2020-10-06 21:02:37 +08:00
|
|
|
package waf
|
|
|
|
|
|
2020-11-02 14:37:28 +08:00
|
|
|
import (
|
2020-11-02 15:50:19 +08:00
|
|
|
"encoding/json"
|
2020-11-02 14:37:28 +08:00
|
|
|
"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
|
|
|
|
|
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
|
2020-11-02 15:50:19 +08:00
|
|
|
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
|
2021-01-20 14:19:10 +08:00
|
|
|
"github.com/iwind/TeaGo/lists"
|
2020-11-02 15:50:19 +08:00
|
|
|
"github.com/iwind/TeaGo/maps"
|
2020-11-02 14:37:28 +08:00
|
|
|
timeutil "github.com/iwind/TeaGo/utils/time"
|
|
|
|
|
"regexp"
|
|
|
|
|
"strings"
|
|
|
|
|
)
|
2020-10-06 21:02:37 +08:00
|
|
|
|
|
|
|
|
type LogAction struct {
|
|
|
|
|
actionutils.ParentAction
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (this *LogAction) Init() {
|
2020-10-07 11:18:07 +08:00
|
|
|
this.Nav("", "", "log")
|
2020-10-06 21:02:37 +08:00
|
|
|
}
|
|
|
|
|
|
2020-11-02 14:37:28 +08:00
|
|
|
func (this *LogAction) RunGet(params struct {
|
|
|
|
|
Day string
|
|
|
|
|
RequestId string
|
|
|
|
|
FirewallPolicyId int64
|
2020-11-02 15:50:19 +08:00
|
|
|
GroupId int64
|
2022-04-17 16:18:43 +08:00
|
|
|
Partition int32 `default:"-1"`
|
2020-11-02 14:37:28 +08:00
|
|
|
}) {
|
|
|
|
|
if len(params.Day) == 0 {
|
|
|
|
|
params.Day = timeutil.Format("Y-m-d")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
this.Data["path"] = this.Request.URL.Path
|
|
|
|
|
this.Data["day"] = params.Day
|
2020-11-02 15:50:19 +08:00
|
|
|
this.Data["groupId"] = params.GroupId
|
2022-04-21 19:45:25 +08:00
|
|
|
this.Data["accessLogs"] = []maps.Map{}
|
|
|
|
|
this.Data["partition"] = params.Partition
|
2020-11-02 14:37:28 +08:00
|
|
|
|
2022-04-21 19:45:25 +08:00
|
|
|
var day = params.Day
|
|
|
|
|
var ipList = []string{}
|
|
|
|
|
var wafMaps = []maps.Map{}
|
2020-11-02 14:37:28 +08:00
|
|
|
if len(day) > 0 && regexp.MustCompile(`\d{4}-\d{2}-\d{2}`).MatchString(day) {
|
|
|
|
|
day = strings.ReplaceAll(day, "-", "")
|
2022-04-21 19:45:25 +08:00
|
|
|
var size = int64(20)
|
2020-11-02 14:37:28 +08:00
|
|
|
|
|
|
|
|
resp, err := this.RPC().HTTPAccessLogRPC().ListHTTPAccessLogs(this.AdminContext(), &pb.ListHTTPAccessLogsRequest{
|
2022-04-17 16:18:43 +08:00
|
|
|
Partition: params.Partition,
|
2020-11-02 15:50:19 +08:00
|
|
|
RequestId: params.RequestId,
|
|
|
|
|
FirewallPolicyId: params.FirewallPolicyId,
|
|
|
|
|
FirewallRuleGroupId: params.GroupId,
|
|
|
|
|
Day: day,
|
|
|
|
|
Size: size,
|
2020-11-02 14:37:28 +08:00
|
|
|
})
|
|
|
|
|
if err != nil {
|
|
|
|
|
this.ErrorPage(err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-02 11:53:08 +08:00
|
|
|
if len(resp.HttpAccessLogs) == 0 {
|
2020-11-02 14:37:28 +08:00
|
|
|
this.Data["accessLogs"] = []interface{}{}
|
|
|
|
|
} else {
|
2021-06-02 11:53:08 +08:00
|
|
|
this.Data["accessLogs"] = resp.HttpAccessLogs
|
|
|
|
|
for _, accessLog := range resp.HttpAccessLogs {
|
2022-04-21 19:45:25 +08:00
|
|
|
// IP
|
2021-01-20 14:19:10 +08:00
|
|
|
if len(accessLog.RemoteAddr) > 0 {
|
|
|
|
|
if !lists.ContainsString(ipList, accessLog.RemoteAddr) {
|
|
|
|
|
ipList = append(ipList, accessLog.RemoteAddr)
