mirror of
https://github.com/TeaOSLab/EdgeAPI.git
synced 2025-12-25 14:36:35 +08:00
增加IP灰名单,用于仅记录并观察IP
This commit is contained in:
刘祥超
@@ -645,7 +645,7 @@ func (this *HTTPFirewallPolicyDAO) FindEnabledFirewallPolicyIdsWithIPListId(tx *
|
||||
ones, err := this.Query(tx).
|
||||
ResultPk().
|
||||
State(HTTPFirewallPolicyStateEnabled).
|
||||
Where("(JSON_CONTAINS(inbound, :listQuery, '$.whiteListRef') OR JSON_CONTAINS(inbound, :listQuery, '$.blackListRef') OR JSON_CONTAINS(inbound, :listQuery, '$.publicWhiteListRefs') OR JSON_CONTAINS(inbound, :listQuery, '$.publicBlackListRefs'))").
|
||||
Where("(JSON_CONTAINS(inbound, :listQuery, '$.whiteListRef') OR JSON_CONTAINS(inbound, :listQuery, '$.blackListRef') OR JSON_CONTAINS(inbound, :listQuery, '$.publicWhiteListRefs') OR JSON_CONTAINS(inbound, :listQuery, '$.publicBlackListRefs') OR JSON_CONTAINS(inbound, :listQuery, '$.publicGreyListRefs'))").
|
||||
Param("listQuery", maps.Map{"isOn": true, "listId": ipListId}.AsJSON()).
|
||||
FindAll()
|
||||
if err != nil {
|
||||
@@ -663,7 +663,7 @@ func (this *HTTPFirewallPolicyDAO) FindEnabledFirewallPolicyIdsWithIPListId(tx *
|
||||
func (this *HTTPFirewallPolicyDAO) FindEnabledFirewallPolicyWithIPListId(tx *dbs.Tx, ipListId int64) (*HTTPFirewallPolicy, error) {
|
||||
one, err := this.Query(tx).
|
||||
State(HTTPFirewallPolicyStateEnabled).
|
||||
Where("(JSON_CONTAINS(inbound, :listQuery, '$.whiteListRef') OR JSON_CONTAINS(inbound, :listQuery, '$.blackListRef'))").
|
||||
Where("(JSON_CONTAINS(inbound, :listQuery, '$.whiteListRef') OR JSON_CONTAINS(inbound, :listQuery, '$.blackListRef') OR JSON_CONTAINS(inbound, :listQuery, '$.greyListRef'))").
|
||||
Param("listQuery", maps.Map{"isOn": true, "listId": ipListId}.AsJSON()).
|
||||
Find()
|
||||
if err != nil || one == nil {
|
||||
|
||||
@@ -135,7 +135,7 @@ func (this *HTTPFirewallRuleSetDAO) ComposeFirewallRuleSet(tx *dbs.Tx, setId int
|
||||
var ipListId = actionConfig.Options.GetInt64("ipListId")
|
||||
if ipListId <= 0 { // default list id
|
||||
if forNode {
|
||||
actionConfig.Options["ipListId"] = firewallconfigs.GlobalListId
|
||||
actionConfig.Options["ipListId"] = firewallconfigs.FindGlobalListIdWithType(actionConfig.Options.GetString("type"))
|
||||
}
|
||||
actionConfig.Options["ipListIsDeleted"] = false
|
||||
} else {
|
||||
|
||||
@@ -76,7 +76,7 @@ func (this *IPItemDAO) EnableIPItem(tx *dbs.Tx, id int64) error {
|
||||
}
|
||||
|
||||
// DisableIPItem 禁用条目
|
||||
func (this *IPItemDAO) DisableIPItem(tx *dbs.Tx, id int64, sourceUserId int64) error {
|
||||
func (this *IPItemDAO) DisableIPItem(tx *dbs.Tx, itemId int64, sourceUserId int64) error {
|
||||
version, err := SharedIPListDAO.IncreaseVersion(tx)
|
||||
if err != nil {
|
||||
return err
|
||||
@@ -91,7 +91,7 @@ func (this *IPItemDAO) DisableIPItem(tx *dbs.Tx, id int64, sourceUserId int64) e
|
||||
}
|
||||
|
||||
_, err = query.
|
||||
Pk(id).
|
||||
Pk(itemId).
|
||||
Set("state", IPItemStateDisabled).
|
||||
Set("version", version).
