支持Server自定义WAF策略、改进节点版本号等等

pkg/nodeconfigs/node_config.go

@@ -33,6 +33,8 @@ type NodeConfig struct {
 	SystemServices     map[string]maps.Map                 `yaml:"systemServices" json:"systemServices"` // 系统服务配置 type => params
 
 	paddedId string
+
+	firewallPolicies []*firewallconfigs.HTTPFirewallPolicy
 }
 
 // 取得当前节点配置单例
@@ -110,6 +112,17 @@ func (this *NodeConfig) Init() error {
 		}
 	}
 
+	// 查找FirewallPolicy
+	this.firewallPolicies = []*firewallconfigs.HTTPFirewallPolicy{}
+	if this.HTTPFirewallPolicy != nil && this.HTTPFirewallPolicy.IsOn {
+		this.firewallPolicies = append(this.firewallPolicies, this.HTTPFirewallPolicy)
+	}
+	for _, server := range this.Servers {
+		if server.Web != nil {
+			this.lookupWeb(server.Web)
+		}
+	}
+
 	return nil
 }
 
@@ -138,6 +151,11 @@ func (this *NodeConfig) AvailableGroups() []*serverconfigs.ServerGroup {
 	return result
 }
 
+// 获取所有的防火墙策略
+func (this *NodeConfig) FindAllFirewallPolicies() []*firewallconfigs.HTTPFirewallPolicy {
+	return this.firewallPolicies
+}
+
 // 写入到文件
 func (this *NodeConfig) Save() error {
 	shared.Locker.Lock()
@@ -155,3 +173,20 @@ func (this *NodeConfig) Save() error {
 func (this *NodeConfig) PaddedId() string {
 	return this.paddedId
 }
+
+// 搜索WAF策略
+func (this *NodeConfig) lookupWeb(web *serverconfigs.HTTPWebConfig) {
+	if web == nil || !web.IsOn {
+		return
+	}
+	if web.FirewallPolicy != nil && web.FirewallPolicy.IsOn {
+		this.firewallPolicies = append(this.firewallPolicies, web.FirewallPolicy)
+	}
+	if len(web.Locations) > 0 {
+		for _, location := range web.Locations {
+			if location.Web != nil && location.Web.IsOn {
+				this.lookupWeb(location.Web)
+			}
+		}
+	}
+}

pkg/nodeconfigs/node_status.go

@@ -2,8 +2,9 @@ package nodeconfigs
 
 // 节点状态
 type NodeStatus struct {
-	BuildVersion  string `json:"buildVersion"`  // 编译版本
-	ConfigVersion int64  `json:"configVersion"` // 节点配置版本
+	BuildVersion     string `json:"buildVersion"`     // 编译版本
+	BuildVersionCode uint32 `json:"buildVersionCode"` // 版本数字
+	ConfigVersion    int64  `json:"configVersion"`    // 节点配置版本
 
 	OS                    string  `json:"os"`
 	Arch                  string  `json:"arch"`

pkg/nodeconfigs/node_status_test.go

@@ -0,0 +1,45 @@
+package nodeconfigs
+
+import "testing"
+
+func TestNodeStatus_ComputerBuildVersionCode(t *testing.T) {
+	{
+		status := &NodeStatus{}
+		status.ComputerBuildVersionCode()
+		t.Log(status.BuildVersion, status.BuildVersionCode)
+	}
+
+	{
+		status := &NodeStatus{BuildVersion: "0.0.6"}
+		status.ComputerBuildVersionCode()
+		t.Log(status.BuildVersion, status.BuildVersionCode)
+	}
+
+	{
+		status := &NodeStatus{BuildVersion: "0.0.6.1"}
+		status.ComputerBuildVersionCode()
+		t.Log(status.BuildVersion, status.BuildVersionCode)
+	}
+
+	{
+		status := &NodeStatus{BuildVersion: "0.0.7"}
+		status.ComputerBuildVersionCode()
+		t.Log(status.BuildVersion, status.BuildVersionCode)
+	}
+
+	{
+		status := &NodeStatus{BuildVersion: "0.7"}
+		status.ComputerBuildVersionCode()
+		t.Log(status.BuildVersion, status.BuildVersionCode)
+	}
+	{
+		status := &NodeStatus{BuildVersion: "7"}
+		status.ComputerBuildVersionCode()
+		t.Log(status.BuildVersion, status.BuildVersionCode)
+	}
+	{
+		status := &NodeStatus{BuildVersion: "7.0.1"}
+		status.ComputerBuildVersionCode()
+		t.Log(status.BuildVersion, status.BuildVersionCode)
+	}
+}

pkg/rpc/dao/http_web_dao.go

@@ -58,13 +58,12 @@ func (this *HTTPWebDAO) FindWebConfigWithId(ctx context.Context, webId int64) (*
 }
 
