NS节点基本的DDoS防护

internal/db/models/node_cluster_dao.go

@@ -1066,7 +1066,7 @@ func (this *NodeClusterDAO) FindClusterDDoSProtection(tx *dbs.Tx, clusterId int6
 	return one.(*NodeCluster).DecodeDDoSProtection(), nil
 }
 
-// UpdateClusterDDoSProtection 设置集群的DDOS设置
+// UpdateClusterDDoSProtection 设置集群的DDoS设置
 func (this *NodeClusterDAO) UpdateClusterDDoSProtection(tx *dbs.Tx, clusterId int64, ddosProtection *ddosconfigs.ProtectionConfig) error {
 	if clusterId <= 0 {
 		return ErrNotFound

internal/db/models/node_dao.go

@@ -1924,7 +1924,7 @@ func (this *NodeDAO) FindNodeDDoSProtection(tx *dbs.Tx, nodeId int64) (*ddosconf
 	return one.(*Node).DecodeDDoSProtection(), nil
 }
 
-// UpdateNodeDDoSProtection 设置集群的DDOS设置
+// UpdateNodeDDoSProtection 设置集群的DDoS设置
 func (this *NodeDAO) UpdateNodeDDoSProtection(tx *dbs.Tx, nodeId int64, ddosProtection *ddosconfigs.ProtectionConfig) error {
 	if nodeId <= 0 {
 		return ErrNotFound

internal/db/models/node_task_dao.go

@@ -23,11 +23,12 @@ const (
 
 	// NS相关
 
-	NSNodeTaskTypeConfigChanged NodeTaskType = "nsConfigChanged"
+	NSNodeTaskTypeConfigChanged         NodeTaskType = "nsConfigChanged"
-	NSNodeTaskTypeDomainChanged NodeTaskType = "nsDomainChanged"
+	NSNodeTaskTypeDomainChanged         NodeTaskType = "nsDomainChanged"
-	NSNodeTaskTypeRecordChanged NodeTaskType = "nsRecordChanged"
+	NSNodeTaskTypeRecordChanged         NodeTaskType = "nsRecordChanged"
-	NSNodeTaskTypeRouteChanged  NodeTaskType = "nsRouteChanged"
+	NSNodeTaskTypeRouteChanged          NodeTaskType = "nsRouteChanged"
-	NSNodeTaskTypeKeyChanged    NodeTaskType = "nsKeyChanged"
+	NSNodeTaskTypeKeyChanged            NodeTaskType = "nsKeyChanged"
+	NSNodeTaskTypeDDosProtectionChanged NodeTaskType = "nsDDoSProtectionChanged" // 节点DDoS配置变更
 )
 
 type NodeTaskDAO dbs.DAO

internal/db/models/ns_cluster_dao.go

@@ -5,6 +5,7 @@ import (
 	"github.com/TeaOSLab/EdgeAPI/internal/errors"
 	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/ddosconfigs"
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/dbs"
@@ -325,6 +326,45 @@ func (this *NSClusterDAO) CountAllClustersWithSSLPolicyIds(tx *dbs.Tx, sslPolicy
 		Count()
 }
 
