实现公用的IP名单

internal/web/actions/default/servers/components/waf/ipadmin/lists.go

@@ -22,6 +22,7 @@ func (this *ListsAction) RunGet(params struct {
 	Type             string
 }) {
 	this.Data["subMenuItem"] = params.Type
+	this.Data["type"] = params.Type
 
 	listId, err := dao.SharedHTTPFirewallPolicyDAO.FindEnabledPolicyIPListIdWithType(this.AdminContext(), params.FirewallPolicyId, params.Type)
 	if err != nil {

internal/web/actions/default/servers/iplists/bindHTTPFirewallPopup.go

@@ -0,0 +1,139 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package iplists
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/lists"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type BindHTTPFirewallPopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *BindHTTPFirewallPopupAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *BindHTTPFirewallPopupAction) RunGet(params struct {
+	HttpFirewallPolicyId int64
+	Type                 string
+}) {
+	this.Data["httpFirewallPolicyId"] = params.HttpFirewallPolicyId
+
+	// 获取已经选中的名单IDs
+	var selectedIds = []int64{}
+	inboundConfig, err := dao.SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicyInboundConfig(this.AdminContext(), params.HttpFirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if inboundConfig != nil {
+		for _, ref := range inboundConfig.PublicAllowListRefs {
+			selectedIds = append(selectedIds, ref.ListId)
+		}
+		for _, ref := range inboundConfig.PublicDenyListRefs {
+			selectedIds = append(selectedIds, ref.ListId)
+		}
+	}
+
+	// 公共的名单
+	countResp, err := this.RPC().IPListRPC().CountAllEnabledIPLists(this.AdminContext(), &pb.CountAllEnabledIPListsRequest{
+		Type:     params.Type,
+		IsPublic: true,
+		Keyword:  "",
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	count := countResp.Count
+	page := this.NewPage(count)
+	this.Data["page"] = page.AsHTML()
+
+	listsResp, err := this.RPC().IPListRPC().ListEnabledIPLists(this.AdminContext(), &pb.ListEnabledIPListsRequest{
+		Type:     params.Type,
+		IsPublic: true,
+		Keyword:  "",
+		Offset:   page.Offset,
+		Size:     page.Size,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var listMaps = []maps.Map{}
+	for _, list := range listsResp.IpLists {
+		// 包含的IP数量
+		countItemsResp, err := this.RPC().IPItemRPC().CountIPItemsWithListId(this.AdminContext(), &pb.CountIPItemsWithListIdRequest{IpListId: list.Id})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		var countItems = countItemsResp.Count
+
+		listMaps = append(listMaps, maps.Map{
+			"id":          list.Id,
+			"isOn":        list.IsOn,
+			"name":        list.Name,
+			"description": list.Description,
+			"countItems":  countItems,
+			"type":        list.Type,
+			"isSelected":  lists.ContainsInt64(selectedIds, list.Id),
+		})
+	}
+	this.Data["lists"] = listMaps
+
+	this.Show()
+}
+
+func (this *BindHTTPFirewallPopupAction) RunPost(params struct {
+	HttpFirewallPolicyId int64
+	ListId               int64
+
+	Must *actions.Must
+}) {
+	// List类型
+	listResp, err := this.RPC().IPListRPC().FindEnabledIPList(this.AdminContext(), &pb.FindEnabledIPListRequest{IpListId: params.ListId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var list = listResp.IpList
+	if list == nil {
+		this.Fail("找不到要使用的IP名单")
+	}
+
+	// 已经绑定的
+	inboundConfig, err := dao.SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicyInboundConfig(this.AdminContext(), params.HttpFirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if inboundConfig == nil {
+		inboundConfig = &firewallconfigs.HTTPFirewallInboundConfig{IsOn: true}
+	}
+	inboundConfig.AddPublicList(list.Id, list.Type)
+
+	inboundJSON, err := json.Marshal(inboundConfig)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	_, err = this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallInboundConfig(this.AdminContext(), &pb.UpdateHTTPFirewallInboundConfigRequest{
+		HttpFirewallPolicyId: params.HttpFirewallPolicyId,
+		InboundJSON:          inboundJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}

