集群可以设置默认的WAF策略、缓存策略

2026-05-20 04:05:19 +08:00 · 2020-12-17 15:50:44 +08:00
parent 5c4d3c31f0
commit 65384082f7
100 changed files with 1172 additions and 488 deletions
--- a/internal/web/actions/default/servers/components/waf/count.go
+++ b/internal/web/actions/default/servers/components/waf/count.go
@@ -0,0 +1,21 @@
+package waf
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+)
+
+type CountAction struct {
+	actionutils.ParentAction
+}
+
+func (this *CountAction) RunPost(params struct{}) {
+	countResp, err := this.RPC().HTTPFirewallPolicyRPC().CountAllEnabledHTTPFirewallPolicies(this.AdminContext(), &pb.CountAllEnabledHTTPFirewallPoliciesRequest{})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["count"] = countResp.Count
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/components/waf/createGroupPopup.go
+++ b/internal/web/actions/default/servers/components/waf/createGroupPopup.go
@@ -86,9 +86,9 @@ func (this *CreateGroupPopupAction) RunPost(params struct {
 	}

 	_, err = this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallPolicyGroups(this.AdminContext(), &pb.UpdateHTTPFirewallPolicyGroupsRequest{
-		FirewallPolicyId: params.FirewallPolicyId,
-		InboundJSON:      inboundJSON,
-		OutboundJSON:     outboundJSON,
+		HttpFirewallPolicyId: params.FirewallPolicyId,
+		InboundJSON:          inboundJSON,
+		OutboundJSON:         outboundJSON,
 	})
 	if err != nil {
 		this.ErrorPage(err)
--- a/internal/web/actions/default/servers/components/waf/createPopup.go
+++ b/internal/web/actions/default/servers/components/waf/createPopup.go
@@ -46,18 +46,25 @@ func (this *CreatePopupAction) RunPost(params struct {
 		Require("请输入策略名称")

 	createResp, err := this.RPC().HTTPFirewallPolicyRPC().CreateHTTPFirewallPolicy(this.AdminContext(), &pb.CreateHTTPFirewallPolicyRequest{
-		IsOn:               params.IsOn,
-		Name:               params.Name,
-		Description:        params.Description,
-		FirewallGroupCodes: params.GroupCodes,
+		IsOn:                   params.IsOn,
+		Name:                   params.Name,
+		Description:            params.Description,
+		HttpFirewallGroupCodes: params.GroupCodes,
 	})
 	if err != nil {
 		this.ErrorPage(err)
 		return
 	}

+	// 返回数据
+	this.Data["firewallPolicy"] = maps.Map{
+		"id":          createResp.HttpFirewallPolicyId,
+		"name":        params.Name,
+		"description": params.Description,
+	}
+
 	// 日志
-	defer this.CreateLog(oplogs.LevelInfo, "创建WAF策略 %d", createResp.FirewallPolicyId)
+	defer this.CreateLog(oplogs.LevelInfo, "创建WAF策略 %d", createResp.HttpFirewallPolicyId)

 	this.Success()
 }
--- a/internal/web/actions/default/servers/components/waf/delete.go
+++ b/internal/web/actions/default/servers/components/waf/delete.go
@@ -16,22 +16,20 @@ func (this *DeleteAction) RunPost(params struct {
 	// 日志
 	defer this.CreateLog(oplogs.LevelInfo, "删除WAF策略 %d", params.FirewallPolicyId)

-	countResp, err := this.RPC().ServerRPC().CountAllEnabledServersWithHTTPFirewallPolicyId(this.AdminContext(), &pb.CountAllEnabledServersWithHTTPFirewallPolicyIdRequest{FirewallPolicyId: params.FirewallPolicyId})
+	countResp, err := this.RPC().NodeClusterRPC().CountAllEnabledNodeClustersWithHTTPFirewallPolicyId(this.AdminContext(), &pb.CountAllEnabledNodeClustersWithHTTPFirewallPolicyIdRequest{HttpFirewallPolicyId: params.FirewallPolicyId})
 	if err != nil {
 		this.ErrorPage(err)
 		return
 	}
 	if countResp.Count > 0 {
-		this.Fail("此WAF策略正在被有些服务引用，请修改后再删除。")
+		this.Fail("此WAF策略正在被有些集群引用，请修改后再删除。")
 	}

