diff --git a/internal/apis/api_node.go b/internal/apis/api_node.go index 1c0388a4..b921c040 100644 --- a/internal/apis/api_node.go +++ b/internal/apis/api_node.go @@ -67,6 +67,7 @@ func (this *APINode) listenRPC() error { pb.RegisterHTTPPageServiceServer(rpcServer, &services.HTTPPageService{}) pb.RegisterHTTPAccessLogPolicyServiceServer(rpcServer, &services.HTTPAccessLogPolicyService{}) pb.RegisterHTTPCachePolicyServiceServer(rpcServer, &services.HTTPCachePolicyService{}) + pb.RegisterHTTPFirewallPolicyServiceServer(rpcServer, &services.HTTPFirewallPolicyService{}) err = rpcServer.Serve(listener) if err != nil { return errors.New("[API]start rpc failed: " + err.Error()) diff --git a/internal/db/models/http_firewall_policy_dao.go b/internal/db/models/http_firewall_policy_dao.go new file mode 100644 index 00000000..812e6e9d --- /dev/null +++ b/internal/db/models/http_firewall_policy_dao.go @@ -0,0 +1,75 @@ +package models + +import ( + _ "github.com/go-sql-driver/mysql" + "github.com/iwind/TeaGo/Tea" + "github.com/iwind/TeaGo/dbs" +) + +const ( + HTTPFirewallPolicyStateEnabled = 1 // 已启用 + HTTPFirewallPolicyStateDisabled = 0 // 已禁用 +) + +type HTTPFirewallPolicyDAO dbs.DAO + +func NewHTTPFirewallPolicyDAO() *HTTPFirewallPolicyDAO { + return dbs.NewDAO(&HTTPFirewallPolicyDAO{ + DAOObject: dbs.DAOObject{ + DB: Tea.Env, + Table: "edgeHTTPFirewallPolicies", + Model: new(HTTPFirewallPolicy), + PkName: "id", + }, + }).(*HTTPFirewallPolicyDAO) +} + +var SharedHTTPFirewallPolicyDAO = NewHTTPFirewallPolicyDAO() + +// 启用条目 +func (this *HTTPFirewallPolicyDAO) EnableHTTPFirewallPolicy(id int64) error { + _, err := this.Query(). + Pk(id). + Set("state", HTTPFirewallPolicyStateEnabled). + Update() + return err +} + +// 禁用条目 +func (this *HTTPFirewallPolicyDAO) DisableHTTPFirewallPolicy(id int64) error { + _, err := this.Query(). + Pk(id). + Set("state", HTTPFirewallPolicyStateDisabled). + Update() + return err +} + +// 查找启用中的条目 +func (this *HTTPFirewallPolicyDAO) FindEnabledHTTPFirewallPolicy(id int64) (*HTTPFirewallPolicy, error) { + result, err := this.Query(). + Pk(id). + Attr("state", HTTPFirewallPolicyStateEnabled). + Find() + if result == nil { + return nil, err + } + return result.(*HTTPFirewallPolicy), err +} + +// 根据主键查找名称 +func (this *HTTPFirewallPolicyDAO) FindHTTPFirewallPolicyName(id int64) (string, error) { + return this.Query(). + Pk(id). + Result("name"). + FindStringCol("") +} + +// 查找所有可用策略 +func (this *HTTPFirewallPolicyDAO) FindAllEnabledFirewallPolicies() (result []*HTTPFirewallPolicy, err error) { + _, err = this.Query(). + State(HTTPFirewallPolicyStateEnabled). + DescPk(). + Slice(&result). + FindAll() + return +} diff --git a/internal/db/models/http_firewall_policy_dao_test.go b/internal/db/models/http_firewall_policy_dao_test.go new file mode 100644 index 00000000..97c24b56 --- /dev/null +++ b/internal/db/models/http_firewall_policy_dao_test.go @@ -0,0 +1,5 @@ +package models + +import ( + _ "github.com/go-sql-driver/mysql" +) diff --git a/internal/db/models/http_firewall_policy_model.go b/internal/db/models/http_firewall_policy_model.go new file mode 100644 index 00000000..a45afda4 --- /dev/null +++ b/internal/db/models/http_firewall_policy_model.go @@ -0,0 +1,28 @@ +package models + +// HTTP防火墙 +type HTTPFirewallPolicy struct { + Id uint32 `field:"id"` // ID + TemplateId uint32 `field:"templateId"` // 模版ID + AdminId uint32 `field:"adminId"` // 管理员ID + UserId uint32 `field:"userId"` // 用户ID + State uint8 `field:"state"` // 状态 + CreatedAt uint64 `field:"createdAt"` // 创建时间 + IsOn uint8 `field:"isOn"` // 是否启用 + Name string `field:"name"` // 名称 +} + +type HTTPFirewallPolicyOperator struct { + Id interface{} // ID + TemplateId interface{} // 模版ID + AdminId interface{} // 管理员ID + UserId interface{} // 用户ID + State interface{} // 状态 + CreatedAt interface{} // 创建时间 + IsOn interface{} // 是否启用 + Name interface{} // 名称 +} + +func NewHTTPFirewallPolicyOperator() *HTTPFirewallPolicyOperator { + return &HTTPFirewallPolicyOperator{} +} diff --git a/internal/db/models/http_firewall_policy_model_ext.go