From 97c9f145fa9fa6e8b4153b9e75f9331a8408a6e3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=88=98=E7=A5=A5=E8=B6=85?= <iwind.liu@gmail.com>
Date: Sun, 22 Nov 2020 16:54:31 +0800
Subject: [PATCH] =?UTF-8?q?[waf]=E5=8F=AF=E4=BB=A5=E9=85=8D=E7=BD=AE?=
 =?UTF-8?q?=E9=98=BB=E6=AD=A2=E5=8A=A8=E4=BD=9C=E7=9A=84=E7=8A=B6=E6=80=81?=
 =?UTF-8?q?=E7=A0=81=E5=92=8C=E6=8F=90=E7=A4=BA=E5=86=85=E5=AE=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../default/servers/components/waf/policy.go  | 11 +++---
 .../default/servers/components/waf/update.go  | 21 +++++++++--
 .../server/http-firewall-block-options.js     | 37 +++++++++++++++++++
 .../servers/components/waf/group.html         |  4 +-
 .../servers/components/waf/policy.html        | 18 +++++++++
 .../servers/components/waf/update.html        |  6 +++
 6 files changed, 86 insertions(+), 11 deletions(-)
 create mode 100644 web/public/js/components/server/http-firewall-block-options.js

diff --git a/internal/web/actions/default/servers/components/waf/policy.go b/internal/web/actions/default/servers/components/waf/policy.go
index 32dc8adb..16719e6e 100644
--- a/internal/web/actions/default/servers/components/waf/policy.go
+++ b/internal/web/actions/default/servers/components/waf/policy.go
@@ -47,11 +47,12 @@ func (this *PolicyAction) RunGet(params struct {
 	}
 
 	this.Data["firewallPolicy"] = maps.Map{
-		"id":          firewallPolicy.Id,
-		"name":        firewallPolicy.Name,
-		"isOn":        firewallPolicy.IsOn,
-		"description": firewallPolicy.Description,
-		"groups":      internalGroups,
+		"id":           firewallPolicy.Id,
+		"name":         firewallPolicy.Name,
+		"isOn":         firewallPolicy.IsOn,
+		"description":  firewallPolicy.Description,
+		"groups":       internalGroups,
+		"blockOptions": firewallPolicy.BlockOptions,
 	}
 
 	// 正在使用此策略的服务
diff --git a/internal/web/actions/default/servers/components/waf/update.go b/internal/web/actions/default/servers/components/waf/update.go
index 276ab0de..9ec0f06f 100644
--- a/internal/web/actions/default/servers/components/waf/update.go
+++ b/internal/web/actions/default/servers/components/waf/update.go
@@ -8,6 +8,7 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/maps"
+	"net/http"
 )
 
 type UpdateAction struct {
@@ -30,11 +31,21 @@ func (this *UpdateAction) RunGet(params struct {
 		this.NotFound("firewallPolicy", params.FirewallPolicyId)
 		return
 	}
+
+	if firewallPolicy.BlockOptions == nil {
+		firewallPolicy.BlockOptions = &firewallconfigs.HTTPFirewallBlockAction{
+			StatusCode: http.StatusForbidden,
+			Body:       "Blocked By WAF",
+			URL:        "",
+		}
+	}
+
 	this.Data["firewallPolicy"] = maps.Map{
-		"id":          firewallPolicy.Id,
-		"name":        firewallPolicy.Name,
-		"description": firewallPolicy.Description,
-		"isOn":        firewallPolicy.IsOn,
+		"id":           firewallPolicy.Id,
+		"name":         firewallPolicy.Name,
+		"description":  firewallPolicy.Description,
+		"isOn":         firewallPolicy.IsOn,
+		"blockOptions": firewallPolicy.BlockOptions,
 	}
 
 	// 预置分组
@@ -63,6 +74,7 @@ func (this *UpdateAction) RunPost(params struct {
 	FirewallPolicyId int64
 	Name             string
 	GroupCodes       []string
+	BlockOptionsJSON []byte
 	Description      string
 	IsOn             bool
 
