实现WAF通知和记录IP功能

internal/db/models/http_access_log_dao.go

@@ -233,6 +233,12 @@ func (this *HTTPAccessLogDAO) listAccessLogs(tx *dbs.Tx, lastRequestId string, s
 
 					where := "JSON_EXTRACT(content, '$.remoteAddr') LIKE :keyword OR JSON_EXTRACT(content, '$.requestURI') LIKE :keyword OR JSON_EXTRACT(content, '$.host') LIKE :keyword"
 
+					jsonKeyword, err := json.Marshal(keyword)
+					if err == nil {
+						where += " OR JSON_CONTAINS(content, :jsonKeyword, '$.tags')"
+						query.Param("jsonKeyword", jsonKeyword)
+					}
+
 					// 请求方法
 					if keyword == http.MethodGet ||
 						keyword == http.MethodPost ||

internal/db/models/ip_item_dao.go

@@ -86,6 +86,16 @@ func (this *IPItemDAO) FindEnabledIPItem(tx *dbs.Tx, id int64) (*IPItem, error)
 	return result.(*IPItem), err
 }
 
+// DisableOldIPItem 根据IP删除以前的旧记录
+func (this *IPItemDAO) DisableOldIPItem(tx *dbs.Tx, listId int64, ipFrom string, ipTo string) error {
+	return this.Query(tx).
+		Attr("listId", listId).
+		Attr("ipFrom", ipFrom).
+		Attr("ipTo", ipTo).
+		Set("state", IPItemStateDisabled).
+		UpdateQuickly()
+}
+
 // CreateIPItem 创建IP
 func (this *IPItemDAO) CreateIPItem(tx *dbs.Tx, listId int64, ipFrom string, ipTo string, expiredAt int64, reason string, itemType IPItemType, eventLevel string) (int64, error) {
 	version, err := SharedIPListDAO.IncreaseVersion(tx)

internal/db/models/message_dao.go

@@ -38,6 +38,7 @@ const (
 	MessageTypeServerNamesAuditingSuccess MessageType = "ServerNamesAuditingSuccess" // 服务域名审核成功
 	MessageTypeServerNamesAuditingFailed  MessageType = "ServerNamesAuditingFailed"  // 服务域名审核失败
 	MessageTypeThresholdSatisfied         MessageType = "ThresholdSatisfied"         // 满足阈值
+	MessageTypeFirewallEvent              MessageType = "FirewallEvent"              // 防火墙事件
 )
 
 type MessageDAO dbs.DAO

internal/db/models/message_receiver_dao.go

@@ -111,6 +111,37 @@ func (this *MessageReceiverDAO) FindAllEnabledReceivers(tx *dbs.Tx, target Messa
 		AscPk().
 		Slice(&result).
 		FindAll()
+	if err != nil {
+		return nil, err
+	}
+
+	if len(result) == 0 {
+		// 去掉类型再试试
+		query := this.Query(tx)
+		_, err = query.
+			Attr("clusterId", target.ClusterId).
+			Attr("nodeId", target.NodeId).
+			Attr("serverId", target.ServerId).
+			State(MessageReceiverStateEnabled).
+			AscPk().
+			Slice(&result).
+			FindAll()
+		if err != nil {
+			return nil, err
+		}
+
+		// 去掉服务和节点再试试
+		if len(result) == 0 {
+			query := this.Query(tx)
+			_, err = query.
+				Attr("clusterId", target.ClusterId).
+				State(MessageReceiverStateEnabled).
+				AscPk().
+				Slice(&result).
+				FindAll()
+		}
+	}
+
 	return
 }
 

internal/db/models/message_target.go

@@ -2,8 +2,10 @@
 
 package models
 
+// MessageTaskTarget 消息接收对象
+// 每个字段不一定都有值
 type MessageTaskTarget struct {
-	ClusterId int64
-	NodeId    int64
-	ServerId  int64
+	ClusterId int64 // 集群ID
+	NodeId    int64 // 节点ID
+	ServerId  int64 // 服务ID
 }

internal/db/models/node_dao.go

@@ -554,6 +554,7 @@ func (this *NodeDAO) ComposeNodeConfig(tx *dbs.Tx, nodeId int64) (*nodeconfigs.N
 	config := &nodeconfigs.NodeConfig{
 		Id:       int64(node.Id),
 		NodeId:   node.UniqueId,
+		Secret:   node.Secret,
 		IsOn:     node.IsOn == 1,
 		Servers:  nil,
 		Version:  int64(node.Version),