WAF策略中增加验证码相关定制设置

pkg/nodeconfigs/node_config.go

@@ -421,12 +421,19 @@ func (this *NodeConfig) lookupWeb(server *serverconfigs.ServerConfig, web *serve
 		return
 	}
 	if web.FirewallPolicy != nil && web.FirewallPolicy.IsOn {
-		// 复用节点的拦截选项设置
+		// 复用节点的选项设置
-		if web.FirewallPolicy.BlockOptions == nil && server.HTTPFirewallPolicy != nil && server.HTTPFirewallPolicy.BlockOptions != nil {
+		if server.HTTPFirewallPolicy != nil {
+			if (web.FirewallPolicy.BlockOptions == nil || !web.FirewallPolicy.BlockOptions.IsPrior) || server.HTTPFirewallPolicy.BlockOptions != nil {
 				web.FirewallPolicy.BlockOptions = server.HTTPFirewallPolicy.BlockOptions
+			}
+			if (web.FirewallPolicy.CaptchaOptions == nil || !web.FirewallPolicy.CaptchaOptions.IsPrior) || server.HTTPFirewallPolicy.CaptchaOptions != nil {
+				web.FirewallPolicy.CaptchaOptions = server.HTTPFirewallPolicy.CaptchaOptions
+			}
+
 			web.FirewallPolicy.Mode = server.HTTPFirewallPolicy.Mode
 			web.FirewallPolicy.UseLocalFirewall = server.HTTPFirewallPolicy.UseLocalFirewall
 		}
+
 		this.firewallPolicies = append(this.firewallPolicies, web.FirewallPolicy)
 	}
 	if len(web.Locations) > 0 {

pkg/rpc/pb/service_http_firewall_policy.pb.go

@@ -389,6 +389,7 @@ type UpdateHTTPFirewallPolicyRequest struct {
 	Description          string   `protobuf:"bytes,4,opt,name=description,proto3" json:"description,omitempty"`
 	FirewallGroupCodes   []string `protobuf:"bytes,5,rep,name=firewallGroupCodes,proto3" json:"firewallGroupCodes,omitempty"`
 	BlockOptionsJSON     []byte   `protobuf:"bytes,6,opt,name=blockOptionsJSON,proto3" json:"blockOptionsJSON,omitempty"`
+	CaptchaOptionsJSON   []byte   `protobuf:"bytes,11,opt,name=captchaOptionsJSON,proto3" json:"captchaOptionsJSON,omitempty"`
 	Mode                 string   `protobuf:"bytes,7,opt,name=mode,proto3" json:"mode,omitempty"`
 	UseLocalFirewall     bool     `protobuf:"varint,8,opt,name=useLocalFirewall,proto3" json:"useLocalFirewall,omitempty"`
 	SynFloodJSON         []byte   `protobuf:"bytes,9,opt,name=synFloodJSON,proto3" json:"synFloodJSON,omitempty"`
@@ -469,6 +470,13 @@ func (x *UpdateHTTPFirewallPolicyRequest) GetBlockOptionsJSON() []byte {
 	return nil
 }
 
+func (x *UpdateHTTPFirewallPolicyRequest) GetCaptchaOptionsJSON() []byte {
+	if x != nil {
+		return x.CaptchaOptionsJSON
+	}
+	return nil
+}
+
 func (x *UpdateHTTPFirewallPolicyRequest) GetMode() string {
 	if x != nil {
 		return x.Mode
@@ -1309,7 +1317,7 @@ var file_service_http_firewall_policy_proto_rawDesc = []byte{
 	0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x32, 0x0a, 0x14, 0x68, 0x74, 0x74, 0x70,
 	0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64,
 	0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x14, 0x68, 0x74, 0x74, 0x70, 0x46, 0x69, 0x72, 0x65,
-	0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x22, 0xf9, 0x02, 0x0a,
+	0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x22, 0xa9, 0x03, 0x0a,
 	0x1f, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77,
 	0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
 	0x12, 0x32, 0x0a, 0x14, 0x68, 0x74, 0x74, 0x70, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c,
@@ -1325,6 +1333,9 @@ var file_service_http_firewall_policy_proto_rawDesc = []byte{
 	0x77, 0x61, 0x6c, 0x6c, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x64, 0x65, 0x73, 0x12, 0x2a,
 	0x0a, 0x10, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x4a, 0x53,
 	0x4f, 0x4e, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x10, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x4f,
+	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x4a, 0x53, 0x4f, 0x4e, 0x12, 0x2e, 0x0a, 0x12, 0x63, 0x61,
+	0x70, 0x74, 0x63, 0x68, 0x61, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x4a, 0x53, 0x4f, 0x4e,
+	0x18, 0x0b, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x12, 0x63, 0x61, 0x70, 0x74, 0x63, 0x68, 0x61, 0x4f,
 	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x4a, 0x53, 0x4f, 0x4e, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x6f,
 	0x64, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x2a,
 	0x0a, 0x10, 0x75, 0x73, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61,

