WAF支持更多动作

2026-01-04 18:16:36 +08:00 · 2021-07-14 22:45:52 +08:00
parent 00c158f0a5
commit 91443e199b
14 changed files with 836 additions and 145 deletions
--- a/internal/web/actions/default/servers/components/waf/createSetPopup.go
+++ b/internal/web/actions/default/servers/components/waf/createSetPopup.go
@@ -9,7 +9,6 @@ import (
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/maps"
 	"strconv"
-	"strings"
 )

 type CreateSetPopupAction struct {
@@ -53,6 +52,7 @@ func (this *CreateSetPopupAction) RunGet(params struct {
 		},
 	}

+	// 所有可选的动作
 	actionMaps := []maps.Map{}
 	for _, action := range firewallconfigs.AllActions {
 		actionMaps = append(actionMaps, maps.Map{
@@ -69,10 +69,10 @@ func (this *CreateSetPopupAction) RunGet(params struct {
 func (this *CreateSetPopupAction) RunPost(params struct {
 	GroupId int64

-	Name      string
-	RulesJSON []byte
-	Connector string
-	Action    string
+	Name        string
+	RulesJSON   []byte
+	Connector   string
+	ActionsJSON []byte

 	Must *actions.Must
 }) {
@@ -96,32 +96,34 @@ func (this *CreateSetPopupAction) RunPost(params struct {
 	err = json.Unmarshal(params.RulesJSON, &rules)
 	if err != nil {
 		this.ErrorPage(err)
+		return
 	}
 	if len(rules) == 0 {
 		this.Fail("请添加至少一个规则")
 	}

-	setConfig := &firewallconfigs.HTTPFirewallRuleSet{
-		Id:            0,
-		IsOn:          true,
-		Name:          params.Name,
-		Code:          "",
-		Description:   "",
-		Connector:     params.Connector,
-		RuleRefs:      nil,
-		Rules:         rules,
-		Action:        params.Action,
-		ActionOptions: maps.Map{},
+	var actionConfigs = []*firewallconfigs.HTTPFirewallActionConfig{}
+	if len(params.ActionsJSON) > 0 {
+		err = json.Unmarshal(params.ActionsJSON, &actionConfigs)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+	}
+	if len(actionConfigs) == 0 {
+		this.Fail("请添加至少一个动作")
 	}

-	for k, v := range this.ParamsMap {
-		if len(v) == 0 {
-			continue
-		}
-		index := strings.Index(k, "action_")
-		if index > -1 {
-			setConfig.ActionOptions[k[len("action_"):]] = v[0]
-		}
+	setConfig := &firewallconfigs.HTTPFirewallRuleSet{
+		Id:          0,
+		IsOn:        true,
+		Name:        params.Name,
+		Code:        "",
+		Description: "",
+		Connector:   params.Connector,
+		RuleRefs:    nil,
+		Rules:       rules,
+		Actions:     actionConfigs,
 	}

 	setConfigJSON, err := json.Marshal(setConfig)
--- a/internal/web/actions/default/servers/components/waf/group.go
+++ b/internal/web/actions/default/servers/components/waf/group.go
@@ -6,7 +6,6 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
 	"github.com/iwind/TeaGo/lists"
 	"github.com/iwind/TeaGo/maps"
-	"strconv"
 	"strings"
 )

@@ -54,31 +53,19 @@ func (this *GroupAction) RunGet(params struct {
 		set := v.(*firewallconfigs.HTTPFirewallRuleSet)

 		// 动作说明
-		actionLinks := []maps.Map{}
-		if set.Action == firewallconfigs.HTTPFirewallActionGoGroup {
-			nextGroup := firewallPolicy.FindRuleGroup(set.ActionOptions.GetInt64("groupId"))
-			if nextGroup != nil {
-				actionLinks = append(actionLinks, maps.Map{
-					"name": nextGroup.Name,
-					"url":  "/servers/components/waf/group?firewallPolicyId=" + strconv.FormatInt(params.FirewallPolicyId, 10) + "&type=" + params.Type + "&groupId=" + strconv.FormatInt(nextGroup.Id, 10),
-				})
+		var actionMaps = []maps.Map{}
+		for _, action := range set.Actions {
+			def := firewallconfigs.FindActionDefinition(action.Code)
+			if def == nil {
+				continue
 			}
-		} else if set.Action == firewallconfigs.HTTPFirewallActionGoSet {
-			nextGroup := firewallPolicy.FindRuleGroup(set.ActionOptions.GetInt64("groupId"))
-			if nextGroup != nil {
-				actionLinks = append(actionLinks, maps.Map{
-					"name": nextGroup.Name,
-					"url":  "/servers/components/waf/group?firewallPolicyId=" + strconv.FormatInt(params.FirewallPolicyId, 10) + "&type=" + params.Type + "&groupId=" + strconv.FormatInt(nextGroup.Id, 10),
-				})

