From 5cf1f9bf33dca00cc9f60660a545a111bba23d23 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=88=98=E7=A5=A5=E8=B6=85?= <iwind.liu@gmail.com>
Date: Thu, 7 Oct 2021 16:47:21 +0800
Subject: [PATCH] =?UTF-8?q?=E6=94=AF=E6=8C=81=E6=9B=B4=E5=A4=9A=E7=9A=84?=
 =?UTF-8?q?=E5=88=86=E7=BB=84=E5=85=A8=E5=B1=80=E8=AE=BE=E7=BD=AE=E5=8A=9F?=
 =?UTF-8?q?=E8=83=BD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../db/models/http_firewall_policy_dao.go     |  5 +-
 .../db/models/http_firewall_policy_model.go   |  2 +
 internal/db/models/http_web_dao.go            | 50 +++++++++++++++-
 internal/db/models/server_group_dao.go        | 54 ++++++++++++++++-
 .../services/service_http_firewall_policy.go  |  4 +-
 internal/rpc/services/service_server_group.go | 59 +++++++++++++++++--
 6 files changed, 161 insertions(+), 13 deletions(-)

diff --git a/internal/db/models/http_firewall_policy_dao.go b/internal/db/models/http_firewall_policy_dao.go
index 8d055c95..244e1fbf 100644
--- a/internal/db/models/http_firewall_policy_dao.go
+++ b/internal/db/models/http_firewall_policy_dao.go
@@ -96,9 +96,10 @@ func (this *HTTPFirewallPolicyDAO) FindAllEnabledFirewallPolicies(tx *dbs.Tx) (r
 }
 
 // CreateFirewallPolicy 创建策略
-func (this *HTTPFirewallPolicyDAO) CreateFirewallPolicy(tx *dbs.Tx, userId int64, serverId int64, isOn bool, name string, description string, inboundJSON []byte, outboundJSON []byte) (int64, error) {
+func (this *HTTPFirewallPolicyDAO) CreateFirewallPolicy(tx *dbs.Tx, userId int64, serverGroupId int64, serverId int64, isOn bool, name string, description string, inboundJSON []byte, outboundJSON []byte) (int64, error) {
 	op := NewHTTPFirewallPolicyOperator()
 	op.UserId = userId
+	op.GroupId = serverGroupId
 	op.ServerId = serverId
 	op.State = HTTPFirewallPolicyStateEnabled
 	op.IsOn = isOn
@@ -116,7 +117,7 @@ func (this *HTTPFirewallPolicyDAO) CreateFirewallPolicy(tx *dbs.Tx, userId int64
 
 // CreateDefaultFirewallPolicy 创建默认的WAF策略
 func (this *HTTPFirewallPolicyDAO) CreateDefaultFirewallPolicy(tx *dbs.Tx, name string) (int64, error) {
-	policyId, err := this.CreateFirewallPolicy(tx, 0, 0, true, "\""+name+"\"WAF策略", "默认创建的WAF策略", nil, nil)
+	policyId, err := this.CreateFirewallPolicy(tx, 0, 0, 0, true, "\""+name+"\"WAF策略", "默认创建的WAF策略", nil, nil)
 	if err != nil {
 		return 0, err
 	}
diff --git a/internal/db/models/http_firewall_policy_model.go b/internal/db/models/http_firewall_policy_model.go
index f0fbe70f..7a4ea85d 100644
--- a/internal/db/models/http_firewall_policy_model.go
+++ b/internal/db/models/http_firewall_policy_model.go
@@ -7,6 +7,7 @@ type HTTPFirewallPolicy struct {
 	AdminId      uint32 `field:"adminId"`      // 管理员ID
 	UserId       uint32 `field:"userId"`       // 用户ID
 	ServerId     uint32 `field:"serverId"`     // 服务ID
+	GroupId      uint32 `field:"groupId"`      // 服务分组ID
 	State        uint8  `field:"state"`        // 状态
 	CreatedAt    uint64 `field:"createdAt"`    // 创建时间
 	IsOn         uint8  `field:"isOn"`         // 是否启用
@@ -24,6 +25,7 @@ type HTTPFirewallPolicyOperator struct {
 	AdminId      interface{} // 管理员ID
 	UserId       interface{} // 用户ID
 	ServerId     interface{} // 服务ID
+	GroupId      interface{} // 服务分组ID
 	State        interface{} // 状态
 	CreatedAt    interface{} // 创建时间
 	IsOn         interface{} // 是否启用
diff --git a/internal/db/models/http_web_dao.go b/internal/db/models/http_web_dao.go
index 31848e55..1e1eafbf 100644
--- a/internal/db/models/http_web_dao.go
+++ b/internal/db/models/http_web_dao.go
@@ -966,6 +966,39 @@ func (this *HTTPWebDAO) FindWebServerId(tx *dbs.Tx, webId int64) (serverId int64
 	return this.FindWebServerId(tx, webId)
 }
 
