创建集群时自动创建缓存策略和WAF策略

2025-11-06 10:00:24 +08:00 · 2021-08-25 11:18:37 +08:00
parent e4f0dafc1a
commit fc38a6ab7e
7 changed files with 187 additions and 7 deletions
--- a/internal/db/models/http_cache_policy_dao.go
+++ b/internal/db/models/http_cache_policy_dao.go
@@ -156,6 +156,44 @@ func (this *HTTPCachePolicyDAO) CreateCachePolicy(tx *dbs.Tx, isOn bool, name st
 	return types.Int64(op.Id), nil
 }

+// CreateDefaultCachePolicy 创建默认的缓存策略
+func (this *HTTPCachePolicyDAO) CreateDefaultCachePolicy(tx *dbs.Tx, name string) (int64, error) {
+	var capacity = &shared.SizeCapacity{
+		Count: 64,
+		Unit:  shared.SizeCapacityUnitGB,
+	}
+	capacityJSON, err := capacity.AsJSON()
+	if err != nil {
+		return 0, err
+	}
+
+	var maxSize = &shared.SizeCapacity{
+		Count: 256,
+		Unit:  shared.SizeCapacityUnitMB,
+	}
+	if err != nil {
+		return 0, err
+	}
+	maxSizeJSON, err := maxSize.AsJSON()
+	if err != nil {
+		return 0, err
+	}
+
+	var storageOptions = &serverconfigs.HTTPFileCacheStorage{
+		Dir: "/opt/cache",
+	}
+	storageOptionsJSON, err := json.Marshal(storageOptions)
+	if err != nil {
+		return 0, err
+	}
+
+	policyId, err := this.CreateCachePolicy(tx, true, "\""+name+"\"缓存策略", "默认创建的缓存策略", capacityJSON, 0, maxSizeJSON, serverconfigs.CachePolicyStorageFile, storageOptionsJSON)
+	if err != nil {
+		return 0, err
+	}
+	return policyId, nil
+}
+
 // UpdateCachePolicy 修改缓存策略
 func (this *HTTPCachePolicyDAO) UpdateCachePolicy(tx *dbs.Tx, policyId int64, isOn bool, name string, description string, capacityJSON []byte, maxKeys int64, maxSizeJSON []byte, storageType string, storageOptionsJSON []byte) error {
 	if policyId <= 0 {
--- a/internal/db/models/http_firewall_policy_dao.go
+++ b/internal/db/models/http_firewall_policy_dao.go
@@ -7,6 +7,7 @@ import (
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/dbs"
+	"github.com/iwind/TeaGo/lists"
 	"github.com/iwind/TeaGo/maps"
 	"github.com/iwind/TeaGo/types"
 )
@@ -113,8 +114,73 @@ func (this *HTTPFirewallPolicyDAO) CreateFirewallPolicy(tx *dbs.Tx, userId int64
 	return types.Int64(op.Id), err
 }

