实现WAF策略部分功能

2026-01-04 01:56:35 +08:00 · 2020-10-06 21:02:37 +08:00
parent d80d44c824
commit 088b2b36a6
29 changed files with 727 additions and 20 deletions
--- a/internal/web/actions/actionutils/utils.go
+++ b/internal/web/actions/actionutils/utils.go
@@ -33,6 +33,18 @@ func MatchPath(action *actions.ActionObject, path string) bool {
 	return action.Request.URL.Path == path
 }

+// 查找父级Action
+func FindParentAction(actionPtr actions.ActionWrapper) *ParentAction {
+	parentActionValue := reflect.ValueOf(actionPtr).Elem().FieldByName("ParentAction")
+	if parentActionValue.IsValid() {
+		parentAction, isOk := parentActionValue.Interface().(ParentAction)
+		if isOk {
+			return &parentAction
+		}
+	}
+	return nil
+}
+
 func findStack(err string) string {
 	_, currentFilename, _, currentOk := runtime.Caller(1)
 	if currentOk {
--- a/internal/web/actions/default/servers/components/cache/delete.go
+++ b/internal/web/actions/default/servers/components/cache/delete.go
@@ -19,7 +19,7 @@ func (this *DeleteAction) RunPost(params struct {
 		return
 	}
 	if countResp.Count > 0 {
-		this.Fail("此缓存策略正在被别的服务引用，请修改后再删除。")
+		this.Fail("此缓存策略正在被有些服务引用，请修改后再删除。")
 	}

 	_, err = this.RPC().HTTPCachePolicyRPC().DeleteHTTPCachePolicy(this.AdminContext(), &pb.DeleteHTTPCachePolicyRequest{CachePolicyId: params.CachePolicyId})
--- a/internal/web/actions/default/servers/components/waf/createPopup.go
+++ b/internal/web/actions/default/servers/components/waf/createPopup.go
@@ -0,0 +1,59 @@
+package waf
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type CreatePopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *CreatePopupAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *CreatePopupAction) RunGet(params struct{}) {
+	// 预置分组
+	groups := []maps.Map{}
+	templatePolicy := firewallconfigs.HTTPFirewallTemplate()
+	for _, group := range templatePolicy.AllRuleGroups() {
+		groups = append(groups, maps.Map{
+			"code": group.Code,
+			"name": group.Name,
+			"isOn": group.IsOn,
+		})
+	}
+	this.Data["groups"] = groups
+
+	this.Show()
+}
+
+func (this *CreatePopupAction) RunPost(params struct {
+	Name        string
+	GroupCodes  []string
+	Description string
+	IsOn        bool
+
+	Must *actions.Must
+}) {
+	params.Must.
+		Field("name", params.Name).
+		Require("请输入策略名称")
+
+	_, err := this.RPC().HTTPFirewallPolicyRPC().CreateHTTPFirewallPolicy(this.AdminContext(), &pb.CreateHTTPFirewallPolicyRequest{
+		IsOn:               params.IsOn,
+		Name:               params.Name,
+		Description:        params.Description,
+		FirewallGroupCodes: params.GroupCodes,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/components/waf/delete.go
+++ b/internal/web/actions/default/servers/components/waf/delete.go
@@ -0,0 +1,31 @@
+package waf
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+)
+
+type DeleteAction struct {
+	actionutils.ParentAction
+}
+
+func (this *DeleteAction) RunPost(params struct {
+	FirewallPolicyId int64
+}) {
+	countResp, err := this.RPC().ServerRPC().CountAllEnabledServersWithHTTPFirewallPolicyId(this.AdminContext(), &pb.CountAllEnabledServersWithHTTPFirewallPolicyIdRequest{FirewallPolicyId: params.FirewallPolicyId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if countResp.Count > 0 {
+		this.Fail("此WAF策略正在被有些服务引用，请修改后再删除。")
+	}
+
+	_, err = this.RPC().HTTPFirewallPolicyRPC().DeleteFirewallPolicy(this.AdminContext(), &pb.DeleteFirewallPolicyRequest{FirewallPolicyId: params.FirewallPolicyId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/components/waf/export.go
+++ b/internal/web/actions/default/servers/components/waf/export.go
@@ -0,0 +1,15 @@
+package waf
+
+import "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+
+type ExportAction struct {
+	actionutils.ParentAction
+}
+
+func (this *ExportAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *ExportAction) RunGet(params struct{}) {
+	this.Show()
+}
--- a/internal/web/actions/default/servers/components/waf/groups.go
+++ b/internal/web/actions/default/servers/components/waf/groups.go
@@ -0,0 +1,15 @@
+package waf
+
+import "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+
+type GroupsAction struct {
+	actionutils.ParentAction
+}
+
+func (this *GroupsAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *GroupsAction) RunGet(params struct{}) {
+	this.Show()
+}
--- a/internal/web/actions/default/servers/components/waf/helper.go
+++ b/internal/web/actions/default/servers/components/waf/helper.go
@@ -1,6 +1,10 @@
 package waf

 import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/models"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
 	"github.com/iwind/TeaGo/actions"
 	"net/http"
 )
@@ -12,11 +16,56 @@ func NewHelper() *Helper {
 	return &Helper{}
 }

