增加WAF日志配置/WAF策略中之日志中增加分表查询

internal/web/actions/default/servers/components/waf/log.go

@@ -34,13 +34,15 @@ func (this *LogAction) RunGet(params struct {
 	this.Data["path"] = this.Request.URL.Path
 	this.Data["day"] = params.Day
 	this.Data["groupId"] = params.GroupId
-	this.Data["accessLogs"] = []interface{}{}
+	this.Data["accessLogs"] = []maps.Map{}
+	this.Data["partition"] = params.Partition
 
-	day := params.Day
+	var day = params.Day
-	ipList := []string{}
+	var ipList = []string{}
+	var wafMaps = []maps.Map{}
 	if len(day) > 0 && regexp.MustCompile(`\d{4}-\d{2}-\d{2}`).MatchString(day) {
 		day = strings.ReplaceAll(day, "-", "")
-		size := int64(10)
+		var size = int64(20)
 
 		resp, err := this.RPC().HTTPAccessLogRPC().ListHTTPAccessLogs(this.AdminContext(), &pb.ListHTTPAccessLogsRequest{
 			Partition:           params.Partition,
@@ -60,11 +62,31 @@ func (this *LogAction) RunGet(params struct {
 		} else {
 			this.Data["accessLogs"] = resp.HttpAccessLogs
 			for _, accessLog := range resp.HttpAccessLogs {
+				// IP
 				if len(accessLog.RemoteAddr) > 0 {
 					if !lists.ContainsString(ipList, accessLog.RemoteAddr) {
 						ipList = append(ipList, accessLog.RemoteAddr)
 					}
 				}
+
+				// WAF信息集合
+				if accessLog.FirewallPolicyId > 0 && accessLog.FirewallRuleGroupId > 0 && accessLog.FirewallRuleSetId > 0 {
+					// 检查Set是否已经存在
+					var existSet = false
+					for _, wafMap := range wafMaps {
+						if wafMap.GetInt64("setId") == accessLog.FirewallRuleSetId {
+							existSet = true
+							break
+						}
+					}
+					if !existSet {
+						wafMaps = append(wafMaps, maps.Map{
+							"policyId": accessLog.FirewallPolicyId,
+							"groupId":  accessLog.FirewallRuleGroupId,
+							"setId":    accessLog.FirewallRuleSetId,
+						})
+					}
+				}
 			}
 		}
 		this.Data["hasMore"] = resp.HasMore
@@ -134,5 +156,79 @@ func (this *LogAction) RunGet(params struct {
 	}
 	this.Data["regions"] = regionMap
 
+	// WAF相关
+	var wafInfos = map[int64]maps.Map{}                          // set id => WAF Map
+	var wafPolicyCacheMap = map[int64]*pb.HTTPFirewallPolicy{}   // id => *pb.HTTPFirewallPolicy
+	var wafGroupCacheMap = map[int64]*pb.HTTPFirewallRuleGroup{} // id => *pb.HTTPFirewallRuleGroup
+	var wafSetCacheMap = map[int64]*pb.HTTPFirewallRuleSet{}     // id => *pb.HTTPFirewallRuleSet
+	for _, wafMap := range wafMaps {
+		var policyId = wafMap.GetInt64("policyId")
+		var groupId = wafMap.GetInt64("groupId")
+		var setId = wafMap.GetInt64("setId")
+		if policyId > 0 {
+			pbPolicy, ok := wafPolicyCacheMap[policyId]
+			if !ok {
+				policyResp, err := this.RPC().HTTPFirewallPolicyRPC().FindEnabledHTTPFirewallPolicy(this.AdminContext(), &pb.FindEnabledHTTPFirewallPolicyRequest{HttpFirewallPolicyId: policyId})
+				if err != nil {
+					this.ErrorPage(err)
+					return
+				}
+				pbPolicy = policyResp.HttpFirewallPolicy
+				wafPolicyCacheMap[policyId] = pbPolicy
+			}
+			if pbPolicy != nil {
+				wafMap = maps.Map{
+					"policy": maps.Map{
+						"id":       pbPolicy.Id,
+						"name":     pbPolicy.Name,
+						"serverId": pbPolicy.ServerId,
+					},
+				}
+				if groupId > 0 {
+					pbGroup, ok := wafGroupCacheMap[groupId]
+					if !ok {
+						groupResp, err := this.RPC().HTTPFirewallRuleGroupRPC().FindEnabledHTTPFirewallRuleGroup(this.AdminContext(), &pb.FindEnabledHTTPFirewallRuleGroupRequest{FirewallRuleGroupId: groupId})
+						if err != nil {
+							this.ErrorPage(err)
+							return
+						}
+						pbGroup = groupResp.FirewallRuleGroup
+						wafGroupCacheMap[groupId] = pbGroup
+					}
+
+					if pbGroup != nil {
+						wafMap["group"] = maps.Map{
+							"id":   pbGroup.Id,
+							"name": pbGroup.Name,
+						}
+
+						if setId > 0 {
+							pbSet, ok := wafSetCacheMap[setId]
+							if !ok {
+								setResp, err := this.RPC().HTTPFirewallRuleSetRPC().FindEnabledHTTPFirewallRuleSet(this.AdminContext(), &pb.FindEnabledHTTPFirewallRuleSetRequest{FirewallRuleSetId: setId})
+								if err != nil {
+									this.ErrorPage(err)
+									return
+								}
+								pbSet = setResp.FirewallRuleSet
+								wafSetCacheMap[setId] = pbSet
+							}
+
+							if pbSet != nil {
+								wafMap["set"] = maps.Map{
+									"id":   pbSet.Id,
+									"name": pbSet.Name,
+								}
+							}
+						}
+					}
+				}
+			}
+		}
+
+		wafInfos[setId] = wafMap
+	}
+	this.Data["wafInfos"] = wafInfos
+
 	this.Show()
 }

internal/web/actions/default/servers/components/waf/policy.go

@@ -96,6 +96,7 @@ func (this *PolicyAction) RunGet(params struct {
 		"blockOptions":     firewallPolicy.BlockOptions,
 		"useLocalFirewall": firewallPolicy.UseLocalFirewall,
 		"synFlood":         firewallPolicy.SYNFlood,
+		"log":              firewallPolicy.Log,
 	}
 