+// FindWebServerGroupId 查找使用此Web的分组ID
+func (this *HTTPWebDAO) FindWebServerGroupId(tx *dbs.Tx, webId int64) (groupId int64, err error) {
+	if webId <= 0 {
+		return 0, nil
+	}
+	groupId, err = SharedServerGroupDAO.FindEnabledGroupIdWithWebId(tx, webId)
+	if err != nil {
+		return
+	}
+	if groupId > 0 {
+		return
+	}
+
+	// web在Location中的情况
+	locationId, err := SharedHTTPLocationDAO.FindEnabledLocationIdWithWebId(tx, webId)
+	if err != nil {
+		return 0, err
+	}
+	if locationId == 0 {
+		return
+	}
+	webId, err = this.FindEnabledWebIdWithLocationId(tx, locationId)
+	if err != nil {
+		return
+	}
+	if webId <= 0 {
+		return
+	}
+
+	// 第二轮查找
+	return this.FindWebServerGroupId(tx, webId)
+}
+
 // CheckUserWeb 检查用户权限
 func (this *HTTPWebDAO) CheckUserWeb(tx *dbs.Tx, userId int64, webId int64) error {
 	serverId, err := this.FindWebServerId(tx, webId)
@@ -1015,12 +1048,23 @@ func (this *HTTPWebDAO) FindWebHostRedirects(tx *dbs.Tx, webId int64) ([]byte, e
 
 // NotifyUpdate 通知更新
 func (this *HTTPWebDAO) NotifyUpdate(tx *dbs.Tx, webId int64) error {
+	// server
 	serverId, err := this.FindWebServerId(tx, webId)
 	if err != nil {
 		return err
 	}
-	if serverId == 0 {
-		return nil
+	if serverId > 0 {
+		return SharedServerDAO.NotifyUpdate(tx, serverId)
 	}
-	return SharedServerDAO.NotifyUpdate(tx, serverId)
+
+	// group
+	groupId, err := this.FindWebServerGroupId(tx, webId)
+	if err != nil {
+		return err
+	}
+	if groupId > 0 {
+		return SharedServerGroupDAO.NotifyUpdate(tx, groupId)
+	}
+
+	return nil
 }
diff --git a/internal/db/models/server_group_dao.go b/internal/db/models/server_group_dao.go
index 4019483d..a816ee9d 100644
--- a/internal/db/models/server_group_dao.go
+++ b/internal/db/models/server_group_dao.go
@@ -224,6 +224,48 @@ func (this *ServerGroupDAO) UpdateUDPReverseProxy(tx *dbs.Tx, groupId int64, con
 	return this.NotifyUpdate(tx, groupId)
 }
 
