实现防火墙配置

internal/apis/api_node.go

@@ -67,6 +67,7 @@ func (this *APINode) listenRPC() error {
 	pb.RegisterHTTPPageServiceServer(rpcServer, &services.HTTPPageService{})
 	pb.RegisterHTTPAccessLogPolicyServiceServer(rpcServer, &services.HTTPAccessLogPolicyService{})
 	pb.RegisterHTTPCachePolicyServiceServer(rpcServer, &services.HTTPCachePolicyService{})
+	pb.RegisterHTTPFirewallPolicyServiceServer(rpcServer, &services.HTTPFirewallPolicyService{})
 	err = rpcServer.Serve(listener)
 	if err != nil {
 		return errors.New("[API]start rpc failed: " + err.Error())

internal/db/models/http_firewall_policy_dao.go

@@ -0,0 +1,75 @@
+package models
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	"github.com/iwind/TeaGo/Tea"
+	"github.com/iwind/TeaGo/dbs"
+)
+
+const (
+	HTTPFirewallPolicyStateEnabled  = 1 // 已启用
+	HTTPFirewallPolicyStateDisabled = 0 // 已禁用
+)
+
+type HTTPFirewallPolicyDAO dbs.DAO
+
+func NewHTTPFirewallPolicyDAO() *HTTPFirewallPolicyDAO {
+	return dbs.NewDAO(&HTTPFirewallPolicyDAO{
+		DAOObject: dbs.DAOObject{
+			DB:     Tea.Env,
+			Table:  "edgeHTTPFirewallPolicies",
+			Model:  new(HTTPFirewallPolicy),
+			PkName: "id",
+		},
+	}).(*HTTPFirewallPolicyDAO)
+}
+
+var SharedHTTPFirewallPolicyDAO = NewHTTPFirewallPolicyDAO()
+
+// 启用条目
+func (this *HTTPFirewallPolicyDAO) EnableHTTPFirewallPolicy(id int64) error {
+	_, err := this.Query().
+		Pk(id).
+		Set("state", HTTPFirewallPolicyStateEnabled).
+		Update()
+	return err
+}
+
+// 禁用条目
+func (this *HTTPFirewallPolicyDAO) DisableHTTPFirewallPolicy(id int64) error {
+	_, err := this.Query().
+		Pk(id).
+		Set("state", HTTPFirewallPolicyStateDisabled).
+		Update()
+	return err
+}
+
+// 查找启用中的条目
+func (this *HTTPFirewallPolicyDAO) FindEnabledHTTPFirewallPolicy(id int64) (*HTTPFirewallPolicy, error) {
+	result, err := this.Query().
+		Pk(id).
+		Attr("state", HTTPFirewallPolicyStateEnabled).
+		Find()
+	if result == nil {
+		return nil, err
+	}
+	return result.(*HTTPFirewallPolicy), err
+}
+
+// 根据主键查找名称
+func (this *HTTPFirewallPolicyDAO) FindHTTPFirewallPolicyName(id int64) (string, error) {
+	return this.Query().
+		Pk(id).
+		Result("name").
+		FindStringCol("")
+}
+
+// 查找所有可用策略
+func (this *HTTPFirewallPolicyDAO) FindAllEnabledFirewallPolicies() (result []*HTTPFirewallPolicy, err error) {
+	_, err = this.Query().
+		State(HTTPFirewallPolicyStateEnabled).
+		DescPk().
+		Slice(&result).
+		FindAll()
+	return
+}

internal/db/models/http_firewall_policy_dao_test.go

@@ -0,0 +1,5 @@
+package models
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+)

internal/db/models/http_firewall_policy_model.go

@@ -0,0 +1,28 @@
+package models
+
+// HTTP防火墙
+type HTTPFirewallPolicy struct {
+	Id         uint32 `field:"id"`         // ID
+	TemplateId uint32 `field:"templateId"` // 模版ID
+	AdminId    uint32 `field:"adminId"`    // 管理员ID
+	UserId     uint32 `field:"userId"`     // 用户ID
+	State      uint8  `field:"state"`      // 状态
+	CreatedAt  uint64 `field:"createdAt"`  // 创建时间
+	IsOn       uint8  `field:"isOn"`       // 是否启用
+	Name       string `field:"name"`       // 名称
+}
+
+type HTTPFirewallPolicyOperator struct {
+	Id         interface{} // ID
+	TemplateId interface{} // 模版ID
+	AdminId    interface{} // 管理员ID
+	UserId     interface{} // 用户ID
+	State      interface{} // 状态
+	CreatedAt  interface{} // 创建时间
+	IsOn       interface{} // 是否启用
+	Name       interface{} // 名称
+}
+
+func NewHTTPFirewallPolicyOperator() *HTTPFirewallPolicyOperator {
+	return &HTTPFirewallPolicyOperator{}
+}

internal/db/models/http_firewall_policy_model_ext.go

@@ -0,0 +1 @@
+package models

internal/db/models/http_web_dao.go

@@ -174,6 +174,16 @@ func (this *HTTPWebDAO) ComposeWebConfig(webId int64) (*serverconfigs.HTTPWebCon
 		config.CacheRef = cacheRef
 	}
 