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-04-21 19:45:25 +08:00
|
|
|
|
|
|
|
|
// WAF信息集合
|
|
|
|
|
if accessLog.FirewallPolicyId > 0 && accessLog.FirewallRuleGroupId > 0 && accessLog.FirewallRuleSetId > 0 {
|
|
|
|
|
// 检查Set是否已经存在
|
|
|
|
|
var existSet = false
|
|
|
|
|
for _, wafMap := range wafMaps {
|
|
|
|
|
if wafMap.GetInt64("setId") == accessLog.FirewallRuleSetId {
|
|
|
|
|
existSet = true
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if !existSet {
|
|
|
|
|
wafMaps = append(wafMaps, maps.Map{
|
|
|
|
|
"policyId": accessLog.FirewallPolicyId,
|
|
|
|
|
"groupId": accessLog.FirewallRuleGroupId,
|
|
|
|
|
"setId": accessLog.FirewallRuleSetId,
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
2021-01-20 14:19:10 +08:00
|
|
|
}
|
2020-11-02 14:37:28 +08:00
|
|
|
}
|
|
|
|
|
this.Data["hasMore"] = resp.HasMore
|
|
|
|
|
this.Data["nextRequestId"] = resp.RequestId
|
|
|
|
|
|
|
|
|
|
// 上一个requestId
|
|
|
|
|
this.Data["hasPrev"] = false
|
|
|
|
|
this.Data["lastRequestId"] = ""
|
|
|
|
|
if len(params.RequestId) > 0 {
|
|
|
|
|
this.Data["hasPrev"] = true
|
|
|
|
|
prevResp, err := this.RPC().HTTPAccessLogRPC().ListHTTPAccessLogs(this.AdminContext(), &pb.ListHTTPAccessLogsRequest{
|
2022-04-17 16:18:43 +08:00
|
|
|
Partition: params.Partition,
|
2020-11-02 15:50:19 +08:00
|
|
|
RequestId: params.RequestId,
|
|
|
|
|
FirewallPolicyId: params.FirewallPolicyId,
|
|
|
|
|
FirewallRuleGroupId: params.GroupId,
|
|
|
|
|
Day: day,
|
|
|
|
|
Size: size,
|
|
|
|
|
Reverse: true,
|
2020-11-02 14:37:28 +08:00
|
|
|
})
|
|
|
|
|
if err != nil {
|
|
|
|
|
this.ErrorPage(err)
|
|
|
|
|
return
|
|
|
|
|
}
|
2021-06-02 11:53:08 +08:00
|
|
|
if int64(len(prevResp.HttpAccessLogs)) == size {
|
2020-11-02 14:37:28 +08:00
|
|
|
this.Data["lastRequestId"] = prevResp.RequestId
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-02 15:50:19 +08:00
|
|
|
// 所有分组
|
2020-12-17 15:50:44 +08:00
|
|
|
policyResp, err := this.RPC().HTTPFirewallPolicyRPC().FindEnabledHTTPFirewallPolicyConfig(this.AdminContext(), &pb.FindEnabledHTTPFirewallPolicyConfigRequest{
|
|
|
|
|
HttpFirewallPolicyId: params.FirewallPolicyId,
|
2020-11-02 15:50:19 +08:00
|
|
|
})
|
|
|
|
|
if err != nil {
|
|
|
|
|
this.ErrorPage(err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
policyConfig := &firewallconfigs.HTTPFirewallPolicy{}
|
2020-12-17 15:50:44 +08:00
|
|
|
err = json.Unmarshal(policyResp.HttpFirewallPolicyJSON, policyConfig)
|
2020-11-02 15:50:19 +08:00
|
|
|
if err != nil {
|
|
|
|
|
this.ErrorPage(err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
groupMaps := []maps.Map{}
|
|
|
|
|
for _, group := range policyConfig.AllRuleGroups() {
|
|
|
|
|
groupMaps = append(groupMaps, maps.Map{
|
|
|
|
|
"id": group.Id,
|
|
|
|
|
"name": group.Name,
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
this.Data["groups"] = groupMaps
|
|
|
|
|
|
2021-01-20 14:19:10 +08:00
|
|
|
// 根据IP查询区域
|
|
|
|
|
regionMap := map[string]string{} // ip => region
|
|
|
|
|
if len(ipList) > 0 {
|
|
|
|
|
resp, err := this.RPC().IPLibraryRPC().LookupIPRegions(this.AdminContext(), &pb.LookupIPRegionsRequest{IpList: ipList})
|
|
|
|
|
if err != nil {
