增加IP级别和WAF动作相关API

2025-11-18 20:00:25 +08:00 · 2021-02-06 17:38:04 +08:00
parent 4a50827089
commit 8d13ee1ce9
17 changed files with 447 additions and 140 deletions
--- a/internal/db/models/firewall_action_dao.go
+++ b/internal/db/models/firewall_action_dao.go
@@ -1,71 +0,0 @@
-package models
-
-import (
-	_ "github.com/go-sql-driver/mysql"
-	"github.com/iwind/TeaGo/Tea"
-	"github.com/iwind/TeaGo/dbs"
-)
-
-const (
-	FirewallActionStateEnabled  = 1 // 已启用
-	FirewallActionStateDisabled = 0 // 已禁用
-)
-
-type FirewallActionDAO dbs.DAO
-
-func NewFirewallActionDAO() *FirewallActionDAO {
-	return dbs.NewDAO(&FirewallActionDAO{
-		DAOObject: dbs.DAOObject{
-			DB:     Tea.Env,
-			Table:  "edgeFirewallActions",
-			Model:  new(FirewallAction),
-			PkName: "id",
-		},
-	}).(*FirewallActionDAO)
-}
-
-var SharedFirewallActionDAO *FirewallActionDAO
-
-func init() {
-	dbs.OnReady(func() {
-		SharedFirewallActionDAO = NewFirewallActionDAO()
-	})
-}
-
-// 启用条目
-func (this *FirewallActionDAO) EnableFirewallAction(tx *dbs.Tx, id uint32) error {
-	_, err := this.Query(tx).
-		Pk(id).
-		Set("state", FirewallActionStateEnabled).
-		Update()
-	return err
-}
-
-// 禁用条目
-func (this *FirewallActionDAO) DisableFirewallAction(tx *dbs.Tx, id uint32) error {
-	_, err := this.Query(tx).
-		Pk(id).
-		Set("state", FirewallActionStateDisabled).
-		Update()
-	return err
-}
-
-// 查找启用中的条目
-func (this *FirewallActionDAO) FindEnabledFirewallAction(tx *dbs.Tx, id uint32) (*FirewallAction, error) {
-	result, err := this.Query(tx).
-		Pk(id).
-		Attr("state", FirewallActionStateEnabled).
-		Find()
-	if result == nil {
-		return nil, err
-	}
-	return result.(*FirewallAction), err
-}
-
-// 根据主键查找名称
-func (this *FirewallActionDAO) FindFirewallActionName(tx *dbs.Tx, id uint32) (string, error) {
-	return this.Query(tx).
-		Pk(id).
-		Result("name").
-		FindStringCol("")
-}
--- a/internal/db/models/firewall_action_model.go
+++ b/internal/db/models/firewall_action_model.go
@@ -1,26 +0,0 @@
-package models
-
-// 防火墙动作
-type FirewallAction struct {
-	Id      uint32 `field:"id"`      // ID
-	AdminId uint32 `field:"adminId"` // 管理员ID
-	Name    string `field:"name"`    // 名称
-	Code    string `field:"code"`    // 快速查询代号
-	Type    string `field:"type"`    // 动作类型
-	Params  string `field:"params"`  // 参数
-	State   uint8  `field:"state"`   // 状态
-}
-
-type FirewallActionOperator struct {
-	Id      interface{} // ID
-	AdminId interface{} // 管理员ID
-	Name    interface{} // 名称
-	Code    interface{} // 快速查询代号
-	Type    interface{} // 动作类型
-	Params  interface{} // 参数
-	State   interface{} // 状态
-}
-
-func NewFirewallActionOperator() *FirewallActionOperator {
-	return &FirewallActionOperator{}
-}
--- a/internal/db/models/firewall_action_model_ext.go
+++ b/internal/db/models/firewall_action_model_ext.go
@@ -1 +0,0 @@
-package models
--- a/internal/db/models/ip_item_dao.go
+++ b/internal/db/models/ip_item_dao.go
@@ -87,7 +87,7 @@ func (this *IPItemDAO) FindEnabledIPItem(tx *dbs.Tx, id int64) (*IPItem, error)
 }

