实现WAF部分功能

2025-12-07 21:50:25 +08:00 · 2020-10-07 11:18:07 +08:00
parent 088b2b36a6
commit 62b9ab9f5d
23 changed files with 559 additions and 9 deletions
--- a/internal/web/actions/default/servers/components/waf/createGroupPopup.go
+++ b/internal/web/actions/default/servers/components/waf/createGroupPopup.go
@@ -0,0 +1,98 @@
+package waf
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/models"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/actions"
+)
+
+type CreateGroupPopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *CreateGroupPopupAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *CreateGroupPopupAction) RunGet(params struct {
+	Type string
+}) {
+	this.Data["type"] = params.Type
+
+	this.Show()
+}
+
+func (this *CreateGroupPopupAction) RunPost(params struct {
+	FirewallPolicyId int64
+	Type             string
+
+	Name        string
+	Description string
+	IsOn        bool
+
+	Must *actions.Must
+}) {
+	firewallPolicy, err := models.SharedHTTPFirewallPolicyDAO.FindEnabledPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	if firewallPolicy == nil {
+		this.NotFound("firewallPolicy", params.FirewallPolicyId)
+	}
+
+	params.Must.
+		Field("name", params.Name).
+		Require("请输入分组名称")
+
+	createResp, err := this.RPC().HTTPFirewallRuleGroupRPC().CreateHTTPFirewallRuleGroup(this.AdminContext(), &pb.CreateHTTPFirewallRuleGroupRequest{
+		IsOn:        params.IsOn,
+		Name:        params.Name,
+		Description: params.Description,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	groupId := createResp.FirewallRuleGroupId
+
+	switch params.Type {
+	case "inbound":
+		firewallPolicy.Inbound.GroupRefs = append(firewallPolicy.Inbound.GroupRefs, &firewallconfigs.HTTPFirewallRuleGroupRef{
+			IsOn:    true,
+			GroupId: groupId,
+		})
+	default:
+		firewallPolicy.Outbound.GroupRefs = append(firewallPolicy.Outbound.GroupRefs, &firewallconfigs.HTTPFirewallRuleGroupRef{
+			IsOn:    true,
+			GroupId: groupId,
+		})
+	}
+
+	inboundJSON, err := firewallPolicy.InboundJSON()
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	outboundJSON, err := firewallPolicy.OutboundJSON()
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	_, err = this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallPolicyGroups(this.AdminContext(), &pb.UpdateHTTPFirewallPolicyGroupsRequest{
+		FirewallPolicyId: params.FirewallPolicyId,
+		InboundJSON:      inboundJSON,
+		OutboundJSON:     outboundJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/components/waf/deleteGroup.go
+++ b/internal/web/actions/default/servers/components/waf/deleteGroup.go
@@ -0,0 +1,52 @@
+package waf
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/models"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+)
+
+type DeleteGroupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *DeleteGroupAction) RunPost(params struct {
+	FirewallPolicyId int64
+	GroupId          int64
+}) {
+	firewallPolicy, err := models.SharedHTTPFirewallPolicyDAO.FindEnabledPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	if firewallPolicy == nil {
+		this.NotFound("firewallPolicy", params.FirewallPolicyId)
+		return
+	}
+	firewallPolicy.RemoveRuleGroup(params.GroupId)
+
+	inboundJSON, err := firewallPolicy.InboundJSON()
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	outboundJSON, err := firewallPolicy.OutboundJSON()
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	_, err = this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallPolicyGroups(this.AdminContext(), &pb.UpdateHTTPFirewallPolicyGroupsRequest{
+		FirewallPolicyId: params.FirewallPolicyId,
+		InboundJSON:      inboundJSON,
+		OutboundJSON:     outboundJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/components/waf/export.go
+++ b/internal/web/actions/default/servers/components/waf/export.go
@@ -7,7 +7,7 @@ type ExportAction struct {
 }

 func (this *ExportAction) Init() {
-	this.Nav("", "", "")
+	this.Nav("", "", "export")
 }

 func (this *ExportAction) RunGet(params struct{}) {
--- a/internal/web/actions/default/servers/components/waf/groups.go
+++ b/internal/web/actions/default/servers/components/waf/groups.go
@@ -1,15 +1,72 @@
 package waf

-import "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/models"
+	"github.com/iwind/TeaGo/maps"
+)

 type GroupsAction struct {
 	actionutils.ParentAction
 }

 func (this *GroupsAction) Init() {
-	this.Nav("", "", "")
+	this.Nav("", "", this.ParamString("type"))
 }

-func (this *GroupsAction) RunGet(params struct{}) {
+func (this *GroupsAction) RunGet(params struct {
+	FirewallPolicyId int64
+	Type             string
+}) {
+	this.Data["type"] = params.Type
+
+	firewallPolicy, err := models.SharedHTTPFirewallPolicyDAO.FindEnabledPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if firewallPolicy == nil {
+		this.NotFound("firewallPolicy", params.FirewallPolicyId)
+		return
+	}
+
+	groupMaps := []maps.Map{}
+
+	// inbound
+	if params.Type == "inbound" {
+		if firewallPolicy.Inbound != nil {
+			for _, g := range firewallPolicy.Inbound.Groups {
+				groupMaps = append(groupMaps, maps.Map{
+					"id":          g.Id,
+					"name":        g.Name,
+					"code":        g.Code,
+					"isOn":        g.IsOn,
+					"description": g.Description,
+					"countSets":   len(g.Sets),
+					"canDelete":   len(g.Code) == 0,
+				})
+			}
+		}
+	}
+
+	// outbound
+	if params.Type == "outbound" {
+		if firewallPolicy.Outbound != nil {
+			for _, g := range firewallPolicy.Outbound.Groups {
+				groupMaps = append(groupMaps, maps.Map{
+					"id":          g.Id,
+					"name":        g.Name,
+					"code":        g.Code,
+					"isOn":        g.IsOn,
+					"description": g.Description,
+					"countSets":   len(g.Sets),
+					"canDelete":   len(g.Code) == 0,
+				})
+			}
+		}
+	}
+
+	this.Data["groups"] = groupMaps
+
 	this.Show()
 }
--- a/internal/web/actions/default/servers/components/waf/import.go
+++ b/internal/web/actions/default/servers/components/waf/import.go
@@ -7,7 +7,7 @@ type ImportAction struct {
 }