+// CreateDefaultFirewallPolicy 创建默认的WAF策略
+func (this *HTTPFirewallPolicyDAO) CreateDefaultFirewallPolicy(tx *dbs.Tx, name string) (int64, error) {
+	policyId, err := this.CreateFirewallPolicy(tx, 0, 0, true, "\""+name+"\"WAF策略", "默认创建的WAF策略", nil, nil)
+	if err != nil {
+		return 0, err
+	}
+
+	// 初始化
+	var groupCodes = []string{}
+
+	templatePolicy := firewallconfigs.HTTPFirewallTemplate()
+	for _, group := range templatePolicy.AllRuleGroups() {
+		groupCodes = append(groupCodes, group.Code)
+	}
+
+	inboundConfig := &firewallconfigs.HTTPFirewallInboundConfig{IsOn: true}
+	outboundConfig := &firewallconfigs.HTTPFirewallOutboundConfig{IsOn: true}
+	if templatePolicy.Inbound != nil {
+		for _, group := range templatePolicy.Inbound.Groups {
+			isOn := lists.ContainsString(groupCodes, group.Code)
+			group.IsOn = isOn
+
+			groupId, err := SharedHTTPFirewallRuleGroupDAO.CreateGroupFromConfig(tx, group)
+			if err != nil {
+				return 0, err
+			}
+			inboundConfig.GroupRefs = append(inboundConfig.GroupRefs, &firewallconfigs.HTTPFirewallRuleGroupRef{
+				IsOn:    true,
+				GroupId: groupId,
+			})
+		}
+	}
+	if templatePolicy.Outbound != nil {
+		for _, group := range templatePolicy.Outbound.Groups {
+			isOn := lists.ContainsString(groupCodes, group.Code)
+			group.IsOn = isOn
+
+			groupId, err := SharedHTTPFirewallRuleGroupDAO.CreateGroupFromConfig(tx, group)
+			if err != nil {
+				return 0, err
+			}
+			outboundConfig.GroupRefs = append(outboundConfig.GroupRefs, &firewallconfigs.HTTPFirewallRuleGroupRef{
+				IsOn:    true,
+				GroupId: groupId,
+			})
+		}
+	}
+
+	inboundConfigJSON, err := json.Marshal(inboundConfig)
+	if err != nil {
+		return 0, err
+	}
+
+	outboundConfigJSON, err := json.Marshal(outboundConfig)
+	if err != nil {
+		return 0, err
+	}
+
+	err = this.UpdateFirewallPolicyInboundAndOutbound(tx, policyId, inboundConfigJSON, outboundConfigJSON, false)
+	if err != nil {
+		return 0, err
+	}
+	return policyId, nil
+}
+
 // UpdateFirewallPolicyInboundAndOutbound 修改策略的Inbound和Outbound
-func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicyInboundAndOutbound(tx *dbs.Tx, policyId int64, inboundJSON []byte, outboundJSON []byte) error {
+func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicyInboundAndOutbound(tx *dbs.Tx, policyId int64, inboundJSON []byte, outboundJSON []byte, shouldNotify bool) error {
 	if policyId <= 0 {
 		return errors.New("invalid policyId")
 	}
@@ -135,7 +201,11 @@ func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicyInboundAndOutbound(tx *db
 		return err
 	}

+	if shouldNotify {
 		return this.NotifyUpdate(tx, policyId)
+	}
+
+	return nil
 }

 // UpdateFirewallPolicyInbound 修改策略的Inbound
--- a/internal/rpc/services/service_http_firewall_policy.go
+++ b/internal/rpc/services/service_http_firewall_policy.go
@@ -109,7 +109,7 @@ func (this *HTTPFirewallPolicyService) CreateHTTPFirewallPolicy(ctx context.Cont
 		return nil, err
 	}

-	err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicyInboundAndOutbound(tx, policyId, inboundConfigJSON, outboundConfigJSON)
+	err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicyInboundAndOutbound(tx, policyId, inboundConfigJSON, outboundConfigJSON, false)
 	if err != nil {
 		return nil, err
 	}
@@ -155,7 +155,7 @@ func (this *HTTPFirewallPolicyService) CreateEmptyHTTPFirewallPolicy(ctx context
 		return nil, err
 	}

-	err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicyInboundAndOutbound(tx, policyId, inboundConfigJSON, outboundConfigJSON)
+	err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicyInboundAndOutbound(tx, policyId, inboundConfigJSON, outboundConfigJSON, false)
 	if err != nil {
 		return nil, err
 	}
@@ -308,7 +308,7 @@ func (this *HTTPFirewallPolicyService) UpdateHTTPFirewallPolicyGroups(ctx contex

 	tx := this.NullTx()

-	err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicyInboundAndOutbound(tx, req.HttpFirewallPolicyId, req.InboundJSON, req.OutboundJSON)
+	err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicyInboundAndOutbound(tx, req.HttpFirewallPolicyId, req.InboundJSON, req.OutboundJSON, true)
 	if err != nil {
 		return nil, err
 	}
@@ -624,7 +624,7 @@ func (this *HTTPFirewallPolicyService) ImportHTTPFirewallPolicy(ctx context.Cont
 		return nil, err
 	}

-	err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicyInboundAndOutbound(tx, req.HttpFirewallPolicyId, inboundJSON, outboundJSON)
+	err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicyInboundAndOutbound(tx, req.HttpFirewallPolicyId, inboundJSON, outboundJSON, true)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/rpc/services/service_node_cluster.go
+++ b/internal/rpc/services/service_node_cluster.go
@@ -30,6 +30,7 @@ func (this *NodeClusterService) CreateNodeCluster(ctx context.Context, req *pb.C
 		return nil, err
 	}