internal/web/actions/default/servers/iplists/createIPPopup.go

@@ -0,0 +1,103 @@
+package iplists
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/oplogs"
+	"github.com/TeaOSLab/EdgeAdmin/internal/utils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+)
+
+type CreateIPPopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *CreateIPPopupAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *CreateIPPopupAction) RunGet(params struct {
+	ListId int64
+}) {
+	this.Data["listId"] = params.ListId
+
+	this.Show()
+}
+
+func (this *CreateIPPopupAction) RunPost(params struct {
+	ListId     int64
+	IpFrom     string
+	IpTo       string
+	ExpiredAt  int64
+	Reason     string
+	Type       string
+	EventLevel string
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	// 校验IPList
+	existsResp, err := this.RPC().IPListRPC().ExistsEnabledIPList(this.AdminContext(), &pb.ExistsEnabledIPListRequest{IpListId: params.ListId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if !existsResp.Exists {
+		this.Fail("IP名单不存在")
+	}
+
+	switch params.Type {
+	case "ipv4":
+		params.Must.
+			Field("ipFrom", params.IpFrom).
+			Require("请输入开始IP")
+
+		// 校验IP格式（ipFrom/ipTo）
+		var ipFromLong uint64
+		if !utils.IsIPv4(params.IpFrom) {
+			this.Fail("请输入正确的开始IP")
+		}
+		ipFromLong = utils.IP2Long(params.IpFrom)
+
+		var ipToLong uint64
+		if len(params.IpTo) > 0 && !utils.IsIPv4(params.IpTo) {
+			ipToLong = utils.IP2Long(params.IpTo)
+			this.Fail("请输入正确的结束IP")
+		}
+
+		if ipFromLong > 0 && ipToLong > 0 && ipFromLong > ipToLong {
+			params.IpTo, params.IpFrom = params.IpFrom, params.IpTo
+		}
+	case "ipv6":
+		params.Must.
+			Field("ipFrom", params.IpFrom).
+			Require("请输入IP")
+
+		// 校验IP格式（ipFrom）
+		if !utils.IsIPv6(params.IpFrom) {
+			this.Fail("请输入正确的IPv6地址")
+		}
+	case "all":
+		params.IpFrom = "0.0.0.0"
+	}
+
+	createResp, err := this.RPC().IPItemRPC().CreateIPItem(this.AdminContext(), &pb.CreateIPItemRequest{
+		IpListId:   params.ListId,
+		IpFrom:     params.IpFrom,
+		IpTo:       params.IpTo,
+		ExpiredAt:  params.ExpiredAt,
+		Reason:     params.Reason,
+		Type:       params.Type,
+		EventLevel: params.EventLevel,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	itemId := createResp.IpItemId
+
+	// 日志
+	defer this.CreateLog(oplogs.LevelInfo, "在IP名单中添加IP %d", itemId)
+
+	this.Success()
+}

internal/web/actions/default/servers/iplists/createPopup.go

@@ -0,0 +1,64 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package iplists
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type CreatePopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *CreatePopupAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *CreatePopupAction) RunGet(params struct {
+	Type string
+}) {
+	this.Data["type"] = params.Type
+
+	this.Show()
+}
+
+func (this *CreatePopupAction) RunPost(params struct {
+	Name        string
+	Type        string
+	Description string
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	var listId int64 = 0
+	defer func() {
+		defer this.CreateLogInfo("创建IP名单 %d", listId)
+	}()
+
+	params.Must.
+		Field("name", params.Name).
+		Require("请输入名称")
+
+	createResp, err := this.RPC().IPListRPC().CreateIPList(this.AdminContext(), &pb.CreateIPListRequest{
+		Type:        params.Type,
+		Name:        params.Name,
+		Code:        "",
+		TimeoutJSON: nil,
+		IsPublic:    true,
+		Description: params.Description,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	listId = createResp.IpListId
+
+	this.Data["list"] = maps.Map{
+		"type": params.Type,
+	}
+
+	this.Success()
+}

internal/web/actions/default/servers/iplists/delete.go

@@ -0,0 +1,27 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package iplists
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+)
+
+type DeleteAction struct {
+	actionutils.ParentAction
+}
+
+func (this *DeleteAction) RunPost(params struct {
+	ListId int64
+}) {
+	defer this.CreateLogInfo("删除IP名单 %d", params.ListId)
+
+	// 删除
+	_, err := this.RPC().IPListRPC().DeleteIPList(this.AdminContext(), &pb.DeleteIPListRequest{IpListId: params.ListId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}