 // 创建IP
-func (this *IPItemDAO) CreateIPItem(tx *dbs.Tx, listId int64, ipFrom string, ipTo string, expiredAt int64, reason string, itemType IPItemType) (int64, error) {
+func (this *IPItemDAO) CreateIPItem(tx *dbs.Tx, listId int64, ipFrom string, ipTo string, expiredAt int64, reason string, itemType IPItemType, eventLevel string) (int64, error) {
 	version, err := SharedIPListDAO.IncreaseVersion(tx)
 	if err != nil {
 		return 0, err
@@ -101,6 +101,7 @@ func (this *IPItemDAO) CreateIPItem(tx *dbs.Tx, listId int64, ipFrom string, ipT
 	op.IpToLong = utils.IP2Long(ipTo)
 	op.Reason = reason
 	op.Type = itemType
+	op.EventLevel = eventLevel
 	op.Version = version
 	if expiredAt < 0 {
 		expiredAt = 0
@@ -121,7 +122,7 @@ func (this *IPItemDAO) CreateIPItem(tx *dbs.Tx, listId int64, ipFrom string, ipT
 }

 // 修改IP
-func (this *IPItemDAO) UpdateIPItem(tx *dbs.Tx, itemId int64, ipFrom string, ipTo string, expiredAt int64, reason string, itemType IPItemType) error {
+func (this *IPItemDAO) UpdateIPItem(tx *dbs.Tx, itemId int64, ipFrom string, ipTo string, expiredAt int64, reason string, itemType IPItemType, eventLevel string) error {
 	if itemId <= 0 {
 		return errors.New("invalid itemId")
 	}
@@ -150,6 +151,7 @@ func (this *IPItemDAO) UpdateIPItem(tx *dbs.Tx, itemId int64, ipFrom string, ipT
 	op.IpToLong = utils.IP2Long(ipTo)
 	op.Reason = reason
 	op.Type = itemType
+	op.EventLevel = eventLevel
 	if expiredAt < 0 {
 		expiredAt = 0
 	}
--- a/internal/db/models/ip_item_model.go
+++ b/internal/db/models/ip_item_model.go
@@ -13,7 +13,7 @@ type IPItem struct {
 	CreatedAt  uint64 `field:"createdAt"`  // 创建时间
 	UpdatedAt  uint64 `field:"updatedAt"`  // 修改时间
 	Reason     string `field:"reason"`     // 加入说明
-	Action     string `field:"action"`     // 动作代号
+	EventLevel string `field:"eventLevel"` // 事件级别
 	State      uint8  `field:"state"`      // 状态
 	ExpiredAt  uint64 `field:"expiredAt"`  // 过期时间
 }
@@ -30,7 +30,7 @@ type IPItemOperator struct {
 	CreatedAt  interface{} // 创建时间
 	UpdatedAt  interface{} // 修改时间
 	Reason     interface{} // 加入说明
-	Action     interface{} // 动作代号
+	EventLevel interface{} // 事件级别
 	State      interface{} // 状态
 	ExpiredAt  interface{} // 过期时间
 }
--- a/internal/db/models/ip_list_dao.go
+++ b/internal/db/models/ip_list_dao.go
@@ -15,6 +15,8 @@ const (
 	IPListStateDisabled = 0 // 已禁用
 )

+var listTypeCacheMap = map[int64]string{} // listId => type
+
 type IPListDAO dbs.DAO

 func NewIPListDAO() *IPListDAO {
@@ -74,6 +76,36 @@ func (this *IPListDAO) FindIPListName(tx *dbs.Tx, id int64) (string, error) {
 		FindStringCol("")
 }

