WAF支持更多动作

internal/db/models/http_firewall_rule_set_dao.go

@@ -37,12 +37,12 @@ func init() {
 	})
 }
 
-// 初始化
+// Init 初始化
 func (this *HTTPFirewallRuleSetDAO) Init() {
 	_ = this.DAOObject.Init()
 }
 
-// 启用条目
+// EnableHTTPFirewallRuleSet 启用条目
 func (this *HTTPFirewallRuleSetDAO) EnableHTTPFirewallRuleSet(tx *dbs.Tx, id int64) error {
 	_, err := this.Query(tx).
 		Pk(id).
@@ -51,7 +51,7 @@ func (this *HTTPFirewallRuleSetDAO) EnableHTTPFirewallRuleSet(tx *dbs.Tx, id int
 	return err
 }
 
-// 禁用条目
+// DisableHTTPFirewallRuleSet 禁用条目
 func (this *HTTPFirewallRuleSetDAO) DisableHTTPFirewallRuleSet(tx *dbs.Tx, ruleSetId int64) error {
 	_, err := this.Query(tx).
 		Pk(ruleSetId).
@@ -63,7 +63,7 @@ func (this *HTTPFirewallRuleSetDAO) DisableHTTPFirewallRuleSet(tx *dbs.Tx, ruleS
 	return this.NotifyUpdate(tx, ruleSetId)
 }
 
-// 查找启用中的条目
+// FindEnabledHTTPFirewallRuleSet 查找启用中的条目
 func (this *HTTPFirewallRuleSetDAO) FindEnabledHTTPFirewallRuleSet(tx *dbs.Tx, id int64) (*HTTPFirewallRuleSet, error) {
 	result, err := this.Query(tx).
 		Pk(id).
@@ -75,7 +75,7 @@ func (this *HTTPFirewallRuleSetDAO) FindEnabledHTTPFirewallRuleSet(tx *dbs.Tx, i
 	return result.(*HTTPFirewallRuleSet), err
 }
 
-// 根据主键查找名称
+// FindHTTPFirewallRuleSetName 根据主键查找名称
 func (this *HTTPFirewallRuleSetDAO) FindHTTPFirewallRuleSetName(tx *dbs.Tx, id int64) (string, error) {
 	return this.Query(tx).
 		Pk(id).
@@ -83,7 +83,7 @@ func (this *HTTPFirewallRuleSetDAO) FindHTTPFirewallRuleSetName(tx *dbs.Tx, id i
 		FindStringCol("")
 }
 
-// 组合配置
+// ComposeFirewallRuleSet 组合配置
 func (this *HTTPFirewallRuleSetDAO) ComposeFirewallRuleSet(tx *dbs.Tx, setId int64) (*firewallconfigs.HTTPFirewallRuleSet, error) {
 	set, err := this.FindEnabledHTTPFirewallRuleSet(tx, setId)
 	if err != nil {
@@ -118,20 +118,19 @@ func (this *HTTPFirewallRuleSetDAO) ComposeFirewallRuleSet(tx *dbs.Tx, setId int
 		}
 	}
 
-	config.Action = set.Action
+	var actionConfigs = []*firewallconfigs.HTTPFirewallActionConfig{}
-	if IsNotNull(set.ActionOptions) {
+	if len(set.Actions) > 0 {
-		options := maps.Map{}
+		err = json.Unmarshal([]byte(set.Actions), &actionConfigs)
-		err = json.Unmarshal([]byte(set.ActionOptions), &options)
 		if err != nil {
 			return nil, err
 		}
-		config.ActionOptions = options
+		config.Actions = actionConfigs
 	}
 
 	return config, nil
 }
 
-// 从配置中创建规则集
+// CreateOrUpdateSetFromConfig 从配置中创建规则集
 func (this *HTTPFirewallRuleSetDAO) CreateOrUpdateSetFromConfig(tx *dbs.Tx, setConfig *firewallconfigs.HTTPFirewallRuleSet) (int64, error) {
 	op := NewHTTPFirewallRuleSetOperator()
 	op.State = HTTPFirewallRuleSetStateEnabled
@@ -140,19 +139,19 @@ func (this *HTTPFirewallRuleSetDAO) CreateOrUpdateSetFromConfig(tx *dbs.Tx, setC
 	op.Name = setConfig.Name
 	op.Description = setConfig.Description
 	op.Connector = setConfig.Connector
-	op.Action = setConfig.Action
-	op.Code = setConfig.Code
 
-	if setConfig.ActionOptions != nil {
+	if len(setConfig.Actions) == 0 {
-		actionOptionsJSON, err := json.Marshal(setConfig.ActionOptions)
+		op.Actions = "[]"
+	} else {
+		actionsJSON, err := json.Marshal(setConfig.Actions)
 		if err != nil {
 			return 0, err
 		}
-		op.ActionOptions = actionOptionsJSON
+		op.Actions = actionsJSON
-	} else {
-		op.ActionOptions = "{}"
 	}
 
+	op.Code = setConfig.Code
+
 	// rules
 	ruleRefs := []*firewallconfigs.HTTPFirewallRuleRef{}
 	for _, ruleConfig := range setConfig.Rules {
@@ -186,7 +185,7 @@ func (this *HTTPFirewallRuleSetDAO) CreateOrUpdateSetFromConfig(tx *dbs.Tx, setC
 	return types.Int64(op.Id), nil
 }
 
-// 设置是否启用
+// UpdateRuleSetIsOn 设置是否启用
 func (this *HTTPFirewallRuleSetDAO) UpdateRuleSetIsOn(tx *dbs.Tx, ruleSetId int64, isOn bool) error {
 	if ruleSetId <= 0 {
 		return errors.New("invalid ruleSetId")
@@ -201,7 +200,7 @@ func (this *HTTPFirewallRuleSetDAO) UpdateRuleSetIsOn(tx *dbs.Tx, ruleSetId int6
 	return this.NotifyUpdate(tx, ruleSetId)
 }
 
