EdgeAdmin/internal/web/actions/default/servers/components/waf/update.go

package waf

import (
	"encoding/json"
	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
	"github.com/TeaOSLab/EdgeCommon/pkg/langs/codes"
	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
	"github.com/iwind/TeaGo/actions"
	"github.com/iwind/TeaGo/maps"
	"github.com/iwind/TeaGo/types"
	"net/http"
)

type UpdateAction struct {
	actionutils.ParentAction
}

func (this *UpdateAction) Init() {
	this.Nav("", "", "update")
}

func (this *UpdateAction) RunGet(params struct {
	FirewallPolicyId int64
}) {
	firewallPolicy, err := dao.SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
	if err != nil {
		this.ErrorPage(err)
		return
	}
	if firewallPolicy == nil {
		this.NotFound("firewallPolicy", params.FirewallPolicyId)
		return
	}

	// block options
	if firewallPolicy.BlockOptions == nil {
		firewallPolicy.BlockOptions = &firewallconfigs.HTTPFirewallBlockAction{
			StatusCode: http.StatusForbidden,
			Body:       "Blocked By WAF",
			URL:        "",
			Timeout:    60,
		}
	}

	// page options
	if firewallPolicy.PageOptions == nil {
		firewallPolicy.PageOptions = firewallconfigs.DefaultHTTPFirewallPageAction()
	}

	// mode
	if len(firewallPolicy.Mode) == 0 {
		firewallPolicy.Mode = firewallconfigs.FirewallModeDefend
	}
	this.Data["modes"] = firewallconfigs.FindAllFirewallModes()

	// syn flood
	if firewallPolicy.SYNFlood == nil {
		firewallPolicy.SYNFlood = &firewallconfigs.SYNFloodConfig{
			IsOn:           false,
			MinAttempts:    10,
			TimeoutSeconds: 600,
			IgnoreLocal:    true,
		}
	}

	// log
	if firewallPolicy.Log == nil {
		firewallPolicy.Log = firewallconfigs.DefaultHTTPFirewallPolicyLogConfig
	}

	this.Data["firewallPolicy"] = maps.Map{
		"id":                 firewallPolicy.Id,
		"name":               firewallPolicy.Name,
		"description":        firewallPolicy.Description,
		"isOn":               firewallPolicy.IsOn,
		"mode":               firewallPolicy.Mode,
		"blockOptions":       firewallPolicy.BlockOptions,
		"pageOptions":        firewallPolicy.PageOptions,
		"captchaOptions":     firewallPolicy.CaptchaOptions,
		"useLocalFirewall":   firewallPolicy.UseLocalFirewall,
		"synFloodConfig":     firewallPolicy.SYNFlood,
		"log":                firewallPolicy.Log,
		"maxRequestBodySize": types.String(firewallPolicy.MaxRequestBodySize),
		"denyCountryHTML":    firewallPolicy.DenyCountryHTML,
		"denyProvinceHTML":   firewallPolicy.DenyProvinceHTML,
	}

	// 预置分组
	var groups = []maps.Map{}
	templatePolicy := firewallconfigs.HTTPFirewallTemplate()
	for _, group := range templatePolicy.AllRuleGroups() {
		if len(group.Code) > 0 {
			usedGroup := firewallPolicy.FindRuleGroupWithCode(group.Code)
			if usedGroup != nil {
				group.IsOn = usedGroup.IsOn
			}
		}

		groups = append(groups, maps.Map{
			"code": group.Code,
			"name": group.Name,
			"isOn": group.IsOn,
		})
	}
	this.Data["groups"] = groups

	this.Show()
}

func (this *UpdateAction) RunPost(params struct {
	FirewallPolicyId   int64
	Name               string
	GroupCodes         []string
	BlockOptionsJSON   []byte
	PageOptionsJSON    []byte
	CaptchaOptionsJSON []byte
	Description        string
	IsOn               bool
	Mode               string
	UseLocalFirewall   bool
	SynFloodJSON       []byte
	LogJSON            []byte
	MaxRequestBodySize int64
	DenyCountryHTML    string
	DenyProvinceHTML   string