internal/web/actions/default/servers/iplists/deleteIP.go

@@ -0,0 +1,26 @@
+package iplists
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/oplogs"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+)
+
+type DeleteIPAction struct {
+	actionutils.ParentAction
+}
+
+func (this *DeleteIPAction) RunPost(params struct {
+	ItemId int64
+}) {
+	// 日志
+	defer this.CreateLog(oplogs.LevelInfo, "从IP名单中删除IP %d", params.ItemId)
+
+	_, err := this.RPC().IPItemRPC().DeleteIPItem(this.AdminContext(), &pb.DeleteIPItemRequest{IpItemId: params.ItemId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}

internal/web/actions/default/servers/iplists/export.go

@@ -0,0 +1,25 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package iplists
+
+import "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+
+type ExportAction struct {
+	actionutils.ParentAction
+}
+
+func (this *ExportAction) Init() {
+	this.Nav("", "", "export")
+}
+
+func (this *ExportAction) RunGet(params struct {
+	ListId int64
+}) {
+	err := InitIPList(this.Parent(), params.ListId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Show()
+}

internal/web/actions/default/servers/iplists/exportData.go

@@ -0,0 +1,57 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package iplists
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/utils/numberutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/golang/protobuf/proto"
+	"strconv"
+)
+
+type ExportDataAction struct {
+	actionutils.ParentAction
+}
+
+func (this *ExportDataAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *ExportDataAction) RunGet(params struct {
+	ListId int64
+}) {
+	defer this.CreateLogInfo("导出IP名单 %d", params.ListId)
+
+	resp := &pb.ListIPItemsWithListIdResponse{}
+	var offset int64 = 0
+	var size int64 = 1000
+	for {
+		itemsResp, err := this.RPC().IPItemRPC().ListIPItemsWithListId(this.AdminContext(), &pb.ListIPItemsWithListIdRequest{
+			IpListId: params.ListId,
+			Offset:   offset,
+			Size:     size,
+		})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		if len(itemsResp.IpItems) == 0 {
+			break
+		}
+		for _, item := range itemsResp.IpItems {
+			resp.IpItems = append(resp.IpItems, item)
+		}
+		offset += size
+	}
+
+	data, err := proto.Marshal(resp)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.AddHeader("Content-Disposition", "attachment; filename=\"ip-list-"+numberutils.FormatInt64(params.ListId)+".data\";")
+	this.AddHeader("Content-Length", strconv.Itoa(len(data)))
+	this.Write(data)
+}

internal/web/actions/default/servers/iplists/httpFirewall.go

@@ -0,0 +1,59 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package iplists
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/ipconfigs"
+	"github.com/iwind/TeaGo/maps"
+)
+
+// HttpFirewallAction 显示已经绑定的IP名单
+type HttpFirewallAction struct {
+	actionutils.ParentAction
+}
+
+func (this *HttpFirewallAction) RunPost(params struct {
+	HttpFirewallPolicyId int64
+	Type                 string
+}) {
+	inboundConfig, err := dao.SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicyInboundConfig(this.AdminContext(), params.HttpFirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if inboundConfig == nil {
+		inboundConfig = &firewallconfigs.HTTPFirewallInboundConfig{IsOn: true}
+	}
+	var refs []*ipconfigs.IPListRef
+	switch params.Type {
+	case ipconfigs.IPListTypeBlack:
+		refs = inboundConfig.PublicDenyListRefs
+	case ipconfigs.IPListTypeWhite:
+		refs = inboundConfig.PublicAllowListRefs
+	}
+
+	listMaps := []maps.Map{}
+	for _, ref := range refs {
+		listResp, err := this.RPC().IPListRPC().FindEnabledIPList(this.AdminContext(), &pb.FindEnabledIPListRequest{IpListId: ref.ListId})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		var list = listResp.IpList
+		if list == nil {
+			continue
+		}
+
+		listMaps = append(listMaps, maps.Map{
+			"id":   list.Id,
+			"name": list.Name,
+		})
+	}
+	this.Data["lists"] = listMaps
+
+	this.Success()
+}

