mirror of
https://github.com/TeaOSLab/EdgeCommon.git
synced 2025-11-09 00:20:25 +08:00
增加CC防护相关API定义、配置
This commit is contained in:
GoEdgeLab
@@ -3399,6 +3399,24 @@
|
|||||||
],
|
],
|
||||||
"isDeprecated": false
|
"isDeprecated": false
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"name": "updateHTTPWebCC",
|
||||||
|
"requestMessageName": "UpdateHTTPWebCCRequest",
|
||||||
|
"responseMessageName": "RPCSuccess",
|
||||||
|
"code": "rpc updateHTTPWebCC(UpdateHTTPWebCCRequest) returns (RPCSuccess);",
|
||||||
|
"doc": "修改CC设置",
|
||||||
|
"roles": [],
|
||||||
|
"isDeprecated": false
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "findHTTPWebCC",
|
||||||
|
"requestMessageName": "FindHTTPWebCCRequest",
|
||||||
|
"responseMessageName": "FindHTTPWebCCResponse",
|
||||||
|
"code": "rpc findHTTPWebCC(FindHTTPWebCCRequest) returns (FindHTTPWebCCResponse);",
|
||||||
|
"doc": "查找UAM设置",
|
||||||
|
"roles": [],
|
||||||
|
"isDeprecated": false
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"name": "updateHTTPWebReferers",
|
"name": "updateHTTPWebReferers",
|
||||||
"requestMessageName": "UpdateHTTPWebReferersRequest",
|
"requestMessageName": "UpdateHTTPWebReferersRequest",
|
||||||
@@ -17934,6 +17952,16 @@
|
|||||||
"code": "message FindHTTPAccessLogResponse {\n\tHTTPAccessLog httpAccessLog = 1;\n}",
|
"code": "message FindHTTPAccessLogResponse {\n\tHTTPAccessLog httpAccessLog = 1;\n}",
|
||||||
"doc": ""
|
"doc": ""
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"name": "FindHTTPWebCCRequest",
|
||||||
|
"code": "message FindHTTPWebCCRequest {\n\tint64 httpWebId = 1;\n}",
|
||||||
|
"doc": "查找服务UAM设置"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "FindHTTPWebCCResponse",
|
||||||
|
"code": "message FindHTTPWebCCResponse {\n\tbytes ccJSON = 1;\n}",
|
||||||
|
"doc": ""
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"name": "FindHTTPWebHostRedirectsRequest",
|
"name": "FindHTTPWebHostRedirectsRequest",
|
||||||
"code": "message FindHTTPWebHostRedirectsRequest {\n\tint64 httpWebId = 1;\n}",
|
"code": "message FindHTTPWebHostRedirectsRequest {\n\tint64 httpWebId = 1;\n}",
|
||||||
@@ -20959,6 +20987,11 @@
|
|||||||
"code": "message UpdateHTTPWebAuthRequest {\n\tint64 httpWebId = 1;\n\tbytes authJSON = 2;\n}",
|
"code": "message UpdateHTTPWebAuthRequest {\n\tint64 httpWebId = 1;\n\tbytes authJSON = 2;\n}",
|
||||||
"doc": "更改认证设置"
|
"doc": "更改认证设置"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"name": "UpdateHTTPWebCCRequest",
|
||||||
|
"code": "message UpdateHTTPWebCCRequest {\n\tint64 httpWebId = 1;\n\tbytes ccJSON = 2;\n}",
|
||||||
|
"doc": "修改服务CC设置"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"name": "UpdateHTTPWebCacheRequest",
|
"name": "UpdateHTTPWebCacheRequest",
|
||||||
"code": "message UpdateHTTPWebCacheRequest {\n\tint64 httpWebId = 1;\n\tbytes cacheJSON = 2; // @link json:http_cache_config\n}",
|
"code": "message UpdateHTTPWebCacheRequest {\n\tint64 httpWebId = 1;\n\tbytes cacheJSON = 2; // @link json:http_cache_config\n}",
|
||||||
|
|||||||
File diff suppressed because it is too large
Load Diff
@@ -101,6 +101,12 @@ service HTTPWebService {
|
|||||||
// 查找UAM设置
|
// 查找UAM设置
|
||||||
rpc findHTTPWebUAM(FindHTTPWebUAMRequest) returns (FindHTTPWebUAMResponse);
|
rpc findHTTPWebUAM(FindHTTPWebUAMRequest) returns (FindHTTPWebUAMResponse);
|
||||||
|
|
||||||
|
// 修改CC设置
|
||||||
|
rpc updateHTTPWebCC(UpdateHTTPWebCCRequest) returns (RPCSuccess);
|
||||||
|
|
||||||
|
// 查找UAM设置
|
||||||
|
rpc findHTTPWebCC(FindHTTPWebCCRequest) returns (FindHTTPWebCCResponse);
