实现WAF部分功能

2026-01-04 01:56:35 +08:00 · 2020-10-08 11:11:37 +08:00
parent 62b9ab9f5d
commit 66d90807db
28 changed files with 1443 additions and 17 deletions
--- a/internal/web/actions/default/servers/components/waf/createRulePopup.go
+++ b/internal/web/actions/default/servers/components/waf/createRulePopup.go
@@ -0,0 +1,104 @@
+package waf
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/lists"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type CreateRulePopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *CreateRulePopupAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *CreateRulePopupAction) RunGet(params struct {
+	Type string
+}) {
+	// check points
+	checkpointList := []maps.Map{}
+	for _, def := range firewallconfigs.AllCheckpoints {
+		if (params.Type == "inbound" && def.IsRequest) || (params.Type == "outbound" && !def.IsRequest) {
+			checkpointList = append(checkpointList, maps.Map{
+				"name":        def.Name,
+				"prefix":      def.Prefix,
+				"description": def.Description,
+				"hasParams":   len(def.Params) > 0,
+				"params":      def.Params,
+				"options":     def.Options,
+			})
+		}
+	}
+
+	// operators
+	this.Data["operators"] = lists.Map(firewallconfigs.AllRuleOperators, func(k int, v interface{}) interface{} {
+		def := v.(*firewallconfigs.RuleOperatorDefinition)
+		return maps.Map{
+			"name":        def.Name,
+			"code":        def.Code,
+			"description": def.Description,
+			"case":        def.CaseInsensitive,
+		}
+	})
+
+	this.Data["checkpoints"] = checkpointList
+
+	this.Show()
+}
+
+func (this *CreateRulePopupAction) RunPost(params struct {
+	RuleId      int64
+	Prefix      string
+	Operator    string
+	Param       string
+	OptionsJSON []byte
+	Value       string
+	Case        bool
+
+	Must *actions.Must
+}) {
+	params.Must.
+		Field("prefix", params.Prefix).
+		Require("请选择参数")
+
+	rule := &firewallconfigs.HTTPFirewallRule{
+		Id:   params.RuleId,
+		IsOn: true,
+	}
+	if len(params.Param) > 0 {
+		rule.Param = "${" + params.Prefix + "." + params.Param + "}"
+	} else {
+		rule.Param = "${" + params.Prefix + "}"
+	}
+	rule.Operator = params.Operator
+	rule.Value = params.Value
+	rule.IsCaseInsensitive = params.Case
+
+	if len(params.OptionsJSON) > 0 {
+		options := []maps.Map{}
+		err := json.Unmarshal(params.OptionsJSON, &options)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+
+		rule.CheckpointOptions = map[string]interface{}{}
+		for _, option := range options {
+			rule.CheckpointOptions[option.GetString("code")] = option.GetString("value")
+		}
+	}
+
+	// 校验
+	err := rule.Init()
+	if err != nil {
+		this.Fail("校验规则 '" + rule.Param + " " + rule.Operator + " " + rule.Value + "' 失败，原因：" + err.Error())
+	}
+
+	this.Data["rule"] = rule
+	this.Success()
+}
--- a/internal/web/actions/default/servers/components/waf/createSetPopup.go
+++ b/internal/web/actions/default/servers/components/waf/createSetPopup.go
@@ -0,0 +1,159 @@
+package waf
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/models"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
+	"strconv"
+	"strings"
+)
+
+type CreateSetPopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *CreateSetPopupAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *CreateSetPopupAction) RunGet(params struct {
+	FirewallPolicyId int64
+	GroupId          int64
+	Type             string
+}) {
+	this.Data["groupId"] = params.GroupId
+	this.Data["type"] = params.Type
+
+	firewallPolicy, err := models.SharedHTTPFirewallPolicyDAO.FindEnabledPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if firewallPolicy == nil {
+		this.NotFound("firewallPolicy", params.FirewallPolicyId)
+		return
+	}
+	this.Data["firewallPolicy"] = firewallPolicy
+
+	// 一些配置
+	this.Data["connectors"] = []maps.Map{
+		{
+			"name":        "和(AND)",
+			"value":       firewallconfigs.HTTPFirewallRuleConnectorAnd,
+			"description": "所有规则都满足才视为匹配",
+		},
+		{
+			"name":        "或(OR)",
+			"value":       firewallconfigs.HTTPFirewallRuleConnectorOr,
+			"description": "任一规则满足了就视为匹配",
+		},
+	}
+
+	actionMaps := []maps.Map{}
+	for _, action := range firewallconfigs.AllActions {
+		actionMaps = append(actionMaps, maps.Map{
+			"name":        action.Name,
+			"description": action.Description,
+			"code":        action.Code,
+		})
+	}
+	this.Data["actions"] = actionMaps
+
+	this.Show()
+}
+
+func (this *CreateSetPopupAction) RunPost(params struct {
+	GroupId int64
+
+	Name      string
+	RulesJSON []byte
+	Connector string
+	Action    string
+
+	Must *actions.Must
+}) {
+	groupConfig, err := models.SharedHTTPFirewallRuleGroupDAO.FindRuleGroupConfig(this.AdminContext(), params.GroupId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if groupConfig == nil {
+		this.Fail("找不到分组，Id：" + strconv.FormatInt(params.GroupId, 10))
+	}
+
+	params.Must.
