WAF策略增加JSCookie动作选项

internal/db/models/http_firewall_policy_dao.go

@@ -134,7 +134,7 @@ func (this *HTTPFirewallPolicyDAO) CreateFirewallPolicy(tx *dbs.Tx, userId int64
 
 	if userId <= 0 && serverGroupId <= 0 && serverId <= 0 {
 		// synFlood
-		var synFloodConfig = firewallconfigs.DefaultSYNFloodConfig()
+		var synFloodConfig = firewallconfigs.NewSYNFloodConfig()
 		synFloodJSON, err := json.Marshal(synFloodConfig)
 		if err != nil {
 			return 0, err
@@ -142,7 +142,7 @@ func (this *HTTPFirewallPolicyDAO) CreateFirewallPolicy(tx *dbs.Tx, userId int64
 		op.SynFlood = synFloodJSON
 
 		// block options
-		var blockOptions = firewallconfigs.DefaultHTTPFirewallBlockAction()
+		var blockOptions = firewallconfigs.NewHTTPFirewallBlockAction()
 		blockOptionsJSON, err := json.Marshal(blockOptions)
 		if err != nil {
 			return 0, err
@@ -150,7 +150,7 @@ func (this *HTTPFirewallPolicyDAO) CreateFirewallPolicy(tx *dbs.Tx, userId int64
 		op.BlockOptions = blockOptionsJSON
 
 		// page options
-		var pageOptions = firewallconfigs.DefaultHTTPFirewallPageAction()
+		var pageOptions = firewallconfigs.NewHTTPFirewallPageAction()
 		pageOptionsJSON, err := json.Marshal(pageOptions)
 		if err != nil {
 			return 0, err
@@ -158,12 +158,20 @@ func (this *HTTPFirewallPolicyDAO) CreateFirewallPolicy(tx *dbs.Tx, userId int64
 		op.PageOptions = pageOptionsJSON
 
 		// captcha options
-		var captchaOptions = firewallconfigs.DefaultHTTPFirewallCaptchaAction()
+		var captchaOptions = firewallconfigs.NewHTTPFirewallCaptchaAction()
 		captchaOptionsJSON, err := json.Marshal(captchaOptions)
 		if err != nil {
 			return 0, err
 		}
 		op.CaptchaOptions = captchaOptionsJSON
+
+		// jscookie options
+		var jsCookieOptions = firewallconfigs.NewHTTPFirewallJavascriptCookieAction()
+		jsCookieOptionsJSON, err := json.Marshal(jsCookieOptions)
+		if err != nil {
+			return 0, err
+		}
+		op.JsCookieOptions = jsCookieOptionsJSON
 	}
 
 	err := this.Save(tx, op)
@@ -323,6 +331,7 @@ func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicy(tx *dbs.Tx,
 	blockOptionsJSON []byte,
 	pageOptionsJSON []byte,
 	captchaOptionsJSON []byte,
+	jsCookieOptionsJSON []byte,
 	mode firewallconfigs.FirewallMode,
 	useLocalFirewall bool,
 	synFloodConfig *firewallconfigs.SYNFloodConfig,
@@ -358,6 +367,9 @@ func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicy(tx *dbs.Tx,
 	if IsNotNull(captchaOptionsJSON) {
 		op.CaptchaOptions = captchaOptionsJSON
 	}
+	if IsNotNull(jsCookieOptionsJSON) {
+		op.JsCookieOptions = jsCookieOptionsJSON
+	}
 
 	if synFloodConfig != nil {
 		synFloodConfigJSON, err := json.Marshal(synFloodConfig)
@@ -528,7 +540,7 @@ func (this *HTTPFirewallPolicyDAO) ComposeFirewallPolicy(tx *dbs.Tx, policyId in
 
 	// Block动作配置
 	if IsNotNull(policy.BlockOptions) {
-		var blockAction = &firewallconfigs.HTTPFirewallBlockAction{}
+		var blockAction = firewallconfigs.NewHTTPFirewallBlockAction()
 		err = json.Unmarshal(policy.BlockOptions, blockAction)
 		if err != nil {
 			return config, err
@@ -538,7 +550,7 @@ func (this *HTTPFirewallPolicyDAO) ComposeFirewallPolicy(tx *dbs.Tx, policyId in
 
