在网站WAF中，可以导出和导入规则集代码，优化修改规则集交互

2026-04-24 05:45:18 +08:00 · 2024-05-06 20:25:36 +08:00
parent a0559e3456
commit a97dd9d07b
11 changed files with 293 additions and 98 deletions
--- a/internal/web/actions/default/servers/components/waf/createSetPopup.go
+++ b/internal/web/actions/default/servers/components/waf/createSetPopup.go
@@ -73,12 +73,19 @@ func (this *CreateSetPopupAction) RunGet(params struct {
 func (this *CreateSetPopupAction) RunPost(params struct {
 	GroupId int64

-	Name        string
+	Name string
+
+	FormType string
+
+	// normal
 	RulesJSON   []byte
 	Connector   string
 	ActionsJSON []byte
 	IgnoreLocal bool

+	// code
+	Code string
+
 	Must *actions.Must
 }) {
 	groupConfig, err := dao.SharedHTTPFirewallRuleGroupDAO.FindRuleGroupConfig(this.AdminContext(), params.GroupId)
@@ -88,53 +95,105 @@ func (this *CreateSetPopupAction) RunPost(params struct {
 	}
 	if groupConfig == nil {
 		this.Fail("找不到分组，Id：" + strconv.FormatInt(params.GroupId, 10))
+		return
 	}

 	params.Must.
 		Field("name", params.Name).
 		Require("请输入规则集名称")

-	if len(params.RulesJSON) == 0 {
-		this.Fail("请添加至少一个规则")
-	}
-	rules := []*firewallconfigs.HTTPFirewallRule{}
-	err = json.Unmarshal(params.RulesJSON, &rules)
-	if err != nil {
-		this.ErrorPage(err)
-		return
-	}
-	if len(rules) == 0 {
-		this.Fail("请添加至少一个规则")
-	}
-
-	var actionConfigs = []*firewallconfigs.HTTPFirewallActionConfig{}
-	if len(params.ActionsJSON) > 0 {
-		err = json.Unmarshal(params.ActionsJSON, &actionConfigs)
+	var setConfigJSON []byte
+	if params.FormType == "normal" {
+		if len(params.RulesJSON) == 0 {
+			this.Fail("请添加至少一个规则")
+			return
+		}
+		var rules = []*firewallconfigs.HTTPFirewallRule{}
+		err = json.Unmarshal(params.RulesJSON, &rules)
 		if err != nil {
 			this.ErrorPage(err)
 			return
 		}
-	}
-	if len(actionConfigs) == 0 {
-		this.Fail("请添加至少一个动作")
-	}
+		if len(rules) == 0 {
+			this.Fail("请添加至少一个规则")
+			return
+		}

-	setConfig := &firewallconfigs.HTTPFirewallRuleSet{
-		Id:          0,
-		IsOn:        true,
-		Name:        params.Name,
-		Code:        "",
-		Description: "",
-		Connector:   params.Connector,
-		RuleRefs:    nil,
-		Rules:       rules,
-		Actions:     actionConfigs,
-		IgnoreLocal: params.IgnoreLocal,
-	}
+		var actionConfigs = []*firewallconfigs.HTTPFirewallActionConfig{}
+		if len(params.ActionsJSON) > 0 {
+			err = json.Unmarshal(params.ActionsJSON, &actionConfigs)
+			if err != nil {
+				this.ErrorPage(err)
+				return
+			}
+		}
+		if len(actionConfigs) == 0 {
+			this.Fail("请添加至少一个动作")
+			return
+		}