+		Field("name", params.Name).
+		Require("请输入规则集名称")
+
+	if len(params.RulesJSON) == 0 {
+		this.Fail("请添加至少一个规则")
+	}
+	rules := []*firewallconfigs.HTTPFirewallRule{}
+	err = json.Unmarshal(params.RulesJSON, &rules)
+	if err != nil {
+		this.ErrorPage(err)
+	}
+	if len(rules) == 0 {
+		this.Fail("请添加至少一个规则")
+	}
+
+	setConfig := &firewallconfigs.HTTPFirewallRuleSet{
+		Id:            0,
+		IsOn:          true,
+		Name:          params.Name,
+		Code:          "",
+		Description:   "",
+		Connector:     params.Connector,
+		RuleRefs:      nil,
+		Rules:         rules,
+		Action:        params.Action,
+		ActionOptions: maps.Map{},
+	}
+
+	for k, v := range this.ParamsMap {
+		if len(v) == 0 {
+			continue
+		}
+		index := strings.Index(k, "action_")
+		if index > -1 {
+			setConfig.ActionOptions[k[len("action_"):]] = v[0]
+		}
+	}
+
+	setConfigJSON, err := json.Marshal(setConfig)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	createUpdateResp, err := this.RPC().HTTPFirewallRuleSetRPC().CreateOrUpdateHTTPFirewallRuleSetFromConfig(this.AdminContext(), &pb.CreateOrUpdateHTTPFirewallRuleSetFromConfigRequest{FirewallRuleSetConfigJSON: setConfigJSON})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	groupConfig.SetRefs = append(groupConfig.SetRefs, &firewallconfigs.HTTPFirewallRuleSetRef{
+		IsOn:  true,
+		SetId: createUpdateResp.FirewallRuleSetId,
+	})
+
+	setRefsJSON, err := json.Marshal(groupConfig.SetRefs)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	_, err = this.RPC().HTTPFirewallRuleGroupRPC().UpdateHTTPFirewallRuleGroupSets(this.AdminContext(), &pb.UpdateHTTPFirewallRuleGroupSetsRequest{
+		FirewallRuleGroupId:  params.GroupId,
+		FirewallRuleSetsJSON: setRefsJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/components/waf/deleteSet.go
+++ b/internal/web/actions/default/servers/components/waf/deleteSet.go
@@ -0,0 +1,50 @@
+package waf
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/models"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+)
+
+type DeleteSetAction struct {
+	actionutils.ParentAction
+}
+
+func (this *DeleteSetAction) RunPost(params struct {
+	GroupId int64
+	SetId   int64
+}) {
+	groupConfig, err := models.SharedHTTPFirewallRuleGroupDAO.FindRuleGroupConfig(this.AdminContext(), params.GroupId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if groupConfig == nil {
+		this.NotFound("firewallRuleGroup", params.GroupId)
+		return
+	}
+
+	newRefs := []*firewallconfigs.HTTPFirewallRuleSetRef{}
+	for _, ref := range groupConfig.SetRefs {
+		if ref.SetId != params.SetId {
+			newRefs = append(newRefs, ref)
+		}
+	}
+	newRefsJSON, err := json.Marshal(newRefs)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	_, err = this.RPC().HTTPFirewallRuleGroupRPC().UpdateHTTPFirewallRuleGroupSets(this.AdminContext(), &pb.UpdateHTTPFirewallRuleGroupSetsRequest{
+		FirewallRuleGroupId:  params.GroupId,
+		FirewallRuleSetsJSON: newRefsJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/components/waf/group.go
+++ b/internal/web/actions/default/servers/components/waf/group.go
@@ -0,0 +1,107 @@
+package waf
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/models"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/lists"
+	"github.com/iwind/TeaGo/maps"
+	"strconv"
+	"strings"
+)
+
+type GroupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *GroupAction) Init() {
+	this.Nav("", "", this.ParamString("type"))
+}
