实现WAF策略部分功能

internal/web/actions/actionutils/utils.go

@@ -33,6 +33,18 @@ func MatchPath(action *actions.ActionObject, path string) bool {
 	return action.Request.URL.Path == path
 }
 
+// 查找父级Action
+func FindParentAction(actionPtr actions.ActionWrapper) *ParentAction {
+	parentActionValue := reflect.ValueOf(actionPtr).Elem().FieldByName("ParentAction")
+	if parentActionValue.IsValid() {
+		parentAction, isOk := parentActionValue.Interface().(ParentAction)
+		if isOk {
+			return &parentAction
+		}
+	}
+	return nil
+}
+
 func findStack(err string) string {
 	_, currentFilename, _, currentOk := runtime.Caller(1)
 	if currentOk {

internal/web/actions/default/servers/components/cache/delete.go

@@ -19,7 +19,7 @@ func (this *DeleteAction) RunPost(params struct {
 		return
 	}
 	if countResp.Count > 0 {
-		this.Fail("此缓存策略正在被别的服务引用，请修改后再删除。")
+		this.Fail("此缓存策略正在被有些服务引用，请修改后再删除。")
 	}
 
 	_, err = this.RPC().HTTPCachePolicyRPC().DeleteHTTPCachePolicy(this.AdminContext(), &pb.DeleteHTTPCachePolicyRequest{CachePolicyId: params.CachePolicyId})

internal/web/actions/default/servers/components/waf/createPopup.go

@@ -0,0 +1,59 @@
+package waf
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type CreatePopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *CreatePopupAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *CreatePopupAction) RunGet(params struct{}) {
+	// 预置分组
+	groups := []maps.Map{}
+	templatePolicy := firewallconfigs.HTTPFirewallTemplate()
+	for _, group := range templatePolicy.AllRuleGroups() {
+		groups = append(groups, maps.Map{
+			"code": group.Code,
+			"name": group.Name,
+			"isOn": group.IsOn,
+		})
+	}
+	this.Data["groups"] = groups
+
+	this.Show()
+}
+
+func (this *CreatePopupAction) RunPost(params struct {
+	Name        string
+	GroupCodes  []string
+	Description string
+	IsOn        bool
+
+	Must *actions.Must
+}) {
+	params.Must.
+		Field("name", params.Name).
+		Require("请输入策略名称")
+
+	_, err := this.RPC().HTTPFirewallPolicyRPC().CreateHTTPFirewallPolicy(this.AdminContext(), &pb.CreateHTTPFirewallPolicyRequest{
+		IsOn:               params.IsOn,
+		Name:               params.Name,
+		Description:        params.Description,
+		FirewallGroupCodes: params.GroupCodes,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}

internal/web/actions/default/servers/components/waf/delete.go

@@ -0,0 +1,31 @@
+package waf
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+)
+
+type DeleteAction struct {
+	actionutils.ParentAction
+}
+
+func (this *DeleteAction) RunPost(params struct {
+	FirewallPolicyId int64
+}) {
+	countResp, err := this.RPC().ServerRPC().CountAllEnabledServersWithHTTPFirewallPolicyId(this.AdminContext(), &pb.CountAllEnabledServersWithHTTPFirewallPolicyIdRequest{FirewallPolicyId: params.FirewallPolicyId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if countResp.Count > 0 {
+		this.Fail("此WAF策略正在被有些服务引用，请修改后再删除。")
+	}
+
+	_, err = this.RPC().HTTPFirewallPolicyRPC().DeleteFirewallPolicy(this.AdminContext(), &pb.DeleteFirewallPolicyRequest{FirewallPolicyId: params.FirewallPolicyId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}

internal/web/actions/default/servers/components/waf/export.go

@@ -0,0 +1,15 @@
+package waf
+
+import "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+
+type ExportAction struct {
+	actionutils.ParentAction
+}
+
+func (this *ExportAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *ExportAction) RunGet(params struct{}) {
+	this.Show()
+}

internal/web/actions/default/servers/components/waf/groups.go

@@ -0,0 +1,15 @@
+package waf
+
+import "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+
+type GroupsAction struct {
+	actionutils.ParentAction
+}
+
+func (this *GroupsAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *GroupsAction) RunGet(params struct{}) {
+	this.Show()
+}

internal/web/actions/default/servers/components/waf/helper.go

@@ -1,6 +1,10 @@
 package waf
 
 import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/models"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
 	"github.com/iwind/TeaGo/actions"
 	"net/http"
 )
@@ -12,11 +16,56 @@ func NewHelper() *Helper {
 	return &Helper{}
 }
 
