实现WAF通知和记录IP功能

2025-11-19 20:40:25 +08:00 · 2021-07-18 15:52:34 +08:00
parent f9e7c3a2e0
commit 6cbda588f7
9 changed files with 133 additions and 14 deletions
--- a/internal/rpc/services/service_firewall.go
+++ b/internal/rpc/services/service_firewall.go
@@ -10,6 +10,7 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/iwind/TeaGo/types"
 	timeutil "github.com/iwind/TeaGo/utils/time"
+	"strconv"
 	"time"
 )

@@ -176,3 +177,60 @@ func (this *FirewallService) ComposeFirewallGlobalBoard(ctx context.Context, req

 	return result, nil
 }
+
+// NotifyHTTPFirewallEvent 发送告警(notify)消息
+func (this *FirewallService) NotifyHTTPFirewallEvent(ctx context.Context, req *pb.NotifyHTTPFirewallEventRequest) (*pb.RPCSuccess, error) {
+	nodeId, err := this.ValidateNode(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	var tx = this.NullTx()
+	clusterId, err := models.SharedNodeDAO.FindNodeClusterId(tx, nodeId)
+	if err != nil {
+		return nil, err
+	}
+	if clusterId <= 0 {
+		return this.Success()
+	}
+	clusterName, err := models.SharedNodeClusterDAO.FindNodeClusterName(tx, clusterId)
+	if err != nil {
+		return nil, err
+	}
+
+	nodeName, err := models.SharedNodeDAO.FindNodeName(tx, nodeId)
+	if err != nil {
+		return nil, err
+	}
+
+	serverName, err := models.SharedServerDAO.FindEnabledServerName(tx, req.ServerId)
+	if err != nil {
+		return nil, err
+	}
+
+	ruleGroupName, err := models.SharedHTTPFirewallRuleGroupDAO.FindHTTPFirewallRuleGroupName(tx, req.HttpFirewallRuleGroupId)
+	if err != nil {
+		return nil, err
+	}
+
+	ruleSetName, err := models.SharedHTTPFirewallRuleSetDAO.FindHTTPFirewallRuleSetName(tx, req.HttpFirewallRuleSetId)
+	if err != nil {
+		return nil, err
+	}
+
+	msg := "集群：" + clusterName + "（ID：" + strconv.FormatInt(clusterId, 10) + "）" +
+		"\n节点：" + nodeName + "（ID：" + strconv.FormatInt(nodeId, 10) + "）" +
+		"\n服务：" + serverName + "（ID：" + strconv.FormatInt(req.ServerId, 10) + "）" +
+		"\n规则分组：" + ruleGroupName +
+		"\n规则集：" + ruleSetName +
+		"\n时间：" + timeutil.FormatTime("Y-m-d H:i:s", req.CreatedAt)
+	err = models.SharedMessageTaskDAO.CreateMessageTasks(tx, models.MessageTaskTarget{
+		ClusterId: clusterId,
+		NodeId:    nodeId,
+		ServerId:  req.ServerId,
+	}, models.MessageTypeFirewallEvent, "发生防火墙事件", msg)
+	if err != nil {
+		return nil, err
+	}
+	return this.Success()
+}
--- a/internal/rpc/services/service_ip_item.go
+++ b/internal/rpc/services/service_ip_item.go
@@ -18,7 +18,7 @@ type IPItemService struct {
 // CreateIPItem 创建IP
 func (this *IPItemService) CreateIPItem(ctx context.Context, req *pb.CreateIPItemRequest) (*pb.CreateIPItemResponse, error) {
 	// 校验请求
-	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
+	userType, _, userId, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin, rpcutils.UserTypeUser, rpcutils.UserTypeNode, rpcutils.UserTypeDNS)
 	if err != nil {
 		return nil, err
 	}
@@ -41,10 +41,14 @@ func (this *IPItemService) CreateIPItem(ctx context.Context, req *pb.CreateIPIte

 	tx := this.NullTx()

