diff --git a/internal/db/models/http_access_log_dao.go b/internal/db/models/http_access_log_dao.go index 58d611f6..b2ad6374 100644 --- a/internal/db/models/http_access_log_dao.go +++ b/internal/db/models/http_access_log_dao.go @@ -233,6 +233,12 @@ func (this *HTTPAccessLogDAO) listAccessLogs(tx *dbs.Tx, lastRequestId string, s where := "JSON_EXTRACT(content, '$.remoteAddr') LIKE :keyword OR JSON_EXTRACT(content, '$.requestURI') LIKE :keyword OR JSON_EXTRACT(content, '$.host') LIKE :keyword" + jsonKeyword, err := json.Marshal(keyword) + if err == nil { + where += " OR JSON_CONTAINS(content, :jsonKeyword, '$.tags')" + query.Param("jsonKeyword", jsonKeyword) + } + // 请求方法 if keyword == http.MethodGet || keyword == http.MethodPost || diff --git a/internal/db/models/ip_item_dao.go b/internal/db/models/ip_item_dao.go index 95301862..01f90e0a 100644 --- a/internal/db/models/ip_item_dao.go +++ b/internal/db/models/ip_item_dao.go @@ -86,6 +86,16 @@ func (this *IPItemDAO) FindEnabledIPItem(tx *dbs.Tx, id int64) (*IPItem, error) return result.(*IPItem), err } +// DisableOldIPItem 根据IP删除以前的旧记录 +func (this *IPItemDAO) DisableOldIPItem(tx *dbs.Tx, listId int64, ipFrom string, ipTo string) error { + return this.Query(tx). + Attr("listId", listId). + Attr("ipFrom", ipFrom). + Attr("ipTo", ipTo). + Set("state", IPItemStateDisabled). + UpdateQuickly() +} + // CreateIPItem 创建IP func (this *IPItemDAO) CreateIPItem(tx *dbs.Tx, listId int64, ipFrom string, ipTo string, expiredAt int64, reason string, itemType IPItemType, eventLevel string) (int64, error) { version, err := SharedIPListDAO.IncreaseVersion(tx) diff --git a/internal/db/models/message_dao.go b/internal/db/models/message_dao.go index 2cf16a2e..156f9731 100644 --- a/internal/db/models/message_dao.go +++ b/internal/db/models/message_dao.go @@ -38,6 +38,7 @@ const ( MessageTypeServerNamesAuditingSuccess MessageType = "ServerNamesAuditingSuccess" // 服务域名审核成功 MessageTypeServerNamesAuditingFailed MessageType = "ServerNamesAuditingFailed" // 服务域名审核失败 MessageTypeThresholdSatisfied MessageType = "ThresholdSatisfied" // 满足阈值 + MessageTypeFirewallEvent MessageType = "FirewallEvent" // 防火墙事件 ) type MessageDAO dbs.DAO diff --git a/internal/db/models/message_receiver_dao.go b/internal/db/models/message_receiver_dao.go index dc3b21b1..b1cbd1c7 100644 --- a/internal/db/models/message_receiver_dao.go +++ b/internal/db/models/message_receiver_dao.go @@ -111,6 +111,37 @@ func (this *MessageReceiverDAO) FindAllEnabledReceivers(tx *dbs.Tx, target Messa AscPk(). Slice(&result). FindAll() + if err != nil { + return nil, err + } + + if len(result) == 0 { + // 去掉类型再试试 + query := this.Query(tx) + _, err = query. + Attr("clusterId", target.ClusterId). + Attr("nodeId", target.NodeId). + Attr("serverId", target.ServerId). + State(MessageReceiverStateEnabled). + AscPk(). + Slice(&result). + FindAll() + if err != nil { + return nil, err + } + + // 去掉服务和节点再试试 + if len(result) == 0 { + query := this.Query(tx) + _, err = query. + Attr("clusterId", target.ClusterId). + State(MessageReceiverStateEnabled). + AscPk(). + Slice(&result). + FindAll() + } + } + return } diff --git a/internal/db/models/message_target.go b/internal/db/models/message_target.go index 550871ae..987f854b 100644 --- a/internal/db/models/message_target.go +++ b/internal/db/models/message_target.go @@ -2,8 +2,10 @@ package models +// MessageTaskTarget 消息接收对象 +// 每个字段不一定都有值 type MessageTaskTarget struct { - ClusterId int64 - NodeId int64 - ServerId int64 + ClusterId int64 // 集群ID + NodeId int64 // 节点ID + ServerId int64 // 服务ID } diff --git a/internal/db/models/node_dao.go b/internal/db/models/node_dao.go index 9fc575d4..b3285192 100644 --- a/internal/db/models/node_dao.go +++ b/internal/db/models/node_dao.go @@ -554,6 +554,7 @@ func (this *NodeDAO) ComposeNodeConfig(tx *dbs.Tx, nodeId int64) (*nodeconfigs.N config := &nodeconfigs.NodeConfig{ Id: int64(node.Id), NodeId: node.UniqueId, + Secret: node.Secret, IsOn: node.IsOn == 1, Servers: nil, Version: int64(node.Version), diff --git a/internal/rpc/services/service_firewall.go b/internal/rpc/services/service_firewall.go index 78844af2..32d49d3c 100644 --- a/internal/rpc/services/service_firewall.go +++ b/internal/rpc/services/service_firewall.go @@ -10,6 +10,7 @@ import ( "github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb" "github.com/iwind/TeaGo/types" timeutil "github.com/iwind/TeaGo/utils/time" + "strconv" "time" ) @@ -176,3 +177,60 @@ func (this *FirewallService) ComposeFirewallGlobalBoard(ctx context.Context, req return result, nil } + +// NotifyHTTPFirewallEvent 发送告警(notify)消息 +func (this *FirewallService) NotifyHTTPFirewallEvent(ctx context.Context, req *pb.NotifyHTTPFirewallEventRequest) (*pb.RPCSuccess, error) { + nodeId, err := this.ValidateNode(ctx) + if err != nil { + return nil, err + } + + var tx = this.NullTx() + clusterId, err := models.SharedNodeDAO.FindNodeClusterId(tx, nodeId) + if err != nil { + return nil, err + } + if clusterId <= 0 { + return this.Success() + } + clusterName, err := models.SharedNodeClusterDAO.FindNodeClusterName(tx, clusterId) + if err != nil { + return nil, err + } + + nodeName, err := models.SharedNodeDAO.FindNodeName(tx, nodeId) + if err != nil { + return nil, err + } + + serverName, err := models.SharedServerDAO.FindEnabledServerName(tx, req.ServerId) + if err != nil { + return nil, err + } + + ruleGroupName, err := models.SharedHTTPFirewallRuleGroupDAO.FindHTTPFirewallRuleGroupName(tx, req.HttpFirewallRuleGroupId) + if err != nil { + return nil, err + } + + ruleSetName, err := models.SharedHTTPFirewallRuleSetDAO.FindHTTPFirewallRuleSetName(tx, req.HttpFirewallRuleSetId) + if err != nil { + return nil, err + } + + msg := "集群:" + clusterName + "(ID:" + strconv.FormatInt(clusterId, 10) + ")" + + "\n节点:" + nodeName + "(ID:" + strconv.FormatInt(nodeId, 10) + ")" + + "\n服务:" + serverName + "(ID:" + strconv.FormatInt(req.ServerId, 10) + ")" + + "\n规则分组:" + ruleGroupName + + "\n规则集:" + ruleSetName + + "\n时间:" + timeutil.FormatTime("Y-m-d H:i:s", req.CreatedAt) + err = models.SharedMessageTaskDAO.CreateMessageTasks(tx, models.MessageTaskTarget{ + ClusterId: clusterId, + NodeId: nodeId, + ServerId: req.ServerId, + }, models.MessageTypeFirewallEvent, "发生防火墙事件", msg) + if err != nil { + return nil, err + } + return this.Success() +} diff --git a/internal/rpc/services/service_ip_item.go b/internal/rpc/services/service_ip_item.go index f4c481f9..b3fc1043 100644 --- a/internal/rpc/services/service_ip_item.go +++ b/internal/rpc/services/service_ip_item.go @@ -18,7 +18,7 @@ type IPItemService struct { // CreateIPItem 创建IP func (this *IPItemService) CreateIPItem(ctx context.Context, req *pb.CreateIPItemRequest) (*pb.CreateIPItemResponse, error) { // 校验请求 - _, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) + userType, _, userId, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin, rpcutils.UserTypeUser, rpcutils.UserTypeNode, rpcutils.UserTypeDNS) if err != nil { return nil, err } @@ -41,10 +41,14 @@ func (this *IPItemService) CreateIPItem(ctx context.Context, req *pb.CreateIPIte tx := this.NullTx() - if userId > 0 { - err = models.SharedIPListDAO.CheckUserIPList(tx, userId, req.IpListId) - if err != nil { - return nil, err + if userType == rpcutils.UserTypeUser { + if userId <= 0 { + return nil, errors.New("invalid userId") + } else { + err = models.SharedIPListDAO.CheckUserIPList(tx, userId, req.IpListId) + if err != nil { + return nil, err + } } } @@ -52,6 +56,12 @@ func (this *IPItemService) CreateIPItem(ctx context.Context, req *pb.CreateIPIte req.Type = models.IPItemTypeIPv4 } + // 删除以前的 + err = models.SharedIPItemDAO.DisableOldIPItem(tx, req.IpListId, req.IpFrom, req.IpTo) + if err != nil { + return nil, err + } + itemId, err := models.SharedIPItemDAO.CreateIPItem(tx, req.IpListId, req.IpFrom, req.IpTo, req.ExpiredAt, req.Reason, req.Type, req.EventLevel) if err != nil { return nil, err diff --git a/internal/rpc/services/service_message_task.go b/internal/rpc/services/service_message_task.go index 98f29c2b..2610e125 100644 --- a/internal/rpc/services/service_message_task.go +++ b/internal/rpc/services/service_message_task.go @@ -9,12 +9,12 @@ import ( "github.com/iwind/TeaGo/types" ) -// 消息发送任务服务 +// MessageTaskService 消息发送任务服务 type MessageTaskService struct { BaseService } -// 创建任务 +// CreateMessageTask 创建任务 func (this *MessageTaskService) CreateMessageTask(ctx context.Context, req *pb.CreateMessageTaskRequest) (*pb.CreateMessageTaskResponse, error) { _, err := this.ValidateAdmin(ctx, 0) if err != nil { @@ -29,7 +29,7 @@ func (this *MessageTaskService) CreateMessageTask(ctx context.Context, req *pb.C return &pb.CreateMessageTaskResponse{MessageTaskId: taskId}, nil } -// 查找要发送的任务 +// FindSendingMessageTasks 查找要发送的任务 func (this *MessageTaskService) FindSendingMessageTasks(ctx context.Context, req *pb.FindSendingMessageTasksRequest) (*pb.FindSendingMessageTasksResponse, error) { _, err := this.ValidateMonitor(ctx) if err != nil { @@ -126,7 +126,7 @@ func (this *MessageTaskService) FindSendingMessageTasks(ctx context.Context, req return &pb.FindSendingMessageTasksResponse{MessageTasks: pbTasks}, nil } -// 修改任务状态 +// UpdateMessageTaskStatus 修改任务状态 func (this *MessageTaskService) UpdateMessageTaskStatus(ctx context.Context, req *pb.UpdateMessageTaskStatusRequest) (*pb.RPCSuccess, error) { _, err := this.ValidateMonitor(ctx) if err != nil { @@ -162,7 +162,7 @@ func (this *MessageTaskService) UpdateMessageTaskStatus(ctx context.Context, req return this.Success() } -// 删除消息任务 +// DeleteMessageTask 删除消息任务 func (this *MessageTaskService) DeleteMessageTask(ctx context.Context, req *pb.DeleteMessageTaskRequest) (*pb.RPCSuccess, error) { _, err := this.ValidateAdmin(ctx, 0) if err != nil { @@ -178,7 +178,7 @@ func (this *MessageTaskService) DeleteMessageTask(ctx context.Context, req *pb.D return this.Success() } -// 读取消息任务状态 +// FindEnabledMessageTask 读取消息任务状态 func (this *MessageTaskService) FindEnabledMessageTask(ctx context.Context, req *pb.FindEnabledMessageTaskRequest) (*pb.FindEnabledMessageTaskResponse, error) { _, err := this.ValidateAdmin(ctx, 0) if err != nil {