EdgeAdmin/internal/web/actions/default/clusters/cluster/settings/ddos-protection/index.go

// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved.

package ddosProtection

import (
	"encoding/json"
	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/ddosconfigs"
	"github.com/iwind/TeaGo/actions"
	"github.com/iwind/TeaGo/types"
	"net"
)

type IndexAction struct {
	actionutils.ParentAction
}

func (this *IndexAction) Init() {
	this.Nav("", "setting", "")
	this.SecondMenu("ddosProtection")
}

func (this *IndexAction) RunGet(params struct {
	ClusterId int64
}) {
	this.Data["clusterId"] = params.ClusterId

	protectionResp, err := this.RPC().NodeClusterRPC().FindNodeClusterDDoSProtection(this.AdminContext(), &pb.FindNodeClusterDDoSProtectionRequest{NodeClusterId: params.ClusterId})
	if err != nil {
		this.ErrorPage(err)
		return
	}

	var ddosProtectionConfig = ddosconfigs.DefaultProtectionConfig()
	if len(protectionResp.DdosProtectionJSON) > 0 {
		err = json.Unmarshal(protectionResp.DdosProtectionJSON, ddosProtectionConfig)
		if err != nil {
			this.ErrorPage(err)
			return
		}
	}
	this.Data["config"] = ddosProtectionConfig
	this.Data["defaultConfigs"] = nodeconfigs.DefaultConfigs

	this.Show()
}

func (this *IndexAction) RunPost(params struct {
	ClusterId          int64
	DdosProtectionJSON []byte

	Must *actions.Must
	CSRF *actionutils.CSRF
}) {
	defer this.CreateLogInfo("修改集群 %d 的DDOS防护设置", params.ClusterId)

	var ddosProtectionConfig = &ddosconfigs.ProtectionConfig{}
	err := json.Unmarshal(params.DdosProtectionJSON, ddosProtectionConfig)
	if err != nil {
		this.ErrorPage(err)
		return
	}

	err = ddosProtectionConfig.Init()
	if err != nil {
		this.Fail("配置校验失败：" + err.Error())
	}

	// 校验参数
	if ddosProtectionConfig.TCP != nil {
		var tcpConfig = ddosProtectionConfig.TCP
		if tcpConfig.MaxConnectionsPerIP > 0 && tcpConfig.MaxConnectionsPerIP < nodeconfigs.DefaultTCPMinConnectionsPerIP {
			this.FailField("tcpMaxConnectionsPerIP", "TCP: 单IP TCP最大连接数不能小于"+types.String(nodeconfigs.DefaultTCPMinConnectionsPerIP))
		}

		if tcpConfig.NewConnectionsMinutelyRate > 0 && tcpConfig.NewConnectionsMinutelyRate < nodeconfigs.DefaultTCPNewConnectionsMinMinutelyRate {
			this.FailField("tcpNewConnectionsMinutelyRate", "TCP: 单IP连接速率不能小于"+types.String(nodeconfigs.DefaultTCPNewConnectionsMinMinutelyRate))
		}

		if tcpConfig.NewConnectionsSecondlyRate > 0 && tcpConfig.NewConnectionsSecondlyRate < nodeconfigs.DefaultTCPNewConnectionsMinSecondlyRate {
			this.FailField("tcpNewConnectionsSecondlyRate", "TCP: 单IP连接速率不能小于"+types.String(nodeconfigs.DefaultTCPNewConnectionsMinSecondlyRate))
		}

		// Port
		for _, portConfig := range tcpConfig.Ports {
			if portConfig.Port > 65535 {
				this.Fail("端口号" + types.String(portConfig.Port) + "不能大于65535")
			}
		}

		// IP
		for _, ipConfig := range tcpConfig.AllowIPList {
			if net.ParseIP(ipConfig.IP) == nil {
				this.Fail("白名单IP '" + ipConfig.IP + "' 格式错误")
			}
		}
	}

	_, err = this.RPC().NodeClusterRPC().UpdateNodeClusterDDoSProtection(this.AdminContext(), &pb.UpdateNodeClusterDDoSProtectionRequest{
		NodeClusterId:      params.ClusterId,
		DdosProtectionJSON: params.DdosProtectionJSON,
	})
	if err != nil {
		this.ErrorPage(err)
		return
	}
	this.Success()
}
实现基础的DDoS防护 2022-05-18 21:02:47 +08:00			`// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved.`

			`package ddosProtection`

			`import (`
			`"encoding/json"`
			`"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"`
			`"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"`
			`"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"`
			`"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/ddosconfigs"`
			`"github.com/iwind/TeaGo/actions"`
			`"github.com/iwind/TeaGo/types"`
			`"net"`
			`)`

