访问日志策略增加只记录WAF相关访问日志选项

internal/accesslogs/storage_base.go

@@ -14,6 +14,7 @@ import (
 type BaseStorage struct {
 	isOk         bool
 	version      int
+	firewallOnly bool
 }
 
 func (this *BaseStorage) SetVersion(version int) {
@@ -32,6 +33,10 @@ func (this *BaseStorage) SetOk(isOk bool) {
 	this.isOk = isOk
 }
 
+func (this *BaseStorage) SetFirewallOnly(firewallOnly bool) {
+	this.firewallOnly = firewallOnly
+}
+
 // Marshal 对日志进行编码
 func (this *BaseStorage) Marshal(accessLog *pb.HTTPAccessLog) ([]byte, error) {
 	return json.Marshal(accessLog)

internal/accesslogs/storage_command.go

@@ -61,6 +61,10 @@ func (this *CommandStorage) Write(accessLogs []*pb.HTTPAccessLog) error {
 		return err
 	}
 	for _, accessLog := range accessLogs {
+		if this.firewallOnly && accessLog.FirewallPolicyId == 0 {
+			continue
+		}
+
 		data, err := this.Marshal(accessLog)
 		if err != nil {
 			logs.Error(err)

internal/accesslogs/storage_es.go

@@ -59,6 +59,10 @@ func (this *ESStorage) Write(accessLogs []*pb.HTTPAccessLog) error {
 	indexName := this.FormatVariables(this.config.Index)
 	typeName := this.FormatVariables(this.config.MappingType)
 	for _, accessLog := range accessLogs {
+		if this.firewallOnly && accessLog.FirewallPolicyId == 0 {
+			continue
+		}
+
 		if len(accessLog.RequestId) == 0 {
 			continue
 		}

internal/accesslogs/storage_file.go

@@ -57,6 +57,9 @@ func (this *FileStorage) Write(accessLogs []*pb.HTTPAccessLog) error {
 	defer this.writeLocker.Unlock()
 
 	for _, accessLog := range accessLogs {
+		if this.firewallOnly && accessLog.FirewallPolicyId == 0 {
+			continue
+		}
 		data, err := this.Marshal(accessLog)
 		if err != nil {
 			logs.Error(err)

internal/accesslogs/storage_interface.go

@@ -12,6 +12,9 @@ type StorageInterface interface {
 	// SetVersion 设置版本
 	SetVersion(version int)
 
+	// SetFirewallOnly 设置是否只处理防火墙相关的访问日志
+	SetFirewallOnly(firewallOnly bool)
+
 	IsOk() bool
 
 	SetOk(ok bool)

internal/accesslogs/storage_manager.go

@@ -101,6 +101,7 @@ func (this *StorageManager) Loop() error {
 				}
 
 				storage.SetVersion(types.Int(policy.Version))
+				storage.SetFirewallOnly(policy.FirewallOnly == 1)
 				err := storage.Start()
 				if err != nil {
 					remotelogs.Error("ACCESS_LOG_STORAGE_MANAGER", "start policy '"+types.String(policyId)+"' failed: "+err.Error())
@@ -116,6 +117,7 @@ func (this *StorageManager) Loop() error {
 				continue
 			}
 			storage.SetVersion(types.Int(policy.Version))
+			storage.SetFirewallOnly(policy.FirewallOnly == 1)
 			this.storageMap[policyId] = storage
 			err = storage.Start()
 			if err != nil {

internal/accesslogs/storage_syslog.go

@@ -106,6 +106,9 @@ func (this *SyslogStorage) Write(accessLogs []*pb.HTTPAccessLog) error {
 	}
 
 	for _, accessLog := range accessLogs {
+		if this.firewallOnly && accessLog.FirewallPolicyId == 0 {
+			continue
+		}
 		data, err := this.Marshal(accessLog)
 		if err != nil {
 			logs.Error(err)

internal/accesslogs/storage_tcp.go

@@ -60,6 +60,9 @@ func (this *TCPStorage) Write(accessLogs []*pb.HTTPAccessLog) error {
 	defer this.writeLocker.Unlock()
 
 	for _, accessLog := range accessLogs {
+		if this.firewallOnly && accessLog.FirewallPolicyId == 0 {
+			continue
+		}
 		data, err := this.Marshal(accessLog)
 		if err != nil {
 			logs.Error(err)

internal/db/models/http_access_log_policy_dao.go

@@ -1,13 +1,10 @@
 package models
 
 import (
-	"bytes"
-	"encoding/json"
 	"github.com/TeaOSLab/EdgeAPI/internal/errors"
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/dbs"
-	"github.com/iwind/TeaGo/maps"
 )
 
 const (
@@ -109,7 +106,7 @@ func (this *HTTPAccessLogPolicyDAO) FindAllEnabledAndOnPolicies(tx *dbs.Tx) (res
 }
 
 // CreatePolicy 创建策略
-func (this *HTTPAccessLogPolicyDAO) CreatePolicy(tx *dbs.Tx, name string, policyType string, optionsJSON []byte, condsJSON []byte, isPublic bool) (policyId int64, err error) {
+func (this *HTTPAccessLogPolicyDAO) CreatePolicy(tx *dbs.Tx, name string, policyType string, optionsJSON []byte, condsJSON []byte, isPublic bool, firewallOnly bool) (policyId int64, err error) {
 	var op = NewHTTPAccessLogPolicyOperator()
 	op.Name = name
 	op.Type = policyType
@@ -121,12 +118,13 @@ func (this *HTTPAccessLogPolicyDAO) CreatePolicy(tx *dbs.Tx, name string, policy
 	}
 	op.IsPublic = isPublic
 	op.IsOn = true
+	op.FirewallOnly = firewallOnly
 	op.State = HTTPAccessLogPolicyStateEnabled
 	return this.SaveInt64(tx, op)
 }
 
