From ad83c052ad0754bef3fba104fb5e30be5cbd954d Mon Sep 17 00:00:00 2001
From: GoEdgeLab <goedgecloud@gmail.com>
Date: Wed, 2 Aug 2023 16:58:45 +0800
Subject: [PATCH] =?UTF-8?q?WAF=E7=AD=96=E7=95=A5=E5=A2=9E=E5=8A=A0?=
 =?UTF-8?q?=E2=80=9C=E6=9C=80=E5=A4=9A=E6=A3=80=E6=9F=A5=E5=86=85=E5=AE=B9?=
 =?UTF-8?q?=E5=B0=BA=E5=AF=B8=E2=80=9C=E9=80=89=E9=A1=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../default/servers/components/waf/policy.go  |  27 +--
 .../default/servers/components/waf/update.go  |  29 ++-
 .../servers/components/waf/createPopup.html   |   2 +-
 .../servers/components/waf/policy.html        |   7 +
 .../servers/components/waf/update.html        | 203 +++++++++---------
 .../@default/servers/components/waf/update.js |  19 ++
 6 files changed, 168 insertions(+), 119 deletions(-)

diff --git a/internal/web/actions/default/servers/components/waf/policy.go b/internal/web/actions/default/servers/components/waf/policy.go
index 937dfc9f..a7c8d51e 100644
--- a/internal/web/actions/default/servers/components/waf/policy.go
+++ b/internal/web/actions/default/servers/components/waf/policy.go
@@ -1,6 +1,7 @@
 package waf
 
 import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/utils/numberutils"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
@@ -86,18 +87,20 @@ func (this *PolicyAction) RunGet(params struct {
 	}
 
 	this.Data["firewallPolicy"] = maps.Map{
-		"id":               firewallPolicy.Id,
-		"name":             firewallPolicy.Name,
-		"isOn":             firewallPolicy.IsOn,
-		"description":      firewallPolicy.Description,
-		"mode":             firewallPolicy.Mode,
-		"modeInfo":         firewallconfigs.FindFirewallMode(firewallPolicy.Mode),
-		"groups":           internalGroups,
-		"blockOptions":     firewallPolicy.BlockOptions,
-		"captchaOptions":   firewallPolicy.CaptchaOptions,
-		"useLocalFirewall": firewallPolicy.UseLocalFirewall,
-		"synFlood":         firewallPolicy.SYNFlood,
-		"log":              firewallPolicy.Log,
+		"id":                       firewallPolicy.Id,
+		"name":                     firewallPolicy.Name,
+		"isOn":                     firewallPolicy.IsOn,
+		"description":              firewallPolicy.Description,
+		"mode":                     firewallPolicy.Mode,
+		"modeInfo":                 firewallconfigs.FindFirewallMode(firewallPolicy.Mode),
+		"groups":                   internalGroups,
+		"blockOptions":             firewallPolicy.BlockOptions,
+		"captchaOptions":           firewallPolicy.CaptchaOptions,
+		"useLocalFirewall":         firewallPolicy.UseLocalFirewall,
+		"synFlood":                 firewallPolicy.SYNFlood,
+		"log":                      firewallPolicy.Log,
+		"maxRequestBodySize":       firewallPolicy.MaxRequestBodySize,
+		"maxRequestBodySizeFormat": numberutils.FormatBytes(firewallPolicy.MaxRequestBodySize),
 	}
 
 	// 正在使用此策略的集群
diff --git a/internal/web/actions/default/servers/components/waf/update.go b/internal/web/actions/default/servers/components/waf/update.go
index 92a4b86e..092d9c70 100644
--- a/internal/web/actions/default/servers/components/waf/update.go
+++ b/internal/web/actions/default/servers/components/waf/update.go
@@ -9,6 +9,7 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/maps"
+	"github.com/iwind/TeaGo/types"
 	"net/http"
 )
 