+// 获取名单类型
+func (this *IPListDAO) FindIPListTypeCacheable(tx *dbs.Tx, listId int64) (string, error) {
+	// 检查缓存
+	SharedCacheLocker.RLock()
+	listType, ok := listTypeCacheMap[listId]
+	SharedCacheLocker.RUnlock()
+	if ok {
+		return listType, nil
+	}
+
+	listType, err := this.Query(tx).
+		Pk(listId).
+		Result("type").
+		FindStringCol("")
+	if err != nil {
+		return "", err
+	}
+
+	if len(listType) == 0 {
+		return "", nil
+	}
+
+	// 保存缓存
+	SharedCacheLocker.Lock()
+	listTypeCacheMap[listId] = listType
+	SharedCacheLocker.Unlock()
+
+	return listType, nil
+}
+
 // 创建名单
 func (this *IPListDAO) CreateIPList(tx *dbs.Tx, userId int64, listType ipconfigs.IPListType, name string, code string, timeoutJSON []byte) (int64, error) {
 	op := NewIPListOperator()
--- a/internal/db/models/node_cluster_firewall_action_dao.go
+++ b/internal/db/models/node_cluster_firewall_action_dao.go
@@ -0,0 +1,169 @@
+package models
+
+import (
+	"github.com/TeaOSLab/EdgeAPI/internal/errors"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	_ "github.com/go-sql-driver/mysql"
+	"github.com/iwind/TeaGo/Tea"
+	"github.com/iwind/TeaGo/dbs"
+	"github.com/iwind/TeaGo/maps"
+)
+
+const (
+	NodeClusterFirewallActionStateEnabled  = 1 // 已启用
+	NodeClusterFirewallActionStateDisabled = 0 // 已禁用
+)
+
+type NodeClusterFirewallActionDAO dbs.DAO
+
+func NewNodeClusterFirewallActionDAO() *NodeClusterFirewallActionDAO {
+	return dbs.NewDAO(&NodeClusterFirewallActionDAO{
+		DAOObject: dbs.DAOObject{
+			DB:     Tea.Env,
+			Table:  "edgeNodeClusterFirewallActions",
+			Model:  new(NodeClusterFirewallAction),
+			PkName: "id",
+		},
+	}).(*NodeClusterFirewallActionDAO)
+}
+
+var SharedNodeClusterFirewallActionDAO *NodeClusterFirewallActionDAO
+
+func init() {
+	dbs.OnReady(func() {
+		SharedNodeClusterFirewallActionDAO = NewNodeClusterFirewallActionDAO()
+	})
+}
+
+// 启用条目
+func (this *NodeClusterFirewallActionDAO) EnableFirewallAction(tx *dbs.Tx, id uint32) error {
+	_, err := this.Query(tx).
+		Pk(id).
+		Set("state", NodeClusterFirewallActionStateEnabled).
+		Update()
+	return err
+}
+
+// 禁用条目
+func (this *NodeClusterFirewallActionDAO) DisableFirewallAction(tx *dbs.Tx, actionId int64) error {
+	_, err := this.Query(tx).
+		Pk(actionId).
+		Set("state", NodeClusterFirewallActionStateDisabled).
+		Update()
+	if err != nil {
+		return err
+	}
+	return this.NotifyUpdate(tx, actionId)
+}
+
+// 查找启用中的条目
+func (this *NodeClusterFirewallActionDAO) FindEnabledFirewallAction(tx *dbs.Tx, actionId int64) (*NodeClusterFirewallAction, error) {
+	result, err := this.Query(tx).
+		Pk(actionId).
+		Attr("state", NodeClusterFirewallActionStateEnabled).
+		Find()
+	if result == nil {
+		return nil, err
+	}
+	return result.(*NodeClusterFirewallAction), err
+}
+
+// 根据主键查找名称
+func (this *NodeClusterFirewallActionDAO) FindFirewallActionName(tx *dbs.Tx, id uint32) (string, error) {
+	return this.Query(tx).
+		Pk(id).
+		Result("name").
+		FindStringCol("")
+}
+
+// 创建动作
+func (this *NodeClusterFirewallActionDAO) CreateFirewallAction(tx *dbs.Tx, adminId int64, clusterId int64, name string, eventLevel, actionType firewallconfigs.FirewallActionType, params maps.Map) (int64, error) {
+	if params == nil {
+		params = maps.Map{}
+	}
+
+	op := NewNodeClusterFirewallActionOperator()
+	op.AdminId = adminId
+	op.ClusterId = clusterId
+	op.Name = name
+	op.EventLevel = eventLevel
+	op.Type = actionType
+	op.Params = params.AsJSON()
+	op.State = NodeClusterFirewallActionStateEnabled
+	actionId, err := this.SaveInt64(tx, op)
+	if err != nil {
+		return 0, err
+	}
+	err = this.NotifyUpdate(tx, actionId)
+	if err != nil {
+		return 0, err
+	}
+	return actionId, nil
+}
+
+// 修改动作
+func (this *NodeClusterFirewallActionDAO) UpdateFirewallAction(tx *dbs.Tx, actionId int64, name string, eventLevel string, actionType firewallconfigs.FirewallActionType, params maps.Map) error {
+	if actionId <= 0 {
+		return errors.New("invalid actionId")
+	}
+
+	if params == nil {
+		params = maps.Map{}
+	}
+