-func (this *Helper) BeforeAction(action *actions.ActionObject) {
+func (this *Helper) BeforeAction(actionPtr actions.ActionWrapper) (goNext bool) {
+	action := actionPtr.Object()
 	if action.Request.Method != http.MethodGet {
-		return
+		return true
 	}
 
 	action.Data["mainTab"] = "component"
 	action.Data["secondMenuItem"] = "waf"
+
+	// 显示当前的防火墙名称
+	firewallPolicyId := action.ParamInt64("firewallPolicyId")
+	if firewallPolicyId > 0 {
+		action.Data["firewallPolicyId"] = firewallPolicyId
+		action.Data["countInboundGroups"] = 0
+		action.Data["countOutboundGroups"] = 0
+		parentAction := actionutils.FindParentAction(actionPtr)
+		if parentAction != nil {
+			firewallPolicy, err := models.SharedHTTPFirewallPolicyDAO.FindEnabledPolicy(parentAction.AdminContext(), firewallPolicyId)
+			if err != nil {
+				parentAction.ErrorPage(err)
+				return
+			}
+			if firewallPolicy == nil {
+				action.WriteString("can not find firewall policy")
+				return
+			}
+			action.Data["firewallPolicyName"] = firewallPolicy.Name
+
+			// inbound
+			if len(firewallPolicy.InboundJSON) > 0 {
+				inboundConfig := &firewallconfigs.HTTPFirewallInboundConfig{}
+				err = json.Unmarshal(firewallPolicy.InboundJSON, inboundConfig)
+				if err != nil {
+					parentAction.ErrorPage(err)
+					return
+				}
+				action.Data["countInboundGroups"] = len(inboundConfig.GroupRefs)
+			}
+
+			// outbound
+			if len(firewallPolicy.OutboundJSON) > 0 {
+				outboundConfig := &firewallconfigs.HTTPFirewallOutboundConfig{}
+				err = json.Unmarshal(firewallPolicy.OutboundJSON, outboundConfig)
+				if err != nil {
+					parentAction.ErrorPage(err)
+					return
+				}
+				action.Data["countOutboundGroups"] = len(outboundConfig.GroupRefs)
+			}
+		}
+	}
+	return true
 }

internal/web/actions/default/servers/components/waf/import.go

@@ -0,0 +1,15 @@
+package waf
+
+import "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+
+type ImportAction struct {
+	actionutils.ParentAction
+}
+
+func (this *ImportAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *ImportAction) RunGet(params struct{}) {
+	this.Show()
+}

internal/web/actions/default/servers/components/waf/index.go

@@ -1,7 +1,11 @@
 package waf
 
 import (
+	"encoding/json"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/maps"
 )
 
 type IndexAction struct {
@@ -13,6 +17,65 @@ func (this *IndexAction) Init() {
 }
 
