TRKJ/EdgeAPI
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeAPI.git synced 2025-11-06 10:00:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

增加为WAF分组添加规则集的API

Browse Source
This commit is contained in:
刘祥超
2021-10-25 12:01:16 +08:00
parent ba638d4e1d
commit c196a85a59
4 changed files with 99 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
internal/db/models/http_firewall_rule_group_dao.go
View File

@@ -194,13 +194,13 @@ func (this *HTTPFirewallRuleGroupDAO) UpdateGroup(tx *dbs.Tx, groupId int64, isO
} }
// UpdateGroupSets 修改分组中的规则集 // UpdateGroupSets 修改分组中的规则集
func (this *HTTPFirewallRuleGroupDAO) UpdateGroupSets(tx *dbs.Tx, groupId int64, setsJSON []byte) error { func (this *HTTPFirewallRuleGroupDAO) UpdateGroupSets(tx *dbs.Tx, groupId int64, setRefsJSON []byte) error {
if groupId <= 0 { if groupId <= 0 {
return errors.New("invalid groupId") return errors.New("invalid groupId")
} }
op := NewHTTPFirewallRuleGroupOperator() op := NewHTTPFirewallRuleGroupOperator()
op.Id = groupId op.Id = groupId
op.Sets = setsJSON op.Sets = setRefsJSON
err := this.Save(tx, op) err := this.Save(tx, op)
if err != nil { if err != nil {
return err return err

66
internal/rpc/services/service_http_firewall_rule_group.go
View File

@@ -4,7 +4,9 @@ import (
"context" "context"
"encoding/json" "encoding/json"
"github.com/TeaOSLab/EdgeAPI/internal/db/models" "github.com/TeaOSLab/EdgeAPI/internal/db/models"
"github.com/TeaOSLab/EdgeAPI/internal/errors"
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb" "github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
) )
// HTTPFirewallRuleGroupService WAF规则分组相关服务 // HTTPFirewallRuleGroupService WAF规则分组相关服务
@@ -167,7 +169,7 @@ func (this *HTTPFirewallRuleGroupService) UpdateHTTPFirewallRuleGroupSets(ctx co
return nil, err return nil, err
} }
} }
tx := this.NullTx() tx := this.NullTx()
err = models.SharedHTTPFirewallRuleGroupDAO.UpdateGroupSets(tx, req.GetFirewallRuleGroupId(), req.FirewallRuleSetsJSON) err = models.SharedHTTPFirewallRuleGroupDAO.UpdateGroupSets(tx, req.GetFirewallRuleGroupId(), req.FirewallRuleSetsJSON)
@@ -176,3 +178,65 @@ func (this *HTTPFirewallRuleGroupService) UpdateHTTPFirewallRuleGroupSets(ctx co
} }
return this.Success() return this.Success()
} }
// AddHTTPFirewallRuleGroupSet 添加规则集
func (this *HTTPFirewallRuleGroupService) AddHTTPFirewallRuleGroupSet(ctx context.Context, req *pb.AddHTTPFirewallRuleGroupSetRequest) (*pb.RPCSuccess, error) {
// 校验请求
_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
if err != nil {
return nil, err
}
if userId > 0 {
// 校验权限
err = models.SharedHTTPFirewallRuleGroupDAO.CheckUserRuleGroup(nil, userId, req.FirewallRuleGroupId)
if err != nil {
return nil, err
}
}
tx := this.NullTx()
// 已经有的规则
config, err := models.SharedHTTPFirewallRuleGroupDAO.ComposeFirewallRuleGroup(tx, req.FirewallRuleGroupId)
if err != nil {
return nil, err
}
if config == nil {
return nil, errors.New("can not find group")
}
var setRefs = config.SetRefs
var set = &firewallconfigs.HTTPFirewallRuleSet{}
err = json.Unmarshal(req.FirewallRuleSetConfigJSON, set)
if err != nil {
return nil, err
}
if set.Id > 0 {
setRefs = append(setRefs, &firewallconfigs.HTTPFirewallRuleSetRef{
IsOn: true,
SetId: set.Id,
})
} else {
setId, err := models.SharedHTTPFirewallRuleSetDAO.CreateOrUpdateSetFromConfig(tx, set)
if err != nil {
return nil, err
}
setRefs = append(setRefs, &firewallconfigs.HTTPFirewallRuleSetRef{
IsOn: true,
SetId: setId,
})
}
setRefsJSON, err := json.Marshal(setRefs)
if err != nil {
return nil, err
}
err = models.SharedHTTPFirewallRuleGroupDAO.UpdateGroupSets(tx, req.FirewallRuleGroupId, setRefsJSON)
if err != nil {
return nil, err
}
return this.Success()
}

