实现防火墙配置

2025-11-04 16:00:24 +08:00 · 2020-09-20 20:12:47 +08:00
parent 773d6d616a
commit 0f4dbc1def
9 changed files with 191 additions and 0 deletions
--- a/internal/apis/api_node.go
+++ b/internal/apis/api_node.go
@@ -67,6 +67,7 @@ func (this *APINode) listenRPC() error {
 	pb.RegisterHTTPPageServiceServer(rpcServer, &services.HTTPPageService{})
 	pb.RegisterHTTPAccessLogPolicyServiceServer(rpcServer, &services.HTTPAccessLogPolicyService{})
 	pb.RegisterHTTPCachePolicyServiceServer(rpcServer, &services.HTTPCachePolicyService{})
 	pb.RegisterHTTPFirewallPolicyServiceServer(rpcServer, &services.HTTPFirewallPolicyService{})
 	err = rpcServer.Serve(listener)
 	if err != nil {
 		return errors.New("[API]start rpc failed: " + err.Error())
--- a/internal/db/models/http_firewall_policy_dao.go
+++ b/internal/db/models/http_firewall_policy_dao.go
@@ -0,0 +1,75 @@
 package models
 import (
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/dbs"
 )
 const (
 	HTTPFirewallPolicyStateEnabled  = 1 // 已启用
 	HTTPFirewallPolicyStateDisabled = 0 // 已禁用
 )
 type HTTPFirewallPolicyDAO dbs.DAO
 func NewHTTPFirewallPolicyDAO() *HTTPFirewallPolicyDAO {
 	return dbs.NewDAO(&HTTPFirewallPolicyDAO{
 		DAOObject: dbs.DAOObject{
 			DB:     Tea.Env,
 			Table:  "edgeHTTPFirewallPolicies",
 			Model:  new(HTTPFirewallPolicy),
 			PkName: "id",
 		},
 	}).(*HTTPFirewallPolicyDAO)
 }
 var SharedHTTPFirewallPolicyDAO = NewHTTPFirewallPolicyDAO()
 // 启用条目
 func (this *HTTPFirewallPolicyDAO) EnableHTTPFirewallPolicy(id int64) error {
 	_, err := this.Query().
 		Pk(id).
 		Set("state", HTTPFirewallPolicyStateEnabled).
 		Update()
 	return err
 }
 // 禁用条目
 func (this *HTTPFirewallPolicyDAO) DisableHTTPFirewallPolicy(id int64) error {
 	_, err := this.Query().
 		Pk(id).
 		Set("state", HTTPFirewallPolicyStateDisabled).
 		Update()
 	return err
 }
 // 查找启用中的条目
 func (this *HTTPFirewallPolicyDAO) FindEnabledHTTPFirewallPolicy(id int64) (*HTTPFirewallPolicy, error) {
 	result, err := this.Query().
 		Pk(id).
 		Attr("state", HTTPFirewallPolicyStateEnabled).
 		Find()
 	if result == nil {
 		return nil, err
 	}
 	return result.(*HTTPFirewallPolicy), err
 }
 // 根据主键查找名称
 func (this *HTTPFirewallPolicyDAO) FindHTTPFirewallPolicyName(id int64) (string, error) {
 	return this.Query().
 		Pk(id).
 		Result("name").
 		FindStringCol("")
 }
 // 查找所有可用策略
 func (this *HTTPFirewallPolicyDAO) FindAllEnabledFirewallPolicies() (result []*HTTPFirewallPolicy, err error) {
 	_, err = this.Query().
 		State(HTTPFirewallPolicyStateEnabled).
 		DescPk().
 		Slice(&result).
