EdgeAdmin/internal/web/actions/default/servers/components/waf/policy.go

package waf

import (
	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
	"github.com/iwind/TeaGo/maps"
)

type PolicyAction struct {
	actionutils.ParentAction
}

func (this *PolicyAction) Init() {
	this.Nav("", "", "index")
}

func (this *PolicyAction) RunGet(params struct {
	FirewallPolicyId int64
}) {
	firewallPolicy, err := dao.SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
	if err != nil {
		this.ErrorPage(err)
		return
	}
	if firewallPolicy == nil {
		this.NotFound("firewallPolicy", params.FirewallPolicyId)
		return
	}

	internalGroups := []maps.Map{}
	if firewallPolicy.Inbound != nil {
		for _, group := range firewallPolicy.Inbound.Groups {
			internalGroups = append(internalGroups, maps.Map{
				"name": group.Name,
				"isOn": group.IsOn,
			})
		}
	}
	if firewallPolicy.Outbound != nil {
		for _, group := range firewallPolicy.Outbound.Groups {
			internalGroups = append(internalGroups, maps.Map{
				"name": group.Name,
				"isOn": group.IsOn,
			})
		}
	}

	// 检查是否有升级
	var templatePolicy = firewallconfigs.HTTPFirewallTemplate()
	var upgradeItems = []maps.Map{}
	if templatePolicy.Inbound != nil {
		for _, group := range templatePolicy.Inbound.Groups {
			if len(group.Code) == 0 {
				continue
			}
			var oldGroup = firewallPolicy.FindRuleGroupWithCode(group.Code)
			if oldGroup == nil {
				upgradeItems = append(upgradeItems, maps.Map{
					"name": group.Name,
					"isOn": group.IsOn,
				})
				continue
			}
			for _, set := range group.Sets {
				if len(set.Code) == 0 {
					continue
				}
				var oldSet = oldGroup.FindRuleSetWithCode(set.Code)
				if oldSet == nil {
					upgradeItems = append(upgradeItems, maps.Map{
						"name": group.Name + " -- " + set.Name,
						"isOn": set.IsOn,
					})
					continue
				}
			}
		}
	}
	this.Data["upgradeItems"] = upgradeItems

	// 模式
	if len(firewallPolicy.Mode) == 0 {
		firewallPolicy.Mode = firewallconfigs.FirewallModeDefend
	}
	this.Data["firewallPolicy"] = maps.Map{
		"id":               firewallPolicy.Id,
		"name":             firewallPolicy.Name,
		"isOn":             firewallPolicy.IsOn,
		"description":      firewallPolicy.Description,
		"mode":             firewallPolicy.Mode,
		"modeInfo":         firewallconfigs.FindFirewallMode(firewallPolicy.Mode),
		"groups":           internalGroups,
		"blockOptions":     firewallPolicy.BlockOptions,
		"useLocalFirewall": firewallPolicy.UseLocalFirewall,
	}

	// 正在使用此策略的集群
	clustersResp, err := this.RPC().NodeClusterRPC().FindAllEnabledNodeClustersWithHTTPFirewallPolicyId(this.AdminContext(), &pb.FindAllEnabledNodeClustersWithHTTPFirewallPolicyIdRequest{HttpFirewallPolicyId: params.FirewallPolicyId})
	if err != nil {
		this.ErrorPage(err)
		return
	}
	clusterMaps := []maps.Map{}
	for _, cluster := range clustersResp.NodeClusters {
		clusterMaps = append(clusterMaps, maps.Map{
			"id":   cluster.Id,
			"name": cluster.Name,
		})
	}
	this.Data["clusters"] = clusterMaps

	this.Show()
}
实现WAF策略部分功能 2020-10-06 21:02:37 +08:00			`package waf`

			`import (`
			`"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"`
优化代码 2020-12-23 09:52:31 +08:00			`"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"`
[WAF]规则中增加请求Header长度限制和响应Header长度限制 2020-11-18 19:35:32 +08:00			`"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"`
WAF策略增加观察模式和通过模式 2021-09-30 11:30:36 +08:00			`"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"`
实现WAF策略部分功能 2020-10-06 21:02:37 +08:00			`"github.com/iwind/TeaGo/maps"`
			`)`

			`type PolicyAction struct {`
			`actionutils.ParentAction`
			`}`

			`func (this *PolicyAction) Init() {`
			`this.Nav("", "", "index")`
			`}`

			`func (this *PolicyAction) RunGet(params struct {`
			`FirewallPolicyId int64`
			`}) {`
优化代码 2020-12-23 09:52:31 +08:00			`firewallPolicy, err := dao.SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicyConfig(this.AdminContext(), params.FirewallPolicyId)`
实现WAF策略部分功能 2020-10-06 21:02:37 +08:00			`if err != nil {`
			`this.ErrorPage(err)`
			`return`
			`}`
			`if firewallPolicy == nil {`
			`this.NotFound("firewallPolicy", params.FirewallPolicyId)`
			`return`
			`}`