|
||||
Update()
|
||||
@@ -99,7 +99,7 @@ func (this *IPItemDAO) DisableIPItem(tx *dbs.Tx, id int64, sourceUserId int64) e
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return this.NotifyUpdate(tx, id)
|
||||
return this.NotifyUpdate(tx, itemId)
|
||||
}
|
||||
|
||||
// DisableIPItemsWithIP 禁用某个IP相关条目
|
||||
@@ -390,7 +390,7 @@ func (this *IPItemDAO) CreateIPItem(tx *dbs.Tx,
|
||||
op.SourceUserId = userId
|
||||
}
|
||||
|
||||
var autoAdded = listId == firewallconfigs.GlobalListId || sourceNodeId > 0 || sourceServerId > 0 || sourceHTTPFirewallPolicyId > 0
|
||||
var autoAdded = firewallconfigs.IsGlobalListId(listId) || sourceNodeId > 0 || sourceServerId > 0 || sourceHTTPFirewallPolicyId > 0
|
||||
if autoAdded {
|
||||
op.IsRead = 0
|
||||
}
|
||||
@@ -477,7 +477,7 @@ func (this *IPItemDAO) CountIPItemsWithListId(tx *dbs.Tx, listId int64, sourceUs
|
||||
State(IPItemStateEnabled).
|
||||
Attr("listId", listId)
|
||||
if sourceUserId > 0 {
|
||||
if listId <= 0 || listId == firewallconfigs.GlobalListId {
|
||||
if listId <= 0 || firewallconfigs.IsGlobalListId(listId) {
|
||||
query.Attr("sourceUserId", sourceUserId)
|
||||
}
|
||||
}
|
||||
@@ -503,7 +503,7 @@ func (this *IPItemDAO) ListIPItemsWithListId(tx *dbs.Tx, listId int64, sourceUse
|
||||
State(IPItemStateEnabled).
|
||||
Attr("listId", listId)
|
||||
if sourceUserId > 0 {
|
||||
if listId <= 0 || listId == firewallconfigs.GlobalListId {
|
||||
if listId <= 0 || firewallconfigs.IsGlobalListId(listId) {
|
||||
query.Attr("sourceUserId", sourceUserId)
|
||||
}
|
||||
}
|
||||
@@ -600,13 +600,25 @@ func (this *IPItemDAO) ExistsEnabledItem(tx *dbs.Tx, itemId int64) (bool, error)
|
||||
}
|
||||
|
||||
// CountAllEnabledIPItems 计算数量
|
||||
func (this *IPItemDAO) CountAllEnabledIPItems(tx *dbs.Tx, sourceUserId int64, keyword string, ip string, listId int64, unread bool, eventLevel string, listType string) (int64, error) {
|
||||
func (this *IPItemDAO) CountAllEnabledIPItems(tx *dbs.Tx, sourceUserId int64, keyword string, ip string, listId int64, unread bool, eventLevel string, listType string, isGlobal bool) (int64, error) {
|
||||
var query = this.Query(tx)
|
||||
var globalListIdStrings = strings.Join(firewallconfigs.FindGlobalListIdStrings(), ",")
|
||||
if len(listType) > 0 {
|
||||
var globalListId = firewallconfigs.FindGlobalListIdWithType(listType)
|
||||
if globalListId > 0 {
|
||||
globalListIdStrings = types.String(globalListId)
|
||||
}
|
||||
}
|
||||
|
||||
if sourceUserId > 0 {
|
||||
if listId <= 0 {
|
||||
query.Where("((listId=" + types.String(firewallconfigs.GlobalListId) + " AND sourceUserId=:sourceUserId) OR listId IN (SELECT id FROM " + SharedIPListDAO.Table + " WHERE userId=:sourceUserId AND state=1))")
|
||||
if isGlobal {
|
||||
query.Where("(listId IN (" + globalListIdStrings + ") AND sourceUserId=:sourceUserId)")
|
||||
} else {
|
||||
query.Where("((listId IN (" + globalListIdStrings + ") AND sourceUserId=:sourceUserId) OR listId IN (SELECT id FROM " + SharedIPListDAO.Table + " WHERE userId=:sourceUserId AND state=1))")
|
||||
}
|
||||
query.Param("sourceUserId", sourceUserId)
|
||||
} else if listId == firewallconfigs.GlobalListId {
|
||||
} else if firewallconfigs.IsGlobalListId(listId) {
|
||||
query.Attr("sourceUserId", sourceUserId)
|
||||
query.UseIndex("sourceUserId")
|
||||
}
|
||||
