[WAF]规则支持导入导出

2025-12-02 01:40:25 +08:00 · 2020-12-02 16:09:23 +08:00
parent c83a05a123
commit ee999435e4
23 changed files with 781 additions and 10 deletions
--- a/internal/web/actions/default/servers/components/waf/export.go
+++ b/internal/web/actions/default/servers/components/waf/export.go
@@ -1,6 +1,15 @@
 package waf

-import "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/ttlcache"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/models"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/rands"
+	"time"
+)

 type ExportAction struct {
 	actionutils.ParentAction
@@ -10,6 +19,102 @@ func (this *ExportAction) Init() {
 	this.Nav("", "", "export")
 }

-func (this *ExportAction) RunGet(params struct{}) {
+func (this *ExportAction) RunGet(params struct {
+	FirewallPolicyId int64
+}) {
+	policy, err := models.SharedHTTPFirewallPolicyDAO.FindEnabledPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if policy == nil {
+		this.NotFound("firewallPolicy", policy.Id)
+		return
+	}
+
+	inboundGroups := []*firewallconfigs.HTTPFirewallRuleGroup{}
+	outboundGroups := []*firewallconfigs.HTTPFirewallRuleGroup{}
+	if policy.Inbound != nil {
+		for _, g := range policy.Inbound.Groups {
+			if g.IsOn {
+				inboundGroups = append(inboundGroups, g)
+			}
+		}
+	}
+	if policy.Outbound != nil {
+		for _, g := range policy.Outbound.Groups {
+			if g.IsOn {
+				outboundGroups = append(outboundGroups, g)
+			}
+		}
+	}
+	this.Data["inboundGroups"] = inboundGroups
+	this.Data["outboundGroups"] = outboundGroups
+
 	this.Show()
 }
+
+func (this *ExportAction) RunPost(params struct {
+	FirewallPolicyId int64
+	InboundGroupIds  []int64
+	OutboundGroupIds []int64
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	defer this.CreateLogInfo("导出WAF策略 %d", params.FirewallPolicyId)
+
+	policy, err := models.SharedHTTPFirewallPolicyDAO.FindEnabledPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if policy == nil {
+		this.NotFound("firewallPolicy", policy.Id)
+		return
+	}
+
+	// inbound
+	newInboundGroups := []*firewallconfigs.HTTPFirewallRuleGroup{}
+	for _, inboundGroupId := range params.InboundGroupIds {
+		group := policy.FindRuleGroup(inboundGroupId)
+		if group != nil {
+			newInboundGroups = append(newInboundGroups, group)
+		}
+	}
+	if policy.Inbound == nil {
+		policy.Inbound = &firewallconfigs.HTTPFirewallInboundConfig{
+			IsOn: true,
+		}
+	}
+	policy.Inbound.Groups = newInboundGroups
+	policy.Inbound.GroupRefs = nil
+
+	// outbound
+	newOutboundGroups := []*firewallconfigs.HTTPFirewallRuleGroup{}
+	for _, outboundGroupId := range params.OutboundGroupIds {
+		group := policy.FindRuleGroup(outboundGroupId)
+		if group != nil {
+			newOutboundGroups = append(newOutboundGroups, group)
+		}
+	}
+	if policy.Outbound == nil {
+		policy.Outbound = &firewallconfigs.HTTPFirewallOutboundConfig{
+			IsOn: true,
+		}
+	}
+	policy.Outbound.Groups = newOutboundGroups
+	policy.Outbound.GroupRefs = nil
+
+	configJSON, err := json.Marshal(policy)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	key := "waf." + rands.HexString(32)
+	ttlcache.DefaultCache.Write(key, configJSON, time.Now().Unix()+600)
+
+	this.Data["key"] = key
+	this.Success()
+}