实现WAF策略部分功能

internal/db/models/http_firewall_policy_dao.go

@@ -1,9 +1,13 @@
 package models
 
 import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAPI/internal/errors"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/dbs"
+	"github.com/iwind/TeaGo/types"
 )
 
 const (
@@ -87,3 +91,159 @@ func (this *HTTPFirewallPolicyDAO) FindAllEnabledFirewallPolicies() (result []*H
 		FindAll()
 	return
 }
+
+// 创建策略
+func (this *HTTPFirewallPolicyDAO) CreateFirewallPolicy(isOn bool, name string, description string, inboundJSON []byte, outboundJSON []byte) (int64, error) {
+	op := NewHTTPFirewallPolicyOperator()
+	op.State = HTTPFirewallPolicyStateEnabled
+	op.IsOn = isOn
+	op.Name = name
+	op.Description = description
+	if len(inboundJSON) > 0 {
+		op.Inbound = inboundJSON
+	}
+	if len(outboundJSON) > 0 {
+		op.Outbound = outboundJSON
+	}
+	_, err := this.Save(op)
+	return types.Int64(op.Id), err
+}
+
+// 修改策略的Inbound和Outbound
+func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicyInboundAndOutbound(policyId int64, inboundJSON []byte, outboundJSON []byte) error {
+	if policyId <= 0 {
+		return errors.New("invalid policyId")
+	}
+	op := NewHTTPFirewallPolicyOperator()
+	op.Id = policyId
+	if len(inboundJSON) > 0 {
+		op.Inbound = inboundJSON
+	} else {
+		op.Inbound = "null"
+	}
+	if len(outboundJSON) > 0 {
+		op.Outbound = outboundJSON
+	} else {
+		op.Outbound = "null"
+	}
+	_, err := this.Save(op)
+	return err
+}
+
+// 修改策略
+func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicy(policyId int64, isOn bool, name string, description string, inboundJSON []byte, outboundJSON []byte) error {
+	if policyId <= 0 {
+		return errors.New("invalid policyId")
+	}
+	op := NewHTTPFirewallPolicyOperator()
+	op.Id = policyId
+	op.IsOn = isOn
+	op.Name = name
+	op.Description = description
+	if len(inboundJSON) > 0 {
+		op.Inbound = inboundJSON
+	} else {
+		op.Inbound = "null"
+	}
+	if len(outboundJSON) > 0 {
+		op.Outbound = outboundJSON
+	} else {
+		op.Outbound = "null"
+	}
+	_, err := this.Save(op)
+	return err
+}
+
+// 计算所有可用的策略数量
+func (this *HTTPFirewallPolicyDAO) CountAllEnabledFirewallPolicies() (int64, error) {
+	return this.Query().
+		State(HTTPFirewallPolicyStateEnabled).
+		Count()
+}
+
+// 列出单页的策略
+func (this *HTTPFirewallPolicyDAO) ListEnabledFirewallPolicies(offset int64, size int64) (result []*HTTPFirewallPolicy, err error) {
+	_, err = this.Query().
+		State(HTTPFirewallPolicyStateEnabled).
+		Offset(offset).
+		Limit(size).
+		DescPk().
+		Slice(&result).
+		FindAll()
+	return
+}
+
+// 组合策略配置
+func (this *HTTPFirewallPolicyDAO) ComposeFirewallPolicy(policyId int64) (*firewallconfigs.HTTPFirewallPolicy, error) {
+	policy, err := this.FindEnabledHTTPFirewallPolicy(policyId)
+	if err != nil {
+		return nil, err
+	}
+	if policy == nil {
+		return nil, nil
+	}
+
+	config := &firewallconfigs.HTTPFirewallPolicy{}
+	config.Id = int64(policy.Id)
+	config.IsOn = policy.IsOn == 1
+	config.Name = policy.Name
+	config.Description = policy.Description
+
+	// Inbound
+	if IsNotNull(policy.Inbound) {
+		inbound := &firewallconfigs.HTTPFirewallInboundConfig{}
+		err = json.Unmarshal([]byte(policy.Inbound), inbound)
+		if err != nil {
+			return nil, err
+		}
+		if len(inbound.GroupRefs) > 0 {
+			resultGroupRefs := []*firewallconfigs.HTTPFirewallRuleGroupRef{}
+			resultGroups := []*firewallconfigs.HTTPFirewallRuleGroup{}
+
+			for _, groupRef := range inbound.GroupRefs {
+				groupConfig, err := SharedHTTPFirewallRuleGroupDAO.ComposeFirewallRuleGroup(groupRef.GroupId)
+				if err != nil {
+					return nil, err
+				}
+				if groupConfig != nil {
+					resultGroupRefs = append(resultGroupRefs, groupRef)
+					resultGroups = append(resultGroups, groupConfig)
+				}
+			}
+
+			inbound.GroupRefs = resultGroupRefs
+			inbound.Groups = resultGroups
+		}
+		config.Inbound = inbound
+	}
+
+	// Outbound
+	if IsNotNull(policy.Outbound) {
+		outbound := &firewallconfigs.HTTPFirewallOutboundConfig{}
+		err = json.Unmarshal([]byte(policy.Outbound), outbound)
+		if err != nil {
+			return nil, err
+		}
+		if len(outbound.GroupRefs) > 0 {
+			resultGroupRefs := []*firewallconfigs.HTTPFirewallRuleGroupRef{}
+			resultGroups := []*firewallconfigs.HTTPFirewallRuleGroup{}
+
+			for _, groupRef := range outbound.GroupRefs {
+				groupConfig, err := SharedHTTPFirewallRuleGroupDAO.ComposeFirewallRuleGroup(groupRef.GroupId)
+				if err != nil {
+					return nil, err
+				}
+				if groupConfig != nil {
+					resultGroupRefs = append(resultGroupRefs, groupRef)
+					resultGroups = append(resultGroups, groupConfig)
+				}
+			}
+
+			outbound.GroupRefs = resultGroupRefs
+			outbound.Groups = resultGroups
+		}
+		config.Outbound = outbound
+	}
+
+	return config, nil
+}