TRKJ/EdgeAPI
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeAPI.git synced 2025-11-05 01:20:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

实现WAF部分功能

Browse Source
This commit is contained in:
GoEdgeLab
2020-10-07 11:18:12 +08:00
parent 7e5869d5d5
commit dff460eecb
5 changed files with 132 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
internal/db/models/http_firewall_policy_dao.go
View File

@@ -190,8 +190,8 @@ func (this *HTTPFirewallPolicyDAO) ComposeFirewallPolicy(policyId int64) (*firew
config.Description = policy.Description config.Description = policy.Description
// Inbound // Inbound
inbound := &firewallconfigs.HTTPFirewallInboundConfig{}
if IsNotNull(policy.Inbound) { if IsNotNull(policy.Inbound) {
inbound := &firewallconfigs.HTTPFirewallInboundConfig{}
err = json.Unmarshal([]byte(policy.Inbound), inbound) err = json.Unmarshal([]byte(policy.Inbound), inbound)
if err != nil { if err != nil {
return nil, err return nil, err
@@ -214,12 +214,12 @@ func (this *HTTPFirewallPolicyDAO) ComposeFirewallPolicy(policyId int64) (*firew
inbound.GroupRefs = resultGroupRefs inbound.GroupRefs = resultGroupRefs
inbound.Groups = resultGroups inbound.Groups = resultGroups
} }
config.Inbound = inbound
} }
config.Inbound = inbound
// Outbound // Outbound
outbound := &firewallconfigs.HTTPFirewallOutboundConfig{}
if IsNotNull(policy.Outbound) { if IsNotNull(policy.Outbound) {
outbound := &firewallconfigs.HTTPFirewallOutboundConfig{}
err = json.Unmarshal([]byte(policy.Outbound), outbound) err = json.Unmarshal([]byte(policy.Outbound), outbound)
if err != nil { if err != nil {
return nil, err return nil, err
@@ -242,8 +242,8 @@ func (this *HTTPFirewallPolicyDAO) ComposeFirewallPolicy(policyId int64) (*firew
outbound.GroupRefs = resultGroupRefs outbound.GroupRefs = resultGroupRefs
outbound.Groups = resultGroups outbound.Groups = resultGroups
} }
config.Outbound = outbound
} }
config.Outbound = outbound
return config, nil return config, nil
} }

29
internal/db/models/http_firewall_rule_group_dao.go
View File

@@ -2,6 +2,7 @@ package models
import ( import (
"encoding/json" "encoding/json"
"github.com/TeaOSLab/EdgeAPI/internal/errors"
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs" "github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
_ "github.com/go-sql-driver/mysql" _ "github.com/go-sql-driver/mysql"
"github.com/iwind/TeaGo/Tea" "github.com/iwind/TeaGo/Tea"
@@ -159,3 +160,31 @@ func (this *HTTPFirewallRuleGroupDAO) UpdateGroupIsOn(groupId int64, isOn bool)
Update() Update()
return err return err
} }
// 创建分组
func (this *HTTPFirewallRuleGroupDAO) CreateGroup(isOn bool, name string, description string) (int64, error) {
op := NewHTTPFirewallRuleGroupOperator()
op.State = HTTPFirewallRuleStateEnabled
op.IsOn = isOn
op.Name = name
op.Description = description
_, err := this.Save(op)
if err != nil {
return 0, err
}
return types.Int64(op.Id), nil
}
// 修改分组
func (this *HTTPFirewallRuleGroupDAO) UpdateGroup(groupId int64, isOn bool, name string, description string) error {
if groupId <= 0 {
return errors.New("invalid groupId")
}
op := NewHTTPFirewallRuleGroupOperator()
op.Id = groupId
op.IsOn = isOn
op.Name = name
op.Description = description
_, err := this.Save(op)
return err
}

1
internal/nodes/api_node.go
View File

@@ -161,6 +161,7 @@ func (this *APINode) listenRPC(listener net.Listener, tlsConfig *tls.Config) err
pb.RegisterSSLCertServiceServer(rpcServer, &services.SSLCertService{}) pb.RegisterSSLCertServiceServer(rpcServer, &services.SSLCertService{})
pb.RegisterSSLPolicyServiceServer(rpcServer, &services.SSLPolicyService{}) pb.RegisterSSLPolicyServiceServer(rpcServer, &services.SSLPolicyService{})
pb.RegisterSysSettingServiceServer(rpcServer, &services.SysSettingService{}) pb.RegisterSysSettingServiceServer(rpcServer, &services.SysSettingService{})
pb.RegisterHTTPFirewallRuleGroupServiceServer(rpcServer, &services.HTTPFirewallRuleGroupService{})
err := rpcServer.Serve(listener) err := rpcServer.Serve(listener)
if err != nil { if err != nil {
return errors.New("[API]start rpc failed: " + err.Error()) return errors.New("[API]start rpc failed: " + err.Error())

