mirror of
https://github.com/TeaOSLab/EdgeAPI.git
synced 2025-12-07 18:10:24 +08:00
修复WAF用户检查的Bug
This commit is contained in:
刘祥超
@@ -320,7 +320,21 @@ func (this *HTTPFirewallPolicyDAO) CheckUserFirewallPolicy(tx *dbs.Tx, userId in
|
||||
return nil
|
||||
}
|
||||
|
||||
// TODO 检查是否为用户Server所使用
|
||||
// 检查是否为用户Server所使用
|
||||
webIds, err := SharedHTTPWebDAO.FindAllWebIdsWithHTTPFirewallPolicyId(tx, firewallPolicyId)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for _, webId := range webIds {
|
||||
err := SharedHTTPWebDAO.CheckUserWeb(tx, userId, webId)
|
||||
if err != nil {
|
||||
if err != ErrNotFound {
|
||||
return err
|
||||
}
|
||||
} else {
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
return ErrNotFound
|
||||
}
|
||||
|
||||
@@ -37,12 +37,12 @@ func init() {
|
||||
})
|
||||
}
|
||||
|
||||
// 初始化
|
||||
// Init 初始化
|
||||
func (this *HTTPFirewallRuleGroupDAO) Init() {
|
||||
_ = this.DAOObject.Init()
|
||||
}
|
||||
|
||||
// 启用条目
|
||||
// EnableHTTPFirewallRuleGroup 启用条目
|
||||
func (this *HTTPFirewallRuleGroupDAO) EnableHTTPFirewallRuleGroup(tx *dbs.Tx, id int64) error {
|
||||
_, err := this.Query(tx).
|
||||
Pk(id).
|
||||
@@ -51,7 +51,7 @@ func (this *HTTPFirewallRuleGroupDAO) EnableHTTPFirewallRuleGroup(tx *dbs.Tx, id
|
||||
return err
|
||||
}
|
||||
|
||||
// 禁用条目
|
||||
// DisableHTTPFirewallRuleGroup 禁用条目
|
||||
func (this *HTTPFirewallRuleGroupDAO) DisableHTTPFirewallRuleGroup(tx *dbs.Tx, id int64) error {
|
||||
_, err := this.Query(tx).
|
||||
Pk(id).
|
||||
@@ -60,7 +60,7 @@ func (this *HTTPFirewallRuleGroupDAO) DisableHTTPFirewallRuleGroup(tx *dbs.Tx, i
|
||||
return err
|
||||
}
|
||||
|
||||
// 查找启用中的条目
|
||||
// FindEnabledHTTPFirewallRuleGroup 查找启用中的条目
|
||||
func (this *HTTPFirewallRuleGroupDAO) FindEnabledHTTPFirewallRuleGroup(tx *dbs.Tx, id int64) (*HTTPFirewallRuleGroup, error) {
|
||||
result, err := this.Query(tx).
|
||||
Pk(id).
|
||||
@@ -72,7 +72,7 @@ func (this *HTTPFirewallRuleGroupDAO) FindEnabledHTTPFirewallRuleGroup(tx *dbs.T
|
||||
return result.(*HTTPFirewallRuleGroup), err
|
||||
}
|
||||
|
||||
// 根据主键查找名称
|
||||
// FindHTTPFirewallRuleGroupName 根据主键查找名称
|
||||
func (this *HTTPFirewallRuleGroupDAO) FindHTTPFirewallRuleGroupName(tx *dbs.Tx, id int64) (string, error) {
|
||||
return this.Query(tx).
|
||||
Pk(id).
|
||||
@@ -80,7 +80,7 @@ func (this *HTTPFirewallRuleGroupDAO) FindHTTPFirewallRuleGroupName(tx *dbs.Tx,
|
||||
FindStringCol("")
|
||||
}
|
||||
|
||||
// 组合配置
|
||||
// ComposeFirewallRuleGroup 组合配置
|
||||
func (this *HTTPFirewallRuleGroupDAO) ComposeFirewallRuleGroup(tx *dbs.Tx, groupId int64) (*firewallconfigs.HTTPFirewallRuleGroup, error) {
|
||||
group, err := this.FindEnabledHTTPFirewallRuleGroup(tx, groupId)
|
||||
if err != nil {
|
||||
@@ -117,7 +117,7 @@ func (this *HTTPFirewallRuleGroupDAO) ComposeFirewallRuleGroup(tx *dbs.Tx, group
|
||||
return config, nil
|
||||
}
|
||||
|
||||
// 从配置中创建分组
|
||||
// CreateGroupFromConfig 从配置中创建分组
|
||||
func (this *HTTPFirewallRuleGroupDAO) CreateGroupFromConfig(tx *dbs.Tx, groupConfig *firewallconfigs.HTTPFirewallRuleGroup) (int64, error) {
|
||||
op := NewHTTPFirewallRuleGroupOperator()
|
||||
op.IsOn = groupConfig.IsOn
|
||||
@@ -150,7 +150,7 @@ func (this *HTTPFirewallRuleGroupDAO) CreateGroupFromConfig(tx *dbs.Tx, groupCon
|
||||
return types.Int64(op.Id), nil
|
||||
}
|
||||
|
||||
// 修改开启状态
|
||||
// UpdateGroupIsOn 修改开启状态
|
||||
func (this *HTTPFirewallRuleGroupDAO) UpdateGroupIsOn(tx *dbs.Tx, groupId int64, isOn bool) error {
|
||||
_, err := this.Query(tx).