+
+func (this *GroupAction) RunGet(params struct {
+	FirewallPolicyId int64
+	GroupId          int64
+	Type             string
+}) {
+	this.Data["type"] = params.Type
+
+	// policy
+	firewallPolicy, err := models.SharedHTTPFirewallPolicyDAO.FindEnabledPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if firewallPolicy == nil {
+		this.NotFound("firewallPolicy", params.FirewallPolicyId)
+		return
+	}
+
+	// group config
+	groupConfig, err := models.SharedHTTPFirewallRuleGroupDAO.FindRuleGroupConfig(this.AdminContext(), params.GroupId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if groupConfig == nil {
+		this.NotFound("firewallRuleGroup", params.GroupId)
+		return
+	}
+
+	this.Data["group"] = groupConfig
+
+	// rule sets
+	this.Data["sets"] = lists.Map(groupConfig.Sets, func(k int, v interface{}) interface{} {
+		set := v.(*firewallconfigs.HTTPFirewallRuleSet)
+
+		// 动作说明
+		actionLinks := []maps.Map{}
+		if set.Action == firewallconfigs.HTTPFirewallActionGoGroup {
+			nextGroup := firewallPolicy.FindRuleGroup(set.ActionOptions.GetInt64("groupId"))
+			if nextGroup != nil {
+				actionLinks = append(actionLinks, maps.Map{
+					"name": nextGroup.Name,
+					"url":  "/servers/components/waf/group?firewallPolicyId=" + strconv.FormatInt(params.FirewallPolicyId, 10) + "&type=" + params.Type + "&groupId=" + strconv.FormatInt(nextGroup.Id, 10),
+				})
+			}
+		} else if set.Action == firewallconfigs.HTTPFirewallActionGoSet {
+			nextGroup := firewallPolicy.FindRuleGroup(set.ActionOptions.GetInt64("groupId"))
+			if nextGroup != nil {
+				actionLinks = append(actionLinks, maps.Map{
+					"name": nextGroup.Name,
+					"url":  "/servers/components/waf/group?firewallPolicyId=" + strconv.FormatInt(params.FirewallPolicyId, 10) + "&type=" + params.Type + "&groupId=" + strconv.FormatInt(nextGroup.Id, 10),
+				})
+
+				nextSet := nextGroup.FindRuleSet(set.ActionOptions.GetInt64("setId"))
+				if nextSet != nil {
+					actionLinks = append(actionLinks, maps.Map{
+						"name": nextSet.Name,
+						"url":  "/servers/components/waf/group?firewallPolicyId=" + strconv.FormatInt(params.FirewallPolicyId, 10) + "&type=" + params.Type + "&groupId=" + strconv.FormatInt(nextGroup.Id, 10),
+					})
+				}
+			}
+		}
+
+		return maps.Map{
+			"id":   set.Id,
+			"name": set.Name,
+			"rules": lists.Map(set.Rules, func(k int, v interface{}) interface{} {
+				rule := v.(*firewallconfigs.HTTPFirewallRule)
+
+				return maps.Map{
+					"param":             rule.Param,
+					"operator":          rule.Operator,
+					"value":             rule.Value,
+					"isCaseInsensitive": rule.IsCaseInsensitive,
+				}
+			}),
+			"isOn":            set.IsOn,
+			"action":        strings.ToUpper(set.Action),
+			"actionOptions": set.ActionOptions,
+			"actionName":    firewallconfigs.FindActionName(set.Action),
+			"actionLinks":   actionLinks,
+			"connector":     strings.ToUpper(set.Connector),
+		}
+	})
+
+	this.Show()
+}
--- a/internal/web/actions/default/servers/components/waf/init.go
+++ b/internal/web/actions/default/servers/components/waf/init.go
@@ -18,7 +18,7 @@ func init() {
 			Post("/delete", new(DeleteAction)).
 			Get("/policy", new(PolicyAction)).
 			Get("/groups", new(GroupsAction)).
-			Get("/sets", new(SetsAction)).
+			Get("/group", new(GroupAction)).
 			Get("/log", new(LogAction)).
 			GetPost("/update", new(UpdateAction)).
 			GetPost("/test", new(TestAction)).
