增加IP级别和WAF动作

2025-11-03 20:40:26 +08:00 · 2021-02-06 17:37:09 +08:00
parent 7135b15835
commit 79e15006c0
46 changed files with 1000 additions and 186 deletions
--- a/internal/web/actions/default/clusters/cluster/settings/firewall-actions/createPopup.go
+++ b/internal/web/actions/default/clusters/cluster/settings/firewall-actions/createPopup.go
@@ -0,0 +1,115 @@
+package firewallActions
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/actions"
+)
+
+type CreatePopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *CreatePopupAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *CreatePopupAction) RunGet(params struct {
+	ClusterId int64
+}) {
+	this.Data["clusterId"] = params.ClusterId
+	this.Data["actionTypes"] = firewallconfigs.FindAllFirewallActionTypes()
+
+	this.Show()
+}
+
+func (this *CreatePopupAction) RunPost(params struct {
+	ClusterId  int64
+	Name       string
+	EventLevel string
+	Type       string
+
+	// ipset
+	IpsetWhiteName          string
+	IpsetBlackName          string
+	IpsetAutoAddToIPTables  bool
+	IpsetAutoAddToFirewalld bool
+
+	// script
+	ScriptPath string
+
+	// http api
+	HttpAPIURL string
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	defer this.CreateLogInfo("创建WAF动作")
+
+	params.Must.
+		Field("name", params.Name).
+		Require("请输入动作名称").
+		Field("type", params.Type).
+		Require("请选择动作类型")
+
+	var actionParams interface{} = nil
+	switch params.Type {
+	case firewallconfigs.FirewallActionTypeIPSet:
+		params.Must.
+			Field("ipsetWhiteName", params.IpsetWhiteName).
+			Require("请输入IPSet白名单名称").
+			Match(`^\w+$`, "请输入正确的IPSet白名单名称").
+			Field("ipsetBlackName", params.IpsetBlackName).
+			Require("请输入IPSet黑名单名称").
+			Match(`^\w+$`, "请输入正确的IPSet黑名单名称")
+
+		actionParams = &firewallconfigs.FirewallActionIPSetConfig{
+			WhiteName:          params.IpsetWhiteName,
+			BlackName:          params.IpsetBlackName,
+			AutoAddToIPTables:  params.IpsetAutoAddToIPTables,
+			AutoAddToFirewalld: params.IpsetAutoAddToFirewalld,
+		}
+	case firewallconfigs.FirewallActionTypeIPTables:
+		actionParams = &firewallconfigs.FirewallActionIPTablesConfig{}
+	case firewallconfigs.FirewallActionTypeFirewalld:
+		actionParams = &firewallconfigs.FirewallActionFirewalldConfig{}
+	case firewallconfigs.FirewallActionTypeScript:
+		params.Must.
+			Field("scriptPath", params.ScriptPath).
+			Require("请输入脚本路径")
+		actionParams = &firewallconfigs.FirewallActionScriptConfig{
+			Path: params.ScriptPath,
+		}
+	case firewallconfigs.FirewallActionTypeHTTPAPI:
+		params.Must.
+			Field("httpAPIURL", params.HttpAPIURL).
+			Require("请输入API URL").