|
||||||
|
|
||||||
// 修改防盗链设置
|
// 修改防盗链设置
|
||||||
rpc updateHTTPWebReferers(UpdateHTTPWebReferersRequest) returns (RPCSuccess);
|
rpc updateHTTPWebReferers(UpdateHTTPWebReferersRequest) returns (RPCSuccess);
|
||||||
|
|
||||||
@@ -321,6 +327,21 @@ message FindHTTPWebUAMResponse {
|
|||||||
bytes uamJSON = 1;
|
bytes uamJSON = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// 修改服务CC设置
|
||||||
|
message UpdateHTTPWebCCRequest {
|
||||||
|
int64 httpWebId = 1;
|
||||||
|
bytes ccJSON = 2;
|
||||||
|
}
|
||||||
|
|
||||||
|
// 查找服务UAM设置
|
||||||
|
message FindHTTPWebCCRequest {
|
||||||
|
int64 httpWebId = 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
message FindHTTPWebCCResponse {
|
||||||
|
bytes ccJSON = 1;
|
||||||
|
}
|
||||||
|
|
||||||
// 修改防盗链设置
|
// 修改防盗链设置
|
||||||
message UpdateHTTPWebReferersRequest {
|
message UpdateHTTPWebReferersRequest {
|
||||||
int64 httpWebId = 1;
|
int64 httpWebId = 1;
|
||||||
|
|||||||
@@ -1,47 +1,22 @@
|
|||||||
// Copyright 2023 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
|
// Copyright 2023 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
|
||||||
|
//go:build !plus
|
||||||
|
|
||||||
package serverconfigs
|
package serverconfigs
|
||||||
|
|
||||||
import "strings"
|
|
||||||
|
|
||||||
// HTTPCCConfig HTTP CC防护配置
|
// HTTPCCConfig HTTP CC防护配置
|
||||||
type HTTPCCConfig struct {
|
type HTTPCCConfig struct {
|
||||||
IsPrior bool `yaml:"isPrior" json:"isPrior"` // 是否覆盖父级
|
IsPrior bool `yaml:"isPrior" json:"isPrior"` // 是否覆盖父级
|
||||||
IsOn bool `yaml:"isOn" json:"isOn"` // 是否启用
|
IsOn bool `yaml:"isOn" json:"isOn"` // 是否启用
|
||||||
WithRequestPath bool `yaml:"withRequestPath" json:"withRequestPath"` // 根据URL路径区分请求
|
|
||||||
PeriodSeconds int32 `yaml:"periodSeconds" json:"periodSeconds"` // 计算周期
|
|
||||||
MaxRequests int32 `yaml:"maxRequests" json:"maxRequests"` // 请求数最大值
|
|
||||||
MaxConnections int32 `yaml:"maxConnections" json:"maxConnections"` // 连接数最大值
|
|
||||||
IgnoreCommonFiles bool `yaml:"ignoreCommonFiles" json:"ignoreCommonFiles"` // 忽略常用文件,如CSS、JS等
|
|
||||||
IgnoreCommonAgents bool `yaml:"ignoreCommonAgents" json:"ignoreCommonAgents"` // 忽略常见搜索引擎等
|
|
||||||
Action string `yaml:"action" json:"action"` // 动作,比如block、captcha等
|
|
||||||
|
|
||||||
fullKey string
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewHTTPCCConfig() *HTTPCCConfig {
|
func NewHTTPCCConfig() *HTTPCCConfig {
|
||||||
return &HTTPCCConfig{
|
return &HTTPCCConfig{}
|
||||||
WithRequestPath: false,
|
|
||||||
PeriodSeconds: 10,
|
|
||||||
MaxRequests: 60,
|
|
||||||
MaxConnections: 10,
|
|
||||||
IgnoreCommonFiles: false,
|
|
||||||
IgnoreCommonAgents: true,
|
|
||||||
Action: "captcha",
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (this *HTTPCCConfig) Init() error {
|
func (this *HTTPCCConfig) Init() error {
|
||||||
// 组合Key
|
|
||||||
var keys = []string{"${remoteAddr}"}
|
|
||||||
if this.WithRequestPath {
|
|
||||||
keys = append(keys, "${requestPath}")
|
|
||||||
}
|
|
||||||
this.fullKey = strings.Join(keys, "@")
|
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (this *HTTPCCConfig) Key() string {
|
func (this *HTTPCCConfig) MatchURL(url string) bool {
|
||||||
return this.fullKey
|
return false
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -50,8 +50,8 @@ type HTTPWebConfig struct {
|
|||||||
RequestScripts *HTTPRequestScriptsConfig `yaml:"requestScripts" json:"requestScripts"` // HTTP请求相关脚本
|
RequestScripts *HTTPRequestScriptsConfig `yaml:"requestScripts" json:"requestScripts"` // HTTP请求相关脚本
|
||||||
|
|
||||||
// UAM, CC ...
