IP名单中IP创建时保存相关节点、服务、WAF策略信息

internal/db/models/http_firewall_policy_dao.go

@@ -86,6 +86,19 @@ func (this *HTTPFirewallPolicyDAO) FindHTTPFirewallPolicyName(tx *dbs.Tx, id int
 		FindStringCol("")
 }
 
+// FindEnabledHTTPFirewallPolicyBasic 获取WAF策略基本信息
+func (this *HTTPFirewallPolicyDAO) FindEnabledHTTPFirewallPolicyBasic(tx *dbs.Tx, policyId int64) (*HTTPFirewallPolicy, error) {
+	result, err := this.Query(tx).
+		Pk(policyId).
+		Result("id", "name", "serverId", "isOn").
+		Attr("state", HTTPFirewallPolicyStateEnabled).
+		Find()
+	if result == nil {
+		return nil, err
+	}
+	return result.(*HTTPFirewallPolicy), err
+}
+
 // FindAllEnabledFirewallPolicies 查找所有可用策略
 func (this *HTTPFirewallPolicyDAO) FindAllEnabledFirewallPolicies(tx *dbs.Tx) (result []*HTTPFirewallPolicy, err error) {
 	_, err = this.Query(tx).

internal/db/models/ip_item_dao.go

@@ -98,7 +98,21 @@ func (this *IPItemDAO) DisableOldIPItem(tx *dbs.Tx, listId int64, ipFrom string,
 }
 
 // CreateIPItem 创建IP
-func (this *IPItemDAO) CreateIPItem(tx *dbs.Tx, listId int64, ipFrom string, ipTo string, expiredAt int64, reason string, itemType IPItemType, eventLevel string) (int64, error) {
+func (this *IPItemDAO) CreateIPItem(tx *dbs.Tx,
+	listId int64,
+	ipFrom string,
+	ipTo string,
+	expiredAt int64,
+	reason string,
+	itemType IPItemType,
+	eventLevel string,
+	nodeId int64,
+	serverId int64,
+	sourceNodeId int64,
+	sourceServerId int64,
+	sourceHTTPFirewallPolicyId int64,
+	sourceHTTPFirewallRuleGroupId int64,
+	sourceHTTPFirewallRuleSetId int64) (int64, error) {
 	version, err := SharedIPListDAO.IncreaseVersion(tx)
 	if err != nil {
 		return 0, err
@@ -118,6 +132,15 @@ func (this *IPItemDAO) CreateIPItem(tx *dbs.Tx, listId int64, ipFrom string, ipT
 		expiredAt = 0
 	}
 	op.ExpiredAt = expiredAt
+
+	op.NodeId = nodeId
+	op.ServerId = serverId
+	op.SourceNodeId = sourceNodeId
+	op.SourceServerId = sourceServerId
+	op.SourceHTTPFirewallPolicyId = sourceHTTPFirewallPolicyId
+	op.SourceHTTPFirewallRuleGroupId = sourceHTTPFirewallRuleGroupId
+	op.SourceHTTPFirewallRuleSetId = sourceHTTPFirewallRuleSetId
+
 	op.State = IPItemStateEnabled
 	err = this.Save(tx, op)
 	if err != nil {

internal/db/models/ip_item_model.go

@@ -1,6 +1,6 @@
 package models
 
-// IP
+// IPItem IP
 type IPItem struct {
 	Id                            uint64 `field:"id"`                            // ID
 	ListId                        uint32 `field:"listId"`                        // 所属名单ID
@@ -16,6 +16,13 @@ type IPItem struct {
 	EventLevel                    string `field:"eventLevel"`                    // 事件级别
 	State                         uint8  `field:"state"`                         // 状态
 	ExpiredAt                     uint64 `field:"expiredAt"`                     // 过期时间
+	ServerId                      uint32 `field:"serverId"`                      // 有效范围服务ID
+	NodeId                        uint32 `field:"nodeId"`                        // 有效范围节点ID
+	SourceNodeId                  uint32 `field:"sourceNodeId"`                  // 来源节点ID
+	SourceServerId                uint32 `field:"sourceServerId"`                // 来源服务ID
+	SourceHTTPFirewallPolicyId    uint32 `field:"sourceHTTPFirewallPolicyId"`    // 来源策略ID
+	SourceHTTPFirewallRuleGroupId uint32 `field:"sourceHTTPFirewallRuleGroupId"` // 来源规则集分组ID
+	SourceHTTPFirewallRuleSetId   uint32 `field:"sourceHTTPFirewallRuleSetId"`   // 来源规则集ID
 }
 
 type IPItemOperator struct {
@@ -33,6 +40,13 @@ type IPItemOperator struct {
 	EventLevel                    interface{} // 事件级别
 	State                         interface{} // 状态
 	ExpiredAt                     interface{} // 过期时间
+	ServerId                      interface{} // 有效范围服务ID
+	NodeId                        interface{} // 有效范围节点ID
+	SourceNodeId                  interface{} // 来源节点ID
+	SourceServerId                interface{} // 来源服务ID
+	SourceHTTPFirewallPolicyId    interface{} // 来源策略ID
+	SourceHTTPFirewallRuleGroupId interface{} // 来源规则集分组ID
+	SourceHTTPFirewallRuleSetId   interface{} // 来源规则集ID
 }
 
 func NewIPItemOperator() *IPItemOperator {

internal/rpc/services/service_ip_item.go

@@ -62,7 +62,7 @@ func (this *IPItemService) CreateIPItem(ctx context.Context, req *pb.CreateIPIte
 		return nil, err
 	}
 
