From 1655208e14f3c986697cce7bc962035c8db7e640 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=88=98=E7=A5=A5=E8=B6=85?= <iwind.liu@gmail.com>
Date: Sat, 21 Nov 2020 20:43:45 +0800
Subject: [PATCH] =?UTF-8?q?[waf]=E6=94=AF=E6=8C=81=E5=8C=85=E5=90=AB?=
 =?UTF-8?q?=E4=BA=8C=E8=BF=9B=E5=88=B6=E3=80=81=E4=B8=8D=E6=94=AF=E6=8C=81?=
 =?UTF-8?q?=E4=BA=8C=E8=BF=9B=E5=88=B6=E7=AD=89=E6=93=8D=E4=BD=9C=E7=AC=A6?=
 =?UTF-8?q?=EF=BC=9B=E6=94=AF=E6=8C=81=E5=AF=B9=E5=8F=82=E6=95=B0=E5=80=BC?=
 =?UTF-8?q?=E7=BC=96=E8=A7=A3=E7=A0=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../servers/components/waf/createRulePopup.go | 28 +++++---
 .../default/servers/components/waf/group.go   |  1 +
 .../server/http-firewall-param-filters-box.js | 72 +++++++++++++++++++
 .../server/http-firewall-rules-box.js         |  4 +-
 .../components/waf/createRulePopup.html       | 25 ++++++-
 .../servers/components/waf/createRulePopup.js |  1 +
 .../servers/components/waf/group.html         |  2 +-
 7 files changed, 120 insertions(+), 13 deletions(-)
 create mode 100644 web/public/js/components/server/http-firewall-param-filters-box.js

diff --git a/internal/web/actions/default/servers/components/waf/createRulePopup.go b/internal/web/actions/default/servers/components/waf/createRulePopup.go
index 247ec671..fc2b1873 100644
--- a/internal/web/actions/default/servers/components/waf/createRulePopup.go
+++ b/internal/web/actions/default/servers/components/waf/createRulePopup.go
@@ -28,7 +28,7 @@ func (this *CreateRulePopupAction) RunGet(params struct {
 				"name":        checkpoint.Name,
 				"prefix":      checkpoint.Prefix,
 				"description": checkpoint.Description,
-				"hasParams":   len(checkpoint.Params) > 0,
+				"hasParams":   checkpoint.HasParams,
 				"params":      checkpoint.Params,
 				"options":     checkpoint.Options,
 				"isComposed":  checkpoint.IsComposed,
@@ -53,13 +53,14 @@ func (this *CreateRulePopupAction) RunGet(params struct {
 }
 
 func (this *CreateRulePopupAction) RunPost(params struct {
-	RuleId      int64
-	Prefix      string
-	Operator    string
-	Param       string
-	OptionsJSON []byte
-	Value       string
-	Case        bool
+	RuleId           int64
+	Prefix           string
+	Operator         string
+	Param            string
+	ParamFiltersJSON []byte
+	OptionsJSON      []byte
+	Value            string
+	Case             bool
 