internal/web/actions/default/servers/iplists/import.go

@@ -0,0 +1,87 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package iplists
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/golang/protobuf/proto"
+	"github.com/iwind/TeaGo/actions"
+)
+
+type ImportAction struct {
+	actionutils.ParentAction
+}
+
+func (this *ImportAction) Init() {
+	this.Nav("", "", "import")
+}
+
+func (this *ImportAction) RunGet(params struct {
+	ListId int64
+}) {
+	err := InitIPList(this.Parent(), params.ListId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Show()
+}
+
+func (this *ImportAction) RunPost(params struct {
+	ListId int64
+	File   *actions.File
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	defer this.CreateLogInfo("导入IP名单 %d", params.ListId)
+
+	existsResp, err := this.RPC().IPListRPC().ExistsEnabledIPList(this.AdminContext(), &pb.ExistsEnabledIPListRequest{IpListId: params.ListId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if !existsResp.Exists {
+		this.Fail("IP名单不存在")
+	}
+
+	if params.File == nil {
+		this.Fail("请选择要导入的IP文件")
+	}
+
+	data, err := params.File.Read()
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	resp := &pb.ListIPItemsWithListIdResponse{}
+	err = proto.Unmarshal(data, resp)
+	if err != nil {
+		this.Fail("导入失败，文件格式错误：" + err.Error())
+	}
+
+	var count = 0
+	var countIgnore = 0
+	for _, item := range resp.IpItems {
+		_, err = this.RPC().IPItemRPC().CreateIPItem(this.AdminContext(), &pb.CreateIPItemRequest{
+			IpListId:   params.ListId,
+			IpFrom:     item.IpFrom,
+			IpTo:       item.IpTo,
+			ExpiredAt:  item.ExpiredAt,
+			Reason:     item.Reason,
+			Type:       item.Type,
+			EventLevel: item.EventLevel,
+		})
+		if err != nil {
+			this.Fail("导入过程中出错：" + err.Error())
+		}
+		count++
+	}
+
+	this.Data["count"] = count
+	this.Data["countIgnore"] = countIgnore
+
+	this.Success()
+}

internal/web/actions/default/servers/iplists/index.go

@@ -0,0 +1,76 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package iplists
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/ipconfigs"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "", "index")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	Type    string
+	Keyword string
+}) {
+	if len(params.Type) == 0 {
+		params.Type = ipconfigs.IPListTypeBlack
+	}
+	this.Data["type"] = params.Type
+	this.Data["keyword"] = params.Keyword
+
+	countResp, err := this.RPC().IPListRPC().CountAllEnabledIPLists(this.AdminContext(), &pb.CountAllEnabledIPListsRequest{
+		Type:     params.Type,
+		IsPublic: true,
+		Keyword:  params.Keyword,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	count := countResp.Count
+	page := this.NewPage(count)
+	this.Data["page"] = page.AsHTML()
+
+	listsResp, err := this.RPC().IPListRPC().ListEnabledIPLists(this.AdminContext(), &pb.ListEnabledIPListsRequest{
+		Type:     params.Type,
+		IsPublic: true,
+		Keyword:  params.Keyword,
+		Offset:   page.Offset,
+		Size:     page.Size,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var listMaps = []maps.Map{}
+	for _, list := range listsResp.IpLists {
+		// 包含的IP数量
+		countItemsResp, err := this.RPC().IPItemRPC().CountIPItemsWithListId(this.AdminContext(), &pb.CountIPItemsWithListIdRequest{IpListId: list.Id})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		var countItems = countItemsResp.Count
+
+		listMaps = append(listMaps, maps.Map{
+			"id":          list.Id,
+			"isOn":        list.IsOn,
+			"name":        list.Name,
+			"description": list.Description,
+			"countItems":  countItems,
+			"type":        list.Type,
+		})
+	}
+	this.Data["lists"] = listMaps
+
+	this.Show()
+}