 // UpdatePolicy 修改策略
-func (this *HTTPAccessLogPolicyDAO) UpdatePolicy(tx *dbs.Tx, policyId int64, name string, optionsJSON []byte, condsJSON []byte, isPublic bool, isOn bool) error {
+func (this *HTTPAccessLogPolicyDAO) UpdatePolicy(tx *dbs.Tx, policyId int64, name string, optionsJSON []byte, condsJSON []byte, isPublic bool, firewallOnly bool, isOn bool) error {
 	if policyId <= 0 {
 		return errors.New("invalid policyId")
 	}
@@ -140,7 +138,6 @@ func (this *HTTPAccessLogPolicyDAO) UpdatePolicy(tx *dbs.Tx, policyId int64, nam
 	if oldOne == nil {
 		return nil
 	}
-	var oldPolicy = oldOne.(*HTTPAccessLogPolicy)
 
 	var op = NewHTTPAccessLogPolicyOperator()
 	op.Id = policyId
@@ -156,22 +153,11 @@ func (this *HTTPAccessLogPolicyDAO) UpdatePolicy(tx *dbs.Tx, policyId int64, nam
 		op.Conds = "{}"
 	}
 
-	// 版本号
-	if len(oldPolicy.Options) == 0 || len(optionsJSON) == 0 {
+	// 版本号总是加1
 	op.Version = dbs.SQL("version+1")
-	} else {
-		var m1 = maps.Map{}
-		_ = json.Unmarshal(oldPolicy.Options, &m1)
-
-		var m2 = maps.Map{}
-		_ = json.Unmarshal(optionsJSON, &m2)
-
-		if bytes.Compare(m1.AsJSON(), m2.AsJSON()) != 0 {
-			op.Version = dbs.SQL("version+1")
-		}
-	}
 
 	op.IsPublic = isPublic
+	op.FirewallOnly = firewallOnly
 	op.IsOn = isOn
 	return this.Save(tx, op)
 }

internal/db/models/http_access_log_policy_model.go

@@ -16,6 +16,7 @@ type HTTPAccessLogPolicy struct {
 	Options      dbs.JSON `field:"options"`      // 存储选项
 	Conds        dbs.JSON `field:"conds"`        // 请求条件
 	IsPublic     bool     `field:"isPublic"`     // 是否为公用
+	FirewallOnly uint8    `field:"firewallOnly"` // 是否只记录防火墙相关
 	Version      uint32   `field:"version"`      // 版本号
 }
 
@@ -32,6 +33,7 @@ type HTTPAccessLogPolicyOperator struct {
 	Options      interface{} // 存储选项
 	Conds        interface{} // 请求条件
 	IsPublic     interface{} // 是否为公用
+	FirewallOnly interface{} // 是否只记录防火墙相关
 	Version      interface{} // 版本号
 }
 

internal/rpc/services/service_http_access_log_policy.go

@@ -48,6 +48,7 @@ func (this *HTTPAccessLogPolicyService) ListEnabledHTTPAccessLogPolicies(ctx con
 			OptionsJSON:  policy.Options,
 			CondsJSON:    policy.Conds,
 			IsPublic:     policy.IsPublic,
+			FirewallOnly: policy.FirewallOnly == 1,
 		})
 	}
 	return &pb.ListEnabledHTTPAccessLogPoliciesResponse{HttpAccessLogPolicies: pbPolicies}, nil
@@ -71,7 +72,7 @@ func (this *HTTPAccessLogPolicyService) CreateHTTPAccessLogPolicy(ctx context.Co
 	}
 
 	// 创建
-	policyId, err := models.SharedHTTPAccessLogPolicyDAO.CreatePolicy(tx, req.Name, req.Type, req.OptionsJSON, req.CondsJSON, req.IsPublic)
+	policyId, err := models.SharedHTTPAccessLogPolicyDAO.CreatePolicy(tx, req.Name, req.Type, req.OptionsJSON, req.CondsJSON, req.IsPublic, req.FirewallOnly)
 	if err != nil {
 		return nil, err
 	}
@@ -96,7 +97,7 @@ func (this *HTTPAccessLogPolicyService) UpdateHTTPAccessLogPolicy(ctx context.Co
 	}
 
 	// 保存修改
-	err = models.SharedHTTPAccessLogPolicyDAO.UpdatePolicy(tx, req.HttpAccessLogPolicyId, req.Name, req.OptionsJSON, req.CondsJSON, req.IsPublic, req.IsOn)
+	err = models.SharedHTTPAccessLogPolicyDAO.UpdatePolicy(tx, req.HttpAccessLogPolicyId, req.Name, req.OptionsJSON, req.CondsJSON, req.IsPublic, req.FirewallOnly, req.IsOn)
 	if err != nil {
 		return nil, err
 	}
@@ -126,6 +127,7 @@ func (this *HTTPAccessLogPolicyService) FindEnabledHTTPAccessLogPolicy(ctx conte
 		OptionsJSON:  policy.Options,
 		CondsJSON:    policy.Conds,
 		IsPublic:     policy.IsPublic,
+		FirewallOnly: policy.FirewallOnly == 1,
 	}}, nil
 }