-	setConfigJSON, err := json.Marshal(setConfig)
-	if err != nil {
-		this.ErrorPage(err)
+		var setConfig = &firewallconfigs.HTTPFirewallRuleSet{
+			Id:          0,
+			IsOn:        true,
+			Name:        params.Name,
+			Code:        "",
+			Description: "",
+			Connector:   params.Connector,
+			RuleRefs:    nil,
+			Rules:       rules,
+			Actions:     actionConfigs,
+			IgnoreLocal: params.IgnoreLocal,
+		}
+
+		setConfigJSON, err = json.Marshal(setConfig)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+	} else if params.FormType == "code" {
+		var codeJSON = []byte(params.Code)
+		if len(codeJSON) == 0 {
+			this.FailField("code", "请输入规则集代码")
+			return
+		}
+
+		var setConfig = &firewallconfigs.HTTPFirewallRuleSet{}
+		err = json.Unmarshal(codeJSON, setConfig)
+		if err != nil {
+			this.FailField("code", "解析规则集代码失败："+err.Error())
+			return
+		}
+
+		if len(setConfig.Rules) == 0 {
+			this.FailField("code", "规则集代码中必须包含至少一个规则")
+			return
+		}
+
+		if len(setConfig.Actions) == 0 {
+			this.FailField("code", "规则集代码中必须包含至少一个动作")
+			return
+		}
+
+		setConfig.Name = params.Name
+		setConfig.IsOn = true
+
+		// 重置ID
+		setConfig.Id = 0
+
+		setConfig.RuleRefs = nil
+		for _, rule := range setConfig.Rules {
+			rule.Id = 0
+		}
+
+		err = setConfig.Init()
+		if err != nil {
+			this.FailField("code", "校验规则集代码失败："+err.Error())
+			return
+		}
+
+		setConfigJSON, err = json.Marshal(setConfig)
+	} else {
+		this.Fail("错误的参数'formType': " + params.FormType)
 		return
 	}

@@ -154,6 +213,7 @@ func (this *CreateSetPopupAction) RunPost(params struct {
 		this.ErrorPage(err)
 		return
 	}
+
 	_, err = this.RPC().HTTPFirewallRuleGroupRPC().UpdateHTTPFirewallRuleGroupSets(this.AdminContext(), &pb.UpdateHTTPFirewallRuleGroupSetsRequest{
 		FirewallRuleGroupId:  params.GroupId,
 		FirewallRuleSetsJSON: setRefsJSON,
@@ -163,5 +223,7 @@ func (this *CreateSetPopupAction) RunPost(params struct {
 		return
 	}

+	this.Data["setId"] = createUpdateResp.FirewallRuleSetId
+
 	this.Success()
 }
--- a/internal/web/actions/default/servers/components/waf/init.go
+++ b/internal/web/actions/default/servers/components/waf/init.go
@@ -39,6 +39,7 @@ func init() {
 			Post("/updateSetOn", new(UpdateSetOnAction)).
 			Post("/deleteSet", new(DeleteSetAction)).
 			GetPost("/updateSetPopup", new(UpdateSetPopupAction)).
+			Get("/setCodePopup", new(SetCodePopupAction)).
 			Post("/count", new(CountAction)).
 			Get("/selectPopup", new(SelectPopupAction)).
 			Post("/testRegexp", new(TestRegexpAction)).
--- a/internal/web/actions/default/servers/components/waf/setCodePopup.go
+++ b/internal/web/actions/default/servers/components/waf/setCodePopup.go
@@ -0,0 +1,57 @@
+// Copyright 2024 GoEdge CDN goedge.cdn@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package waf
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+)
+
+type SetCodePopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *SetCodePopupAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *SetCodePopupAction) RunGet(params struct {
+	SetId int64
+}) {
+	setResp, err := this.RPC().HTTPFirewallRuleSetRPC().FindEnabledHTTPFirewallRuleSetConfig(this.AdminContext(), &pb.FindEnabledHTTPFirewallRuleSetConfigRequest{FirewallRuleSetId: params.SetId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	if len(setResp.FirewallRuleSetJSON) == 0 {
+		this.NotFound("httpFirewallRuleSet", params.SetId)
+		return
+	}
+
+	var ruleSet = &firewallconfigs.HTTPFirewallRuleSet{}
+	err = json.Unmarshal(setResp.FirewallRuleSetJSON, ruleSet)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	ruleSet.RuleRefs = nil
+	ruleSet.Id = 0
+	for _, rule := range ruleSet.Rules {
+		rule.Id = 0
+	}
+
+	this.Data["setName"] = ruleSet.Name
+
+	codeJSON, err := json.MarshalIndent(ruleSet, "", "  ")
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["code"] = string(codeJSON)
+
+	this.Show()
+}