@@ -64,16 +65,17 @@ func (this *UpdateAction) RunGet(params struct {
 	}
 
 	this.Data["firewallPolicy"] = maps.Map{
-		"id":               firewallPolicy.Id,
-		"name":             firewallPolicy.Name,
-		"description":      firewallPolicy.Description,
-		"isOn":             firewallPolicy.IsOn,
-		"mode":             firewallPolicy.Mode,
-		"blockOptions":     firewallPolicy.BlockOptions,
-		"captchaOptions":   firewallPolicy.CaptchaOptions,
-		"useLocalFirewall": firewallPolicy.UseLocalFirewall,
-		"synFloodConfig":   firewallPolicy.SYNFlood,
-		"log":              firewallPolicy.Log,
+		"id":                 firewallPolicy.Id,
+		"name":               firewallPolicy.Name,
+		"description":        firewallPolicy.Description,
+		"isOn":               firewallPolicy.IsOn,
+		"mode":               firewallPolicy.Mode,
+		"blockOptions":       firewallPolicy.BlockOptions,
+		"captchaOptions":     firewallPolicy.CaptchaOptions,
+		"useLocalFirewall":   firewallPolicy.UseLocalFirewall,
+		"synFloodConfig":     firewallPolicy.SYNFlood,
+		"log":                firewallPolicy.Log,
+		"maxRequestBodySize": types.String(firewallPolicy.MaxRequestBodySize),
 	}
 
 	// 预置分组
@@ -110,6 +112,7 @@ func (this *UpdateAction) RunPost(params struct {
 	UseLocalFirewall   bool
 	SynFloodJSON       []byte
 	LogJSON            []byte
+	MaxRequestBodySize int64
 
 	Must *actions.Must
 }) {
@@ -134,6 +137,11 @@ func (this *UpdateAction) RunPost(params struct {
 		this.Fail("验证码动作参数校验失败：" + err.Error())
 	}
 
+	// 最大内容尺寸
+	if params.MaxRequestBodySize < 0 {
+		params.MaxRequestBodySize = 0
+	}
+
 	_, err = this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallPolicy(this.AdminContext(), &pb.UpdateHTTPFirewallPolicyRequest{
 		HttpFirewallPolicyId: params.FirewallPolicyId,
 		IsOn:                 params.IsOn,
@@ -146,6 +154,7 @@ func (this *UpdateAction) RunPost(params struct {
 		UseLocalFirewall:     params.UseLocalFirewall,
 		SynFloodJSON:         params.SynFloodJSON,
 		LogJSON:              params.LogJSON,
+		MaxRequestBodySize:   params.MaxRequestBodySize,
 	})
 	if err != nil {
 		this.ErrorPage(err)
diff --git a/web/views/@default/servers/components/waf/createPopup.html b/web/views/@default/servers/components/waf/createPopup.html
index ac1dbc3a..e19c1f19 100644
--- a/web/views/@default/servers/components/waf/createPopup.html
+++ b/web/views/@default/servers/components/waf/createPopup.html
@@ -30,7 +30,7 @@
 				</td>
 			</tr>
 		 	<tr>
-				<td>是否启用</td>
+				<td>启用当前策略</td>
 				<td>
 					<div class="ui checkbox">
 						<input type="checkbox" name="isOn" value="1" checked="checked"/>
diff --git a/web/views/@default/servers/components/waf/policy.html b/web/views/@default/servers/components/waf/policy.html
index 0ccd95ba..99dc629e 100644
--- a/web/views/@default/servers/components/waf/policy.html
+++ b/web/views/@default/servers/components/waf/policy.html
@@ -74,6 +74,13 @@
             <span v-else>不记录</span>
         </td>
     </tr>
+    <tr>
+        <td>最多检查内容尺寸</td>
+        <td>
+            <span v-if="firewallPolicy.maxRequestBodySize == 0" class="disabled">使用默认</span>
+            <span v-else>{{firewallPolicy.maxRequestBodySizeFormat}}</span>
+        </td>
+    </tr>
     <tr>
         <td>描述</td>
         <td>
diff --git a/web/views/@default/servers/components/waf/update.html b/web/views/@default/servers/components/waf/update.html
index 5efe3af0..1cf0a9bb 100644
--- a/web/views/@default/servers/components/waf/update.html
+++ b/web/views/@default/servers/components/waf/update.html
@@ -1,103 +1,114 @@
 {$layout}
 