 	Must *actions.Must
 }) {
@@ -76,6 +77,17 @@ func (this *CreateRulePopupAction) RunPost(params struct {
 	} else {
 		rule.Param = "${" + params.Prefix + "}"
 	}
+
+	paramFilters := []*firewallconfigs.ParamFilter{}
+	if len(params.ParamFiltersJSON) > 0 {
+		err := json.Unmarshal(params.ParamFiltersJSON, &paramFilters)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+	}
+	rule.ParamFilters = paramFilters
+
 	rule.Operator = params.Operator
 	rule.Value = params.Value
 	rule.IsCaseInsensitive = params.Case
diff --git a/internal/web/actions/default/servers/components/waf/group.go b/internal/web/actions/default/servers/components/waf/group.go
index a5189cfa..c4a931e6 100644
--- a/internal/web/actions/default/servers/components/waf/group.go
+++ b/internal/web/actions/default/servers/components/waf/group.go
@@ -88,6 +88,7 @@ func (this *GroupAction) RunGet(params struct {
 				rule := v.(*firewallconfigs.HTTPFirewallRule)
 				return maps.Map{
 					"param":             rule.Param,
+					"paramFilters":      rule.ParamFilters,
 					"operator":          rule.Operator,
 					"value":             rule.Value,
 					"isCaseInsensitive": rule.IsCaseInsensitive,
diff --git a/web/public/js/components/server/http-firewall-param-filters-box.js b/web/public/js/components/server/http-firewall-param-filters-box.js
new file mode 100644
index 00000000..b7f9d24c
--- /dev/null
+++ b/web/public/js/components/server/http-firewall-param-filters-box.js
@@ -0,0 +1,72 @@
+Vue.component("http-firewall-param-filters-box", {
+	props: ["v-filters"],
+	data: function () {
+		let filters = this.vFilters
+		if (filters == null) {
+			filters = []
+		}
+
+		return {
+			filters: filters,
+			isAdding: false,
+			options: [
+				{name: "MD5", code: "md5"},
+				{name: "URLEncode", code: "urlEncode"},
+				{name: "URLDecode", code: "urlDecode"},
+				{name: "BASE64Encode", code: "base64Encode"},
+				{name: "BASE64Decode", code: "base64Decode"},
+				{name: "计算长度", code: "length"}
+			],
+			addingCode: ""
+		}
+	},
+	methods: {
+		add: function () {
+			this.isAdding = true
+			this.addingCode = ""
+		},
+		confirm: function () {
+			if (this.addingCode.length == 0) {
+				return
+			}
+			let that = this
+			this.filters.push(this.options.$find(function (k, v) {
+				return (v.code == that.addingCode)
+			}))
+			this.isAdding = false
+		},
+		cancel: function () {
+			this.isAdding = false
+		},
+		remove: function (index) {
+			this.filters.$remove(index)
+		}
+	},
+	template: `<div>
+		<input type="hidden" name="paramFiltersJSON" :value="JSON.stringify(filters)" />
+		<div v-if="filters.length > 0">
+			<div v-for="(filter, index) in filters" class="ui label small basic">
+				{{filter.name}} <a href="" title="删除" @click.prevent="remove(index)"><i class="icon remove"></i></a>
+			</div>
+			<div class="ui divider"></div>
+		</div>
+		<div v-if="isAdding">
+			<div class="ui fields inline">
+				<div class="ui field">
+					<select class="ui dropdown auto-width" v-model="addingCode">
+						<option value="">[请选择]</option>
+						<option v-for="option in options" :value="option.code">{{option.name}}</option>
+					</select>
+				</div>
+				<div class="ui field">
+					<button class="ui button tiny" type="button" @click.prevent="confirm()">确定</button>
+					&nbsp; <a href="" @click.prevent="cancel()" title="取消"><i class="icon remove"></i></a>
+				</div>
+			</div>
+		</div>
+		<div v-if="!isAdding">
+			<button class="ui button tiny" type="button" @click.prevent="add">+</button>
+		</div>
+		<p class="comment">可以对参数值进行特定的编解码处理。</p>
+</div>`
+})
\ No newline at end of file
diff --git a/web/public/js/components/server/http-firewall-rules-box.js b/web/public/js/components/server/http-firewall-rules-box.js
index b520b7e8..6d552c06 100644
--- a/web/public/js/components/server/http-firewall-rules-box.js
+++ b/web/public/js/components/server/http-firewall-rules-box.js
@@ -38,8 +38,8 @@ Vue.component("http-firewall-rules-box", {
 	template: `<div>
 		<input type="hidden" name="rulesJSON" :value="JSON.stringify(rules)"/>
 		<div v-if="rules.length > 0">
-			<div v-for="(rule, index) in rules" class="ui label tiny" style="margin-bottom: 0.5em">
-				<span>{{rule.param}} <var v-if="rule.value.length > 0">{{rule.operator}}</var> {{rule.value}}</span>
+			<div v-for="(rule, index) in rules" class="ui label small basic" style="margin-bottom: 0.5em">
+				<span>{{rule.param}}<span v-if="rule.paramFilters != null && rule.paramFilters.length > 0" v-for="paramFilter in rule.paramFilters"> | {{paramFilter.code}}</span> <var v-if="rule.value.length > 0">{{rule.operator}}</var> {{rule.value}}</span>
 				<a href="" title="修改" @click.prevent="updateRule(index, rule)"><i class="icon pencil small"></i></a>
 				<a href="" title="删除" @click.prevent="removeRule(index)"><i class="icon remove"></i></a>
 			</div>
diff --git a/web/views/@default/servers/components/waf/createRulePopup.html b/web/views/@default/servers/components/waf/createRulePopup.html
index f0193283..2026a676 100644
--- a/web/views/@default/servers/components/waf/createRulePopup.html
+++ b/web/views/@default/servers/components/waf/createRulePopup.html
@@ -20,13 +20,15 @@
 				<p class="comment" v-if="checkpoint != null"><span class="ui label tiny">${<em style="font-style: normal;">{{checkpoint.prefix}}</em>}</span>{{checkpoint.description}}</p>
 			</td>
 		</tr>
+
+		<!-- 参数名 -->
 		<tr v-if="checkpoint != null && checkpoint.hasParams">
 			<td>参数名</td>
 			<td>
 				<select name="param" v-model="rule.checkpointParam" class="ui dropdown auto-width" v-if="checkpoint.params != null">
 					<option v-for="o in checkpoint.params" :value="o.value">{{o.name}}</option>
 				</select>
-				<input type="text" maxlength="100" v-model="rule.checkpointParam" v-if="checkpoint.params == null"/>
+				<input type="text" name="param" maxlength="100" v-model="rule.checkpointParam" v-if="checkpoint.params == null"/>
 			</td>
 		</tr>
 