+			Match(`^(http|https):`, "API地址必须以http://或https://开头")
+		actionParams = &firewallconfigs.FirewallActionHTTPAPIConfig{
+			URL: params.HttpAPIURL,
+		}
+	default:
+		this.Fail("选择的类型'" + params.Type + "'暂时不支持")
+	}
+
+	actionParamsJSON, err := json.Marshal(actionParams)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	_, err = this.RPC().NodeClusterFirewallActionRPC().CreateNodeClusterFirewallAction(this.AdminContext(), &pb.CreateNodeClusterFirewallActionRequest{
+		NodeClusterId: params.ClusterId,
+		Name:          params.Name,
+		EventLevel:    params.EventLevel,
+		Type:          params.Type,
+		ParamsJSON:    actionParamsJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Success()
+}
--- a/internal/web/actions/default/clusters/cluster/settings/firewall-actions/delete.go
+++ b/internal/web/actions/default/clusters/cluster/settings/firewall-actions/delete.go
@@ -0,0 +1,24 @@
+package firewallActions
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+)
+
+type DeleteAction struct {
+	actionutils.ParentAction
+}
+
+func (this *DeleteAction) RunPost(params struct {
+	ActionId int64
+}) {
+	defer this.CreateLogInfo("删除WAF动作 %d", params.ActionId)
+
+	_, err := this.RPC().NodeClusterFirewallActionRPC().DeleteNodeClusterFirewallAction(this.AdminContext(), &pb.DeleteNodeClusterFirewallActionRequest{NodeClusterFirewallActionId: params.ActionId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/clusters/cluster/settings/firewall-actions/index.go
+++ b/internal/web/actions/default/clusters/cluster/settings/firewall-actions/index.go
@@ -0,0 +1,65 @@
+package firewallActions
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "setting", "")
+	this.SecondMenu("firewallAction")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	ClusterId int64
+}) {
+	actionsResp, err := this.RPC().NodeClusterFirewallActionRPC().FindAllEnabledNodeClusterFirewallActions(this.AdminContext(), &pb.FindAllEnabledNodeClusterFirewallActionsRequest{NodeClusterId: params.ClusterId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	levelMaps := map[string][]maps.Map{} // level => actionMaps
+	for _, action := range actionsResp.NodeClusterFirewallActions {
+		actionMaps, ok := levelMaps[action.EventLevel]
+		if !ok {
+			actionMaps = []maps.Map{}
+		}
+
+		actionMaps = append(actionMaps, maps.Map{
+			"id":       action.Id,
+			"name":     action.Name,
+			"type":     action.Type,
+			"typeName": firewallconfigs.FindFirewallActionTypeName(action.Type),
+		})
+		levelMaps[action.EventLevel] = actionMaps
+	}
+
+	levelMaps2 := []maps.Map{} // []levelMap
+	hasActions := false
+	for _, level := range firewallconfigs.FindAllFirewallEventLevels() {
+		actionMaps, ok := levelMaps[level.Code]
+		if !ok {
+			actionMaps = []maps.Map{}
+		} else {
+			hasActions = true
+		}
+
+		levelMaps2 = append(levelMaps2, maps.Map{
+			"name":    level.Name,
+			"code":    level.Code,
+			"actions": actionMaps,
+		})
+	}
+
+	this.Data["levels"] = levelMaps2
+	this.Data["hasActions"] = hasActions
+
+	this.Show()
+}
--- a/internal/web/actions/default/clusters/cluster/settings/firewall-actions/updatePopup.go
+++ b/internal/web/actions/default/clusters/cluster/settings/firewall-actions/updatePopup.go
@@ -0,0 +1,144 @@
+package firewallActions
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type UpdatePopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *UpdatePopupAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *UpdatePopupAction) RunGet(params struct {
+	ActionId int64
+}) {
+	actionResp, err := this.RPC().NodeClusterFirewallActionRPC().FindEnabledNodeClusterFirewallAction(this.AdminContext(), &pb.FindEnabledNodeClusterFirewallActionRequest{NodeClusterFirewallActionId: params.ActionId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	action := actionResp.NodeClusterFirewallAction
+	if action == nil {
+		this.NotFound("nodeClusterFirewallAction", params.ActionId)
+		return
+	}
+
+	actionParams := maps.Map{}
+	if len(action.ParamsJSON) > 0 {
+		err = json.Unmarshal(action.ParamsJSON, &actionParams)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+	}
+
+	this.Data["action"] = maps.Map{
+		"id":         action.Id,
+		"name":       action.Name,
+		"eventLevel": action.EventLevel,
+		"params":     actionParams,
+		"type":       action.Type,
+	}
+
+	// 通用参数
+	this.Data["actionTypes"] = firewallconfigs.FindAllFirewallActionTypes()
+
+	this.Show()
+}
+
+func (this *UpdatePopupAction) RunPost(params struct {
+	ActionId   int64
+	Name       string
+	EventLevel string
+	Type       string
+
+	// ipset
+	IpsetWhiteName          string
+	IpsetBlackName          string
+	IpsetAutoAddToIPTables  bool
+	IpsetAutoAddToFirewalld bool
+
+	// script
+	ScriptPath string
+
+	// http api
+	HttpAPIURL string
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	defer this.CreateLogInfo("修改WAF动作 %d", params.ActionId)
+
+	params.Must.
+		Field("name", params.Name).
+		Require("请输入动作名称").
+		Field("type", params.Type).
