2020-10-06 21:02:21 +08:00
|
|
|
package firewallconfigs
|
|
|
|
|
|
2021-07-13 15:50:02 +08:00
|
|
|
import (
|
|
|
|
|
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/ipconfigs"
|
|
|
|
|
)
|
2020-11-07 19:40:32 +08:00
|
|
|
|
2021-06-23 13:13:58 +08:00
|
|
|
// HTTPFirewallInboundConfig HTTP防火墙入口配置
|
2020-10-06 21:02:21 +08:00
|
|
|
type HTTPFirewallInboundConfig struct {
|
|
|
|
|
IsOn bool `yaml:"isOn" json:"isOn"`
|
|
|
|
|
GroupRefs []*HTTPFirewallRuleGroupRef `yaml:"groupRefs" json:"groupRefs"`
|
|
|
|
|
Groups []*HTTPFirewallRuleGroup `yaml:"groups" json:"groups"`
|
2020-11-06 11:02:18 +08:00
|
|
|
|
|
|
|
|
// 地区相关
|
|
|
|
|
Region *HTTPFirewallRegionConfig `yaml:"region" json:"region"`
|
2020-11-07 19:40:32 +08:00
|
|
|
|
|
|
|
|
// IP名单
|
2021-01-03 20:18:21 +08:00
|
|
|
AllowListRef *ipconfigs.IPListRef `yaml:"whiteListRef" json:"whiteListRef"`
|
|
|
|
|
DenyListRef *ipconfigs.IPListRef `yaml:"blackListRef" json:"blackListRef"`
|
2020-11-07 19:40:32 +08:00
|
|
|
GreyListRef *ipconfigs.IPListRef `yaml:"greyListRef" json:"greyListRef"`
|
2021-06-23 13:13:58 +08:00
|
|
|
|
|
|
|
|
// 绑定的IP名单
|
|
|
|
|
PublicAllowListRefs []*ipconfigs.IPListRef `yaml:"publicWhiteListRefs" json:"publicWhiteListRefs"`
|
|
|
|
|
PublicDenyListRefs []*ipconfigs.IPListRef `yaml:"publicBlackListRefs" json:"publicBlackListRefs"`
|
|
|
|
|
|
|
|
|
|
allAllowListRefs []*ipconfigs.IPListRef
|
|
|
|
|
allDenyListRefs []*ipconfigs.IPListRef
|
2020-10-06 21:02:21 +08:00
|
|
|
}
|
|
|
|
|
|
2021-06-23 13:13:58 +08:00
|
|
|
// Init 初始化
|
2020-10-06 21:02:21 +08:00
|
|
|
func (this *HTTPFirewallInboundConfig) Init() error {
|
|
|
|
|
for _, group := range this.Groups {
|
|
|
|
|
err := group.Init()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-11-09 10:43:47 +08:00
|
|
|
|
|
|
|
|
if this.Region != nil {
|
|
|
|
|
err := this.Region.Init()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-23 13:13:58 +08:00
|
|
|
this.allAllowListRefs = []*ipconfigs.IPListRef{}
|
|
|
|
|
if this.AllowListRef != nil {
|
|
|
|
|
this.allAllowListRefs = append(this.allAllowListRefs, this.AllowListRef)
|
|
|
|
|
}
|
|
|
|
|
if len(this.PublicAllowListRefs) > 0 {
|
|
|
|
|
this.allAllowListRefs = append(this.allAllowListRefs, this.PublicAllowListRefs...)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
this.allDenyListRefs = []*ipconfigs.IPListRef{}
|
|
|
|
|
if this.DenyListRef != nil {
|
|
|
|
|
this.allDenyListRefs = append(this.allDenyListRefs, this.DenyListRef)
|
|
|
|
|
}
|
2021-07-13 15:50:02 +08:00
|
|
|
if len(this.PublicDenyListRefs) > 0 {
|
2021-06-23 13:13:58 +08:00
|
|
|
this.allDenyListRefs = append(this.allDenyListRefs, this.PublicDenyListRefs...)
