WAF策略增加观察模式和通过模式

2025-12-02 06:20:24 +08:00 · 2021-09-30 11:30:45 +08:00
parent 13d1652677
commit e46118c8de
3 changed files with 10 additions and 3 deletions
--- a/internal/db/models/http_firewall_policy_dao.go
+++ b/internal/db/models/http_firewall_policy_dao.go
@@ -229,7 +229,7 @@ func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicyInbound(tx *dbs.Tx, polic
 }

 // UpdateFirewallPolicy 修改策略
-func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicy(tx *dbs.Tx, policyId int64, isOn bool, name string, description string, inboundJSON []byte, outboundJSON []byte, blockOptionsJSON []byte) error {
+func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicy(tx *dbs.Tx, policyId int64, isOn bool, name string, description string, inboundJSON []byte, outboundJSON []byte, blockOptionsJSON []byte, mode firewallconfigs.FirewallMode) error {
 	if policyId <= 0 {
 		return errors.New("invalid policyId")
 	}
@@ -238,6 +238,7 @@ func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicy(tx *dbs.Tx, policyId int
 	op.IsOn = isOn
 	op.Name = name
 	op.Description = description
+	op.Mode = mode
 	if len(inboundJSON) > 0 {
 		op.Inbound = inboundJSON
 	} else {
@@ -316,6 +317,7 @@ func (this *HTTPFirewallPolicyDAO) ComposeFirewallPolicy(tx *dbs.Tx, policyId in
 	config.IsOn = policy.IsOn == 1
 	config.Name = policy.Name
 	config.Description = policy.Description
+	config.Mode = policy.Mode

 	// Inbound
 	inbound := &firewallconfigs.HTTPFirewallInboundConfig{}
--- a/internal/db/models/http_firewall_policy_model.go
+++ b/internal/db/models/http_firewall_policy_model.go
@@ -1,6 +1,6 @@
 package models

-// HTTP防火墙
+// HTTPFirewallPolicy HTTP防火墙
 type HTTPFirewallPolicy struct {
 	Id           uint32 `field:"id"`           // ID
 	TemplateId   uint32 `field:"templateId"`   // 模版ID
@@ -15,6 +15,7 @@ type HTTPFirewallPolicy struct {
 	Inbound      string `field:"inbound"`      // 入站规则
 	Outbound     string `field:"outbound"`     // 出站规则
 	BlockOptions string `field:"blockOptions"` // BLOCK选项
+	Mode         string `field:"mode"`         // 模式
 }

 type HTTPFirewallPolicyOperator struct {
@@ -31,6 +32,7 @@ type HTTPFirewallPolicyOperator struct {
 	Inbound      interface{} // 入站规则
 	Outbound     interface{} // 出站规则
 	BlockOptions interface{} // BLOCK选项
+	Mode         interface{} // 模式
 }

 func NewHTTPFirewallPolicyOperator() *HTTPFirewallPolicyOperator {
--- a/internal/rpc/services/service_http_firewall_policy.go
+++ b/internal/rpc/services/service_http_firewall_policy.go
@@ -43,6 +43,7 @@ func (this *HTTPFirewallPolicyService) FindAllEnabledHTTPFirewallPolicies(ctx co
 			IsOn:         p.IsOn == 1,
 			InboundJSON:  []byte(p.Inbound),
 			OutboundJSON: []byte(p.Outbound),
+			Mode:         p.Mode,
 		})
 	}

@@ -283,7 +284,7 @@ func (this *HTTPFirewallPolicyService) UpdateHTTPFirewallPolicy(ctx context.Cont
 		return nil, err
 	}

-	err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicy(tx, req.HttpFirewallPolicyId, req.IsOn, req.Name, req.Description, inboundConfigJSON, outboundConfigJSON, req.BlockOptionsJSON)
+	err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicy(tx, req.HttpFirewallPolicyId, req.IsOn, req.Name, req.Description, inboundConfigJSON, outboundConfigJSON, req.BlockOptionsJSON, req.Mode)
 	if err != nil {
 		return nil, err
 	}
@@ -382,6 +383,7 @@ func (this *HTTPFirewallPolicyService) ListEnabledHTTPFirewallPolicies(ctx conte
 			IsOn:         p.IsOn == 1,
 			InboundJSON:  []byte(p.Inbound),
 			OutboundJSON: []byte(p.Outbound),
+			Mode:         p.Mode,
 		})
 	}

@@ -471,6 +473,7 @@ func (this *HTTPFirewallPolicyService) FindEnabledHTTPFirewallPolicy(ctx context
 		IsOn:         policy.IsOn == 1,
 		InboundJSON:  []byte(policy.Inbound),
 		OutboundJSON: []byte(policy.Outbound),
+		Mode:         policy.Mode,
 	}}, nil
 }