mirror of
https://github.com/TeaOSLab/EdgeAdmin.git
synced 2025-12-30 23:16:35 +08:00
WAF国家/地区封禁、省份封禁增加例外URL、限制URL
This commit is contained in:
GoEdgeLab
@@ -7,6 +7,7 @@ import (
|
||||
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
|
||||
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
|
||||
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
|
||||
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
|
||||
"github.com/iwind/TeaGo/actions"
|
||||
"github.com/iwind/TeaGo/lists"
|
||||
"github.com/iwind/TeaGo/maps"
|
||||
@@ -41,7 +42,7 @@ func (this *CountriesAction) RunGet(params struct {
|
||||
this.NotFound("firewallPolicy", params.FirewallPolicyId)
|
||||
return
|
||||
}
|
||||
selectedCountryIds := []int64{}
|
||||
var selectedCountryIds = []int64{}
|
||||
if policyConfig.Inbound != nil && policyConfig.Inbound.Region != nil {
|
||||
selectedCountryIds = policyConfig.Inbound.Region.DenyCountryIds
|
||||
}
|
||||
@@ -51,7 +52,7 @@ func (this *CountriesAction) RunGet(params struct {
|
||||
this.ErrorPage(err)
|
||||
return
|
||||
}
|
||||
countryMaps := []maps.Map{}
|
||||
var countryMaps = []maps.Map{}
|
||||
for _, country := range countriesResp.RegionCountries {
|
||||
countryMaps = append(countryMaps, maps.Map{
|
||||
"id": country.Id,
|
||||
@@ -62,6 +63,18 @@ func (this *CountriesAction) RunGet(params struct {
|
||||
}
|
||||
this.Data["countries"] = countryMaps
|
||||
|
||||
// except & only URL Patterns
|
||||
this.Data["exceptURLPatterns"] = []*shared.URLPattern{}
|
||||
this.Data["onlyURLPatterns"] = []*shared.URLPattern{}
|
||||
if policyConfig.Inbound != nil && policyConfig.Inbound.Region != nil {
|
||||
if len(policyConfig.Inbound.Region.CountryExceptURLPatterns) > 0 {
|
||||
this.Data["exceptURLPatterns"] = policyConfig.Inbound.Region.CountryExceptURLPatterns
|
||||
}
|
||||
if len(policyConfig.Inbound.Region.CountryOnlyURLPatterns) > 0 {
|
||||
this.Data["onlyURLPatterns"] = policyConfig.Inbound.Region.CountryOnlyURLPatterns
|
||||
}
|
||||
}
|
||||
|
||||
// WAF是否启用
|
||||
webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerId(this.AdminContext(), params.ServerId)
|
||||
if err != nil {
|
||||
@@ -77,6 +90,9 @@ func (this *CountriesAction) RunPost(params struct {
|
||||
FirewallPolicyId int64
|
||||
CountryIds []int64
|
||||
|
||||
ExceptURLPatternsJSON []byte
|
||||
OnlyURLPatternsJSON []byte
|
||||
|
||||
Must *actions.Must
|
||||
}) {
|
||||
// 日志
|
||||
@@ -102,6 +118,34 @@ func (this *CountriesAction) RunPost(params struct {
|
||||
}
|
||||
policyConfig.Inbound.Region.DenyCountryIds = params.CountryIds
|
||||
|
||||
// 例外URL
|
||||
var exceptURLPatterns = []*shared.URLPattern{}
|
||||
if len(params.ExceptURLPatternsJSON) > 0 {
|
||||
err = json.Unmarshal(params.ExceptURLPatternsJSON, &exceptURLPatterns)
|
||||
if err != nil {
|
||||
this.Fail("校验例外URL参数失败:" + err.Error())
|
||||
return
|
||||
}
|
||||
}
|
||||
policyConfig.Inbound.Region.CountryExceptURLPatterns = exceptURLPatterns
|
||||
|
||||
// 限制URL
|
||||
var onlyURLPatterns = []*shared.URLPattern{}
|
||||
if len(params.OnlyURLPatternsJSON) > 0 {
|
||||
err = json.Unmarshal(params.OnlyURLPatternsJSON, &onlyURLPatterns)
|
||||
if err != nil {
|
||||
this.Fail("校验限制URL参数失败:" + err.Error())
|
||||
return
|
||||
}
|
||||
}
|
||||
policyConfig.Inbound.Region.CountryOnlyURLPatterns = onlyURLPatterns
|
||||
|
||||
err = policyConfig.Init()
|
||||
if err != nil {
|
||||
this.Fail("配置校验失败:" + err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
inboundJSON, err := json.Marshal(policyConfig.Inbound)
|
||||
