2020-10-06 21:02:37 +08:00
|
|
|
package waf
|
|
|
|
|
|
|
|
|
|
import (
|
2021-09-29 20:12:27 +08:00
|
|
|
"encoding/json"
|
2020-11-17 15:41:43 +08:00
|
|
|
"github.com/TeaOSLab/EdgeAdmin/internal/oplogs"
|
2020-10-06 21:02:37 +08:00
|
|
|
"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
|
2020-12-23 09:52:31 +08:00
|
|
|
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
|
2020-10-06 21:02:37 +08:00
|
|
|
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
|
|
|
|
|
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
|
|
|
|
|
"github.com/iwind/TeaGo/actions"
|
|
|
|
|
"github.com/iwind/TeaGo/maps"
|
2020-11-22 16:54:31 +08:00
|
|
|
"net/http"
|
2020-10-06 21:02:37 +08:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type UpdateAction struct {
|
|
|
|
|
actionutils.ParentAction
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (this *UpdateAction) Init() {
|
|
|
|
|
this.Nav("", "", "update")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (this *UpdateAction) RunGet(params struct {
|
|
|
|
|
FirewallPolicyId int64
|
|
|
|
|
}) {
|
2020-12-23 09:52:31 +08:00
|
|
|
firewallPolicy, err := dao.SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
|
2020-10-06 21:02:37 +08:00
|
|
|
if err != nil {
|
|
|
|
|
this.ErrorPage(err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if firewallPolicy == nil {
|
|
|
|
|
this.NotFound("firewallPolicy", params.FirewallPolicyId)
|
|
|
|
|
return
|
|
|
|
|
}
|
2020-11-22 16:54:31 +08:00
|
|
|
|
|
|
|
|
if firewallPolicy.BlockOptions == nil {
|
|
|
|
|
firewallPolicy.BlockOptions = &firewallconfigs.HTTPFirewallBlockAction{
|
|
|
|
|
StatusCode: http.StatusForbidden,
|
|
|
|
|
Body: "Blocked By WAF",
|
|
|
|
|
URL: "",
|
2021-09-29 20:12:27 +08:00
|
|
|
Timeout: 60,
|
2020-11-22 16:54:31 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-09-30 11:30:36 +08:00
|
|
|
// mode
|
|
|
|
|
if len(firewallPolicy.Mode) == 0 {
|
|
|
|
|
firewallPolicy.Mode = firewallconfigs.FirewallModeDefend
|
|
|
|
|
}
|
|
|
|
|
this.Data["modes"] = firewallconfigs.FindAllFirewallModes()
|
|
|
|
|
|
2022-01-10 19:54:29 +08:00
|
|
|
// syn flood
|
|
|
|
|
if firewallPolicy.SYNFlood == nil {
|
|
|
|
|
firewallPolicy.SYNFlood = &firewallconfigs.SYNFloodConfig{
|
|
|
|
|
IsOn: false,
|
|
|
|
|
MinAttempts: 10,
|
|
|
|
|
TimeoutSeconds: 600,
|
|
|
|
|
IgnoreLocal: true,
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-06 21:02:37 +08:00
|
|
|
this.Data["firewallPolicy"] = maps.Map{
|
2022-01-09 17:05:51 +08:00
|
|
|
"id": firewallPolicy.Id,
|
|
|
|
|
"name": firewallPolicy.Name,
|
|
|
|
|
"description": firewallPolicy.Description,
|
|
|
|
|
"isOn": firewallPolicy.IsOn,
|
|
|
|
|
"mode": firewallPolicy.Mode,
|
|
|
|
|
"blockOptions": firewallPolicy.BlockOptions,
|
|
|
|
|
"useLocalFirewall": firewallPolicy.UseLocalFirewall,
|
2022-01-10 19:54:29 +08:00
|
|
|
"synFloodConfig": firewallPolicy.SYNFlood,
|
2020-10-06 21:02:37 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// 预置分组
|
|
|
|
|
groups := []maps.Map{}
|
|
|
|
|
templatePolicy := firewallconfigs.HTTPFirewallTemplate()
|
|
|
|
|
for _, group := range templatePolicy.AllRuleGroups() {
|
|
|
|
|
if len(group.Code) > 0 {
|
|
|
|
|
usedGroup := firewallPolicy.FindRuleGroupWithCode(group.Code)
|
|
|
|
|
if usedGroup != nil {
|
|
|
|
|
group.IsOn = usedGroup.IsOn
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
groups = append(groups, maps.Map{
|
|
|
|
|
"code": group.Code,
|
|
|
|
|
"name": group.Name,
|
|
|
|
|
"isOn": group.IsOn,
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
this.Data["groups"] = groups
|
|
|
|
|
|
|
|
|
|
this.Show()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (this *UpdateAction) RunPost(params struct {
|
|
|
|
|
FirewallPolicyId int64
|
|
|
|
|
Name string
|
|
|
|
|
GroupCodes []string
|
2020-11-22 16:54:31 +08:00
|
|
|
BlockOptionsJSON []byte
|
2020-10-06 21:02:37 +08:00
|
|
|
Description string
|
|
|
|
|
IsOn bool
|
2021-09-30 11:30:36 +08:00
|
|
|
Mode string
|
2022-01-09 17:05:51 +08:00
|
|
|
UseLocalFirewall bool
|
2022-01-10 19:54:29 +08:00
|
|
|
SynFloodJSON []byte
|
2020-10-06 21:02:37 +08:00
|
|
|
|
|
|
|
|
Must *actions.Must
|
|
|
|
|
}) {
|
2020-11-17 15:41:43 +08:00
|
|
|
// 日志
|
2020-11-20 15:32:42 +08:00
|
|
|
defer this.CreateLog(oplogs.LevelInfo, "修改WAF策略 %d 基本信息", params.FirewallPolicyId)
|
2020-11-17 15:41:43 +08:00
|
|
|
|
2020-10-06 21:02:37 +08:00
|
|
|
params.Must.
|
|
|
|
|
Field("name", params.Name).
|
|
|
|
|
Require("请输入策略名称")
|
|
|
|
|
|
2021-09-29 20:12:27 +08:00
|
|
|
// 校验JSON
|
|
|
|
|
var blockOptions = &firewallconfigs.HTTPFirewallBlockAction{}
|
|
|
|
|
err := json.Unmarshal(params.BlockOptionsJSON, blockOptions)
|
|
|
|
|
if err != nil {
|
|
|
|
|
this.Fail("拦截动作参数校验失败:" + err.Error())
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
_, err = this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallPolicy(this.AdminContext(), &pb.UpdateHTTPFirewallPolicyRequest{
|
2020-12-17 15:50:44 +08:00
|
|
|
HttpFirewallPolicyId: params.FirewallPolicyId,
|
|
|
|
|
IsOn: params.IsOn,
|
|
|
|
|
Name: params.Name,
|
|
|
|
|
Description: params.Description,
|
|
|
|
|
FirewallGroupCodes: params.GroupCodes,
|
|
|
|
|
BlockOptionsJSON: params.BlockOptionsJSON,
|
2021-09-30 11:30:36 +08:00
|
|
|
Mode: params.Mode,
|
2022-01-09 17:05:51 +08:00
|
|
|
UseLocalFirewall: params.UseLocalFirewall,
|
2022-01-10 19:54:29 +08:00
|
|
|
SynFloodJSON: params.SynFloodJSON,
|
2020-10-06 21:02:37 +08:00
|
|
|
})
|
|
|
|
|
if err != nil {
|
|
|
|
|
this.ErrorPage(err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
this.Success()
|
|
|
|
|
}
|
