IP检查也支持范围搜索

2025-11-03 23:20:26 +08:00 · 2024-04-06 15:15:33 +08:00
parent ebe3632f07
commit fc223af3f0
4 changed files with 14 additions and 61 deletions
--- a/internal/db/models/ip_item_dao.go
+++ b/internal/db/models/ip_item_dao.go
@@ -13,7 +13,6 @@ import (
 	"github.com/iwind/TeaGo/dbs"
 	"github.com/iwind/TeaGo/lists"
 	"github.com/iwind/TeaGo/types"
-	"math"
 	"net"
 	"time"
 )
@@ -264,14 +263,6 @@ func (this *IPItemDAO) CreateIPItem(tx *dbs.Tx,
 	op.IpFrom = ipFrom
 	op.IpTo = ipTo

-	// TODO 支持IPv6
-	if iputils.IsIPv4(ipFrom) {
-		op.IpFromLong = iputils.ToLong(ipFrom)
-	}
-	if iputils.IsIPv4(ipTo) {
-		op.IpToLong = iputils.ToLong(ipTo)
-	}
-
 	op.Reason = reason
 	op.Type = itemType
 	op.EventLevel = eventLevel
@@ -353,14 +344,6 @@ func (this *IPItemDAO) UpdateIPItem(tx *dbs.Tx, itemId int64, ipFrom string, ipT
 	op.IpFrom = ipFrom
 	op.IpTo = ipTo

-	// TODO 支持IPv6
-	if iputils.IsIPv4(ipFrom) {
-		op.IpFromLong = iputils.ToLong(ipFrom)
-	}
-	if iputils.IsIPv4(ipTo) {
-		op.IpToLong = iputils.ToLong(ipTo)
-	}
-
 	op.Reason = reason
 	op.Type = itemType
 	op.EventLevel = eventLevel
@@ -457,16 +440,21 @@ func (this *IPItemDAO) FindItemListId(tx *dbs.Tx, itemId int64) (int64, error) {
 }

 // FindEnabledItemContainsIP 查找包含某个IP的Item
-func (this *IPItemDAO) FindEnabledItemContainsIP(tx *dbs.Tx, listId int64, ip uint64) (*IPItem, error) {
-	query := this.Query(tx).
+func (this *IPItemDAO) FindEnabledItemContainsIP(tx *dbs.Tx, listId int64, ip string) (*IPItem, error) {
+	var query = this.Query(tx).
 		Attr("listId", listId).
 		State(IPItemStateEnabled)
-	if ip > math.MaxUint32 {
-		query.Where("(type='all' OR ipFromLong=:ip)")
-	} else {
-		query.Where("(type='all' OR ipFromLong=:ip OR (ipToLong>0 AND ipFromLong<=:ip AND ipToLong>=:ip))").
+
+	if iputils.IsIPv4(ip) {
+		query.Where("(type='all' OR ipFrom =:ip OR INET_ATON(:ip) BETWEEN INET_ATON(ipFrom) AND INET_ATON(ipTo))").
 			Param("ip", ip)
+	} else if iputils.IsIPv6(ip) {
+		query.Where("(type='all' OR ipFrom =:ip OR HEX(INET6_ATON(:ip)) BETWEEN HEX(INET6_ATON(ipFrom)) AND HEX(INET6_ATON(ipTo)))").
+			Param("ip", ip)
+	} else {
+		return nil, nil
 	}
+
 	one, err := query.Find()
 	if err != nil {
 		return nil, err
--- a/internal/rpc/services/service_http_firewall_policy.go
+++ b/internal/rpc/services/service_http_firewall_policy.go
@@ -2,7 +2,6 @@ package services

 import (
 	"context"
-	"encoding/binary"
 	"encoding/json"
 	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
 	"github.com/TeaOSLab/EdgeAPI/internal/errors"
@@ -677,10 +676,6 @@ func (this *HTTPFirewallPolicyService) CheckHTTPFirewallPolicyIPStatus(ctx conte
 			Error: "请输入正确的IP",
 		}, nil
 	}
-	var ipLong uint64
-	if ip.To4() != nil {
-		ipLong = uint64(binary.BigEndian.Uint32(ip.To4()))
-	}

