TRKJ/EdgeAdmin
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeAdmin.git synced 2025-11-09 00:20:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

在WAF中增加检查IP状态功能

Browse Source
This commit is contained in:
GoEdgeLab
2021-02-02 19:30:07 +08:00
parent 0fc9b99bf9
commit aa12405650
16 changed files with 375 additions and 158 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
internal/web/actions/default/servers/components/waf/init.go
View File

@@ -48,6 +48,7 @@ func init() {
GetPost("/ipadmin/createIPPopup", new(ipadmin.CreateIPPopupAction)).
GetPost("/ipadmin/updateIPPopup", new(ipadmin.UpdateIPPopupAction)).
Post("/ipadmin/deleteIP", new(ipadmin.DeleteIPAction)).
GetPost("/ipadmin/test", new(ipadmin.TestAction)).
EndAll()
})

85
internal/web/actions/default/servers/components/waf/ipadmin/test.go Normal file
View File

@@ -0,0 +1,85 @@
package ipadmin
import (
"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
"github.com/iwind/TeaGo/actions"
"github.com/iwind/TeaGo/maps"
timeutil "github.com/iwind/TeaGo/utils/time"
)
type TestAction struct {
actionutils.ParentAction
}
func (this *TestAction) Init() {
this.Nav("", "", "ipadmin")
}
func (this *TestAction) RunGet(params struct {
FirewallPolicyId int64
}) {
this.Data["subMenuItem"] = "test"
this.Show()
}
func (this *TestAction) RunPost(params struct {
FirewallPolicyId int64
Ip string
Must *actions.Must
}) {
resp, err := this.RPC().HTTPFirewallPolicyRPC().CheckHTTPFirewallPolicyIPStatus(this.AdminContext(), &pb.CheckHTTPFirewallPolicyIPStatusRequest{
HttpFirewallPolicyId: params.FirewallPolicyId,
Ip: params.Ip,
})
if err != nil {
this.ErrorPage(err)
return
}
resultMap := maps.Map{
"isDone": true,
"isFound": resp.IsFound,
"isOk": resp.IsOk,
"error": resp.Error,
"isAllowed": resp.IsAllowed,
}
if resp.IpList != nil {
resultMap["list"] = maps.Map{
"id": resp.IpList.Id,
"name": resp.IpList.Name,
}
}
if resp.IpItem != nil {
resultMap["item"] = maps.Map{
"id": resp.IpItem.Id,
"ipFrom": resp.IpItem.IpFrom,
"ipTo": resp.IpItem.IpTo,
"reason": resp.IpItem.Reason,
"expiredAt": resp.IpItem.ExpiredAt,
"expiredTime": timeutil.FormatTime("Y-m-d H:i:s", resp.IpItem.ExpiredAt),
"type": resp.IpItem.Type,
}
}
if resp.RegionCountry != nil {
resultMap["country"] = maps.Map{
"id": resp.RegionCountry.Id,
"name": resp.RegionCountry.Name,
}
}
if resp.RegionProvince != nil {
resultMap["province"] = maps.Map{
"id": resp.RegionProvince.Id,
"name": resp.RegionProvince.Name,
}
}
this.Data["result"] = resultMap
this.Success()
}

1
internal/web/actions/default/servers/server/settings/waf/init.go
View File

@@ -22,6 +22,7 @@ func init() {
GetPost("/ipadmin/createIPPopup", new(ipadmin.CreateIPPopupAction)).
GetPost("/ipadmin/updateIPPopup", new(ipadmin.UpdateIPPopupAction)).
Post("/ipadmin/deleteIP", new(ipadmin.DeleteIPAction)).
GetPost("/ipadmin/test", new(ipadmin.TestAction)).
// 规则相关
Get("/groups", new(GroupsAction)).

