增加IP灰名单，用于仅记录并观察IP

2026-02-19 07:05:37 +08:00 · 2024-05-05 18:58:40 +08:00
parent 6b56f539e5
commit 402e539999
7 changed files with 343 additions and 194 deletions
--- a/pkg/serverconfigs/firewallconfigs/consts.go
+++ b/pkg/serverconfigs/firewallconfigs/consts.go
@@ -2,7 +2,52 @@

 package firewallconfigs

-const (
-	GlobalListId      int64 = 2_000_000_000
-	DefaultEventLevel       = "critical"
+import (
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/ipconfigs"
+	"github.com/iwind/TeaGo/types"
 )
+
+const (
+	GlobalBlackListId int64 = 2_000_000_000
+	GlobalWhiteListId int64 = 2_000_000_001
+	GlobalGreyListId  int64 = 2_000_000_002
+
+	DefaultEventLevel = "critical"
+)
+
+func FindGlobalListIdWithType(listType ipconfigs.IPListType) int64 {
+	switch listType {
+	case ipconfigs.IPListTypeBlack:
+		return GlobalBlackListId
+	case ipconfigs.IPListTypeWhite:
+		return GlobalWhiteListId
+	case ipconfigs.IPListTypeGrey:
+		return GlobalGreyListId
+	}
+
+	return 0
+}
+
+func FindGlobalListNameWithType(listType ipconfigs.IPListType) string {
+	switch listType {
+	case ipconfigs.IPListTypeBlack:
+		return "全局黑名单"
+	case ipconfigs.IPListTypeWhite:
+		return "全局白名单"
+	case ipconfigs.IPListTypeGrey:
+		return "全局灰名单"
+	}
+	return "全局黑名单"
+}
+
+func IsGlobalListId(listId int64) bool {
+	return listId == GlobalBlackListId || listId == GlobalWhiteListId || listId == GlobalGreyListId
+}
+
+func FindGlobalListIds() []int64 {
+	return []int64{GlobalBlackListId, GlobalWhiteListId, GlobalGreyListId}
+}
+
+func FindGlobalListIdStrings() []string {
+	return []string{types.String(GlobalBlackListId), types.String(GlobalWhiteListId), types.String(GlobalGreyListId)}
+}
--- a/pkg/serverconfigs/firewallconfigs/http_firewall_inbound_config.go
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_inbound_config.go
@@ -21,9 +21,11 @@ type HTTPFirewallInboundConfig struct {
 	// 绑定的IP名单
 	PublicAllowListRefs []*ipconfigs.IPListRef `yaml:"publicWhiteListRefs" json:"publicWhiteListRefs"`
 	PublicDenyListRefs  []*ipconfigs.IPListRef `yaml:"publicBlackListRefs" json:"publicBlackListRefs"`
+	PublicGreyListRefs  []*ipconfigs.IPListRef `yaml:"publicGreyListRefs" json:"publicGreyListRefs"`

 	allAllowListRefs []*ipconfigs.IPListRef
 	allDenyListRefs  []*ipconfigs.IPListRef
+	allGreyListRefs  []*ipconfigs.IPListRef
 }

 // Init 初始化
@@ -58,6 +60,14 @@ func (this *HTTPFirewallInboundConfig) Init() error {
 		this.allDenyListRefs = append(this.allDenyListRefs, this.PublicDenyListRefs...)
 	}

+	this.allGreyListRefs = []*ipconfigs.IPListRef{}
+	if this.GreyListRef != nil {
+		this.allGreyListRefs = append(this.allGreyListRefs, this.GreyListRef)
+	}
+	if len(this.PublicGreyListRefs) > 0 {
+		this.allGreyListRefs = append(this.allGreyListRefs, this.PublicGreyListRefs...)
+	}
+
 	return nil
 }

@@ -99,6 +109,8 @@ func (this *HTTPFirewallInboundConfig) AddPublicList(listId int64, listType stri
 		refs = this.PublicDenyListRefs
 	case ipconfigs.IPListTypeWhite:
 		refs = this.PublicAllowListRefs
+	case ipconfigs.IPListTypeGrey:
+		refs = this.PublicGreyListRefs
 	}
 	var found = false
 	for _, ref := range refs {
@@ -119,6 +131,8 @@ func (this *HTTPFirewallInboundConfig) AddPublicList(listId int64, listType stri
 		this.PublicDenyListRefs = refs
 	case ipconfigs.IPListTypeWhite:
 		this.PublicAllowListRefs = refs
+	case ipconfigs.IPListTypeGrey:
+		this.PublicGreyListRefs = refs
 	}
 }

@@ -130,6 +144,8 @@ func (this *HTTPFirewallInboundConfig) RemovePublicList(listId int64, listType s
 		refs = this.PublicDenyListRefs
 	case ipconfigs.IPListTypeWhite:
 		refs = this.PublicAllowListRefs
+	case ipconfigs.IPListTypeGrey:
+		refs = this.PublicGreyListRefs
 	}
 	var newRefs = []*ipconfigs.IPListRef{}
 	for _, ref := range refs {
@@ -143,6 +159,8 @@ func (this *HTTPFirewallInboundConfig) RemovePublicList(listId int64, listType s
 		this.PublicDenyListRefs = newRefs
 	case ipconfigs.IPListTypeWhite:
 		this.PublicAllowListRefs = newRefs
+	case ipconfigs.IPListTypeGrey:
+		this.PublicGreyListRefs = newRefs
 	}
 }