实现IP名单管理

2026-04-27 08:05:28 +08:00 · 2020-11-07 19:40:18 +08:00
parent 2a5c819c72
commit 2503ec59f8
19 changed files with 692 additions and 8 deletions
--- a/internal/web/actions/default/servers/components/waf/init.go
+++ b/internal/web/actions/default/servers/components/waf/init.go
@@ -41,6 +41,9 @@ func init() {
 			GetPost("/ipadmin", new(ipadmin.IndexAction)).
 			GetPost("/ipadmin/provinces", new(ipadmin.ProvincesAction)).
 			Get("/ipadmin/lists", new(ipadmin.ListsAction)).
+			GetPost("/ipadmin/createIPPopup", new(ipadmin.CreateIPPopupAction)).
+			GetPost("/ipadmin/updateIPPopup", new(ipadmin.UpdateIPPopupAction)).
+			Post("/ipadmin/deleteIP", new(ipadmin.DeleteIPAction)).

 			EndAll()
 	})
--- a/internal/web/actions/default/servers/components/waf/ipadmin/createIPPopup.go
+++ b/internal/web/actions/default/servers/components/waf/ipadmin/createIPPopup.go
@@ -0,0 +1,64 @@
+package ipadmin
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/models"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+)
+
+type CreateIPPopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *CreateIPPopupAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *CreateIPPopupAction) RunGet(params struct {
+	FirewallPolicyId int64
+	Type             string
+}) {
+	this.Data["type"] = params.Type
+
+	listId, err := models.SharedHTTPFirewallPolicyDAO.FindEnabledPolicyIPListIdWithType(this.AdminContext(), params.FirewallPolicyId, params.Type)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["listId"] = listId
+
+	this.Show()
+}
+
+func (this *CreateIPPopupAction) RunPost(params struct {
+	ListId    int64
+	IpFrom    string
+	IpTo      string
+	ExpiredAt int64
+	Reason    string
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	// TODO 校验ListId所属用户
+	// TODO 校验IP格式（ipFrom/ipTo）
+
+	params.Must.
+		Field("ipFrom", params.IpFrom).
+		Require("请输入开始IP")
+
+	_, err := this.RPC().IPItemRPC().CreateIPItem(this.AdminContext(), &pb.CreateIPItemRequest{
+		IpListId:  params.ListId,
+		IpFrom:    params.IpFrom,
+		IpTo:      params.IpTo,
+		ExpiredAt: params.ExpiredAt,
+		Reason:    params.Reason,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/components/waf/ipadmin/deleteIP.go
+++ b/internal/web/actions/default/servers/components/waf/ipadmin/deleteIP.go
@@ -0,0 +1,24 @@
+package ipadmin
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+)
+
+type DeleteIPAction struct {
+	actionutils.ParentAction
+}
+
+func (this *DeleteIPAction) RunPost(params struct {
+	ItemId int64
+}) {
+	// TODO 判断权限
+
+	_, err := this.RPC().IPItemRPC().DeleteIPItem(this.AdminContext(), &pb.DeleteIPItemRequest{IpItemId: params.ItemId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/components/waf/ipadmin/lists.go
+++ b/internal/web/actions/default/servers/components/waf/ipadmin/lists.go
@@ -1,6 +1,12 @@
 package ipadmin

-import "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/models"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/maps"
+	timeutil "github.com/iwind/TeaGo/utils/time"
+)

 type ListsAction struct {
 	actionutils.ParentAction
@@ -10,8 +16,56 @@ func (this *ListsAction) Init() {
 	this.Nav("", "", "ipadmin")
 }

-func (this *ListsAction) RunGet(params struct{}) {
-	this.Data["subMenuItem"] = "list"
+func (this *ListsAction) RunGet(params struct {
+	FirewallPolicyId int64
+	Type             string
+}) {
+	this.Data["subMenuItem"] = params.Type
+
+	listId, err := models.SharedHTTPFirewallPolicyDAO.FindEnabledPolicyIPListIdWithType(this.AdminContext(), params.FirewallPolicyId, params.Type)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["listId"] = listId
+
+	// 数量
+	countResp, err := this.RPC().IPItemRPC().CountIPItemsWithListId(this.AdminContext(), &pb.CountIPItemsWithListIdRequest{IpListId: listId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	count := countResp.Count
+	page := this.NewPage(count)
+	this.Data["page"] = page.AsHTML()
+
+	// 列表
+	itemsResp, err := this.RPC().IPItemRPC().ListIPItemsWithListId(this.AdminContext(), &pb.ListIPItemsWithListIdRequest{
+		IpListId: listId,
+		Offset:   page.Offset,
+		Size:     page.Size,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	itemMaps := []maps.Map{}
+	for _, item := range itemsResp.IpItems {
+		expiredTime := ""
+		if item.ExpiredAt > 0 {
+			expiredTime = timeutil.FormatTime("Y-m-d H:i:s", item.ExpiredAt)
+		}
+
+		itemMaps = append(itemMaps, maps.Map{
+			"id":          item.Id,
+			"ipFrom":      item.IpFrom,
+			"ipTo":        item.IpTo,
+			"expiredTime": expiredTime,
+			"reason":      item.Reason,
+		})
+	}
+	this.Data["items"] = itemMaps

