WAF模板中有新的规则时，可以在界面上收到提醒并点击加入

2025-11-03 20:40:26 +08:00 · 2021-10-25 12:02:03 +08:00
parent 4d866837d0
commit e0a62b3010
6 changed files with 167 additions and 1 deletions
--- a/internal/web/actions/default/servers/components/waf/init.go
+++ b/internal/web/actions/default/servers/components/waf/init.go
@@ -19,6 +19,7 @@ func init() {
 			GetPost("/createPopup", new(CreatePopupAction)).
 			Post("/delete", new(DeleteAction)).
 			Get("/policy", new(PolicyAction)).
+			Post("/upgradeTemplate", new(UpgradeTemplateAction)).
 			Get("/groups", new(GroupsAction)).
 			Get("/group", new(GroupAction)).
 			Get("/log", new(LogAction)).
--- a/internal/web/actions/default/servers/components/waf/policy.go
+++ b/internal/web/actions/default/servers/components/waf/policy.go
@@ -47,6 +47,33 @@ func (this *PolicyAction) RunGet(params struct {
 		}
 	}

+	// 检查是否有升级
+	var templatePolicy = firewallconfigs.HTTPFirewallTemplate()
+	var upgradeItems = []string{}
+	if templatePolicy.Inbound != nil {
+		for _, group := range templatePolicy.Inbound.Groups {
+			if len(group.Code) == 0 {
+				continue
+			}
+			var oldGroup = firewallPolicy.FindRuleGroupWithCode(group.Code)
+			if oldGroup == nil {
+				upgradeItems = append(upgradeItems, group.Name)
+				continue
+			}
+			for _, set := range group.Sets {
+				if len(set.Code) == 0 {
+					continue
+				}
+				var oldSet = oldGroup.FindRuleSetWithCode(set.Code)
+				if oldSet == nil {
+					upgradeItems = append(upgradeItems, group.Name+" -- "+set.Name)
+					continue
+				}
+			}
+		}
+	}
+	this.Data["upgradeItems"] = upgradeItems
+
 	// 模式
 	if len(firewallPolicy.Mode) == 0 {
 		firewallPolicy.Mode = firewallconfigs.FirewallModeDefend
--- a/internal/web/actions/default/servers/components/waf/upgradeTemplate.go
+++ b/internal/web/actions/default/servers/components/waf/upgradeTemplate.go
@@ -0,0 +1,123 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package waf
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+)
+
+type UpgradeTemplateAction struct {
+	actionutils.ParentAction
+}
+
+func (this *UpgradeTemplateAction) RunPost(params struct {
+	PolicyId int64
+}) {
+	defer this.CreateLogInfo("升级WAF %d 内置规则", params.PolicyId)
+
+	policy, err := dao.SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicyConfig(this.AdminContext(), params.PolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if policy == nil {
+		this.NotFound("firewallPolicy", params.PolicyId)
+		return
+	}
+
+	// 检查是否有升级
+	var templatePolicy = firewallconfigs.HTTPFirewallTemplate()
+	if templatePolicy.Inbound != nil {
+		for _, group := range templatePolicy.Inbound.Groups {
+			if len(group.Code) == 0 {
+				continue
+			}
+			var oldGroup = policy.FindRuleGroupWithCode(group.Code)
+			if oldGroup == nil {
+				createGroupResp, err := this.RPC().HTTPFirewallRuleGroupRPC().CreateHTTPFirewallRuleGroup(this.AdminContext(), &pb.CreateHTTPFirewallRuleGroupRequest{
+					IsOn:        true,
+					Name:        group.Name,
+					Description: group.Description,
+				})
+				if err != nil {
+					this.ErrorPage(err)
+					return
+				}
+				var groupId = createGroupResp.FirewallRuleGroupId
+				policy.Inbound.GroupRefs = append(policy.Inbound.GroupRefs, &firewallconfigs.HTTPFirewallRuleGroupRef{
+					IsOn:    true,
+					GroupId: groupId,
+				})
+
+				for _, set := range group.Sets {
+					setJSON, err := json.Marshal(set)
+					if err != nil {
+						this.ErrorPage(err)
+						return
+					}
+					_, err = this.RPC().HTTPFirewallRuleGroupRPC().AddHTTPFirewallRuleGroupSet(this.AdminContext(), &pb.AddHTTPFirewallRuleGroupSetRequest{
+						FirewallRuleGroupId:        groupId,
+						FirewallRuleSetsConfigJSON: setJSON,
+					})
+					if err != nil {
+						this.ErrorPage(err)
+						return
+					}
+				}
+
+				continue
+			}
+			for _, set := range group.Sets {
+				if len(set.Code) == 0 {
+					continue
+				}
+				var oldSet = oldGroup.FindRuleSetWithCode(set.Code)
+				if oldSet == nil {
+					setJSON, err := json.Marshal(set)
+					if err != nil {
+						this.ErrorPage(err)
+						return
+					}
+					_, err = this.RPC().HTTPFirewallRuleGroupRPC().AddHTTPFirewallRuleGroupSet(this.AdminContext(), &pb.AddHTTPFirewallRuleGroupSetRequest{
+						FirewallRuleGroupId:        oldGroup.Id,
+						FirewallRuleSetsConfigJSON: setJSON,
+					})
+					if err != nil {
+						this.ErrorPage(err)
+						return
+					}
+					continue
+				}
+			}
+		}
+	}
+
+	// 保存inbound
+	inboundJSON, err := policy.InboundJSON()
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	outboundJSON, err := policy.OutboundJSON()
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	_, err = this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallPolicyGroups(this.AdminContext(), &pb.UpdateHTTPFirewallPolicyGroupsRequest{
+		HttpFirewallPolicyId: params.PolicyId,
+		InboundJSON:          inboundJSON,
+		OutboundJSON:         outboundJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}