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-06 21:02:21 +08:00
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-23 13:13:58 +08:00
|
|
|
// FindGroupWithCode 根据Code查找Group
|
2020-10-06 21:02:21 +08:00
|
|
|
func (this *HTTPFirewallInboundConfig) FindGroupWithCode(code string) *HTTPFirewallRuleGroup {
|
|
|
|
|
for _, group := range this.Groups {
|
|
|
|
|
if group.Code == code {
|
|
|
|
|
return group
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
2020-10-07 11:18:24 +08:00
|
|
|
|
2021-06-23 13:13:58 +08:00
|
|
|
// RemoveRuleGroup 删除某个分组
|
2020-10-07 11:18:24 +08:00
|
|
|
func (this *HTTPFirewallInboundConfig) RemoveRuleGroup(groupId int64) {
|
|
|
|
|
groups := []*HTTPFirewallRuleGroup{}
|
|
|
|
|
refs := []*HTTPFirewallRuleGroupRef{}
|
|
|
|
|
for _, g := range this.Groups {
|
|
|
|
|
if g.Id == groupId {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
groups = append(groups, g)
|
|
|
|
|
}
|
|
|
|
|
for _, ref := range this.GroupRefs {
|
|
|
|
|
if ref.GroupId == groupId {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
refs = append(refs, ref)
|
|
|
|
|
}
|
|
|
|
|
this.Groups = groups
|
|
|
|
|
this.GroupRefs = refs
|
|
|
|
|
}
|
2021-06-23 13:13:58 +08:00
|
|
|
|
|
|
|
|
// AddPublicList 绑定公用的IP名单
|
|
|
|
|
func (this *HTTPFirewallInboundConfig) AddPublicList(listId int64, listType string) {
|
|
|
|
|
var refs []*ipconfigs.IPListRef
|
|
|
|
|
switch listType {
|
|
|
|
|
case ipconfigs.IPListTypeBlack:
|
|
|
|
|
refs = this.PublicDenyListRefs
|
|
|
|
|
case ipconfigs.IPListTypeWhite:
|
|
|
|
|
refs = this.PublicAllowListRefs
|
|
|
|
|
}
|
|
|
|
|
var found = false
|
|
|
|
|
for _, ref := range refs {
|
|
|
|
|
if ref.ListId == listId {
|
|
|
|
|
found = true
|
|
|
|
|
ref.IsOn = true
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if !found {
|
|
|
|
|
refs = append(refs, &ipconfigs.IPListRef{
|
|
|
|
|
IsOn: true,
|
|
|
|
|
ListId: listId,
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
switch listType {
|
|
|
|
|
case ipconfigs.IPListTypeBlack:
|
|
|
|
|
this.PublicDenyListRefs = refs
|
|
|
|
|
case ipconfigs.IPListTypeWhite:
|
|
|
|
|
this.PublicAllowListRefs = refs
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// RemovePublicList 解绑公用的IP名单
|
|
|
|
|
func (this *HTTPFirewallInboundConfig) RemovePublicList(listId int64, listType string) {
|
|
|
|
|
var refs []*ipconfigs.IPListRef
|
|
|
|
|
switch listType {
|
|
|
|
|
case ipconfigs.IPListTypeBlack:
|
|
|
|
|
refs = this.PublicDenyListRefs
|
|
|
|
|
case ipconfigs.IPListTypeWhite:
|
|
|
|
|
refs = this.PublicAllowListRefs
|
|
|
|
|
}
|
|
|
|
|
var newRefs = []*ipconfigs.IPListRef{}
|
|
|
|
|
for _, ref := range refs {
|
|
|
|
|
if ref.ListId == listId {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
newRefs = append(newRefs, ref)
|
|
|
|
|
}
|
|
|
|
|
switch listType {
|
|
|
|
|
case ipconfigs.IPListTypeBlack:
|
|
|
|
|
this.PublicDenyListRefs = newRefs
|
|
|
|
|
case ipconfigs.IPListTypeWhite:
|
|
|
|
|
this.PublicAllowListRefs = newRefs
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// AllAllowListRefs 获取所有允许的IP名单
|
|
|
|
|
func (this *HTTPFirewallInboundConfig) AllAllowListRefs() []*ipconfigs.IPListRef {
|
|
|
|
|
return this.allAllowListRefs
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// AllDenyListRefs 获取所有禁止的IP名单
|
|
|
|
|
func (this *HTTPFirewallInboundConfig) AllDenyListRefs() []*ipconfigs.IPListRef {
|
|
|
|
|
return this.allDenyListRefs
|
|
|
|
|
}
|
