WAF国家/地区封禁、省份封禁增加例外URL、限制URL

internal/web/actions/default/servers/server/settings/waf/ipadmin/countries.go

@@ -7,6 +7,7 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/lists"
 	"github.com/iwind/TeaGo/maps"
@@ -41,7 +42,7 @@ func (this *CountriesAction) RunGet(params struct {
 		this.NotFound("firewallPolicy", params.FirewallPolicyId)
 		return
 	}
-	selectedCountryIds := []int64{}
+	var selectedCountryIds = []int64{}
 	if policyConfig.Inbound != nil && policyConfig.Inbound.Region != nil {
 		selectedCountryIds = policyConfig.Inbound.Region.DenyCountryIds
 	}
@@ -51,7 +52,7 @@ func (this *CountriesAction) RunGet(params struct {
 		this.ErrorPage(err)
 		return
 	}
-	countryMaps := []maps.Map{}
+	var countryMaps = []maps.Map{}
 	for _, country := range countriesResp.RegionCountries {
 		countryMaps = append(countryMaps, maps.Map{
 			"id":        country.Id,
@@ -62,6 +63,18 @@ func (this *CountriesAction) RunGet(params struct {
 	}
 	this.Data["countries"] = countryMaps
 
+	// except & only URL Patterns
+	this.Data["exceptURLPatterns"] = []*shared.URLPattern{}
+	this.Data["onlyURLPatterns"] = []*shared.URLPattern{}
+	if policyConfig.Inbound != nil && policyConfig.Inbound.Region != nil {
+		if len(policyConfig.Inbound.Region.CountryExceptURLPatterns) > 0 {
+			this.Data["exceptURLPatterns"] = policyConfig.Inbound.Region.CountryExceptURLPatterns
+		}
+		if len(policyConfig.Inbound.Region.CountryOnlyURLPatterns) > 0 {
+			this.Data["onlyURLPatterns"] = policyConfig.Inbound.Region.CountryOnlyURLPatterns
+		}
+	}
+
 	// WAF是否启用
 	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerId(this.AdminContext(), params.ServerId)
 	if err != nil {
@@ -77,6 +90,9 @@ func (this *CountriesAction) RunPost(params struct {
 	FirewallPolicyId int64
 	CountryIds       []int64
 
+	ExceptURLPatternsJSON []byte
+	OnlyURLPatternsJSON   []byte
+
 	Must *actions.Must
 }) {
 	// 日志
@@ -102,6 +118,34 @@ func (this *CountriesAction) RunPost(params struct {
 	}
 	policyConfig.Inbound.Region.DenyCountryIds = params.CountryIds
 
+	// 例外URL
+	var exceptURLPatterns = []*shared.URLPattern{}
+	if len(params.ExceptURLPatternsJSON) > 0 {
+		err = json.Unmarshal(params.ExceptURLPatternsJSON, &exceptURLPatterns)
+		if err != nil {
+			this.Fail("校验例外URL参数失败：" + err.Error())
+			return
+		}
+	}
+	policyConfig.Inbound.Region.CountryExceptURLPatterns = exceptURLPatterns
+
+	// 限制URL
+	var onlyURLPatterns = []*shared.URLPattern{}
+	if len(params.OnlyURLPatternsJSON) > 0 {
+		err = json.Unmarshal(params.OnlyURLPatternsJSON, &onlyURLPatterns)
+		if err != nil {
+			this.Fail("校验限制URL参数失败：" + err.Error())
+			return
+		}
+	}
+	policyConfig.Inbound.Region.CountryOnlyURLPatterns = onlyURLPatterns
+
+	err = policyConfig.Init()
+	if err != nil {
+		this.Fail("配置校验失败：" + err.Error())
+		return
+	}
+
 	inboundJSON, err := json.Marshal(policyConfig.Inbound)
 	if err != nil {
 		this.ErrorPage(err)

internal/web/actions/default/servers/server/settings/waf/ipadmin/provinces.go

@@ -7,6 +7,7 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/lists"
 	"github.com/iwind/TeaGo/maps"
@@ -41,7 +42,7 @@ func (this *ProvincesAction) RunGet(params struct {
 		this.NotFound("firewallPolicy", params.FirewallPolicyId)
 		return
 	}
-	selectedProvinceIds := []int64{}
+	var selectedProvinceIds = []int64{}
 	if policyConfig.Inbound != nil && policyConfig.Inbound.Region != nil {
 		selectedProvinceIds = policyConfig.Inbound.Region.DenyProvinceIds
 	}
@@ -53,7 +54,7 @@ func (this *ProvincesAction) RunGet(params struct {
 		this.ErrorPage(err)
 		return
 	}
-	provinceMaps := []maps.Map{}
+	var provinceMaps = []maps.Map{}
 	for _, province := range provincesResp.RegionProvinces {
 		provinceMaps = append(provinceMaps, maps.Map{
 			"id":        province.Id,
@@ -63,6 +64,18 @@ func (this *ProvincesAction) RunGet(params struct {
 	}
 	this.Data["provinces"] = provinceMaps
 