+// FindGroupWebId 查找分组WebId
+func (this *ServerGroupDAO) FindGroupWebId(tx *dbs.Tx, groupId int64) (webId int64, err error) {
+	return this.Query(tx).
+		Pk(groupId).
+		Result("webId").
+		FindInt64Col(0)
+}
+
+// FindEnabledGroupIdWithWebId 根据WebId查找分组
+func (this *ServerGroupDAO) FindEnabledGroupIdWithWebId(tx *dbs.Tx, webId int64) (int64, error) {
+	if webId <= 0 {
+		return 0, nil
+	}
+	return this.Query(tx).
+		State(ServerGroupStateEnabled).
+		ResultPk().
+		Attr("webId", webId).
+		FindInt64Col(0)
+}
+
+// InitGroupWeb 初始化Web配置
+func (this *ServerGroupDAO) InitGroupWeb(tx *dbs.Tx, groupId int64) (int64, error) {
+	if groupId <= 0 {
+		return 0, errors.New("invalid groupId")
+	}
+
+	webId, err := SharedHTTPWebDAO.CreateWeb(tx, 0, 0, nil)
+	if err != nil {
+		return 0, err
+	}
+
+	err = this.Query(tx).
+		Pk(groupId).
+		Set("webId", webId).
+		UpdateQuickly()
+	if err != nil {
+		return 0, err
+	}
+
+	return webId, nil
+}
+
 // ComposeGroupConfig 组合配置
 func (this *ServerGroupDAO) ComposeGroupConfig(tx *dbs.Tx, groupId int64, cacheMap maps.Map) (*serverconfigs.ServerGroupConfig, error) {
 	if cacheMap == nil {
@@ -312,6 +354,17 @@ func (this *ServerGroupDAO) ComposeGroupConfig(tx *dbs.Tx, groupId int64, cacheM
 		}
 	}
 
+	// web
+	if group.WebId > 0 {
+		webConfig, err := SharedHTTPWebDAO.ComposeWebConfig(tx, int64(group.WebId), cacheMap)
+		if err != nil {
+			return nil, err
+		}
+		if webConfig != nil {
+			config.Web = webConfig
+		}
+	}
+
 	cacheMap[cacheKey] = config
 
 	return config, nil
@@ -327,7 +380,6 @@ func (this *ServerGroupDAO) FindEnabledGroupIdWithReverseProxyId(tx *dbs.Tx, rev
 		FindInt64Col(0)
 }
 
-
 // NotifyUpdate 通知更新
 func (this *ServerGroupDAO) NotifyUpdate(tx *dbs.Tx, groupId int64) error {
 	serverIds, err := SharedServerDAO.FindAllEnabledServerIdsWithGroupId(tx, groupId)
diff --git a/internal/rpc/services/service_http_firewall_policy.go b/internal/rpc/services/service_http_firewall_policy.go
index 0eaa3270..5ae870a2 100644
--- a/internal/rpc/services/service_http_firewall_policy.go
+++ b/internal/rpc/services/service_http_firewall_policy.go
@@ -60,7 +60,7 @@ func (this *HTTPFirewallPolicyService) CreateHTTPFirewallPolicy(ctx context.Cont
 
 	tx := this.NullTx()
 
-	policyId, err := models.SharedHTTPFirewallPolicyDAO.CreateFirewallPolicy(tx, userId, req.ServerId, req.IsOn, req.Name, req.Description, nil, nil)
+	policyId, err := models.SharedHTTPFirewallPolicyDAO.CreateFirewallPolicy(tx, userId, req.ServerGroupId, req.ServerId, req.IsOn, req.Name, req.Description, nil, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -137,7 +137,7 @@ func (this *HTTPFirewallPolicyService) CreateEmptyHTTPFirewallPolicy(ctx context
 
 	tx := this.NullTx()
 
-	policyId, err := models.SharedHTTPFirewallPolicyDAO.CreateFirewallPolicy(tx, userId, req.ServerId, req.IsOn, req.Name, req.Description, nil, nil)
+	policyId, err := models.SharedHTTPFirewallPolicyDAO.CreateFirewallPolicy(tx, userId, req.ServerGroupId, req.ServerId, req.IsOn, req.Name, req.Description, nil, nil)
 	if err != nil {
 		return nil, err
 	}
diff --git a/internal/rpc/services/service_server_group.go b/internal/rpc/services/service_server_group.go
index ce7e514b..9be2db31 100644
--- a/internal/rpc/services/service_server_group.go
+++ b/internal/rpc/services/service_server_group.go
@@ -386,11 +386,7 @@ func (this *ServerGroupService) FindEnabledServerGroupConfigInfo(ctx context.Con
 	}
 