98
internal/web/actions/default/servers/server/settings/waf/ipadmin/test.go Normal file
View File

@@ -0,0 +1,98 @@
package ipadmin
import (
"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
"github.com/iwind/TeaGo/actions"
"github.com/iwind/TeaGo/maps"
timeutil "github.com/iwind/TeaGo/utils/time"
)
type TestAction struct {
actionutils.ParentAction
}
func (this *TestAction) Init() {
this.Nav("", "setting", "test")
this.SecondMenu("waf")
}
func (this *TestAction) RunGet(params struct {
ServerId int64
FirewallPolicyId int64
}) {
this.Data["featureIsOn"] = true
this.Data["firewallPolicyId"] = params.FirewallPolicyId
this.Data["subMenuItem"] = "province"
// WAF是否启用
webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerId(this.AdminContext(), params.ServerId)
if err != nil {
this.ErrorPage(err)
return
}
this.Data["wafIsOn"] = webConfig.FirewallRef != nil && webConfig.FirewallRef.IsOn
this.Show()
}
func (this *TestAction) RunPost(params struct {
FirewallPolicyId int64
Ip string
Must *actions.Must
}) {
resp, err := this.RPC().HTTPFirewallPolicyRPC().CheckHTTPFirewallPolicyIPStatus(this.AdminContext(), &pb.CheckHTTPFirewallPolicyIPStatusRequest{
HttpFirewallPolicyId: params.FirewallPolicyId,
Ip: params.Ip,
})
if err != nil {
this.ErrorPage(err)
return
}
resultMap := maps.Map{
"isDone": true,
"isFound": resp.IsFound,
"isOk": resp.IsOk,
"error": resp.Error,
"isAllowed": resp.IsAllowed,
}
if resp.IpList != nil {
resultMap["list"] = maps.Map{
"id": resp.IpList.Id,
"name": resp.IpList.Name,
}
}
if resp.IpItem != nil {
resultMap["item"] = maps.Map{
"id": resp.IpItem.Id,
"ipFrom": resp.IpItem.IpFrom,
"ipTo": resp.IpItem.IpTo,
"reason": resp.IpItem.Reason,
"expiredAt": resp.IpItem.ExpiredAt,
"expiredTime": timeutil.FormatTime("Y-m-d H:i:s", resp.IpItem.ExpiredAt),
"type": resp.IpItem.Type,
}
}
if resp.RegionCountry != nil {
resultMap["country"] = maps.Map{
"id": resp.RegionCountry.Id,
"name": resp.RegionCountry.Name,
}
}
if resp.RegionProvince != nil {
resultMap["province"] = maps.Map{
"id": resp.RegionProvince.Id,
"name": resp.RegionProvince.Name,
}
}
this.Data["result"] = resultMap
this.Success()
}

11
web/public/js/components/iplist/ip-item-text.js Normal file
View File

@@ -0,0 +1,11 @@
Vue.component("ip-item-text", {
props: ["v-item"],
template: `<span>
<span v-if="vItem.type == 'all'">*</span>
<span v-if="vItem.type == 'ipv4' || vItem.type.length == 0">
{{vItem.ipFrom}}
<span v-if="vItem.ipTo.length > 0">- {{vItem.ipTo}}</span>
</span>
<span v-if="vItem.type == 'ipv6'">{{vItem.ipFrom}}</span>
</span>`
})

6
web/views/@default/servers/components/waf/ipadmin/@menu.html
View File

@@ -1,10 +1,12 @@
<second-menu style="margin-top:-1em">
<menu-item :href="'/servers/components/waf/ipadmin?firewallPolicyId=' + firewallPolicyId" :active="subMenuItem == 'region'">国家/地区封禁</menu-item>
<menu-item :href="'/servers/components/waf/ipadmin/provinces?firewallPolicyId=' + firewallPolicyId" :active="subMenuItem == 'province'">省份封禁</menu-item>
<span class="item">|</span>
<span class="item disabled">|</span>
<menu-item :href="'/servers/components/waf/ipadmin/lists?firewallPolicyId=' + firewallPolicyId + '&type=white'" :active="subMenuItem == 'white'">白名单</menu-item>
<a href="" class="item" @click.prevent="createIP('white')"><span style="font-size: 0.9em">[添加IP]</span></a>
<span class="item">|</span>
<span class="item disabled">|</span>
<menu-item :href="'/servers/components/waf/ipadmin/lists?firewallPolicyId=' + firewallPolicyId + '&type=black'" :active="subMenuItem == 'black'">黑名单</menu-item>
<a href="" class="item" @click.prevent="createIP('black')"><span style="font-size: 0.9em">[添加IP]</span></a>
<span class="item disabled">|</span>
<menu-item :href="'/servers/components/waf/ipadmin/test?firewallPolicyId=' + firewallPolicyId" :active="subMenuItem == 'test'">IP检查</menu-item>
</second-menu>