+	// except & only URL Patterns
+	this.Data["exceptURLPatterns"] = []*shared.URLPattern{}
+	this.Data["onlyURLPatterns"] = []*shared.URLPattern{}
+	if policyConfig.Inbound != nil && policyConfig.Inbound.Region != nil {
+		if len(policyConfig.Inbound.Region.ProvinceExceptURLPatterns) > 0 {
+			this.Data["exceptURLPatterns"] = policyConfig.Inbound.Region.ProvinceExceptURLPatterns
+		}
+		if len(policyConfig.Inbound.Region.ProvinceOnlyURLPatterns) > 0 {
+			this.Data["onlyURLPatterns"] = policyConfig.Inbound.Region.ProvinceOnlyURLPatterns
+		}
+	}
+
 	// WAF是否启用
 	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerId(this.AdminContext(), params.ServerId)
 	if err != nil {
@@ -78,6 +91,9 @@ func (this *ProvincesAction) RunPost(params struct {
 	FirewallPolicyId int64
 	ProvinceIds      []int64
 
+	ExceptURLPatternsJSON []byte
+	OnlyURLPatternsJSON   []byte
+
 	Must *actions.Must
 }) {
 	// 日志
@@ -103,6 +119,34 @@ func (this *ProvincesAction) RunPost(params struct {
 	}
 	policyConfig.Inbound.Region.DenyProvinceIds = params.ProvinceIds
 
+	// 例外URL
+	var exceptURLPatterns = []*shared.URLPattern{}
+	if len(params.ExceptURLPatternsJSON) > 0 {
+		err = json.Unmarshal(params.ExceptURLPatternsJSON, &exceptURLPatterns)
+		if err != nil {
+			this.Fail("校验例外URL参数失败：" + err.Error())
+			return
+		}
+	}
+	policyConfig.Inbound.Region.ProvinceExceptURLPatterns = exceptURLPatterns
+
+	// 限制URL
+	var onlyURLPatterns = []*shared.URLPattern{}
+	if len(params.OnlyURLPatternsJSON) > 0 {
+		err = json.Unmarshal(params.OnlyURLPatternsJSON, &onlyURLPatterns)
+		if err != nil {
+			this.Fail("校验限制URL参数失败：" + err.Error())
+			return
+		}
+	}
+	policyConfig.Inbound.Region.ProvinceOnlyURLPatterns = onlyURLPatterns
+
+	err = policyConfig.Init()
+	if err != nil {
+		this.Fail("配置校验失败：" + err.Error())
+		return
+	}
+
 	inboundJSON, err := json.Marshal(policyConfig.Inbound)
 	if err != nil {
 		this.ErrorPage(err)

web/views/@default/servers/server/settings/waf/ipadmin/countries.css

@@ -12,5 +12,6 @@
 }
 .country-group .country-list .item .checkbox label {
   font-size: 12px !important;
+  cursor: pointer !important;
 }
 /*# sourceMappingURL=countries.css.map */

web/views/@default/servers/server/settings/waf/ipadmin/countries.css.map

@@ -1 +1 @@
-{"version":3,"sources":["countries.less"],"names":[],"mappings":"AAAA,oBACC;EACC,4BAAA;EACA,6BAAA;;AAIF;EAaC,mBAAA;;AAbD,cACC,cACC;EACC,WAAA;EACA,WAAA;EACA,oBAAA;;AALH,cACC,cACC,MAKC,UAAU;EACT,0BAAA","file":"countries.css"}
+{"version":3,"sources":["countries.less"],"names":[],"mappings":"AAAA,oBACC;EACC,4BAAA;EACA,6BAAA;;AAIF;EAcC,mBAAA;;AAdD,cACC,cACC;EACC,WAAA;EACA,WAAA;EACA,oBAAA;;AALH,cACC,cACC,MAKC,UAAU;EACT,0BAAA;EACA,0BAAA","file":"countries.css"}

web/views/@default/servers/server/settings/waf/ipadmin/countries.html

@@ -12,6 +12,8 @@
 
 	<form method="post" class="ui form" data-tea-action="$" data-tea-success="success">
 		<input type="hidden" name="firewallPolicyId" :value="firewallPolicyId"/>
+        <input type="hidden" name="exceptURLPatternsJSON" :value="JSON.stringify(exceptURLPatterns)"/>
+        <input type="hidden" name="onlyURLPatternsJSON" :value="JSON.stringify(onlyURLPatterns)"/>
 		<table class="ui table selectable definition">
 			<tr>
 				<td class="title">已封禁</td>
@@ -24,9 +26,9 @@
 				</td>
 			</tr>
 			<tr>
-				<td>选择封禁区域</td>
+				<td>选择封禁区域 *</td>
 				<td>
-					<more-options-indicator>选择区域</more-options-indicator>
+					<more-options-indicator><span v-if="!moreOptionsVisible">选择区域</span><span v-else>完成选择</span></more-options-indicator>
 
