增加为WAF分组添加规则集的API

2025-12-15 15:16:34 +08:00 · 2021-10-25 12:01:16 +08:00
parent ba638d4e1d
commit c196a85a59
4 changed files with 99 additions and 5 deletions
--- a/internal/rpc/services/service_http_firewall_rule_group.go
+++ b/internal/rpc/services/service_http_firewall_rule_group.go
@@ -4,7 +4,9 @@ import (
 	"context"
 	"encoding/json"
 	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
+	"github.com/TeaOSLab/EdgeAPI/internal/errors"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
 )

 // HTTPFirewallRuleGroupService WAF规则分组相关服务
@@ -167,7 +169,7 @@ func (this *HTTPFirewallRuleGroupService) UpdateHTTPFirewallRuleGroupSets(ctx co
 			return nil, err
 		}
 	}
-	
+
 	tx := this.NullTx()

 	err = models.SharedHTTPFirewallRuleGroupDAO.UpdateGroupSets(tx, req.GetFirewallRuleGroupId(), req.FirewallRuleSetsJSON)
@@ -176,3 +178,65 @@ func (this *HTTPFirewallRuleGroupService) UpdateHTTPFirewallRuleGroupSets(ctx co
 	}
 	return this.Success()
 }
+
+// AddHTTPFirewallRuleGroupSet 添加规则集
+func (this *HTTPFirewallRuleGroupService) AddHTTPFirewallRuleGroupSet(ctx context.Context, req *pb.AddHTTPFirewallRuleGroupSetRequest) (*pb.RPCSuccess, error) {
+	// 校验请求
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
+	if err != nil {
+		return nil, err
+	}
+
+	if userId > 0 {
+		// 校验权限
+		err = models.SharedHTTPFirewallRuleGroupDAO.CheckUserRuleGroup(nil, userId, req.FirewallRuleGroupId)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	tx := this.NullTx()
+
+	// 已经有的规则
+	config, err := models.SharedHTTPFirewallRuleGroupDAO.ComposeFirewallRuleGroup(tx, req.FirewallRuleGroupId)
+	if err != nil {
+		return nil, err
+	}
+	if config == nil {
+		return nil, errors.New("can not find group")
+	}
+	var setRefs = config.SetRefs
+
+	var set = &firewallconfigs.HTTPFirewallRuleSet{}
+	err = json.Unmarshal(req.FirewallRuleSetConfigJSON, set)
+	if err != nil {
+		return nil, err
+	}
+
+	if set.Id > 0 {
+		setRefs = append(setRefs, &firewallconfigs.HTTPFirewallRuleSetRef{
+			IsOn:  true,
+			SetId: set.Id,
+		})
+	} else {
+		setId, err := models.SharedHTTPFirewallRuleSetDAO.CreateOrUpdateSetFromConfig(tx, set)
+		if err != nil {
+			return nil, err
+		}
+		setRefs = append(setRefs, &firewallconfigs.HTTPFirewallRuleSetRef{
+			IsOn:  true,
+			SetId: setId,
+		})
+	}
+
+	setRefsJSON, err := json.Marshal(setRefs)
+	if err != nil {
+		return nil, err
+	}
+
+	err = models.SharedHTTPFirewallRuleGroupDAO.UpdateGroupSets(tx, req.FirewallRuleGroupId, setRefsJSON)
+	if err != nil {
+		return nil, err
+	}
+	return this.Success()
+}