diff --git a/internal/db/models/http_firewall_policy_dao.go b/internal/db/models/http_firewall_policy_dao.go index 485d7f3a..719ff5f5 100644 --- a/internal/db/models/http_firewall_policy_dao.go +++ b/internal/db/models/http_firewall_policy_dao.go @@ -86,6 +86,19 @@ func (this *HTTPFirewallPolicyDAO) FindHTTPFirewallPolicyName(tx *dbs.Tx, id int FindStringCol("") } +// FindEnabledHTTPFirewallPolicyBasic 获取WAF策略基本信息 +func (this *HTTPFirewallPolicyDAO) FindEnabledHTTPFirewallPolicyBasic(tx *dbs.Tx, policyId int64) (*HTTPFirewallPolicy, error) { + result, err := this.Query(tx). + Pk(policyId). + Result("id", "name", "serverId", "isOn"). + Attr("state", HTTPFirewallPolicyStateEnabled). + Find() + if result == nil { + return nil, err + } + return result.(*HTTPFirewallPolicy), err +} + // FindAllEnabledFirewallPolicies 查找所有可用策略 func (this *HTTPFirewallPolicyDAO) FindAllEnabledFirewallPolicies(tx *dbs.Tx) (result []*HTTPFirewallPolicy, err error) { _, err = this.Query(tx). diff --git a/internal/db/models/ip_item_dao.go b/internal/db/models/ip_item_dao.go index 1a1f6fe1..8b2f7e18 100644 --- a/internal/db/models/ip_item_dao.go +++ b/internal/db/models/ip_item_dao.go @@ -98,7 +98,21 @@ func (this *IPItemDAO) DisableOldIPItem(tx *dbs.Tx, listId int64, ipFrom string, } // CreateIPItem 创建IP -func (this *IPItemDAO) CreateIPItem(tx *dbs.Tx, listId int64, ipFrom string, ipTo string, expiredAt int64, reason string, itemType IPItemType, eventLevel string) (int64, error) { +func (this *IPItemDAO) CreateIPItem(tx *dbs.Tx, + listId int64, + ipFrom string, + ipTo string, + expiredAt int64, + reason string, + itemType IPItemType, + eventLevel string, + nodeId int64, + serverId int64, + sourceNodeId int64, + sourceServerId int64, + sourceHTTPFirewallPolicyId int64, + sourceHTTPFirewallRuleGroupId int64, + sourceHTTPFirewallRuleSetId int64) (int64, error) { version, err := SharedIPListDAO.IncreaseVersion(tx) if err != nil { return 0, err @@ -118,6 +132,15 @@ func (this *IPItemDAO) CreateIPItem(tx *dbs.Tx, listId int64, ipFrom string, ipT expiredAt = 0 } op.ExpiredAt = expiredAt + + op.NodeId = nodeId + op.ServerId = serverId + op.SourceNodeId = sourceNodeId + op.SourceServerId = sourceServerId + op.SourceHTTPFirewallPolicyId = sourceHTTPFirewallPolicyId + op.SourceHTTPFirewallRuleGroupId = sourceHTTPFirewallRuleGroupId + op.SourceHTTPFirewallRuleSetId = sourceHTTPFirewallRuleSetId + op.State = IPItemStateEnabled err = this.Save(tx, op) if err != nil { diff --git a/internal/db/models/ip_item_model.go b/internal/db/models/ip_item_model.go index 0bf8fab6..a2072498 100644 --- a/internal/db/models/ip_item_model.go +++ b/internal/db/models/ip_item_model.go @@ -1,38 +1,52 @@ package models -// IP +// IPItem IP type IPItem struct { - Id uint64 `field:"id"` // ID - ListId uint32 `field:"listId"` // 所属名单ID - Type string `field:"type"` // 类型 - IpFrom string `field:"ipFrom"` // 开始IP - IpTo string `field:"ipTo"` // 结束IP - IpFromLong uint64 `field:"ipFromLong"` // 开始IP整型 - IpToLong uint64 `field:"ipToLong"` // 结束IP整型 - Version uint64 `field:"version"` // 版本 - CreatedAt uint64 `field:"createdAt"` // 创建时间 - UpdatedAt uint64 `field:"updatedAt"` // 修改时间 - Reason string `field:"reason"` // 加入说明 - EventLevel