-	_, err = this.RPC().HTTPFirewallPolicyRPC().DeleteFirewallPolicy(this.AdminContext(), &pb.DeleteFirewallPolicyRequest{FirewallPolicyId: params.FirewallPolicyId})
+	_, err = this.RPC().HTTPFirewallPolicyRPC().DeleteHTTPFirewallPolicy(this.AdminContext(), &pb.DeleteHTTPFirewallPolicyRequest{HttpFirewallPolicyId: params.FirewallPolicyId})
 	if err != nil {
 		this.ErrorPage(err)
 		return
 	}

-
-
 	this.Success()
 }
--- a/internal/web/actions/default/servers/components/waf/deleteGroup.go
+++ b/internal/web/actions/default/servers/components/waf/deleteGroup.go
@@ -43,9 +43,9 @@ func (this *DeleteGroupAction) RunPost(params struct {
 	}

 	_, err = this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallPolicyGroups(this.AdminContext(), &pb.UpdateHTTPFirewallPolicyGroupsRequest{
-		FirewallPolicyId: params.FirewallPolicyId,
-		InboundJSON:      inboundJSON,
-		OutboundJSON:     outboundJSON,
+		HttpFirewallPolicyId: params.FirewallPolicyId,
+		InboundJSON:          inboundJSON,
+		OutboundJSON:         outboundJSON,
 	})
 	if err != nil {
 		this.ErrorPage(err)
--- a/internal/web/actions/default/servers/components/waf/helper.go
+++ b/internal/web/actions/default/servers/components/waf/helper.go
@@ -33,7 +33,7 @@ func (this *Helper) BeforeAction(actionPtr actions.ActionWrapper) (goNext bool)
 		action.Data["countOutboundGroups"] = 0
 		parentAction := actionutils.FindParentAction(actionPtr)
 		if parentAction != nil {
-			firewallPolicy, err := models.SharedHTTPFirewallPolicyDAO.FindEnabledPolicy(parentAction.AdminContext(), firewallPolicyId)
+			firewallPolicy, err := models.SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicy(parentAction.AdminContext(), firewallPolicyId)
 			if err != nil {
 				parentAction.ErrorPage(err)
 				return
--- a/internal/web/actions/default/servers/components/waf/import.go
+++ b/internal/web/actions/default/servers/components/waf/import.go
@@ -48,8 +48,8 @@ func (this *ImportAction) RunPost(params struct {
 	}

 	_, err = this.RPC().HTTPFirewallPolicyRPC().ImportHTTPFirewallPolicy(this.AdminContext(), &pb.ImportHTTPFirewallPolicyRequest{
-		FirewallPolicyId:   params.FirewallPolicyId,
-		FirewallPolicyJSON: data,
+		HttpFirewallPolicyId:   params.FirewallPolicyId,
+		HttpFirewallPolicyJSON: data,
 	})
 	if err != nil {
 		this.Fail("导入失败：" + err.Error())
--- a/internal/web/actions/default/servers/components/waf/index.go
+++ b/internal/web/actions/default/servers/components/waf/index.go
@@ -17,7 +17,7 @@ func (this *IndexAction) Init() {
 }

 func (this *IndexAction) RunGet(params struct{}) {
-	countResp, err := this.RPC().HTTPFirewallPolicyRPC().CountAllEnabledFirewallPolicies(this.AdminContext(), &pb.CountAllEnabledFirewallPoliciesRequest{})
+	countResp, err := this.RPC().HTTPFirewallPolicyRPC().CountAllEnabledHTTPFirewallPolicies(this.AdminContext(), &pb.CountAllEnabledHTTPFirewallPoliciesRequest{})
 	if err != nil {
 		this.ErrorPage(err)
 		return
@@ -25,7 +25,7 @@ func (this *IndexAction) RunGet(params struct{}) {
 	count := countResp.Count
 	page := this.NewPage(count)