+		Require("请选择动作类型")
+
+	var actionParams interface{} = nil
+	switch params.Type {
+	case firewallconfigs.FirewallActionTypeIPSet:
+		params.Must.
+			Field("ipsetWhiteName", params.IpsetWhiteName).
+			Require("请输入IPSet白名单名称").
+			Match(`^\w+$`, "请输入正确的IPSet白名单名称").
+			Field("ipsetBlackName", params.IpsetBlackName).
+			Require("请输入IPSet黑名单名称").
+			Match(`^\w+$`, "请输入正确的IPSet黑名单名称")
+
+		actionParams = &firewallconfigs.FirewallActionIPSetConfig{
+			WhiteName:          params.IpsetWhiteName,
+			BlackName:          params.IpsetBlackName,
+			AutoAddToIPTables:  params.IpsetAutoAddToIPTables,
+			AutoAddToFirewalld: params.IpsetAutoAddToFirewalld,
+		}
+	case firewallconfigs.FirewallActionTypeIPTables:
+		actionParams = &firewallconfigs.FirewallActionIPTablesConfig{}
+	case firewallconfigs.FirewallActionTypeFirewalld:
+		actionParams = &firewallconfigs.FirewallActionFirewalldConfig{}
+	case firewallconfigs.FirewallActionTypeScript:
+		params.Must.
+			Field("scriptPath", params.ScriptPath).
+			Require("请输入脚本路径")
+		actionParams = &firewallconfigs.FirewallActionScriptConfig{
+			Path: params.ScriptPath,
+		}
+	case firewallconfigs.FirewallActionTypeHTTPAPI:
+		params.Must.
+			Field("httpAPIURL", params.HttpAPIURL).
+			Require("请输入API URL").
+			Match(`^(http|https):`, "API地址必须以http://或https://开头")
+		actionParams = &firewallconfigs.FirewallActionHTTPAPIConfig{
+			URL: params.HttpAPIURL,
+		}
+	default:
+		this.Fail("选择的类型'" + params.Type + "'暂时不支持")
+	}
+
+	actionParamsJSON, err := json.Marshal(actionParams)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	_, err = this.RPC().NodeClusterFirewallActionRPC().UpdateNodeClusterFirewallAction(this.AdminContext(), &pb.UpdateNodeClusterFirewallActionRequest{
+		NodeClusterFirewallActionId: params.ActionId,
+		Name:                        params.Name,
+		EventLevel:                  params.EventLevel,
+		Type:                        params.Type,
+		ParamsJSON:                  actionParamsJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Success()
+}
--- a/internal/web/actions/default/clusters/cluster/settings/init.go
+++ b/internal/web/actions/default/clusters/cluster/settings/init.go
@@ -4,6 +4,7 @@ import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/cluster/settings/cache"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/cluster/settings/dns"
+	firewallActions "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/cluster/settings/firewall-actions"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/cluster/settings/services"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/cluster/settings/toa"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/cluster/settings/waf"
@@ -43,6 +44,13 @@ func init() {
 			GetPost("", new(services.IndexAction)).
 			GetPost("/status", new(services.StatusAction)).

+			// 防火墙动作
+			Prefix("/clusters/cluster/settings/firewall-actions").
+			Get("", new(firewallActions.IndexAction)).
+			GetPost("/createPopup", new(firewallActions.CreatePopupAction)).
+			GetPost("/updatePopup", new(firewallActions.UpdatePopupAction)).
+			Post("/delete", new(firewallActions.DeleteAction)).
+
 			EndAll()
 	})
 }
--- a/internal/web/actions/default/clusters/clusterutils/cluster_helper.go
+++ b/internal/web/actions/default/clusters/clusterutils/cluster_helper.go
@@ -86,6 +86,11 @@ func (this *ClusterHelper) createSettingMenu(cluster *pb.NodeCluster, selectedIt
 		"isActive": selectedItem == "waf",
 		"isOn":     cluster.HttpFirewallPolicyId > 0,
 	})
+	items = append(items, maps.Map{
+		"name":     "WAF动作",
+		"url":      "/clusters/cluster/settings/firewall-actions?clusterId=" + clusterId,
+		"isActive": selectedItem == "firewallAction",
+	})
 	items = append(items, maps.Map{
 		"name":     "健康检查",
 		"url":      "/clusters/cluster/settings/health?clusterId=" + clusterId,