-func (this *Helper) BeforeAction(action *actions.ActionObject) {
+func (this *Helper) BeforeAction(actionPtr actions.ActionWrapper) (goNext bool) {
+	action := actionPtr.Object()
 	if action.Request.Method != http.MethodGet {
-		return
+		return true
 	}

 	action.Data["mainTab"] = "component"
 	action.Data["secondMenuItem"] = "waf"
+
+	// 显示当前的防火墙名称
+	firewallPolicyId := action.ParamInt64("firewallPolicyId")
+	if firewallPolicyId > 0 {
+		action.Data["firewallPolicyId"] = firewallPolicyId
+		action.Data["countInboundGroups"] = 0
+		action.Data["countOutboundGroups"] = 0
+		parentAction := actionutils.FindParentAction(actionPtr)
+		if parentAction != nil {
+			firewallPolicy, err := models.SharedHTTPFirewallPolicyDAO.FindEnabledPolicy(parentAction.AdminContext(), firewallPolicyId)
+			if err != nil {
+				parentAction.ErrorPage(err)
+				return
+			}
+			if firewallPolicy == nil {
+				action.WriteString("can not find firewall policy")
+				return
+			}
+			action.Data["firewallPolicyName"] = firewallPolicy.Name
+
+			// inbound
+			if len(firewallPolicy.InboundJSON) > 0 {
+				inboundConfig := &firewallconfigs.HTTPFirewallInboundConfig{}
+				err = json.Unmarshal(firewallPolicy.InboundJSON, inboundConfig)
+				if err != nil {
+					parentAction.ErrorPage(err)
+					return
+				}
+				action.Data["countInboundGroups"] = len(inboundConfig.GroupRefs)
+			}
+
+			// outbound
+			if len(firewallPolicy.OutboundJSON) > 0 {
+				outboundConfig := &firewallconfigs.HTTPFirewallOutboundConfig{}
+				err = json.Unmarshal(firewallPolicy.OutboundJSON, outboundConfig)
+				if err != nil {
+					parentAction.ErrorPage(err)
+					return
+				}
+				action.Data["countOutboundGroups"] = len(outboundConfig.GroupRefs)
+			}
+		}
+	}
+	return true
 }
--- a/internal/web/actions/default/servers/components/waf/import.go
+++ b/internal/web/actions/default/servers/components/waf/import.go
@@ -0,0 +1,15 @@
+package waf
+
+import "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+
+type ImportAction struct {
+	actionutils.ParentAction
+}
+
+func (this *ImportAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *ImportAction) RunGet(params struct{}) {
+	this.Show()
+}
--- a/internal/web/actions/default/servers/components/waf/index.go
+++ b/internal/web/actions/default/servers/components/waf/index.go
@@ -1,7 +1,11 @@
 package waf

 import (
+	"encoding/json"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/maps"
 )

 type IndexAction struct {
@@ -13,6 +17,65 @@ func (this *IndexAction) Init() {
 }

 func (this *IndexAction) RunGet(params struct{}) {
+	countResp, err := this.RPC().HTTPFirewallPolicyRPC().CountAllEnabledFirewallPolicies(this.AdminContext(), &pb.CountAllEnabledFirewallPoliciesRequest{})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	count := countResp.Count
+	page := this.NewPage(count)
+
+	listResp, err := this.RPC().HTTPFirewallPolicyRPC().ListEnabledFirewallPolicies(this.AdminContext(), &pb.ListEnabledFirewallPoliciesRequest{
+		Offset: page.Offset,
+		Size:   page.Size,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	policyMaps := []maps.Map{}
+	for _, policy := range listResp.FirewallPolicies {
+		countInbound := 0
+		countOutbound := 0
+		if len(policy.InboundJSON) > 0 {
+			inboundConfig := &firewallconfigs.HTTPFirewallInboundConfig{}
+			err = json.Unmarshal(policy.InboundJSON, inboundConfig)
+			if err != nil {
+				this.ErrorPage(err)
+				return
+			}
+			countInbound = len(inboundConfig.GroupRefs)
+		}
+		if len(policy.OutboundJSON) > 0 {
+			outboundConfig := &firewallconfigs.HTTPFirewallInboundConfig{}
+			err = json.Unmarshal(policy.OutboundJSON, outboundConfig)
+			if err != nil {
+				this.ErrorPage(err)
+				return
+			}
+			countOutbound = len(outboundConfig.GroupRefs)
+		}
+
+		countServersResp, err := this.RPC().ServerRPC().CountAllEnabledServersWithHTTPFirewallPolicyId(this.AdminContext(), &pb.CountAllEnabledServersWithHTTPFirewallPolicyIdRequest{FirewallPolicyId: policy.Id})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		countServers := countServersResp.Count
+
+		policyMaps = append(policyMaps, maps.Map{
+			"id":            policy.Id,
+			"isOn":          policy.IsOn,
+			"name":          policy.Name,
+			"countInbound":  countInbound,
+			"countOutbound": countOutbound,
+			"countServers":  countServers,
+		})
+	}
+
+	this.Data["policies"] = policyMaps
+
+	this.Data["page"] = page.AsHTML()