+	// 系统服务
 	systemServices := map[string]maps.Map{}
 	if len(req.SystemServicesJSON) > 0 {
 		err = json.Unmarshal(req.SystemServicesJSON, &systemServices)
@@ -40,6 +41,24 @@ func (this *NodeClusterService) CreateNodeCluster(ctx context.Context, req *pb.C

 	var clusterId int64
 	err = this.RunTx(func(tx *dbs.Tx) error {
+		// 缓存策略
+		if req.HttpCachePolicyId <= 0 {
+			policyId, err := models.SharedHTTPCachePolicyDAO.CreateDefaultCachePolicy(tx, req.Name)
+			if err != nil {
+				return err
+			}
+			req.HttpCachePolicyId = policyId
+		}
+
+		// WAF策略
+		if req.HttpFirewallPolicyId <= 0 {
+			policyId, err := models.SharedHTTPFirewallPolicyDAO.CreateDefaultFirewallPolicy(tx, req.Name)
+			if err != nil {
+				return err
+			}
+			req.HttpFirewallPolicyId = policyId
+		}
+
 		clusterId, err = models.SharedNodeClusterDAO.CreateCluster(tx, adminId, req.Name, req.NodeGrantId, req.InstallDir, req.DnsDomainId, req.DnsName, req.HttpCachePolicyId, req.HttpFirewallPolicyId, systemServices)
 		if err != nil {
 			return err
--- a/internal/setup/sql.go
+++ b/internal/setup/sql.go
--- a/internal/setup/sql_executor.go
+++ b/internal/setup/sql_executor.go
@@ -3,6 +3,7 @@ package setup
 import (
 	"encoding/json"
 	teaconst "github.com/TeaOSLab/EdgeAPI/internal/const"
+	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
 	"github.com/TeaOSLab/EdgeAPI/internal/errors"
 	"github.com/TeaOSLab/EdgeCommon/pkg/dnsconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
@@ -225,6 +226,40 @@ func (this *SQLExecutor) checkCluster(db *dbs.DB) error {
 		return err
 	}

+	// 默认缓存策略
+	models.SharedHTTPCachePolicyDAO = models.NewHTTPCachePolicyDAO()
+	models.SharedHTTPCachePolicyDAO.Instance = db
+	policyId, err := models.SharedHTTPCachePolicyDAO.CreateDefaultCachePolicy(nil, "默认集群")
+	if err != nil {
+		return err
+	}
+	_, err = db.Exec("UPDATE edgeNodeClusters SET cachePolicyId=?", policyId)
+	if err != nil {
+		return err
+	}
+
+	// 默认WAf策略
+	models.SharedHTTPFirewallPolicyDAO = models.NewHTTPFirewallPolicyDAO()
+	models.SharedHTTPFirewallPolicyDAO.Instance = db
+
+	models.SharedHTTPFirewallRuleGroupDAO = models.NewHTTPFirewallRuleGroupDAO()
+	models.SharedHTTPFirewallRuleGroupDAO.Instance = db
+
+	models.SharedHTTPFirewallRuleSetDAO = models.NewHTTPFirewallRuleSetDAO()
+	models.SharedHTTPFirewallRuleSetDAO.Instance = db
+
+	models.SharedHTTPFirewallRuleDAO = models.NewHTTPFirewallRuleDAO()
+	models.SharedHTTPFirewallRuleDAO.Instance = db
+
+	policyId, err = models.SharedHTTPFirewallPolicyDAO.CreateDefaultFirewallPolicy(nil, "默认集群")
+	if err != nil {
+		return err
+	}
+	_, err = db.Exec("UPDATE edgeNodeClusters SET httpFirewallPolicyId=?", policyId)
+	if err != nil {
+		return err
+	}
+
 	return nil
 }

--- a/internal/setup/sql_executor_test.go
+++ b/internal/setup/sql_executor_test.go
@@ -18,6 +18,24 @@ func TestSQLExecutor_Run(t *testing.T) {
 	t.Log("ok")
 }

+func TestSQLExecutor_checkCluster(t *testing.T) {
+	executor := NewSQLExecutor(&dbs.DBConfig{
+		Driver: "mysql",
+		Prefix: "edge",
+		Dsn:    "root:123456@tcp(127.0.0.1:3306)/db_edge_new?charset=utf8mb4&multiStatements=true",
+	})
+	db, err := dbs.NewInstanceFromConfig(executor.dbConfig)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = executor.checkCluster(db)
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Log("ok")
+}
+
 func TestSQLExecutor_checkMetricItems(t *testing.T) {
 	executor := NewSQLExecutor(&dbs.DBConfig{
 		Driver: "mysql",