-	listResp, err := this.RPC().HTTPFirewallPolicyRPC().ListEnabledFirewallPolicies(this.AdminContext(), &pb.ListEnabledFirewallPoliciesRequest{
+	listResp, err := this.RPC().HTTPFirewallPolicyRPC().ListEnabledHTTPFirewallPolicies(this.AdminContext(), &pb.ListEnabledHTTPFirewallPoliciesRequest{
 		Offset: page.Offset,
 		Size:   page.Size,
 	})
@@ -34,7 +34,7 @@ func (this *IndexAction) RunGet(params struct{}) {
 		return
 	}
 	policyMaps := []maps.Map{}
-	for _, policy := range listResp.FirewallPolicies {
+	for _, policy := range listResp.HttpFirewallPolicies {
 		countInbound := 0
 		countOutbound := 0
 		if len(policy.InboundJSON) > 0 {
@@ -56,12 +56,12 @@ func (this *IndexAction) RunGet(params struct{}) {
 			countOutbound = len(outboundConfig.GroupRefs)
 		}

-		countServersResp, err := this.RPC().ServerRPC().CountAllEnabledServersWithHTTPFirewallPolicyId(this.AdminContext(), &pb.CountAllEnabledServersWithHTTPFirewallPolicyIdRequest{FirewallPolicyId: policy.Id})
+		countClustersResp, err := this.RPC().NodeClusterRPC().CountAllEnabledNodeClustersWithHTTPFirewallPolicyId(this.AdminContext(), &pb.CountAllEnabledNodeClustersWithHTTPFirewallPolicyIdRequest{HttpFirewallPolicyId: policy.Id})
 		if err != nil {
 			this.ErrorPage(err)
 			return
 		}
-		countServers := countServersResp.Count
+		countClusters := countClustersResp.Count

 		policyMaps = append(policyMaps, maps.Map{
 			"id":            policy.Id,
@@ -69,7 +69,7 @@ func (this *IndexAction) RunGet(params struct{}) {
 			"name":          policy.Name,
 			"countInbound":  countInbound,
 			"countOutbound": countOutbound,
-			"countServers":  countServers,
+			"countClusters": countClusters,
 		})
 	}

--- a/internal/web/actions/default/servers/components/waf/init.go
+++ b/internal/web/actions/default/servers/components/waf/init.go
@@ -38,6 +38,8 @@ func init() {
 			Post("/updateSetOn", new(UpdateSetOnAction)).
 			Post("/deleteSet", new(DeleteSetAction)).
 			GetPost("/updateSetPopup", new(UpdateSetPopupAction)).
+			Post("/count", new(CountAction)).
+			Get("/selectPopup", new(SelectPopupAction)).

 			// IP管理
 			GetPost("/ipadmin", new(ipadmin.IndexAction)).
--- a/internal/web/actions/default/servers/components/waf/ipadmin/index.go
+++ b/internal/web/actions/default/servers/components/waf/ipadmin/index.go
@@ -96,8 +96,8 @@ func (this *IndexAction) RunPost(params struct {
 	}

 	_, err = this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallInboundConfig(this.AdminContext(), &pb.UpdateHTTPFirewallInboundConfigRequest{
-		FirewallPolicyId: params.FirewallPolicyId,
-		InboundJSON:      inboundJSON,
+		HttpFirewallPolicyId: params.FirewallPolicyId,
+		InboundJSON:          inboundJSON,
 	})
 	if err != nil {
 		this.ErrorPage(err)
--- a/internal/web/actions/default/servers/components/waf/ipadmin/ipadminutils/utils.go
+++ b/internal/web/actions/default/servers/components/waf/ipadmin/ipadminutils/utils.go
@@ -6,7 +6,6 @@ import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/nodes/nodeutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/messageconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
-	"github.com/iwind/TeaGo/lists"
 )