-	{$template "waf_menu"}
+{$template "waf_menu"}
 
-	<form method="post" class="ui form" data-tea-action="$" data-tea-success="success">
-		<input type="hidden" name="firewallPolicyId" :value="firewallPolicyId"/>
-		<table class="ui table definition selectable">
-			<tr>
-				<td class="title">策略名称 *</td>
-				<td>
-					<input type="text" name="name" maxlength="100" ref="focus" v-model="firewallPolicy.name"/>
-					<p class="comment">给策略起一个容易识别的名字。</p>
-				</td>
-			</tr>
+<form method="post" class="ui form" data-tea-action="$" data-tea-success="success">
+    <input type="hidden" name="firewallPolicyId" :value="firewallPolicyId"/>
+    <table class="ui table definition selectable">
+        <tr>
+            <td class="title">策略名称 *</td>
+            <td>
+                <input type="text" name="name" maxlength="100" ref="focus" v-model="firewallPolicy.name"/>
+                <p class="comment">给策略起一个容易识别的名字。</p>
+            </td>
+        </tr>
+        <tr>
+            <td>当前模式</td>
+            <td>
+                <select class="ui dropdown auto-width" name="mode" v-model="firewallPolicy.mode">
+                    <option v-for="mode in modes" :value="mode.code">{{mode.name}}</option>
+                </select>
+                <p class="comment" v-for="mode in modes" v-if="mode.code == firewallPolicy.mode">{{mode.description}}</p>
+            </td>
+        </tr>
+        <tr>
+            <td>启用预置的规则</td>
+            <td>
+                <div class="ui checkbox" v-for="group in groups" style="width:10em;margin-bottom:0.5em">
+                    <input type="checkbox" name="groupCodes" :value="group.code" :id="'group-checkbox-' + group.code" v-model="group.isOn"/>
+                    <label :for="'group-checkbox-' + group.code">{{group.name}}</label>
+                </div>
+                <p class="comment">可以启用一些我们预置的规则组。</p>
+            </td>
+        </tr>
+        <tr>
+            <td colspan="2"><more-options-indicator></more-options-indicator></td>
+        </tr>
+        <tbody v-show="moreOptionsVisible">
             <tr>
-                <td>当前模式</td>
+                <td>阻止动作配置</td>
                 <td>
-                    <select class="ui dropdown auto-width" name="mode" v-model="firewallPolicy.mode">
-                        <option v-for="mode in modes" :value="mode.code">{{mode.name}}</option>
-                    </select>
-                    <p class="comment" v-for="mode in modes" v-if="mode.code == firewallPolicy.mode">{{mode.description}}</p>
+                    <http-firewall-block-options :v-block-options="firewallPolicy.blockOptions"></http-firewall-block-options>
                 </td>
             </tr>
-			<tr>
-				<td>启用预置的规则</td>
-				<td>
-					<div class="ui checkbox" v-for="group in groups" style="width:10em;margin-bottom:0.5em">
-						<input type="checkbox" name="groupCodes" :value="group.code" :id="'group-checkbox-' + group.code" v-model="group.isOn"/>
-						<label :for="'group-checkbox-' + group.code">{{group.name}}</label>
-					</div>
-					<p class="comment">可以启用一些我们预置的规则组。</p>
-				</td>
-			</tr>
-			<tr>
-				<td colspan="2"><more-options-indicator></more-options-indicator></td>
-			</tr>
-			<tbody v-show="moreOptionsVisible">
-                <tr>
-                    <td>阻止动作配置</td>
-                    <td>
-                        <http-firewall-block-options :v-block-options="firewallPolicy.blockOptions"></http-firewall-block-options>
-                    </td>
-                </tr>
-                <tr>