string `field:"eventLevel"` // 事件级别 - State uint8 `field:"state"` // 状态 - ExpiredAt uint64 `field:"expiredAt"` // 过期时间 + Id uint64 `field:"id"` // ID + ListId uint32 `field:"listId"` // 所属名单ID + Type string `field:"type"` // 类型 + IpFrom string `field:"ipFrom"` // 开始IP + IpTo string `field:"ipTo"` // 结束IP + IpFromLong uint64 `field:"ipFromLong"` // 开始IP整型 + IpToLong uint64 `field:"ipToLong"` // 结束IP整型 + Version uint64 `field:"version"` // 版本 + CreatedAt uint64 `field:"createdAt"` // 创建时间 + UpdatedAt uint64 `field:"updatedAt"` // 修改时间 + Reason string `field:"reason"` // 加入说明 + EventLevel string `field:"eventLevel"` // 事件级别 + State uint8 `field:"state"` // 状态 + ExpiredAt uint64 `field:"expiredAt"` // 过期时间 + ServerId uint32 `field:"serverId"` // 有效范围服务ID + NodeId uint32 `field:"nodeId"` // 有效范围节点ID + SourceNodeId uint32 `field:"sourceNodeId"` // 来源节点ID + SourceServerId uint32 `field:"sourceServerId"` // 来源服务ID + SourceHTTPFirewallPolicyId uint32 `field:"sourceHTTPFirewallPolicyId"` // 来源策略ID + SourceHTTPFirewallRuleGroupId uint32 `field:"sourceHTTPFirewallRuleGroupId"` // 来源规则集分组ID + SourceHTTPFirewallRuleSetId uint32 `field:"sourceHTTPFirewallRuleSetId"` // 来源规则集ID } type IPItemOperator struct { - Id interface{} // ID - ListId interface{} // 所属名单ID - Type interface{} // 类型 - IpFrom interface{} // 开始IP - IpTo interface{} // 结束IP - IpFromLong interface{} // 开始IP整型 - IpToLong interface{} // 结束IP整型 - Version interface{} // 版本 - CreatedAt interface{} // 创建时间 - UpdatedAt interface{} // 修改时间 - Reason interface{} // 加入说明 - EventLevel interface{} // 事件级别 - State interface{} // 状态 - ExpiredAt interface{} // 过期时间 + Id interface{} // ID + ListId interface{} // 所属名单ID + Type interface{} // 类型 + IpFrom interface{} // 开始IP + IpTo interface{} // 结束IP + IpFromLong interface{} // 开始IP整型 + IpToLong interface{} // 结束IP整型 + Version interface{} // 版本 + CreatedAt interface{} // 创建时间 + UpdatedAt interface{} // 修改时间 + Reason interface{} // 加入说明 + EventLevel interface{} // 事件级别 + State interface{} // 状态 + ExpiredAt interface{} // 过期时间 + ServerId interface{} // 有效范围服务ID + NodeId interface{} // 有效范围节点ID + SourceNodeId interface{} // 来源节点ID + SourceServerId interface{} // 来源服务ID + SourceHTTPFirewallPolicyId interface{} // 来源策略ID + SourceHTTPFirewallRuleGroupId interface{} // 来源规则集分组ID + SourceHTTPFirewallRuleSetId interface{} // 来源规则集ID } func NewIPItemOperator() *IPItemOperator { diff --git a/internal/rpc/services/service_ip_item.go b/internal/rpc/services/service_ip_item.go index 17373f78..016b2cb6 100644 --- a/internal/rpc/services/service_ip_item.go +++ b/internal/rpc/services/service_ip_item.go @@ -62,7 +62,7 @@ func (this *IPItemService) CreateIPItem(ctx context.Context, req *pb.CreateIPIte return nil, err } - itemId, err := models.SharedIPItemDAO.CreateIPItem(tx, req.IpListId, req.IpFrom, req.IpTo, req.ExpiredAt, req.Reason, req.Type, req.EventLevel) + itemId, err := models.SharedIPItemDAO.CreateIPItem(tx, req.IpListId, req.IpFrom, req.IpTo, req.ExpiredAt, req.Reason, req.Type, req.EventLevel, req.NodeId, req.ServerId, req.SourceNodeId, req.SourceServerId, req.SourceHTTPFirewallPolicyId, req.SourceHTTPFirewallRuleGroupId, req.SourceHTTPFirewallRuleSetId) if err != nil { return