	Must *actions.Must
}) {
	// 日志
	defer this.CreateLogInfo(codes.WAFPolicy_LogUpdateWAFPolicy, params.FirewallPolicyId)

	params.Must.
		Field("name", params.Name).
		Require("请输入策略名称")

	// 校验拦截选项JSON
	var blockOptions = &firewallconfigs.HTTPFirewallBlockAction{}
	err := json.Unmarshal(params.BlockOptionsJSON, blockOptions)
	if err != nil {
		this.Fail("拦截动作参数校验失败：" + err.Error())
		return
	}

	// 校验显示页面选项JSON
	var pageOptions = &firewallconfigs.HTTPFirewallPageAction{}
	err = json.Unmarshal(params.PageOptionsJSON, pageOptions)
	if err != nil {
		this.Fail("校验显示页面动作配置失败：" + err.Error())
		return
	}
	if pageOptions.Status < 100 && pageOptions.Status > 999 {
		this.Fail("显示页面动作的状态码配置错误：" + types.String(pageOptions.Status))
		return
	}

	// 校验验证码选项JSON
	var captchaOptions = &firewallconfigs.HTTPFirewallCaptchaAction{}
	err = json.Unmarshal(params.CaptchaOptionsJSON, captchaOptions)
	if err != nil {
		this.Fail("验证码动作参数校验失败：" + err.Error())
		return
	}

	// 检查极验配置
	if captchaOptions.CaptchaType == firewallconfigs.CaptchaTypeGeeTest || captchaOptions.GeeTestConfig.IsOn {
		if captchaOptions.CaptchaType == firewallconfigs.CaptchaTypeGeeTest && !captchaOptions.GeeTestConfig.IsOn {
			this.Fail("人机识别动作配置的默认验证方式为极验-行为验，所以需要选择允许用户使用极验")
			return
		}

		if len(captchaOptions.GeeTestConfig.CaptchaId) == 0 {
			this.FailField("geetestCaptchaId", "请输入极验-验证ID")
			return
		}
		if len(captchaOptions.GeeTestConfig.CaptchaKey) == 0 {
			this.FailField("geetestCaptchaKey", "请输入极验-验证Key")
			return
		}
	}

	// 最大内容尺寸
	if params.MaxRequestBodySize < 0 {
		params.MaxRequestBodySize = 0
	}

	_, err = this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallPolicy(this.AdminContext(), &pb.UpdateHTTPFirewallPolicyRequest{
		HttpFirewallPolicyId: params.FirewallPolicyId,
		IsOn:                 params.IsOn,
		Name:                 params.Name,
		Description:          params.Description,
		FirewallGroupCodes:   params.GroupCodes,
		BlockOptionsJSON:     params.BlockOptionsJSON,
		PageOptionsJSON:      params.PageOptionsJSON,
		CaptchaOptionsJSON:   params.CaptchaOptionsJSON,
		Mode:                 params.Mode,
		UseLocalFirewall:     params.UseLocalFirewall,
		SynFloodJSON:         params.SynFloodJSON,
		LogJSON:              params.LogJSON,
		MaxRequestBodySize:   params.MaxRequestBodySize,
		DenyCountryHTML:      params.DenyCountryHTML,
		DenyProvinceHTML:     params.DenyProvinceHTML,
	})
	if err != nil {
		this.ErrorPage(err)
		return
	}

	this.Success()
}
实现WAF策略部分功能 2020-10-06 21:02:37 +08:00			`package waf`

			`import (`
内容压缩支持brotli和deflate 2021-09-29 20:12:27 +08:00			`"encoding/json"`
实现WAF策略部分功能 2020-10-06 21:02:37 +08:00			`"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"`
部分中文转换为多语言代号 2023-06-30 18:08:30 +08:00			`"github.com/TeaOSLab/EdgeCommon/pkg/langs/codes"`
优化代码 2020-12-23 09:52:31 +08:00			`"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"`
实现WAF策略部分功能 2020-10-06 21:02:37 +08:00			`"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"`
			`"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"`
			`"github.com/iwind/TeaGo/actions"`
			`"github.com/iwind/TeaGo/maps"`
WAF策略增加“最多检查内容尺寸“选项 2023-08-02 16:58:45 +08:00			`"github.com/iwind/TeaGo/types"`
[waf]可以配置阻止动作的状态码和提示内容 2020-11-22 16:54:31 +08:00			`"net/http"`
实现WAF策略部分功能 2020-10-06 21:02:37 +08:00			`)`