48
web/views/@default/servers/components/waf/ipadmin/test.html Normal file
View File

@@ -0,0 +1,48 @@
{$layout}
{$template "../waf_menu"}
{$template "menu"}
<form method="post" class="ui form" data-tea-action="$" data-tea-success="success">
<input type="hidden" name="firewallPolicyId" :value="firewallPolicyId"/>
<table class="ui table selectable definition">
<tr>
<td class="title">IP *</td>
<td>
<input type="text" name="ip" class="text" maxlength="100" ref="focus" placeholder="x.x.x.x" v-model="ip"/>
<p class="comment">要检查的IP</p>
</td>
</tr>
<tr>
<td>检查结果</td>
<td>
<div v-if="result.isDone">
<div v-if="!result.isOk">
<span class="red">{{result.error}}</span>
</div>
<div v-if="result.isFound">
<div v-if="result.item != null">
<div v-if="result.isAllowed">
<span class="green">在白名单中 <ip-item-text :v-item="result.item"></ip-item-text><a href="" @click.prevent="updateItem(result.list.id, result.item.id)" title="查看和修改"><i class="icon pencil small"></i></a></span>
</div>
<div v-else>
<span class="red">在黑名单中 <ip-item-text :v-item="result.item"></ip-item-text><a href="" @click.prevent="updateItem(result.list.id, result.item.id)" title="查看和修改"><i class="icon pencil small"></i></a></span>
</div>
</div>
<div v-if="result.province != null">
<span class="red">在省份封禁中 "{{result.province.name}}"</span>
</div>
<div v-if="result.country != null && result.province == null">
<span class="red">在国家/地区封禁中 "{{result.country.name}}"</span>
</div>
</div>
<div v-if="!result.isFound">
没有找到和{{ip}}匹配的配置。
</div>
</div>
</td>
</tr>
</table>
<submit-btn>检查IP状态</submit-btn>
</form>

35
web/views/@default/servers/components/waf/ipadmin/test.js Normal file
View File

@@ -0,0 +1,35 @@
Tea.context(function () {
this.ip = ""
this.result = {
isDone: false,
isOk: false,
isFound: false,
isAllowed: false,
error: "",
province: null,
country: null,
ipItem: null,
ipList: null
}
this.$delay(function () {
this.$watch("ip", function () {
this.result.isDone = false
})
})
this.success = function (resp) {
this.result = resp.data.result
}
this.updateItem = function (itemId) {
teaweb.popup(Tea.url(".updateIPPopup?firewallPolicyId=" + this.firewallPolicyId, {itemId: itemId}), {
height: "23em",
callback: function () {
teaweb.success("保存成功", function () {
teaweb.reload()
})
}
})
}
})

2
web/views/@default/servers/server/settings/waf/@menu.html
View File

@@ -2,8 +2,10 @@
<menu-item :href="'/servers/server/settings/waf?serverId=' + serverId" code="index">设置</menu-item>
<menu-item :href="'/servers/server/settings/waf/groups?serverId=' + serverId + '&type=inbound&firewallPolicyId='+firewallPolicyId" code="inbound">入站规则</menu-item>
<menu-item :href="'/servers/server/settings/waf/groups?serverId=' + serverId + '&type=outbound&firewallPolicyId='+firewallPolicyId" code="outbound">出站规则</menu-item>
<span class="item disabled">|</span>
<menu-item :href="'/servers/server/settings/waf/ipadmin/countries?serverId=' + serverId + '&firewallPolicyId='+firewallPolicyId" code="country">国家/地区封禁</menu-item>
<menu-item :href="'/servers/server/settings/waf/ipadmin/provinces?serverId=' + serverId + '&firewallPolicyId='+firewallPolicyId" code="province">省份封禁</menu-item>
<menu-item :href="'/servers/server/settings/waf/ipadmin/allowList?serverId=' + serverId + '&firewallPolicyId='+firewallPolicyId" code="allowList">白名单</menu-item>
<menu-item :href="'/servers/server/settings/waf/ipadmin/denyList?serverId=' + serverId + '&firewallPolicyId='+firewallPolicyId" code="denyList">黑名单</menu-item>
<menu-item :href="'/servers/server/settings/waf/ipadmin/test?serverId=' + serverId + '&firewallPolicyId='+firewallPolicyId" code="test">IP检查</menu-item>
</first-menu>