@@ -631,10 +643,18 @@ func (this *IPItemDAO) CountAllEnabledIPItems(tx *dbs.Tx, sourceUserId int64, ke
|
||||
query.Attr("listId", listId)
|
||||
} else {
|
||||
if len(listType) > 0 {
|
||||
query.Where("(listId=" + types.String(firewallconfigs.GlobalListId) + " OR listId IN (SELECT id FROM " + SharedIPListDAO.Table + " WHERE state=1 AND type=:listType))")
|
||||
if isGlobal {
|
||||
query.Where("(listId IN (" + globalListIdStrings + "))")
|
||||
} else {
|
||||
query.Where("(listId IN (" + globalListIdStrings + ") OR listId IN (SELECT id FROM " + SharedIPListDAO.Table + " WHERE state=1 AND type=:listType))")
|
||||
}
|
||||
query.Param("listType", listType)
|
||||
} else {
|
||||
query.Where("(listId=" + types.String(firewallconfigs.GlobalListId) + " OR listId IN (SELECT id FROM " + SharedIPListDAO.Table + " WHERE state=1))")
|
||||
if isGlobal {
|
||||
query.Where("(listId IN (" + globalListIdStrings + "))")
|
||||
} else {
|
||||
query.Where("(listId IN (" + globalListIdStrings + ") OR listId IN (SELECT id FROM " + SharedIPListDAO.Table + " WHERE state=1))")
|
||||
}
|
||||
}
|
||||
}
|
||||
if unread {
|
||||
@@ -652,13 +672,25 @@ func (this *IPItemDAO) CountAllEnabledIPItems(tx *dbs.Tx, sourceUserId int64, ke
|
||||
}
|
||||
|
||||
// ListAllEnabledIPItems 搜索所有IP
|
||||
func (this *IPItemDAO) ListAllEnabledIPItems(tx *dbs.Tx, sourceUserId int64, keyword string, ip string, listId int64, unread bool, eventLevel string, listType string, offset int64, size int64) (result []*IPItem, err error) {
|
||||
func (this *IPItemDAO) ListAllEnabledIPItems(tx *dbs.Tx, sourceUserId int64, keyword string, ip string, listId int64, unread bool, eventLevel string, listType string, isGlobal bool, offset int64, size int64) (result []*IPItem, err error) {
|
||||
var globalListIdStrings = strings.Join(firewallconfigs.FindGlobalListIdStrings(), ",")
|
||||
if len(listType) > 0 {
|
||||
var globalListId = firewallconfigs.FindGlobalListIdWithType(listType)
|
||||
if globalListId > 0 {
|
||||
globalListIdStrings = types.String(globalListId)
|
||||
}
|
||||
}
|
||||
|
||||
var query = this.Query(tx)
|
||||
if sourceUserId > 0 {
|
||||
if listId <= 0 {
|
||||
query.Where("((listId=" + types.String(firewallconfigs.GlobalListId) + " AND sourceUserId=:sourceUserId) OR listId IN (SELECT id FROM " + SharedIPListDAO.Table + " WHERE userId=:sourceUserId AND state=1))")
|
||||
if isGlobal {
|
||||
query.Where("(listId IN (" + globalListIdStrings + ") AND sourceUserId=:sourceUserId)")
|
||||
} else {
|
||||
query.Where("((listId IN (" + globalListIdStrings + ") AND sourceUserId=:sourceUserId) OR listId IN (SELECT id FROM " + SharedIPListDAO.Table + " WHERE userId=:sourceUserId AND state=1))")
|
||||
}
|
||||
query.Param("sourceUserId", sourceUserId)
|
||||
} else if listId == firewallconfigs.GlobalListId {
|
||||
} else if firewallconfigs.IsGlobalListId(listId) {
|
||||
query.Attr("sourceUserId", sourceUserId)
|
||||
query.UseIndex("sourceUserId")
|
||||
}
|
||||
@@ -683,10 +715,18 @@ func (this *IPItemDAO) ListAllEnabledIPItems(tx *dbs.Tx, sourceUserId int64, key
|
||||
query.Attr("listId", listId)
|
||||
} else {
|
||||
if len(listType) > 0 {
|
||||
query.Where("(listId=" + types.String(firewallconfigs.GlobalListId) + " OR listId IN (SELECT id FROM " + SharedIPListDAO.Table + " WHERE state=1 AND type=:listType))")
|
||||
if isGlobal {
|
||||
query.Where("(listId IN (" + globalListIdStrings + "))")