 // 通知使用此WAF策略的集群更新
@@ -15,18 +14,12 @@ func NotifyUpdateToClustersWithFirewallPolicyId(ctx context.Context, firewallPol
 	if err != nil {
 		return err
 	}
-	resp, err := client.ServerRPC().FindAllEnabledServersWithHTTPFirewallPolicyId(ctx, &pb.FindAllEnabledServersWithHTTPFirewallPolicyIdRequest{FirewallPolicyId: firewallPolicyId})
+	resp, err := client.NodeClusterRPC().FindAllEnabledNodeClustersWithHTTPFirewallPolicyId(ctx, &pb.FindAllEnabledNodeClustersWithHTTPFirewallPolicyIdRequest{HttpFirewallPolicyId: firewallPolicyId})
 	if err != nil {
 		return err
 	}
-	clusterIds := []int64{}
-	for _, server := range resp.Servers {
-		if !lists.ContainsInt64(clusterIds, server.Cluster.Id) {
-			clusterIds = append(clusterIds, server.Cluster.Id)
-		}
-	}
-	for _, clusterId := range clusterIds {
-		_, err = nodeutils.SendMessageToCluster(ctx, clusterId, messageconfigs.MessageCodeIPListChanged, &messageconfigs.IPListChangedMessage{}, 3)
+	for _, cluster := range resp.NodeClusters {
+		_, err = nodeutils.SendMessageToCluster(ctx, cluster.Id, messageconfigs.MessageCodeIPListChanged, &messageconfigs.IPListChangedMessage{}, 3)
 		if err != nil {
 			return err
 		}
--- a/internal/web/actions/default/servers/components/waf/ipadmin/provinces.go
+++ b/internal/web/actions/default/servers/components/waf/ipadmin/provinces.go
@@ -98,8 +98,8 @@ func (this *ProvincesAction) RunPost(params struct {
 	}

 	_, err = this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallInboundConfig(this.AdminContext(), &pb.UpdateHTTPFirewallInboundConfigRequest{
-		FirewallPolicyId: params.FirewallPolicyId,
-		InboundJSON:      inboundJSON,
+		HttpFirewallPolicyId: params.FirewallPolicyId,
+		InboundJSON:          inboundJSON,
 	})
 	if err != nil {
 		this.ErrorPage(err)
--- a/internal/web/actions/default/servers/components/waf/log.go
+++ b/internal/web/actions/default/servers/components/waf/log.go
@@ -83,15 +83,15 @@ func (this *LogAction) RunGet(params struct {
 	}

 	// 所有分组
-	policyResp, err := this.RPC().HTTPFirewallPolicyRPC().FindEnabledFirewallPolicyConfig(this.AdminContext(), &pb.FindEnabledFirewallPolicyConfigRequest{
-		FirewallPolicyId: params.FirewallPolicyId,
+	policyResp, err := this.RPC().HTTPFirewallPolicyRPC().FindEnabledHTTPFirewallPolicyConfig(this.AdminContext(), &pb.FindEnabledHTTPFirewallPolicyConfigRequest{
+		HttpFirewallPolicyId: params.FirewallPolicyId,
 	})
 	if err != nil {
 		this.ErrorPage(err)
 		return
 	}
 	policyConfig := &firewallconfigs.HTTPFirewallPolicy{}
-	err = json.Unmarshal(policyResp.FirewallPolicyJSON, policyConfig)
+	err = json.Unmarshal(policyResp.HttpFirewallPolicyJSON, policyConfig)
 	if err != nil {
 		this.ErrorPage(err)
 		return
--- a/internal/web/actions/default/servers/components/waf/policy.go
+++ b/internal/web/actions/default/servers/components/waf/policy.go
@@ -55,20 +55,20 @@ func (this *PolicyAction) RunGet(params struct {
 		"blockOptions": firewallPolicy.BlockOptions,
 	}

-	// 正在使用此策略的服务
-	listServersResp, err := this.RPC().ServerRPC().FindAllEnabledServersWithHTTPFirewallPolicyId(this.AdminContext(), &pb.FindAllEnabledServersWithHTTPFirewallPolicyIdRequest{FirewallPolicyId: params.FirewallPolicyId})
+	// 正在使用此策略的集群
+	clustersResp, err := this.RPC().NodeClusterRPC().FindAllEnabledNodeClustersWithHTTPFirewallPolicyId(this.AdminContext(), &pb.FindAllEnabledNodeClustersWithHTTPFirewallPolicyIdRequest{HttpFirewallPolicyId: params.FirewallPolicyId})
 	if err != nil {
 		this.ErrorPage(err)
 		return
 	}
-	serverMaps := []maps.Map{}
-	for _, server := range listServersResp.Servers {
-		serverMaps = append(serverMaps, maps.Map{
-			"id":   server.Id,
-			"name": server.Name,
+	clusterMaps := []maps.Map{}
+	for _, cluster := range clustersResp.NodeClusters {
+		clusterMaps = append(clusterMaps, maps.Map{
+			"id":   cluster.Id,
+			"name": cluster.Name,
 		})
 	}
-	this.Data["servers"] = serverMaps
+	this.Data["clusters"] = clusterMaps

