增加WAF日志配置/WAF策略中之日志中增加分表查询

internal/web/actions/default/servers/components/waf/log.go

@@ -34,13 +34,15 @@ func (this *LogAction) RunGet(params struct {
 	this.Data["path"] = this.Request.URL.Path
 	this.Data["day"] = params.Day
 	this.Data["groupId"] = params.GroupId
-	this.Data["accessLogs"] = []interface{}{}
+	this.Data["accessLogs"] = []maps.Map{}
+	this.Data["partition"] = params.Partition
 
-	day := params.Day
-	ipList := []string{}
+	var day = params.Day
+	var ipList = []string{}
+	var wafMaps = []maps.Map{}
 	if len(day) > 0 && regexp.MustCompile(`\d{4}-\d{2}-\d{2}`).MatchString(day) {
 		day = strings.ReplaceAll(day, "-", "")
-		size := int64(10)
+		var size = int64(20)
 
 		resp, err := this.RPC().HTTPAccessLogRPC().ListHTTPAccessLogs(this.AdminContext(), &pb.ListHTTPAccessLogsRequest{
 			Partition:           params.Partition,
@@ -60,11 +62,31 @@ func (this *LogAction) RunGet(params struct {
 		} else {
 			this.Data["accessLogs"] = resp.HttpAccessLogs
 			for _, accessLog := range resp.HttpAccessLogs {
+				// IP
 				if len(accessLog.RemoteAddr) > 0 {
 					if !lists.ContainsString(ipList, accessLog.RemoteAddr) {
 						ipList = append(ipList, accessLog.RemoteAddr)
 					}
 				}
+
+				// WAF信息集合
+				if accessLog.FirewallPolicyId > 0 && accessLog.FirewallRuleGroupId > 0 && accessLog.FirewallRuleSetId > 0 {
+					// 检查Set是否已经存在
+					var existSet = false
+					for _, wafMap := range wafMaps {
+						if wafMap.GetInt64("setId") == accessLog.FirewallRuleSetId {
+							existSet = true
+							break
+						}
+					}
+					if !existSet {
+						wafMaps = append(wafMaps, maps.Map{
+							"policyId": accessLog.FirewallPolicyId,
+							"groupId":  accessLog.FirewallRuleGroupId,
+							"setId":    accessLog.FirewallRuleSetId,
+						})
+					}
+				}
 			}
 		}
 		this.Data["hasMore"] = resp.HasMore
@@ -134,5 +156,79 @@ func (this *LogAction) RunGet(params struct {
 	}
 	this.Data["regions"] = regionMap
 
