v1.4.1

2026-02-06 11:55:37 +08:00 · 2024-07-27 15:42:58 +08:00
parent 7279dc873f
commit d7d0c8fbfe
490 changed files with 2158 additions and 738 deletions
--- a/internal/web/actions/default/servers/components/waf/ipadmin/index.go
+++ b/internal/web/actions/default/servers/components/waf/ipadmin/index.go
@@ -2,6 +2,8 @@ package ipadmin

 import (
 	"encoding/json"
+	"strings"
+
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/langs/codes"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
@@ -11,7 +13,6 @@ import (
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/lists"
 	"github.com/iwind/TeaGo/maps"
-	"strings"
 )

 type IndexAction struct {
--- a/internal/web/actions/default/servers/components/waf/ipadmin/lists.go
+++ b/internal/web/actions/default/servers/components/waf/ipadmin/lists.go
@@ -1,13 +1,14 @@
 package ipadmin

 import (
+	"time"
+
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
 	"github.com/iwind/TeaGo/maps"
 	timeutil "github.com/iwind/TeaGo/utils/time"
-	"time"
 )

 type ListsAction struct {
--- a/internal/web/actions/default/servers/components/waf/ipadmin/providers.go
+++ b/internal/web/actions/default/servers/components/waf/ipadmin/providers.go
@@ -0,0 +1,176 @@
+package ipadmin
+
+import (
+	"encoding/json"
+
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/langs/codes"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/lists"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type ProvidersAction struct {
+	actionutils.ParentAction
+}
+
+func (this *ProvidersAction) Init() {
+	this.Nav("", "", "ipadmin")
+}
+
+func (this *ProvidersAction) RunGet(params struct {
+	FirewallPolicyId int64
+}) {
+	this.Data["subMenuItem"] = "provider"
+
+	// 当前选中的运营商
+	policyConfig, err := dao.SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if policyConfig == nil {
+		this.NotFound("firewallPolicy", params.FirewallPolicyId)
+		return
+	}
+
+	var deniedProviderIds = []int64{}
+	var allowedProviderIds = []int64{}
+	var providerHTML string
+	if policyConfig.Inbound != nil && policyConfig.Inbound.Region != nil {
+		deniedProviderIds = policyConfig.Inbound.Region.DenyProviderIds
+		allowedProviderIds = policyConfig.Inbound.Region.AllowProviderIds
+		providerHTML = policyConfig.Inbound.Region.ProviderHTML
+	}
+	this.Data["providerHTML"] = providerHTML
+
+	providerResp, err := this.RPC().RegionProviderRPC().FindAllRegionProviders(this.AdminContext(), &pb.FindAllRegionProvidersRequest{})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var deniedProviderMaps = []maps.Map{}
+	var allowedProviderMaps = []maps.Map{}
+	for _, provider := range providerResp.RegionProviders {
+		var providerMap = maps.Map{
+			"id":   provider.Id,
+			"name": provider.Name,
+		}
+		if lists.ContainsInt64(deniedProviderIds, provider.Id) {
+			deniedProviderMaps = append(deniedProviderMaps, providerMap)
+		}
+		if lists.ContainsInt64(allowedProviderIds, provider.Id) {
+			allowedProviderMaps = append(allowedProviderMaps, providerMap)
+		}
+	}
+	this.Data["deniedProviders"] = deniedProviderMaps
+	this.Data["allowedProviders"] = allowedProviderMaps
+
+	// except & only URL Patterns
+	this.Data["exceptURLPatterns"] = []*shared.URLPattern{}
+	this.Data["onlyURLPatterns"] = []*shared.URLPattern{}
+	if policyConfig.Inbound != nil && policyConfig.Inbound.Region != nil {
+		if len(policyConfig.Inbound.Region.ProviderExceptURLPatterns) > 0 {
+			this.Data["exceptURLPatterns"] = policyConfig.Inbound.Region.ProviderExceptURLPatterns
+		}
+		if len(policyConfig.Inbound.Region.ProviderOnlyURLPatterns) > 0 {
+			this.Data["onlyURLPatterns"] = policyConfig.Inbound.Region.ProviderOnlyURLPatterns
+		}
+	}
+
+	this.Show()
+}
+
+func (this *ProvidersAction) RunPost(params struct {
+	FirewallPolicyId int64
+
+	DenyProviderIds  []int64
+	AllowProviderIds []int64
+
+	ExceptURLPatternsJSON []byte
+	OnlyURLPatternsJSON   []byte
+
+	ProviderHTML string
+
+	Must *actions.Must
+}) {
+	// 日志
+	defer this.CreateLogInfo(codes.WAF_LogUpdateForbiddenProviders, params.FirewallPolicyId)
+
+	policyConfig, err := dao.SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if policyConfig == nil {
+		this.NotFound("firewallPolicy", params.FirewallPolicyId)
+		return
+	}
+
+	if policyConfig.Inbound == nil {
+		policyConfig.Inbound = &firewallconfigs.HTTPFirewallInboundConfig{IsOn: true}
+	}
+	if policyConfig.Inbound.Region == nil {
+		policyConfig.Inbound.Region = &firewallconfigs.HTTPFirewallRegionConfig{
+			IsOn: true,
+		}
+	}
+	policyConfig.Inbound.Region.DenyProviderIds = params.DenyProviderIds
+	policyConfig.Inbound.Region.AllowProviderIds = params.AllowProviderIds
+
+	// 例外URL
+	var exceptURLPatterns = []*shared.URLPattern{}
+	if len(params.ExceptURLPatternsJSON) > 0 {
+		err = json.Unmarshal(params.ExceptURLPatternsJSON, &exceptURLPatterns)
+		if err != nil {
+			this.Fail("校验例外URL参数失败：" + err.Error())
+			return
+		}
+	}
+	policyConfig.Inbound.Region.ProviderExceptURLPatterns = exceptURLPatterns
+
+	// 限制URL
+	var onlyURLPatterns = []*shared.URLPattern{}
+	if len(params.OnlyURLPatternsJSON) > 0 {
+		err = json.Unmarshal(params.OnlyURLPatternsJSON, &onlyURLPatterns)
+		if err != nil {
+			this.Fail("校验限制URL参数失败：" + err.Error())
+			return
+		}
+	}
+	policyConfig.Inbound.Region.ProviderOnlyURLPatterns = onlyURLPatterns
+
+	// 自定义提示
+	if len(params.ProviderHTML) > 32<<10 {
+		this.Fail("提示内容长度不能超出32K")
+		return
+	}
+	policyConfig.Inbound.Region.ProviderHTML = params.ProviderHTML
+
+	err = policyConfig.Init()
+	if err != nil {
+		this.Fail("配置校验失败：" + err.Error())
+		return
+	}
+
+	inboundJSON, err := json.Marshal(policyConfig.Inbound)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	_, err = this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallInboundConfig(this.AdminContext(), &pb.UpdateHTTPFirewallInboundConfigRequest{
+		HttpFirewallPolicyId: params.FirewallPolicyId,
+		InboundJSON:          inboundJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/components/waf/ipadmin/provinces.go
+++ b/internal/web/actions/default/servers/components/waf/ipadmin/provinces.go
@@ -2,6 +2,7 @@ package ipadmin

 import (
 	"encoding/json"
+
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/langs/codes"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"