增加CC防护相关API定义、配置

2025-11-03 12:20:27 +08:00 · 2023-03-09 12:10:31 +08:00
parent 0145758e70
commit 0e49f880e1
7 changed files with 647 additions and 306 deletions
--- a/build/rpc.json
+++ b/build/rpc.json
@@ -3399,6 +3399,24 @@
          ],
          "isDeprecated": false
        },
+        {
+          "name": "updateHTTPWebCC",
+          "requestMessageName": "UpdateHTTPWebCCRequest",
+          "responseMessageName": "RPCSuccess",
+          "code": "rpc updateHTTPWebCC(UpdateHTTPWebCCRequest) returns (RPCSuccess);",
+          "doc": "修改CC设置",
+          "roles": [],
+          "isDeprecated": false
+        },
+        {
+          "name": "findHTTPWebCC",
+          "requestMessageName": "FindHTTPWebCCRequest",
+          "responseMessageName": "FindHTTPWebCCResponse",
+          "code": "rpc findHTTPWebCC(FindHTTPWebCCRequest) returns (FindHTTPWebCCResponse);",
+          "doc": "查找UAM设置",
+          "roles": [],
+          "isDeprecated": false
+        },
        {
          "name": "updateHTTPWebReferers",
          "requestMessageName": "UpdateHTTPWebReferersRequest",
@@ -17934,6 +17952,16 @@
      "code": "message FindHTTPAccessLogResponse {\n\tHTTPAccessLog httpAccessLog = 1;\n}",
      "doc": ""
    },
+    {
+      "name": "FindHTTPWebCCRequest",
+      "code": "message FindHTTPWebCCRequest {\n\tint64 httpWebId = 1;\n}",
+      "doc": "查找服务UAM设置"
+    },
+    {
+      "name": "FindHTTPWebCCResponse",
+      "code": "message FindHTTPWebCCResponse {\n\tbytes ccJSON = 1;\n}",
+      "doc": ""
+    },
    {
      "name": "FindHTTPWebHostRedirectsRequest",
      "code": "message FindHTTPWebHostRedirectsRequest {\n\tint64 httpWebId = 1;\n}",
@@ -20959,6 +20987,11 @@
      "code": "message UpdateHTTPWebAuthRequest {\n\tint64 httpWebId = 1;\n\tbytes authJSON = 2;\n}",
      "doc": "更改认证设置"
    },
+    {
+      "name": "UpdateHTTPWebCCRequest",
+      "code": "message UpdateHTTPWebCCRequest {\n\tint64 httpWebId = 1;\n\tbytes ccJSON = 2;\n}",
+      "doc": "修改服务CC设置"
+    },
    {
      "name": "UpdateHTTPWebCacheRequest",
      "code": "message UpdateHTTPWebCacheRequest {\n\tint64 httpWebId = 1;\n\tbytes cacheJSON = 2; // @link json:http_cache_config\n}",
--- a/pkg/rpc/pb/service_http_web.pb.go
+++ b/pkg/rpc/pb/service_http_web.pb.go
--- a/pkg/rpc/protos/service_http_web.proto
+++ b/pkg/rpc/protos/service_http_web.proto
@@ -101,6 +101,12 @@ service HTTPWebService {
 	// 查找UAM设置
 	rpc findHTTPWebUAM(FindHTTPWebUAMRequest) returns (FindHTTPWebUAMResponse);

+	// 修改CC设置
+	rpc updateHTTPWebCC(UpdateHTTPWebCCRequest) returns (RPCSuccess);
+
+	// 查找UAM设置
+	rpc findHTTPWebCC(FindHTTPWebCCRequest) returns (FindHTTPWebCCResponse);
+
 	// 修改防盗链设置
 	rpc updateHTTPWebReferers(UpdateHTTPWebReferersRequest) returns (RPCSuccess);

@@ -321,6 +327,21 @@ message FindHTTPWebUAMResponse {
 	bytes uamJSON = 1;
 }

+// 修改服务CC设置
+message UpdateHTTPWebCCRequest {
+	int64 httpWebId = 1;
+	bytes ccJSON = 2;
+}
+
+// 查找服务UAM设置
+message FindHTTPWebCCRequest {
+	int64 httpWebId = 1;
+}
+
+message FindHTTPWebCCResponse {
+	bytes ccJSON = 1;
+}
+
 // 修改防盗链设置
 message UpdateHTTPWebReferersRequest {
 	int64 httpWebId = 1;
--- a/pkg/serverconfigs/http_cc_config.go
+++ b/pkg/serverconfigs/http_cc_config.go
@@ -1,47 +1,22 @@
 // Copyright 2023 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+//go:build !plus