-                    <td>验证码动作配置</td>
-                    <td>
-                        <http-firewall-captcha-options :v-captcha-options="firewallPolicy.captchaOptions"></http-firewall-captcha-options>
-                    </td>
-                </tr>
-                <tr>
-                    <td>使用系统防火墙</td>
-                    <td>
-                        <checkbox name="useLocalFirewall" v-model="firewallPolicy.useLocalFirewall"></checkbox>
-                        <p class="comment">开启后，可以在合适的时候自动使用系统自带防火墙进行防御。</p>
-                    </td>
-                </tr>
-                <tr>
-                    <td>SYN Flood防御</td>
-                    <td>
-                        <firewall-syn-flood-config-box :v-syn-flood-config="firewallPolicy.synFloodConfig"></firewall-syn-flood-config-box>
-                    </td>
-                </tr>
-                <tr>
-                    <td :class="{'color-border':firewallPolicy.log.isOn}">记录访问日志</td>
-                    <td>
-                        <input type="hidden" name="logJSON" :value="JSON.stringify(firewallPolicy.log)"/>
-                        <checkbox name="" v-model="firewallPolicy.log.isOn"></checkbox>
-                        <p class="comment">选中后，总是记录WAF相关访问日志，即使服务中没有开启访问日志。</p>
-                    </td>
-                </tr>
-                <tr v-show="firewallPolicy.log.isOn">
-                    <td class="color-border">记录请求Body</td>
-                    <td>
-                        <checkbox v-model="firewallPolicy.log.requestBody"></checkbox>
-                        <p class="comment">选中后，表示在访问日志中记录匹配的请求内容。注意：此选项会明显增加访问日志占用空间，请谨慎开启。</p>
-                    </td>
-                </tr>
-                <tr v-show="firewallPolicy.log.isOn">
-                    <td class="color-border">记录区域封禁日志</td>
-                    <td>
-                        <checkbox v-model="firewallPolicy.log.regionDenying"></checkbox>
-                        <p class="comment">选中后，表示在访问日志中记录区域封禁（地区和省份）事件。</p>
-                    </td>
-                </tr>
-                <tr>
-                    <td>描述</td>
-                    <td>
-                        <textarea name="description" rows="3" v-model="firewallPolicy.description"></textarea>
-                    </td>
-                </tr>
-                <tr>
-                    <td>是否启用</td>
-                    <td>
-                        <div class="ui checkbox">
-                            <input type="checkbox" name="isOn" value="1" v-model="firewallPolicy.isOn"/>
-                            <label></label>
-                        </div>
-                    </td>
-                </tr>
-			</tbody>
-		</table>
-		<submit-btn></submit-btn>
-	</form>
\ No newline at end of file
+            <tr>
+                <td>验证码动作配置</td>
+                <td>
+                    <http-firewall-captcha-options :v-captcha-options="firewallPolicy.captchaOptions"></http-firewall-captcha-options>
+                </td>
+            </tr>
+            <tr>
+                <td>使用系统防火墙</td>
+                <td>
+                    <checkbox name="useLocalFirewall" v-model="firewallPolicy.useLocalFirewall"></checkbox>
+                    <p class="comment">开启后，可以在合适的时候自动使用系统自带防火墙进行防御。</p>
+                </td>
+            </tr>
+            <tr>
+                <td>SYN Flood防御</td>
+                <td>
+                    <firewall-syn-flood-config-box :v-syn-flood-config="firewallPolicy.synFloodConfig"></firewall-syn-flood-config-box>
+                </td>
+            </tr>
+            <tr>
