TRKJ/EdgeCommon
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeCommon.git synced 2025-11-03 12:20:27 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
e0bf7e376700e9875538405b753b5b6eea2793a5
EdgeCommon/pkg/rpc/dao/ip_list_dao.go

157 lines
4.5 KiB
Go
Raw Normal View History

用户端可以添加WAF 黑白名单
2021-01-03 20:18:21 +08:00
package dao
import (
"context"
"encoding/json"
"github.com/TeaOSLab/EdgeCommon/pkg/errors"
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/ipconfigs"
)
var SharedIPListDAO = new(IPListDAO)
type IPListDAO struct {
BaseDAO
}
增加IP灰名单,用于仅记录并观察IP
2024-05-05 18:58:40 +08:00
// FindAllowIPListIdWithServerId 查找网站的允许IP列表
用户端可以添加WAF 黑白名单
2021-01-03 20:18:21 +08:00
func (this *IPListDAO) FindAllowIPListIdWithServerId(ctx context.Context, serverId int64) (int64, error) {
webConfig, err := SharedHTTPWebDAO.FindWebConfigWithServerId(ctx, serverId)
if err != nil {
return 0, err
}
if webConfig == nil {
return 0, nil
}
if webConfig.FirewallPolicy == nil || webConfig.FirewallPolicy.Inbound == nil || webConfig.FirewallPolicy.Inbound.AllowListRef == nil {
return 0, nil
}
return webConfig.FirewallPolicy.Inbound.AllowListRef.ListId, nil
}
增加IP灰名单,用于仅记录并观察IP
2024-05-05 18:58:40 +08:00
// FindDenyIPListIdWithServerId 查找网站的禁止IP列表
用户端可以添加WAF 黑白名单
2021-01-03 20:18:21 +08:00
func (this *IPListDAO) FindDenyIPListIdWithServerId(ctx context.Context, serverId int64) (int64, error) {
webConfig, err := SharedHTTPWebDAO.FindWebConfigWithServerId(ctx, serverId)
if err != nil {
return 0, err
}
if webConfig == nil {
return 0, nil
}
if webConfig.FirewallPolicy == nil || webConfig.FirewallPolicy.Inbound == nil || webConfig.FirewallPolicy.Inbound.DenyListRef == nil {
return 0, nil
}
return webConfig.FirewallPolicy.Inbound.DenyListRef.ListId, nil
}
增加IP灰名单,用于仅记录并观察IP
2024-05-05 18:58:40 +08:00
// FindGreyIPListIdWithServerId 查找网站的IP灰名单
func (this *IPListDAO) FindGreyIPListIdWithServerId(ctx context.Context, serverId int64) (int64, error) {
webConfig, err := SharedHTTPWebDAO.FindWebConfigWithServerId(ctx, serverId)
if err != nil {
return 0, err
}
if webConfig == nil {
return 0, nil
}
if webConfig.FirewallPolicy == nil || webConfig.FirewallPolicy.Inbound == nil || webConfig.FirewallPolicy.Inbound.GreyListRef == nil {
return 0, nil
}
return webConfig.FirewallPolicy.Inbound.GreyListRef.ListId, nil
}
WAF支持更多动作
2021-07-14 22:46:31 +08:00
// CreateIPListForServerId 为服务创建IP名单
用户端可以添加WAF 黑白名单
2021-01-03 20:18:21 +08:00
func (this *IPListDAO) CreateIPListForServerId(ctx context.Context, serverId int64, listType string) (int64, error) {
webConfig, err := SharedHTTPWebDAO.FindWebConfigWithServerId(ctx, serverId)
if err != nil {
return 0, err
}
if webConfig == nil {
return 0, nil
}
if webConfig.FirewallPolicy == nil || webConfig.FirewallPolicy.Id == 0 {
支持Server自定义WAF策略、改进节点版本号等等
2021-01-18 20:41:37 +08:00
isOn := webConfig.FirewallRef != nil && webConfig.FirewallRef.IsOn