 func (this *IndexAction) RunGet(params struct{}) {
+	countResp, err := this.RPC().HTTPFirewallPolicyRPC().CountAllEnabledFirewallPolicies(this.AdminContext(), &pb.CountAllEnabledFirewallPoliciesRequest{})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	count := countResp.Count
+	page := this.NewPage(count)
+
+	listResp, err := this.RPC().HTTPFirewallPolicyRPC().ListEnabledFirewallPolicies(this.AdminContext(), &pb.ListEnabledFirewallPoliciesRequest{
+		Offset: page.Offset,
+		Size:   page.Size,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	policyMaps := []maps.Map{}
+	for _, policy := range listResp.FirewallPolicies {
+		countInbound := 0
+		countOutbound := 0
+		if len(policy.InboundJSON) > 0 {
+			inboundConfig := &firewallconfigs.HTTPFirewallInboundConfig{}
+			err = json.Unmarshal(policy.InboundJSON, inboundConfig)
+			if err != nil {
+				this.ErrorPage(err)
+				return
+			}
+			countInbound = len(inboundConfig.GroupRefs)
+		}
+		if len(policy.OutboundJSON) > 0 {
+			outboundConfig := &firewallconfigs.HTTPFirewallInboundConfig{}
+			err = json.Unmarshal(policy.OutboundJSON, outboundConfig)
+			if err != nil {
+				this.ErrorPage(err)
+				return
+			}
+			countOutbound = len(outboundConfig.GroupRefs)
+		}
+
+		countServersResp, err := this.RPC().ServerRPC().CountAllEnabledServersWithHTTPFirewallPolicyId(this.AdminContext(), &pb.CountAllEnabledServersWithHTTPFirewallPolicyIdRequest{FirewallPolicyId: policy.Id})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		countServers := countServersResp.Count
+
+		policyMaps = append(policyMaps, maps.Map{
+			"id":            policy.Id,
+			"isOn":          policy.IsOn,
+			"name":          policy.Name,
+			"countInbound":  countInbound,
+			"countOutbound": countOutbound,
+			"countServers":  countServers,
+		})
+	}
+
+	this.Data["policies"] = policyMaps
+
+	this.Data["page"] = page.AsHTML()
 
 	this.Show()
 }

internal/web/actions/default/servers/components/waf/init.go

@@ -14,6 +14,16 @@ func init() {
 			Helper(componentutils.NewComponentHelper()).
 			Prefix("/servers/components/waf").
 			Get("", new(IndexAction)).
+			GetPost("/createPopup", new(CreatePopupAction)).
+			Post("/delete", new(DeleteAction)).
+			Get("/policy", new(PolicyAction)).
+			Get("/groups", new(GroupsAction)).
+			Get("/sets", new(SetsAction)).
+			Get("/log", new(LogAction)).
+			GetPost("/update", new(UpdateAction)).
+			GetPost("/test", new(TestAction)).
+			GetPost("/export", new(ExportAction)).
+			GetPost("/import", new(ImportAction)).
 			EndAll()
 	})
 }

internal/web/actions/default/servers/components/waf/log.go

@@ -0,0 +1,15 @@
+package waf
+
+import "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+
+type LogAction struct {
+	actionutils.ParentAction
+}
+
+func (this *LogAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *LogAction) RunGet(params struct{}) {
+	this.Show()
+}

internal/web/actions/default/servers/components/waf/policy.go

@@ -0,0 +1,57 @@
+package waf
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/models"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type PolicyAction struct {
+	actionutils.ParentAction
+}
+
+func (this *PolicyAction) Init() {
+	this.Nav("", "", "index")
+}
+
+func (this *PolicyAction) RunGet(params struct {
+	FirewallPolicyId int64
+}) {
+	firewallPolicy, err := models.SharedHTTPFirewallPolicyDAO.FindEnabledPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if firewallPolicy == nil {
+		this.NotFound("firewallPolicy", params.FirewallPolicyId)
+		return
+	}
+
+	internalGroups := []maps.Map{}
+	if firewallPolicy.Inbound != nil {
+		for _, group := range firewallPolicy.Inbound.Groups {
+			internalGroups = append(internalGroups, maps.Map{
+				"name": group.Name,
+				"isOn": group.IsOn,
+			})
+		}
+	}
+	if firewallPolicy.Outbound != nil {
+		for _, group := range firewallPolicy.Outbound.Groups {
+			internalGroups = append(internalGroups, maps.Map{
+				"name": group.Name,
+				"isOn": group.IsOn,
+			})
+		}
+	}
+
+	this.Data["firewallPolicy"] = maps.Map{
+		"id":          firewallPolicy.Id,
+		"name":        firewallPolicy.Name,
+		"isOn":        firewallPolicy.IsOn,
+		"description": firewallPolicy.Description,
+		"groups":      internalGroups,
+	}
+
+	this.Show()
+}

internal/web/actions/default/servers/components/waf/sets.go

@@ -0,0 +1,15 @@
+package waf
+
+import "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+
+type SetsAction struct {
+	actionutils.ParentAction
+}
+
+func (this *SetsAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *SetsAction) RunGet(params struct{}) {
+	this.Show()
+}

