实现WAF策略部分功能

internal/db/models/http_firewall_rule_group_dao.go

@@ -1,9 +1,12 @@
 package models
 
 import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/dbs"
+	"github.com/iwind/TeaGo/types"
 )
 
 const (
@@ -41,7 +44,7 @@ func (this *HTTPFirewallRuleGroupDAO) Init() {
 }
 
 // 启用条目
-func (this *HTTPFirewallRuleGroupDAO) EnableHTTPFirewallRuleGroup(id uint32) error {
+func (this *HTTPFirewallRuleGroupDAO) EnableHTTPFirewallRuleGroup(id int64) error {
 	_, err := this.Query().
 		Pk(id).
 		Set("state", HTTPFirewallRuleGroupStateEnabled).
@@ -50,7 +53,7 @@ func (this *HTTPFirewallRuleGroupDAO) EnableHTTPFirewallRuleGroup(id uint32) err
 }
 
 // 禁用条目
-func (this *HTTPFirewallRuleGroupDAO) DisableHTTPFirewallRuleGroup(id uint32) error {
+func (this *HTTPFirewallRuleGroupDAO) DisableHTTPFirewallRuleGroup(id int64) error {
 	_, err := this.Query().
 		Pk(id).
 		Set("state", HTTPFirewallRuleGroupStateDisabled).
@@ -59,7 +62,7 @@ func (this *HTTPFirewallRuleGroupDAO) DisableHTTPFirewallRuleGroup(id uint32) er
 }
 
 // 查找启用中的条目
-func (this *HTTPFirewallRuleGroupDAO) FindEnabledHTTPFirewallRuleGroup(id uint32) (*HTTPFirewallRuleGroup, error) {
+func (this *HTTPFirewallRuleGroupDAO) FindEnabledHTTPFirewallRuleGroup(id int64) (*HTTPFirewallRuleGroup, error) {
 	result, err := this.Query().
 		Pk(id).
 		Attr("state", HTTPFirewallRuleGroupStateEnabled).
@@ -71,9 +74,88 @@ func (this *HTTPFirewallRuleGroupDAO) FindEnabledHTTPFirewallRuleGroup(id uint32
 }
 
 // 根据主键查找名称
-func (this *HTTPFirewallRuleGroupDAO) FindHTTPFirewallRuleGroupName(id uint32) (string, error) {
+func (this *HTTPFirewallRuleGroupDAO) FindHTTPFirewallRuleGroupName(id int64) (string, error) {
 	return this.Query().
 		Pk(id).
 		Result("name").
 		FindStringCol("")
 }
+
+// 组合配置
+func (this *HTTPFirewallRuleGroupDAO) ComposeFirewallRuleGroup(groupId int64) (*firewallconfigs.HTTPFirewallRuleGroup, error) {
+	group, err := this.FindEnabledHTTPFirewallRuleGroup(groupId)
+	if err != nil {
+		return nil, err
+	}
+	if group == nil {
+		return nil, nil
+	}
+	config := &firewallconfigs.HTTPFirewallRuleGroup{}
+	config.Id = int64(group.Id)
+	config.IsOn = group.IsOn == 1
+	config.Name = group.Name
+	config.Description = group.Description
+	config.Code = group.Code
+
+	if IsNotNull(group.Sets) {
+		setRefs := []*firewallconfigs.HTTPFirewallRuleSetRef{}
+		err = json.Unmarshal([]byte(group.Sets), &setRefs)
+		if err != nil {
+			return nil, err
+		}
+		for _, setRef := range setRefs {
+			setConfig, err := SharedHTTPFirewallRuleSetDAO.ComposeFirewallRuleSet(setRef.SetId)
+			if err != nil {
+				return nil, err
+			}
+			if setConfig != nil {
+				config.SetRefs = append(config.SetRefs, setRef)
+				config.Sets = append(config.Sets, setConfig)
+			}
+		}
+	}
+
+	return config, nil
+}
+
+// 从配置中创建分组
+func (this *HTTPFirewallRuleGroupDAO) CreateGroupFromConfig(groupConfig *firewallconfigs.HTTPFirewallRuleGroup) (int64, error) {
+	op := NewHTTPFirewallRuleGroupOperator()
+	op.IsOn = groupConfig.IsOn
+	op.Name = groupConfig.Name
+	op.Description = groupConfig.Description
+	op.State = HTTPFirewallRuleGroupStateEnabled
+	op.Code = groupConfig.Code
+
+	// sets
+	setRefs := []*firewallconfigs.HTTPFirewallRuleSetRef{}
+	for _, setConfig := range groupConfig.Sets {
+		setId, err := SharedHTTPFirewallRuleSetDAO.CreateSetFromConfig(setConfig)
+		if err != nil {
+			return 0, err
+		}
+		setRefs = append(setRefs, &firewallconfigs.HTTPFirewallRuleSetRef{
+			IsOn:  true,
+			SetId: setId,
+		})
+	}
+	setRefsJSON, err := json.Marshal(setRefs)
+	if err != nil {
+		return 0, err
+	}
+	op.Sets = setRefsJSON
+	_, err = this.Save(op)
+	if err != nil {
+		return 0, err
+	}
+	return types.Int64(op.Id), nil
+}
+
+// 修改开启状态
+func (this *HTTPFirewallRuleGroupDAO) UpdateGroupIsOn(groupId int64, isOn bool) error {
+	_, err := this.Query().
+		Pk(groupId).
+		Set("isOn", isOn).
+		Update()
+	return err
+}