支持更多的分组全局设置功能
2021-10-07 16:47:31 +08:00
_, err = SharedHTTPWebDAO.InitEmptyHTTPFirewallPolicy(ctx, 0, serverId, webConfig.Id, isOn)
用户端可以添加WAF 黑白名单
2021-01-03 20:18:21 +08:00
if err != nil {
return 0, errors.Wrap(err)
}
webConfig, err = SharedHTTPWebDAO.FindWebConfigWithServerId(ctx, serverId)
if err != nil {
return 0, err
}
if webConfig == nil {
return 0, nil
}
if webConfig.FirewallPolicy == nil {
return 0, nil
}
}
增加IP灰名单,用于仅记录并观察IP
2024-05-05 18:58:40 +08:00
var inbound = webConfig.FirewallPolicy.Inbound
用户端可以添加WAF 黑白名单
2021-01-03 20:18:21 +08:00
if inbound == nil {
inbound = &firewallconfigs.HTTPFirewallInboundConfig{
IsOn: true,
}
}
增加IP灰名单,用于仅记录并观察IP
2024-05-05 18:58:40 +08:00
if listType == ipconfigs.IPListTypeWhite {
用户端可以添加WAF 黑白名单
2021-01-03 20:18:21 +08:00
if inbound.AllowListRef == nil {
inbound.AllowListRef = &ipconfigs.IPListRef{
IsOn: true,
}
}
if inbound.AllowListRef.ListId > 0 {
return inbound.AllowListRef.ListId, nil
}
增加IP灰名单,用于仅记录并观察IP
2024-05-05 18:58:40 +08:00
} else if listType == ipconfigs.IPListTypeBlack {
用户端可以添加WAF 黑白名单
2021-01-03 20:18:21 +08:00
if inbound.DenyListRef == nil {
inbound.DenyListRef = &ipconfigs.IPListRef{
IsOn: true,
}
}
if inbound.DenyListRef.ListId > 0 {
return inbound.DenyListRef.ListId, nil
}
增加IP灰名单,用于仅记录并观察IP
2024-05-05 18:58:40 +08:00
} else if listType == ipconfigs.IPListTypeGrey {
if inbound.GreyListRef == nil {
inbound.GreyListRef = &ipconfigs.IPListRef{
IsOn: true,
}
}
if inbound.GreyListRef.ListId > 0 {
return inbound.DenyListRef.ListId, nil
}
用户端可以添加WAF 黑白名单
2021-01-03 20:18:21 +08:00
}
ipListResp, err := this.RPC().IPListRPC().CreateIPList(ctx, &pb.CreateIPListRequest{
Type: listType,
Name: "IP名单",
Code: listType,
创建IPList时可以指定服务ID
2022-06-15 19:22:56 +08:00
ServerId: serverId,
用户端可以添加WAF 黑白名单
2021-01-03 20:18:21 +08:00
TimeoutJSON: nil,
})
if err != nil {
return 0, errors.Wrap(err)
}
增加IP灰名单,用于仅记录并观察IP
2024-05-05 18:58:40 +08:00
if listType == ipconfigs.IPListTypeWhite {
用户端可以添加WAF 黑白名单
2021-01-03 20:18:21 +08:00
inbound.AllowListRef.ListId = ipListResp.IpListId
增加IP灰名单,用于仅记录并观察IP
2024-05-05 18:58:40 +08:00
} else if listType == ipconfigs.IPListTypeBlack {
用户端可以添加WAF 黑白名单
2021-01-03 20:18:21 +08:00
inbound.DenyListRef.ListId = ipListResp.IpListId
增加IP灰名单,用于仅记录并观察IP
2024-05-05 18:58:40 +08:00
} else if listType == ipconfigs.IPListTypeGrey {
inbound.GreyListRef.ListId = ipListResp.IpListId
用户端可以添加WAF 黑白名单
2021-01-03 20:18:21 +08:00
}
inboundJSON, err := json.Marshal(inbound)
if err != nil {
return 0, errors.Wrap(err)
}
_, err = this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallInboundConfig(ctx, &pb.UpdateHTTPFirewallInboundConfigRequest{
HttpFirewallPolicyId: webConfig.FirewallPolicy.Id,
InboundJSON: inboundJSON,
})
if err != nil {
return 0, errors.Wrap(err)
}
return ipListResp.IpListId, nil
}
Reference in New Issue Copy Permalink