TRKJ/EdgeAPI
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeAPI.git synced 2025-11-02 22:10:26 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
2ed5aaa5ab968535fc9afa364df0e72b77d29676
EdgeAPI/internal/db/models/ip_list_dao.go
GoEdgeLab 2ed5aaa5ab 可以使用代号搜索IP名单
2024-05-06 08:56:16 +08:00

424 lines
10 KiB
Go
Raw Blame History

package models
import (
dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils"
"github.com/TeaOSLab/EdgeAPI/internal/errors"
"github.com/TeaOSLab/EdgeAPI/internal/utils"
"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/ipconfigs"
_ "github.com/go-sql-driver/mysql"
"github.com/iwind/TeaGo/Tea"
"github.com/iwind/TeaGo/dbs"
"github.com/iwind/TeaGo/lists"
"github.com/iwind/TeaGo/maps"
"github.com/iwind/TeaGo/types"
"regexp"
)
const (
IPListStateEnabled = 1 // 已启用
IPListStateDisabled = 0 // 已禁用
)
var listTypeCacheMap = map[int64]*IPList{} // listId => *IPList
var DefaultGlobalBlackIPList = &IPList{
Id: uint32(firewallconfigs.GlobalBlackListId),
Name: "系统黑名单",
IsPublic: true,
IsGlobal: true,
Type: "black",
State: IPListStateEnabled,
IsOn: true,
}
var DefaultGlobalWhiteIPList = &IPList{
Id: uint32(firewallconfigs.GlobalWhiteListId),
Name: "系统白名单",
IsPublic: true,
IsGlobal: true,
Type: "white",
State: IPListStateEnabled,
IsOn: true,
}
var DefaultGlobalGreyIPList = &IPList{
Id: uint32(firewallconfigs.GlobalGreyListId),
Name: "系统灰名单",
IsPublic: true,
IsGlobal: true,
Type: "grey",
State: IPListStateEnabled,
IsOn: true,
}
var ipListCodeRegexp = regexp.MustCompile(`^[a-zA-Z0-9_-]+$`)
type IPListDAO dbs.DAO
func NewIPListDAO() *IPListDAO {
return dbs.NewDAO(&IPListDAO{
DAOObject: dbs.DAOObject{
DB: Tea.Env,
Table: "edgeIPLists",
Model: new(IPList),
PkName: "id",
},
}).(*IPListDAO)
}
var SharedIPListDAO *IPListDAO
func init() {
dbs.OnReady(func() {
SharedIPListDAO = NewIPListDAO()
})
}
// EnableIPList 启用条目
func (this *IPListDAO) EnableIPList(tx *dbs.Tx, id int64) error {
_, err := this.Query(tx).
Pk(id).
Set("state", IPListStateEnabled).
Update()
return err
}
// DisableIPList 禁用条目
func (this *IPListDAO) DisableIPList(tx *dbs.Tx, listId int64) error {
_, err := this.Query(tx).
Pk(listId).
Set("state", IPListStateDisabled).
Update()
if err != nil {
return err
}
return this.NotifyUpdate(tx, listId, NodeTaskTypeIPListDeleted+"@"+string(maps.Map{"listId": listId}.AsJSON()))
}
// FindEnabledIPList 查找启用中的条目
func (this *IPListDAO) FindEnabledIPList(tx *dbs.Tx, id int64, cacheMap *utils.CacheMap) (*IPList, error) {
globalList, ok := this.findGlobalList(id)
if ok {
return globalList, nil
}
var cacheKey = this.Table + ":FindEnabledIPList:" + types.String(id)
if cacheMap != nil {
cache, ok := cacheMap.Get(cacheKey)
if ok {
return cache.(*IPList), nil
}
}
result, err := this.Query(tx).
Pk(id).
Attr("state", IPListStateEnabled).
Find()
if result == nil {
return nil, err
}
if cacheMap != nil {
cacheMap.Put(cacheKey, result)
}
return result.(*IPList), err
}
// FindIPListName 根据主键查找名称
func (this *IPListDAO) FindIPListName(tx *dbs.Tx, id int64) (string, error) {
return this.Query(tx).
Pk(id).
Result("name").
FindStringCol("")
}
// FindIPListCacheable 获取名单
func (this *IPListDAO) FindIPListCacheable(tx *dbs.Tx, listId int64) (*IPList, error) {
globalList, ok := this.findGlobalList(listId)
if ok {
return globalList, nil
}
// 检查缓存
SharedCacheLocker.RLock()
list, ok := listTypeCacheMap[listId]
SharedCacheLocker.RUnlock()
if ok {
return list, nil
}
one, err := this.Query(tx).