-	itemId, err := models.SharedIPItemDAO.CreateIPItem(tx, req.IpListId, req.IpFrom, req.IpTo, req.ExpiredAt, req.Reason, req.Type, req.EventLevel)
+	itemId, err := models.SharedIPItemDAO.CreateIPItem(tx, req.IpListId, req.IpFrom, req.IpTo, req.ExpiredAt, req.Reason, req.Type, req.EventLevel, req.NodeId, req.ServerId, req.SourceNodeId, req.SourceServerId, req.SourceHTTPFirewallPolicyId, req.SourceHTTPFirewallRuleGroupId, req.SourceHTTPFirewallRuleSetId)
 	if err != nil {
 		return nil, err
 	}
@@ -185,6 +185,61 @@ func (this *IPItemService) ListIPItemsWithListId(ctx context.Context, req *pb.Li
 			item.Type = models.IPItemTypeIPv4
 		}
 
+		// server
+		var pbSourceServer *pb.Server
+		if item.SourceServerId > 0 {
+			serverName, err := models.SharedServerDAO.FindEnabledServerName(tx, int64(item.SourceServerId))
+			if err != nil {
+				return nil, err
+			}
+			pbSourceServer = &pb.Server{
+				Id:   int64(item.SourceServerId),
+				Name: serverName,
+			}
+		}
+
+		// WAF策略
+		var pbSourcePolicy *pb.HTTPFirewallPolicy
+		if item.SourceHTTPFirewallPolicyId > 0 {
+			policy, err := models.SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicyBasic(tx, int64(item.SourceHTTPFirewallPolicyId))
+			if err != nil {
+				return nil, err
+			}
+			if policy != nil {
+				pbSourcePolicy = &pb.HTTPFirewallPolicy{
+					Id:       int64(item.SourceHTTPFirewallPolicyId),
+					Name:     policy.Name,
+					ServerId: int64(policy.ServerId),
+				}
+			}
+		}
+
+		// WAF分组
+		var pbSourceGroup *pb.HTTPFirewallRuleGroup
+		if item.SourceHTTPFirewallRuleGroupId > 0 {
+			groupName, err := models.SharedHTTPFirewallRuleGroupDAO.FindHTTPFirewallRuleGroupName(tx, int64(item.SourceHTTPFirewallRuleGroupId))
+			if err != nil {
+				return nil, err
+			}
+			pbSourceGroup = &pb.HTTPFirewallRuleGroup{
+				Id:   int64(item.SourceHTTPFirewallRuleGroupId),
+				Name: groupName,
+			}
+		}
+
+		// WAF规则集
+		var pbSourceSet *pb.HTTPFirewallRuleSet
+		if item.SourceHTTPFirewallRuleSetId > 0 {
+			setName, err := models.SharedHTTPFirewallRuleSetDAO.FindHTTPFirewallRuleSetName(tx, int64(item.SourceHTTPFirewallRuleSetId))
+			if err != nil {
+				return nil, err
+			}
+			pbSourceSet = &pb.HTTPFirewallRuleSet{
+				Id:   int64(item.SourceHTTPFirewallRuleSetId),
+				Name: setName,
+			}
+		}
+
 		result = append(result, &pb.IPItem{
 			Id:                            int64(item.Id),
 			IpFrom:                        item.IpFrom,
@@ -195,6 +250,17 @@ func (this *IPItemService) ListIPItemsWithListId(ctx context.Context, req *pb.Li
 			Reason:                        item.Reason,
 			Type:                          item.Type,
 			EventLevel:                    item.EventLevel,
+			NodeId:                        int64(item.NodeId),
+			ServerId:                      int64(item.ServerId),
+			SourceNodeId:                  int64(item.SourceNodeId),
+			SourceServerId:                int64(item.SourceServerId),
+			SourceHTTPFirewallPolicyId:    int64(item.SourceHTTPFirewallPolicyId),
+			SourceHTTPFirewallRuleGroupId: int64(item.SourceHTTPFirewallRuleGroupId),
+			SourceHTTPFirewallRuleSetId:   int64(item.SourceHTTPFirewallRuleSetId),
+			SourceServer:                  pbSourceServer,
+			SourceHTTPFirewallPolicy:      pbSourcePolicy,
+			SourceHTTPFirewallRuleGroup:   pbSourceGroup,
+			SourceHTTPFirewallRuleSet:     pbSourceSet,
 		})
 	}
 
@@ -240,6 +306,8 @@ func (this *IPItemService) FindEnabledIPItem(ctx context.Context, req *pb.FindEn
 		Reason:     item.Reason,
 		Type:       item.Type,
 		EventLevel: item.EventLevel,
+		NodeId:     int64(item.NodeId),
+		ServerId:   int64(item.ServerId),
 	}}, nil
 }
 
@@ -282,6 +350,8 @@ func (this *IPItemService) ListIPItemsAfterVersion(ctx context.Context, req *pb.
 			Type:       item.Type,
 			EventLevel: item.EventLevel,
 			ListType:   listType,
+			NodeId:     int64(item.NodeId),
+			ServerId:   int64(item.ServerId),
 		})
 	}