增加WAF策略日志设置

2025-11-04 16:00:24 +08:00 · 2022-04-21 20:00:56 +08:00
parent 8059ff4e65
commit fe520744b0
3 changed files with 49 additions and 3 deletions
--- a/internal/db/models/http_access_log_dao.go
+++ b/internal/db/models/http_access_log_dao.go
@@ -354,6 +354,7 @@ func (this *HTTPAccessLogDAO) listAccessLogs(tx *dbs.Tx,

 	// 准备查询
 	var tableQueries = []*accessLogTableQuery{}
+	var maxTableName = ""
 	for _, daoWrapper := range daoList {
 		var instance = daoWrapper.DAO.Instance
 		def, err := SharedHTTPAccessLogManager.FindPartitionTable(instance, day, partition)
@@ -364,6 +365,10 @@ func (this *HTTPAccessLogDAO) listAccessLogs(tx *dbs.Tx,
 			continue
 		}

+		if len(maxTableName) == 0 || def.Name > maxTableName {
+			maxTableName = def.Name
+		}
+
 		tableQueries = append(tableQueries, &accessLogTableQuery{
 			daoWrapper:         daoWrapper,
 			name:               def.Name,
@@ -372,6 +377,18 @@ func (this *HTTPAccessLogDAO) listAccessLogs(tx *dbs.Tx,
 		})
 	}

+	// 检查各个分表是否一致
+	if partition < 0 {
+		var newTableQueries = []*accessLogTableQuery{}
+		for _, tableQuery := range tableQueries {
+			if tableQuery.name != maxTableName {
+				continue
+			}
+			newTableQueries = append(newTableQueries, tableQuery)
+		}
+		tableQueries = newTableQueries
+	}
+
 	if len(tableQueries) == 0 {
 		return nil, "", nil
 	}
@@ -606,7 +623,7 @@ func (this *HTTPAccessLogDAO) listAccessLogs(tx *dbs.Tx,

 			locker.Lock()
 			for _, one := range ones {
-				accessLog := one.(*HTTPAccessLog)
+				var accessLog = one.(*HTTPAccessLog)
 				result = append(result, accessLog)
 			}
 			locker.Unlock()
--- a/internal/db/models/http_firewall_policy_dao.go
+++ b/internal/db/models/http_firewall_policy_dao.go
@@ -260,7 +260,18 @@ func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicyInbound(tx *dbs.Tx, polic
 }

 // UpdateFirewallPolicy 修改策略
-func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicy(tx *dbs.Tx, policyId int64, isOn bool, name string, description string, inboundJSON []byte, outboundJSON []byte, blockOptionsJSON []byte, mode firewallconfigs.FirewallMode, useLocalFirewall bool, synFloodConfig *firewallconfigs.SYNFloodConfig) error {
+func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicy(tx *dbs.Tx,
+	policyId int64,
+	isOn bool,
+	name string,
+	description string,
+	inboundJSON []byte,
+	outboundJSON []byte,
+	blockOptionsJSON []byte,
+	mode firewallconfigs.FirewallMode,
+	useLocalFirewall bool,
+	synFloodConfig *firewallconfigs.SYNFloodConfig,
+	logConfig *firewallconfigs.HTTPFirewallPolicyLogConfig) error {
 	if policyId <= 0 {
 		return errors.New("invalid policyId")
 	}
@@ -294,6 +305,16 @@ func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicy(tx *dbs.Tx, policyId int
 		op.SynFlood = "null"
 	}

+	if logConfig != nil {
+		logJSON, err := json.Marshal(logConfig)
+		if err != nil {
+			return err
+		}
+		op.Log = logJSON
+	} else {
+		op.Log = "null"
+	}
+
 	op.UseLocalFirewall = useLocalFirewall
 	err := this.Save(tx, op)
 	if err != nil {
--- a/internal/rpc/services/service_http_firewall_policy.go
+++ b/internal/rpc/services/service_http_firewall_policy.go
@@ -293,7 +293,15 @@ func (this *HTTPFirewallPolicyService) UpdateHTTPFirewallPolicy(ctx context.Cont
 		}
 	}

-	err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicy(tx, req.HttpFirewallPolicyId, req.IsOn, req.Name, req.Description, inboundConfigJSON, outboundConfigJSON, req.BlockOptionsJSON, req.Mode, req.UseLocalFirewall, synFloodConfig)
+	var logConfig = &firewallconfigs.HTTPFirewallPolicyLogConfig{}
+	if len(req.LogJSON) > 0 {
+		err = json.Unmarshal(req.LogJSON, logConfig)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicy(tx, req.HttpFirewallPolicyId, req.IsOn, req.Name, req.Description, inboundConfigJSON, outboundConfigJSON, req.BlockOptionsJSON, req.Mode, req.UseLocalFirewall, synFloodConfig, logConfig)
 	if err != nil {
 		return nil, err
 	}