 	this.Show()
 }
--- a/internal/web/actions/default/servers/components/waf/ipadmin/updateIPPopup.go
+++ b/internal/web/actions/default/servers/components/waf/ipadmin/updateIPPopup.go
@@ -0,0 +1,74 @@
+package ipadmin
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type UpdateIPPopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *UpdateIPPopupAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *UpdateIPPopupAction) RunGet(params struct {
+	ItemId int64
+}) {
+	itemResp, err := this.RPC().IPItemRPC().FindEnabledIPItem(this.AdminContext(), &pb.FindEnabledIPItemRequest{IpItemId: params.ItemId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	item := itemResp.IpItem
+	if item == nil {
+		this.NotFound("ipItem", params.ItemId)
+		return
+	}
+
+	this.Data["item"] = maps.Map{
+		"id":        item.Id,
+		"ipFrom":    item.IpFrom,
+		"ipTo":      item.IpTo,
+		"expiredAt": item.ExpiredAt,
+		"reason":    item.Reason,
+	}
+
+	this.Show()
+}
+
+func (this *UpdateIPPopupAction) RunPost(params struct {
+	ItemId int64
+
+	IpFrom    string
+	IpTo      string
+	ExpiredAt int64
+	Reason    string
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	// TODO 校验ItemId所属用户
+	// TODO 校验IP格式（ipFrom/ipTo）
+
+	params.Must.
+		Field("ipFrom", params.IpFrom).
+		Require("请输入开始IP")
+
+	_, err := this.RPC().IPItemRPC().UpdateIPItem(this.AdminContext(), &pb.UpdateIPItemRequest{
+		IpItemId:  params.ItemId,
+		IpFrom:    params.IpFrom,
+		IpTo:      params.IpTo,
+		ExpiredAt: params.ExpiredAt,
+		Reason:    params.Reason,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/models/http_firewall_policy_dao.go
+++ b/internal/web/models/http_firewall_policy_dao.go
@@ -3,17 +3,20 @@ package models
 import (
 	"context"
 	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/errors"
 	"github.com/TeaOSLab/EdgeAdmin/internal/rpc"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/ipconfigs"
 )

 var SharedHTTPFirewallPolicyDAO = new(HTTPFirewallPolicyDAO)

+// WAF策略相关
 type HTTPFirewallPolicyDAO struct {
 }

-// 查找缓存策略基本信息
+// 查找WAF策略基本信息
 func (this *HTTPFirewallPolicyDAO) FindEnabledPolicy(ctx context.Context, policyId int64) (*pb.HTTPFirewallPolicy, error) {
 	client, err := rpc.SharedRPC()
 	if err != nil {
@@ -26,7 +29,7 @@ func (this *HTTPFirewallPolicyDAO) FindEnabledPolicy(ctx context.Context, policy
 	return resp.FirewallPolicy, nil
 }

