From 500d72aaf3102024629c292ea8c7eed00acc05fa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=88=98=E7=A5=A5=E8=B6=85?= <iwind.liu@gmail.com>
Date: Sun, 15 Oct 2023 09:34:20 +0800
Subject: [PATCH] =?UTF-8?q?WAF=E8=AE=B0=E5=BD=95IP=E5=8A=A8=E4=BD=9C?=
 =?UTF-8?q?=E4=B8=ADIP=E5=90=8D=E5=8D=95=E5=A6=82=E6=9E=9C=E4=B8=BA?=
 =?UTF-8?q?=E7=A9=BA=E6=97=B6=EF=BC=8C=E9=BB=98=E8=AE=A4=E4=B8=BA=E5=85=A8?=
 =?UTF-8?q?=E5=B1=80=E9=BB=91=E5=90=8D=E5=8D=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../db/models/http_firewall_rule_group_dao.go |  2 +-
 .../db/models/http_firewall_rule_set_dao.go   | 21 ++++++++++++-------
 .../service_http_firewall_rule_set.go         |  2 +-
 3 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/internal/db/models/http_firewall_rule_group_dao.go b/internal/db/models/http_firewall_rule_group_dao.go
index d533b383..b7d122c7 100644
--- a/internal/db/models/http_firewall_rule_group_dao.go
+++ b/internal/db/models/http_firewall_rule_group_dao.go
@@ -104,7 +104,7 @@ func (this *HTTPFirewallRuleGroupDAO) ComposeFirewallRuleGroup(tx *dbs.Tx, group
 			return nil, err
 		}
 		for _, setRef := range setRefs {
-			setConfig, err := SharedHTTPFirewallRuleSetDAO.ComposeFirewallRuleSet(tx, setRef.SetId)
+			setConfig, err := SharedHTTPFirewallRuleSetDAO.ComposeFirewallRuleSet(tx, setRef.SetId, forNode)
 			if err != nil {
 				return nil, err
 			}
diff --git a/internal/db/models/http_firewall_rule_set_dao.go b/internal/db/models/http_firewall_rule_set_dao.go
index 38719365..99170014 100644
--- a/internal/db/models/http_firewall_rule_set_dao.go
+++ b/internal/db/models/http_firewall_rule_set_dao.go
@@ -84,7 +84,7 @@ func (this *HTTPFirewallRuleSetDAO) FindHTTPFirewallRuleSetName(tx *dbs.Tx, id i
 }
 
 // ComposeFirewallRuleSet 组合配置
-func (this *HTTPFirewallRuleSetDAO) ComposeFirewallRuleSet(tx *dbs.Tx, setId int64) (*firewallconfigs.HTTPFirewallRuleSet, error) {
+func (this *HTTPFirewallRuleSetDAO) ComposeFirewallRuleSet(tx *dbs.Tx, setId int64, forNode bool) (*firewallconfigs.HTTPFirewallRuleSet, error) {
 	set, err := this.FindEnabledHTTPFirewallRuleSet(tx, setId)
 	if err != nil {
 		return nil, err
@@ -133,12 +133,19 @@ func (this *HTTPFirewallRuleSetDAO) ComposeFirewallRuleSet(tx *dbs.Tx, setId int
 		if actionConfig.Code == firewallconfigs.HTTPFirewallActionRecordIP { // 记录IP动作
 			if actionConfig.Options != nil {
 				var ipListId = actionConfig.Options.GetInt64("ipListId")
-				exists, err := SharedIPListDAO.ExistsEnabledIPList(tx, ipListId)
-				if err != nil {
-					return nil, err
-				}
-				if !exists {
-					actionConfig.Options["ipListIsDeleted"] = true
+				if ipListId <= 0 { // default list id
+					if forNode {
+						actionConfig.Options["ipListId"] = firewallconfigs.GlobalListId
+					}
+					actionConfig.Options["ipListIsDeleted"] = false
+				} else {
+					exists, err := SharedIPListDAO.ExistsEnabledIPList(tx, ipListId)
+					if err != nil {
+						return nil, err
+					}
+					if !exists {
+						actionConfig.Options["ipListIsDeleted"] = true
+					}
 				}
 			}
 		}
diff --git a/internal/rpc/services/service_http_firewall_rule_set.go b/internal/rpc/services/service_http_firewall_rule_set.go
index ed5450c0..0a8028a7 100644
--- a/internal/rpc/services/service_http_firewall_rule_set.go
+++ b/internal/rpc/services/service_http_firewall_rule_set.go
@@ -86,7 +86,7 @@ func (this *HTTPFirewallRuleSetService) FindEnabledHTTPFirewallRuleSetConfig(ctx
 
 	var tx = this.NullTx()
 
-	config, err := models.SharedHTTPFirewallRuleSetDAO.ComposeFirewallRuleSet(tx, req.FirewallRuleSetId)
+	config, err := models.SharedHTTPFirewallRuleSetDAO.ComposeFirewallRuleSet(tx, req.FirewallRuleSetId, false)
 	if err != nil {
 		return nil, err
 	}