-// 根据规则查找规则集
+// FindEnabledRuleSetIdWithRuleId 根据规则查找规则集
 func (this *HTTPFirewallRuleSetDAO) FindEnabledRuleSetIdWithRuleId(tx *dbs.Tx, ruleId int64) (int64, error) {
 	return this.Query(tx).
 		State(HTTPFirewallRuleStateEnabled).
@@ -211,7 +210,7 @@ func (this *HTTPFirewallRuleSetDAO) FindEnabledRuleSetIdWithRuleId(tx *dbs.Tx, r
 		FindInt64Col(0)
 }
 
-// 检查用户
+// CheckUserRuleSet 检查用户
 func (this *HTTPFirewallRuleSetDAO) CheckUserRuleSet(tx *dbs.Tx, userId int64, setId int64) error {
 	groupId, err := SharedHTTPFirewallRuleGroupDAO.FindRuleGroupIdWithRuleSetId(tx, setId)
 	if err != nil {
@@ -223,7 +222,7 @@ func (this *HTTPFirewallRuleSetDAO) CheckUserRuleSet(tx *dbs.Tx, userId int64, s
 	return SharedHTTPFirewallRuleGroupDAO.CheckUserRuleGroup(tx, userId, groupId)
 }
 
-// 通知更新
+// NotifyUpdate 通知更新
 func (this *HTTPFirewallRuleSetDAO) NotifyUpdate(tx *dbs.Tx, setId int64) error {
 	groupId, err := SharedHTTPFirewallRuleGroupDAO.FindRuleGroupIdWithRuleSetId(tx, setId)
 	if err != nil {

internal/db/models/http_firewall_rule_set_model.go

@@ -1,6 +1,6 @@
 package models
 
-// 防火墙规则集
+// HTTPFirewallRuleSet 防火墙规则集
 type HTTPFirewallRuleSet struct {
 	Id            uint32 `field:"id"`            // ID
 	IsOn          uint8  `field:"isOn"`          // 是否启用
@@ -13,8 +13,9 @@ type HTTPFirewallRuleSet struct {
 	State         uint8  `field:"state"`         // 状态
 	AdminId       uint32 `field:"adminId"`       // 管理员ID
 	UserId        uint32 `field:"userId"`        // 用户ID
-	Action        string `field:"action"`        // 执行的动作
+	Action        string `field:"action"`        // 执行的动作（过期）
-	ActionOptions string `field:"actionOptions"` // 动作的选项
+	ActionOptions string `field:"actionOptions"` // 动作的选项（过期）
+	Actions       string `field:"actions"`       // 一组动作
 }
 
 type HTTPFirewallRuleSetOperator struct {
@@ -29,8 +30,9 @@ type HTTPFirewallRuleSetOperator struct {
 	State         interface{} // 状态
 	AdminId       interface{} // 管理员ID
 	UserId        interface{} // 用户ID
-	Action        interface{} // 执行的动作
+	Action        interface{} // 执行的动作（过期）
-	ActionOptions interface{} // 动作的选项
+	ActionOptions interface{} // 动作的选项（过期）
+	Actions       interface{} // 一组动作
 }
 
 func NewHTTPFirewallRuleSetOperator() *HTTPFirewallRuleSetOperator {

internal/setup/sql_data.go

@@ -1,12 +1,15 @@
 package setup
 
 import (
+	"encoding/json"
 	"github.com/TeaOSLab/EdgeAPI/internal/acme"
 	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
 	"github.com/TeaOSLab/EdgeAPI/internal/errors"
 	"github.com/TeaOSLab/EdgeAPI/internal/utils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
 	"github.com/iwind/TeaGo/dbs"
 	"github.com/iwind/TeaGo/lists"
+	"github.com/iwind/TeaGo/maps"
 	"github.com/iwind/TeaGo/rands"
 	"github.com/iwind/TeaGo/types"
 	stringutil "github.com/iwind/TeaGo/utils/string"
@@ -209,9 +212,40 @@ func upgradeV0_0_10(db *dbs.DB) error {
 
 // v0.2.5
 func upgradeV0_2_5(db *dbs.DB) error {
-	_, err := db.Exec("UPDATE edgeUsers SET day=FROM_UNIXTIME(createdAt,'%Y%m%d')")
+	// 更新用户
+	_, err := db.Exec("UPDATE edgeUsers SET day=FROM_UNIXTIME(createdAt,'%Y%m%d') WHERE day IS NULL OR LENGTH(day)=0")
 	if err != nil {
 		return err
 	}
+
+	// 更新防火墙规则
+	ones, _, err := db.FindOnes("SELECT id, actions, action, actionOptions FROM edgeHTTPFirewallRuleSets WHERE actions IS NULL OR LENGTH(actions)=0")
+	if err != nil {
+		return err
+	}
+	for _, one := range ones {
+		oneId := one.GetInt64("id")
+		action := one.GetString("action")
+		options := one.GetString("actionOptions")
+		var optionsMap = maps.Map{}
+		if len(options) > 0 {
+			_ = json.Unmarshal([]byte(options), &optionsMap)
+		}
+		var actions = []*firewallconfigs.HTTPFirewallActionConfig{
+			{
+				Code:    action,
+				Options: optionsMap,
+			},
+		}
+		actionsJSON, err := json.Marshal(actions)
+		if err != nil {
+			return err
+		}
+		_, err = db.Exec("UPDATE edgeHTTPFirewallRuleSets SET actions=? WHERE id=?", string(actionsJSON), oneId)
+		if err != nil {
+			return err
+		}
+	}
+
 	return nil
 }