16
internal/rpc/services/service_http_firewall_policy.go
View File

@@ -235,6 +235,22 @@ func (this *HTTPFirewallPolicyService) UpdateHTTPFirewallPolicy(ctx context.Cont
return rpcutils.RPCUpdateSuccess() return rpcutils.RPCUpdateSuccess()
} }
// 修改分组信息
func (this *HTTPFirewallPolicyService) UpdateHTTPFirewallPolicyGroups(ctx context.Context, req *pb.UpdateHTTPFirewallPolicyGroupsRequest) (*pb.RPCUpdateSuccess, error) {
// 校验请求
_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
if err != nil {
return nil, err
}
err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicyInboundAndOutbound(req.FirewallPolicyId, req.InboundJSON, req.OutboundJSON)
if err != nil {
return nil, err
}
return rpcutils.RPCUpdateSuccess()
}
// 计算可用的防火墙策略数量 // 计算可用的防火墙策略数量
func (this *HTTPFirewallPolicyService) CountAllEnabledFirewallPolicies(ctx context.Context, req *pb.CountAllEnabledFirewallPoliciesRequest) (*pb.CountAllEnabledFirewallPoliciesResponse, error) { func (this *HTTPFirewallPolicyService) CountAllEnabledFirewallPolicies(ctx context.Context, req *pb.CountAllEnabledFirewallPoliciesRequest) (*pb.CountAllEnabledFirewallPoliciesResponse, error) {
// 校验请求 // 校验请求

82
internal/rpc/services/service_http_firewall_rule_group.go Normal file
View File

@@ -0,0 +1,82 @@
package services
import (
"context"
"encoding/json"
"github.com/TeaOSLab/EdgeAPI/internal/db/models"
rpcutils "github.com/TeaOSLab/EdgeAPI/internal/rpc/utils"
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
)
// WAF规则分组相关服务
type HTTPFirewallRuleGroupService struct {
}
// 设置是否启用分组
func (this *HTTPFirewallRuleGroupService) UpdateHTTPFirewallRuleGroupIsOn(ctx context.Context, req *pb.UpdateHTTPFirewallRuleGroupIsOnRequest) (*pb.RPCUpdateSuccess, error) {
// 校验请求
_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
if err != nil {
return nil, err
}
err = models.SharedHTTPFirewallRuleGroupDAO.UpdateGroupIsOn(req.FirewallRuleGroupId, req.IsOn)
if err != nil {
return nil, err
}
return rpcutils.RPCUpdateSuccess()
}
// 创建分组
func (this *HTTPFirewallRuleGroupService) CreateHTTPFirewallRuleGroup(ctx context.Context, req *pb.CreateHTTPFirewallRuleGroupRequest) (*pb.CreateHTTPFirewallRuleGroupResponse, error) {
// 校验请求
_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
if err != nil {
return nil, err
}
groupId, err := models.SharedHTTPFirewallRuleGroupDAO.CreateGroup(req.IsOn, req.Name, req.Description)
if err != nil {
return nil, err
}
return &pb.CreateHTTPFirewallRuleGroupResponse{FirewallRuleGroupId: groupId}, nil
}
// 修改分组
func (this *HTTPFirewallRuleGroupService) UpdateHTTPFirewallRuleGroup(ctx context.Context, req *pb.UpdateHTTPFirewallRuleGroupRequest) (*pb.RPCUpdateSuccess, error) {
// 校验请求
_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
if err != nil {
return nil, err
}
err = models.SharedHTTPFirewallRuleGroupDAO.UpdateGroup(req.FirewallRuleGroupId, req.IsOn, req.Name, req.Description)
if err != nil {
return nil, err
}
return rpcutils.RPCUpdateSuccess()
}
// 获取分组配置
func (this *HTTPFirewallRuleGroupService) FindHTTPFirewallRuleGroupConfig(ctx context.Context, req *pb.FindHTTPFirewallRuleGroupConfigRequest) (*pb.FindHTTPFirewallRuleGroupConfigResponse, error) {
// 校验请求
_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
if err != nil {
return nil, err
}
groupConfig, err := models.SharedHTTPFirewallRuleGroupDAO.ComposeFirewallRuleGroup(req.FirewallRuleGroupId)
if err != nil {
return nil, err
}
if groupConfig == nil {
return &pb.FindHTTPFirewallRuleGroupConfigResponse{FirewallRuleGroupJSON: nil}, nil
}
groupConfigJSON, err := json.Marshal(groupConfig)
if err != nil {
return nil, err
}
return &pb.FindHTTPFirewallRuleGroupConfigResponse{FirewallRuleGroupJSON: groupConfigJSON}, nil
}