|
||||
Pk(groupId).
|
||||
@@ -162,7 +162,7 @@ func (this *HTTPFirewallRuleGroupDAO) UpdateGroupIsOn(tx *dbs.Tx, groupId int64,
|
||||
return this.NotifyUpdate(tx, groupId)
|
||||
}
|
||||
|
||||
// 创建分组
|
||||
// CreateGroup 创建分组
|
||||
func (this *HTTPFirewallRuleGroupDAO) CreateGroup(tx *dbs.Tx, isOn bool, name string, description string) (int64, error) {
|
||||
op := NewHTTPFirewallRuleGroupOperator()
|
||||
op.State = HTTPFirewallRuleStateEnabled
|
||||
@@ -176,7 +176,7 @@ func (this *HTTPFirewallRuleGroupDAO) CreateGroup(tx *dbs.Tx, isOn bool, name st
|
||||
return types.Int64(op.Id), nil
|
||||
}
|
||||
|
||||
// 修改分组
|
||||
// UpdateGroup 修改分组
|
||||
func (this *HTTPFirewallRuleGroupDAO) UpdateGroup(tx *dbs.Tx, groupId int64, isOn bool, name string, description string) error {
|
||||
if groupId <= 0 {
|
||||
return errors.New("invalid groupId")
|
||||
@@ -193,7 +193,7 @@ func (this *HTTPFirewallRuleGroupDAO) UpdateGroup(tx *dbs.Tx, groupId int64, isO
|
||||
return this.NotifyUpdate(tx, groupId)
|
||||
}
|
||||
|
||||
// 修改分组中的规则集
|
||||
// UpdateGroupSets 修改分组中的规则集
|
||||
func (this *HTTPFirewallRuleGroupDAO) UpdateGroupSets(tx *dbs.Tx, groupId int64, setsJSON []byte) error {
|
||||
if groupId <= 0 {
|
||||
return errors.New("invalid groupId")
|
||||
@@ -208,7 +208,7 @@ func (this *HTTPFirewallRuleGroupDAO) UpdateGroupSets(tx *dbs.Tx, groupId int64,
|
||||
return this.NotifyUpdate(tx, groupId)
|
||||
}
|
||||
|
||||
// 根据规则集查找规则分组
|
||||
// FindRuleGroupIdWithRuleSetId 根据规则集查找规则分组
|
||||
func (this *HTTPFirewallRuleGroupDAO) FindRuleGroupIdWithRuleSetId(tx *dbs.Tx, setId int64) (int64, error) {
|
||||
return this.Query(tx).
|
||||
State(HTTPFirewallRuleStateEnabled).