 // 初始化防火墙设置
-func (this *HTTPWebDAO) InitHTTPFirewallPolicy(ctx context.Context, webId int64) (int64, error) {
+func (this *HTTPWebDAO) InitEmptyHTTPFirewallPolicy(ctx context.Context, webId int64, isOn bool) (int64, error) {
 	// 创建FirewallPolicy
-	firewallPolicyIdResp, err := this.RPC().HTTPFirewallPolicyRPC().CreateHTTPFirewallPolicy(ctx, &pb.CreateHTTPFirewallPolicyRequest{
-		IsOn:                   true,
-		Name:                   "用户自定义",
-		Description:            "",
-		HttpFirewallGroupCodes: nil,
+	firewallPolicyIdResp, err := this.RPC().HTTPFirewallPolicyRPC().CreateEmptyHTTPFirewallPolicy(ctx, &pb.CreateEmptyHTTPFirewallPolicyRequest{
+		IsOn:        true,
+		Name:        "用户自定义",
+		Description: "",
 	})
 	if err != nil {
 		return 0, errors.Wrap(err)
@@ -74,7 +73,7 @@ func (this *HTTPWebDAO) InitHTTPFirewallPolicy(ctx context.Context, webId int64)
 
 	firewallRef := &firewallconfigs.HTTPFirewallRef{
 		IsPrior:          false,
-		IsOn:             true,
+		IsOn:             isOn,
 		FirewallPolicyId: policyId,
 	}
 	firewallRefJSON, err := json.Marshal(firewallRef)

pkg/rpc/dao/ip_list_dao.go

@@ -55,7 +55,8 @@ func (this *IPListDAO) CreateIPListForServerId(ctx context.Context, serverId int
 		return 0, nil
 	}
 	if webConfig.FirewallPolicy == nil || webConfig.FirewallPolicy.Id == 0 {
-		_, err = SharedHTTPWebDAO.InitHTTPFirewallPolicy(ctx, webConfig.Id)
+		isOn := webConfig.FirewallRef != nil && webConfig.FirewallRef.IsOn
+		_, err = SharedHTTPWebDAO.InitEmptyHTTPFirewallPolicy(ctx, webConfig.Id, isOn)
 		if err != nil {
 			return 0, errors.Wrap(err)
 		}

pkg/rpc/protos/service_http_firewall_policy.proto

@@ -13,6 +13,9 @@ service HTTPFirewallPolicyService {
 	// 创建防火墙策略
 	rpc createHTTPFirewallPolicy (CreateHTTPFirewallPolicyRequest) returns (CreateHTTPFirewallPolicyResponse);
 
+	// 创建空防火墙策略
+	rpc createEmptyHTTPFirewallPolicy (CreateEmptyHTTPFirewallPolicyRequest) returns (CreateEmptyHTTPFirewallPolicyResponse);
+
 	// 修改防火墙策略
 	rpc updateHTTPFirewallPolicy (UpdateHTTPFirewallPolicyRequest) returns (RPCSuccess);
 
@@ -62,6 +65,17 @@ message CreateHTTPFirewallPolicyResponse {
 	int64 httpFirewallPolicyId = 1;
 }
 
+// 创建空防火墙策略
+message CreateEmptyHTTPFirewallPolicyRequest {
+	bool isOn = 1;
+	string name = 2;
+	string description = 3;
+}
+
+message CreateEmptyHTTPFirewallPolicyResponse {
+	int64 httpFirewallPolicyId = 1;
+}
+
 // 修改防火墙策略
 message UpdateHTTPFirewallPolicyRequest {
 	int64 httpFirewallPolicyId = 1;