			`type UpdateAction struct {`
			`actionutils.ParentAction`
			`}`

			`func (this *UpdateAction) Init() {`
			`this.Nav("", "", "update")`
			`}`

			`func (this *UpdateAction) RunGet(params struct {`
			`FirewallPolicyId int64`
			`}) {`
优化代码 2020-12-23 09:52:31 +08:00			`firewallPolicy, err := dao.SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicyConfig(this.AdminContext(), params.FirewallPolicyId)`
实现WAF策略部分功能 2020-10-06 21:02:37 +08:00			`if err != nil {`
			`this.ErrorPage(err)`
			`return`
			`}`
			`if firewallPolicy == nil {`
			`this.NotFound("firewallPolicy", params.FirewallPolicyId)`
			`return`
			`}`
[waf]可以配置阻止动作的状态码和提示内容 2020-11-22 16:54:31 +08:00
WAF策略增加显示页面动作默认设置 2024-01-20 16:17:28 +08:00			`// block options`
[waf]可以配置阻止动作的状态码和提示内容 2020-11-22 16:54:31 +08:00			`if firewallPolicy.BlockOptions == nil {`
			`firewallPolicy.BlockOptions = &firewallconfigs.HTTPFirewallBlockAction{`
			`StatusCode: http.StatusForbidden,`
			`Body: "Blocked By WAF",`
			`URL: "",`
内容压缩支持brotli和deflate 2021-09-29 20:12:27 +08:00			`Timeout: 60,`
[waf]可以配置阻止动作的状态码和提示内容 2020-11-22 16:54:31 +08:00			`}`
			`}`

WAF策略增加显示页面动作默认设置 2024-01-20 16:17:28 +08:00			`// page options`
			`if firewallPolicy.PageOptions == nil {`
			`firewallPolicy.PageOptions = firewallconfigs.DefaultHTTPFirewallPageAction()`
			`}`

WAF策略增加观察模式和通过模式 2021-09-30 11:30:36 +08:00			`// mode`
			`if len(firewallPolicy.Mode) == 0 {`
			`firewallPolicy.Mode = firewallconfigs.FirewallModeDefend`
			`}`
			`this.Data["modes"] = firewallconfigs.FindAllFirewallModes()`

实现自动SYN Flood防护 2022-01-10 19:54:29 +08:00			`// syn flood`
			`if firewallPolicy.SYNFlood == nil {`
			`firewallPolicy.SYNFlood = &firewallconfigs.SYNFloodConfig{`
			`IsOn: false,`
			`MinAttempts: 10,`
			`TimeoutSeconds: 600,`
			`IgnoreLocal: true,`
			`}`
			`}`

增加WAF日志配置/WAF策略中之日志中增加分表查询 2022-04-21 19:45:25 +08:00			`// log`
			`if firewallPolicy.Log == nil {`
			`firewallPolicy.Log = firewallconfigs.DefaultHTTPFirewallPolicyLogConfig`
			`}`

实现WAF策略部分功能 2020-10-06 21:02:37 +08:00			`this.Data["firewallPolicy"] = maps.Map{`
WAF策略增加“最多检查内容尺寸“选项 2023-08-02 16:58:45 +08:00			`"id": firewallPolicy.Id,`
			`"name": firewallPolicy.Name,`
			`"description": firewallPolicy.Description,`
			`"isOn": firewallPolicy.IsOn,`
			`"mode": firewallPolicy.Mode,`
			`"blockOptions": firewallPolicy.BlockOptions,`
WAF策略增加显示页面动作默认设置 2024-01-20 16:17:28 +08:00			`"pageOptions": firewallPolicy.PageOptions,`
WAF策略增加“最多检查内容尺寸“选项 2023-08-02 16:58:45 +08:00			`"captchaOptions": firewallPolicy.CaptchaOptions,`
			`"useLocalFirewall": firewallPolicy.UseLocalFirewall,`
			`"synFloodConfig": firewallPolicy.SYNFlood,`
			`"log": firewallPolicy.Log,`
			`"maxRequestBodySize": types.String(firewallPolicy.MaxRequestBodySize),`
WAF策略可以自定义默认的区域/省份封禁提示 2023-08-10 10:30:38 +08:00			`"denyCountryHTML": firewallPolicy.DenyCountryHTML,`
			`"denyProvinceHTML": firewallPolicy.DenyProvinceHTML,`
实现WAF策略部分功能 2020-10-06 21:02:37 +08:00			`}`