+                <td :class="{'color-border':firewallPolicy.log.isOn}">记录访问日志</td>
+                <td>
+                    <input type="hidden" name="logJSON" :value="JSON.stringify(firewallPolicy.log)"/>
+                    <checkbox name="" v-model="firewallPolicy.log.isOn"></checkbox>
+                    <p class="comment">选中后，总是记录WAF相关访问日志，即使服务中没有开启访问日志。</p>
+                </td>
+            </tr>
+            <tr v-show="firewallPolicy.log.isOn">
+                <td class="color-border">记录请求Body</td>
+                <td>
+                    <checkbox v-model="firewallPolicy.log.requestBody"></checkbox>
+                    <p class="comment">选中后，表示在访问日志中记录匹配的请求内容。注意：此选项会明显增加访问日志占用空间，请谨慎开启。</p>
+                </td>
+            </tr>
+            <tr v-show="firewallPolicy.log.isOn">
+                <td class="color-border">记录区域封禁日志</td>
+                <td>
+                    <checkbox v-model="firewallPolicy.log.regionDenying"></checkbox>
+                    <p class="comment">选中后，表示在访问日志中记录区域封禁（地区和省份）事件。</p>
+                </td>
+            </tr>
+            <tr>
+                <td>最多检查内容尺寸</td>
+                <td>
+                    <input type="hidden" name="maxRequestBodySize" v-model="maxRequestBodySize"/>
+                    <div class="ui input right labeled">
+                        <input type="text" style="width: 10em" maxlength="10" v-model="firewallPolicy.maxRequestBodySize" @input="changeMaxRequestBodySize(firewallPolicy.maxRequestBodySize)"/>
+                        <span class="ui label">字节</span>
+                    </div>
+                    <p class="comment"><span v-if="maxRequestBodySize > 0">当前：{{maxRequestBodySizeFormat}}。</span>WAF能够分析的最大文件内容尺寸，0表示默认，默认为1MB；此值越大，对应使用的系统内存越多，除非特殊情况，否则请谨慎修改。</p>
+                </td>
+            </tr>
+            <tr>
+                <td>描述</td>
+                <td>
+                    <textarea name="description" rows="3" v-model="firewallPolicy.description"></textarea>
+                </td>
+            </tr>
+            <tr>
+                <td>启用当前策略</td>
+                <td>
+                    <div class="ui checkbox">
+                        <input type="checkbox" name="isOn" value="1" v-model="firewallPolicy.isOn"/>
+                        <label></label>
+                    </div>
+                </td>
+            </tr>
+        </tbody>
+    </table>
+    <submit-btn></submit-btn>
+</form>
\ No newline at end of file
diff --git a/web/views/@default/servers/components/waf/update.js b/web/views/@default/servers/components/waf/update.js
index d6ed17ee..0f0b4d42 100644
--- a/web/views/@default/servers/components/waf/update.js
+++ b/web/views/@default/servers/components/waf/update.js
@@ -1,3 +1,22 @@
 Tea.context(function () {
 	this.success = NotifySuccess("保存成功", "/servers/components/waf/policy?firewallPolicyId=" + this.firewallPolicyId)
+
+	this.maxRequestBodySize = this.firewallPolicy.maxRequestBodySize
+	this.maxRequestBodySizeFormat = teaweb.formatBytes(this.maxRequestBodySize)
+	if (this.maxRequestBodySize == 0) {
+		this.maxRequestBodySizeFormat = ""
+	}
+
+	this.changeMaxRequestBodySize = function (v) {
+		if (v.toString().length == 0) {
+			this.maxRequestBodySize = 0
+			this.maxRequestBodySizeFormat = teaweb.formatBytes(this.maxRequestBodySize)
+			return
+		}
+		let size = parseInt(v)
+		if (!isNaN(size) && size >= 0) {
+			this.maxRequestBodySize = size
+			this.maxRequestBodySizeFormat = teaweb.formatBytes(this.maxRequestBodySize)
+		}
+	}
 })
\ No newline at end of file