nil, err } @@ -185,16 +185,82 @@ func (this *IPItemService) ListIPItemsWithListId(ctx context.Context, req *pb.Li item.Type = models.IPItemTypeIPv4 } + // server + var pbSourceServer *pb.Server + if item.SourceServerId > 0 { + serverName, err := models.SharedServerDAO.FindEnabledServerName(tx, int64(item.SourceServerId)) + if err != nil { + return nil, err + } + pbSourceServer = &pb.Server{ + Id: int64(item.SourceServerId), + Name: serverName, + } + } + + // WAF策略 + var pbSourcePolicy *pb.HTTPFirewallPolicy + if item.SourceHTTPFirewallPolicyId > 0 { + policy, err := models.SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicyBasic(tx, int64(item.SourceHTTPFirewallPolicyId)) + if err != nil { + return nil, err + } + if policy != nil { + pbSourcePolicy = &pb.HTTPFirewallPolicy{ + Id: int64(item.SourceHTTPFirewallPolicyId), + Name: policy.Name, + ServerId: int64(policy.ServerId), + } + } + } + + // WAF分组 + var pbSourceGroup *pb.HTTPFirewallRuleGroup + if item.SourceHTTPFirewallRuleGroupId > 0 { + groupName, err := models.SharedHTTPFirewallRuleGroupDAO.FindHTTPFirewallRuleGroupName(tx, int64(item.SourceHTTPFirewallRuleGroupId)) + if err != nil { + return nil, err + } + pbSourceGroup = &pb.HTTPFirewallRuleGroup{ + Id: int64(item.SourceHTTPFirewallRuleGroupId), + Name: groupName, + } + } + + // WAF规则集 + var pbSourceSet *pb.HTTPFirewallRuleSet + if item.SourceHTTPFirewallRuleSetId > 0 { + setName, err := models.SharedHTTPFirewallRuleSetDAO.FindHTTPFirewallRuleSetName(tx, int64(item.SourceHTTPFirewallRuleSetId)) + if err != nil { + return nil, err + } + pbSourceSet = &pb.HTTPFirewallRuleSet{ + Id: int64(item.SourceHTTPFirewallRuleSetId), + Name: setName, + } + } + result = append(result, &pb.IPItem{ - Id: int64(item.Id), - IpFrom: item.IpFrom, - IpTo: item.IpTo, - Version: int64(item.Version), - CreatedAt: int64(item.CreatedAt), - ExpiredAt: int64(item.ExpiredAt), - Reason: item.Reason, - Type: item.Type, - EventLevel: item.EventLevel, + Id: int64(item.Id), + IpFrom: item.IpFrom, + IpTo: item.IpTo, + Version: int64(item.Version), + CreatedAt: int64(item.CreatedAt), + ExpiredAt: int64(item.ExpiredAt), + Reason: item.Reason, + Type: item.Type, + EventLevel: item.EventLevel, + NodeId: int64(item.NodeId), + ServerId: int64(item.ServerId), + SourceNodeId: int64(item.SourceNodeId), + SourceServerId: int64(item.SourceServerId), + SourceHTTPFirewallPolicyId: int64(item.SourceHTTPFirewallPolicyId), + SourceHTTPFirewallRuleGroupId: int64(item.SourceHTTPFirewallRuleGroupId), + SourceHTTPFirewallRuleSetId: int64(item.SourceHTTPFirewallRuleSetId), + SourceServer: pbSourceServer, + SourceHTTPFirewallPolicy: pbSourcePolicy, + SourceHTTPFirewallRuleGroup: pbSourceGroup, + SourceHTTPFirewallRuleSet: pbSourceSet, }) } @@ -240,6 +306,8 @@ func (this *IPItemService) FindEnabledIPItem(ctx context.Context, req *pb.FindEn Reason: item.Reason, Type: item.Type, EventLevel: item.EventLevel, + NodeId: int64(item.NodeId), + ServerId: int64(item.ServerId), }}, nil } @@ -282,6 +350,8 @@ func (this *IPItemService) ListIPItemsAfterVersion(ctx context.Context, req *pb. Type: item.Type, EventLevel: item.EventLevel, ListType: listType, + NodeId: int64(item.NodeId), + ServerId: int64(item.ServerId), }) }