 	this.Show()
 }
--- a/internal/web/actions/default/servers/components/waf/selectPopup.go
+++ b/internal/web/actions/default/servers/components/waf/selectPopup.go
@@ -0,0 +1,73 @@
+package waf
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type SelectPopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *SelectPopupAction) Init() {
+	this.FirstMenu("index")
+}
+
+func (this *SelectPopupAction) RunGet(params struct{}) {
+	countResp, err := this.RPC().HTTPFirewallPolicyRPC().CountAllEnabledHTTPFirewallPolicies(this.AdminContext(), &pb.CountAllEnabledHTTPFirewallPoliciesRequest{})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	count := countResp.Count
+	page := this.NewPage(count)
+
+	listResp, err := this.RPC().HTTPFirewallPolicyRPC().ListEnabledHTTPFirewallPolicies(this.AdminContext(), &pb.ListEnabledHTTPFirewallPoliciesRequest{
+		Offset: page.Offset,
+		Size:   page.Size,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	policyMaps := []maps.Map{}
+	for _, policy := range listResp.HttpFirewallPolicies {
+		countInbound := 0
+		countOutbound := 0
+		if len(policy.InboundJSON) > 0 {
+			inboundConfig := &firewallconfigs.HTTPFirewallInboundConfig{}
+			err = json.Unmarshal(policy.InboundJSON, inboundConfig)
+			if err != nil {
+				this.ErrorPage(err)
+				return
+			}
+			countInbound = len(inboundConfig.GroupRefs)
+		}
+		if len(policy.OutboundJSON) > 0 {
+			outboundConfig := &firewallconfigs.HTTPFirewallInboundConfig{}
+			err = json.Unmarshal(policy.OutboundJSON, outboundConfig)
+			if err != nil {
+				this.ErrorPage(err)
+				return
+			}
+			countOutbound = len(outboundConfig.GroupRefs)
+		}
+
+		policyMaps = append(policyMaps, maps.Map{
+			"id":            policy.Id,
+			"isOn":          policy.IsOn,
+			"name":          policy.Name,
+			"countInbound":  countInbound,
+			"countOutbound": countOutbound,
+		})
+	}
+
+	this.Data["policies"] = policyMaps
+
+	this.Data["page"] = page.AsHTML()
+
+	this.Show()
+}
--- a/internal/web/actions/default/servers/components/waf/sortGroups.go
+++ b/internal/web/actions/default/servers/components/waf/sortGroups.go
@@ -73,9 +73,9 @@ func (this *SortGroupsAction) RunPost(params struct {
 	}

 	_, err = this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallPolicyGroups(this.AdminContext(), &pb.UpdateHTTPFirewallPolicyGroupsRequest{
-		FirewallPolicyId: params.FirewallPolicyId,
-		InboundJSON:      inboundJSON,
-		OutboundJSON:     outboundJSON,
+		HttpFirewallPolicyId: params.FirewallPolicyId,
+		InboundJSON:          inboundJSON,
+		OutboundJSON:         outboundJSON,
 	})
 	if err != nil {
 		this.ErrorPage(err)
--- a/internal/web/actions/default/servers/components/waf/update.go
+++ b/internal/web/actions/default/servers/components/waf/update.go
@@ -88,12 +88,12 @@ func (this *UpdateAction) RunPost(params struct {
 		Require("请输入策略名称")

 	_, err := this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallPolicy(this.AdminContext(), &pb.UpdateHTTPFirewallPolicyRequest{
-		FirewallPolicyId:   params.FirewallPolicyId,
-		IsOn:               params.IsOn,
-		Name:               params.Name,
-		Description:        params.Description,
-		FirewallGroupCodes: params.GroupCodes,
-		BlockOptionsJSON:   params.BlockOptionsJSON,
+		HttpFirewallPolicyId: params.FirewallPolicyId,
+		IsOn:                 params.IsOn,
+		Name:                 params.Name,
+		Description:          params.Description,
+		FirewallGroupCodes:   params.GroupCodes,
+		BlockOptionsJSON:     params.BlockOptionsJSON,
 	})
 	if err != nil {
 		this.ErrorPage(err)