 package serverconfigs

-import "strings"
-
 // HTTPCCConfig HTTP CC防护配置
 type HTTPCCConfig struct {
-	IsPrior            bool   `yaml:"isPrior" json:"isPrior"`                       // 是否覆盖父级
-	IsOn               bool   `yaml:"isOn" json:"isOn"`                             // 是否启用
-	WithRequestPath    bool   `yaml:"withRequestPath" json:"withRequestPath"`       // 根据URL路径区分请求
-	PeriodSeconds      int32  `yaml:"periodSeconds" json:"periodSeconds"`           // 计算周期
-	MaxRequests        int32  `yaml:"maxRequests" json:"maxRequests"`               // 请求数最大值
-	MaxConnections     int32  `yaml:"maxConnections" json:"maxConnections"`         // 连接数最大值
-	IgnoreCommonFiles  bool   `yaml:"ignoreCommonFiles" json:"ignoreCommonFiles"`   // 忽略常用文件，如CSS、JS等
-	IgnoreCommonAgents bool   `yaml:"ignoreCommonAgents" json:"ignoreCommonAgents"` // 忽略常见搜索引擎等
-	Action             string `yaml:"action" json:"action"`                         // 动作，比如block、captcha等
-
-	fullKey string
+	IsPrior bool `yaml:"isPrior" json:"isPrior"` // 是否覆盖父级
+	IsOn    bool `yaml:"isOn" json:"isOn"`       // 是否启用
 }

 func NewHTTPCCConfig() *HTTPCCConfig {
-	return &HTTPCCConfig{
-		WithRequestPath:    false,
-		PeriodSeconds:      10,
-		MaxRequests:        60,
-		MaxConnections:     10,
-		IgnoreCommonFiles:  false,
-		IgnoreCommonAgents: true,
-		Action:             "captcha",
-	}
+	return &HTTPCCConfig{}
 }

 func (this *HTTPCCConfig) Init() error {
-	// 组合Key
-	var keys = []string{"${remoteAddr}"}
-	if this.WithRequestPath {
-		keys = append(keys, "${requestPath}")
-	}
-	this.fullKey = strings.Join(keys, "@")
-
 	return nil
 }

-func (this *HTTPCCConfig) Key() string {
-	return this.fullKey
+func (this *HTTPCCConfig) MatchURL(url string) bool {
+	return false
 }
--- a/pkg/serverconfigs/http_web_config.go
+++ b/pkg/serverconfigs/http_web_config.go
@@ -50,8 +50,8 @@ type HTTPWebConfig struct {
 	RequestScripts *HTTPRequestScriptsConfig `yaml:"requestScripts" json:"requestScripts"` // HTTP请求相关脚本

 	// UAM, CC ...
-	UAM *UAMConfig `yaml:"uam" json:"uam"`
-	CC  *UAMConfig `yaml:"cc" json:"cc"`
+	UAM *UAMConfig    `yaml:"uam" json:"uam"`
+	CC  *HTTPCCConfig `yaml:"cc" json:"cc"`
 }

 func (this *HTTPWebConfig) Init() error {
--- a/pkg/serverconfigs/shared/url_pattern.go
+++ b/pkg/serverconfigs/shared/url_pattern.go
@@ -34,7 +34,11 @@ func (this *URLPattern) Init() error {
 		for index, piece := range pieces {
 			pieces[index] = regexp.QuoteMeta(piece)
 		}
-		reg, err := regexp.Compile("(?i)" /** 大小写不敏感 **/ + "^" + strings.Join(pieces, "(.*)") + "$")
+		var pattern = strings.Join(pieces, "(.*)")
+		if len(pattern) > 0 && pattern[0] == '/' {
+			pattern = "(http|https)://[\\w.-]+" + pattern
+		}
+		reg, err := regexp.Compile("(?i)" /** 大小写不敏感 **/ + "^" + pattern + "$")
 		if err != nil {
 			return err
 		}
--- a/pkg/serverconfigs/shared/url_pattern_test.go
+++ b/pkg/serverconfigs/shared/url_pattern_test.go
@@ -4,13 +4,10 @@ package shared_test

 import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
-	"github.com/iwind/TeaGo/assert"
 	"testing"
 )

 func TestURLPattern_Match(t *testing.T) {
-	var a = assert.NewAssertion(t)
-
 	type unitTest struct {
 		patternType string
 		pattern     string
@@ -55,6 +52,24 @@ func TestURLPattern_Match(t *testing.T) {
 			url:         "https://example.com",
 			result:      false,
 		},
+		{
+			patternType: "wildcard",
+			pattern:     "https://example.com",
+			url:         "https://example.com",
+			result:      true,
+		},
+		{
+			patternType: "wildcard",
+			pattern:     "/hello/world",
+			url:         "https://example-test.com/hello/world",
+			result:      true,
+		},
+		{
+			patternType: "wildcard",
+			pattern:     "/hello/world",
+			url:         "https://example-test.com/123/hello/world",
+			result:      false,
+		},
 		{
 			patternType: "regexp",
 			pattern:     ".*",
@@ -94,6 +109,9 @@ func TestURLPattern_Match(t *testing.T) {
 		if err != nil {
 			t.Fatal(err)
 		}
-		a.IsTrue(p.Match(ut.url) == ut.result)
+		var b = p.Match(ut.url) == ut.result
+		if !b {
+			t.Fatal("not matched pattern:", ut.pattern, "url:", ut.url)
+		}
 	}
 }