+	// 防火墙配置
+	if IsNotNull(web.Firewall) {
+		firewallRef := &serverconfigs.HTTPFirewallRef{}
+		err = json.Unmarshal([]byte(web.Firewall), firewallRef)
+		if err != nil {
+			return nil, err
+		}
+		config.FirewallRef = firewallRef
+	}
+
 	// TODO 更多配置
 
 	return config, nil
@@ -351,6 +361,22 @@ func (this *HTTPWebDAO) UpdateWebCache(webId int64, cacheJSON []byte) error {
 	return this.NotifyUpdating(webId)
 }
 
+// 更改防火墙配置
+func (this *HTTPWebDAO) UpdateWebFirewall(webId int64, firewallJSON []byte) error {
+	if webId <= 0 {
+		return errors.New("invalid webId")
+	}
+	op := NewHTTPWebOperator()
+	op.Id = webId
+	op.Firewall = JSONBytes(firewallJSON)
+	_, err := this.Save(op)
+	if err != nil {
+		return err
+	}
+
+	return this.NotifyUpdating(webId)
+}
+
 // 通知更新
 func (this *HTTPWebDAO) NotifyUpdating(webId int64) error {
 	err := SharedServerDAO.UpdateServerIsUpdatingWithWebId(webId)

internal/db/models/http_web_model.go

@@ -22,6 +22,7 @@ type HTTPWeb struct {
 	Stat                   string `field:"stat"`                   // 统计配置
 	Gzip                   string `field:"gzip"`                   // Gzip配置
 	Cache                  string `field:"cache"`                  // 缓存配置
+	Firewall               string `field:"firewall"`               // 防火墙设置
 }
 
 type HTTPWebOperator struct {
@@ -45,6 +46,7 @@ type HTTPWebOperator struct {
 	Stat                   interface{} // 统计配置
 	Gzip                   interface{} // Gzip配置
 	Cache                  interface{} // 缓存配置
+	Firewall               interface{} // 防火墙设置
 }
 
 func NewHTTPWebOperator() *HTTPWebOperator {

internal/rpc/services/service_http_firewall_policy.go

@@ -0,0 +1,36 @@
+package services
+
+import (
+	"context"
+	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
+	rpcutils "github.com/TeaOSLab/EdgeAPI/internal/rpc/utils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+)
+
+type HTTPFirewallPolicyService struct {
+}
+
+// 获取所有可用策略
+func (this *HTTPFirewallPolicyService) FindAllEnabledHTTPFirewallPolicies(ctx context.Context, req *pb.FindAllEnabledHTTPFirewallPoliciesRequest) (*pb.FindAllEnabledHTTPFirewallPoliciesResponse, error) {
+	// 校验请求
+	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	if err != nil {
+		return nil, err
+	}
+
+	policies, err := models.SharedHTTPFirewallPolicyDAO.FindAllEnabledFirewallPolicies()
+	if err != nil {
+		return nil, err
+	}
+
+	result := []*pb.HTTPFirewallPolicy{}
+	for _, p := range policies {
+		result = append(result, &pb.HTTPFirewallPolicy{
+			Id:   int64(p.Id),
+			Name: p.Name,
+			IsOn: p.IsOn == 1,
+		})
+	}
+
+	return &pb.FindAllEnabledHTTPFirewallPoliciesResponse{FirewallPolicies: result}, nil
+}

internal/rpc/services/service_http_web.go

@@ -207,3 +207,20 @@ func (this *HTTPWebService) UpdateHTTPCache(ctx context.Context, req *pb.UpdateH
 
 	return rpcutils.RPCUpdateSuccess()
 }
+
+
+// 更改防火墙设置
+func (this *HTTPWebService) UpdateHTTPFirewall(ctx context.Context, req *pb.UpdateHTTPFirewallRequest) (*pb.RPCUpdateSuccess, error) {
+	// 校验请求
+	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	if err != nil {
+		return nil, err
+	}
+
+	err = models.SharedHTTPWebDAO.UpdateWebFirewall(req.WebId, req.FirewallJSON)
+	if err != nil {
+		return nil, err
+	}
+
+	return rpcutils.RPCUpdateSuccess()
+}