internal/web/actions/default/servers/iplists/init.go

@@ -0,0 +1,39 @@
+package iplists
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
+	"github.com/iwind/TeaGo"
+)
+
+func init() {
+	TeaGo.BeforeStart(func(server *TeaGo.Server) {
+		server.
+			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeServer)).
+			Data("teaMenu", "servers").
+			Data("teaSubMenu", "iplist").
+			Prefix("/servers/iplists").
+			Get("", new(IndexAction)).
+			GetPost("/createPopup", new(CreatePopupAction)).
+			Get("/list", new(ListAction)).
+			GetPost("/import", new(ImportAction)).
+			GetPost("/export", new(ExportAction)).
+			Get("/exportData", new(ExportDataAction)).
+			Post("/delete", new(DeleteAction)).
+			GetPost("/test", new(TestAction)).
+			GetPost("/update", new(UpdateAction)).
+			Get("/items", new(ItemsAction)).
+
+			// IP相关
+			GetPost("/createIPPopup", new(CreateIPPopupAction)).
+			GetPost("/updateIPPopup", new(UpdateIPPopupAction)).
+			Post("/deleteIP", new(DeleteIPAction)).
+
+			// 防火墙
+			GetPost("/bindHTTPFirewallPopup", new(BindHTTPFirewallPopupAction)).
+			Post("/unbindHTTPFirewall", new(UnbindHTTPFirewallAction)).
+			Post("/httpFirewall", new(HttpFirewallAction)).
+
+			EndAll()
+	})
+}

internal/web/actions/default/servers/iplists/items.go

@@ -0,0 +1,71 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package iplists
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/maps"
+	timeutil "github.com/iwind/TeaGo/utils/time"
+)
+
+type ItemsAction struct {
+	actionutils.ParentAction
+}
+
+func (this *ItemsAction) Init() {
+	this.Nav("", "", "item")
+}
+
+func (this *ItemsAction) RunGet(params struct {
+	ListId int64
+}) {
+	err := InitIPList(this.Parent(), params.ListId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	// 数量
+	var listId = params.ListId
+	countResp, err := this.RPC().IPItemRPC().CountIPItemsWithListId(this.AdminContext(), &pb.CountIPItemsWithListIdRequest{IpListId: listId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	count := countResp.Count
+	page := this.NewPage(count)
+	this.Data["page"] = page.AsHTML()
+
+	// 列表
+	itemsResp, err := this.RPC().IPItemRPC().ListIPItemsWithListId(this.AdminContext(), &pb.ListIPItemsWithListIdRequest{
+		IpListId: listId,
+		Offset:   page.Offset,
+		Size:     page.Size,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	itemMaps := []maps.Map{}
+	for _, item := range itemsResp.IpItems {
+		expiredTime := ""
+		if item.ExpiredAt > 0 {
+			expiredTime = timeutil.FormatTime("Y-m-d H:i:s", item.ExpiredAt)
+		}
+
+		itemMaps = append(itemMaps, maps.Map{
+			"id":             item.Id,
+			"ipFrom":         item.IpFrom,
+			"ipTo":           item.IpTo,
+			"expiredTime":    expiredTime,
+			"reason":         item.Reason,
+			"type":           item.Type,
+			"eventLevelName": firewallconfigs.FindFirewallEventLevelName(item.EventLevel),
+		})
+	}
+	this.Data["items"] = itemMaps
+
+	this.Show()
+}

internal/web/actions/default/servers/iplists/list.go

@@ -0,0 +1,25 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package iplists
+
+import "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+
+type ListAction struct {
+	actionutils.ParentAction
+}
+
+func (this *ListAction) Init() {
+	this.Nav("", "", "list")
+}
+
+func (this *ListAction) RunGet(params struct{
+	ListId int64
+}) {
+	err := InitIPList(this.Parent(), params.ListId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Show()
+}