16
web/views/@default/servers/server/settings/waf/ipadmin/index.css
View File

@@ -1,16 +0,0 @@
.region-letter-group .item {
padding-left: 1em !important;
padding-right: 1em !important;
}
.country-group {
padding-bottom: 1em;
}
.country-group .country-list .item {
float: left;
width: 12em;
margin-bottom: 0.5em;
}
.country-group .country-list .item .checkbox label {
font-size: 12px !important;
}
/*# sourceMappingURL=index.css.map */

1
web/views/@default/servers/server/settings/waf/ipadmin/index.css.map
View File

@@ -1 +0,0 @@
{"version":3,"sources":["index.less"],"names":[],"mappings":"AAAA,oBACC;EACC,4BAAA;EACA,6BAAA;;AAIF;EAaC,mBAAA;;AAbD,cACC,cACC;EACC,WAAA;EACA,WAAA;EACA,oBAAA;;AALH,cACC,cACC,MAKC,UAAU;EACT,0BAAA","file":"index.css"}

51
web/views/@default/servers/server/settings/waf/ipadmin/index.html
View File

@@ -1,51 +0,0 @@
{$layout}
{$template "../waf_menu"}
{$template "menu"}
<form method="post" class="ui form" data-tea-action="$" data-tea-success="success">
<input type="hidden" name="firewallPolicyId" :value="firewallPolicyId"/>
<table class="ui table selectable definition">
<tr>
<td class="title">已封禁</td>
<td>
<span v-if="countSelectedCountries == 0" class="disabled">暂时没有选择封禁区域。</span>
<div class="ui label tiny basic" v-for="country in countries" v-if="country.isChecked" style="margin-bottom: 0.5em">
<input type="hidden" name="countryIds" :value="country.id"/>
({{country.letter}}){{country.name}} <a href="" @click.prevent="deselectCountry(country)" title="取消封禁"><i class="icon remove"></i></a>
</div>
</td>
</tr>
<tr>
<td>选择封禁区域</td>
<td>
<more-options-indicator>选择区域</more-options-indicator>
<div class="ui menu tabular tiny region-letter-group" v-show="moreOptionsVisible">
<a href="" v-for="group in letterGroups" class="item" :class="{active: group == selectedGroup}" @click.prevent="selectGroup(group)">{{group}}</a>
<div class="item right">
<div class="ui checkbox" @click.prevent="checkAll">
<input type="checkbox" v-model="isCheckingAll"/>
<label>全选</label>
</div>
</div>
</div>
<div v-for="group in letterGroups" v-show="moreOptionsVisible">
<div v-for="letter in group" v-if="letterCountries[letter] != null && group == selectedGroup" class="country-group">
<h4>{{letter}}</h4>
<div class="country-list">
<div class="item" v-for="country in letterCountries[letter]">
<div class="ui checkbox" @click.prevent="selectCountry(country)">
<input type="checkbox" v-model="country.isChecked"/>
<label>{{country.name}}</label>
</div>
</div>
</div>
<div class="clear"></div>
</div>
</div>
</td>
</tr>
</table>
<submit-btn></submit-btn>
</form>

66
web/views/@default/servers/server/settings/waf/ipadmin/index.js
View File

@@ -1,66 +0,0 @@
Tea.context(function () {
this.letterGroups = [
"ABC", "DEF", "GHI", "JKL", "MNO", "PQR", "STU", "VWX", "YZ"
];
this.selectedGroup = "ABC"
this.letterCountries = {}
let that = this
this.countSelectedCountries = this.countries.$count(function (k, country) {
return country.isChecked
})
this.countries.forEach(function (country) {
if (typeof (that.letterCountries[country.letter]) == "undefined") {
that.letterCountries[country.letter] = []
}
that.letterCountries[country.letter].push(country)
})
this.isCheckingAll = false
this.selectGroup = function (group) {
this.selectedGroup = group
}
this.selectCountry = function (country) {
country.isChecked = !country.isChecked
this.change()
}
this.deselectCountry = function (country) {
country.isChecked = false
this.change()
}
this.checkAll = function () {
this.isCheckingAll = !this.isCheckingAll
this.countries.forEach(function (country) {
country.isChecked = that.isCheckingAll
})
this.change()
}
this.success = function () {
teaweb.success("保存成功", function () {
teaweb.reload()
})
}
this.change = function () {
this.countSelectedCountries = this.countries.$count(function (k, country) {
return country.isChecked
})
}
/**
* 添加IP名单菜单
*/
this.createIP = function (type) {
teaweb.popup("/servers/components/waf/ipadmin/createIPPopup?firewallPolicyId=" + this.firewallPolicyId + '&type=' + type, {
height: "23em",
callback: function () {
window.location = "/servers/components/waf/ipadmin/lists?firewallPolicyId=" + this.firewallPolicyId + "&type=" + type
}
})
}
})