+// FindClusterDDoSProtection 获取集群的DDoS设置
+func (this *NSClusterDAO) FindClusterDDoSProtection(tx *dbs.Tx, clusterId int64) (*ddosconfigs.ProtectionConfig, error) {
+	one, err := this.Query(tx).
+		Result("ddosProtection").
+		Pk(clusterId).
+		Find()
+	if one == nil || err != nil {
+		return nil, err
+	}
+
+	return one.(*NSCluster).DecodeDDoSProtection(), nil
+}
+
+// UpdateClusterDDoSProtection 设置集群的DDoS设置
+func (this *NSClusterDAO) UpdateClusterDDoSProtection(tx *dbs.Tx, clusterId int64, ddosProtection *ddosconfigs.ProtectionConfig) error {
+	if clusterId <= 0 {
+		return ErrNotFound
+	}
+
+	var op = NewNSClusterOperator()
+	op.Id = clusterId
+
+	if ddosProtection == nil {
+		op.DdosProtection = "{}"
+	} else {
+		ddosProtectionJSON, err := json.Marshal(ddosProtection)
+		if err != nil {
+			return err
+		}
+		op.DdosProtection = ddosProtectionJSON
+	}
+
+	err := this.Save(tx, op)
+	if err != nil {
+		return err
+	}
+	return SharedNodeTaskDAO.CreateClusterTask(tx, nodeconfigs.NodeRoleDNS, clusterId, 0, NSNodeTaskTypeDDosProtectionChanged)
+}
+
 // NotifyUpdate 通知更改
 func (this *NSClusterDAO) NotifyUpdate(tx *dbs.Tx, clusterId int64) error {
 	return SharedNodeTaskDAO.CreateClusterTask(tx, nodeconfigs.NodeRoleDNS, clusterId, 0, NSNodeTaskTypeConfigChanged)

internal/db/models/ns_cluster_model.go

@@ -4,31 +4,33 @@ import "github.com/iwind/TeaGo/dbs"
 
 // NSCluster 域名服务器集群
 type NSCluster struct {
-	Id         uint32   `field:"id"`         // ID
+	Id             uint32   `field:"id"`             // ID
-	IsOn       bool     `field:"isOn"`       // 是否启用
+	IsOn           bool     `field:"isOn"`           // 是否启用
-	Name       string   `field:"name"`       // 集群名
+	Name           string   `field:"name"`           // 集群名
-	InstallDir string   `field:"installDir"` // 安装目录
+	InstallDir     string   `field:"installDir"`     // 安装目录
-	State      uint8    `field:"state"`      // 状态
+	State          uint8    `field:"state"`          // 状态
-	AccessLog  dbs.JSON `field:"accessLog"`  // 访问日志配置
+	AccessLog      dbs.JSON `field:"accessLog"`      // 访问日志配置
-	GrantId    uint32   `field:"grantId"`    // 授权ID
+	GrantId        uint32   `field:"grantId"`        // 授权ID
-	Recursion  dbs.JSON `field:"recursion"`  // 递归DNS设置
+	Recursion      dbs.JSON `field:"recursion"`      // 递归DNS设置
-	Tcp        dbs.JSON `field:"tcp"`        // TCP设置
+	Tcp            dbs.JSON `field:"tcp"`            // TCP设置
-	Tls        dbs.JSON `field:"tls"`        // TLS设置
+	Tls            dbs.JSON `field:"tls"`            // TLS设置
-	Udp        dbs.JSON `field:"udp"`        // UDP设置
+	Udp            dbs.JSON `field:"udp"`            // UDP设置
+	DdosProtection dbs.JSON `field:"ddosProtection"` // DDoS防护设置
 }
 
 type NSClusterOperator struct {
-	Id         interface{} // ID
+	Id             any // ID
-	IsOn       interface{} // 是否启用
+	IsOn           any // 是否启用
-	Name       interface{} // 集群名
+	Name           any // 集群名
-	InstallDir interface{} // 安装目录
+	InstallDir     any // 安装目录
-	State      interface{} // 状态
+	State          any // 状态
-	AccessLog  interface{} // 访问日志配置
+	AccessLog      any // 访问日志配置
-	GrantId    interface{} // 授权ID
+	GrantId        any // 授权ID
-	Recursion  interface{} // 递归DNS设置
+	Recursion      any // 递归DNS设置
-	Tcp        interface{} // TCP设置
+	Tcp            any // TCP设置
-	Tls        interface{} // TLS设置
+	Tls            any // TLS设置
-	Udp        interface{} // UDP设置
+	Udp            any // UDP设置
+	DdosProtection any // DDoS防护设置
 }
 