14
internal/setup/sql_upgrade.go
View File

@@ -56,6 +56,9 @@ var upgradeFuncs = []*upgradeVersion{
{ {
"0.3.2", upgradeV0_3_2, "0.3.2", upgradeV0_3_2,
}, },
{
"0.3.3", upgradeV0_3_3,
},
} }
// UpgradeSQLData 升级SQL数据 // UpgradeSQLData 升级SQL数据
@@ -511,3 +514,14 @@ func upgradeV0_3_2(db *dbs.DB) error {
return nil return nil
} }
// v0.3.3
func upgradeV0_3_3(db *dbs.DB) error {
// 升级CC请求数Code
_, err := db.Exec("UPDATE edgeHTTPFirewallRuleSets SET code='8002' WHERE name='CC请求数' AND code='8001'")
if err != nil {
return err
}
return nil
}

20
internal/setup/sql_upgrade_test.go
View File

@@ -22,7 +22,7 @@ func TestUpgradeSQLData(t *testing.T) {
} }
func TestUpgradeSQLData_v1_3_1(t *testing.T) { func TestUpgradeSQLData_v0_3_1(t *testing.T) {
db, err := dbs.NewInstanceFromConfig(&dbs.DBConfig{ db, err := dbs.NewInstanceFromConfig(&dbs.DBConfig{
Driver: "mysql", Driver: "mysql",
Dsn: "root:123456@tcp(127.0.0.1:3306)/db_edge_new?charset=utf8mb4&timeout=30s", Dsn: "root:123456@tcp(127.0.0.1:3306)/db_edge_new?charset=utf8mb4&timeout=30s",
@@ -38,7 +38,7 @@ func TestUpgradeSQLData_v1_3_1(t *testing.T) {
t.Log("ok") t.Log("ok")
} }
func TestUpgradeSQLData_v1_3_2(t *testing.T) { func TestUpgradeSQLData_v0_3_2(t *testing.T) {
db, err := dbs.NewInstanceFromConfig(&dbs.DBConfig{ db, err := dbs.NewInstanceFromConfig(&dbs.DBConfig{
Driver: "mysql", Driver: "mysql",
Dsn: "root:123456@tcp(127.0.0.1:3306)/db_edge?charset=utf8mb4&timeout=30s", Dsn: "root:123456@tcp(127.0.0.1:3306)/db_edge?charset=utf8mb4&timeout=30s",
@@ -52,4 +52,20 @@ func TestUpgradeSQLData_v1_3_2(t *testing.T) {
t.Fatal(err) t.Fatal(err)
} }
t.Log("ok") t.Log("ok")
}
func TestUpgradeSQLData_v0_3_3(t *testing.T) {
db, err := dbs.NewInstanceFromConfig(&dbs.DBConfig{
Driver: "mysql",
Dsn: "root:123456@tcp(127.0.0.1:3306)/db_edge?charset=utf8mb4&timeout=30s",
Prefix: "edge",
})
if err != nil {
t.Fatal(err)
}
err = upgradeV0_3_3(db)
if err != nil {
t.Fatal(err)
}
t.Log("ok")
} }