internal/web/actions/default/servers/components/waf/test.go

@@ -0,0 +1,15 @@
+package waf
+
+import "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+
+type TestAction struct {
+	actionutils.ParentAction
+}
+
+func (this *TestAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *TestAction) RunGet(params struct{}) {
+	this.Show()
+}

internal/web/actions/default/servers/components/waf/update.go

@@ -0,0 +1,87 @@
+package waf
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/models"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type UpdateAction struct {
+	actionutils.ParentAction
+}
+
+func (this *UpdateAction) Init() {
+	this.Nav("", "", "update")
+}
+
+func (this *UpdateAction) RunGet(params struct {
+	FirewallPolicyId int64
+}) {
+	firewallPolicy, err := models.SharedHTTPFirewallPolicyDAO.FindEnabledPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if firewallPolicy == nil {
+		this.NotFound("firewallPolicy", params.FirewallPolicyId)
+		return
+	}
+	this.Data["firewallPolicy"] = maps.Map{
+		"id":          firewallPolicy.Id,
+		"name":        firewallPolicy.Name,
+		"description": firewallPolicy.Description,
+		"isOn":        firewallPolicy.IsOn,
+	}
+
+	// 预置分组
+	groups := []maps.Map{}
+	templatePolicy := firewallconfigs.HTTPFirewallTemplate()
+	for _, group := range templatePolicy.AllRuleGroups() {
+		if len(group.Code) > 0 {
+			usedGroup := firewallPolicy.FindRuleGroupWithCode(group.Code)
+			if usedGroup != nil {
+				group.IsOn = usedGroup.IsOn
+			}
+		}
+
+		groups = append(groups, maps.Map{
+			"code": group.Code,
+			"name": group.Name,
+			"isOn": group.IsOn,
+		})
+	}
+	this.Data["groups"] = groups
+
+	this.Show()
+}
+
+func (this *UpdateAction) RunPost(params struct {
+	FirewallPolicyId int64
+	Name             string
+	GroupCodes       []string
+	Description      string
+	IsOn             bool
+
+	Must *actions.Must
+}) {
+	params.Must.
+		Field("name", params.Name).
+		Require("请输入策略名称")
+
+	_, err := this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallPolicy(this.AdminContext(), &pb.UpdateHTTPFirewallPolicyRequest{
+		FirewallPolicyId:   params.FirewallPolicyId,
+		IsOn:               params.IsOn,
+		Name:               params.Name,
+		Description:        params.Description,
+		FirewallGroupCodes: params.GroupCodes,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}

internal/web/helpers/user_must_auth.go

@@ -82,14 +82,9 @@ func (this *UserMustAuth) BeforeAction(actionPtr actions.ActionWrapper, paramNam
 		},
 		{
 			"code":     "db",
-			"menuName": "数据库节点",
+			"menuName": "数据库",
 			"icon":     "database",
 		},
-		{
-			"code":     "log",
-			"menuName": "日志节点",
-			"icon":     "dot circle",
-		},
 		{
 			"code":     "dns",
 			"menuName": "DNS",

internal/web/models/http_firewall_policy_dao.go

@@ -0,0 +1,48 @@
+package models
+
+import (
+	"context"
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/rpc"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+)
+
+var SharedHTTPFirewallPolicyDAO = new(HTTPFirewallPolicyDAO)
+
+type HTTPFirewallPolicyDAO struct {
+}
+
+// 查找缓存策略基本信息
+func (this *HTTPFirewallPolicyDAO) FindEnabledPolicy(ctx context.Context, policyId int64) (*pb.HTTPFirewallPolicy, error) {
+	client, err := rpc.SharedRPC()
+	if err != nil {
+		return nil, err
+	}
+	resp, err := client.HTTPFirewallPolicyRPC().FindEnabledFirewallPolicy(ctx, &pb.FindEnabledFirewallPolicyRequest{FirewallPolicyId: policyId})
+	if err != nil {
+		return nil, err
+	}
+	return resp.FirewallPolicy, nil
+}
+
+// 查找缓存策略配置
+func (this *HTTPFirewallPolicyDAO) FindEnabledPolicyConfig(ctx context.Context, policyId int64) (*firewallconfigs.HTTPFirewallPolicy, error) {
+	client, err := rpc.SharedRPC()
+	if err != nil {
+		return nil, err
+	}
+	resp, err := client.HTTPFirewallPolicyRPC().FindEnabledFirewallPolicyConfig(ctx, &pb.FindEnabledFirewallPolicyConfigRequest{FirewallPolicyId: policyId})
+	if err != nil {
+		return nil, err
+	}
+	if len(resp.FirewallPolicyJSON) == 0 {
+		return nil, nil
+	}
+	firewallPolicy := &firewallconfigs.HTTPFirewallPolicy{}
+	err = json.Unmarshal(resp.FirewallPolicyJSON, firewallPolicy)
+	if err != nil {
+		return nil, err
+	}
+	return firewallPolicy, nil
+}