internal/web/actions/default/servers/iplists/test.go

@@ -0,0 +1,74 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package iplists
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
+	timeutil "github.com/iwind/TeaGo/utils/time"
+)
+
+type TestAction struct {
+	actionutils.ParentAction
+}
+
+func (this *TestAction) Init() {
+	this.Nav("", "", "test")
+}
+
+func (this *TestAction) RunGet(params struct {
+	ListId int64
+}) {
+	err := InitIPList(this.Parent(), params.ListId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Show()
+}
+
+func (this *TestAction) RunPost(params struct {
+	ListId int64
+	Ip     string
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	resp, err := this.RPC().IPItemRPC().CheckIPItemStatus(this.AdminContext(), &pb.CheckIPItemStatusRequest{
+		IpListId: params.ListId,
+		Ip:       params.Ip,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	resultMap := maps.Map{
+		"isDone":    true,
+		"isFound":   resp.IsFound,
+		"isOk":      resp.IsOk,
+		"error":     resp.Error,
+		"isAllowed": resp.IsAllowed,
+	}
+
+	if resp.IpItem != nil {
+		resultMap["item"] = maps.Map{
+			"id":             resp.IpItem.Id,
+			"ipFrom":         resp.IpItem.IpFrom,
+			"ipTo":           resp.IpItem.IpTo,
+			"reason":         resp.IpItem.Reason,
+			"expiredAt":      resp.IpItem.ExpiredAt,
+			"expiredTime":    timeutil.FormatTime("Y-m-d H:i:s", resp.IpItem.ExpiredAt),
+			"type":           resp.IpItem.Type,
+			"eventLevelName": firewallconfigs.FindFirewallEventLevelName(resp.IpItem.EventLevel),
+		}
+	}
+
+	this.Data["result"] = resultMap
+
+	this.Success()
+}

internal/web/actions/default/servers/iplists/unbindHTTPFirewall.go

@@ -0,0 +1,58 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package iplists
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+)
+
+type UnbindHTTPFirewallAction struct {
+	actionutils.ParentAction
+}
+
+func (this *UnbindHTTPFirewallAction) RunPost(params struct {
+	HttpFirewallPolicyId int64
+	ListId               int64
+}) {
+	// List类型
+	listResp, err := this.RPC().IPListRPC().FindEnabledIPList(this.AdminContext(), &pb.FindEnabledIPListRequest{IpListId: params.ListId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var list = listResp.IpList
+	if list == nil {
+		this.Fail("找不到要使用的IP名单")
+	}
+
+	// 已经绑定的
+	inboundConfig, err := dao.SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicyInboundConfig(this.AdminContext(), params.HttpFirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if inboundConfig == nil {
+		inboundConfig = &firewallconfigs.HTTPFirewallInboundConfig{IsOn: true}
+	}
+	inboundConfig.RemovePublicList(list.Id, list.Type)
+
+	inboundJSON, err := json.Marshal(inboundConfig)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	_, err = this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallInboundConfig(this.AdminContext(), &pb.UpdateHTTPFirewallInboundConfigRequest{
+		HttpFirewallPolicyId: params.HttpFirewallPolicyId,
+		InboundJSON:          inboundJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}

internal/web/actions/default/servers/iplists/update.go

@@ -0,0 +1,58 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package iplists
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+)
+
+type UpdateAction struct {
+	actionutils.ParentAction
+}
+
+func (this *UpdateAction) Init() {
+	this.Nav("", "", "update")
+}
+
+func (this *UpdateAction) RunGet(params struct {
+	ListId int64
+}) {
+	err := InitIPList(this.Parent(), params.ListId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Show()
+}
+
+func (this *UpdateAction) RunPost(params struct {
+	ListId      int64
+	Name        string
+	Type        string
+	Description string
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	defer this.CreateLogInfo("修改IP名单 %d", params.ListId)
+
+	params.Must.
+		Field("name", params.Name).
+		Require("请输入名称")
+
+	_, err := this.RPC().IPListRPC().UpdateIPList(this.AdminContext(), &pb.UpdateIPListRequest{
+		IpListId:    params.ListId,
+		Name:        params.Name,
+		Code:        "",
+		TimeoutJSON: nil,
+		Description: params.Description,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Success()
+}