@@ -29,6 +29,13 @@ func init() {
 			GetPost("/ipadmin", new(IpadminAction)).
 			GetPost("/createGroupPopup", new(CreateGroupPopupAction)).
 			Post("/sortGroups", new(SortGroupsAction)).
+			GetPost("/updateGroupPopup", new(UpdateGroupPopupAction)).
+			GetPost("/createSetPopup", new(CreateSetPopupAction)).
+			GetPost("/createRulePopup", new(CreateRulePopupAction)).
+			Post("/sortSets", new(SortSetsAction)).
+			Post("/updateSetOn", new(UpdateSetOnAction)).
+			Post("/deleteSet", new(DeleteSetAction)).
+			GetPost("/updateSetPopup", new(UpdateSetPopupAction)).
 			EndAll()
 	})
 }
--- a/internal/web/actions/default/servers/components/waf/sets.go
+++ b/internal/web/actions/default/servers/components/waf/sets.go
@@ -1,15 +0,0 @@
-package waf
-
-import "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
-
-type SetsAction struct {
-	actionutils.ParentAction
-}
-
-func (this *SetsAction) Init() {
-	this.Nav("", "", "")
-}
-
-func (this *SetsAction) RunGet(params struct{}) {
-	this.Show()
-}
--- a/internal/web/actions/default/servers/components/waf/sortSets.go
+++ b/internal/web/actions/default/servers/components/waf/sortSets.go
@@ -0,0 +1,53 @@
+package waf
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/models"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+)
+
+type SortSetsAction struct {
+	actionutils.ParentAction
+}
+
+func (this *SortSetsAction) RunPost(params struct {
+	GroupId int64
+	SetIds  []int64
+}) {
+	groupConfig, err := models.SharedHTTPFirewallRuleGroupDAO.FindRuleGroupConfig(this.AdminContext(), params.GroupId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if groupConfig == nil {
+		this.NotFound("firewallRuleGroup", params.GroupId)
+		return
+	}
+
+	setMap := map[int64]*firewallconfigs.HTTPFirewallRuleSetRef{}
+	for _, setRef := range groupConfig.SetRefs {
+		setMap[setRef.SetId] = setRef
+	}
+
+	newRefs := []*firewallconfigs.HTTPFirewallRuleSetRef{}
+	for _, setId := range params.SetIds {
+		ref, ok := setMap[setId]
+		if ok {
+			newRefs = append(newRefs, ref)
+		}
+	}
+	newRefsJSON, err := json.Marshal(newRefs)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	_, err = this.RPC().HTTPFirewallRuleGroupRPC().UpdateHTTPFirewallRuleGroupSets(this.AdminContext(), &pb.UpdateHTTPFirewallRuleGroupSetsRequest{
+		FirewallRuleGroupId:  params.GroupId,
+		FirewallRuleSetsJSON: newRefsJSON,
+	})
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/components/waf/updateGroupPopup.go
+++ b/internal/web/actions/default/servers/components/waf/updateGroupPopup.go
@@ -0,0 +1,66 @@
+package waf
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/models"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type UpdateGroupPopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *UpdateGroupPopupAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *UpdateGroupPopupAction) RunGet(params struct {
+	GroupId int64
+}) {
+	groupConfig, err := models.SharedHTTPFirewallRuleGroupDAO.FindRuleGroupConfig(this.AdminContext(), params.GroupId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if groupConfig == nil {
+		this.NotFound("ruleGroup", params.GroupId)
+		return
+	}
+
+	this.Data["group"] = maps.Map{
+		"id":          groupConfig.Id,
+		"name":        groupConfig.Name,
+		"description": groupConfig.Description,
+		"isOn":        groupConfig.IsOn,
+	}
+
+	this.Show()
+}
+
+func (this *UpdateGroupPopupAction) RunPost(params struct {
+	GroupId     int64
+	Name        string
+	Description string
+	IsOn        bool
+
+	Must *actions.Must
+}) {
+	params.Must.
+		Field("name", params.Name).
