TRKJ/EdgeAdmin
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeAdmin.git synced 2025-12-14 20:06:34 +08:00
Code Issues Packages Projects Releases Wiki Activity

改进WAF策略的区域封禁

Browse Source
This commit is contained in:
刘祥超
2023-07-07 15:28:29 +08:00
parent 981d1c626b
commit a5e97fc425
14 changed files with 383 additions and 356 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
internal/web/actions/default/servers/components/waf/ipadmin/index.go
View File

@@ -7,6 +7,7 @@ import (
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
"github.com/iwind/TeaGo/actions"
"github.com/iwind/TeaGo/lists"
"github.com/iwind/TeaGo/maps"
@@ -36,9 +37,12 @@ func (this *IndexAction) RunGet(params struct {
this.NotFound("firewallPolicy", params.FirewallPolicyId)
return
}
var selectedCountryIds = []int64{}
var deniedCountryIds = []int64{}
var allowedCountryIds = []int64{}
if policyConfig.Inbound != nil && policyConfig.Inbound.Region != nil {
selectedCountryIds = policyConfig.Inbound.Region.DenyCountryIds
deniedCountryIds = policyConfig.Inbound.Region.DenyCountryIds
allowedCountryIds = policyConfig.Inbound.Region.AllowCountryIds
}
countriesResp, err := this.RPC().RegionCountryRPC().FindAllRegionCountries(this.AdminContext(), &pb.FindAllRegionCountriesRequest{})
@@ -46,23 +50,46 @@ func (this *IndexAction) RunGet(params struct {
this.ErrorPage(err)
return
}
var countryMaps = []maps.Map{}
var deniesCountryMaps = []maps.Map{}
var allowedCountryMaps = []maps.Map{}
for _, country := range countriesResp.RegionCountries {
countryMaps = append(countryMaps, maps.Map{
"id": country.Id,
"name": country.DisplayName,
"letter": strings.ToUpper(string(country.Pinyin[0][0])),
"isChecked": lists.ContainsInt64(selectedCountryIds, country.Id),
})
var countryMap = maps.Map{
"id": country.Id,
"name": country.DisplayName,
"letter": strings.ToUpper(string(country.Pinyin[0][0])),
}
if lists.ContainsInt64(deniedCountryIds, country.Id) {
deniesCountryMaps = append(deniesCountryMaps, countryMap)
}
if lists.ContainsInt64(allowedCountryIds, country.Id) {
allowedCountryMaps = append(allowedCountryMaps, countryMap)
}
}
this.Data["deniedCountries"] = deniesCountryMaps
this.Data["allowedCountries"] = allowedCountryMaps
// except & only URL Patterns
this.Data["exceptURLPatterns"] = []*shared.URLPattern{}
this.Data["onlyURLPatterns"] = []*shared.URLPattern{}
if policyConfig.Inbound != nil && policyConfig.Inbound.Region != nil {
if len(policyConfig.Inbound.Region.CountryExceptURLPatterns) > 0 {
this.Data["exceptURLPatterns"] = policyConfig.Inbound.Region.CountryExceptURLPatterns
}
if len(policyConfig.Inbound.Region.CountryOnlyURLPatterns) > 0 {
this.Data["onlyURLPatterns"] = policyConfig.Inbound.Region.CountryOnlyURLPatterns
}
}
this.Data["countries"] = countryMaps
this.Show()
}
func (this *IndexAction) RunPost(params struct {
FirewallPolicyId int64
CountryIds []int64
DenyCountryIds []int64
AllowCountryIds []int64
ExceptURLPatternsJSON []byte
OnlyURLPatternsJSON []byte
Must *actions.Must
}) {
@@ -87,7 +114,30 @@ func (this *IndexAction) RunPost(params struct {
IsOn: true,
}
}
policyConfig.Inbound.Region.DenyCountryIds = params.CountryIds
policyConfig.Inbound.Region.DenyCountryIds = params.DenyCountryIds
policyConfig.Inbound.Region.AllowCountryIds = params.AllowCountryIds
// 例外URL
var exceptURLPatterns = []*shared.URLPattern{}
if len(params.ExceptURLPatternsJSON) > 0 {
err = json.Unmarshal(params.ExceptURLPatternsJSON, &exceptURLPatterns)
if err != nil {
this.Fail("校验例外URL参数失败" + err.Error())
return
}
}
policyConfig.Inbound.Region.CountryExceptURLPatterns = exceptURLPatterns
// 限制URL
var onlyURLPatterns = []*shared.URLPattern{}
if len(params.OnlyURLPatternsJSON) > 0 {
err = json.Unmarshal(params.OnlyURLPatternsJSON, &onlyURLPatterns)
if err != nil {
this.Fail("校验限制URL参数失败" + err.Error())
return
}
}
policyConfig.Inbound.Region.CountryOnlyURLPatterns = onlyURLPatterns
inboundJSON, err := json.Marshal(policyConfig.Inbound)
if err != nil {

