From 76faff37a98e29733a167ec65cb048452b774f27 Mon Sep 17 00:00:00 2001 From: GoEdgeLab Date: Wed, 2 Aug 2023 16:59:38 +0800 Subject: [PATCH] =?UTF-8?q?WAF=E7=AD=96=E7=95=A5=E5=A2=9E=E5=8A=A0?= =?UTF-8?q?=E2=80=9C=E6=9C=80=E5=A4=9A=E6=A3=80=E6=9F=A5=E5=86=85=E5=AE=B9?= =?UTF-8?q?=E5=B0=BA=E5=AF=B8=E2=80=9C=E9=80=89=E9=A1=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../db/models/http_firewall_policy_dao.go | 6 +- .../db/models/http_firewall_policy_model.go | 101 +++++++++++------- .../services/service_http_firewall_policy.go | 7 +- 3 files changed, 74 insertions(+), 40 deletions(-) diff --git a/internal/db/models/http_firewall_policy_dao.go b/internal/db/models/http_firewall_policy_dao.go index 866cb86d..a90c5a54 100644 --- a/internal/db/models/http_firewall_policy_dao.go +++ b/internal/db/models/http_firewall_policy_dao.go @@ -290,7 +290,8 @@ func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicy(tx *dbs.Tx, mode firewallconfigs.FirewallMode, useLocalFirewall bool, synFloodConfig *firewallconfigs.SYNFloodConfig, - logConfig *firewallconfigs.HTTPFirewallPolicyLogConfig) error { + logConfig *firewallconfigs.HTTPFirewallPolicyLogConfig, + maxRequestBodySize int64) error { if policyId <= 0 { return errors.New("invalid policyId") } @@ -338,6 +339,8 @@ func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicy(tx *dbs.Tx, } op.UseLocalFirewall = useLocalFirewall + op.MaxRequestBodySize = maxRequestBodySize + err := this.Save(tx, op) if err != nil { return err @@ -414,6 +417,7 @@ func (this *HTTPFirewallPolicyDAO) ComposeFirewallPolicy(tx *dbs.Tx, policyId in config.Name = policy.Name config.Description = policy.Description config.UseLocalFirewall = policy.UseLocalFirewall == 1 + config.MaxRequestBodySize = int64(policy.MaxRequestBodySize) if len(policy.Mode) == 0 { policy.Mode = firewallconfigs.FirewallModeDefend diff --git a/internal/db/models/http_firewall_policy_model.go b/internal/db/models/http_firewall_policy_model.go index a1965c6d..1dcb2ff3 100644 --- a/internal/db/models/http_firewall_policy_model.go +++ b/internal/db/models/http_firewall_policy_model.go @@ -2,49 +2,74 @@ package models import "github.com/iwind/TeaGo/dbs" +const ( + HTTPFirewallPolicyField_Id dbs.FieldName = "id" // ID + HTTPFirewallPolicyField_TemplateId dbs.FieldName = "templateId" // 模版ID + HTTPFirewallPolicyField_AdminId dbs.FieldName = "adminId" // 管理员ID + HTTPFirewallPolicyField_UserId dbs.FieldName = "userId" // 用户ID + HTTPFirewallPolicyField_ServerId dbs.FieldName = "serverId" // 服务ID + HTTPFirewallPolicyField_GroupId dbs.FieldName = "groupId" // 服务分组ID + HTTPFirewallPolicyField_State dbs.FieldName = "state" // 状态 + HTTPFirewallPolicyField_CreatedAt dbs.FieldName = "createdAt" // 创建时间 + HTTPFirewallPolicyField_IsOn dbs.FieldName = "isOn" // 是否启用 + HTTPFirewallPolicyField_Name dbs.FieldName = "name" // 名称 + HTTPFirewallPolicyField_Description dbs.FieldName = "description" // 描述 + HTTPFirewallPolicyField_Inbound dbs.FieldName = "inbound" // 入站规则 + HTTPFirewallPolicyField_Outbound dbs.FieldName = "outbound" // 出站规则 + HTTPFirewallPolicyField_BlockOptions dbs.FieldName = "blockOptions" // BLOCK选项 + HTTPFirewallPolicyField_CaptchaOptions dbs.FieldName = "captchaOptions" // 验证码选项 + HTTPFirewallPolicyField_Mode dbs.FieldName = "mode" // 模式 + HTTPFirewallPolicyField_UseLocalFirewall dbs.FieldName = "useLocalFirewall" // 是否自动使用本地防火墙 + HTTPFirewallPolicyField_SynFlood dbs.FieldName = "synFlood" // SynFlood防御设置 + HTTPFirewallPolicyField_Log dbs.FieldName = "log" // 日志配置 + HTTPFirewallPolicyField_MaxRequestBodySize dbs.FieldName = "maxRequestBodySize" // 可以检查的最大请求内容尺寸 +) + // HTTPFirewallPolicy HTTP防火墙 type HTTPFirewallPolicy struct { - Id uint32 `field:"id"` // ID - TemplateId uint32 `field:"templateId"` // 模版ID - AdminId uint32 `field:"adminId"` // 管理员ID - UserId uint32 `field:"userId"` // 用户ID - ServerId uint32 `field:"serverId"` // 服务ID - GroupId uint32 `field:"groupId"` // 服务分组ID - State uint8 `field:"state"` // 状态 - CreatedAt uint64 `field:"createdAt"` // 创建时间 - IsOn bool `field:"isOn"` // 是否启用 - Name string `field:"name"` // 名称 - Description string `field:"description"` // 描述 - Inbound dbs.JSON `field:"inbound"` // 入站规则 - Outbound dbs.JSON `field:"outbound"` // 出站规则 - BlockOptions dbs.JSON `field:"blockOptions"` // BLOCK选项 - CaptchaOptions dbs.JSON `field:"captchaOptions"` // 验证码选项 - Mode string `field:"mode"` // 模式 - UseLocalFirewall uint8 `field:"useLocalFirewall"` // 是否自动使用本地防火墙 - SynFlood dbs.JSON `field:"synFlood"` // SynFlood防御设置 - Log dbs.JSON `field:"log"` // 日志配置 + Id uint32 `field:"id"` // ID + TemplateId uint32 `field:"templateId"` // 模版ID + AdminId uint32 `field:"adminId"` // 管理员ID + UserId uint32 `field:"userId"` // 用户ID + ServerId uint32 `field:"serverId"` // 服务ID + GroupId uint32 `field:"groupId"` // 服务分组ID + State uint8 `field:"state"` // 状态 + CreatedAt uint64 `field:"createdAt"` // 创建时间 + IsOn bool `field:"isOn"` // 是否启用 + Name string `field:"name"` // 名称 + Description string `field:"description"` // 描述 + Inbound dbs.JSON `field:"inbound"` // 入站规则 + Outbound dbs.JSON `field:"outbound"` // 出站规则 + BlockOptions dbs.JSON `field:"blockOptions"` // BLOCK选项 + CaptchaOptions dbs.JSON `field:"captchaOptions"` // 验证码选项 + Mode string `field:"mode"` // 模式 + UseLocalFirewall uint8 `field:"useLocalFirewall"` // 是否自动使用本地防火墙 + SynFlood dbs.JSON `field:"synFlood"` // SynFlood防御设置 + Log dbs.JSON `field:"log"` // 日志配置 + MaxRequestBodySize uint32 `field:"maxRequestBodySize"` // 可以检查的最大请求内容尺寸 } type HTTPFirewallPolicyOperator struct { - Id interface{} // ID - TemplateId interface{} // 模版ID - AdminId interface{} // 管理员ID - UserId interface{} // 用户ID - ServerId interface{} // 服务ID - GroupId interface{} // 服务分组ID - State interface{} // 状态 - CreatedAt interface{} // 创建时间 - IsOn interface{} // 是否启用 - Name interface{} // 名称 - Description interface{} // 描述 - Inbound interface{} // 入站规则 - Outbound interface{} // 出站规则 - BlockOptions interface{} // BLOCK选项 - CaptchaOptions interface{} // 验证码选项 - Mode interface{} // 模式 - UseLocalFirewall interface{} // 是否自动使用本地防火墙 - SynFlood interface{} // SynFlood防御设置 - Log interface{} // 日志配置 + Id any // ID + TemplateId any // 模版ID + AdminId any // 管理员ID + UserId any // 用户ID + ServerId any // 服务ID + GroupId any // 服务分组ID + State any // 状态 + CreatedAt any // 创建时间 + IsOn any // 是否启用 + Name any // 名称 + Description any // 描述 + Inbound any // 入站规则 + Outbound any // 出站规则 + BlockOptions any // BLOCK选项 + CaptchaOptions any // 验证码选项 + Mode any // 模式 + UseLocalFirewall any // 是否自动使用本地防火墙 + SynFlood any // SynFlood防御设置 + Log any // 日志配置 + MaxRequestBodySize any // 可以检查的最大请求内容尺寸 } func NewHTTPFirewallPolicyOperator() *HTTPFirewallPolicyOperator { diff --git a/internal/rpc/services/service_http_firewall_policy.go b/internal/rpc/services/service_http_firewall_policy.go index c4583aa2..21b82dee 100644 --- a/internal/rpc/services/service_http_firewall_policy.go +++ b/internal/rpc/services/service_http_firewall_policy.go @@ -300,7 +300,12 @@ func (this *HTTPFirewallPolicyService) UpdateHTTPFirewallPolicy(ctx context.Cont } } - err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicy(tx, req.HttpFirewallPolicyId, req.IsOn, req.Name, req.Description, inboundConfigJSON, outboundConfigJSON, req.BlockOptionsJSON, req.CaptchaOptionsJSON, req.Mode, req.UseLocalFirewall, synFloodConfig, logConfig) + // MaxRequestBodySize + if req.MaxRequestBodySize < 0 { + req.MaxRequestBodySize = 0 + } + + err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicy(tx, req.HttpFirewallPolicyId, req.IsOn, req.Name, req.Description, inboundConfigJSON, outboundConfigJSON, req.BlockOptionsJSON, req.CaptchaOptionsJSON, req.Mode, req.UseLocalFirewall, synFloodConfig, logConfig, req.MaxRequestBodySize) if err != nil { return nil, err }