|
||||
@@ -218,7 +218,7 @@ func (this *HTTPFirewallRuleGroupDAO) FindRuleGroupIdWithRuleSetId(tx *dbs.Tx, s
|
||||
FindInt64Col(0)
|
||||
}
|
||||
|
||||
// 检查用户所属分组
|
||||
// CheckUserRuleGroup 检查用户所属分组
|
||||
func (this *HTTPFirewallRuleGroupDAO) CheckUserRuleGroup(tx *dbs.Tx, userId int64, groupId int64) error {
|
||||
policyId, err := SharedHTTPFirewallPolicyDAO.FindEnabledFirewallPolicyIdWithRuleGroupId(tx, groupId)
|
||||
if err != nil {
|
||||
@@ -230,7 +230,7 @@ func (this *HTTPFirewallRuleGroupDAO) CheckUserRuleGroup(tx *dbs.Tx, userId int6
|
||||
return SharedHTTPFirewallPolicyDAO.CheckUserFirewallPolicy(tx, userId, policyId)
|
||||
}
|
||||
|
||||
// 通知更新
|
||||
// NotifyUpdate 通知更新
|
||||
func (this *HTTPFirewallRuleGroupDAO) NotifyUpdate(tx *dbs.Tx, groupId int64) error {
|
||||
policyId, err := SharedHTTPFirewallPolicyDAO.FindEnabledFirewallPolicyIdWithRuleGroupId(tx, groupId)
|
||||
if err != nil {
|
||||
|
||||
@@ -7,12 +7,12 @@ import (
|
||||
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
|
||||
)
|
||||
|
||||
// WAF规则分组相关服务
|
||||
// HTTPFirewallRuleGroupService WAF规则分组相关服务
|
||||
type HTTPFirewallRuleGroupService struct {
|
||||
BaseService
|
||||
}
|
||||
|
||||
// 设置是否启用分组
|
||||
// UpdateHTTPFirewallRuleGroupIsOn 设置是否启用分组
|
||||
func (this *HTTPFirewallRuleGroupService) UpdateHTTPFirewallRuleGroupIsOn(ctx context.Context, req *pb.UpdateHTTPFirewallRuleGroupIsOnRequest) (*pb.RPCSuccess, error) {
|
||||
// 校验请求
|
||||
_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
|
||||
@@ -38,7 +38,7 @@ func (this *HTTPFirewallRuleGroupService) UpdateHTTPFirewallRuleGroupIsOn(ctx co
|
||||
return this.Success()
|
||||
}
|
||||
|
||||
// 创建分组
|
||||
// CreateHTTPFirewallRuleGroup 创建分组
|
||||
func (this *HTTPFirewallRuleGroupService) CreateHTTPFirewallRuleGroup(ctx context.Context, req *pb.CreateHTTPFirewallRuleGroupRequest) (*pb.CreateHTTPFirewallRuleGroupResponse, error) {
|
||||
// 校验请求
|
||||
_, _, err := this.ValidateAdminAndUser(ctx, 0, 0)
|
||||
@@ -55,7 +55,7 @@ func (this *HTTPFirewallRuleGroupService) CreateHTTPFirewallRuleGroup(ctx contex
|
||||
return &pb.CreateHTTPFirewallRuleGroupResponse{FirewallRuleGroupId: groupId}, nil
|
||||
}
|
||||
|
||||
// 修改分组
|
||||
// UpdateHTTPFirewallRuleGroup 修改分组
|
||||
func (this *HTTPFirewallRuleGroupService) UpdateHTTPFirewallRuleGroup(ctx context.Context, req *pb.UpdateHTTPFirewallRuleGroupRequest) (*pb.RPCSuccess, error) {
|
||||
// 校验请求
|
||||
_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
|
||||
@@ -81,7 +81,7 @@ func (this *HTTPFirewallRuleGroupService) UpdateHTTPFirewallRuleGroup(ctx contex
|
||||
return this.Success()
|
||||
}
|
||||
|
||||
// 获取分组配置
|
||||
// FindEnabledHTTPFirewallRuleGroupConfig 获取分组配置
|
||||
func (this *HTTPFirewallRuleGroupService) FindEnabledHTTPFirewallRuleGroupConfig(ctx context.Context, req *pb.FindEnabledHTTPFirewallRuleGroupConfigRequest) (*pb.FindEnabledHTTPFirewallRuleGroupConfigResponse, error) {
|
||||
// 校验请求
|
||||
_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
|
||||
@@ -113,7 +113,7 @@ func (this *HTTPFirewallRuleGroupService) FindEnabledHTTPFirewallRuleGroupConfig
|
||||
return &pb.FindEnabledHTTPFirewallRuleGroupConfigResponse{FirewallRuleGroupJSON: groupConfigJSON}, nil
|
||||
}
|
||||
|
||||
// 获取分组信息
|
||||
// FindEnabledHTTPFirewallRuleGroup 获取分组信息
|
||||
func (this *HTTPFirewallRuleGroupService) FindEnabledHTTPFirewallRuleGroup(ctx context.Context, req *pb.FindEnabledHTTPFirewallRuleGroupRequest) (*pb.FindEnabledHTTPFirewallRuleGroupResponse, error) {
|
||||
// 校验请求
|
||||
_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
|
||||
@@ -152,7 +152,7 @@ func (this *HTTPFirewallRuleGroupService) FindEnabledHTTPFirewallRuleGroup(ctx c
|
||||
}, nil
|
||||
}
|
||||
|
||||
// 修改分组的规则集
|
||||
// UpdateHTTPFirewallRuleGroupSets 修改分组的规则集
|
||||
func (this *HTTPFirewallRuleGroupService) UpdateHTTPFirewallRuleGroupSets(ctx context.Context, req *pb.UpdateHTTPFirewallRuleGroupSetsRequest) (*pb.RPCSuccess, error) {
|
||||
// 校验请求
|
||||
_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
|
||||
|
||||
Reference in New Issue
Block a user