|
// UAM, CC ...
|
||||||
UAM *UAMConfig `yaml:"uam" json:"uam"`
|
UAM *UAMConfig `yaml:"uam" json:"uam"`
|
||||||
CC *UAMConfig `yaml:"cc" json:"cc"`
|
CC *HTTPCCConfig `yaml:"cc" json:"cc"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func (this *HTTPWebConfig) Init() error {
|
func (this *HTTPWebConfig) Init() error {
|
||||||
|
|||||||
@@ -34,7 +34,11 @@ func (this *URLPattern) Init() error {
|
|||||||
for index, piece := range pieces {
|
for index, piece := range pieces {
|
||||||
pieces[index] = regexp.QuoteMeta(piece)
|
pieces[index] = regexp.QuoteMeta(piece)
|
||||||
}
|
}
|
||||||
reg, err := regexp.Compile("(?i)" /** 大小写不敏感 **/ + "^" + strings.Join(pieces, "(.*)") + "$")
|
var pattern = strings.Join(pieces, "(.*)")
|
||||||
|
if len(pattern) > 0 && pattern[0] == '/' {
|
||||||
|
pattern = "(http|https)://[\\w.-]+" + pattern
|
||||||
|
}
|
||||||
|
reg, err := regexp.Compile("(?i)" /** 大小写不敏感 **/ + "^" + pattern + "$")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -4,13 +4,10 @@ package shared_test
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
|
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
|
||||||
"github.com/iwind/TeaGo/assert"
|
|
||||||
"testing"
|
"testing"
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestURLPattern_Match(t *testing.T) {
|
func TestURLPattern_Match(t *testing.T) {
|
||||||
var a = assert.NewAssertion(t)
|
|
||||||
|
|
||||||
type unitTest struct {
|
type unitTest struct {
|
||||||
patternType string
|
patternType string
|
||||||
pattern string
|
pattern string
|
||||||
@@ -55,6 +52,24 @@ func TestURLPattern_Match(t *testing.T) {
|
|||||||
url: "https://example.com",
|
url: "https://example.com",
|
||||||
result: false,
|
result: false,
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
patternType: "wildcard",
|
||||||
|
pattern: "https://example.com",
|
||||||
|
url: "https://example.com",
|
||||||
|
result: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
patternType: "wildcard",
|
||||||
|
pattern: "/hello/world",
|
||||||
|
url: "https://example-test.com/hello/world",
|
||||||
|
result: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
patternType: "wildcard",
|
||||||
|
pattern: "/hello/world",
|
||||||
|
url: "https://example-test.com/123/hello/world",
|
||||||
|
result: false,
|
||||||
|
},
|
||||||
{
|
{
|
||||||
patternType: "regexp",
|
patternType: "regexp",
|
||||||
pattern: ".*",
|
pattern: ".*",
|
||||||
@@ -94,6 +109,9 @@ func TestURLPattern_Match(t *testing.T) {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
a.IsTrue(p.Match(ut.url) == ut.result)
|
var b = p.Match(ut.url) == ut.result
|
||||||
|
if !b {
|
||||||
|
t.Fatal("not matched pattern:", ut.pattern, "url:", ut.url)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user