实现WAF部分功能

2026-01-06 15:35:47 +08:00 · 2020-10-08 11:11:49 +08:00
parent dff460eecb
commit f32aee4ce9
6 changed files with 123 additions and 4 deletions
--- a/internal/db/models/http_firewall_rule_dao.go
+++ b/internal/db/models/http_firewall_rule_dao.go
@@ -105,8 +105,9 @@ func (this *HTTPFirewallRuleDAO) ComposeFirewallRule(ruleId int64) (*firewallcon
 }

 // 从配置中配置规则
-func (this *HTTPFirewallRuleDAO) CreateRuleFromConfig(ruleConfig *firewallconfigs.HTTPFirewallRule) (int64, error) {
+func (this *HTTPFirewallRuleDAO) CreateOrUpdateRuleFromConfig(ruleConfig *firewallconfigs.HTTPFirewallRule) (int64, error) {
 	op := NewHTTPFirewallRuleOperator()
+	op.Id = ruleConfig.Id
 	op.State = HTTPFirewallRuleStateEnabled
 	op.IsOn = ruleConfig.IsOn
 	op.Description = ruleConfig.Description
--- a/internal/db/models/http_firewall_rule_group_dao.go
+++ b/internal/db/models/http_firewall_rule_group_dao.go
@@ -131,7 +131,7 @@ func (this *HTTPFirewallRuleGroupDAO) CreateGroupFromConfig(groupConfig *firewal
 	// sets
 	setRefs := []*firewallconfigs.HTTPFirewallRuleSetRef{}
 	for _, setConfig := range groupConfig.Sets {
-		setId, err := SharedHTTPFirewallRuleSetDAO.CreateSetFromConfig(setConfig)
+		setId, err := SharedHTTPFirewallRuleSetDAO.CreateOrUpdateSetFromConfig(setConfig)
 		if err != nil {
 			return 0, err
 		}
@@ -188,3 +188,15 @@ func (this *HTTPFirewallRuleGroupDAO) UpdateGroup(groupId int64, isOn bool, name
 	_, err := this.Save(op)
 	return err
 }
+
+// 修改分组中的规则集
+func (this *HTTPFirewallRuleGroupDAO) UpdateGroupSets(groupId int64, setsJSON []byte) error {
+	if groupId <= 0 {
+		return errors.New("invalid groupId")
+	}
+	op := NewHTTPFirewallRuleGroupOperator()
+	op.Id = groupId
+	op.Sets = setsJSON
+	_, err := this.Save(op)
+	return err
+}
--- a/internal/db/models/http_firewall_rule_set_dao.go
+++ b/internal/db/models/http_firewall_rule_set_dao.go
@@ -2,6 +2,7 @@ package models

 import (
 	"encoding/json"
+	"github.com/TeaOSLab/EdgeAPI/internal/errors"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/Tea"
@@ -131,9 +132,10 @@ func (this *HTTPFirewallRuleSetDAO) ComposeFirewallRuleSet(setId int64) (*firewa
 }

 // 从配置中创建规则集
-func (this *HTTPFirewallRuleSetDAO) CreateSetFromConfig(setConfig *firewallconfigs.HTTPFirewallRuleSet) (int64, error) {
+func (this *HTTPFirewallRuleSetDAO) CreateOrUpdateSetFromConfig(setConfig *firewallconfigs.HTTPFirewallRuleSet) (int64, error) {
 	op := NewHTTPFirewallRuleSetOperator()
 	op.State = HTTPFirewallRuleSetStateEnabled
+	op.Id = setConfig.Id
 	op.IsOn = setConfig.IsOn
 	op.Name = setConfig.Name
 	op.Description = setConfig.Description
@@ -147,12 +149,14 @@ func (this *HTTPFirewallRuleSetDAO) CreateSetFromConfig(setConfig *firewallconfi
 			return 0, err
 		}
 		op.ActionOptions = actionOptionsJSON
+	} else {
+		op.ActionOptions = "{}"
 	}

 	// rules
 	ruleRefs := []*firewallconfigs.HTTPFirewallRuleRef{}
 	for _, ruleConfig := range setConfig.Rules {
-		ruleId, err := SharedHTTPFirewallRuleDAO.CreateRuleFromConfig(ruleConfig)
+		ruleId, err := SharedHTTPFirewallRuleDAO.CreateOrUpdateRuleFromConfig(ruleConfig)
 		if err != nil {
 			return 0, err
 		}
@@ -172,3 +176,15 @@ func (this *HTTPFirewallRuleSetDAO) CreateSetFromConfig(setConfig *firewallconfi
 	}
 	return types.Int64(op.Id), nil
 }
+
+// 设置是否启用
+func (this *HTTPFirewallRuleSetDAO) UpdateRuleSetIsOn(ruleSetId int64, isOn bool) error {
+	if ruleSetId <= 0 {
+		return errors.New("invalid ruleSetId")
+	}
+	_, err := this.Query().
+		Pk(ruleSetId).
+		Set("isOn", isOn).
+		Update()
+	return err
+}