改进WAF策略的区域封禁

internal/web/actions/default/servers/components/waf/ipadmin/index.go

@@ -7,6 +7,7 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/lists"
 	"github.com/iwind/TeaGo/maps"
@@ -36,9 +37,12 @@ func (this *IndexAction) RunGet(params struct {
 		this.NotFound("firewallPolicy", params.FirewallPolicyId)
 		return
 	}
-	var selectedCountryIds = []int64{}
+
+	var deniedCountryIds = []int64{}
+	var allowedCountryIds = []int64{}
 	if policyConfig.Inbound != nil && policyConfig.Inbound.Region != nil {
-		selectedCountryIds = policyConfig.Inbound.Region.DenyCountryIds
+		deniedCountryIds = policyConfig.Inbound.Region.DenyCountryIds
+		allowedCountryIds = policyConfig.Inbound.Region.AllowCountryIds
 	}
 
 	countriesResp, err := this.RPC().RegionCountryRPC().FindAllRegionCountries(this.AdminContext(), &pb.FindAllRegionCountriesRequest{})
@@ -46,23 +50,46 @@ func (this *IndexAction) RunGet(params struct {
 		this.ErrorPage(err)
 		return
 	}
-	var countryMaps = []maps.Map{}
+	var deniesCountryMaps = []maps.Map{}
+	var allowedCountryMaps = []maps.Map{}
 	for _, country := range countriesResp.RegionCountries {
-		countryMaps = append(countryMaps, maps.Map{
-			"id":        country.Id,
-			"name":      country.DisplayName,
-			"letter":    strings.ToUpper(string(country.Pinyin[0][0])),
-			"isChecked": lists.ContainsInt64(selectedCountryIds, country.Id),
-		})
+		var countryMap = maps.Map{
+			"id":     country.Id,
+			"name":   country.DisplayName,
+			"letter": strings.ToUpper(string(country.Pinyin[0][0])),
+		}
+		if lists.ContainsInt64(deniedCountryIds, country.Id) {
+			deniesCountryMaps = append(deniesCountryMaps, countryMap)
+		}
+		if lists.ContainsInt64(allowedCountryIds, country.Id) {
+			allowedCountryMaps = append(allowedCountryMaps, countryMap)
+		}
+	}
+	this.Data["deniedCountries"] = deniesCountryMaps
+	this.Data["allowedCountries"] = allowedCountryMaps
+
+	// except & only URL Patterns
+	this.Data["exceptURLPatterns"] = []*shared.URLPattern{}
+	this.Data["onlyURLPatterns"] = []*shared.URLPattern{}
+	if policyConfig.Inbound != nil && policyConfig.Inbound.Region != nil {
+		if len(policyConfig.Inbound.Region.CountryExceptURLPatterns) > 0 {
+			this.Data["exceptURLPatterns"] = policyConfig.Inbound.Region.CountryExceptURLPatterns
+		}
+		if len(policyConfig.Inbound.Region.CountryOnlyURLPatterns) > 0 {
+			this.Data["onlyURLPatterns"] = policyConfig.Inbound.Region.CountryOnlyURLPatterns
+		}
 	}
-	this.Data["countries"] = countryMaps
 
 	this.Show()
 }
 
 func (this *IndexAction) RunPost(params struct {
 	FirewallPolicyId int64
-	CountryIds       []int64
+	DenyCountryIds   []int64
+	AllowCountryIds  []int64
+
+	ExceptURLPatternsJSON []byte
+	OnlyURLPatternsJSON   []byte
 
 	Must *actions.Must
 }) {
@@ -87,7 +114,30 @@ func (this *IndexAction) RunPost(params struct {
 			IsOn: true,
 		}
 	}
-	policyConfig.Inbound.Region.DenyCountryIds = params.CountryIds
+	policyConfig.Inbound.Region.DenyCountryIds = params.DenyCountryIds
+	policyConfig.Inbound.Region.AllowCountryIds = params.AllowCountryIds
+
+	// 例外URL
+	var exceptURLPatterns = []*shared.URLPattern{}
+	if len(params.ExceptURLPatternsJSON) > 0 {
+		err = json.Unmarshal(params.ExceptURLPatternsJSON, &exceptURLPatterns)
+		if err != nil {
+			this.Fail("校验例外URL参数失败：" + err.Error())
+			return
+		}
+	}
+	policyConfig.Inbound.Region.CountryExceptURLPatterns = exceptURLPatterns
+
+	// 限制URL
+	var onlyURLPatterns = []*shared.URLPattern{}
+	if len(params.OnlyURLPatternsJSON) > 0 {
+		err = json.Unmarshal(params.OnlyURLPatternsJSON, &onlyURLPatterns)
+		if err != nil {
+			this.Fail("校验限制URL参数失败：" + err.Error())
+			return
+		}
+	}
+	policyConfig.Inbound.Region.CountryOnlyURLPatterns = onlyURLPatterns
 
 	inboundJSON, err := json.Marshal(policyConfig.Inbound)
 	if err != nil {