mirror of
https://github.com/TeaOSLab/EdgeCommon.git
synced 2026-03-25 18:15:41 +08:00
增加IP灰名单,用于仅记录并观察IP
This commit is contained in:
刘祥超
@@ -62,6 +62,8 @@ func (this *HTTPFirewallPolicyDAO) FindEnabledPolicyIPListIdWithType(ctx context
|
||||
return this.FindEnabledPolicyWhiteIPListId(ctx, policyId)
|
||||
case ipconfigs.IPListTypeBlack:
|
||||
return this.FindEnabledPolicyBlackIPListId(ctx, policyId)
|
||||
case ipconfigs.IPListTypeGrey:
|
||||
return this.FindEnabledPolicyGreyIPListId(ctx, policyId)
|
||||
default:
|
||||
return 0, errors.New("invalid ip list type '" + listType + "'")
|
||||
}
|
||||
@@ -89,7 +91,7 @@ func (this *HTTPFirewallPolicyDAO) FindEnabledPolicyWhiteIPListId(ctx context.Co
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
listId := createResp.IpListId
|
||||
var listId = createResp.IpListId
|
||||
config.Inbound.AllowListRef = &ipconfigs.IPListRef{
|
||||
IsOn: true,
|
||||
ListId: listId,
|
||||
@@ -133,7 +135,7 @@ func (this *HTTPFirewallPolicyDAO) FindEnabledPolicyBlackIPListId(ctx context.Co
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
listId := createResp.IpListId
|
||||
var listId = createResp.IpListId
|
||||
config.Inbound.DenyListRef = &ipconfigs.IPListRef{
|
||||
IsOn: true,
|
||||
ListId: listId,
|
||||
@@ -155,6 +157,50 @@ func (this *HTTPFirewallPolicyDAO) FindEnabledPolicyBlackIPListId(ctx context.Co
|
||||
return config.Inbound.DenyListRef.ListId, nil
|
||||
}
|
||||
|
||||
// FindEnabledPolicyGreyIPListId 查找WAF的灰名单
|
||||
func (this *HTTPFirewallPolicyDAO) FindEnabledPolicyGreyIPListId(ctx context.Context, policyId int64) (int64, error) {
|
||||
config, err := this.FindEnabledHTTPFirewallPolicyConfig(ctx, policyId)
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
if config == nil {
|
||||
return 0, errors.New("not found")
|
||||
}
|
||||
if config.Inbound == nil {
|
||||
config.Inbound = &firewallconfigs.HTTPFirewallInboundConfig{IsOn: true}
|
||||
}
|
||||
if config.Inbound.GreyListRef == nil || config.Inbound.GreyListRef.ListId == 0 {
|
||||
createResp, err := this.RPC().IPListRPC().CreateIPList(ctx, &pb.CreateIPListRequest{
|
||||
Type: "grey",
|
||||
Name: "灰名单",
|
||||
Code: "grey",
|
||||
TimeoutJSON: nil,
|
||||
})
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
var listId = createResp.IpListId
|
||||
config.Inbound.GreyListRef = &ipconfigs.IPListRef{
|
||||
IsOn: true,
|
||||
ListId: listId,
|
||||
}
|
||||
inboundJSON, err := json.Marshal(config.Inbound)
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
_, err = this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallInboundConfig(ctx, &pb.UpdateHTTPFirewallInboundConfigRequest{
|
||||
HttpFirewallPolicyId: policyId,
|
||||
InboundJSON: inboundJSON,
|
||||
})
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
return listId, nil
|
||||
}
|
||||
|
||||
return config.Inbound.GreyListRef.ListId, nil
|
||||
}
|
||||
|
||||
// FindEnabledHTTPFirewallPolicyWithServerId 根据服务Id查找WAF策略
|
||||
func (this *HTTPFirewallPolicyDAO) FindEnabledHTTPFirewallPolicyWithServerId(ctx context.Context, serverId int64) (*pb.HTTPFirewallPolicy, error) {
|
||||
serverResp, err := this.RPC().ServerRPC().FindEnabledServer(ctx, &pb.FindEnabledServerRequest{ServerId: serverId})
|
||||
@@ -202,7 +248,7 @@ func (this *HTTPFirewallPolicyDAO) FindHTTPFirewallActionConfigs(ctx context.Con
|
||||
return nil, err
|
||||
}
|
||||
if listId == 0 {
|
||||
action.Options["ipListName"] = "全局黑名单"
|
||||
action.Options["ipListName"] = firewallconfigs.FindGlobalListNameWithType(action.Options.GetString("type"))
|
||||
} else if listResp.IpList != nil {
|
||||
action.Options["ipListName"] = listResp.IpList.Name
|
||||
} else {
|
||||
|
||||
@@ -15,7 +15,7 @@ type IPListDAO struct {
|
||||
BaseDAO
|
||||
}
|
||||
|
||||
// FindAllowIPListIdWithServerId 查找服务的允许IP列表
|
||||
// FindAllowIPListIdWithServerId 查找网站的允许IP列表
|
||||
func (this *IPListDAO) FindAllowIPListIdWithServerId(ctx context.Context, serverId int64) (int64, error) {