-	if userId > 0 {
-		err = models.SharedIPListDAO.CheckUserIPList(tx, userId, req.IpListId)
-		if err != nil {
-			return nil, err
+	if userType == rpcutils.UserTypeUser {
+		if userId <= 0 {
+			return nil, errors.New("invalid userId")
+		} else {
+			err = models.SharedIPListDAO.CheckUserIPList(tx, userId, req.IpListId)
+			if err != nil {
+				return nil, err
+			}
 		}
 	}

@@ -52,6 +56,12 @@ func (this *IPItemService) CreateIPItem(ctx context.Context, req *pb.CreateIPIte
 		req.Type = models.IPItemTypeIPv4
 	}

+	// 删除以前的
+	err = models.SharedIPItemDAO.DisableOldIPItem(tx, req.IpListId, req.IpFrom, req.IpTo)
+	if err != nil {
+		return nil, err
+	}
+
 	itemId, err := models.SharedIPItemDAO.CreateIPItem(tx, req.IpListId, req.IpFrom, req.IpTo, req.ExpiredAt, req.Reason, req.Type, req.EventLevel)
 	if err != nil {
 		return nil, err
--- a/internal/rpc/services/service_message_task.go
+++ b/internal/rpc/services/service_message_task.go
@@ -9,12 +9,12 @@ import (
 	"github.com/iwind/TeaGo/types"
 )

-// 消息发送任务服务
+// MessageTaskService 消息发送任务服务
 type MessageTaskService struct {
 	BaseService
 }

-// 创建任务
+// CreateMessageTask 创建任务
 func (this *MessageTaskService) CreateMessageTask(ctx context.Context, req *pb.CreateMessageTaskRequest) (*pb.CreateMessageTaskResponse, error) {
 	_, err := this.ValidateAdmin(ctx, 0)
 	if err != nil {
@@ -29,7 +29,7 @@ func (this *MessageTaskService) CreateMessageTask(ctx context.Context, req *pb.C
 	return &pb.CreateMessageTaskResponse{MessageTaskId: taskId}, nil
 }

-// 查找要发送的任务
+// FindSendingMessageTasks 查找要发送的任务
 func (this *MessageTaskService) FindSendingMessageTasks(ctx context.Context, req *pb.FindSendingMessageTasksRequest) (*pb.FindSendingMessageTasksResponse, error) {
 	_, err := this.ValidateMonitor(ctx)
 	if err != nil {
@@ -126,7 +126,7 @@ func (this *MessageTaskService) FindSendingMessageTasks(ctx context.Context, req
 	return &pb.FindSendingMessageTasksResponse{MessageTasks: pbTasks}, nil
 }

-// 修改任务状态
+// UpdateMessageTaskStatus 修改任务状态
 func (this *MessageTaskService) UpdateMessageTaskStatus(ctx context.Context, req *pb.UpdateMessageTaskStatusRequest) (*pb.RPCSuccess, error) {
 	_, err := this.ValidateMonitor(ctx)
 	if err != nil {
@@ -162,7 +162,7 @@ func (this *MessageTaskService) UpdateMessageTaskStatus(ctx context.Context, req
 	return this.Success()
 }

-// 删除消息任务
+// DeleteMessageTask 删除消息任务
 func (this *MessageTaskService) DeleteMessageTask(ctx context.Context, req *pb.DeleteMessageTaskRequest) (*pb.RPCSuccess, error) {
 	_, err := this.ValidateAdmin(ctx, 0)
 	if err != nil {
@@ -178,7 +178,7 @@ func (this *MessageTaskService) DeleteMessageTask(ctx context.Context, req *pb.D
 	return this.Success()
 }

-// 读取消息任务状态
+// FindEnabledMessageTask 读取消息任务状态
 func (this *MessageTaskService) FindEnabledMessageTask(ctx context.Context, req *pb.FindEnabledMessageTaskRequest) (*pb.FindEnabledMessageTaskResponse, error) {
 	_, err := this.ValidateAdmin(ctx, 0)
 	if err != nil {