b/internal/db/models/http_firewall_policy_model_ext.go new file mode 100644 index 00000000..2640e7f9 --- /dev/null +++ b/internal/db/models/http_firewall_policy_model_ext.go @@ -0,0 +1 @@ +package models diff --git a/internal/db/models/http_web_dao.go b/internal/db/models/http_web_dao.go index 28a9deb9..9ae66ced 100644 --- a/internal/db/models/http_web_dao.go +++ b/internal/db/models/http_web_dao.go @@ -174,6 +174,16 @@ func (this *HTTPWebDAO) ComposeWebConfig(webId int64) (*serverconfigs.HTTPWebCon config.CacheRef = cacheRef } + // 防火墙配置 + if IsNotNull(web.Firewall) { + firewallRef := &serverconfigs.HTTPFirewallRef{} + err = json.Unmarshal([]byte(web.Firewall), firewallRef) + if err != nil { + return nil, err + } + config.FirewallRef = firewallRef + } + // TODO 更多配置 return config, nil @@ -351,6 +361,22 @@ func (this *HTTPWebDAO) UpdateWebCache(webId int64, cacheJSON []byte) error { return this.NotifyUpdating(webId) } +// 更改防火墙配置 +func (this *HTTPWebDAO) UpdateWebFirewall(webId int64, firewallJSON []byte) error { + if webId <= 0 { + return errors.New("invalid webId") + } + op := NewHTTPWebOperator() + op.Id = webId + op.Firewall = JSONBytes(firewallJSON) + _, err := this.Save(op) + if err != nil { + return err + } + + return this.NotifyUpdating(webId) +} + // 通知更新 func (this *HTTPWebDAO) NotifyUpdating(webId int64) error { err := SharedServerDAO.UpdateServerIsUpdatingWithWebId(webId) diff --git a/internal/db/models/http_web_model.go b/internal/db/models/http_web_model.go index 14e6a39d..a547b515 100644 --- a/internal/db/models/http_web_model.go +++ b/internal/db/models/http_web_model.go @@ -22,6 +22,7 @@ type HTTPWeb struct { Stat string `field:"stat"` // 统计配置 Gzip string `field:"gzip"` // Gzip配置 Cache string `field:"cache"` // 缓存配置 + Firewall string `field:"firewall"` // 防火墙设置 } type HTTPWebOperator struct { @@ -45,6 +46,7 @@ type HTTPWebOperator struct { Stat interface{} // 统计配置 Gzip interface{} // Gzip配置 Cache interface{} // 缓存配置 + Firewall interface{} // 防火墙设置 } func NewHTTPWebOperator() *HTTPWebOperator { diff --git a/internal/rpc/services/service_http_firewall_policy.go b/internal/rpc/services/service_http_firewall_policy.go new file mode 100644 index 00000000..c220332d --- /dev/null +++ b/internal/rpc/services/service_http_firewall_policy.go @@ -0,0 +1,36 @@ +package services + +import ( + "context" + "github.com/TeaOSLab/EdgeAPI/internal/db/models" + rpcutils "github.com/TeaOSLab/EdgeAPI/internal/rpc/utils" + "github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb" +) + +type HTTPFirewallPolicyService struct { +} + +// 获取所有可用策略 +func (this *HTTPFirewallPolicyService) FindAllEnabledHTTPFirewallPolicies(ctx context.Context, req *pb.FindAllEnabledHTTPFirewallPoliciesRequest) (*pb.FindAllEnabledHTTPFirewallPoliciesResponse, error) { + // 校验请求 + _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + if err != nil { + return nil, err + } + + policies, err := models.SharedHTTPFirewallPolicyDAO.FindAllEnabledFirewallPolicies() + if err != nil { + return nil, err + } + + result := []*pb.HTTPFirewallPolicy{} + for _, p := range policies { + result = append(result, &pb.HTTPFirewallPolicy{ + Id: int64(p.Id), + Name: p.Name, + IsOn: p.IsOn == 1, + }) + } + + return &pb.FindAllEnabledHTTPFirewallPoliciesResponse{FirewallPolicies: result}, nil +} diff --git a/internal/rpc/services/service_http_web.go b/internal/rpc/services/service_http_web.go index 2b5b21a1..c7dc147b 100644 --- a/internal/rpc/services/service_http_web.go +++ b/internal/rpc/services/service_http_web.go @@ -207,3 +207,20 @@ func (this *HTTPWebService) UpdateHTTPCache(ctx context.Context, req *pb.UpdateH return rpcutils.RPCUpdateSuccess() } + + +// 更改防火墙设置 +func (this *HTTPWebService) UpdateHTTPFirewall(ctx context.Context, req *pb.UpdateHTTPFirewallRequest) (*pb.RPCUpdateSuccess, error) { + // 校验请求 + _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + if err != nil { + return nil, err + } + + err = models.SharedHTTPWebDAO.UpdateWebFirewall(req.WebId, req.FirewallJSON) + if err != nil { + return nil, err + } + + return rpcutils.RPCUpdateSuccess() +} \ No newline at end of file