访问日志列表显示WAF相关信息

2026-04-28 00:45:21 +08:00 · 2022-04-21 16:20:03 +08:00
parent dc74884f2d
commit d0b5c7e707
11 changed files with 460 additions and 34 deletions
--- a/internal/web/actions/default/servers/server/log/index.go
+++ b/internal/web/actions/default/servers/server/log/index.go
@@ -5,6 +5,7 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/lists"
+	"github.com/iwind/TeaGo/maps"
 	timeutil "github.com/iwind/TeaGo/utils/time"
 )

@@ -61,7 +62,7 @@ func (this *IndexAction) RunPost(params struct {

 	Must *actions.Must
 }) {
-	isReverse := len(params.RequestId) > 0
+	var isReverse = len(params.RequestId) > 0
 	accessLogsResp, err := this.RPC().HTTPAccessLogRPC().ListHTTPAccessLogs(this.AdminContext(), &pb.ListHTTPAccessLogsRequest{
 		Partition:     params.Partition,
 		ServerId:      params.ServerId,
@@ -80,17 +81,39 @@ func (this *IndexAction) RunPost(params struct {
 		return
 	}

-	ipList := []string{}
-	accessLogs := accessLogsResp.HttpAccessLogs
+	var ipList = []string{}
+	var wafMaps = []maps.Map{}
+	
+	var accessLogs = accessLogsResp.HttpAccessLogs
 	if len(accessLogs) == 0 {
 		accessLogs = []*pb.HTTPAccessLog{}
 	} else {
 		for _, accessLog := range accessLogs {
+			// IP
 			if len(accessLog.RemoteAddr) > 0 {
 				if !lists.ContainsString(ipList, accessLog.RemoteAddr) {
 					ipList = append(ipList, accessLog.RemoteAddr)
 				}
 			}
+
+			// WAF信息集合
+			if accessLog.FirewallPolicyId > 0 && accessLog.FirewallRuleGroupId > 0 && accessLog.FirewallRuleSetId > 0 {
+				// 检查Set是否已经存在
+				var existSet = false
+				for _, wafMap := range wafMaps {
+					if wafMap.GetInt64("setId") == accessLog.FirewallRuleSetId {
+						existSet = true
+						break
+					}
+				}
+				if !existSet {
+					wafMaps = append(wafMaps, maps.Map{
+						"policyId": accessLog.FirewallPolicyId,
+						"groupId":  accessLog.FirewallRuleGroupId,
+						"setId":    accessLog.FirewallRuleSetId,
+					})
+				}
+			}
 		}
 	}
 	this.Data["accessLogs"] = accessLogs
@@ -102,7 +125,7 @@ func (this *IndexAction) RunPost(params struct {
 	this.Data["hasMore"] = accessLogsResp.HasMore

 	// 根据IP查询区域
-	regionMap := map[string]string{} // ip => region
+	var regionMap = map[string]string{} // ip => region
 	if len(ipList) > 0 {
 		resp, err := this.RPC().IPLibraryRPC().LookupIPRegions(this.AdminContext(), &pb.LookupIPRegionsRequest{IpList: ipList})
 		if err != nil {
@@ -117,5 +140,79 @@ func (this *IndexAction) RunPost(params struct {
 	}
 	this.Data["regions"] = regionMap

+	// WAF相关
+	var wafInfos = map[int64]maps.Map{}                          // set id => WAF Map
+	var wafPolicyCacheMap = map[int64]*pb.HTTPFirewallPolicy{}   // id => *pb.HTTPFirewallPolicy
+	var wafGroupCacheMap = map[int64]*pb.HTTPFirewallRuleGroup{} // id => *pb.HTTPFirewallRuleGroup
+	var wafSetCacheMap = map[int64]*pb.HTTPFirewallRuleSet{}     // id => *pb.HTTPFirewallRuleSet
+	for _, wafMap := range wafMaps {
+		var policyId = wafMap.GetInt64("policyId")
+		var groupId = wafMap.GetInt64("groupId")
+		var setId = wafMap.GetInt64("setId")
+		if policyId > 0 {
+			pbPolicy, ok := wafPolicyCacheMap[policyId]
+			if !ok {
+				policyResp, err := this.RPC().HTTPFirewallPolicyRPC().FindEnabledHTTPFirewallPolicy(this.AdminContext(), &pb.FindEnabledHTTPFirewallPolicyRequest{HttpFirewallPolicyId: policyId})
+				if err != nil {
+					this.ErrorPage(err)
+					return
+				}
+				pbPolicy = policyResp.HttpFirewallPolicy
+				wafPolicyCacheMap[policyId] = pbPolicy
+			}
+			if pbPolicy != nil {
+				wafMap = maps.Map{
+					"policy": maps.Map{
+						"id":       pbPolicy.Id,
+						"name":     pbPolicy.Name,
+						"serverId": pbPolicy.ServerId,
+					},
+				}
+				if groupId > 0 {
+					pbGroup, ok := wafGroupCacheMap[groupId]
+					if !ok {
+						groupResp, err := this.RPC().HTTPFirewallRuleGroupRPC().FindEnabledHTTPFirewallRuleGroup(this.AdminContext(), &pb.FindEnabledHTTPFirewallRuleGroupRequest{FirewallRuleGroupId: groupId})
+						if err != nil {
+							this.ErrorPage(err)
+							return
+						}
+						pbGroup = groupResp.FirewallRuleGroup
+						wafGroupCacheMap[groupId] = pbGroup
+					}
+
+					if pbGroup != nil {
+						wafMap["group"] = maps.Map{
+							"id":   pbGroup.Id,
+							"name": pbGroup.Name,
+						}
+
+						if setId > 0 {
+							pbSet, ok := wafSetCacheMap[setId]
+							if !ok {
+								setResp, err := this.RPC().HTTPFirewallRuleSetRPC().FindEnabledHTTPFirewallRuleSet(this.AdminContext(), &pb.FindEnabledHTTPFirewallRuleSetRequest{FirewallRuleSetId: setId})
+								if err != nil {
+									this.ErrorPage(err)
+									return
+								}
+								pbSet = setResp.FirewallRuleSet
+								wafSetCacheMap[setId] = pbSet
+							}
+
+							if pbSet != nil {
+								wafMap["set"] = maps.Map{
+									"id":   pbSet.Id,
+									"name": pbSet.Name,
+								}
+							}
+						}
+					}
+				}
+			}
+		}
+
+		wafInfos[setId] = wafMap
+	}
+	this.Data["wafInfos"] = wafInfos
+
 	this.Success()
 }