+		Require("请输入分组名称")
+
+	_, err := this.RPC().HTTPFirewallRuleGroupRPC().UpdateHTTPFirewallRuleGroup(this.AdminContext(), &pb.UpdateHTTPFirewallRuleGroupRequest{
+		FirewallRuleGroupId: params.GroupId,
+		IsOn:                params.IsOn,
+		Name:                params.Name,
+		Description:         params.Description,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/components/waf/updateSetOn.go
+++ b/internal/web/actions/default/servers/components/waf/updateSetOn.go
@@ -0,0 +1,26 @@
+package waf
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+)
+
+type UpdateSetOnAction struct {
+	actionutils.ParentAction
+}
+
+func (this *UpdateSetOnAction) RunPost(params struct {
+	SetId int64
+	IsOn  bool
+}) {
+	_, err := this.RPC().HTTPFirewallRuleSetRPC().UpdateHTTPFirewallRuleSetIsOn(this.AdminContext(), &pb.UpdateHTTPFirewallRuleSetIsOnRequest{
+		FirewallRuleSetId: params.SetId,
+		IsOn:              params.IsOn,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/components/waf/updateSetPopup.go
+++ b/internal/web/actions/default/servers/components/waf/updateSetPopup.go
@@ -0,0 +1,152 @@
+package waf
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/models"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
+	"strings"
+)
+
+type UpdateSetPopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *UpdateSetPopupAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *UpdateSetPopupAction) RunGet(params struct {
+	FirewallPolicyId int64
+	GroupId          int64
+	Type             string
+	SetId            int64
+}) {
+	this.Data["groupId"] = params.GroupId
+	this.Data["type"] = params.Type
+
+	firewallPolicy, err := models.SharedHTTPFirewallPolicyDAO.FindEnabledPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if firewallPolicy == nil {
+		this.NotFound("firewallPolicy", params.FirewallPolicyId)
+		return
+	}
+	this.Data["firewallPolicy"] = firewallPolicy
+
+	// 一些配置
+	this.Data["connectors"] = []maps.Map{
+		{
+			"name":        "和(AND)",
+			"value":       firewallconfigs.HTTPFirewallRuleConnectorAnd,
+			"description": "所有规则都满足才视为匹配",
+		},
+		{
+			"name":        "或(OR)",
+			"value":       firewallconfigs.HTTPFirewallRuleConnectorOr,
+			"description": "任一规则满足了就视为匹配",
+		},
+	}
+
+	actionMaps := []maps.Map{}
+	for _, action := range firewallconfigs.AllActions {
+		actionMaps = append(actionMaps, maps.Map{
+			"name":        action.Name,
+			"description": action.Description,
+			"code":        action.Code,
+		})
+	}
+	this.Data["actions"] = actionMaps
+
+	// 规则集信息
+	setConfig, err := models.SharedHTTPFirewallRuleSetDAO.FindRuleSetConfig(this.AdminContext(), params.SetId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if setConfig == nil {
+		this.NotFound("firewallRuleSet", params.SetId)
+		return
+	}
+	this.Data["setConfig"] = setConfig
+
+	this.Show()
+}
+
+func (this *UpdateSetPopupAction) RunPost(params struct {
+	GroupId int64
+	SetId   int64
+
+	Name      string
+	RulesJSON []byte
+	Connector string
+	Action    string
+
+	Must *actions.Must
+}) {
+	// 规则集信息
+	setConfig, err := models.SharedHTTPFirewallRuleSetDAO.FindRuleSetConfig(this.AdminContext(), params.SetId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if setConfig == nil {
+		this.NotFound("firewallRuleSet", params.SetId)
+		return
+	}
+
+	params.Must.
+		Field("name", params.Name).
+		Require("请输入规则集名称")
+
+	if len(params.RulesJSON) == 0 {
+		this.Fail("请添加至少一个规则")
+	}
+	rules := []*firewallconfigs.HTTPFirewallRule{}
+	err = json.Unmarshal(params.RulesJSON, &rules)
+	if err != nil {
+		this.ErrorPage(err)
+	}
+	if len(rules) == 0 {
+		this.Fail("请添加至少一个规则")
+	}
+
+	setConfig.Name = params.Name
+	setConfig.Connector = params.Connector
+	setConfig.Rules = rules
+	setConfig.Action = params.Action
+	setConfig.ActionOptions = maps.Map{}
+
+	for k, v := range this.ParamsMap {
+		if len(v) == 0 {
+			continue
+		}
+		index := strings.Index(k, "action_")
+		if index > -1 {
+			setConfig.ActionOptions[k[len("action_"):]] = v[0]
+		}
+	}
+
+	setConfigJSON, err := json.Marshal(setConfig)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	_, err = this.RPC().HTTPFirewallRuleSetRPC().CreateOrUpdateHTTPFirewallRuleSetFromConfig(this.AdminContext(), &pb.CreateOrUpdateHTTPFirewallRuleSetFromConfigRequest{FirewallRuleSetConfigJSON: setConfigJSON})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}