			`type IndexAction struct {`
			`actionutils.ParentAction`
			`}`

			`func (this *IndexAction) Init() {`
			`this.Nav("", "setting", "")`
			`this.SecondMenu("ddosProtection")`
			`}`

			`func (this *IndexAction) RunGet(params struct {`
			`ClusterId int64`
			`}) {`
			`this.Data["clusterId"] = params.ClusterId`

			`protectionResp, err := this.RPC().NodeClusterRPC().FindNodeClusterDDoSProtection(this.AdminContext(), &pb.FindNodeClusterDDoSProtectionRequest{NodeClusterId: params.ClusterId})`
			`if err != nil {`
			`this.ErrorPage(err)`
			`return`
			`}`

			`var ddosProtectionConfig = ddosconfigs.DefaultProtectionConfig()`
			`if len(protectionResp.DdosProtectionJSON) > 0 {`
			`err = json.Unmarshal(protectionResp.DdosProtectionJSON, ddosProtectionConfig)`
			`if err != nil {`
			`this.ErrorPage(err)`
			`return`
			`}`
			`}`
			`this.Data["config"] = ddosProtectionConfig`
			`this.Data["defaultConfigs"] = nodeconfigs.DefaultConfigs`

			`this.Show()`
			`}`

			`func (this *IndexAction) RunPost(params struct {`
			`ClusterId int64`
			`DdosProtectionJSON []byte`

			`Must *actions.Must`
			`CSRF *actionutils.CSRF`
			`}) {`
			`defer this.CreateLogInfo("修改集群 %d 的DDOS防护设置", params.ClusterId)`

			`var ddosProtectionConfig = &ddosconfigs.ProtectionConfig{}`
			`err := json.Unmarshal(params.DdosProtectionJSON, ddosProtectionConfig)`
			`if err != nil {`
			`this.ErrorPage(err)`
			`return`
			`}`

			`err = ddosProtectionConfig.Init()`
			`if err != nil {`
			`this.Fail("配置校验失败：" + err.Error())`
			`}`

			`// 校验参数`
			`if ddosProtectionConfig.TCP != nil {`
			`var tcpConfig = ddosProtectionConfig.TCP`
			`if tcpConfig.MaxConnectionsPerIP > 0 && tcpConfig.MaxConnectionsPerIP < nodeconfigs.DefaultTCPMinConnectionsPerIP {`
			`this.FailField("tcpMaxConnectionsPerIP", "TCP: 单IP TCP最大连接数不能小于"+types.String(nodeconfigs.DefaultTCPMinConnectionsPerIP))`
			`}`

DDoS防护增加秒级连接速率限制 2022-08-31 10:00:55 +08:00			`if tcpConfig.NewConnectionsMinutelyRate > 0 && tcpConfig.NewConnectionsMinutelyRate < nodeconfigs.DefaultTCPNewConnectionsMinMinutelyRate {`
			`this.FailField("tcpNewConnectionsMinutelyRate", "TCP: 单IP连接速率不能小于"+types.String(nodeconfigs.DefaultTCPNewConnectionsMinMinutelyRate))`
实现基础的DDoS防护 2022-05-18 21:02:47 +08:00			`}`

DDoS防护增加秒级连接速率限制 2022-08-31 10:00:55 +08:00			`if tcpConfig.NewConnectionsSecondlyRate > 0 && tcpConfig.NewConnectionsSecondlyRate < nodeconfigs.DefaultTCPNewConnectionsMinSecondlyRate {`
			`this.FailField("tcpNewConnectionsSecondlyRate", "TCP: 单IP连接速率不能小于"+types.String(nodeconfigs.DefaultTCPNewConnectionsMinSecondlyRate))`
DDoS防护增加单IP TCP新连接速率黑名单 2022-08-26 11:32:00 +08:00			`}`

实现基础的DDoS防护 2022-05-18 21:02:47 +08:00			`// Port`
			`for _, portConfig := range tcpConfig.Ports {`
			`if portConfig.Port > 65535 {`
			`this.Fail("端口号" + types.String(portConfig.Port) + "不能大于65535")`
			`}`
			`}`

			`// IP`
			`for _, ipConfig := range tcpConfig.AllowIPList {`
			`if net.ParseIP(ipConfig.IP) == nil {`
			`this.Fail("白名单IP '" + ipConfig.IP + "' 格式错误")`
			`}`
			`}`
			`}`

			`_, err = this.RPC().NodeClusterRPC().UpdateNodeClusterDDoSProtection(this.AdminContext(), &pb.UpdateNodeClusterDDoSProtectionRequest{`
			`NodeClusterId: params.ClusterId,`
			`DdosProtectionJSON: params.DdosProtectionJSON,`
			`})`
			`if err != nil {`
			`this.ErrorPage(err)`
			`return`
			`}`
			`this.Success()`
			`}`