实现防火墙配置

2025-11-03 20:40:26 +08:00 · 2020-09-20 20:12:43 +08:00
parent 679d60d654
commit 3908d1d56d
7 changed files with 132 additions and 4 deletions
--- a/internal/rpc/rpc_client.go
+++ b/internal/rpc/rpc_client.go
@@ -34,6 +34,7 @@ type RPCClient struct {
 	httpPageClients            []pb.HTTPPageServiceClient
 	httpAccessLogPolicyClients []pb.HTTPAccessLogPolicyServiceClient
 	httpCachePolicyClients     []pb.HTTPCachePolicyServiceClient
+	httpFirewallPolicyClients  []pb.HTTPFirewallPolicyServiceClient
 }

 func NewRPCClient(apiConfig *configs.APIConfig) (*RPCClient, error) {
@@ -57,6 +58,7 @@ func NewRPCClient(apiConfig *configs.APIConfig) (*RPCClient, error) {
 	httpPageClients := []pb.HTTPPageServiceClient{}
 	httpAccessLogPolicyClients := []pb.HTTPAccessLogPolicyServiceClient{}
 	httpCachePolicyClients := []pb.HTTPCachePolicyServiceClient{}
+	httpFirewallPolicyClients := []pb.HTTPFirewallPolicyServiceClient{}

 	conns := []*grpc.ClientConn{}
 	for _, endpoint := range apiConfig.RPC.Endpoints {
@@ -88,6 +90,7 @@ func NewRPCClient(apiConfig *configs.APIConfig) (*RPCClient, error) {
 		httpPageClients = append(httpPageClients, pb.NewHTTPPageServiceClient(conn))
 		httpAccessLogPolicyClients = append(httpAccessLogPolicyClients, pb.NewHTTPAccessLogPolicyServiceClient(conn))
 		httpCachePolicyClients = append(httpCachePolicyClients, pb.NewHTTPCachePolicyServiceClient(conn))
+		httpFirewallPolicyClients = append(httpFirewallPolicyClients, pb.NewHTTPFirewallPolicyServiceClient(conn))
 	}

 	return &RPCClient{
@@ -108,6 +111,7 @@ func NewRPCClient(apiConfig *configs.APIConfig) (*RPCClient, error) {
 		httpPageClients:            httpPageClients,
 		httpAccessLogPolicyClients: httpAccessLogPolicyClients,
 		httpCachePolicyClients:     httpCachePolicyClients,
+		httpFirewallPolicyClients:  httpFirewallPolicyClients,
 	}, nil
 }

@@ -223,6 +227,13 @@ func (this *RPCClient) HTTPCachePolicyRPC() pb.HTTPCachePolicyServiceClient {
 	return nil
 }

+func (this *RPCClient) HTTPFirewallPolicyRPC() pb.HTTPFirewallPolicyServiceClient {
+	if len(this.httpFirewallPolicyClients) > 0 {
+		return this.httpFirewallPolicyClients[rands.Int(0, len(this.httpFirewallPolicyClients)-1)]
+	}
+	return nil
+}
+
 func (this *RPCClient) Context(adminId int64) context.Context {
 	ctx := context.Background()
 	m := maps.Map{
--- a/internal/web/actions/default/servers/server/settings/waf/index.go
+++ b/internal/web/actions/default/servers/server/settings/waf/index.go
@@ -1,7 +1,12 @@
 package waf

 import (
+	"encoding/json"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
 )

 type IndexAction struct {
@@ -16,7 +21,55 @@ func (this *IndexAction) Init() {
 func (this *IndexAction) RunGet(params struct {
 	ServerId int64
 }) {
-	// TODO
+	webConfigResp, err := this.RPC().ServerRPC().FindAndInitServerWebConfig(this.AdminContext(), &pb.FindAndInitServerWebRequest{ServerId: params.ServerId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	webConfig := &serverconfigs.HTTPWebConfig{}
+	err = json.Unmarshal(webConfigResp.Config, webConfig)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["webId"] = webConfig.Id
+	this.Data["firewallConfig"] = webConfig.FirewallRef
+
+	// 当前已有策略
+	policiesResp, err := this.RPC().HTTPFirewallPolicyRPC().FindAllEnabledHTTPFirewallPolicies(this.AdminContext(), &pb.FindAllEnabledHTTPFirewallPoliciesRequest{})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	policyMaps := []maps.Map{}
+	for _, p := range policiesResp.FirewallPolicies {
+		policyMaps = append(policyMaps, maps.Map{
+			"id":   p.Id,
+			"name": p.Name,
+			"isOn": p.IsOn,
+		})
+	}
+	this.Data["firewallPolicies"] = policyMaps

 	this.Show()
 }
+
+func (this *IndexAction) RunPost(params struct {
+	WebId        int64
+	FirewallJSON []byte
+
+	Must *actions.Must
+}) {
+	// TODO 检查配置
+
+	_, err := this.RPC().HTTPWebRPC().UpdateHTTPFirewall(this.AdminContext(), &pb.UpdateHTTPFirewallRequest{
+		WebId:        params.WebId,
+		FirewallJSON: params.FirewallJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/server/settings/waf/init.go
+++ b/internal/web/actions/default/servers/server/settings/waf/init.go
@@ -12,7 +12,7 @@ func init() {
 			Helper(helpers.NewUserMustAuth()).
 			Helper(serverutils.NewServerHelper()).
 			Prefix("/servers/server/settings/waf").
-			Get("", new(IndexAction)).
+			GetPost("", new(IndexAction)).
 			EndAll()
 	})
 }