 func (this *ImportAction) Init() {
-	this.Nav("", "", "")
+	this.Nav("", "", "import")
 }

 func (this *ImportAction) RunGet(params struct{}) {
--- a/internal/web/actions/default/servers/components/waf/init.go
+++ b/internal/web/actions/default/servers/components/waf/init.go
@@ -24,6 +24,11 @@ func init() {
 			GetPost("/test", new(TestAction)).
 			GetPost("/export", new(ExportAction)).
 			GetPost("/import", new(ImportAction)).
+			Post("/updateGroupOn", new(UpdateGroupOnAction)).
+			Post("/deleteGroup", new(DeleteGroupAction)).
+			GetPost("/ipadmin", new(IpadminAction)).
+			GetPost("/createGroupPopup", new(CreateGroupPopupAction)).
+			Post("/sortGroups", new(SortGroupsAction)).
 			EndAll()
 	})
 }
--- a/internal/web/actions/default/servers/components/waf/ipadmin.go
+++ b/internal/web/actions/default/servers/components/waf/ipadmin.go
@@ -0,0 +1,15 @@
+package waf
+
+import "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+
+type IpadminAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IpadminAction) Init() {
+	this.Nav("", "", "ipadmin")
+}
+
+func (this *IpadminAction) RunGet(params struct{}) {
+	this.Show()
+}
--- a/internal/web/actions/default/servers/components/waf/log.go
+++ b/internal/web/actions/default/servers/components/waf/log.go
@@ -7,7 +7,7 @@ type LogAction struct {
 }

 func (this *LogAction) Init() {
-	this.Nav("", "", "")
+	this.Nav("", "", "log")
 }

 func (this *LogAction) RunGet(params struct{}) {
--- a/internal/web/actions/default/servers/components/waf/sortGroups.go
+++ b/internal/web/actions/default/servers/components/waf/sortGroups.go
@@ -0,0 +1,82 @@
+package waf
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/models"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+)
+
+type SortGroupsAction struct {
+	actionutils.ParentAction
+}
+
+func (this *SortGroupsAction) RunPost(params struct {
+	FirewallPolicyId int64
+	Type             string
+	GroupIds         []int64
+}) {
+	firewallPolicy, err := models.SharedHTTPFirewallPolicyDAO.FindEnabledPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	if firewallPolicy == nil {
+		this.NotFound("firewallPolicy", params.FirewallPolicyId)
+		return
+	}
+
+	switch params.Type {
+	case "inbound":
+		refMapping := map[int64]*firewallconfigs.HTTPFirewallRuleGroupRef{}
+		for _, ref := range firewallPolicy.Inbound.GroupRefs {
+			refMapping[ref.GroupId] = ref
+		}
+		newRefs := []*firewallconfigs.HTTPFirewallRuleGroupRef{}
+		for _, groupId := range params.GroupIds {
+			ref, ok := refMapping[groupId]
+			if ok {
+				newRefs = append(newRefs, ref)
+			}
+		}
+		firewallPolicy.Inbound.GroupRefs = newRefs
+	case "outbound":
+		refMapping := map[int64]*firewallconfigs.HTTPFirewallRuleGroupRef{}
+		for _, ref := range firewallPolicy.Outbound.GroupRefs {
+			refMapping[ref.GroupId] = ref
+		}
+		newRefs := []*firewallconfigs.HTTPFirewallRuleGroupRef{}
+		for _, groupId := range params.GroupIds {
+			ref, ok := refMapping[groupId]
+			if ok {
+				newRefs = append(newRefs, ref)
+			}
+		}
+		firewallPolicy.Outbound.GroupRefs = newRefs
+	}
+
+	inboundJSON, err := firewallPolicy.InboundJSON()
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	outboundJSON, err := firewallPolicy.OutboundJSON()
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	_, err = this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallPolicyGroups(this.AdminContext(), &pb.UpdateHTTPFirewallPolicyGroupsRequest{
+		FirewallPolicyId: params.FirewallPolicyId,
+		InboundJSON:      inboundJSON,
+		OutboundJSON:     outboundJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/components/waf/test.go
+++ b/internal/web/actions/default/servers/components/waf/test.go
@@ -7,7 +7,7 @@ type TestAction struct {
 }

 func (this *TestAction) Init() {
-	this.Nav("", "", "")
+	this.Nav("", "", "test")
 }

 func (this *TestAction) RunGet(params struct{}) {
--- a/internal/web/actions/default/servers/components/waf/updateGroupOn.go
+++ b/internal/web/actions/default/servers/components/waf/updateGroupOn.go
@@ -0,0 +1,26 @@
+package waf
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+)
+
+type UpdateGroupOnAction struct {
+	actionutils.ParentAction
+}
+
+func (this *UpdateGroupOnAction) RunPost(params struct {
+	GroupId int64
+	IsOn    bool
+}) {
+	_, err := this.RPC().HTTPFirewallRuleGroupRPC().UpdateHTTPFirewallRuleGroupIsOn(this.AdminContext(), &pb.UpdateHTTPFirewallRuleGroupIsOnRequest{
+		FirewallRuleGroupId: params.GroupId,
+		IsOn:                params.IsOn,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}