 		FindAll()
 	return
 }
--- a/internal/db/models/http_firewall_policy_dao_test.go
+++ b/internal/db/models/http_firewall_policy_dao_test.go
@@ -0,0 +1,5 @@
 package models
 import (
 	_ "github.com/go-sql-driver/mysql"
 )
--- a/internal/db/models/http_firewall_policy_model.go
+++ b/internal/db/models/http_firewall_policy_model.go
@@ -0,0 +1,28 @@
 package models
 // HTTP防火墙
 type HTTPFirewallPolicy struct {
 	Id         uint32 `field:"id"`         // ID
 	TemplateId uint32 `field:"templateId"` // 模版ID
 	AdminId    uint32 `field:"adminId"`    // 管理员ID
 	UserId     uint32 `field:"userId"`     // 用户ID
 	State      uint8  `field:"state"`      // 状态
 	CreatedAt  uint64 `field:"createdAt"`  // 创建时间
 	IsOn       uint8  `field:"isOn"`       // 是否启用
 	Name       string `field:"name"`       // 名称
 }
 type HTTPFirewallPolicyOperator struct {
 	Id         interface{} // ID
 	TemplateId interface{} // 模版ID
 	AdminId    interface{} // 管理员ID
 	UserId     interface{} // 用户ID
 	State      interface{} // 状态
 	CreatedAt  interface{} // 创建时间
 	IsOn       interface{} // 是否启用
 	Name       interface{} // 名称
 }
 func NewHTTPFirewallPolicyOperator() *HTTPFirewallPolicyOperator {
 	return &HTTPFirewallPolicyOperator{}
 }
--- a/internal/db/models/http_firewall_policy_model_ext.go
+++ b/internal/db/models/http_firewall_policy_model_ext.go
@@ -0,0 +1 @@
 package models
--- a/internal/db/models/http_web_dao.go
+++ b/internal/db/models/http_web_dao.go
@@ -174,6 +174,16 @@ func (this *HTTPWebDAO) ComposeWebConfig(webId int64) (*serverconfigs.HTTPWebCon
 		config.CacheRef = cacheRef
 	}
 	// 防火墙配置
 	if IsNotNull(web.Firewall) {
 		firewallRef := &serverconfigs.HTTPFirewallRef{}
 		err = json.Unmarshal([]byte(web.Firewall), firewallRef)
 		if err != nil {
 			return nil, err
 		}
 		config.FirewallRef = firewallRef
 	}
 	// TODO 更多配置
 	return config, nil
@@ -351,6 +361,22 @@ func (this *HTTPWebDAO) UpdateWebCache(webId int64, cacheJSON []byte) error {
 	return this.NotifyUpdating(webId)
 }
 // 更改防火墙配置
 func (this *HTTPWebDAO) UpdateWebFirewall(webId int64, firewallJSON []byte) error {
 	if webId <= 0 {
 		return errors.New("invalid webId")
 	}
 	op := NewHTTPWebOperator()
 	op.Id = webId
 	op.Firewall = JSONBytes(firewallJSON)
 	_, err := this.Save(op)
 	if err != nil {
 		return err
 	}
 	return this.NotifyUpdating(webId)
 }
 // 通知更新
 func (this *HTTPWebDAO) NotifyUpdating(webId int64) error {
 	err := SharedServerDAO.UpdateServerIsUpdatingWithWebId(webId)
--- a/internal/db/models/http_web_model.go
+++ b/internal/db/models/http_web_model.go
@@ -22,6 +22,7 @@ type HTTPWeb struct {
 	Stat                   string `field:"stat"`                   // 统计配置
 	Gzip                   string `field:"gzip"`                   // Gzip配置
 	Cache                  string `field:"cache"`                  // 缓存配置
 	Firewall               string `field:"firewall"`               // 防火墙设置
 }
 type HTTPWebOperator struct {
@@ -45,6 +46,7 @@ type HTTPWebOperator struct {
 	Stat                   interface{} // 统计配置
 	Gzip                   interface{} // Gzip配置
 	Cache                  interface{} // 缓存配置
 	Firewall               interface{} // 防火墙设置
 }
 func NewHTTPWebOperator() *HTTPWebOperator {
--- a/internal/rpc/services/service_http_firewall_policy.go
+++ b/internal/rpc/services/service_http_firewall_policy.go
@@ -0,0 +1,36 @@
 package services
 import (
 	"context"
 	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
 	rpcutils "github.com/TeaOSLab/EdgeAPI/internal/rpc/utils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 )
 type HTTPFirewallPolicyService struct {
 }
 // 获取所有可用策略
 func (this *HTTPFirewallPolicyService) FindAllEnabledHTTPFirewallPolicies(ctx context.Context, req *pb.FindAllEnabledHTTPFirewallPoliciesRequest) (*pb.FindAllEnabledHTTPFirewallPoliciesResponse, error) {
 	// 校验请求
 	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
 	if err != nil {
 		return nil, err
 	}
 	policies, err := models.SharedHTTPFirewallPolicyDAO.FindAllEnabledFirewallPolicies()
 	if err != nil {
 		return nil, err
 	}
 	result := []*pb.HTTPFirewallPolicy{}
 	for _, p := range policies {
 		result = append(result, &pb.HTTPFirewallPolicy{
 			Id:   int64(p.Id),
 			Name: p.Name,
 			IsOn: p.IsOn == 1,
 		})
 	}
 	return &pb.FindAllEnabledHTTPFirewallPoliciesResponse{FirewallPolicies: result}, nil
 }
--- a/internal/rpc/services/service_http_web.go
+++ b/internal/rpc/services/service_http_web.go
@@ -207,3 +207,20 @@ func (this *HTTPWebService) UpdateHTTPCache(ctx context.Context, req *pb.UpdateH
 	return rpcutils.RPCUpdateSuccess()
 }
 // 更改防火墙设置
 func (this *HTTPWebService) UpdateHTTPFirewall(ctx context.Context, req *pb.UpdateHTTPFirewallRequest) (*pb.RPCUpdateSuccess, error) {
 	// 校验请求
 	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
 	if err != nil {
 		return nil, err
 	}
 	err = models.SharedHTTPWebDAO.UpdateWebFirewall(req.WebId, req.FirewallJSON)
 	if err != nil {
 		return nil, err
 	}
 	return rpcutils.RPCUpdateSuccess()
 }