diff --git a/internal/db/models/node_cluster_dao.go b/internal/db/models/node_cluster_dao.go index 9dfc362d..ebedad51 100644 --- a/internal/db/models/node_cluster_dao.go +++ b/internal/db/models/node_cluster_dao.go @@ -1066,7 +1066,7 @@ func (this *NodeClusterDAO) FindClusterDDoSProtection(tx *dbs.Tx, clusterId int6 return one.(*NodeCluster).DecodeDDoSProtection(), nil } -// UpdateClusterDDoSProtection 设置集群的DDOS设置 +// UpdateClusterDDoSProtection 设置集群的DDoS设置 func (this *NodeClusterDAO) UpdateClusterDDoSProtection(tx *dbs.Tx, clusterId int64, ddosProtection *ddosconfigs.ProtectionConfig) error { if clusterId <= 0 { return ErrNotFound diff --git a/internal/db/models/node_dao.go b/internal/db/models/node_dao.go index 84d3f2cf..e3251d3c 100644 --- a/internal/db/models/node_dao.go +++ b/internal/db/models/node_dao.go @@ -1924,7 +1924,7 @@ func (this *NodeDAO) FindNodeDDoSProtection(tx *dbs.Tx, nodeId int64) (*ddosconf return one.(*Node).DecodeDDoSProtection(), nil } -// UpdateNodeDDoSProtection 设置集群的DDOS设置 +// UpdateNodeDDoSProtection 设置集群的DDoS设置 func (this *NodeDAO) UpdateNodeDDoSProtection(tx *dbs.Tx, nodeId int64, ddosProtection *ddosconfigs.ProtectionConfig) error { if nodeId <= 0 { return ErrNotFound diff --git a/internal/db/models/node_task_dao.go b/internal/db/models/node_task_dao.go index e6255e63..cf3a6464 100644 --- a/internal/db/models/node_task_dao.go +++ b/internal/db/models/node_task_dao.go @@ -23,11 +23,12 @@ const ( // NS相关 - NSNodeTaskTypeConfigChanged NodeTaskType = "nsConfigChanged" - NSNodeTaskTypeDomainChanged NodeTaskType = "nsDomainChanged" - NSNodeTaskTypeRecordChanged NodeTaskType = "nsRecordChanged" - NSNodeTaskTypeRouteChanged NodeTaskType = "nsRouteChanged" - NSNodeTaskTypeKeyChanged NodeTaskType = "nsKeyChanged" + NSNodeTaskTypeConfigChanged NodeTaskType = "nsConfigChanged" + NSNodeTaskTypeDomainChanged NodeTaskType = "nsDomainChanged" + NSNodeTaskTypeRecordChanged NodeTaskType = "nsRecordChanged" + NSNodeTaskTypeRouteChanged NodeTaskType = "nsRouteChanged" + NSNodeTaskTypeKeyChanged NodeTaskType = "nsKeyChanged" + NSNodeTaskTypeDDosProtectionChanged NodeTaskType = "nsDDoSProtectionChanged" // 节点DDoS配置变更 ) type NodeTaskDAO dbs.DAO diff --git a/internal/db/models/ns_cluster_dao.go b/internal/db/models/ns_cluster_dao.go index efee6b83..b0f42680 100644 --- a/internal/db/models/ns_cluster_dao.go +++ b/internal/db/models/ns_cluster_dao.go @@ -5,6 +5,7 @@ import ( "github.com/TeaOSLab/EdgeAPI/internal/errors" "github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs" "github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs" + "github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/ddosconfigs" _ "github.com/go-sql-driver/mysql" "github.com/iwind/TeaGo/Tea" "github.com/iwind/TeaGo/dbs" @@ -325,6 +326,45 @@ func (this *NSClusterDAO) CountAllClustersWithSSLPolicyIds(tx *dbs.Tx, sslPolicy Count() } +// FindClusterDDoSProtection 获取集群的DDoS设置 +func (this *NSClusterDAO) FindClusterDDoSProtection(tx *dbs.Tx, clusterId int64) (*ddosconfigs.ProtectionConfig, error) { + one, err := this.Query(tx). + Result("ddosProtection"). + Pk(clusterId). + Find() + if one == nil || err != nil { + return nil, err + } + + return one.