|
||||
} else {
|
||||
query.Where("(listId IN (" + globalListIdStrings + ") OR listId IN (SELECT id FROM " + SharedIPListDAO.Table + " WHERE state=1 AND type=:listType))")
|
||||
}
|
||||
query.Param("listType", listType)
|
||||
} else {
|
||||
query.Where("(listId=" + types.String(firewallconfigs.GlobalListId) + " OR listId IN (SELECT id FROM " + SharedIPListDAO.Table + " WHERE state=1))")
|
||||
if isGlobal {
|
||||
query.Where("(listId IN (" + globalListIdStrings + "))")
|
||||
} else {
|
||||
query.Where("(listId IN (" + globalListIdStrings + ") OR listId IN (SELECT id FROM " + SharedIPListDAO.Table + " WHERE state=1))")
|
||||
}
|
||||
}
|
||||
}
|
||||
if unread {
|
||||
@@ -709,12 +749,20 @@ func (this *IPItemDAO) ListAllEnabledIPItems(tx *dbs.Tx, sourceUserId int64, key
|
||||
|
||||
// ListAllIPItemIds 搜索所有IP Id列表
|
||||
func (this *IPItemDAO) ListAllIPItemIds(tx *dbs.Tx, sourceUserId int64, keyword string, ip string, listId int64, unread bool, eventLevel string, listType string, offset int64, size int64) (itemIds []int64, err error) {
|
||||
var globalListIdStrings = strings.Join(firewallconfigs.FindGlobalListIdStrings(), ",")
|
||||
if len(listType) > 0 {
|
||||
var globalListId = firewallconfigs.FindGlobalListIdWithType(listType)
|
||||
if globalListId > 0 {
|
||||
globalListIdStrings = types.String(globalListId)
|
||||
}
|
||||
}
|
||||
|
||||
var query = this.Query(tx)
|
||||
if sourceUserId > 0 {
|
||||
if listId <= 0 {
|
||||
query.Where("((listId=" + types.String(firewallconfigs.GlobalListId) + " AND sourceUserId=:sourceUserId) OR listId IN (SELECT id FROM " + SharedIPListDAO.Table + " WHERE userId=:sourceUserId AND state=1))")
|
||||
query.Where("((listId IN (" + globalListIdStrings + ") AND sourceUserId=:sourceUserId) OR listId IN (SELECT id FROM " + SharedIPListDAO.Table + " WHERE userId=:sourceUserId AND state=1))")
|
||||
query.Param("sourceUserId", sourceUserId)
|
||||
} else if listId == firewallconfigs.GlobalListId {
|
||||
} else if firewallconfigs.IsGlobalListId(listId) {
|
||||
query.Attr("sourceUserId", sourceUserId)
|
||||
query.UseIndex("sourceUserId")
|
||||
}
|
||||
@@ -733,10 +781,10 @@ func (this *IPItemDAO) ListAllIPItemIds(tx *dbs.Tx, sourceUserId int64, keyword
|
||||
query.Attr("listId", listId)
|
||||
} else {
|
||||
if len(listType) > 0 {
|
||||
query.Where("(listId=" + types.String(firewallconfigs.GlobalListId) + " OR listId IN (SELECT id FROM " + SharedIPListDAO.Table + " WHERE state=1 AND type=:listType))")
|
||||
query.Where("(listId IN (" + globalListIdStrings + ") OR listId IN (SELECT id FROM " + SharedIPListDAO.Table + " WHERE state=1 AND type=:listType))")
|
||||
query.Param("listType", listType)
|
||||
} else {
|
||||
query.Where("(listId=" + types.String(firewallconfigs.GlobalListId) + " OR listId IN (SELECT id FROM " + SharedIPListDAO.Table + " WHERE state=1))")
|
||||
query.Where("(listId IN (" + globalListIdStrings + ") OR listId IN (SELECT id FROM " + SharedIPListDAO.Table + " WHERE state=1))")
|
||||
}
|
||||
}
|
||||
if unread {
|
||||
@@ -888,7 +936,7 @@ func (this *IPItemDAO) NotifyUpdate(tx *dbs.Tx, itemId int64) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
if listId == firewallconfigs.GlobalListId {
|
||||
if firewallconfigs.IsGlobalListId(listId) {
|
||||
sourceNodeId, err := this.Query(tx).
|
||||
Pk(itemId).
|
||||
Result("sourceNodeId").