 					<div class="ui menu tabular tiny region-letter-group" v-show="moreOptionsVisible">
 						<a href="" v-for="group in letterGroups" class="item" :class="{active: group == selectedGroup}" @click.prevent="selectGroup(group)">{{group}}</a>
@@ -53,6 +55,14 @@
 					</div>
 				</td>
 			</tr>
+            <tr>
+                <td>例外URL &nbsp;<tip-icon content="对这些URL将不做任何限制。"></tip-icon></td>
+                <td><url-patterns-box v-model="exceptURLPatterns"></url-patterns-box></td>
+            </tr>
+            <tr>
+                <td>限制URL &nbsp;<tip-icon content="只对这些URL做限制。"></tip-icon></td>
+                <td><url-patterns-box v-model="onlyURLPatterns"></url-patterns-box></td>
+            </tr>
 		</table>
 		<submit-btn></submit-btn>
 	</form>

web/views/@default/servers/server/settings/waf/ipadmin/countries.less

@@ -14,6 +14,7 @@
 
 			.checkbox label {
 				font-size: 12px !important;
+				cursor: pointer !important;
 			}
 		}
 	}

web/views/@default/servers/server/settings/waf/ipadmin/provinces.css

@@ -5,5 +5,6 @@
 }
 .province-list .item .checkbox label {
   font-size: 12px !important;
+  cursor: pointer !important;
 }
 /*# sourceMappingURL=provinces.css.map */

web/views/@default/servers/server/settings/waf/ipadmin/provinces.css.map

@@ -1 +1 @@
-{"version":3,"sources":["provinces.less"],"names":[],"mappings":"AAAA,cACC;EACC,WAAA;EACA,WAAA;EACA,oBAAA;;AAJF,cACC,MAKC,UAAU;EACT,0BAAA","file":"provinces.css"}
+{"version":3,"sources":["provinces.less"],"names":[],"mappings":"AAAA,cACC;EACC,WAAA;EACA,WAAA;EACA,oBAAA;;AAJF,cACC,MAKC,UAAU;EACT,0BAAA;EACA,0BAAA","file":"provinces.css"}

web/views/@default/servers/server/settings/waf/ipadmin/provinces.html

@@ -12,6 +12,8 @@
 
 	<form method="post" class="ui form" data-tea-action="$" data-tea-success="success">
 		<input type="hidden" name="firewallPolicyId" :value="firewallPolicyId"/>
+        <input type="hidden" name="exceptURLPatternsJSON" :value="JSON.stringify(exceptURLPatterns)"/>
+        <input type="hidden" name="onlyURLPatternsJSON" :value="JSON.stringify(onlyURLPatterns)"/>
 		<table class="ui table selectable definition">
 			<tr>
 				<td class="title">已封禁</td>
@@ -28,7 +30,7 @@
 				<td>
 
 					<first-menu>
-						<menu-item><more-options-indicator>选择省份/自治区</more-options-indicator></menu-item>
+						<menu-item><more-options-indicator><span v-if="!moreOptionsVisible">选择省份/自治区</span><span v-else>完成选择</span></more-options-indicator></menu-item>
 						<div class="item right" v-show="moreOptionsVisible">
 							<div class="ui checkbox" @click.prevent="checkAll">
 								<input type="checkbox" v-model="isCheckingAll"/>
@@ -48,6 +50,14 @@
 					<div class="clear"></div>
 				</td>
 			</tr>
+            <tr>
+                <td>例外URL &nbsp;<tip-icon content="对这些URL将不做任何限制。"></tip-icon></td>
+                <td><url-patterns-box v-model="exceptURLPatterns"></url-patterns-box></td>
+            </tr>
+            <tr>
+                <td>限制URL &nbsp;<tip-icon content="只对这些URL做限制。"></tip-icon></td>
+                <td><url-patterns-box v-model="onlyURLPatterns"></url-patterns-box></td>
+            </tr>
 		</table>
 		<submit-btn></submit-btn>
 	</form>

web/views/@default/servers/server/settings/waf/ipadmin/provinces.less

@@ -6,6 +6,7 @@
 
 		.checkbox label {
 			font-size: 12px !important;
+			cursor: pointer !important;
 		}
 	}
 }