web/views/@default/@layout.html

@@ -48,10 +48,12 @@
             </a>-->
 
             <!-- 模块 -->
-            <a v-for="module in teaModules" class="item" :href="Tea.url(module.code)" :class="{active:teaMenu == module.code}">
-                <i class="window restore outline icon" v-if="module.icon == null"></i>
-                <i class="ui icon" v-if="module.icon != null" :class="module.icon"></i>
-                <span>{{module.menuName}}</span>
+            <a v-for="module in teaModules" class="item" :href="Tea.url(module.code)" :class="{active:teaMenu == module.code, separator:module.code.length == 0}">
+                <span v-if="module.code.length > 0">
+					<i class="window restore outline icon" v-if="module.icon == null"></i>
+                	<i class="ui icon" v-if="module.icon != null" :class="module.icon"></i>
+                	<span>{{module.menuName}}</span>
+				</span>
             </a>
         </div>
     </div>

web/views/@default/@layout.less

@@ -100,9 +100,11 @@ div.margin, p.margin {
 }
 
 /** 主菜单 **/
-.main-menu .ui.menu {
-	width: 9.5em !important;
-	border-radius: 0 !important;
+.main-menu {
+	.ui.menu {
+		width: 9.5em !important;
+		border-radius: 0 !important;
+	}
 }
 
 @media screen and (max-width: 512px) {

web/views/@default/servers/components/cache/@policy_menu.html

@@ -1,9 +1,9 @@
 <second-menu>
 	<menu-item href="/servers/components/cache">列表</menu-item>
 	<span class="item">|</span>
-	<menu-item  :href="'/servers/components/cache/policy?cachePolicyId=' + cachePolicyId" code="index">{{cachePolicyName}}</menu-item>
+	<menu-item :href="'/servers/components/cache/policy?cachePolicyId=' + cachePolicyId" code="index">{{cachePolicyName}}</menu-item>
 	<menu-item :href="'/servers/components/cache/test?cachePolicyId=' + cachePolicyId" code="test">测试</menu-item>
-	<menu-item  :href="'/servers/components/cache/stat?cachePolicyId=' + cachePolicyId" code="stat">统计</menu-item>
+	<menu-item :href="'/servers/components/cache/stat?cachePolicyId=' + cachePolicyId" code="stat">统计</menu-item>
 	<menu-item :href="'/servers/components/cache/clean?cachePolicyId=' + cachePolicyId" code="clean">清理</menu-item>
 	<menu-item :href="'/servers/components/cache/purge?cachePolicyId=' + cachePolicyId" code="purge">删除</menu-item>
 	<menu-item :href="'/servers/components/cache/preheat?cachePolicyId=' + cachePolicyId" code="preheat">预热</menu-item>