|
||||
|
||||
@@ -22,8 +22,8 @@ const (
|
||||
)
|
||||
|
||||
var listTypeCacheMap = map[int64]*IPList{} // listId => *IPList
|
||||
var DefaultGlobalIPList = &IPList{
|
||||
Id: uint32(firewallconfigs.GlobalListId),
|
||||
var DefaultGlobalBlackIPList = &IPList{
|
||||
Id: uint32(firewallconfigs.GlobalBlackListId),
|
||||
Name: "系统黑名单",
|
||||
IsPublic: true,
|
||||
IsGlobal: true,
|
||||
@@ -32,6 +32,26 @@ var DefaultGlobalIPList = &IPList{
|
||||
IsOn: true,
|
||||
}
|
||||
|
||||
var DefaultGlobalWhiteIPList = &IPList{
|
||||
Id: uint32(firewallconfigs.GlobalWhiteListId),
|
||||
Name: "系统白名单",
|
||||
IsPublic: true,
|
||||
IsGlobal: true,
|
||||
Type: "white",
|
||||
State: IPListStateEnabled,
|
||||
IsOn: true,
|
||||
}
|
||||
|
||||
var DefaultGlobalGreyIPList = &IPList{
|
||||
Id: uint32(firewallconfigs.GlobalGreyListId),
|
||||
Name: "系统灰名单",
|
||||
IsPublic: true,
|
||||
IsGlobal: true,
|
||||
Type: "grey",
|
||||
State: IPListStateEnabled,
|
||||
IsOn: true,
|
||||
}
|
||||
|
||||
var ipListCodeRegexp = regexp.MustCompile(`^[a-zA-Z0-9_-]+$`)
|
||||
|
||||
type IPListDAO dbs.DAO
|
||||
@@ -79,8 +99,9 @@ func (this *IPListDAO) DisableIPList(tx *dbs.Tx, listId int64) error {
|
||||
|
||||
// FindEnabledIPList 查找启用中的条目
|
||||
func (this *IPListDAO) FindEnabledIPList(tx *dbs.Tx, id int64, cacheMap *utils.CacheMap) (*IPList, error) {
|
||||
if id == firewallconfigs.GlobalListId {
|
||||
return DefaultGlobalIPList, nil
|
||||
globalList, ok := this.findGlobalList(id)
|
||||
if ok {
|
||||
return globalList, nil
|
||||
}
|
||||
|
||||
var cacheKey = this.Table + ":FindEnabledIPList:" + types.String(id)
|
||||
@@ -116,9 +137,9 @@ func (this *IPListDAO) FindIPListName(tx *dbs.Tx, id int64) (string, error) {
|
||||
|
||||
// FindIPListCacheable 获取名单
|
||||
func (this *IPListDAO) FindIPListCacheable(tx *dbs.Tx, listId int64) (*IPList, error) {
|
||||
// 全局黑名单
|
||||
if listId == firewallconfigs.GlobalListId {
|
||||
return DefaultGlobalIPList, nil
|
||||
globalList, ok := this.findGlobalList(listId)
|
||||
if ok {
|
||||
return globalList, nil
|
||||
}
|
||||
|
||||
// 检查缓存
|
||||
@@ -165,7 +186,21 @@ func (this *IPListDAO) CreateIPList(tx *dbs.Tx, userId int64, serverId int64, li
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
return types.Int64(op.Id), nil
|
||||
var newListId = types.Int64(op.Id)
|
||||
|
||||
// 防止和全局名单ID冲突
|
||||
if lists.ContainsInt64(firewallconfigs.FindGlobalListIds(), newListId) {
|
||||
// 先删除
|
||||
err = this.Query(tx).Pk(newListId).DeleteQuickly()
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
|
||||
// 自动创建下一个
|
||||
return this.CreateIPList(tx, userId, serverId, listType, name, code, timeoutJSON, description, isPublic, isGlobal)
|
||||
}
|
||||
|
||||
return newListId, nil
|
||||
}
|
||||
|
||||
// UpdateIPList 修改名单
|
||||
@@ -372,3 +407,17 @@ func (this *IPListDAO) FindIPListIdWithCode(tx *dbs.Tx, listCode string) (int64,
|
||||
func (this *IPListDAO) ValidateIPListCode(code string) bool {
|
||||
return ipListCodeRegexp.MatchString(code)
|
||||
}
|
||||
|
||||
// 查找ID对应的全局名单
|
||||
func (this *IPListDAO) findGlobalList(id int64) (list *IPList, ok bool) {
|
||||
switch id {
|
||||
case firewallconfigs.GlobalBlackListId:
|
||||
return DefaultGlobalBlackIPList, true
|
||||
case firewallconfigs.GlobalWhiteListId:
|
||||
return DefaultGlobalWhiteIPList, true
|
||||
case firewallconfigs.GlobalGreyListId:
|
||||
return DefaultGlobalGreyIPList, true
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user