TRKJ/EdgeAPI
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeAPI.git synced 2025-12-18 17:36:34 +08:00
Code Issues Packages Projects Releases Wiki Activity

IP测试时同时也检查绑定的IP名单

Browse Source
This commit is contained in:
GoEdgeLab
2021-07-13 15:49:16 +08:00
parent 8962b6a0bb
commit 9c94c1df5f
1 changed files with 92 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
internal/rpc/services/service_http_firewall_policy.go
View File

@@ -667,17 +667,40 @@ func (this *HTTPFirewallPolicyService) CheckHTTPFirewallPolicyIPStatus(ctx conte
firewallPolicy.Inbound.AllowListRef != nil && firewallPolicy.Inbound.AllowListRef != nil &&
firewallPolicy.Inbound.AllowListRef.IsOn && firewallPolicy.Inbound.AllowListRef.IsOn &&
firewallPolicy.Inbound.AllowListRef.ListId > 0 { firewallPolicy.Inbound.AllowListRef.ListId > 0 {
item, err := models.SharedIPItemDAO.FindEnabledItemContainsIP(tx, firewallPolicy.Inbound.AllowListRef.ListId, ipLong)
var listIds = []int64{}
if firewallPolicy.Inbound.AllowListRef.ListId > 0 {
listIds = append(listIds, firewallPolicy.Inbound.AllowListRef.ListId)
}
if len(firewallPolicy.Inbound.PublicAllowListRefs) > 0 {
for _, ref := range firewallPolicy.Inbound.PublicAllowListRefs {
if !ref.IsOn {
continue
}
listIds = append(listIds, ref.ListId)
}
}
for _, listId := range listIds {
item, err := models.SharedIPItemDAO.FindEnabledItemContainsIP(tx, listId, ipLong)
if err != nil { if err != nil {
return nil, err return nil, err
} }
if item != nil { if item != nil {
listName, err := models.SharedIPListDAO.FindIPListName(tx, listId)
if err != nil {
return nil, err
}
if len(listName) == 0 {
listName = "白名单"
}
return &pb.CheckHTTPFirewallPolicyIPStatusResponse{ return &pb.CheckHTTPFirewallPolicyIPStatusResponse{
IsOk: true, IsOk: true,
Error: "", Error: "",
IsFound: true, IsFound: true,
IsAllowed: true, IsAllowed: true,
IpList: &pb.IPList{Name: "白名单", Id: firewallPolicy.Inbound.AllowListRef.ListId}, IpList: &pb.IPList{Name: listName, Id: listId},
IpItem: &pb.IPItem{ IpItem: &pb.IPItem{
Id: int64(item.Id), Id: int64(item.Id),
IpFrom: item.IpFrom, IpFrom: item.IpFrom,
@@ -692,6 +715,7 @@ func (this *HTTPFirewallPolicyService) CheckHTTPFirewallPolicyIPStatus(ctx conte
}, nil }, nil
} }
} }
}
// 检查黑名单 // 检查黑名单
if firewallPolicy.Inbound != nil && if firewallPolicy.Inbound != nil &&
@@ -699,17 +723,40 @@ func (this *HTTPFirewallPolicyService) CheckHTTPFirewallPolicyIPStatus(ctx conte
firewallPolicy.Inbound.AllowListRef != nil && firewallPolicy.Inbound.AllowListRef != nil &&
firewallPolicy.Inbound.AllowListRef.IsOn && firewallPolicy.Inbound.AllowListRef.IsOn &&
firewallPolicy.Inbound.AllowListRef.ListId > 0 { firewallPolicy.Inbound.AllowListRef.ListId > 0 {
item, err := models.SharedIPItemDAO.FindEnabledItemContainsIP(tx, firewallPolicy.Inbound.DenyListRef.ListId, ipLong)
var listIds = []int64{}
if firewallPolicy.Inbound.DenyListRef.ListId > 0 {
listIds = append(listIds, firewallPolicy.Inbound.DenyListRef.ListId)
}
if len(firewallPolicy.Inbound.PublicDenyListRefs) > 0 {
for _, ref := range firewallPolicy.Inbound.PublicDenyListRefs {
if !ref.IsOn {
continue
}
listIds = append(listIds, ref.ListId)
}
}
for _, listId := range listIds {
item, err := models.SharedIPItemDAO.FindEnabledItemContainsIP(tx, listId, ipLong)
if err != nil { if err != nil {
return nil, err return nil, err
} }
if item != nil { if item != nil {
listName, err := models.SharedIPListDAO.FindIPListName(tx, listId)
if err != nil {
return nil, err
}
if len(listName) == 0 {
listName = "黑名单"
}
return &pb.CheckHTTPFirewallPolicyIPStatusResponse{ return &pb.CheckHTTPFirewallPolicyIPStatusResponse{
IsOk: true, IsOk: true,
Error: "", Error: "",
IsFound: true, IsFound: true,
IsAllowed: false, IsAllowed: false,
IpList: &pb.IPList{Name: "黑名单", Id: firewallPolicy.Inbound.DenyListRef.ListId}, IpList: &pb.IPList{Name: listName, Id: listId},
IpItem: &pb.IPItem{ IpItem: &pb.IPItem{
Id: int64(item.Id), Id: int64(item.Id),
IpFrom: item.IpFrom, IpFrom: item.IpFrom,
@@ -724,6 +771,7 @@ func (this *HTTPFirewallPolicyService) CheckHTTPFirewallPolicyIPStatus(ctx conte
}, nil }, nil
} }
} }
}
// 检查封禁的地区和省份 // 检查封禁的地区和省份
info, err := iplibrary.SharedLibrary.Lookup(req.Ip) info, err := iplibrary.SharedLibrary.Lookup(req.Ip)