+	// WAF相关
+	var wafInfos = map[int64]maps.Map{}                          // set id => WAF Map
+	var wafPolicyCacheMap = map[int64]*pb.HTTPFirewallPolicy{}   // id => *pb.HTTPFirewallPolicy
+	var wafGroupCacheMap = map[int64]*pb.HTTPFirewallRuleGroup{} // id => *pb.HTTPFirewallRuleGroup
+	var wafSetCacheMap = map[int64]*pb.HTTPFirewallRuleSet{}     // id => *pb.HTTPFirewallRuleSet
+	for _, wafMap := range wafMaps {
+		var policyId = wafMap.GetInt64("policyId")
+		var groupId = wafMap.GetInt64("groupId")
+		var setId = wafMap.GetInt64("setId")
+		if policyId > 0 {
+			pbPolicy, ok := wafPolicyCacheMap[policyId]
+			if !ok {
+				policyResp, err := this.RPC().HTTPFirewallPolicyRPC().FindEnabledHTTPFirewallPolicy(this.AdminContext(), &pb.FindEnabledHTTPFirewallPolicyRequest{HttpFirewallPolicyId: policyId})
+				if err != nil {
+					this.ErrorPage(err)
+					return
+				}
+				pbPolicy = policyResp.HttpFirewallPolicy
+				wafPolicyCacheMap[policyId] = pbPolicy
+			}
+			if pbPolicy != nil {
+				wafMap = maps.Map{
+					"policy": maps.Map{
+						"id":       pbPolicy.Id,
+						"name":     pbPolicy.Name,
+						"serverId": pbPolicy.ServerId,
+					},
+				}
+				if groupId > 0 {
+					pbGroup, ok := wafGroupCacheMap[groupId]
+					if !ok {
+						groupResp, err := this.RPC().HTTPFirewallRuleGroupRPC().FindEnabledHTTPFirewallRuleGroup(this.AdminContext(), &pb.FindEnabledHTTPFirewallRuleGroupRequest{FirewallRuleGroupId: groupId})
+						if err != nil {
+							this.ErrorPage(err)
+							return
+						}
+						pbGroup = groupResp.FirewallRuleGroup
+						wafGroupCacheMap[groupId] = pbGroup
+					}
+
+					if pbGroup != nil {
+						wafMap["group"] = maps.Map{
+							"id":   pbGroup.Id,
+							"name": pbGroup.Name,
+						}
+
+						if setId > 0 {
+							pbSet, ok := wafSetCacheMap[setId]
+							if !ok {
+								setResp, err := this.RPC().HTTPFirewallRuleSetRPC().FindEnabledHTTPFirewallRuleSet(this.AdminContext(), &pb.FindEnabledHTTPFirewallRuleSetRequest{FirewallRuleSetId: setId})
+								if err != nil {
+									this.ErrorPage(err)
+									return
+								}
+								pbSet = setResp.FirewallRuleSet
+								wafSetCacheMap[setId] = pbSet
+							}
+
+							if pbSet != nil {
+								wafMap["set"] = maps.Map{
+									"id":   pbSet.Id,
+									"name": pbSet.Name,
+								}
+							}
+						}
+					}
+				}
+			}
+		}
+
+		wafInfos[setId] = wafMap
+	}
+	this.Data["wafInfos"] = wafInfos
+
 	this.Show()
 }

internal/web/actions/default/servers/components/waf/policy.go

@@ -96,6 +96,7 @@ func (this *PolicyAction) RunGet(params struct {
 		"blockOptions":     firewallPolicy.BlockOptions,
 		"useLocalFirewall": firewallPolicy.UseLocalFirewall,
 		"synFlood":         firewallPolicy.SYNFlood,
+		"log":              firewallPolicy.Log,
 	}
 
 	// 正在使用此策略的集群

internal/web/actions/default/servers/components/waf/update.go

@@ -58,6 +58,11 @@ func (this *UpdateAction) RunGet(params struct {
 		}
 	}
 
+	// log
+	if firewallPolicy.Log == nil {
+		firewallPolicy.Log = firewallconfigs.DefaultHTTPFirewallPolicyLogConfig
+	}
+
 	this.Data["firewallPolicy"] = maps.Map{
 		"id":               firewallPolicy.Id,
 		"name":             firewallPolicy.Name,
@@ -67,10 +72,11 @@ func (this *UpdateAction) RunGet(params struct {
 		"blockOptions":     firewallPolicy.BlockOptions,
 		"useLocalFirewall": firewallPolicy.UseLocalFirewall,
 		"synFloodConfig":   firewallPolicy.SYNFlood,
+		"log":              firewallPolicy.Log,
 	}
 
 	// 预置分组
-	groups := []maps.Map{}
+	var groups = []maps.Map{}
 	templatePolicy := firewallconfigs.HTTPFirewallTemplate()
 	for _, group := range templatePolicy.AllRuleGroups() {
 		if len(group.Code) > 0 {
@@ -101,6 +107,7 @@ func (this *UpdateAction) RunPost(params struct {
 	Mode             string
 	UseLocalFirewall bool
 	SynFloodJSON     []byte
+	LogJSON          []byte
 
 	Must *actions.Must
 }) {
@@ -128,6 +135,7 @@ func (this *UpdateAction) RunPost(params struct {
 		Mode:                 params.Mode,
 		UseLocalFirewall:     params.UseLocalFirewall,
 		SynFloodJSON:         params.SynFloodJSON,
+		LogJSON:              params.LogJSON,
 	})
 	if err != nil {
 		this.ErrorPage(err)