			`// 预置分组`
增加WAF日志配置/WAF策略中之日志中增加分表查询 2022-04-21 19:45:25 +08:00			`var groups = []maps.Map{}`
实现WAF策略部分功能 2020-10-06 21:02:37 +08:00			`templatePolicy := firewallconfigs.HTTPFirewallTemplate()`
			`for _, group := range templatePolicy.AllRuleGroups() {`
			`if len(group.Code) > 0 {`
			`usedGroup := firewallPolicy.FindRuleGroupWithCode(group.Code)`
			`if usedGroup != nil {`
			`group.IsOn = usedGroup.IsOn`
			`}`
			`}`

			`groups = append(groups, maps.Map{`
			`"code": group.Code,`
			`"name": group.Name,`
			`"isOn": group.IsOn,`
			`})`
			`}`
			`this.Data["groups"] = groups`

			`this.Show()`
			`}`

			`func (this *UpdateAction) RunPost(params struct {`
WAF策略中增加验证码相关定制设置 2022-05-20 22:07:04 +08:00			`FirewallPolicyId int64`
			`Name string`
			`GroupCodes []string`
			`BlockOptionsJSON []byte`
WAF策略增加显示页面动作默认设置 2024-01-20 16:17:28 +08:00			`PageOptionsJSON []byte`
WAF策略中增加验证码相关定制设置 2022-05-20 22:07:04 +08:00			`CaptchaOptionsJSON []byte`
			`Description string`
			`IsOn bool`
			`Mode string`
			`UseLocalFirewall bool`
			`SynFloodJSON []byte`
			`LogJSON []byte`
WAF策略增加“最多检查内容尺寸“选项 2023-08-02 16:58:45 +08:00			`MaxRequestBodySize int64`
WAF策略可以自定义默认的区域/省份封禁提示 2023-08-10 10:30:38 +08:00			`DenyCountryHTML string`
			`DenyProvinceHTML string`
实现WAF策略部分功能 2020-10-06 21:02:37 +08:00
			`Must *actions.Must`
			`}) {`
增加若干操作日志/代理服务DNS CNAME显示的地方增加拷贝到剪贴板图标 2020-11-17 15:41:43 +08:00			`// 日志`
部分中文转换为多语言代号 2023-06-30 18:08:30 +08:00			`defer this.CreateLogInfo(codes.WAFPolicy_LogUpdateWAFPolicy, params.FirewallPolicyId)`
增加若干操作日志/代理服务DNS CNAME显示的地方增加拷贝到剪贴板图标 2020-11-17 15:41:43 +08:00
实现WAF策略部分功能 2020-10-06 21:02:37 +08:00			`params.Must.`
			`Field("name", params.Name).`
			`Require("请输入策略名称")`

WAF策略中增加验证码相关定制设置 2022-05-20 22:07:04 +08:00			`// 校验拦截选项JSON`
内容压缩支持brotli和deflate 2021-09-29 20:12:27 +08:00			`var blockOptions = &firewallconfigs.HTTPFirewallBlockAction{}`
			`err := json.Unmarshal(params.BlockOptionsJSON, blockOptions)`
			`if err != nil {`
			`this.Fail("拦截动作参数校验失败：" + err.Error())`
WAF策略增加显示页面动作默认设置 2024-01-20 16:17:28 +08:00			`return`
			`}`

			`// 校验显示页面选项JSON`
			`var pageOptions = &firewallconfigs.HTTPFirewallPageAction{}`
			`err = json.Unmarshal(params.PageOptionsJSON, pageOptions)`
			`if err != nil {`
			`this.Fail("校验显示页面动作配置失败：" + err.Error())`
			`return`
			`}`
			`if pageOptions.Status < 100 && pageOptions.Status > 999 {`
			`this.Fail("显示页面动作的状态码配置错误：" + types.String(pageOptions.Status))`
			`return`
内容压缩支持brotli和deflate 2021-09-29 20:12:27 +08:00			`}`

