TRKJ/EdgeCommon
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeCommon.git synced 2025-11-04 05:00:24 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
a1f4743e92e3f09e1f2166e5a183f72c7780827c
EdgeCommon/pkg/rpc/dao/ip_list_dao.go

129 lines
3.4 KiB
Go
Raw Normal View History

用户端可以添加WAF 黑白名单
2021-01-03 20:18:21 +08:00
package dao
import (
"context"
"encoding/json"
"github.com/TeaOSLab/EdgeCommon/pkg/errors"
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/ipconfigs"
)
var SharedIPListDAO = new(IPListDAO)
type IPListDAO struct {
BaseDAO
}
// 查找服务的允许IP列表
func (this *IPListDAO) FindAllowIPListIdWithServerId(ctx context.Context, serverId int64) (int64, error) {
webConfig, err := SharedHTTPWebDAO.FindWebConfigWithServerId(ctx, serverId)
if err != nil {
return 0, err
}
if webConfig == nil {
return 0, nil
}
if webConfig.FirewallPolicy == nil || webConfig.FirewallPolicy.Inbound == nil || webConfig.FirewallPolicy.Inbound.AllowListRef == nil {
return 0, nil
}
return webConfig.FirewallPolicy.Inbound.AllowListRef.ListId, nil
}
// 查找服务的禁止IP列表
func (this *IPListDAO) FindDenyIPListIdWithServerId(ctx context.Context, serverId int64) (int64, error) {
webConfig, err := SharedHTTPWebDAO.FindWebConfigWithServerId(ctx, serverId)
if err != nil {
return 0, err
}
if webConfig == nil {
return 0, nil
}
if webConfig.FirewallPolicy == nil || webConfig.FirewallPolicy.Inbound == nil || webConfig.FirewallPolicy.Inbound.DenyListRef == nil {
return 0, nil
}
return webConfig.FirewallPolicy.Inbound.DenyListRef.ListId, nil
}
// 为服务创建IP名单
func (this *IPListDAO) CreateIPListForServerId(ctx context.Context, serverId int64, listType string) (int64, error) {
webConfig, err := SharedHTTPWebDAO.FindWebConfigWithServerId(ctx, serverId)
if err != nil {
return 0, err
}
if webConfig == nil {
return 0, nil
}
if webConfig.FirewallPolicy == nil || webConfig.FirewallPolicy.Id == 0 {
_, err = SharedHTTPWebDAO.InitHTTPFirewallPolicy(ctx, webConfig.Id)
if err != nil {
return 0, errors.Wrap(err)
}
webConfig, err = SharedHTTPWebDAO.FindWebConfigWithServerId(ctx, serverId)
if err != nil {
return 0, err
}
if webConfig == nil {
return 0, nil
}
if webConfig.FirewallPolicy == nil {
return 0, nil
}
}
inbound := webConfig.FirewallPolicy.Inbound
if inbound == nil {
inbound = &firewallconfigs.HTTPFirewallInboundConfig{
IsOn: true,
}
}
if listType == "white" {
if inbound.AllowListRef == nil {
inbound.AllowListRef = &ipconfigs.IPListRef{
IsOn: true,
}
}
if inbound.AllowListRef.ListId > 0 {
return inbound.AllowListRef.ListId, nil
}
} else if listType == "black" {
if inbound.DenyListRef == nil {
inbound.DenyListRef = &ipconfigs.IPListRef{
IsOn: true,
}
}
if inbound.DenyListRef.ListId > 0 {
return inbound.DenyListRef.ListId, nil
}
}
ipListResp, err := this.RPC().IPListRPC().CreateIPList(ctx, &pb.CreateIPListRequest{
Type: listType,
Name: "IP名单",
Code: listType,
TimeoutJSON: nil,
})
if err != nil {
return 0, errors.Wrap(err)
}
if listType == "white" {
inbound.AllowListRef.ListId = ipListResp.IpListId
} else if listType == "black" {
inbound.DenyListRef.ListId = ipListResp.IpListId
}
inboundJSON, err := json.Marshal(inbound)
if err != nil {
return 0, errors.Wrap(err)
}
_, err = this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallInboundConfig(ctx, &pb.UpdateHTTPFirewallInboundConfigRequest{
HttpFirewallPolicyId: webConfig.FirewallPolicy.Id,
InboundJSON: inboundJSON,
})
if err != nil {
return 0, errors.Wrap(err)
}
return ipListResp.IpListId, nil
}
Reference in New Issue Copy Permalink