用户端可以添加WAF 黑白名单

2026-04-02 02:55:18 +08:00 · 2021-01-03 20:18:07 +08:00
parent f49c26cdab
commit 70c1ee2984
9 changed files with 129 additions and 17 deletions
--- a/internal/db/models/http_firewall_policy_dao.go
+++ b/internal/db/models/http_firewall_policy_dao.go
@@ -99,8 +99,9 @@ func (this *HTTPFirewallPolicyDAO) FindAllEnabledFirewallPolicies(tx *dbs.Tx) (r
 }

 // 创建策略
-func (this *HTTPFirewallPolicyDAO) CreateFirewallPolicy(tx *dbs.Tx, isOn bool, name string, description string, inboundJSON []byte, outboundJSON []byte) (int64, error) {
+func (this *HTTPFirewallPolicyDAO) CreateFirewallPolicy(tx *dbs.Tx, userId int64, isOn bool, name string, description string, inboundJSON []byte, outboundJSON []byte) (int64, error) {
 	op := NewHTTPFirewallPolicyOperator()
+	op.UserId = userId
 	op.State = HTTPFirewallPolicyStateEnabled
 	op.IsOn = isOn
 	op.Name = name
@@ -282,3 +283,18 @@ func (this *HTTPFirewallPolicyDAO) ComposeFirewallPolicy(tx *dbs.Tx, policyId in

 	return config, nil
 }
+
+// 检查用户防火墙策略
+func (this *HTTPFirewallPolicyDAO) CheckUserFirewallPolicy(tx *dbs.Tx, userId int64, firewallPolicyId int64) error {
+	ok, err := this.Query(tx).
+		Pk(firewallPolicyId).
+		Attr("userId", userId).
+		Exist()
+	if err != nil {
+		return err
+	}
+	if !ok {
+		return ErrNotFound
+	}
+	return nil
+}
--- a/internal/db/models/http_web_dao.go
+++ b/internal/db/models/http_web_dao.go
@@ -242,7 +242,18 @@ func (this *HTTPWebDAO) ComposeWebConfig(tx *dbs.Tx, webId int64) (*serverconfig
 		}
 		config.FirewallRef = firewallRef

-		// 暂不支持自定义防火墙策略设置，因为同一个集群下的服务需要集中管理
+		// 自定义防火墙设置
+		if firewallRef.FirewallPolicyId > 0 {
+			firewallPolicy, err := SharedHTTPFirewallPolicyDAO.ComposeFirewallPolicy(tx, firewallRef.FirewallPolicyId)
+			if err != nil {
+				return nil, err
+			}
+			if firewallPolicy == nil {
+				config.FirewallRef = nil
+			} else {
+				config.FirewallPolicy = firewallPolicy
+			}
+		}
 	}

 	// 路径规则
--- a/internal/db/models/ip_item_dao.go
+++ b/internal/db/models/ip_item_dao.go
@@ -166,3 +166,11 @@ func (this *IPItemDAO) ListIPItemsAfterVersion(tx *dbs.Tx, version int64, size i
 		FindAll()
 	return
 }
+
+// 查找IPItem对应的列表ID
+func (this *IPItemDAO) FindItemListId(tx *dbs.Tx, itemId int64) (int64, error) {
+	return this.Query(tx).
+		Pk(itemId).
+		Result("listId").
+		FindInt64Col(0)
+}
--- a/internal/db/models/ip_list_dao.go
+++ b/internal/db/models/ip_list_dao.go
@@ -75,9 +75,10 @@ func (this *IPListDAO) FindIPListName(tx *dbs.Tx, id int64) (string, error) {
 }

 // 创建名单
-func (this *IPListDAO) CreateIPList(tx *dbs.Tx, listType ipconfigs.IPListType, name string, code string, timeoutJSON []byte) (int64, error) {
+func (this *IPListDAO) CreateIPList(tx *dbs.Tx, userId int64, listType ipconfigs.IPListType, name string, code string, timeoutJSON []byte) (int64, error) {
 	op := NewIPListOperator()
 	op.IsOn = true
+	op.UserId = userId
 	op.State = IPListStateEnabled
 	op.Type = listType
 	op.Name = name
@@ -128,3 +129,18 @@ func (this *IPListDAO) IncreaseVersion(tx *dbs.Tx) (int64, error) {
 	err = SharedSysSettingDAO.UpdateSetting(tx, SettingCodeIPListVersion, []byte(numberutils.FormatInt64(value)))
 	return value, nil
 }
+
+// 检查用户权限
+func (this *IPListDAO) CheckUserIPList(tx *dbs.Tx, userId int64, listId int64) error {
+	ok, err := this.Query(tx).
+		Pk(listId).
+		Attr("userId", userId).
+		Exist()
+	if err != nil {
+		return err
+	}
+	if ok {
+		return nil
+	}
+	return ErrNotFound
+}