|
||||
webConfig, err := SharedHTTPWebDAO.FindWebConfigWithServerId(ctx, serverId)
|
||||
if err != nil {
|
||||
@@ -30,7 +30,7 @@ func (this *IPListDAO) FindAllowIPListIdWithServerId(ctx context.Context, server
|
||||
return webConfig.FirewallPolicy.Inbound.AllowListRef.ListId, nil
|
||||
}
|
||||
|
||||
// FindDenyIPListIdWithServerId 查找服务的禁止IP列表
|
||||
// FindDenyIPListIdWithServerId 查找网站的禁止IP列表
|
||||
func (this *IPListDAO) FindDenyIPListIdWithServerId(ctx context.Context, serverId int64) (int64, error) {
|
||||
webConfig, err := SharedHTTPWebDAO.FindWebConfigWithServerId(ctx, serverId)
|
||||
if err != nil {
|
||||
@@ -45,6 +45,21 @@ func (this *IPListDAO) FindDenyIPListIdWithServerId(ctx context.Context, serverI
|
||||
return webConfig.FirewallPolicy.Inbound.DenyListRef.ListId, nil
|
||||
}
|
||||
|
||||
// FindGreyIPListIdWithServerId 查找网站的IP灰名单
|
||||
func (this *IPListDAO) FindGreyIPListIdWithServerId(ctx context.Context, serverId int64) (int64, error) {
|
||||
webConfig, err := SharedHTTPWebDAO.FindWebConfigWithServerId(ctx, serverId)
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
if webConfig == nil {
|
||||
return 0, nil
|
||||
}
|
||||
if webConfig.FirewallPolicy == nil || webConfig.FirewallPolicy.Inbound == nil || webConfig.FirewallPolicy.Inbound.GreyListRef == nil {
|
||||
return 0, nil
|
||||
}
|
||||
return webConfig.FirewallPolicy.Inbound.GreyListRef.ListId, nil
|
||||
}
|
||||
|
||||
// CreateIPListForServerId 为服务创建IP名单
|
||||
func (this *IPListDAO) CreateIPListForServerId(ctx context.Context, serverId int64, listType string) (int64, error) {
|
||||
webConfig, err := SharedHTTPWebDAO.FindWebConfigWithServerId(ctx, serverId)
|
||||
@@ -72,13 +87,13 @@ func (this *IPListDAO) CreateIPListForServerId(ctx context.Context, serverId int
|
||||
}
|
||||
}
|
||||
|
||||
inbound := webConfig.FirewallPolicy.Inbound
|
||||
var inbound = webConfig.FirewallPolicy.Inbound
|
||||
if inbound == nil {
|
||||
inbound = &firewallconfigs.HTTPFirewallInboundConfig{
|
||||
IsOn: true,
|
||||
}
|
||||
}
|
||||
if listType == "white" {
|
||||
if listType == ipconfigs.IPListTypeWhite {
|
||||
if inbound.AllowListRef == nil {
|
||||
inbound.AllowListRef = &ipconfigs.IPListRef{
|
||||
IsOn: true,
|
||||
@@ -87,7 +102,7 @@ func (this *IPListDAO) CreateIPListForServerId(ctx context.Context, serverId int
|
||||
if inbound.AllowListRef.ListId > 0 {
|
||||
return inbound.AllowListRef.ListId, nil
|
||||
}
|
||||
} else if listType == "black" {
|
||||
} else if listType == ipconfigs.IPListTypeBlack {
|
||||
if inbound.DenyListRef == nil {
|
||||
inbound.DenyListRef = &ipconfigs.IPListRef{
|
||||
IsOn: true,
|
||||
@@ -96,6 +111,15 @@ func (this *IPListDAO) CreateIPListForServerId(ctx context.Context, serverId int
|
||||
if inbound.DenyListRef.ListId > 0 {
|
||||
return inbound.DenyListRef.ListId, nil
|
||||
}
|
||||
} else if listType == ipconfigs.IPListTypeGrey {
|
||||
if inbound.GreyListRef == nil {
|
||||
inbound.GreyListRef = &ipconfigs.IPListRef{
|
||||
IsOn: true,
|
||||
}
|
||||
}
|
||||
if inbound.GreyListRef.ListId > 0 {
|
||||
return inbound.DenyListRef.ListId, nil
|
||||
}
|
||||
}
|
||||
|
||||
ipListResp, err := this.RPC().IPListRPC().CreateIPList(ctx, &pb.CreateIPListRequest{
|
||||
@@ -109,10 +133,12 @@ func (this *IPListDAO) CreateIPListForServerId(ctx context.Context, serverId int
|
||||
return 0, errors.Wrap(err)
|
||||
}
|
||||
|
||||
if listType == "white" {
|
||||
if listType == ipconfigs.IPListTypeWhite {
|
||||
inbound.AllowListRef.ListId = ipListResp.IpListId
|
||||
} else if listType == "black" {
|
||||
} else if listType == ipconfigs.IPListTypeBlack {
|
||||
inbound.DenyListRef.ListId = ipListResp.IpListId
|
||||
} else if listType == ipconfigs.IPListTypeGrey {
|
||||
inbound.GreyListRef.ListId = ipListResp.IpListId
|
||||
}
|
||||
inboundJSON, err := json.Marshal(inbound)
|
||||
if err != nil {
|
||||
|
||||
Reference in New Issue
Block a user