 	var tx = this.NullTx()
 	firewallPolicy, err := models.SharedHTTPFirewallPolicyDAO.ComposeFirewallPolicy(tx, req.HttpFirewallPolicyId, false, nil)
@@ -716,7 +711,7 @@ func (this *HTTPFirewallPolicyService) CheckHTTPFirewallPolicyIPStatus(ctx conte
 		}

 		for _, listId := range listIds {
-			item, err := models.SharedIPItemDAO.FindEnabledItemContainsIP(tx, listId, ipLong)
+			item, err := models.SharedIPItemDAO.FindEnabledItemContainsIP(tx, listId, req.Ip)
 			if err != nil {
 				return nil, err
 			}
@@ -771,7 +766,7 @@ func (this *HTTPFirewallPolicyService) CheckHTTPFirewallPolicyIPStatus(ctx conte
 		}

 		for _, listId := range listIds {
-			item, err := models.SharedIPItemDAO.FindEnabledItemContainsIP(tx, listId, ipLong)
+			item, err := models.SharedIPItemDAO.FindEnabledItemContainsIP(tx, listId, req.Ip)
 			if err != nil {
 				return nil, err
 			}
--- a/internal/rpc/services/service_ip_item.go
+++ b/internal/rpc/services/service_ip_item.go
@@ -2,7 +2,6 @@ package services

 import (
 	"context"
-	"encoding/binary"
 	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
 	"github.com/TeaOSLab/EdgeAPI/internal/errors"
 	rpcutils "github.com/TeaOSLab/EdgeAPI/internal/rpc/utils"
@@ -492,10 +491,6 @@ func (this *IPItemService) CheckIPItemStatus(ctx context.Context, req *pb.CheckI
 			Error: "请输入正确的IP",
 		}, nil
 	}
-	var ipLong uint64
-	if ip.To4() != nil {
-		ipLong = uint64(binary.BigEndian.Uint32(ip.To4()))
-	}

 	var tx = this.NullTx()

@@ -513,7 +508,7 @@ func (this *IPItemService) CheckIPItemStatus(ctx context.Context, req *pb.CheckI
 	var isAllowed = list.Type == "white"

 	// 检查IP名单
-	item, err := models.SharedIPItemDAO.FindEnabledItemContainsIP(tx, req.IpListId, ipLong)
+	item, err := models.SharedIPItemDAO.FindEnabledItemContainsIP(tx, req.IpListId, req.Ip)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/setup/sql_upgrade.go
+++ b/internal/setup/sql_upgrade.go
@@ -6,7 +6,6 @@ import (
 	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
 	"github.com/TeaOSLab/EdgeAPI/internal/db/models/stats"
 	"github.com/TeaOSLab/EdgeAPI/internal/errors"
-	"github.com/TeaOSLab/EdgeCommon/pkg/iputils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
@@ -263,30 +262,6 @@ func upgradeV0_0_9(db *dbs.DB) error {

 // v0.0.10
 func upgradeV0_0_10(db *dbs.DB) error {
-	// IP Item列表转换
-	ones, _, err := db.FindOnes("SELECT * FROM edgeIPItems ORDER BY id ASC")
-	if err != nil {
-		return err
-	}
-	for _, one := range ones {
-		var ipFrom = one.GetString("ipFrom")
-		var ipTo = one.GetString("ipTo")
-		var ipFromLong string
-		var ipToLong string
-
-		// TODO 支持IPv6
-		if iputils.IsIPv4(ipFrom) {
-			ipFromLong = iputils.ToLong(ipFrom)
-		}
-		if iputils.IsIPv4(ipTo) {
-			ipToLong = iputils.ToLong(ipTo)
-		}
-		_, err = db.Exec("UPDATE edgeIPItems SET ipFromLong=?, ipToLong=? WHERE id=?", ipFromLong, ipToLong, one.GetInt64("id"))
-		if err != nil {
-			return err
-		}
-	}
-
 	return nil
 }