+	op := NewNodeClusterFirewallActionOperator()
+	op.Id = actionId
+	op.Name = name
+	op.EventLevel = eventLevel
+	op.Type = actionType
+	op.Params = params.AsJSON()
+	_, err := this.SaveInt64(tx, op)
+	if err != nil {
+		return err
+	}
+	return this.NotifyUpdate(tx, actionId)
+}
+
+// 查找所有集群的动作
+func (this *NodeClusterFirewallActionDAO) FindAllEnabledFirewallActions(tx *dbs.Tx, clusterId int64) (result []*NodeClusterFirewallAction, err error) {
+	_, err = this.Query(tx).
+		Attr("clusterId", clusterId).
+		State(NodeClusterFirewallActionStateEnabled).
+		Slice(&result).
+		FindAll()
+	return
+}
+
+// 组合配置
+func (this *NodeClusterFirewallActionDAO) ComposeFirewallActionConfig(tx *dbs.Tx, action *NodeClusterFirewallAction) (*firewallconfigs.FirewallActionConfig, error) {
+	if action == nil {
+		return nil, nil
+	}
+	config := &firewallconfigs.FirewallActionConfig{}
+	config.Id = int64(action.Id)
+	config.Type = action.Type
+	config.EventLevel = action.EventLevel
+
+	params, err := action.DecodeParams()
+	if err != nil {
+		return nil, err
+	}
+	config.Params = params
+
+	return config, nil
+}
+
+// 通知更新
+func (this *NodeClusterFirewallActionDAO) NotifyUpdate(tx *dbs.Tx, actionId int64) error {
+	clusterId, err := this.Query(tx).
+		Pk(actionId).
+		Result("clusterId").
+		FindInt64Col(0)
+	if err != nil {
+		return err
+	}
+	if clusterId > 0 {
+		return SharedNodeClusterDAO.NotifyUpdate(tx, clusterId)
+	}
+	return nil
+}
--- a/internal/db/models/node_cluster_firewall_action_dao_test.go
+++ b/internal/db/models/node_cluster_firewall_action_dao_test.go
--- a/internal/db/models/node_cluster_firewall_action_model.go
+++ b/internal/db/models/node_cluster_firewall_action_model.go
@@ -0,0 +1,28 @@
+package models
+
+// 防火墙动作
+type NodeClusterFirewallAction struct {
+	Id         uint32 `field:"id"`         // ID
+	AdminId    uint32 `field:"adminId"`    // 管理员ID
+	ClusterId  uint32 `field:"clusterId"`  // 集群ID
+	Name       string `field:"name"`       // 名称
+	EventLevel string `field:"eventLevel"` // 级别
+	Type       string `field:"type"`       // 动作类型
+	Params     string `field:"params"`     // 参数
+	State      uint8  `field:"state"`      // 状态
+}
+
+type NodeClusterFirewallActionOperator struct {
+	Id         interface{} // ID
+	AdminId    interface{} // 管理员ID
+	ClusterId  interface{} // 集群ID
+	Name       interface{} // 名称
+	EventLevel interface{} // 级别
+	Type       interface{} // 动作类型
+	Params     interface{} // 参数
+	State      interface{} // 状态
+}
+
+func NewNodeClusterFirewallActionOperator() *NodeClusterFirewallActionOperator {
+	return &NodeClusterFirewallActionOperator{}
+}
--- a/internal/db/models/node_cluster_firewall_action_model_ext.go
+++ b/internal/db/models/node_cluster_firewall_action_model_ext.go
@@ -0,0 +1,19 @@
+package models
+
+import (
+	"encoding/json"
+	"github.com/iwind/TeaGo/maps"
+)
+
+// 解析参数
+func (this *NodeClusterFirewallAction) DecodeParams() (maps.Map, error) {
+	if IsNotNull(this.Params) {
+		params := maps.Map{}
+		err := json.Unmarshal([]byte(this.Params), &params)
+		if err != nil {
+			return nil, err
+		}
+		return params, nil
+	}
+	return maps.Map{}, nil
+}
--- a/internal/db/models/node_dao.go
+++ b/internal/db/models/node_dao.go
@@ -574,6 +574,21 @@ func (this *NodeDAO) ComposeNodeConfig(tx *dbs.Tx, nodeId int64) (*nodeconfigs.N
 		config.SystemServices = services
 	}

+	// 防火墙动作
+	actions, err := SharedNodeClusterFirewallActionDAO.FindAllEnabledFirewallActions(tx, clusterId)
+	if err != nil {
+		return nil, err
+	}
+	for _, action := range actions {
+		actionConfig, err := SharedNodeClusterFirewallActionDAO.ComposeFirewallActionConfig(tx, action)
+		if err != nil {
+			return nil, err
+		}
+		if actionConfig != nil {
+			config.FirewallActions = append(config.FirewallActions, actionConfig)
+		}
+	}
+
 	return config, nil
 }

--- a/internal/db/models/utils.go
+++ b/internal/db/models/utils.go
@@ -5,6 +5,7 @@ import (
 	"sync"
 )

+// 缓存专用Locker
 var SharedCacheLocker = sync.RWMutex{}

 // 处理JSON字节Slice