 	// 正在使用此策略的集群

internal/web/actions/default/servers/components/waf/update.go

@@ -58,6 +58,11 @@ func (this *UpdateAction) RunGet(params struct {
 		}
 	}
 
+	// log
+	if firewallPolicy.Log == nil {
+		firewallPolicy.Log = firewallconfigs.DefaultHTTPFirewallPolicyLogConfig
+	}
+
 	this.Data["firewallPolicy"] = maps.Map{
 		"id":               firewallPolicy.Id,
 		"name":             firewallPolicy.Name,
@@ -67,10 +72,11 @@ func (this *UpdateAction) RunGet(params struct {
 		"blockOptions":     firewallPolicy.BlockOptions,
 		"useLocalFirewall": firewallPolicy.UseLocalFirewall,
 		"synFloodConfig":   firewallPolicy.SYNFlood,
+		"log":              firewallPolicy.Log,
 	}
 
 	// 预置分组
-	groups := []maps.Map{}
+	var groups = []maps.Map{}
 	templatePolicy := firewallconfigs.HTTPFirewallTemplate()
 	for _, group := range templatePolicy.AllRuleGroups() {
 		if len(group.Code) > 0 {
@@ -101,6 +107,7 @@ func (this *UpdateAction) RunPost(params struct {
 	Mode             string
 	UseLocalFirewall bool
 	SynFloodJSON     []byte
+	LogJSON          []byte
 
 	Must *actions.Must
 }) {
@@ -128,6 +135,7 @@ func (this *UpdateAction) RunPost(params struct {
 		Mode:                 params.Mode,
 		UseLocalFirewall:     params.UseLocalFirewall,
 		SynFloodJSON:         params.SynFloodJSON,
+		LogJSON:              params.LogJSON,
 	})
 	if err != nil {
 		this.ErrorPage(err)

web/public/js/components/server/http-access-log-box.js

@@ -60,9 +60,9 @@ Vue.component("http-access-log-box", {
 		<span  v-if="accessLog.wafInfo != null">
 			<a :href="(accessLog.wafInfo.policy.serverId == 0) ? '/servers/components/waf/group?firewallPolicyId=' +  accessLog.firewallPolicyId + '&type=inbound&groupId=' + accessLog.firewallRuleGroupId+ '#set' + accessLog.firewallRuleSetId : '/servers/server/settings/waf/group?serverId=' + accessLog.serverId + '&firewallPolicyId=' + accessLog.firewallPolicyId + '&type=inbound&groupId=' + accessLog.firewallRuleGroupId + '#set' + accessLog.firewallRuleSetId" target="_blank">
 				<code-label-plain>
-					<span class="red">
+					<span>
-						WAF --
+						WAF -
-						<span v-if="accessLog.wafInfo.group != null">{{accessLog.wafInfo.group.name}} --</span>
+						<span v-if="accessLog.wafInfo.group != null">{{accessLog.wafInfo.group.name}} -</span>
 						<span v-if="accessLog.wafInfo.set != null">{{accessLog.wafInfo.set.name}}</span>
 					</span>
 				</code-label-plain>

web/views/@default/servers/components/waf/log.html

@@ -25,6 +25,8 @@
 	</first-menu>
 	</form>
 
+    <http-access-log-partitions-box :v-day="day" :v-partition="partition"></http-access-log-partitions-box>
+
 	<p class="comment" v-if="accessLogs.length == 0">暂时还没有日志。</p>
 
 	<table class="ui table selectable" v-if="accessLogs.length > 0">

web/views/@default/servers/components/waf/log.js

@@ -13,5 +13,10 @@ Tea.context(function () {
         } else {
             accessLog.region = ""
         }
+		if (accessLog.firewallRuleSetId > 0 && typeof (that.wafInfos[accessLog.firewallRuleSetId]) == "object") {
+			accessLog.wafInfo = that.wafInfos[accessLog.firewallRuleSetId]
+		} else {
+			accessLog.wafInfo = null
+		}
     })
 })

web/views/@default/servers/components/waf/policy.html

@@ -92,6 +92,13 @@
             </table>
         </td>
     </tr>
+    <tr>
+        <td>记录日志</td>
+        <td>
+            <span v-if="firewallPolicy.log == null || !firewallPolicy.log.isOn">默认</span>
+            <span v-else class="green">开启</span>
+        </td>
+    </tr>
     <tr>
         <td>描述</td>
         <td>

web/views/@default/servers/components/waf/update.html

@@ -49,6 +49,14 @@
                 <td>
                     <firewall-syn-flood-config-box :v-syn-flood-config="firewallPolicy.synFloodConfig"></firewall-syn-flood-config-box>
                 </td>
+            </tr>
+            <tr>
+                <td>记录日志</td>
+                <td>
+                    <input type="hidden" name="logJSON" :value="JSON.stringify(firewallPolicy.log)"/>
+                    <checkbox name="" v-model="firewallPolicy.log.isOn"></checkbox>
+                    <p class="comment">选中后，总是记录WAF相关日志，即使服务中没有开启访问日志。</p>
+                </td>
             </tr>
 			<tr>
 				<td colspan="2"><more-options-indicator></more-options-indicator></td>