-				nextSet := nextGroup.FindRuleSet(set.ActionOptions.GetInt64("setId"))
-				if nextSet != nil {
-					actionLinks = append(actionLinks, maps.Map{
-						"name": nextSet.Name,
-						"url":  "/servers/components/waf/group?firewallPolicyId=" + strconv.FormatInt(params.FirewallPolicyId, 10) + "&type=" + params.Type + "&groupId=" + strconv.FormatInt(nextGroup.Id, 10),
-					})
-				}
-			}
+			actionMaps = append(actionMaps, maps.Map{
+				"code":     strings.ToUpper(action.Code),
+				"name":     def.Name,
+				"category": def.Category,
+				"options":  action.Options,
+			})
 		}

 		return maps.Map{
@@ -95,12 +82,9 @@ func (this *GroupAction) RunGet(params struct {
 					"isComposed":        firewallconfigs.CheckCheckpointIsComposed(rule.Prefix()),
 				}
 			}),
-			"isOn":          set.IsOn,
-			"action":        strings.ToUpper(set.Action),
-			"actionOptions": set.ActionOptions,
-			"actionName":    firewallconfigs.FindActionName(set.Action),
-			"actionLinks":   actionLinks,
-			"connector":     strings.ToUpper(set.Connector),
+			"isOn":      set.IsOn,
+			"actions":   actionMaps,
+			"connector": strings.ToUpper(set.Connector),
 		}
 	})

--- a/internal/web/actions/default/servers/components/waf/updateSetPopup.go
+++ b/internal/web/actions/default/servers/components/waf/updateSetPopup.go
@@ -9,7 +9,6 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/maps"
-	"strings"
 )

 type UpdateSetPopupAction struct {
@@ -79,6 +78,14 @@ func (this *UpdateSetPopupAction) RunGet(params struct {
 	}
 	this.Data["setConfig"] = setConfig

+	// action configs
+	actionConfigs, err := dao.SharedHTTPFirewallPolicyDAO.FindHTTPFirewallActionConfigs(this.AdminContext(), setConfig.Actions)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["actionConfigs"] = actionConfigs
+
 	this.Show()
 }

@@ -86,10 +93,10 @@ func (this *UpdateSetPopupAction) RunPost(params struct {
 	GroupId int64
 	SetId   int64

-	Name      string
-	RulesJSON []byte
-	Connector string
-	Action    string
+	Name        string
+	RulesJSON   []byte
+	Connector   string
+	ActionsJSON []byte

 	Must *actions.Must
 }) {
@@ -115,26 +122,28 @@ func (this *UpdateSetPopupAction) RunPost(params struct {
 	err = json.Unmarshal(params.RulesJSON, &rules)
 	if err != nil {
 		this.ErrorPage(err)
+		return
 	}
 	if len(rules) == 0 {
 		this.Fail("请添加至少一个规则")
 	}

+	var actionConfigs = []*firewallconfigs.HTTPFirewallActionConfig{}
+	if len(params.ActionsJSON) > 0 {
+		err = json.Unmarshal(params.ActionsJSON, &actionConfigs)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+	}
+	if len(actionConfigs) == 0 {
+		this.Fail("请添加至少一个动作")
+	}
+
 	setConfig.Name = params.Name
 	setConfig.Connector = params.Connector
 	setConfig.Rules = rules
-	setConfig.Action = params.Action
-	setConfig.ActionOptions = maps.Map{}
-
-	for k, v := range this.ParamsMap {
-		if len(v) == 0 {
-			continue
-		}
-		index := strings.Index(k, "action_")
-		if index > -1 {
-			setConfig.ActionOptions[k[len("action_"):]] = v[0]
-		}
-	}
+	setConfig.Actions = actionConfigs

 	setConfigJSON, err := json.Marshal(setConfig)
 	if err != nil {