@@ -81,6 +93,7 @@ func (this *UpdateAction) RunPost(params struct {
 		Name:               params.Name,
 		Description:        params.Description,
 		FirewallGroupCodes: params.GroupCodes,
+		BlockOptionsJSON:   params.BlockOptionsJSON,
 	})
 	if err != nil {
 		this.ErrorPage(err)
diff --git a/web/public/js/components/server/http-firewall-block-options.js b/web/public/js/components/server/http-firewall-block-options.js
new file mode 100644
index 00000000..7341108b
--- /dev/null
+++ b/web/public/js/components/server/http-firewall-block-options.js
@@ -0,0 +1,37 @@
+Vue.component("http-firewall-block-options", {
+	props: ["v-block-options"],
+	data: function () {
+		return {
+			blockOptions: this.vBlockOptions,
+			statusCode: this.vBlockOptions.statusCode
+		}
+	},
+	watch: {
+		statusCode: function (v) {
+			let statusCode = parseInt(v)
+			if (isNaN(statusCode)) {
+				this.blockOptions.statusCode = 403
+			} else {
+				this.blockOptions.statusCode = statusCode
+			}
+		}
+	},
+	template: `<div>
+<input type="hidden" name="blockOptionsJSON" :value="JSON.stringify(blockOptions)"/>
+	<table class="ui table">
+		<tr>
+			<td class="title">状态码</td>
+			<td>
+				<input type="text" v-model="statusCode" style="width:4.5em" maxlength="3"/>
+			</td>
+		</tr>
+		<tr>
+			<td>提示内容</td>
+			<td>
+				<textarea rows="3" v-model="blockOptions.body"></textarea>
+			</td>
+		</tr>
+	</table>
+</div>	
+`
+})
\ No newline at end of file
diff --git a/web/views/@default/servers/components/waf/group.html b/web/views/@default/servers/components/waf/group.html
index aaaccaaa..e677875c 100644
--- a/web/views/@default/servers/components/waf/group.html
+++ b/web/views/@default/servers/components/waf/group.html
@@ -41,7 +41,7 @@
 		<tbody v-for="set in sets" :data-set-id="set.id">
 		<tr>
 			<td style="text-align: center;"><i class="icon bars handle grey"></i> </td>
-			<td><span :class="{disabled:!set.isOn}">{{set.name}}</span>
+			<td nowrap=""><span :class="{disabled:!set.isOn}">{{set.name}}</span>
 				<p style="margin-top:0.5em">
 					<label-on :v-is-on="set.isOn"></label-on>
 				</p>
@@ -53,7 +53,7 @@
 				<span class="ui disabled" v-if="set.rules.length == 0">暂时还没有规则</span>
 			</td>
 			<td class="center">{{set.connector.toUpperCase()}}</td>
-			<td><span :class="{red:set.action == 'BLOCK' || set.action == 'CAPTCHA', green:set.action != 'BLOCK' && set.action != 'CAPTCHA'}">{{set.actionName}}[{{set.action.toUpperCase()}}]</span>
+			<td nowrap=""><span :class="{red:set.action == 'BLOCK' || set.action == 'CAPTCHA', green:set.action != 'BLOCK' && set.action != 'CAPTCHA'}">{{set.actionName}}[{{set.action.toUpperCase()}}]</span>
 				<div v-if="set.actionLinks != null && set.actionLinks.length > 0" style="margin-top:0.3em">
 					<span class="disabled">-&gt;</span> <span v-for="link in set.actionLinks"><a :href="link.url"><span class="disabled">[{{link.name}}]</span></a> &nbsp;</span>
 				</div>
diff --git a/web/views/@default/servers/components/waf/policy.html b/web/views/@default/servers/components/waf/policy.html
index 933e05a8..36cb3826 100644
--- a/web/views/@default/servers/components/waf/policy.html
+++ b/web/views/@default/servers/components/waf/policy.html
@@ -21,6 +21,24 @@
 				<span class="ui label tiny basic" v-for="group in firewallPolicy.groups" style="margin-bottom:0.5em" :class="{disabled:!group.isOn}">{{group.name}}</span>
 			</td>
 		</tr>
+		<tr>
+			<td>阻止动作设置</td>
+			<td>
+				<span v-if="firewallPolicy.blockOptions == null" class="disabled">还没有设置。</span>
+				<div v-else>
+					<table class="ui table">
+						<tr>
+							<td class="title">状态码</td>
+							<td>{{firewallPolicy.blockOptions.statusCode}}</td>
+						</tr>
+						<tr>
+							<td>提示内容</td>
+							<td>{{firewallPolicy.blockOptions.body}}</td>
+						</tr>
+					</table>
+				</div>
+			</td>
+		</tr>
 		<tr>
 			<td>描述</td>
 			<td>
diff --git a/web/views/@default/servers/components/waf/update.html b/web/views/@default/servers/components/waf/update.html
index e7c46fde..82feb663 100644
--- a/web/views/@default/servers/components/waf/update.html
+++ b/web/views/@default/servers/components/waf/update.html
@@ -24,6 +24,12 @@
 					<p class="comment">可以启用一些我们预置的规则组。</p>
 				</td>
 			</tr>
+			<tr>
+				<td>阻止动作配置</td>
+				<td>
+					<http-firewall-block-options :v-block-options="firewallPolicy.blockOptions"></http-firewall-block-options>
+				</td>
+			</tr>
 			<tr>
 				<td colspan="2"><more-options-indicator></more-options-indicator></td>
 			</tr>