			`internalGroups := []maps.Map{}`
			`if firewallPolicy.Inbound != nil {`
			`for _, group := range firewallPolicy.Inbound.Groups {`
			`internalGroups = append(internalGroups, maps.Map{`
			`"name": group.Name,`
			`"isOn": group.IsOn,`
			`})`
			`}`
			`}`
			`if firewallPolicy.Outbound != nil {`
			`for _, group := range firewallPolicy.Outbound.Groups {`
			`internalGroups = append(internalGroups, maps.Map{`
			`"name": group.Name,`
			`"isOn": group.IsOn,`
			`})`
			`}`
			`}`

WAF模板中有新的规则时，可以在界面上收到提醒并点击加入 2021-10-25 12:02:03 +08:00			`// 检查是否有升级`
			`var templatePolicy = firewallconfigs.HTTPFirewallTemplate()`
增加自动检查系统更新设置 2021-12-21 15:18:11 +08:00			`var upgradeItems = []maps.Map{}`
WAF模板中有新的规则时，可以在界面上收到提醒并点击加入 2021-10-25 12:02:03 +08:00			`if templatePolicy.Inbound != nil {`
			`for _, group := range templatePolicy.Inbound.Groups {`
			`if len(group.Code) == 0 {`
			`continue`
			`}`
			`var oldGroup = firewallPolicy.FindRuleGroupWithCode(group.Code)`
			`if oldGroup == nil {`
增加自动检查系统更新设置 2021-12-21 15:18:11 +08:00			`upgradeItems = append(upgradeItems, maps.Map{`
			`"name": group.Name,`
			`"isOn": group.IsOn,`
			`})`
WAF模板中有新的规则时，可以在界面上收到提醒并点击加入 2021-10-25 12:02:03 +08:00			`continue`
			`}`
			`for _, set := range group.Sets {`
			`if len(set.Code) == 0 {`
			`continue`
			`}`
			`var oldSet = oldGroup.FindRuleSetWithCode(set.Code)`
			`if oldSet == nil {`
增加自动检查系统更新设置 2021-12-21 15:18:11 +08:00			`upgradeItems = append(upgradeItems, maps.Map{`
			`"name": group.Name + " -- " + set.Name,`
			`"isOn": set.IsOn,`
			`})`
WAF模板中有新的规则时，可以在界面上收到提醒并点击加入 2021-10-25 12:02:03 +08:00			`continue`
			`}`
			`}`
			`}`
			`}`
			`this.Data["upgradeItems"] = upgradeItems`

WAF策略增加观察模式和通过模式 2021-09-30 11:30:36 +08:00			`// 模式`
			`if len(firewallPolicy.Mode) == 0 {`
			`firewallPolicy.Mode = firewallconfigs.FirewallModeDefend`
			`}`
实现WAF策略部分功能 2020-10-06 21:02:37 +08:00			`this.Data["firewallPolicy"] = maps.Map{`
WAF策略增加是否使用本地防火墙设置 2022-01-09 17:05:51 +08:00			`"id": firewallPolicy.Id,`
			`"name": firewallPolicy.Name,`
			`"isOn": firewallPolicy.IsOn,`
			`"description": firewallPolicy.Description,`
			`"mode": firewallPolicy.Mode,`
			`"modeInfo": firewallconfigs.FindFirewallMode(firewallPolicy.Mode),`
			`"groups": internalGroups,`
			`"blockOptions": firewallPolicy.BlockOptions,`
			`"useLocalFirewall": firewallPolicy.UseLocalFirewall,`
实现WAF策略部分功能 2020-10-06 21:02:37 +08:00			`}`

集群可以设置默认的WAF策略、缓存策略 2020-12-17 15:50:44 +08:00			`// 正在使用此策略的集群`
			`clustersResp, err := this.RPC().NodeClusterRPC().FindAllEnabledNodeClustersWithHTTPFirewallPolicyId(this.AdminContext(), &pb.FindAllEnabledNodeClustersWithHTTPFirewallPolicyIdRequest{HttpFirewallPolicyId: params.FirewallPolicyId})`
[WAF]规则中增加请求Header长度限制和响应Header长度限制 2020-11-18 19:35:32 +08:00			`if err != nil {`
			`this.ErrorPage(err)`
			`return`
			`}`
集群可以设置默认的WAF策略、缓存策略 2020-12-17 15:50:44 +08:00			`clusterMaps := []maps.Map{}`
			`for _, cluster := range clustersResp.NodeClusters {`
			`clusterMaps = append(clusterMaps, maps.Map{`
			`"id": cluster.Id,`
			`"name": cluster.Name,`
[WAF]规则中增加请求Header长度限制和响应Header长度限制 2020-11-18 19:35:32 +08:00			`})`
			`}`
集群可以设置默认的WAF策略、缓存策略 2020-12-17 15:50:44 +08:00			`this.Data["clusters"] = clusterMaps`
[WAF]规则中增加请求Header长度限制和响应Header长度限制 2020-11-18 19:35:32 +08:00
实现WAF策略部分功能 2020-10-06 21:02:37 +08:00			`this.Show()`
			`}`