web/views/@default/servers/components/waf/@waf_menu.html

@@ -0,0 +1,13 @@
+<second-menu>
+	<menu-item href="/servers/components/waf">列表</menu-item>
+	<span class="item">|</span>
+	<menu-item :href="'/servers/components/waf/policy?firewallPolicyId=' + firewallPolicyId" code="index">{{firewallPolicyName}}</menu-item>
+	<menu-item :href="'/servers/components/waf/groups?type=firewallPolicyId=' + firewallPolicyId + '&type=inbound'" code="inbound">入站规则集({{countInboundGroups}})</menu-item>
+	<menu-item :href="'/servers/components/waf/groups?firewallPolicyId=' + firewallPolicyId + '&type=outbound'" code="outbound">出站规则集({{countOutboundGroups}})</menu-item>
+	<menu-item :href="'/servers/components/waf/ipadmin?firewallPolicyId=' + firewallPolicyId" code="ipadmin">IP管理</menu-item>
+	<menu-item :href="'/servers/components/waf/log?firewallPolicyId=' + firewallPolicyId" code="log">拦截日志</menu-item>
+	<menu-item :href="'/servers/components/waf/test?firewallPolicyId=' + firewallPolicyId" code="test">测试</menu-item>
+	<menu-item :href="'/servers/components/waf/import?firewallPolicyId=' + firewallPolicyId" code="import">导入</menu-item>
+	<menu-item :href="'/servers/components/waf/export?firewallPolicyId=' + firewallPolicyId" code="export">导出</menu-item>
+	<menu-item :href="'/servers/components/waf/update?firewallPolicyId=' + firewallPolicyId" code="update">修改</menu-item>
+</second-menu>

web/views/@default/servers/components/waf/createPopup.html

@@ -0,0 +1,44 @@
+{$layout "layout_popup"}
+
+<form class="ui form" data-tea-action="$" data-tea-success="success">
+	 <table class="ui table definition selectable">
+		<tr>
+			<td class="title">策略名称 *</td>
+			<td>
+				<input type="text" name="name" maxlength="100" ref="focus"/>
+				<p class="comment">给策略起一个容易识别的名字。</p>
+			</td>
+		</tr>
+		 <tr>
+			 <td>启用预置的规则</td>
+			 <td>
+				 <div class="ui checkbox" v-for="group in groups" style="width:10em;margin-bottom:0.5em">
+					 <input type="checkbox" name="groupCodes" :value="group.code" :id="'group-checkbox-' + group.code" v-model="group.isOn"/>
+					 <label :for="'group-checkbox-' + group.code">{{group.name}}</label>
+				 </div>
+				 <p class="comment">可以启用一些我们预置的规则组。</p>
+			 </td>
+		 </tr>
+		 <tr>
+			 <td colspan="2"><more-options-indicator></more-options-indicator></td>
+		 </tr>
+		 <tbody v-show="moreOptionsVisible">
+		 	<tr>
+				<td>描述</td>
+				<td>
+					<textarea name="description" rows="3"></textarea>
+				</td>
+			</tr>
+		 	<tr>
+				<td>是否启用</td>
+				<td>
+					<div class="ui checkbox">
+						<input type="checkbox" name="isOn" value="1" checked="checked"/>
+						<label></label>
+					</div>
+				</td>
+			</tr>
+		 </tbody>
+	 </table>
+	<submit-btn></submit-btn>
+</form>

web/views/@default/servers/components/waf/createPopup.js

@@ -0,0 +1,3 @@
+Tea.context(function () {
+	this.success = NotifyPopup
+})

web/views/@default/servers/components/waf/index.html

@@ -2,5 +2,37 @@
 {$template "/left_menu"}
 
 <div class="right-box">
-	<p class="ui message">此功能暂未开放敬请期待。</p>
+	<second-menu>
+		<menu-item href="/servers/components/waf" code="index">列表</menu-item>
+		<span class="item">|</span>
+		<a href="" class="item" @click.prevent="createPolicy()">[创建]</a>
+	</second-menu>
+
+	<p class="comment" v-if="policies.length == 0">暂时还没有WAF策略。</p>
+
+	<table class="ui table selectable" v-if="policies.length > 0">
+		<thead>
+			<tr>
+				<th>策略名称</th>
+				<th>入站规则分组</th>
+				<th>出站规则分组</th>
+				<th>引用服务</th>
+				<th class="two wide">状态</th>
+				<th class="two op">操作</th>
+			</tr>
+		</thead>
+		<tr v-for="policy in policies">
+			<td>{{policy.name}}</td>
+			<td>{{policy.countInbound}}</td>
+			<td>{{policy.countOutbound}}</td>
+			<td>{{policy.countServers}}</td>
+			<td><label-on :v-is-on="policy.isOn"></label-on></td>
+			<td>
+				<a :href="'/servers/components/waf/policy?firewallPolicyId=' + policy.id">详情</a> &nbsp;
+				<a href="" @click.prevent="deletePolicy(policy.id)">删除</a>
+			</td>
+		</tr>
+	</table>
+
+	<div class="page" v-html="page"></div>
 </div>