-// 查找缓存策略配置
+// 查找WAF策略配置
 func (this *HTTPFirewallPolicyDAO) FindEnabledPolicyConfig(ctx context.Context, policyId int64) (*firewallconfigs.HTTPFirewallPolicy, error) {
 	client, err := rpc.SharedRPC()
 	if err != nil {
@@ -46,3 +49,125 @@ func (this *HTTPFirewallPolicyDAO) FindEnabledPolicyConfig(ctx context.Context,
 	}
 	return firewallPolicy, nil
 }
+
+// 查找WAF的Inbound
+func (this *HTTPFirewallPolicyDAO) FindEnabledPolicyInboundConfig(ctx context.Context, policyId int64) (*firewallconfigs.HTTPFirewallInboundConfig, error) {
+	config, err := this.FindEnabledPolicyConfig(ctx, policyId)
+	if err != nil {
+		return nil, err
+	}
+	if config == nil {
+		return nil, errors.New("not found")
+	}
+	return config.Inbound, nil
+}
+
+// 根据类型查找WAF的IP名单
+func (this *HTTPFirewallPolicyDAO) FindEnabledPolicyIPListIdWithType(ctx context.Context, policyId int64, listType ipconfigs.IPListType) (int64, error) {
+	switch listType {
+	case ipconfigs.IPListTypeWhite:
+		return this.FindEnabledPolicyWhiteIPListId(ctx, policyId)
+	case ipconfigs.IPListTypeBlack:
+		return this.FindEnabledPolicyBlackIPListId(ctx, policyId)
+	default:
+		return 0, errors.New("invalid ip list type '" + listType + "'")
+	}
+}
+
+// 查找WAF的白名单
+func (this *HTTPFirewallPolicyDAO) FindEnabledPolicyWhiteIPListId(ctx context.Context, policyId int64) (int64, error) {
+	client, err := rpc.SharedRPC()
+	if err != nil {
+		return 0, err
+	}
+
+	config, err := this.FindEnabledPolicyConfig(ctx, policyId)
+	if err != nil {
+		return 0, err
+	}
+	if config == nil {
+		return 0, errors.New("not found")
+	}
+	if config.Inbound == nil {
+		config.Inbound = &firewallconfigs.HTTPFirewallInboundConfig{IsOn: true}
+	}
+	if config.Inbound.WhiteListRef == nil || config.Inbound.WhiteListRef.ListId == 0 {
+		createResp, err := client.IPListRPC().CreateIPList(ctx, &pb.CreateIPListRequest{
+			Type:        "white",
+			Name:        "白名单",
+			Code:        "white",
+			TimeoutJSON: nil,
+		})
+		if err != nil {
+			return 0, err
+		}
+		listId := createResp.IpListId
+		config.Inbound.WhiteListRef = &ipconfigs.IPListRef{
+			IsOn:   true,
+			ListId: listId,
+		}
+		inboundJSON, err := json.Marshal(config.Inbound)
+		if err != nil {
+			return 0, err
+		}
+		_, err = client.HTTPFirewallPolicyRPC().UpdateHTTPFirewallInboundConfig(ctx, &pb.UpdateHTTPFirewallInboundConfigRequest{
+			FirewallPolicyId: policyId,
+			InboundJSON:      inboundJSON,
+		})
+		if err != nil {
+			return 0, err
+		}
+		return listId, nil
+	}
+
+	return config.Inbound.WhiteListRef.ListId, nil
+}
+
+// 查找WAF的黑名单
+func (this *HTTPFirewallPolicyDAO) FindEnabledPolicyBlackIPListId(ctx context.Context, policyId int64) (int64, error) {
+	client, err := rpc.SharedRPC()
+	if err != nil {
+		return 0, err
+	}
+
+	config, err := this.FindEnabledPolicyConfig(ctx, policyId)
+	if err != nil {
+		return 0, err
+	}
+	if config == nil {
+		return 0, errors.New("not found")
+	}
+	if config.Inbound == nil {
+		config.Inbound = &firewallconfigs.HTTPFirewallInboundConfig{IsOn: true}
+	}
+	if config.Inbound.BlackListRef == nil || config.Inbound.BlackListRef.ListId == 0 {
+		createResp, err := client.IPListRPC().CreateIPList(ctx, &pb.CreateIPListRequest{
+			Type:        "black",
+			Name:        "黑名单",
+			Code:        "black",
+			TimeoutJSON: nil,
+		})
+		if err != nil {
+			return 0, err
+		}
+		listId := createResp.IpListId
+		config.Inbound.BlackListRef = &ipconfigs.IPListRef{
+			IsOn:   true,
+			ListId: listId,
+		}
+		inboundJSON, err := json.Marshal(config.Inbound)
+		if err != nil {
+			return 0, err
+		}
+		_, err = client.HTTPFirewallPolicyRPC().UpdateHTTPFirewallInboundConfig(ctx, &pb.UpdateHTTPFirewallInboundConfigRequest{
+			FirewallPolicyId: policyId,
+			InboundJSON:      inboundJSON,
+		})
+		if err != nil {
+			return 0, err
+		}
+		return listId, nil
+	}
+
+	return config.Inbound.BlackListRef.ListId, nil
+}