 	// Page动作配置
 	if IsNotNull(policy.PageOptions) {
-		var pageAction = firewallconfigs.DefaultHTTPFirewallPageAction()
+		var pageAction = firewallconfigs.NewHTTPFirewallPageAction()
 		err = json.Unmarshal(policy.PageOptions, pageAction)
 		if err != nil {
 			return config, err
@@ -548,7 +560,7 @@ func (this *HTTPFirewallPolicyDAO) ComposeFirewallPolicy(tx *dbs.Tx, policyId in
 
 	// Captcha动作配置
 	if IsNotNull(policy.CaptchaOptions) {
-		var captchaAction = &firewallconfigs.HTTPFirewallCaptchaAction{}
+		var captchaAction = firewallconfigs.NewHTTPFirewallCaptchaAction()
 		err = json.Unmarshal(policy.CaptchaOptions, captchaAction)
 		if err != nil {
 			return config, err
@@ -556,6 +568,16 @@ func (this *HTTPFirewallPolicyDAO) ComposeFirewallPolicy(tx *dbs.Tx, policyId in
 		config.CaptchaOptions = captchaAction
 	}
 
+	// JSCookie动作配置
+	if IsNotNull(policy.JsCookieOptions) {
+		var jsCookieAction = firewallconfigs.NewHTTPFirewallJavascriptCookieAction()
+		err = json.Unmarshal(policy.JsCookieOptions, jsCookieAction)
+		if err != nil {
+			return config, err
+		}
+		config.JSCookieOptions = jsCookieAction
+	}
+
 	// syn flood
 	if IsNotNull(policy.SynFlood) {
 		var synFloodConfig = &firewallconfigs.SYNFloodConfig{}

internal/db/models/http_firewall_policy_model.go

@@ -19,6 +19,7 @@ const (
 	HTTPFirewallPolicyField_BlockOptions       dbs.FieldName = "blockOptions"       // BLOCK动作选项
 	HTTPFirewallPolicyField_PageOptions        dbs.FieldName = "pageOptions"        // PAGE动作选项
 	HTTPFirewallPolicyField_CaptchaOptions     dbs.FieldName = "captchaOptions"     // 验证码动作选项
+	HTTPFirewallPolicyField_JsCookieOptions    dbs.FieldName = "jsCookieOptions"    // JSCookie动作选项
 	HTTPFirewallPolicyField_Mode               dbs.FieldName = "mode"               // 模式
 	HTTPFirewallPolicyField_UseLocalFirewall   dbs.FieldName = "useLocalFirewall"   // 是否自动使用本地防火墙
 	HTTPFirewallPolicyField_SynFlood           dbs.FieldName = "synFlood"           // SynFlood防御设置
@@ -46,6 +47,7 @@ type HTTPFirewallPolicy struct {
 	BlockOptions       dbs.JSON `field:"blockOptions"`       // BLOCK动作选项
 	PageOptions        dbs.JSON `field:"pageOptions"`        // PAGE动作选项
 	CaptchaOptions     dbs.JSON `field:"captchaOptions"`     // 验证码动作选项
+	JsCookieOptions    dbs.JSON `field:"jsCookieOptions"`    // JSCookie动作选项
 	Mode               string   `field:"mode"`               // 模式
 	UseLocalFirewall   uint8    `field:"useLocalFirewall"`   // 是否自动使用本地防火墙
 	SynFlood           dbs.JSON `field:"synFlood"`           // SynFlood防御设置
@@ -72,6 +74,7 @@ type HTTPFirewallPolicyOperator struct {
 	BlockOptions       any // BLOCK动作选项
 	PageOptions        any // PAGE动作选项
 	CaptchaOptions     any // 验证码动作选项
+	JsCookieOptions    any // JSCookie动作选项
 	Mode               any // 模式
 	UseLocalFirewall   any // 是否自动使用本地防火墙
 	SynFlood           any // SynFlood防御设置