WAF策略中增加验证码相关定制设置 2022-05-20 22:07:04 +08:00			`// 校验验证码选项JSON`
			`var captchaOptions = &firewallconfigs.HTTPFirewallCaptchaAction{}`
			`err = json.Unmarshal(params.CaptchaOptionsJSON, captchaOptions)`
			`if err != nil {`
			`this.Fail("验证码动作参数校验失败：" + err.Error())`
WAF策略增加显示页面动作默认设置 2024-01-20 16:17:28 +08:00			`return`
WAF策略中增加验证码相关定制设置 2022-05-20 22:07:04 +08:00			`}`

增加“极验-行为验”验证码集成支持 2023-11-29 16:57:58 +08:00			`// 检查极验配置`
			`if captchaOptions.CaptchaType == firewallconfigs.CaptchaTypeGeeTest \|\| captchaOptions.GeeTestConfig.IsOn {`
			`if captchaOptions.CaptchaType == firewallconfigs.CaptchaTypeGeeTest && !captchaOptions.GeeTestConfig.IsOn {`
			`this.Fail("人机识别动作配置的默认验证方式为极验-行为验，所以需要选择允许用户使用极验")`
			`return`
			`}`

			`if len(captchaOptions.GeeTestConfig.CaptchaId) == 0 {`
			`this.FailField("geetestCaptchaId", "请输入极验-验证ID")`
			`return`
			`}`
			`if len(captchaOptions.GeeTestConfig.CaptchaKey) == 0 {`
			`this.FailField("geetestCaptchaKey", "请输入极验-验证Key")`
			`return`
			`}`
			`}`

WAF策略增加“最多检查内容尺寸“选项 2023-08-02 16:58:45 +08:00			`// 最大内容尺寸`
			`if params.MaxRequestBodySize < 0 {`
			`params.MaxRequestBodySize = 0`
			`}`

内容压缩支持brotli和deflate 2021-09-29 20:12:27 +08:00			`_, err = this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallPolicy(this.AdminContext(), &pb.UpdateHTTPFirewallPolicyRequest{`
集群可以设置默认的WAF策略、缓存策略 2020-12-17 15:50:44 +08:00			`HttpFirewallPolicyId: params.FirewallPolicyId,`
			`IsOn: params.IsOn,`
			`Name: params.Name,`
			`Description: params.Description,`
			`FirewallGroupCodes: params.GroupCodes,`
			`BlockOptionsJSON: params.BlockOptionsJSON,`
WAF策略增加显示页面动作默认设置 2024-01-20 16:17:28 +08:00			`PageOptionsJSON: params.PageOptionsJSON,`
WAF策略中增加验证码相关定制设置 2022-05-20 22:07:04 +08:00			`CaptchaOptionsJSON: params.CaptchaOptionsJSON,`
WAF策略增加观察模式和通过模式 2021-09-30 11:30:36 +08:00			`Mode: params.Mode,`
WAF策略增加是否使用本地防火墙设置 2022-01-09 17:05:51 +08:00			`UseLocalFirewall: params.UseLocalFirewall,`
实现自动SYN Flood防护 2022-01-10 19:54:29 +08:00			`SynFloodJSON: params.SynFloodJSON,`
增加WAF日志配置/WAF策略中之日志中增加分表查询 2022-04-21 19:45:25 +08:00			`LogJSON: params.LogJSON,`
WAF策略增加“最多检查内容尺寸“选项 2023-08-02 16:58:45 +08:00			`MaxRequestBodySize: params.MaxRequestBodySize,`
WAF策略可以自定义默认的区域/省份封禁提示 2023-08-10 10:30:38 +08:00			`DenyCountryHTML: params.DenyCountryHTML,`
			`DenyProvinceHTML: params.DenyProvinceHTML,`
实现WAF策略部分功能 2020-10-06 21:02:37 +08:00			`})`
			`if err != nil {`
			`this.ErrorPage(err)`
			`return`
			`}`

			`this.Success()`
			`}`