TRKJ/EdgeAPI
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeAPI.git synced 2025-11-05 09:30:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

WAF记录IP动作中IP名单如果为空时,默认为全局黑名单

Browse Source
This commit is contained in:
GoEdgeLab
2023-10-15 09:34:20 +08:00
parent 561aa6ff1c
commit 04eda6078b
3 changed files with 16 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
internal/db/models/http_firewall_rule_group_dao.go
View File

@@ -104,7 +104,7 @@ func (this *HTTPFirewallRuleGroupDAO) ComposeFirewallRuleGroup(tx *dbs.Tx, group
return nil, err return nil, err
} }
for _, setRef := range setRefs { for _, setRef := range setRefs {
setConfig, err := SharedHTTPFirewallRuleSetDAO.ComposeFirewallRuleSet(tx, setRef.SetId) setConfig, err := SharedHTTPFirewallRuleSetDAO.ComposeFirewallRuleSet(tx, setRef.SetId, forNode)
if err != nil { if err != nil {
return nil, err return nil, err
} }

21
internal/db/models/http_firewall_rule_set_dao.go
View File

@@ -84,7 +84,7 @@ func (this *HTTPFirewallRuleSetDAO) FindHTTPFirewallRuleSetName(tx *dbs.Tx, id i
} }
// ComposeFirewallRuleSet 组合配置 // ComposeFirewallRuleSet 组合配置
func (this *HTTPFirewallRuleSetDAO) ComposeFirewallRuleSet(tx *dbs.Tx, setId int64) (*firewallconfigs.HTTPFirewallRuleSet, error) { func (this *HTTPFirewallRuleSetDAO) ComposeFirewallRuleSet(tx *dbs.Tx, setId int64, forNode bool) (*firewallconfigs.HTTPFirewallRuleSet, error) {
set, err := this.FindEnabledHTTPFirewallRuleSet(tx, setId) set, err := this.FindEnabledHTTPFirewallRuleSet(tx, setId)
if err != nil { if err != nil {
return nil, err return nil, err
@@ -133,12 +133,19 @@ func (this *HTTPFirewallRuleSetDAO) ComposeFirewallRuleSet(tx *dbs.Tx, setId int
if actionConfig.Code == firewallconfigs.HTTPFirewallActionRecordIP { // 记录IP动作 if actionConfig.Code == firewallconfigs.HTTPFirewallActionRecordIP { // 记录IP动作
if actionConfig.Options != nil { if actionConfig.Options != nil {
var ipListId = actionConfig.Options.GetInt64("ipListId") var ipListId = actionConfig.Options.GetInt64("ipListId")
exists, err := SharedIPListDAO.ExistsEnabledIPList(tx, ipListId) if ipListId <= 0 { // default list id
if err != nil { if forNode {
return nil, err actionConfig.Options["ipListId"] = firewallconfigs.GlobalListId
} }
if !exists { actionConfig.Options["ipListIsDeleted"] = false
actionConfig.Options["ipListIsDeleted"] = true } else {
exists, err := SharedIPListDAO.ExistsEnabledIPList(tx, ipListId)
if err != nil {
return nil, err
}
if !exists {
actionConfig.Options["ipListIsDeleted"] = true
}
} }
} }
} }

2
internal/rpc/services/service_http_firewall_rule_set.go
View File

@@ -86,7 +86,7 @@ func (this *HTTPFirewallRuleSetService) FindEnabledHTTPFirewallRuleSetConfig(ctx
var tx = this.NullTx() var tx = this.NullTx()
config, err := models.SharedHTTPFirewallRuleSetDAO.ComposeFirewallRuleSet(tx, req.FirewallRuleSetId) config, err := models.SharedHTTPFirewallRuleSetDAO.ComposeFirewallRuleSet(tx, req.FirewallRuleSetId, false)
if err != nil { if err != nil {
return nil, err return nil, err
} }