|
|
|
|
|
this.ErrorPage(err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if resp.IpRegionMap != nil {
|
|
|
|
|
for ip, region := range resp.IpRegionMap {
|
|
|
|
|
regionMap[ip] = region.Summary
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
this.Data["regions"] = regionMap
|
|
|
|
|
|
2022-04-21 19:45:25 +08:00
|
|
|
// WAF相关
|
|
|
|
|
var wafInfos = map[int64]maps.Map{} // set id => WAF Map
|
|
|
|
|
var wafPolicyCacheMap = map[int64]*pb.HTTPFirewallPolicy{} // id => *pb.HTTPFirewallPolicy
|
|
|
|
|
var wafGroupCacheMap = map[int64]*pb.HTTPFirewallRuleGroup{} // id => *pb.HTTPFirewallRuleGroup
|
|
|
|
|
var wafSetCacheMap = map[int64]*pb.HTTPFirewallRuleSet{} // id => *pb.HTTPFirewallRuleSet
|
|
|
|
|
for _, wafMap := range wafMaps {
|
|
|
|
|
var policyId = wafMap.GetInt64("policyId")
|
|
|
|
|
var groupId = wafMap.GetInt64("groupId")
|
|
|
|
|
var setId = wafMap.GetInt64("setId")
|
|
|
|
|
if policyId > 0 {
|
|
|
|
|
pbPolicy, ok := wafPolicyCacheMap[policyId]
|
|
|
|
|
if !ok {
|
|
|
|
|
policyResp, err := this.RPC().HTTPFirewallPolicyRPC().FindEnabledHTTPFirewallPolicy(this.AdminContext(), &pb.FindEnabledHTTPFirewallPolicyRequest{HttpFirewallPolicyId: policyId})
|
|
|
|
|
if err != nil {
|
|
|
|
|
this.ErrorPage(err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
pbPolicy = policyResp.HttpFirewallPolicy
|
|
|
|
|
wafPolicyCacheMap[policyId] = pbPolicy
|
|
|
|
|
}
|
|
|
|
|
if pbPolicy != nil {
|
|
|
|
|
wafMap = maps.Map{
|
|
|
|
|
"policy": maps.Map{
|
|
|
|
|
"id": pbPolicy.Id,
|
|
|
|
|
"name": pbPolicy.Name,
|
|
|
|
|
"serverId": pbPolicy.ServerId,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
if groupId > 0 {
|
|
|
|
|
pbGroup, ok := wafGroupCacheMap[groupId]
|
|
|
|
|
if !ok {
|
|
|
|
|
groupResp, err := this.RPC().HTTPFirewallRuleGroupRPC().FindEnabledHTTPFirewallRuleGroup(this.AdminContext(), &pb.FindEnabledHTTPFirewallRuleGroupRequest{FirewallRuleGroupId: groupId})
|
|
|
|
|
if err != nil {
|
|
|
|
|
this.ErrorPage(err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
pbGroup = groupResp.FirewallRuleGroup
|
|
|
|
|
wafGroupCacheMap[groupId] = pbGroup
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if pbGroup != nil {
|
|
|
|
|
wafMap["group"] = maps.Map{
|
|
|
|
|
"id": pbGroup.Id,
|
|
|
|
|
"name": pbGroup.Name,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if setId > 0 {
|
|
|
|
|
pbSet, ok := wafSetCacheMap[setId]
|
|
|
|
|
if !ok {
|
|
|
|
|
setResp, err := this.RPC().HTTPFirewallRuleSetRPC().FindEnabledHTTPFirewallRuleSet(this.AdminContext(), &pb.FindEnabledHTTPFirewallRuleSetRequest{FirewallRuleSetId: setId})
|
|
|
|
|
if err != nil {
|
|
|
|
|
this.ErrorPage(err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
pbSet = setResp.FirewallRuleSet
|
|
|
|
|
wafSetCacheMap[setId] = pbSet
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if pbSet != nil {
|
|
|
|
|
wafMap["set"] = maps.Map{
|
|
|
|
|
"id": pbSet.Id,
|
|
|
|
|
"name": pbSet.Name,
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
wafInfos[setId] = wafMap
|
|
|
|
|
}
|
|
|
|
|
this.Data["wafInfos"] = wafInfos
|
|
|
|
|
|
2020-10-06 21:02:37 +08:00
|
|
|
this.Show()
|
|
|
|
|
}
|