internal/web/actions/default/servers/iplists/updateIPPopup.go

@@ -0,0 +1,117 @@
+package iplists
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/oplogs"
+	"github.com/TeaOSLab/EdgeAdmin/internal/utils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type UpdateIPPopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *UpdateIPPopupAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *UpdateIPPopupAction) RunGet(params struct {
+	ItemId int64
+}) {
+	itemResp, err := this.RPC().IPItemRPC().FindEnabledIPItem(this.AdminContext(), &pb.FindEnabledIPItemRequest{IpItemId: params.ItemId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	item := itemResp.IpItem
+	if item == nil {
+		this.NotFound("ipItem", params.ItemId)
+		return
+	}
+
+	this.Data["item"] = maps.Map{
+		"id":         item.Id,
+		"ipFrom":     item.IpFrom,
+		"ipTo":       item.IpTo,
+		"expiredAt":  item.ExpiredAt,
+		"reason":     item.Reason,
+		"type":       item.Type,
+		"eventLevel": item.EventLevel,
+	}
+
+	this.Data["type"] = item.Type
+
+	this.Show()
+}
+
+func (this *UpdateIPPopupAction) RunPost(params struct {
+	ItemId int64
+
+	IpFrom     string
+	IpTo       string
+	ExpiredAt  int64
+	Reason     string
+	Type       string
+	EventLevel string
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	// 日志
+	defer this.CreateLog(oplogs.LevelInfo, "修改IP名单中IP %d", params.ItemId)
+
+	// TODO 校验ItemId所属用户
+
+	switch params.Type {
+	case "ipv4":
+		params.Must.
+			Field("ipFrom", params.IpFrom).
+			Require("请输入开始IP")
+
+		// 校验IP格式（ipFrom/ipTo）
+		var ipFromLong uint64
+		if !utils.IsIPv4(params.IpFrom) {
+			this.Fail("请输入正确的开始IP")
+		}
+		ipFromLong = utils.IP2Long(params.IpFrom)
+
+		var ipToLong uint64
+		if len(params.IpTo) > 0 && !utils.IsIPv4(params.IpTo) {
+			ipToLong = utils.IP2Long(params.IpTo)
+			this.Fail("请输入正确的结束IP")
+		}
+
+		if ipFromLong > 0 && ipToLong > 0 && ipFromLong > ipToLong {
+			params.IpTo, params.IpFrom = params.IpFrom, params.IpTo
+		}
+	case "ipv6":
+		params.Must.
+			Field("ipFrom", params.IpFrom).
+			Require("请输入IP")
+
+		// 校验IP格式（ipFrom）
+		if !utils.IsIPv6(params.IpFrom) {
+			this.Fail("请输入正确的IPv6地址")
+		}
+	case "all":
+		params.IpFrom = "0.0.0.0"
+	}
+
+	_, err := this.RPC().IPItemRPC().UpdateIPItem(this.AdminContext(), &pb.UpdateIPItemRequest{
+		IpItemId:   params.ItemId,
+		IpFrom:     params.IpFrom,
+		IpTo:       params.IpTo,
+		ExpiredAt:  params.ExpiredAt,
+		Reason:     params.Reason,
+		Type:       params.Type,
+		EventLevel: params.EventLevel,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}

internal/web/actions/default/servers/iplists/utils.go

@@ -0,0 +1,52 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package iplists
+
+import (
+	"errors"
+	"github.com/TeaOSLab/EdgeAdmin/internal/rpc"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/maps"
+)
+
+func InitIPList(action *actionutils.ParentAction, listId int64) error {
+	client, err := rpc.SharedRPC()
+	if err != nil {
+		return err
+	}
+	listResp, err := client.IPListRPC().FindEnabledIPList(action.AdminContext(), &pb.FindEnabledIPListRequest{IpListId: listId})
+	if err != nil {
+		return err
+	}
+	list := listResp.IpList
+	if list == nil {
+		return errors.New("not found")
+	}
+
+	var typeName = ""
+	switch list.Type {
+	case "black":
+		typeName = "黑名单"
+	case "white":
+		typeName = "白名单"
+	}
+
+	// IP数量
+	countItemsResp, err := client.IPItemRPC().CountIPItemsWithListId(action.AdminContext(), &pb.CountIPItemsWithListIdRequest{IpListId: listId})
+	if err != nil {
+		return err
+	}
+	countItems := countItemsResp.Count
+
+	action.Data["list"] = maps.Map{
+		"id":          list.Id,
+		"name":        list.Name,
+		"type":        list.Type,
+		"typeName":    typeName,
+		"description": list.Description,
+		"isOn":        list.IsOn,
+		"countItems":  countItems,
+	}
+	return nil
+}