在网站WAF中，可以导出和导入规则集代码，优化修改规则集交互

2026-04-05 05:25:17 +08:00 · 2024-05-06 20:25:36 +08:00
parent a0559e3456
commit a97dd9d07b
11 changed files with 293 additions and 98 deletions
--- a/internal/web/actions/default/servers/components/waf/createSetPopup.go
+++ b/internal/web/actions/default/servers/components/waf/createSetPopup.go
@@ -73,12 +73,19 @@ func (this *CreateSetPopupAction) RunGet(params struct {
 func (this *CreateSetPopupAction) RunPost(params struct {
 	GroupId int64

-	Name        string
+	Name string
+
+	FormType string
+
+	// normal
 	RulesJSON   []byte
 	Connector   string
 	ActionsJSON []byte
 	IgnoreLocal bool

+	// code
+	Code string
+
 	Must *actions.Must
 }) {
 	groupConfig, err := dao.SharedHTTPFirewallRuleGroupDAO.FindRuleGroupConfig(this.AdminContext(), params.GroupId)
@@ -88,53 +95,105 @@ func (this *CreateSetPopupAction) RunPost(params struct {
 	}
 	if groupConfig == nil {
 		this.Fail("找不到分组，Id：" + strconv.FormatInt(params.GroupId, 10))
+		return
 	}

 	params.Must.
 		Field("name", params.Name).
 		Require("请输入规则集名称")

-	if len(params.RulesJSON) == 0 {
-		this.Fail("请添加至少一个规则")
-	}
-	rules := []*firewallconfigs.HTTPFirewallRule{}
-	err = json.Unmarshal(params.RulesJSON, &rules)
-	if err != nil {
-		this.ErrorPage(err)
-		return
-	}
-	if len(rules) == 0 {
-		this.Fail("请添加至少一个规则")
-	}
-
-	var actionConfigs = []*firewallconfigs.HTTPFirewallActionConfig{}
-	if len(params.ActionsJSON) > 0 {
-		err = json.Unmarshal(params.ActionsJSON, &actionConfigs)
+	var setConfigJSON []byte
+	if params.FormType == "normal" {
+		if len(params.RulesJSON) == 0 {
+			this.Fail("请添加至少一个规则")
+			return
+		}
+		var rules = []*firewallconfigs.HTTPFirewallRule{}
+		err = json.Unmarshal(params.RulesJSON, &rules)
 		if err != nil {
 			this.ErrorPage(err)
 			return
 		}
-	}
-	if len(actionConfigs) == 0 {
-		this.Fail("请添加至少一个动作")
-	}
+		if len(rules) == 0 {
+			this.Fail("请添加至少一个规则")
+			return
+		}

-	setConfig := &firewallconfigs.HTTPFirewallRuleSet{
-		Id:          0,
-		IsOn:        true,
-		Name:        params.Name,
-		Code:        "",
-		Description: "",
-		Connector:   params.Connector,
-		RuleRefs:    nil,
-		Rules:       rules,
-		Actions:     actionConfigs,
-		IgnoreLocal: params.IgnoreLocal,
-	}
+		var actionConfigs = []*firewallconfigs.HTTPFirewallActionConfig{}
+		if len(params.ActionsJSON) > 0 {
+			err = json.Unmarshal(params.ActionsJSON, &actionConfigs)
+			if err != nil {
+				this.ErrorPage(err)
+				return
+			}
+		}
+		if len(actionConfigs) == 0 {
+			this.Fail("请添加至少一个动作")
+			return
+		}

-	setConfigJSON, err := json.Marshal(setConfig)
-	if err != nil {
-		this.ErrorPage(err)
+		var setConfig = &firewallconfigs.HTTPFirewallRuleSet{
+			Id:          0,
+			IsOn:        true,
+			Name:        params.Name,
+			Code:        "",
+			Description: "",
+			Connector:   params.Connector,
+			RuleRefs:    nil,
+			Rules:       rules,
+			Actions:     actionConfigs,
+			IgnoreLocal: params.IgnoreLocal,
+		}
+
+		setConfigJSON, err = json.Marshal(setConfig)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+	} else if params.FormType == "code" {
+		var codeJSON = []byte(params.Code)
+		if len(codeJSON) == 0 {
+			this.FailField("code", "请输入规则集代码")
+			return
+		}
+
+		var setConfig = &firewallconfigs.HTTPFirewallRuleSet{}
+		err = json.Unmarshal(codeJSON, setConfig)
+		if err != nil {
+			this.FailField("code", "解析规则集代码失败："+err.Error())
+			return
+		}
+
+		if len(setConfig.Rules) == 0 {
+			this.FailField("code", "规则集代码中必须包含至少一个规则")
+			return
+		}
+
+		if len(setConfig.Actions) == 0 {
+			this.FailField("code", "规则集代码中必须包含至少一个动作")
+			return
+		}
+
+		setConfig.Name = params.Name
+		setConfig.IsOn = true
+
+		// 重置ID
+		setConfig.Id = 0
+
+		setConfig.RuleRefs = nil
+		for _, rule := range setConfig.Rules {
+			rule.Id = 0
+		}
+
+		err = setConfig.Init()
+		if err != nil {
+			this.FailField("code", "校验规则集代码失败："+err.Error())
+			return
+		}
+
+		setConfigJSON, err = json.Marshal(setConfig)
+	} else {
+		this.Fail("错误的参数'formType': " + params.FormType)
 		return
 	}

@@ -154,6 +213,7 @@ func (this *CreateSetPopupAction) RunPost(params struct {
 		this.ErrorPage(err)
 		return
 	}
+
 	_, err = this.RPC().HTTPFirewallRuleGroupRPC().UpdateHTTPFirewallRuleGroupSets(this.AdminContext(), &pb.UpdateHTTPFirewallRuleGroupSetsRequest{
 		FirewallRuleGroupId:  params.GroupId,
 		FirewallRuleSetsJSON: setRefsJSON,
@@ -163,5 +223,7 @@ func (this *CreateSetPopupAction) RunPost(params struct {
 		return
 	}

+	this.Data["setId"] = createUpdateResp.FirewallRuleSetId
+
 	this.Success()
 }