Pk(listId).
Result("isGlobal", "type", "state", "id", "isPublic", "isGlobal").
Find()
if err != nil || one == nil {
return nil, err
}
// 保存缓存
SharedCacheLocker.Lock()
listTypeCacheMap[listId] = one.(*IPList)
SharedCacheLocker.Unlock()
return one.(*IPList), nil
}
// CreateIPList 创建名单
func (this *IPListDAO) CreateIPList(tx *dbs.Tx, userId int64, serverId int64, listType ipconfigs.IPListType, name string, code string, timeoutJSON []byte, description string, isPublic bool, isGlobal bool) (int64, error) {
var op = NewIPListOperator()
op.IsOn = true
op.UserId = userId
op.ServerId = serverId
op.State = IPListStateEnabled
op.Type = listType
op.Name = name
op.Code = code
if len(timeoutJSON) > 0 {
op.Timeout = timeoutJSON
}
op.Description = description
op.IsPublic = isPublic
op.IsGlobal = isGlobal
err := this.Save(tx, op)
if err != nil {
return 0, err
}
var newListId = types.Int64(op.Id)
// 防止和全局名单ID冲突
if lists.ContainsInt64(firewallconfigs.FindGlobalListIds(), newListId) {
// 先删除
err = this.Query(tx).Pk(newListId).DeleteQuickly()
if err != nil {
return 0, err
}
// 自动创建下一个
return this.CreateIPList(tx, userId, serverId, listType, name, code, timeoutJSON, description, isPublic, isGlobal)
}
return newListId, nil
}
// UpdateIPList 修改名单
func (this *IPListDAO) UpdateIPList(tx *dbs.Tx, listId int64, name string, code string, timeoutJSON []byte, description string) error {
if listId <= 0 {
return errors.New("invalid listId")
}
var op = NewIPListOperator()
op.Id = listId
op.Name = name
op.Code = code
if len(timeoutJSON) > 0 {
op.Timeout = timeoutJSON
} else {
op.Timeout = "null"
}
op.Description = description
err := this.Save(tx, op)
return err
}
// IncreaseVersion 增加版本
func (this *IPListDAO) IncreaseVersion(tx *dbs.Tx) (int64, error) {
return SharedSysLockerDAO.Increase(tx, "IP_LIST_VERSION", 1000000)
}
// CheckUserIPList 检查用户权限
func (this *IPListDAO) CheckUserIPList(tx *dbs.Tx, userId int64, listId int64) error {
if userId == 0 || listId == 0 {
return ErrNotFound
}
// 获取名单信息
listOne, err := this.Query(tx).
Pk(listId).
Result("userId", "serverId").
Find()
if err != nil {
return err
}
if listOne == nil {
return ErrNotFound
}
var list = listOne.(*IPList)
if int64(list.UserId) == userId {
return nil
}
var serverId = int64(list.ServerId)
if serverId > 0 {
return SharedServerDAO.CheckUserServer(tx, userId, serverId)
}
return ErrNotFound
}
// CountAllEnabledIPLists 计算名单数量
func (this *IPListDAO) CountAllEnabledIPLists(tx *dbs.Tx, listType string, isPublic bool, keyword string) (int64, error) {
var query = this.Query(tx).
State(IPListStateEnabled).
Attr("type", listType).
Attr("isPublic", isPublic)
if len(keyword) > 0 {
query.Where("(name LIKE :keyword OR description LIKE :keyword OR code LIKE :keyword)").
Param("keyword", dbutils.QuoteLike(keyword))
}
return query.Count()
}
// ListEnabledIPLists 列出单页名单
func (this *IPListDAO) ListEnabledIPLists(tx *dbs.Tx, listType string, isPublic bool, keyword string, offset int64, size int64) (result []*IPList, err error) {
var query = this.Query(tx).
State(IPListStateEnabled).
Attr("type", listType).
Attr("isPublic", isPublic)
if len(keyword) > 0 {
query.Where("(name LIKE :keyword OR description LIKE :keyword OR code LIKE :keyword)").
Param("keyword", dbutils.QuoteLike(keyword))
}
_, err = query.Offset(offset).
Limit(size).
DescPk().
Slice(&result).