22
web/views/@default/servers/server/settings/waf/ipadmin/index.less
View File

@@ -1,22 +0,0 @@
.region-letter-group {
.item {
padding-left: 1em !important;
padding-right: 1em !important;
}
}
.country-group {
.country-list {
.item {
float: left;
width: 12em;
margin-bottom: 0.5em;
.checkbox label {
font-size: 12px !important;
}
}
}
padding-bottom: 1em;
}

55
web/views/@default/servers/server/settings/waf/ipadmin/test.html Normal file
View File

@@ -0,0 +1,55 @@
{$layout}
{$template "/left_menu"}
<div class="right-box">
{$template "../menu"}
<div class="ui message warning" v-if="!featureIsOn">尚未为当前用户开通此功能。</div>
{$ if .featureIsOn}
<p class="ui message warning" v-if="!wafIsOn">当前WAF未启用设置将在<a :href="'/servers/server/settings/waf?serverId=' + serverId">[启用]</a>后生效。</p>
<form method="post" class="ui form" data-tea-action="$" data-tea-success="success">
<input type="hidden" name="firewallPolicyId" :value="firewallPolicyId"/>
<table class="ui table selectable definition">
<tr>
<td class="title">IP *</td>
<td>
<input type="text" name="ip" class="text" maxlength="100" ref="focus" placeholder="x.x.x.x" v-model="ip"/>
<p class="comment">要检查的IP</p>
</td>
</tr>
<tr>
<td>检查结果</td>
<td>
<div v-if="result.isDone">
<div v-if="!result.isOk">
<span class="red">{{result.error}}</span>
</div>
<div v-if="result.isFound">
<div v-if="result.item != null">
<div v-if="result.isAllowed">
<span class="green">在白名单中 <ip-item-text :v-item="result.item"></ip-item-text><a href="" @click.prevent="updateItem(result.list.id, result.item.id)" title="查看和修改"><i class="icon pencil small"></i></a></span>
</div>
<div v-else>
<span class="red">在黑名单中 <ip-item-text :v-item="result.item"></ip-item-text><a href="" @click.prevent="updateItem(result.list.id, result.item.id)" title="查看和修改"><i class="icon pencil small"></i></a></span>
</div>
</div>
<div v-if="result.province != null">
<span class="red">在省份封禁中 "{{result.province.name}}"</span>
</div>
<div v-if="result.country != null && result.province == null">
<span class="red">在国家/地区封禁中 "{{result.country.name}}"</span>
</div>
</div>
<div v-if="!result.isFound">
没有找到和{{ip}}匹配的配置。
</div>
</div>
</td>
</tr>
</table>
<submit-btn>检查IP状态</submit-btn>
</form>
{$end}
</div>

35
web/views/@default/servers/server/settings/waf/ipadmin/test.js Normal file
View File

@@ -0,0 +1,35 @@
Tea.context(function () {
this.ip = ""
this.result = {
isDone: false,
isOk: false,
isFound: false,
isAllowed: false,
error: "",
province: null,
country: null,
ipItem: null,
ipList: null
}
this.$delay(function () {
this.$watch("ip", function () {
this.result.isDone = false
})
})
this.success = function (resp) {
this.result = resp.data.result
}
this.updateItem = function (listId, itemId) {
teaweb.popup(Tea.url(".updateIPPopup?listId=" + listId, {itemId: itemId}), {
height: "24em",
callback: function () {
teaweb.success("保存成功", function () {
})
}
})
}
})