 	this.Show()
 }
--- a/internal/web/actions/default/servers/components/waf/init.go
+++ b/internal/web/actions/default/servers/components/waf/init.go
@@ -14,6 +14,16 @@ func init() {
 			Helper(componentutils.NewComponentHelper()).
 			Prefix("/servers/components/waf").
 			Get("", new(IndexAction)).
+			GetPost("/createPopup", new(CreatePopupAction)).
+			Post("/delete", new(DeleteAction)).
+			Get("/policy", new(PolicyAction)).
+			Get("/groups", new(GroupsAction)).
+			Get("/sets", new(SetsAction)).
+			Get("/log", new(LogAction)).
+			GetPost("/update", new(UpdateAction)).
+			GetPost("/test", new(TestAction)).
+			GetPost("/export", new(ExportAction)).
+			GetPost("/import", new(ImportAction)).
 			EndAll()
 	})
 }
--- a/internal/web/actions/default/servers/components/waf/log.go
+++ b/internal/web/actions/default/servers/components/waf/log.go
@@ -0,0 +1,15 @@
+package waf
+
+import "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+
+type LogAction struct {
+	actionutils.ParentAction
+}
+
+func (this *LogAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *LogAction) RunGet(params struct{}) {
+	this.Show()
+}
--- a/internal/web/actions/default/servers/components/waf/policy.go
+++ b/internal/web/actions/default/servers/components/waf/policy.go
@@ -0,0 +1,57 @@
+package waf
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/models"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type PolicyAction struct {
+	actionutils.ParentAction
+}
+
+func (this *PolicyAction) Init() {
+	this.Nav("", "", "index")
+}
+
+func (this *PolicyAction) RunGet(params struct {
+	FirewallPolicyId int64
+}) {
+	firewallPolicy, err := models.SharedHTTPFirewallPolicyDAO.FindEnabledPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if firewallPolicy == nil {
+		this.NotFound("firewallPolicy", params.FirewallPolicyId)
+		return
+	}
+
+	internalGroups := []maps.Map{}
+	if firewallPolicy.Inbound != nil {
+		for _, group := range firewallPolicy.Inbound.Groups {
+			internalGroups = append(internalGroups, maps.Map{
+				"name": group.Name,
+				"isOn": group.IsOn,
+			})
+		}
+	}
+	if firewallPolicy.Outbound != nil {
+		for _, group := range firewallPolicy.Outbound.Groups {
+			internalGroups = append(internalGroups, maps.Map{
+				"name": group.Name,
+				"isOn": group.IsOn,
+			})
+		}
+	}
+
+	this.Data["firewallPolicy"] = maps.Map{
+		"id":          firewallPolicy.Id,
+		"name":        firewallPolicy.Name,
+		"isOn":        firewallPolicy.IsOn,
+		"description": firewallPolicy.Description,
+		"groups":      internalGroups,
+	}
+
+	this.Show()
+}
--- a/internal/web/actions/default/servers/components/waf/sets.go
+++ b/internal/web/actions/default/servers/components/waf/sets.go
@@ -0,0 +1,15 @@
+package waf
+
+import "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+
+type SetsAction struct {
+	actionutils.ParentAction
+}
+
+func (this *SetsAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *SetsAction) RunGet(params struct{}) {
+	this.Show()
+}
--- a/internal/web/actions/default/servers/components/waf/test.go
+++ b/internal/web/actions/default/servers/components/waf/test.go
@@ -0,0 +1,15 @@
+package waf
+
+import "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+
+type TestAction struct {
+	actionutils.ParentAction
+}
+
+func (this *TestAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *TestAction) RunGet(params struct{}) {
+	this.Show()
+}
--- a/internal/web/actions/default/servers/components/waf/update.go
+++ b/internal/web/actions/default/servers/components/waf/update.go
@@ -0,0 +1,87 @@
+package waf
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/models"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type UpdateAction struct {