 func NewNSClusterOperator() *NSClusterOperator {

internal/db/models/ns_cluster_model_ext.go

@@ -1 +1,29 @@
 package models
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/ddosconfigs"
+)
+
+// DecodeDDoSProtection 解析DDOS Protection设置
+func (this *NSCluster) DecodeDDoSProtection() *ddosconfigs.ProtectionConfig {
+	if IsNull(this.DdosProtection) {
+		return nil
+	}
+
+	var result = &ddosconfigs.ProtectionConfig{}
+	err := json.Unmarshal(this.DdosProtection, &result)
+	if err != nil {
+		// ignore err
+	}
+	return result
+}
+
+// HasDDoSProtection 检查是否有DDOS设置
+func (this *NSCluster) HasDDoSProtection() bool {
+	var config = this.DecodeDDoSProtection()
+	if config != nil {
+		return config.IsOn()
+	}
+	return false
+}

internal/db/models/ns_node_dao.go

@@ -9,6 +9,7 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/dnsconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/ddosconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/systemconfigs"
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/Tea"
@@ -485,6 +486,19 @@ func (this *NSNodeDAO) ComposeNodeConfig(tx *dbs.Tx, nodeId int64) (*dnsconfigs.
 		config.UDP = udpConfig
 	}
 
+	// DDoS
+	config.DDoSProtection = cluster.DecodeDDoSProtection()
+
+	// DDoS Protection
+	var ddosProtection = node.DecodeDDoSProtection()
+	if ddosProtection != nil {
+		if config.DDoSProtection == nil {
+			config.DDoSProtection = ddosProtection
+		} else {
+			config.DDoSProtection.Merge(ddosProtection)
+		}
+	}
+
 	return config, nil
 }
 
@@ -640,6 +654,53 @@ func (this *NSNodeDAO) FindEnabledNodeIdsWithClusterId(tx *dbs.Tx, clusterId int
 	return result, nil
 }
 
+// FindNodeDDoSProtection 获取节点的DDOS设置
+func (this *NSNodeDAO) FindNodeDDoSProtection(tx *dbs.Tx, nodeId int64) (*ddosconfigs.ProtectionConfig, error) {
+	one, err := this.Query(tx).
+		Result("ddosProtection").
+		Pk(nodeId).
+		Find()
+	if one == nil || err != nil {
+		return nil, err
+	}
+
+	return one.(*NSNode).DecodeDDoSProtection(), nil
+}
+
+// UpdateNodeDDoSProtection 设置集群的DDOS设置
+func (this *NSNodeDAO) UpdateNodeDDoSProtection(tx *dbs.Tx, nodeId int64, ddosProtection *ddosconfigs.ProtectionConfig) error {
+	if nodeId <= 0 {
+		return ErrNotFound
+	}
+
+	var op = NewNSNodeOperator()
+	op.Id = nodeId
+
+	if ddosProtection == nil {
+		op.DdosProtection = "{}"
+	} else {
+		ddosProtectionJSON, err := json.Marshal(ddosProtection)
+		if err != nil {
+			return err
+		}
+		op.DdosProtection = ddosProtectionJSON
+	}
+
+	err := this.Save(tx, op)
+	if err != nil {
+		return err
+	}
+
+	clusterId, err := this.FindNodeClusterId(tx, nodeId)
+	if err != nil {
+		return err
+	}
+	if clusterId > 0 {
+		return SharedNodeTaskDAO.CreateNodeTask(tx, nodeconfigs.NodeRoleDNS, clusterId, nodeId, 0, NSNodeTaskTypeDDosProtectionChanged, 0)
+	}
+	return nil
+}
+
 // NotifyUpdate 通知更新
 func (this *NSNodeDAO) NotifyUpdate(tx *dbs.Tx, nodeId int64) error {
 	// TODO 先什么都不做

internal/db/models/ns_node_model.go

@@ -21,6 +21,7 @@ type NSNode struct {
 	StatusIsNotified   uint8    `field:"statusIsNotified"`   // 活跃状态已经通知
 	InactiveNotifiedAt uint64   `field:"inactiveNotifiedAt"` // 离线通知时间
 	ConnectedAPINodes  dbs.JSON `field:"connectedAPINodes"`  // 当前连接的API节点
+	DdosProtection     dbs.JSON `field:"ddosProtection"`     // DDoS防护设置
 }
 
