WAF模板中有新的规则时，可以在界面上收到提醒并点击加入

internal/web/actions/default/servers/components/waf/init.go

@@ -19,6 +19,7 @@ func init() {
 			GetPost("/createPopup", new(CreatePopupAction)).
 			Post("/delete", new(DeleteAction)).
 			Get("/policy", new(PolicyAction)).
+			Post("/upgradeTemplate", new(UpgradeTemplateAction)).
 			Get("/groups", new(GroupsAction)).
 			Get("/group", new(GroupAction)).
 			Get("/log", new(LogAction)).

internal/web/actions/default/servers/components/waf/policy.go

@@ -47,6 +47,33 @@ func (this *PolicyAction) RunGet(params struct {
 		}
 	}
 
+	// 检查是否有升级
+	var templatePolicy = firewallconfigs.HTTPFirewallTemplate()
+	var upgradeItems = []string{}
+	if templatePolicy.Inbound != nil {
+		for _, group := range templatePolicy.Inbound.Groups {
+			if len(group.Code) == 0 {
+				continue
+			}
+			var oldGroup = firewallPolicy.FindRuleGroupWithCode(group.Code)
+			if oldGroup == nil {
+				upgradeItems = append(upgradeItems, group.Name)
+				continue
+			}
+			for _, set := range group.Sets {
+				if len(set.Code) == 0 {
+					continue
+				}
+				var oldSet = oldGroup.FindRuleSetWithCode(set.Code)
+				if oldSet == nil {
+					upgradeItems = append(upgradeItems, group.Name+" -- "+set.Name)
+					continue
+				}
+			}
+		}
+	}
+	this.Data["upgradeItems"] = upgradeItems
+
 	// 模式
 	if len(firewallPolicy.Mode) == 0 {
 		firewallPolicy.Mode = firewallconfigs.FirewallModeDefend

internal/web/actions/default/servers/components/waf/upgradeTemplate.go

@@ -0,0 +1,123 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package waf
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+)
+
+type UpgradeTemplateAction struct {
+	actionutils.ParentAction
+}
+
+func (this *UpgradeTemplateAction) RunPost(params struct {
+	PolicyId int64
+}) {
+	defer this.CreateLogInfo("升级WAF %d 内置规则", params.PolicyId)
+
+	policy, err := dao.SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicyConfig(this.AdminContext(), params.PolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if policy == nil {
+		this.NotFound("firewallPolicy", params.PolicyId)
+		return
+	}
+
+	// 检查是否有升级
+	var templatePolicy = firewallconfigs.HTTPFirewallTemplate()
+	if templatePolicy.Inbound != nil {
+		for _, group := range templatePolicy.Inbound.Groups {
+			if len(group.Code) == 0 {
+				continue
+			}
+			var oldGroup = policy.FindRuleGroupWithCode(group.Code)
+			if oldGroup == nil {
+				createGroupResp, err := this.RPC().HTTPFirewallRuleGroupRPC().CreateHTTPFirewallRuleGroup(this.AdminContext(), &pb.CreateHTTPFirewallRuleGroupRequest{
+					IsOn:        true,
+					Name:        group.Name,
+					Description: group.Description,
+				})
+				if err != nil {
+					this.ErrorPage(err)
+					return
+				}
+				var groupId = createGroupResp.FirewallRuleGroupId
+				policy.Inbound.GroupRefs = append(policy.Inbound.GroupRefs, &firewallconfigs.HTTPFirewallRuleGroupRef{
+					IsOn:    true,
+					GroupId: groupId,
+				})
+
+				for _, set := range group.Sets {
+					setJSON, err := json.Marshal(set)
+					if err != nil {
+						this.ErrorPage(err)
+						return
+					}
+					_, err = this.RPC().HTTPFirewallRuleGroupRPC().AddHTTPFirewallRuleGroupSet(this.AdminContext(), &pb.AddHTTPFirewallRuleGroupSetRequest{
+						FirewallRuleGroupId:        groupId,
+						FirewallRuleSetsConfigJSON: setJSON,
+					})
+					if err != nil {
+						this.ErrorPage(err)
+						return
+					}
+				}
+
+				continue
+			}
+			for _, set := range group.Sets {
+				if len(set.Code) == 0 {
+					continue
+				}
+				var oldSet = oldGroup.FindRuleSetWithCode(set.Code)
+				if oldSet == nil {
+					setJSON, err := json.Marshal(set)
+					if err != nil {
+						this.ErrorPage(err)
+						return
+					}
+					_, err = this.RPC().HTTPFirewallRuleGroupRPC().AddHTTPFirewallRuleGroupSet(this.AdminContext(), &pb.AddHTTPFirewallRuleGroupSetRequest{
+						FirewallRuleGroupId:        oldGroup.Id,
+						FirewallRuleSetsConfigJSON: setJSON,
+					})
+					if err != nil {
+						this.ErrorPage(err)
+						return
+					}
+					continue
+				}
+			}
+		}
+	}
+
+	// 保存inbound
+	inboundJSON, err := policy.InboundJSON()
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	outboundJSON, err := policy.OutboundJSON()
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	_, err = this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallPolicyGroups(this.AdminContext(), &pb.UpdateHTTPFirewallPolicyGroupsRequest{
+		HttpFirewallPolicyId: params.PolicyId,
+		InboundJSON:          inboundJSON,
+		OutboundJSON:         outboundJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}

web/views/@default/servers/components/waf/policy.html

@@ -20,6 +20,10 @@
         <td>预置的规则分组</td>
         <td>
             <span class="ui label tiny basic" v-for="group in firewallPolicy.groups" style="margin-bottom:0.5em" :class="{disabled:!group.isOn}">{{group.name}}</span>
+           <div v-if="upgradeItems.length > 0">
+               <div class="ui divider"></div>
+               <a href=""><span class="red">升级提醒：官方提供了新的规则，是否要加入以下规则：<span class="ui label tiny basic" v-for="item in upgradeItems" style="margin-bottom: 0.2em">{{item}}</span></span></a> &nbsp; &nbsp; <a href="" @click.prevent="upgradeTemplate">[加入]</a>
+           </div>
         </td>
     </tr>
     <tr>

web/views/@default/servers/components/waf/policy.js

@@ -0,0 +1,11 @@
+Tea.context(function () {
+	this.upgradeTemplate = function () {
+		teaweb.confirm("确定要加入这些新规则吗？", function () {
+			this.$post(".upgradeTemplate")
+				.params({
+					policyId: this.firewallPolicy.id
+				})
+				.refresh()
+		})
+	}
+})

web/views/@default/servers/components/waf/updateSetPopup.html

@@ -13,7 +13,7 @@
 		</tr>
 		<tr>
 			<td>规则 *</td>
-			<td>
+			<td style="word-break: break-word">
 				<http-firewall-rules-box :v-rules="rules" :v-type="type"></http-firewall-rules-box>
 			</td>
 		</tr>