web/views/@default/servers/components/waf/index.js

@@ -0,0 +1,25 @@
+Tea.context(function () {
+	// 创建策略
+	this.createPolicy = function () {
+		teaweb.popup("/servers/components/waf/createPopup", {
+			height: "27em",
+			callback: function () {
+				teaweb.success("保存成功", function () {
+					window.location.reload()
+				})
+			}
+		})
+	}
+
+	// 删除策略
+	this.deletePolicy = function (policyId) {
+		let that = this
+		teaweb.confirm("确定要删除此WAF策略吗？", function () {
+			that.$post("/servers/components/waf/delete")
+				.params({
+					firewallPolicyId: policyId
+				})
+				.refresh()
+		})
+	}
+})

web/views/@default/servers/components/waf/policy.html

@@ -0,0 +1,32 @@
+{$layout}
+{$template "/left_menu"}
+
+<div class="right-box">
+	{$template "waf_menu"}
+
+	<table class="ui table definition selectable">
+		<tr>
+			<td class="title">策略名称</td>
+			<td>{{firewallPolicy.name}}</td>
+		</tr>
+		<tr>
+			<td>是否启用</td>
+			<td>
+				<label-on :v-is-on="firewallPolicy.isOn"></label-on>
+			</td>
+		</tr>
+		<tr>
+			<td>预置的规则分组</td>
+			<td>
+				<span class="ui label tiny" v-for="group in firewallPolicy.groups" style="margin-bottom:0.5em" :class="{disabled:!group.isOn}">{{group.name}}</span>
+			</td>
+		</tr>
+		<tr>
+			<td>描述</td>
+			<td>
+				<span v-if="firewallPolicy.description.length > 0">{{firewallPolicy.description}}</span>
+				<span v-else class="disabled">暂时还没有描述。</span>
+			</td>
+		</tr>
+	</table>
+</div>

web/views/@default/servers/components/waf/update.html

@@ -0,0 +1,50 @@
+{$layout}
+{$template "/left_menu"}
+
+<div class="right-box">
+	{$template "waf_menu"}
+
+	<form class="ui form" data-tea-action="$" data-tea-success="success">
+		<input type="hidden" name="firewallPolicyId" :value="firewallPolicyId"/>
+		<table class="ui table definition selectable">
+			<tr>
+				<td class="title">策略名称 *</td>
+				<td>
+					<input type="text" name="name" maxlength="100" ref="focus" v-model="firewallPolicy.name"/>
+					<p class="comment">给策略起一个容易识别的名字。</p>
+				</td>
+			</tr>
+			<tr>
+				<td>启用预置的规则</td>
+				<td>
+					<div class="ui checkbox" v-for="group in groups" style="width:10em;margin-bottom:0.5em">
+						<input type="checkbox" name="groupCodes" :value="group.code" :id="'group-checkbox-' + group.code" v-model="group.isOn"/>
+						<label :for="'group-checkbox-' + group.code">{{group.name}}</label>
+					</div>
+					<p class="comment">可以启用一些我们预置的规则组。</p>
+				</td>
+			</tr>
+			<tr>
+				<td colspan="2"><more-options-indicator></more-options-indicator></td>
+			</tr>
+			<tbody v-show="moreOptionsVisible">
+			<tr>
+				<td>描述</td>
+				<td>
+					<textarea name="description" rows="3" v-model="firewallPolicy.description"></textarea>
+				</td>
+			</tr>
+			<tr>
+				<td>是否启用</td>
+				<td>
+					<div class="ui checkbox">
+						<input type="checkbox" name="isOn" value="1" v-model="firewallPolicy.isOn"/>
+						<label></label>
+					</div>
+				</td>
+			</tr>
+			</tbody>
+		</table>
+		<submit-btn></submit-btn>
+	</form>
+</div>

web/views/@default/servers/components/waf/update.js

@@ -0,0 +1,3 @@
+Tea.context(function () {
+	this.success = NotifySuccess("保存成功", "/servers/components/waf/policy?firewallPolicyId=" + this.firewallPolicyId)
+})