPItems(tx, req.Ip, listId, req.Offset, req.Size)
|
2021-11-17 19:51:00 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var cacheMap = utils.NewCacheMap()
|
|
|
|
|
|
for _, item := range items {
|
|
|
|
|
|
// server
|
|
|
|
|
|
var pbSourceServer *pb.Server
|
|
|
|
|
|
if item.SourceServerId > 0 {
|
|
|
|
|
|
serverName, err := models.SharedServerDAO.FindEnabledServerName(tx, int64(item.SourceServerId))
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
pbSourceServer = &pb.Server{
|
|
|
|
|
|
Id: int64(item.SourceServerId),
|
|
|
|
|
|
Name: serverName,
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// WAF策略
|
|
|
|
|
|
var pbSourcePolicy *pb.HTTPFirewallPolicy
|
|
|
|
|
|
if item.SourceHTTPFirewallPolicyId > 0 {
|
|
|
|
|
|
policy, err := models.SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicyBasic(tx, int64(item.SourceHTTPFirewallPolicyId))
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
if policy != nil {
|
|
|
|
|
|
pbSourcePolicy = &pb.HTTPFirewallPolicy{
|
|
|
|
|
|
Id: int64(item.SourceHTTPFirewallPolicyId),
|
|
|
|
|
|
Name: policy.Name,
|
|
|
|
|
|
ServerId: int64(policy.ServerId),
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// WAF分组
|
|
|
|
|
|
var pbSourceGroup *pb.HTTPFirewallRuleGroup
|
|
|
|
|
|
if item.SourceHTTPFirewallRuleGroupId > 0 {
|
|
|
|
|
|
groupName, err := models.SharedHTTPFirewallRuleGroupDAO.FindHTTPFirewallRuleGroupName(tx, int64(item.SourceHTTPFirewallRuleGroupId))
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
pbSourceGroup = &pb.HTTPFirewallRuleGroup{
|
|
|
|
|
|
Id: int64(item.SourceHTTPFirewallRuleGroupId),
|
|
|
|
|
|
Name: groupName,
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// WAF规则集
|
|
|
|
|
|
var pbSourceSet *pb.HTTPFirewallRuleSet
|
|
|
|
|
|
if item.SourceHTTPFirewallRuleSetId > 0 {
|
|
|
|
|
|
setName, err := models.SharedHTTPFirewallRuleSetDAO.FindHTTPFirewallRuleSetName(tx, int64(item.SourceHTTPFirewallRuleSetId))
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
pbSourceSet = &pb.HTTPFirewallRuleSet{
|
|
|
|
|
|
Id: int64(item.SourceHTTPFirewallRuleSetId),
|
|
|
|
|
|
Name: setName,
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var pbItem = &pb.IPItem{
|
|
|
|
|
|
Id: int64(item.Id),
|
|
|
|
|
|
IpFrom: item.IpFrom,
|
|
|
|
|
|
IpTo: item.IpTo,
|
|
|
|
|
|
Version: int64(item.Version),
|
|
|
|
|
|
CreatedAt: int64(item.CreatedAt),
|
|
|
|
|
|
ExpiredAt: int64(item.ExpiredAt),
|
|
|
|
|
|
Reason: item.Reason,
|
|
|
|
|
|
Type: item.Type,
|
|
|
|
|
|
EventLevel: item.EventLevel,
|
|
|
|
|
|
NodeId: int64(item.NodeId),
|
|
|
|
|
|
ServerId: int64(item.ServerId),
|
|
|
|
|
|
SourceNodeId: int64(item.SourceNodeId),
|
|
|
|
|
|
SourceServerId: int64(item.SourceServerId),
|
|
|
|
|
|
SourceHTTPFirewallPolicyId: int64(item.SourceHTTPFirewallPolicyId),
|
|
|
|
|
|
SourceHTTPFirewallRuleGroupId: int64(item.SourceHTTPFirewallRuleGroupId),
|
|
|
|
|
|
SourceHTTPFirewallRuleSetId: int64(item.SourceHTTPFirewallRuleSetId),
|
|
|
|
|
|
SourceServer: pbSourceServer,
|
|
|
|
|
|
SourceHTTPFirewallPolicy: pbSourcePolicy,
|
|
|
|
|
|
SourceHTTPFirewallRuleGroup: pbSourceGroup,
|
|
|
|
|
|
SourceHTTPFirewallRuleSet: pbSourceSet,
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 所属名单
|
|
|
|
|
|
list, err := models.SharedIPListDAO.FindEnabledIPList(tx, int64(item.ListId), cacheMap)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
if list == nil {
|
|
|
|
|
|
err = models.SharedIPItemDAO.DisableIPItem(tx, int64(item.Id))
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
continue
|
|
|
|
|
|
}
|
|
|
|
|
|
var pbList = &pb.IPList{
|
|
|
|
|
|
Id: int64(list.Id),
|
|
|
|
|
|
Name: list.Name,
|
|
|
|
|
|
Type: list.Type,
|
|
|
|
|
|
IsPublic: list.IsPublic == 1,
|
|
|
|
|
|
IsGlobal: list.IsGlobal == 1,
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 所属服务(注意同SourceServer不同)
|
|
|
|
|
|
var pbFirewallServer *pb.Server
|
|
|
|
|
|
|
|
|
|
|
|
// 所属策略(注意同SourceHTTPFirewallPolicy不同)
|
|
|
|
|
|
var pbFirewallPolicy *pb.HTTPFirewallPolicy
|
|
|
|
|
|
if list.IsPublic == 0 {
|
|
|
|
|
|
policy, err := models.SharedHTTPFirewallPolicyDAO.FindEnabledFirewallPolicyWithIPListId(tx, int64(list.Id))
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
if policy == nil {
|
|
|
|
|
|
err = models.SharedIPItemDAO.DisableIPItem(tx, int64(item.Id))
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
continue
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
pbFirewallPolicy = &pb.HTTPFirewallPolicy{
|
|
|
|
|
|
Id: int64(policy.Id),
|
|
|
|
|
|
Name: policy.Name,
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if policy.ServerId > 0 {
|
|
|
|
|
|
serverName, err := models.SharedServerDAO.FindEnabledServerName(tx, int64(policy.ServerId))
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
if len(serverName) == 0 {
|
|
|
|
|
|
serverName = "[已删除]"
|
|
|
|
|
|
}
|
|
|
|
|
|
pbFirewallServer = &pb.Server{
|
|
|
|
|
|
Id: int64(policy.ServerId),
|
|
|
|
|
|
Name: serverName,
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
results = append(results, &pb.ListAllEnabledIPItemsResponse_Result{
|
|
|
|
|
|
IpList: pbList,
|
|
|
|
|
|
IpItem: pbItem,
|
|
|
|
|
|
Server: pbFirewallServer,
|
|
|
|
|
|
HttpFirewallPolicy: pbFirewallPolicy,
|
|
|
|
|
|
})
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return &pb.ListAllEnabledIPItemsResponse{Results: results}, nil
|
|
|
|
|
|
}
|
