[WAF]规则支持导入导出

internal/web/actions/default/servers/components/waf/export.go

@@ -1,6 +1,15 @@
 package waf
 
-import "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/ttlcache"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/models"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/rands"
+	"time"
+)
 
 type ExportAction struct {
 	actionutils.ParentAction
@@ -10,6 +19,102 @@ func (this *ExportAction) Init() {
 	this.Nav("", "", "export")
 }
 
-func (this *ExportAction) RunGet(params struct{}) {
+func (this *ExportAction) RunGet(params struct {
+	FirewallPolicyId int64
+}) {
+	policy, err := models.SharedHTTPFirewallPolicyDAO.FindEnabledPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if policy == nil {
+		this.NotFound("firewallPolicy", policy.Id)
+		return
+	}
+
+	inboundGroups := []*firewallconfigs.HTTPFirewallRuleGroup{}
+	outboundGroups := []*firewallconfigs.HTTPFirewallRuleGroup{}
+	if policy.Inbound != nil {
+		for _, g := range policy.Inbound.Groups {
+			if g.IsOn {
+				inboundGroups = append(inboundGroups, g)
+			}
+		}
+	}
+	if policy.Outbound != nil {
+		for _, g := range policy.Outbound.Groups {
+			if g.IsOn {
+				outboundGroups = append(outboundGroups, g)
+			}
+		}
+	}
+	this.Data["inboundGroups"] = inboundGroups
+	this.Data["outboundGroups"] = outboundGroups
+
 	this.Show()
 }
+
+func (this *ExportAction) RunPost(params struct {
+	FirewallPolicyId int64
+	InboundGroupIds  []int64
+	OutboundGroupIds []int64
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	defer this.CreateLogInfo("导出WAF策略 %d", params.FirewallPolicyId)
+
+	policy, err := models.SharedHTTPFirewallPolicyDAO.FindEnabledPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if policy == nil {
+		this.NotFound("firewallPolicy", policy.Id)
+		return
+	}
+
+	// inbound
+	newInboundGroups := []*firewallconfigs.HTTPFirewallRuleGroup{}
+	for _, inboundGroupId := range params.InboundGroupIds {
+		group := policy.FindRuleGroup(inboundGroupId)
+		if group != nil {
+			newInboundGroups = append(newInboundGroups, group)
+		}
+	}
+	if policy.Inbound == nil {
+		policy.Inbound = &firewallconfigs.HTTPFirewallInboundConfig{
+			IsOn: true,
+		}
+	}
+	policy.Inbound.Groups = newInboundGroups
+	policy.Inbound.GroupRefs = nil
+
+	// outbound
+	newOutboundGroups := []*firewallconfigs.HTTPFirewallRuleGroup{}
+	for _, outboundGroupId := range params.OutboundGroupIds {
+		group := policy.FindRuleGroup(outboundGroupId)
+		if group != nil {
+			newOutboundGroups = append(newOutboundGroups, group)
+		}
+	}
+	if policy.Outbound == nil {
+		policy.Outbound = &firewallconfigs.HTTPFirewallOutboundConfig{
+			IsOn: true,
+		}
+	}
+	policy.Outbound.Groups = newOutboundGroups
+	policy.Outbound.GroupRefs = nil
+
+	configJSON, err := json.Marshal(policy)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	key := "waf." + rands.HexString(32)
+	ttlcache.DefaultCache.Write(key, configJSON, time.Now().Unix()+600)
+
+	this.Data["key"] = key
+	this.Success()
+}

internal/web/actions/default/servers/components/waf/exportDownload.go

@@ -0,0 +1,37 @@
+package waf
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/ttlcache"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"strconv"
+)
+
+type ExportDownloadAction struct {
+	actionutils.ParentAction
+}
+
+func (this *ExportDownloadAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *ExportDownloadAction) RunGet(params struct {
+	Key string
+}) {
+	item := ttlcache.DefaultCache.Read(params.Key)
+	if item == nil || item.Value == nil {
+		this.WriteString("找不到要导出的内容")
+		return
+	}
+
+	ttlcache.DefaultCache.Delete(params.Key)
+
+	data, ok := item.Value.([]byte)
+	if ok {
+		this.AddHeader("Content-Disposition", "attachment; filename=\"WAF.json\";")
+		this.AddHeader("Content-Length", strconv.Itoa(len(data)))
+		this.Write(data)
+	} else {
+		this.WriteString("找不到要导出的内容")
+		return
+	}
+}

internal/web/actions/default/servers/components/waf/import.go

@@ -1,6 +1,12 @@
 package waf
 
-import "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/actions"
+)
 
 type ImportAction struct {
 	actionutils.ParentAction
@@ -13,3 +19,41 @@ func (this *ImportAction) Init() {
 func (this *ImportAction) RunGet(params struct{}) {
 	this.Show()
 }
+
+func (this *ImportAction) RunPost(params struct {
+	FirewallPolicyId int64
+	File             *actions.File
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	defer this.CreateLogInfo("从文件中导入规则到WAF策略 %d", params.FirewallPolicyId)
+
+	if params.File == nil {
+		this.Fail("请上传要导入的文件")
+	}
+	if params.File.Ext != ".json" {
+		this.Fail("规则文件的扩展名只能是.json")
+	}
+
+	data, err := params.File.Read()
+	if err != nil {
+		this.Fail("读取文件时发生错误：" + err.Error())
+	}
+
+	config := &firewallconfigs.HTTPFirewallPolicy{}
+	err = json.Unmarshal(data, config)
+	if err != nil {
+		this.Fail("解析文件时发生错误：" + err.Error())
+	}
+
+	_, err = this.RPC().HTTPFirewallPolicyRPC().ImportHTTPFirewallPolicy(this.AdminContext(), &pb.ImportHTTPFirewallPolicyRequest{
+		FirewallPolicyId:   params.FirewallPolicyId,
+		FirewallPolicyJSON: data,
+	})
+	if err != nil {
+		this.Fail("导入失败：" + err.Error())
+	}
+
+	this.Success()
+}

internal/web/actions/default/servers/components/waf/init.go

@@ -24,6 +24,7 @@ func init() {
 			GetPost("/update", new(UpdateAction)).
 			GetPost("/test", new(TestAction)).
 			GetPost("/export", new(ExportAction)).
+			Get("/exportDownload", new(ExportDownloadAction)).
 			GetPost("/import", new(ImportAction)).
 			Post("/updateGroupOn", new(UpdateGroupOnAction)).
 			Post("/deleteGroup", new(DeleteGroupAction)).