(*NSCluster).DecodeDDoSProtection(), nil +} + +// UpdateClusterDDoSProtection 设置集群的DDoS设置 +func (this *NSClusterDAO) UpdateClusterDDoSProtection(tx *dbs.Tx, clusterId int64, ddosProtection *ddosconfigs.ProtectionConfig) error { + if clusterId <= 0 { + return ErrNotFound + } + + var op = NewNSClusterOperator() + op.Id = clusterId + + if ddosProtection == nil { + op.DdosProtection = "{}" + } else { + ddosProtectionJSON, err := json.Marshal(ddosProtection) + if err != nil { + return err + } + op.DdosProtection = ddosProtectionJSON + } + + err := this.Save(tx, op) + if err != nil { + return err + } + return SharedNodeTaskDAO.CreateClusterTask(tx, nodeconfigs.NodeRoleDNS, clusterId, 0, NSNodeTaskTypeDDosProtectionChanged) +} + // NotifyUpdate 通知更改 func (this *NSClusterDAO) NotifyUpdate(tx *dbs.Tx, clusterId int64) error { return SharedNodeTaskDAO.CreateClusterTask(tx, nodeconfigs.NodeRoleDNS, clusterId, 0, NSNodeTaskTypeConfigChanged) diff --git a/internal/db/models/ns_cluster_model.go b/internal/db/models/ns_cluster_model.go index ea4cbb05..e59358e6 100644 --- a/internal/db/models/ns_cluster_model.go +++ b/internal/db/models/ns_cluster_model.go @@ -4,31 +4,33 @@ import "github.com/iwind/TeaGo/dbs" // NSCluster 域名服务器集群 type NSCluster struct { - Id uint32 `field:"id"` // ID - IsOn bool `field:"isOn"` // 是否启用 - Name string `field:"name"` // 集群名 - InstallDir string `field:"installDir"` // 安装目录 - State uint8 `field:"state"` // 状态 - AccessLog dbs.JSON `field:"accessLog"` // 访问日志配置 - GrantId uint32 `field:"grantId"` // 授权ID - Recursion dbs.JSON `field:"recursion"` // 递归DNS设置 - Tcp dbs.JSON `field:"tcp"` // TCP设置 - Tls dbs.JSON `field:"tls"` // TLS设置 - Udp dbs.JSON `field:"udp"` // UDP设置 + Id uint32 `field:"id"` // ID + IsOn bool `field:"isOn"` // 是否启用 + Name string `field:"name"` // 集群名 + InstallDir string `field:"installDir"` // 安装目录 + State uint8 `field:"state"` // 状态 + AccessLog dbs.JSON `field:"accessLog"` // 访问日志配置 + GrantId uint32 `field:"grantId"` // 授权ID + Recursion dbs.JSON `field:"recursion"` // 递归DNS设置 + Tcp dbs.JSON `field:"tcp"` // TCP设置 + Tls dbs.JSON `field:"tls"` // TLS设置 + Udp dbs.JSON `field:"udp"` // UDP设置 + DdosProtection dbs.JSON `field:"ddosProtection"` // DDoS防护设置 } type NSClusterOperator struct { - Id interface{} // ID - IsOn interface{} // 是否启用 - Name interface{} // 集群名 - InstallDir interface{} // 安装目录 - State interface{} // 状态 - AccessLog interface{} // 访问日志配置 - GrantId interface{} // 授权ID - Recursion interface{} // 递归DNS设置 - Tcp interface{} // TCP设置 - Tls interface{} // TLS设置 - Udp interface{} // UDP设置 + Id any // ID + IsOn any // 是否启用 + Name any // 集群名 + InstallDir any // 安装目录 + State any // 状态 + AccessLog any // 访问日志配置 + GrantId any // 授权ID + Recursion any // 递归DNS设置 + Tcp any // TCP设置 + Tls any // TLS设置 + Udp any // UDP设置 + DdosProtection any // DDoS防护设置 } func NewNSClusterOperator() *NSClusterOperator { diff --git a/internal/db/models/ns_cluster_model_ext.go b/internal/db/models/ns_cluster_model_ext.go index 2640e7f9..93664d78 100644 --- a/internal/db/models/ns_cluster_model_ext.go +++ b/internal/db/models/ns_cluster_model_ext.go @@ -1 +1,29 @@ package models + +import ( + "encoding/json" + "github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/ddosconfigs" +) + +// DecodeDDoSProtection 解析DDOS Protection设置 +func (this *NSCluster) DecodeDDoSProtection() *ddosconfigs.ProtectionConfig { + if IsNull(this.DdosProtection) { + return nil + } + + var result = &ddosconfigs.ProtectionConfig{} + err := json.Unmarshal(this.DdosProtection, &result) + if err != nil { + // ignore err + } + return result +} + +// HasDDoSProtection 检查是否有DDOS设置 +func (this *NSCluster) HasDDoSProtection() bool { + var config = this.DecodeDDoSProtection() + if config != nil { + return config.IsOn() + } + return false +} \ No newline at end of file diff --git a/internal/db/models/ns_node_dao.go b/internal/db/models/ns_node_dao.go index fcc82d0d..236ef23a 100644 --- a/internal/db/models/ns_node_dao.go +++ b/internal/db/models/ns_node_dao.go @@ -9,6 +9,7 @@ import ( "github.com/TeaOSLab/EdgeCommon/pkg/dnsconfigs" "github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs" "github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs" + "github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/ddosconfigs" "github.com/TeaOSLab/EdgeCommon/pkg/systemconfigs" _ "github.com/go-sql-driver/mysql" "github.com/iwind/TeaGo/Tea" @@ -485,6 +486,19 @@ func (this *NSNodeDAO) ComposeNodeConfig(tx *dbs.Tx, nodeId int64) (*dnsconfigs. config.UDP = udpConfig } + // DDoS + config.DDoSProtection = cluster.DecodeDDoSProtection() + + // DDoS Protection + var ddosProtection = node.DecodeDDoSProtection() + if ddosProtection != nil { + if config.DDoSProtection == nil { + config.DDoSProtection = ddosProtection + } else { + config.DDoSProtection.Merge(ddosProtection) + } + } + return config, nil } @@ -640,6 +654,53 @@ func (this *NSNodeDAO) FindEnabledNodeIdsWithClusterId(tx *dbs.Tx, clusterId int return result, nil } +// FindNodeDDoSProtection 获取节点的DDOS设置 +func (this *NSNodeDAO) FindNodeDDoSProtection(tx *dbs.Tx, nodeId int64) (*ddosconfigs.ProtectionConfig, error) { + one, err := this.Query(tx). + Result("ddosProtection"). + Pk(nodeId). + Find() + if one == nil || err != nil { + return nil, err + } + + return one.(*NSNode).DecodeDDoSProtection(), nil +} + +// UpdateNodeDDoSProtection 设置集群的DDOS设置 +func (this *NSNodeDAO) UpdateNodeDDoSProtection(tx *dbs.Tx, nodeId int64, ddosProtection *ddosconfigs.ProtectionConfig) error { + if nodeId <= 0 { + return ErrNotFound + } + + var op = NewNSNodeOperator() + op.Id = nodeId + + if ddosProtection == nil { + op.DdosProtection = "{}" + } else { + ddosProtectionJSON, err := json.Marshal(ddosProtection) + if err != nil { + return err + } + op.DdosProtection = ddosProtectionJSON + } + + err := this.Save(tx, op) + if err != nil { + return err + } + + clusterId, err := this.FindNodeClusterId(tx, nodeId) + if err != nil { + return err + } + if clusterId > 0 { + return SharedNodeTaskDAO.CreateNodeTask(tx, nodeconfigs.NodeRoleDNS, clusterId, nodeId, 0, NSNodeTaskTypeDDosProtectionChanged, 0) + } + return nil +} + // NotifyUpdate 通知更新 func (this *NSNodeDAO) NotifyUpdate(tx *dbs.Tx, nodeId int64) error { // TODO 先什么都不做 diff --git a/internal/db/models/ns_node_model.go b/internal/db/models/ns_node_model.go index 781d8576..e5fa00e9 100644 --- a/internal/db/models/ns_node_model.go +++ b/internal/db/models/ns_node_model.go @@ -21,6 +21,7 @@ type NSNode struct { StatusIsNotified uint8 `field:"statusIsNotified"` // 活跃状态已经通知 InactiveNotifiedAt uint64 `field:"inactiveNotifiedAt"` // 离线通知时间 ConnectedAPINodes dbs.JSON `field:"connectedAPINodes"` // 当前连接的API节点 + DdosProtection dbs.JSON `field:"ddosProtection"` // DDoS防护设置 } type NSNodeOperator struct { @@ -41,6 +42,7 @@ type NSNodeOperator struct { StatusIsNotified any // 活跃状态已经通知 InactiveNotifiedAt any // 离线通知时间 ConnectedAPINodes any // 当前连接的API节点 + DdosProtection any // DDoS防护设置 } func NewNSNodeOperator() *NSNodeOperator { diff --git a/internal/db/models/ns_node_model_ext.go b/internal/db/models/ns_node_model_ext.go index 0fa14899..b8b95944 100644 --- a/internal/db/models/ns_node_model_ext.go +++ b/internal/db/models/ns_node_model_ext.go @@ -3,6 +3,7 @@ package models import ( "encoding/json" "github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs" + "github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/ddosconfigs" "time" ) @@ -39,3 +40,40 @@ func (this *NSNode) DecodeStatus() (*nodeconfigs.NodeStatus, error) { } return status, nil } + +// DecodeDDoSProtection 解析DDoS Protection设置 +func (this *NSNode) DecodeDDoSProtection() *ddosconfigs.ProtectionConfig { + if IsNull(this.DdosProtection) { + return nil + } + + var result = &ddosconfigs.ProtectionConfig{} + err := json.Unmarshal(this.DdosProtection, &result) + if err != nil { + // ignore err + } + return result +} + +// HasDDoSProtection 检查是否有DDOS设置 +func (this *NSNode) HasDDoSProtection() bool { + var config = this.DecodeDDoSProtection() + if config != nil { + return !config.IsPriorEmpty() + } + return false +} + +// DecodeConnectedAPINodes 解析连接的API节点列表 +func (this *NSNode) DecodeConnectedAPINodes() []int64 { + if IsNull(this.ConnectedAPINodes) { + return nil + } + + var result = []int64{} + err := json.Unmarshal(this.ConnectedAPINodes, &result) + if err != nil { + // ignore err + } + return result +} diff --git a/internal/rpc/services/service_node.go b/internal/rpc/services/service_node.go index fa7663f8..181fc218 100644 --- a/internal/rpc/services/service_node.go +++ b/internal/rpc/services/service_node.go @@ -1868,7 +1868,7 @@ func (this *NodeService) FindNodeDDoSProtection(ctx context.Context, req *pb.Fin return result, nil } -// UpdateNodeDDoSProtection 修改集群的DDOS设置 +// UpdateNodeDDoSProtection 修改集群的DDoS设置 func (this *NodeService) UpdateNodeDDoSProtection(ctx context.Context, req *pb.UpdateNodeDDoSProtectionRequest) (*pb.RPCSuccess, error) { _, err := this.ValidateAdmin(ctx) if err != nil { diff --git a/internal/rpc/services/service_node_cluster.go b/internal/rpc/services/service_node_cluster.go index cb3c9e42..bb4dacc0 100644 --- a/internal/rpc/services/service_node_cluster.go +++ b/internal/rpc/services/service_node_cluster.go @@ -1184,7 +1184,7 @@ func (this *NodeClusterService) UpdateNodeClusterUAMPolicy(ctx context.Context, return this.Success() } -// FindNodeClusterDDoSProtection 获取集群的DDOS设置 +// FindNodeClusterDDoSProtection 获取集群的DDoS设置 func (this *NodeClusterService) FindNodeClusterDDoSProtection(ctx context.Context, req *pb.FindNodeClusterDDoSProtectionRequest) (*pb.FindNodeClusterDDoSProtectionResponse, error) { _, err := this.ValidateAdmin(ctx) if err != nil { @@ -1211,7 +1211,7 @@ func (this *NodeClusterService) FindNodeClusterDDoSProtection(ctx context.Contex return result, nil } -// UpdateNodeClusterDDoSProtection 修改集群的DDOS设置 +// UpdateNodeClusterDDoSProtection 修改集群的DDoS设置 func (this *NodeClusterService) UpdateNodeClusterDDoSProtection(ctx context.Context, req *pb.UpdateNodeClusterDDoSProtectionRequest) (*pb.RPCSuccess, error) { _, err := this.ValidateAdmin(ctx) if err != nil {