pkg/rpc/protos/service_http_firewall_policy.proto

@@ -95,6 +95,7 @@ message UpdateHTTPFirewallPolicyRequest {
 	string description = 4;
 	repeated string firewallGroupCodes = 5;
 	bytes blockOptionsJSON = 6;
+	bytes captchaOptionsJSON = 11;
 	string mode = 7;
 	bool useLocalFirewall = 8;
 	bytes synFloodJSON = 9;

pkg/serverconfigs/firewallconfigs/http_firewall_action_block.go

@@ -2,6 +2,8 @@ package firewallconfigs
 
 // HTTPFirewallBlockAction url client configure
 type HTTPFirewallBlockAction struct {
+	IsPrior bool `yaml:"isPrior" json:"isPrior"`
+
 	StatusCode int           `yaml:"statusCode" json:"statusCode"`
 	Body       string        `yaml:"body" json:"body"` // supports HTML
 	URL        string        `yaml:"url" json:"url"`

pkg/serverconfigs/firewallconfigs/http_firewall_action_captcha.go

@@ -1,19 +1,25 @@
 package firewallconfigs
 
 type HTTPFirewallCaptchaAction struct {
+	IsPrior bool `yaml:"isPrior" json:"isPrior"`
+
 	Life              int32 `yaml:"life" json:"life"`                           // 有效期
 	MaxFails          int   `yaml:"maxFails" json:"maxFails"`                   // 最大失败次数
 	FailBlockTimeout  int   `yaml:"failBlockTimeout" json:"failBlockTimeout"`   // 失败拦截时间
+	FailBlockScopeAll bool  `yaml:"failBlockScopeAll" json:"failBlockScopeAll"` // 是否全局有效
 
-	UIIsOn          bool   `yaml:"uiIsOn" json:"uiIsOn"`                   // 是否使用自定义UI TODO
+	CountLetters int8 `yaml:"countLetters" json:"countLetters"` // 字符数量
-	UITitle         string `yaml:"uiTitle" json:"uiTitle"`                 // 消息标题 TODO
+
-	UIPrompt        string `yaml:"uiPrompt" json:"uiPrompt"`               // 消息提示 TODO
+	UIIsOn          bool   `yaml:"uiIsOn" json:"uiIsOn"`                   // 是否使用自定义UI
-	UIButtonTitle   string `yaml:"uiButtonTitle" json:"uiButtonTitle"`     // 按钮标题 TODO
+	UITitle         string `yaml:"uiTitle" json:"uiTitle"`                 // 消息标题
-	UIShowRequestId bool   `yaml:"uiShowRequestId" json:"uiShowRequestId"` // 是否显示请求ID TODO
+	UIPrompt        string `yaml:"uiPrompt" json:"uiPrompt"`               // 消息提示
-	UICss           string `yaml:"uiCss" json:"uiCss"`                     // CSS样式 TODO
+	UIButtonTitle   string `yaml:"uiButtonTitle" json:"uiButtonTitle"`     // 按钮标题
-	UIFooter        string `yaml:"uiFooter" json:"uiFooter"`               // TODO
+	UIShowRequestId bool   `yaml:"uiShowRequestId" json:"uiShowRequestId"` // 是否显示请求ID
+	UICss           string `yaml:"uiCss" json:"uiCss"`                     // CSS样式
+	UIFooter        string `yaml:"uiFooter" json:"uiFooter"`               // 页脚
+	UIBody          string `yaml:"uiBody" json:"uiBody"`                   // 内容轮廓
 
 	CookieId string `yaml:"cookieId" json:"cookieId"` // TODO
 
-	Language string `yaml:"language" json:"language"` // 语言，zh-CN, en-US ... TODO 需要实现，目前是根据浏览器Accept-Language动态获取
+	Lang string `yaml:"lang" json:"lang"` // 语言，zh-CN, en-US ... TODO 需要实现，目前是根据浏览器Accept-Language动态获取
 }

pkg/serverconfigs/firewallconfigs/http_firewall_policy.go

@@ -11,6 +11,7 @@ type HTTPFirewallPolicy struct {
 	Inbound          *HTTPFirewallInboundConfig   `yaml:"inbound" json:"inbound"`
 	Outbound         *HTTPFirewallOutboundConfig  `yaml:"outbound" json:"outbound"`
 	BlockOptions     *HTTPFirewallBlockAction     `yaml:"blockOptions" json:"blockOptions"`
+	CaptchaOptions   *HTTPFirewallCaptchaAction   `yaml:"captchaOptions" json:"captchaOptions"`
 	Mode             FirewallMode                 `yaml:"mode" json:"mode"`
 	UseLocalFirewall bool                         `yaml:"useLocalFirewall" json:"useLocalFirewall"`
 	SYNFlood         *SYNFloodConfig              `yaml:"synFlood" json:"synFlood"`