+	actionutils.ParentAction
+}
+
+func (this *UpdateAction) Init() {
+	this.Nav("", "", "update")
+}
+
+func (this *UpdateAction) RunGet(params struct {
+	FirewallPolicyId int64
+}) {
+	firewallPolicy, err := models.SharedHTTPFirewallPolicyDAO.FindEnabledPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if firewallPolicy == nil {
+		this.NotFound("firewallPolicy", params.FirewallPolicyId)
+		return
+	}
+	this.Data["firewallPolicy"] = maps.Map{
+		"id":          firewallPolicy.Id,
+		"name":        firewallPolicy.Name,
+		"description": firewallPolicy.Description,
+		"isOn":        firewallPolicy.IsOn,
+	}
+
+	// 预置分组
+	groups := []maps.Map{}
+	templatePolicy := firewallconfigs.HTTPFirewallTemplate()
+	for _, group := range templatePolicy.AllRuleGroups() {
+		if len(group.Code) > 0 {
+			usedGroup := firewallPolicy.FindRuleGroupWithCode(group.Code)
+			if usedGroup != nil {
+				group.IsOn = usedGroup.IsOn
+			}
+		}
+
+		groups = append(groups, maps.Map{
+			"code": group.Code,
+			"name": group.Name,
+			"isOn": group.IsOn,
+		})
+	}
+	this.Data["groups"] = groups
+
+	this.Show()
+}
+
+func (this *UpdateAction) RunPost(params struct {
+	FirewallPolicyId int64
+	Name             string
+	GroupCodes       []string
+	Description      string
+	IsOn             bool
+
+	Must *actions.Must
+}) {
+	params.Must.
+		Field("name", params.Name).
+		Require("请输入策略名称")
+
+	_, err := this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallPolicy(this.AdminContext(), &pb.UpdateHTTPFirewallPolicyRequest{
+		FirewallPolicyId:   params.FirewallPolicyId,
+		IsOn:               params.IsOn,
+		Name:               params.Name,
+		Description:        params.Description,
+		FirewallGroupCodes: params.GroupCodes,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/helpers/user_must_auth.go
+++ b/internal/web/helpers/user_must_auth.go
@@ -82,14 +82,9 @@ func (this *UserMustAuth) BeforeAction(actionPtr actions.ActionWrapper, paramNam
 		},
 		{
 			"code":     "db",
-			"menuName": "数据库节点",
+			"menuName": "数据库",
 			"icon":     "database",
 		},
-		{
-			"code":     "log",
-			"menuName": "日志节点",
-			"icon":     "dot circle",
-		},
 		{
 			"code":     "dns",
 			"menuName": "DNS",
--- a/internal/web/models/http_firewall_policy_dao.go
+++ b/internal/web/models/http_firewall_policy_dao.go
@@ -0,0 +1,48 @@
+package models
+
+import (
+	"context"
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/rpc"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+)
+
+var SharedHTTPFirewallPolicyDAO = new(HTTPFirewallPolicyDAO)
+
+type HTTPFirewallPolicyDAO struct {
+}
+
+// 查找缓存策略基本信息
+func (this *HTTPFirewallPolicyDAO) FindEnabledPolicy(ctx context.Context, policyId int64) (*pb.HTTPFirewallPolicy, error) {
+	client, err := rpc.SharedRPC()
+	if err != nil {
+		return nil, err
+	}
+	resp, err := client.HTTPFirewallPolicyRPC().FindEnabledFirewallPolicy(ctx, &pb.FindEnabledFirewallPolicyRequest{FirewallPolicyId: policyId})
+	if err != nil {
+		return nil, err
+	}
+	return resp.FirewallPolicy, nil
+}
+
+// 查找缓存策略配置
+func (this *HTTPFirewallPolicyDAO) FindEnabledPolicyConfig(ctx context.Context, policyId int64) (*firewallconfigs.HTTPFirewallPolicy, error) {
+	client, err := rpc.SharedRPC()
+	if err != nil {
+		return nil, err
+	}
+	resp, err := client.HTTPFirewallPolicyRPC().FindEnabledFirewallPolicyConfig(ctx, &pb.FindEnabledFirewallPolicyConfigRequest{FirewallPolicyId: policyId})
+	if err != nil {
+		return nil, err
+	}
+	if len(resp.FirewallPolicyJSON) == 0 {
+		return nil, nil
+	}
+	firewallPolicy := &firewallconfigs.HTTPFirewallPolicy{}
+	err = json.Unmarshal(resp.FirewallPolicyJSON, firewallPolicy)
+	if err != nil {
+		return nil, err
+	}
+	return firewallPolicy, nil
+}