 	if group == nil {
-		return &pb.FindEnabledServerGroupConfigInfoResponse{
-			HasHTTPReverseProxy: false,
-			HasTCPReverseProxy:  false,
-			HasUDPReverseProxy:  false,
-		}, nil
+		return &pb.FindEnabledServerGroupConfigInfoResponse{}, nil
 	}
 
 	var result = &pb.FindEnabledServerGroupConfigInfoResponse{
@@ -424,5 +420,58 @@ func (this *ServerGroupService) FindEnabledServerGroupConfigInfo(ctx context.Con
 		result.HasUDPReverseProxy = ref.IsPrior
 	}
 
+	config, err := models.SharedServerGroupDAO.ComposeGroupConfig(tx, int64(group.Id), nil)
+	if err != nil {
+		return nil, err
+	}
+	if config != nil {
+		var webConfig = config.Web
+		if webConfig != nil {
+			result.HasRootConfig = webConfig != nil && webConfig.Root != nil && webConfig.Root.IsPrior
+			result.HasWAFConfig = webConfig != nil && webConfig.FirewallRef != nil && webConfig.FirewallRef.IsPrior
+			result.HasCacheConfig = webConfig != nil && webConfig.Cache != nil && webConfig.Cache.IsPrior
+			result.HasCharsetConfig = webConfig != nil && webConfig.Charset != nil && webConfig.Charset.IsPrior
+			result.HasAccessLogConfig = webConfig != nil && webConfig.AccessLogRef != nil && webConfig.AccessLogRef.IsPrior
+			result.HasStatConfig = webConfig != nil && webConfig.StatRef != nil && webConfig.StatRef.IsPrior
+			result.HasCompressionConfig = webConfig != nil && webConfig.Compression != nil && webConfig.Compression.IsPrior
+			result.HasWebsocketConfig = webConfig != nil && webConfig.WebsocketRef != nil && webConfig.WebsocketRef.IsPrior
+			result.HasRequestHeadersConfig = webConfig != nil && webConfig.RequestHeaderPolicyRef != nil && webConfig.RequestHeaderPolicyRef.IsPrior
+			result.HasResponseHeadersConfig = webConfig != nil && webConfig.ResponseHeaderPolicyRef != nil && webConfig.ResponseHeaderPolicyRef.IsPrior
+			result.HasWebPConfig = webConfig != nil && webConfig.WebP != nil && webConfig.WebP.IsPrior
+			result.HasRemoteAddrConfig = webConfig != nil && webConfig.RemoteAddr != nil && webConfig.RemoteAddr.IsPrior
+		}
+	}
+
 	return result, nil
 }
+
+// FindAndInitServerGroupWebConfig 初始化Web设置
+func (this *ServerGroupService) FindAndInitServerGroupWebConfig(ctx context.Context, req *pb.FindAndInitServerGroupWebConfigRequest) (*pb.FindAndInitServerGroupWebConfigResponse, error) {
+	_, err := this.ValidateAdmin(ctx, 0)
+	if err != nil {
+		return nil, err
+	}
+
+	var tx = this.NullTx()
+	webId, err := models.SharedServerGroupDAO.FindGroupWebId(tx, req.ServerGroupId)
+	if err != nil {
+		return nil, err
+	}
+
+	if webId == 0 {
+		webId, err = models.SharedServerGroupDAO.InitGroupWeb(tx, req.ServerGroupId)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	webConfig, err := models.SharedHTTPWebDAO.ComposeWebConfig(tx, webId, nil)
+	if err != nil {
+		return nil, err
+	}
+	webConfigJSON, err := json.Marshal(webConfig)
+	if err != nil {
+		return nil, err
+	}
+	return &pb.FindAndInitServerGroupWebConfigResponse{WebJSON: webConfigJSON}, nil
+}