 type NSNodeOperator struct {
@@ -41,6 +42,7 @@ type NSNodeOperator struct {
 	StatusIsNotified   any // 活跃状态已经通知
 	InactiveNotifiedAt any // 离线通知时间
 	ConnectedAPINodes  any // 当前连接的API节点
+	DdosProtection     any // DDoS防护设置
 }
 
 func NewNSNodeOperator() *NSNodeOperator {

internal/db/models/ns_node_model_ext.go

@@ -3,6 +3,7 @@ package models
 import (
 	"encoding/json"
 	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/ddosconfigs"
 	"time"
 )
 
@@ -39,3 +40,40 @@ func (this *NSNode) DecodeStatus() (*nodeconfigs.NodeStatus, error) {
 	}
 	return status, nil
 }
+
+// DecodeDDoSProtection 解析DDoS Protection设置
+func (this *NSNode) DecodeDDoSProtection() *ddosconfigs.ProtectionConfig {
+	if IsNull(this.DdosProtection) {
+		return nil
+	}
+
+	var result = &ddosconfigs.ProtectionConfig{}
+	err := json.Unmarshal(this.DdosProtection, &result)
+	if err != nil {
+		// ignore err
+	}
+	return result
+}
+
+// HasDDoSProtection 检查是否有DDOS设置
+func (this *NSNode) HasDDoSProtection() bool {
+	var config = this.DecodeDDoSProtection()
+	if config != nil {
+		return !config.IsPriorEmpty()
+	}
+	return false
+}
+
+// DecodeConnectedAPINodes 解析连接的API节点列表
+func (this *NSNode) DecodeConnectedAPINodes() []int64 {
+	if IsNull(this.ConnectedAPINodes) {
+		return nil
+	}
+
+	var result = []int64{}
+	err := json.Unmarshal(this.ConnectedAPINodes, &result)
+	if err != nil {
+		// ignore err
+	}
+	return result
+}

internal/rpc/services/service_node.go

@@ -1868,7 +1868,7 @@ func (this *NodeService) FindNodeDDoSProtection(ctx context.Context, req *pb.Fin
 	return result, nil
 }
 
-// UpdateNodeDDoSProtection 修改集群的DDOS设置
+// UpdateNodeDDoSProtection 修改集群的DDoS设置
 func (this *NodeService) UpdateNodeDDoSProtection(ctx context.Context, req *pb.UpdateNodeDDoSProtectionRequest) (*pb.RPCSuccess, error) {
 	_, err := this.ValidateAdmin(ctx)
 	if err != nil {

internal/rpc/services/service_node_cluster.go

@@ -1184,7 +1184,7 @@ func (this *NodeClusterService) UpdateNodeClusterUAMPolicy(ctx context.Context,
 	return this.Success()
 }
 
-// FindNodeClusterDDoSProtection 获取集群的DDOS设置
+// FindNodeClusterDDoSProtection 获取集群的DDoS设置
 func (this *NodeClusterService) FindNodeClusterDDoSProtection(ctx context.Context, req *pb.FindNodeClusterDDoSProtectionRequest) (*pb.FindNodeClusterDDoSProtectionResponse, error) {
 	_, err := this.ValidateAdmin(ctx)
 	if err != nil {
@@ -1211,7 +1211,7 @@ func (this *NodeClusterService) FindNodeClusterDDoSProtection(ctx context.Contex
 	return result, nil
 }
 
-// UpdateNodeClusterDDoSProtection 修改集群的DDOS设置
+// UpdateNodeClusterDDoSProtection 修改集群的DDoS设置
 func (this *NodeClusterService) UpdateNodeClusterDDoSProtection(ctx context.Context, req *pb.UpdateNodeClusterDDoSProtectionRequest) (*pb.RPCSuccess, error) {
 	_, err := this.ValidateAdmin(ctx)
 	if err != nil {