支持Server自定义WAF策略、改进节点版本号等等

2025-12-25 11:36:35 +08:00 · 2021-01-18 20:41:37 +08:00
parent d48eb8c7b0
commit 25d9d79c67
7 changed files with 543 additions and 251 deletions
--- a/pkg/rpc/dao/http_web_dao.go
+++ b/pkg/rpc/dao/http_web_dao.go
@@ -58,13 +58,12 @@ func (this *HTTPWebDAO) FindWebConfigWithId(ctx context.Context, webId int64) (*
 }

 // 初始化防火墙设置
-func (this *HTTPWebDAO) InitHTTPFirewallPolicy(ctx context.Context, webId int64) (int64, error) {
+func (this *HTTPWebDAO) InitEmptyHTTPFirewallPolicy(ctx context.Context, webId int64, isOn bool) (int64, error) {
 	// 创建FirewallPolicy
-	firewallPolicyIdResp, err := this.RPC().HTTPFirewallPolicyRPC().CreateHTTPFirewallPolicy(ctx, &pb.CreateHTTPFirewallPolicyRequest{
-		IsOn:                   true,
-		Name:                   "用户自定义",
-		Description:            "",
-		HttpFirewallGroupCodes: nil,
+	firewallPolicyIdResp, err := this.RPC().HTTPFirewallPolicyRPC().CreateEmptyHTTPFirewallPolicy(ctx, &pb.CreateEmptyHTTPFirewallPolicyRequest{
+		IsOn:        true,
+		Name:        "用户自定义",
+		Description: "",
 	})
 	if err != nil {
 		return 0, errors.Wrap(err)
@@ -74,7 +73,7 @@ func (this *HTTPWebDAO) InitHTTPFirewallPolicy(ctx context.Context, webId int64)

 	firewallRef := &firewallconfigs.HTTPFirewallRef{
 		IsPrior:          false,
-		IsOn:             true,
+		IsOn:             isOn,
 		FirewallPolicyId: policyId,
 	}
 	firewallRefJSON, err := json.Marshal(firewallRef)
--- a/pkg/rpc/dao/ip_list_dao.go
+++ b/pkg/rpc/dao/ip_list_dao.go
@@ -55,7 +55,8 @@ func (this *IPListDAO) CreateIPListForServerId(ctx context.Context, serverId int
 		return 0, nil
 	}
 	if webConfig.FirewallPolicy == nil || webConfig.FirewallPolicy.Id == 0 {
-		_, err = SharedHTTPWebDAO.InitHTTPFirewallPolicy(ctx, webConfig.Id)
+		isOn := webConfig.FirewallRef != nil && webConfig.FirewallRef.IsOn
+		_, err = SharedHTTPWebDAO.InitEmptyHTTPFirewallPolicy(ctx, webConfig.Id, isOn)
 		if err != nil {
 			return 0, errors.Wrap(err)
 		}
--- a/pkg/rpc/pb/service_http_firewall_policy.pb.go
+++ b/pkg/rpc/pb/service_http_firewall_policy.pb.go
--- a/pkg/rpc/protos/service_http_firewall_policy.proto
+++ b/pkg/rpc/protos/service_http_firewall_policy.proto
@@ -13,6 +13,9 @@ service HTTPFirewallPolicyService {
 	// 创建防火墙策略
 	rpc createHTTPFirewallPolicy (CreateHTTPFirewallPolicyRequest) returns (CreateHTTPFirewallPolicyResponse);

+	// 创建空防火墙策略
+	rpc createEmptyHTTPFirewallPolicy (CreateEmptyHTTPFirewallPolicyRequest) returns (CreateEmptyHTTPFirewallPolicyResponse);
+
 	// 修改防火墙策略
 	rpc updateHTTPFirewallPolicy (UpdateHTTPFirewallPolicyRequest) returns (RPCSuccess);

@@ -62,6 +65,17 @@ message CreateHTTPFirewallPolicyResponse {
 	int64 httpFirewallPolicyId = 1;
 }

+// 创建空防火墙策略
+message CreateEmptyHTTPFirewallPolicyRequest {
+	bool isOn = 1;
+	string name = 2;
+	string description = 3;
+}
+
+message CreateEmptyHTTPFirewallPolicyResponse {
+	int64 httpFirewallPolicyId = 1;
+}
+
 // 修改防火墙策略
 message UpdateHTTPFirewallPolicyRequest {
 	int64 httpFirewallPolicyId = 1;