FindAll()
return
}
// ExistsEnabledIPList 检查IP名单是否存在
func (this *IPListDAO) ExistsEnabledIPList(tx *dbs.Tx, listId int64) (bool, error) {
if listId <= 0 {
return false, nil
}
return this.Query(tx).
Pk(listId).
State(IPListStateEnabled).
Exist()
}
// NotifyUpdate 通知更新
func (this *IPListDAO) NotifyUpdate(tx *dbs.Tx, listId int64, taskType NodeTaskType) error {
// WAF策略中的
httpFirewallPolicyIds, err := SharedHTTPFirewallPolicyDAO.FindEnabledFirewallPolicyIdsWithIPListId(tx, listId)
if err != nil {
return err
}
// 规则集动作中使用此名单的策略
ruleSetIds, err := SharedHTTPFirewallRuleSetDAO.FindAllEnabledRuleSetIdsWithIPListId(tx, listId)
if err != nil {
return err
}
for _, ruleSetId := range ruleSetIds {
ruleGroupId, err := SharedHTTPFirewallRuleGroupDAO.FindRuleGroupIdWithRuleSetId(tx, ruleSetId)
if err != nil {
return err
}
if ruleGroupId > 0 {
policyId, err := SharedHTTPFirewallPolicyDAO.FindEnabledFirewallPolicyIdWithRuleGroupId(tx, ruleGroupId)
if err != nil {
return err
}
if policyId > 0 && !lists.ContainsInt64(httpFirewallPolicyIds, policyId) {
httpFirewallPolicyIds = append(httpFirewallPolicyIds, policyId)
}
}
}
// 查找集群
var resultClusterIds = []int64{}
for _, policyId := range httpFirewallPolicyIds {
// 集群
clusterIds, err := SharedNodeClusterDAO.FindAllEnabledNodeClusterIdsWithHTTPFirewallPolicyId(tx, policyId)
if err != nil {
return err
}
for _, clusterId := range clusterIds {
if !lists.ContainsInt64(resultClusterIds, clusterId) {
resultClusterIds = append(resultClusterIds, clusterId)
}
}
// 服务
webIds, err := SharedHTTPWebDAO.FindAllWebIdsWithHTTPFirewallPolicyId(tx, policyId)
if err != nil {
return err
}
if len(webIds) > 0 {
for _, webId := range webIds {
serverId, err := SharedServerDAO.FindEnabledServerIdWithWebId(tx, webId)
if err != nil {
return err
}
if serverId > 0 {
clusterId, err := SharedServerDAO.FindServerClusterId(tx, serverId)
if err != nil {
return err
}
if !lists.ContainsInt64(resultClusterIds, clusterId) {
resultClusterIds = append(resultClusterIds, clusterId)
}
}
}
}
}
if len(resultClusterIds) > 0 {
for _, clusterId := range resultClusterIds {
err = SharedNodeTaskDAO.CreateClusterTask(tx, nodeconfigs.NodeRoleNode, clusterId, 0, 0, taskType)
if err != nil {
return err
}
}
}
return nil
}
// FindServerIdWithListId 查找IP名单对应的网站ID
func (this *IPListDAO) FindServerIdWithListId(tx *dbs.Tx, listId int64) (serverId int64, err error) {
if listId <= 0 {
return
}
serverId, err = this.Query(tx).
Pk(listId).
Result("serverId").
FindInt64Col(0)
return
}
// FindIPListIdWithCode 根据IP名单代号查找名单ID
func (this *IPListDAO) FindIPListIdWithCode(tx *dbs.Tx, listCode string) (int64, error) {
if len(listCode) == 0 {
return 0, nil
}
return this.Query(tx).
ResultPk().
State(IPListStateEnabled).
Attr("code", listCode).
FindInt64Col(0)
}
// ValidateIPListCode 校验IP名单代号格式
func (this *IPListDAO) ValidateIPListCode(code string) bool {
return ipListCodeRegexp.MatchString(code)
}
// 查找ID对应的全局名单
func (this *IPListDAO) findGlobalList(id int64) (list *IPList, ok bool) {
switch id {
case firewallconfigs.GlobalBlackListId:
return DefaultGlobalBlackIPList, true
case firewallconfigs.GlobalWhiteListId:
return DefaultGlobalWhiteIPList, true
case firewallconfigs.GlobalGreyListId:
return DefaultGlobalGreyIPList, true
}
return
}
Reference in New Issue View Git Blame Copy Permalink