if err != nil {
|
||||
this.ErrorPage(err)
|
||||
|
||||
@@ -7,6 +7,7 @@ import (
|
||||
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
|
||||
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
|
||||
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
|
||||
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
|
||||
"github.com/iwind/TeaGo/actions"
|
||||
"github.com/iwind/TeaGo/lists"
|
||||
"github.com/iwind/TeaGo/maps"
|
||||
@@ -41,7 +42,7 @@ func (this *ProvincesAction) RunGet(params struct {
|
||||
this.NotFound("firewallPolicy", params.FirewallPolicyId)
|
||||
return
|
||||
}
|
||||
selectedProvinceIds := []int64{}
|
||||
var selectedProvinceIds = []int64{}
|
||||
if policyConfig.Inbound != nil && policyConfig.Inbound.Region != nil {
|
||||
selectedProvinceIds = policyConfig.Inbound.Region.DenyProvinceIds
|
||||
}
|
||||
@@ -53,7 +54,7 @@ func (this *ProvincesAction) RunGet(params struct {
|
||||
this.ErrorPage(err)
|
||||
return
|
||||
}
|
||||
provinceMaps := []maps.Map{}
|
||||
var provinceMaps = []maps.Map{}
|
||||
for _, province := range provincesResp.RegionProvinces {
|
||||
provinceMaps = append(provinceMaps, maps.Map{
|
||||
"id": province.Id,
|
||||
@@ -63,6 +64,18 @@ func (this *ProvincesAction) RunGet(params struct {
|
||||
}
|
||||
this.Data["provinces"] = provinceMaps
|
||||
|
||||
// except & only URL Patterns
|
||||
this.Data["exceptURLPatterns"] = []*shared.URLPattern{}
|
||||
this.Data["onlyURLPatterns"] = []*shared.URLPattern{}
|
||||
if policyConfig.Inbound != nil && policyConfig.Inbound.Region != nil {
|
||||
if len(policyConfig.Inbound.Region.ProvinceExceptURLPatterns) > 0 {
|
||||
this.Data["exceptURLPatterns"] = policyConfig.Inbound.Region.ProvinceExceptURLPatterns
|
||||
}
|
||||
if len(policyConfig.Inbound.Region.ProvinceOnlyURLPatterns) > 0 {
|
||||
this.Data["onlyURLPatterns"] = policyConfig.Inbound.Region.ProvinceOnlyURLPatterns
|
||||
}
|
||||
}
|
||||
|
||||
// WAF是否启用
|
||||
webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerId(this.AdminContext(), params.ServerId)
|
||||
if err != nil {
|
||||
@@ -78,6 +91,9 @@ func (this *ProvincesAction) RunPost(params struct {
|
||||
FirewallPolicyId int64
|
||||
ProvinceIds []int64
|
||||
|
||||
ExceptURLPatternsJSON []byte
|
||||
OnlyURLPatternsJSON []byte
|
||||
|
||||
Must *actions.Must
|
||||
}) {
|
||||
// 日志
|
||||
@@ -103,6 +119,34 @@ func (this *ProvincesAction) RunPost(params struct {
|
||||
}
|
||||
policyConfig.Inbound.Region.DenyProvinceIds = params.ProvinceIds
|
||||
|
||||
// 例外URL
|
||||
var exceptURLPatterns = []*shared.URLPattern{}
|
||||
if len(params.ExceptURLPatternsJSON) > 0 {
|
||||
err = json.Unmarshal(params.ExceptURLPatternsJSON, &exceptURLPatterns)
|
||||
if err != nil {
|
||||
this.Fail("校验例外URL参数失败:" + err.Error())
|
||||
return
|
||||
}
|
||||
}
|
||||
policyConfig.Inbound.Region.ProvinceExceptURLPatterns = exceptURLPatterns
|
||||
|
||||
// 限制URL
|
||||
var onlyURLPatterns = []*shared.URLPattern{}
|
||||
if len(params.OnlyURLPatternsJSON) > 0 {
|
||||
err = json.Unmarshal(params.OnlyURLPatternsJSON, &onlyURLPatterns)
|
||||
if err != nil {
|
||||
this.Fail("校验限制URL参数失败:" + err.Error())
|
||||
return
|
||||
}
|
||||
}
|
||||
policyConfig.Inbound.Region.ProvinceOnlyURLPatterns = onlyURLPatterns
|
||||
|
||||
err = policyConfig.Init()
|
||||
if err != nil {
|
||||
this.Fail("配置校验失败:" + err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
inboundJSON, err := json.Marshal(policyConfig.Inbound)
|
||||
if err != nil {
|
||||
this.ErrorPage(err)
|
||||
|
||||
Reference in New Issue
Block a user