TRKJ/EdgeAPI
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeAPI.git synced 2025-11-12 06:10:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

[WAF]规则支持导入导出

Browse Source
This commit is contained in:
GoEdgeLab
2020-12-02 16:09:15 +08:00
parent c3004d1acc
commit f51ad97b9c
1 changed files with 156 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

156
internal/rpc/services/service_http_firewall_policy.go
View File

@@ -375,3 +375,159 @@ func (this *HTTPFirewallPolicyService) FindEnabledFirewallPolicy(ctx context.Con
OutboundJSON: []byte(policy.Outbound), OutboundJSON: []byte(policy.Outbound),
}}, nil }}, nil
} }
// 导入策略数据
func (this *HTTPFirewallPolicyService) ImportHTTPFirewallPolicy(ctx context.Context, req *pb.ImportHTTPFirewallPolicyRequest) (*pb.RPCSuccess, error) {
_, err := this.ValidateAdmin(ctx, 0)
if err != nil {
return nil, err
}
// TODO 检查权限
oldConfig, err := models.SharedHTTPFirewallPolicyDAO.ComposeFirewallPolicy(req.FirewallPolicyId)
if err != nil {
return nil, err
}
if oldConfig == nil {
return nil, errors.New("can not find policy")
}
// 解析数据
newConfig := &firewallconfigs.HTTPFirewallPolicy{}
err = json.Unmarshal(req.FirewallPolicyJSON, newConfig)
if err != nil {
return nil, err
}
// 入站分组
if newConfig.Inbound != nil {
for _, g := range newConfig.Inbound.Groups {
if len(g.Code) > 0 {
// 对于有代号的,覆盖或者添加
oldGroup := oldConfig.FindRuleGroupWithCode(g.Code)
if oldGroup == nil {
// 新创建分组
groupId, err := models.SharedHTTPFirewallRuleGroupDAO.CreateGroupFromConfig(g)
if err != nil {
return nil, err
}
oldConfig.Inbound.GroupRefs = append(oldConfig.Inbound.GroupRefs, &firewallconfigs.HTTPFirewallRuleGroupRef{
IsOn: true,
GroupId: groupId,
})
} else {
setRefs := []*firewallconfigs.HTTPFirewallRuleSetRef{}
for _, set := range g.Sets {
setId, err := models.SharedHTTPFirewallRuleSetDAO.CreateOrUpdateSetFromConfig(set)
if err != nil {
return nil, err
}
setRefs = append(setRefs, &firewallconfigs.HTTPFirewallRuleSetRef{
IsOn: true,
SetId: setId,
})
}
setsJSON, err := json.Marshal(setRefs)
if err != nil {
return nil, err
}
err = models.SharedHTTPFirewallRuleGroupDAO.UpdateGroupIsOn(oldGroup.Id, true)
if err != nil {
return nil, err
}
err = models.SharedHTTPFirewallRuleGroupDAO.UpdateGroupSets(oldGroup.Id, setsJSON)
if err != nil {
return nil, err
}
}
} else {
// 没有代号的直接创建
groupId, err := models.SharedHTTPFirewallRuleGroupDAO.CreateGroupFromConfig(g)
if err != nil {
return nil, err
}
oldConfig.Inbound.GroupRefs = append(oldConfig.Inbound.GroupRefs, &firewallconfigs.HTTPFirewallRuleGroupRef{
IsOn: true,
GroupId: groupId,
})
}
}
}
// 出站分组
if newConfig.Outbound != nil {
for _, g := range newConfig.Outbound.Groups {
if len(g.Code) > 0 {
// 对于有代号的,覆盖或者添加
oldGroup := oldConfig.FindRuleGroupWithCode(g.Code)
if oldGroup == nil {
// 新创建分组
groupId, err := models.SharedHTTPFirewallRuleGroupDAO.CreateGroupFromConfig(g)
if err != nil {
return nil, err
}
oldConfig.Outbound.GroupRefs = append(oldConfig.Outbound.GroupRefs, &firewallconfigs.HTTPFirewallRuleGroupRef{
IsOn: true,
GroupId: groupId,
})
} else {
setRefs := []*firewallconfigs.HTTPFirewallRuleSetRef{}
for _, set := range g.Sets {
setId, err := models.SharedHTTPFirewallRuleSetDAO.CreateOrUpdateSetFromConfig(set)
if err != nil {
return nil, err
}
setRefs = append(setRefs, &firewallconfigs.HTTPFirewallRuleSetRef{
IsOn: true,
SetId: setId,
})
}
setsJSON, err := json.Marshal(setRefs)
if err != nil {
return nil, err
}
err = models.SharedHTTPFirewallRuleGroupDAO.UpdateGroupIsOn(oldGroup.Id, true)
if err != nil {
return nil, err
}
err = models.SharedHTTPFirewallRuleGroupDAO.UpdateGroupSets(oldGroup.Id, setsJSON)
if err != nil {
return nil, err
}
}
} else {
// 没有代号的直接创建
groupId, err := models.SharedHTTPFirewallRuleGroupDAO.CreateGroupFromConfig(g)
if err != nil {
return nil, err
}
oldConfig.Outbound.GroupRefs = append(oldConfig.Outbound.GroupRefs, &firewallconfigs.HTTPFirewallRuleGroupRef{
IsOn: true,
GroupId: groupId,
})
}
}
}
// 保存Inbound和Outbound
oldConfig.Inbound.Groups = nil
oldConfig.Outbound.Groups = nil
inboundJSON, err := json.Marshal(oldConfig.Inbound)
if err != nil {
return nil, err
}
outboundJSON, err := json.Marshal(oldConfig.Outbound)
if err != nil {
return nil, err
}
err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicyInboundAndOutbound(req.FirewallPolicyId, inboundJSON, outboundJSON)
if err != nil {
return nil, err
}
return this.Success()
}