72
internal/web/actions/default/servers/components/waf/ipadmin/provinces.go
View File

@@ -8,6 +8,7 @@ import (
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/regionconfigs"
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
"github.com/iwind/TeaGo/actions"
"github.com/iwind/TeaGo/lists"
"github.com/iwind/TeaGo/maps"
@@ -36,9 +37,12 @@ func (this *ProvincesAction) RunGet(params struct {
this.NotFound("firewallPolicy", params.FirewallPolicyId)
return
}
var selectedProvinceIds = []int64{}
var deniedProvinceIds = []int64{}
var allowedProvinceIds = []int64{}
if policyConfig.Inbound != nil && policyConfig.Inbound.Region != nil {
selectedProvinceIds = policyConfig.Inbound.Region.DenyProvinceIds
deniedProvinceIds = policyConfig.Inbound.Region.DenyProvinceIds
allowedProvinceIds = policyConfig.Inbound.Region.AllowProvinceIds
}
provincesResp, err := this.RPC().RegionProvinceRPC().FindAllRegionProvincesWithRegionCountryId(this.AdminContext(), &pb.FindAllRegionProvincesWithRegionCountryIdRequest{
@@ -48,22 +52,45 @@ func (this *ProvincesAction) RunGet(params struct {
this.ErrorPage(err)
return
}
var provinceMaps = []maps.Map{}
var deniedProvinceMaps = []maps.Map{}
var allowedProvinceMaps = []maps.Map{}
for _, province := range provincesResp.RegionProvinces {
provinceMaps = append(provinceMaps, maps.Map{
"id": province.Id,
"name": province.DisplayName,
"isChecked": lists.ContainsInt64(selectedProvinceIds, province.Id),
})
var provinceMap = maps.Map{
"id": province.Id,
"name": province.DisplayName,
}
if lists.ContainsInt64(deniedProvinceIds, province.Id) {
deniedProvinceMaps = append(deniedProvinceMaps, provinceMap)
}
if lists.ContainsInt64(allowedProvinceIds, province.Id) {
allowedProvinceMaps = append(allowedProvinceMaps, provinceMap)
}
}
this.Data["deniedProvinces"] = deniedProvinceMaps
this.Data["allowedProvinces"] = allowedProvinceMaps
// except & only URL Patterns
this.Data["exceptURLPatterns"] = []*shared.URLPattern{}
this.Data["onlyURLPatterns"] = []*shared.URLPattern{}
if policyConfig.Inbound != nil && policyConfig.Inbound.Region != nil {
if len(policyConfig.Inbound.Region.ProvinceExceptURLPatterns) > 0 {
this.Data["exceptURLPatterns"] = policyConfig.Inbound.Region.ProvinceExceptURLPatterns
}
if len(policyConfig.Inbound.Region.ProvinceOnlyURLPatterns) > 0 {
this.Data["onlyURLPatterns"] = policyConfig.Inbound.Region.ProvinceOnlyURLPatterns
}
}
this.Data["provinces"] = provinceMaps
this.Show()
}
func (this *ProvincesAction) RunPost(params struct {
FirewallPolicyId int64
ProvinceIds []int64
DenyProvinceIds []int64
AllowProvinceIds []int64
ExceptURLPatternsJSON []byte
OnlyURLPatternsJSON []byte
Must *actions.Must
}) {
@@ -88,7 +115,30 @@ func (this *ProvincesAction) RunPost(params struct {
IsOn: true,
}
}
policyConfig.Inbound.Region.DenyProvinceIds = params.ProvinceIds
policyConfig.Inbound.Region.DenyProvinceIds = params.DenyProvinceIds
policyConfig.Inbound.Region.AllowProvinceIds = params.AllowProvinceIds
// 例外URL
var exceptURLPatterns = []*shared.URLPattern{}
if len(params.ExceptURLPatternsJSON) > 0 {
err = json.Unmarshal(params.ExceptURLPatternsJSON, &exceptURLPatterns)
if err != nil {
this.Fail("校验例外URL参数失败" + err.Error())
return
}
}
policyConfig.Inbound.Region.ProvinceExceptURLPatterns = exceptURLPatterns
// 限制URL
var onlyURLPatterns = []*shared.URLPattern{}
if len(params.OnlyURLPatternsJSON) > 0 {
err = json.Unmarshal(params.OnlyURLPatternsJSON, &onlyURLPatterns)
if err != nil {
this.Fail("校验限制URL参数失败" + err.Error())
return
}
}
policyConfig.Inbound.Region.ProvinceOnlyURLPatterns = onlyURLPatterns
inboundJSON, err := json.Marshal(policyConfig.Inbound)
if err != nil {