@@ -40,6 +42,14 @@
 			</tr>
 		</tbody>
 
+		<!-- 参数过滤器 -->
+		<tr v-if="checkpoint != null && !checkpoint.isComposed">
+			<td>编解码</td>
+			<td>
+				<http-firewall-param-filters-box :v-filters="rule.paramFilters"></http-firewall-param-filters-box>
+			</td>
+		</tr>
+
 		<!-- 选项 -->
 		<tbody v-if="checkpoint != null && !checkpoint.isComposed && checkpoint.options != null && checkpoint.options.length > 0">
 			<tr v-for="option in checkpoint.options">
@@ -91,7 +101,18 @@
 			<tr>
 				<td>对比值</td>
 				<td>
-					<textarea rows="3" maxlength="4096" name="value" v-model="rule.value"></textarea>
+					<!-- 二进制数据 -->
+					<div v-if="rule.operator != 'contains binary'">
+						<textarea rows="3" maxlength="4096" name="value" v-model="rule.value"></textarea>
+						<p class="comment">将二进制进行Base64Encode后放在这里，比如<code-label>Hello</code-label>对应<code-label>SGVsbG8=</code-label>。</p>
+					</div>
+					<div v-else-if="rule.operator != 'not contains binary'">
+						<textarea rows="3" maxlength="4096" name="value" v-model="rule.value"></textarea>
+						<p class="comment">将二进制进行Base64Encode后放在这里，比如<code-label>Hello</code-label>对应<code-label>SGVsbG8=</code-label>。</p>
+					</div>
+
+					<!-- 其余数据 -->
+					<textarea rows="3" maxlength="4096" name="value" v-model="rule.value" v-else></textarea>
 				</td>
 			</tr>
 		</tbody>
diff --git a/web/views/@default/servers/components/waf/createRulePopup.js b/web/views/@default/servers/components/waf/createRulePopup.js
index d369c378..6b8d6863 100644
--- a/web/views/@default/servers/components/waf/createRulePopup.js
+++ b/web/views/@default/servers/components/waf/createRulePopup.js
@@ -5,6 +5,7 @@ Tea.context(function () {
 	this.rule = {
 		id: 0,
 		param: "",
+		paramFilters: [],
 		checkpointPrefix: "",
 		checkpointParam: "",
 		value: "",
diff --git a/web/views/@default/servers/components/waf/group.html b/web/views/@default/servers/components/waf/group.html
index ee67109d..aaaccaaa 100644
--- a/web/views/@default/servers/components/waf/group.html
+++ b/web/views/@default/servers/components/waf/group.html
@@ -48,7 +48,7 @@
 			</td>
 			<td class="rules-box">
 				<div v-for="rule in set.rules" style="margin-top: 0.4em;margin-bottom:0.4em">
-					<span class="ui label tiny basic">{{rule.name}}[{{rule.param}}] <var :class="{dash:rule.isCaseInsensitive}" :title="rule.isCaseInsensitive ? '大小写不敏感':''" v-if="!rule.isComposed">{{rule.operator}}</var> {{rule.value}}</span>
+					<span class="ui label tiny basic">{{rule.name}}[{{rule.param}}] <span v-if="rule.paramFilters != null && rule.paramFilters.length > 0" v-for="paramFilter in rule.paramFilters"> | {{paramFilter.code}}</span> <var :class="{dash:rule.isCaseInsensitive}" :title="rule.isCaseInsensitive ? '大小写不敏感':''" v-if="!rule.isComposed">{{rule.operator}}</var> {{rule.value}}</span>
 				</div>
 				<span class="ui disabled" v-if="set.rules.length == 0">暂时还没有规则</span>
 			</td>