TRKJ/EdgeCommon
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeCommon.git synced 2025-11-04 05:00:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

实现WAF策略部分功能

Browse Source
This commit is contained in:
GoEdgeLab
2020-10-06 21:02:21 +08:00
parent fdd6fc5f00
commit 608777480d
33 changed files with 3086 additions and 252 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
pkg/rpc/pb/model_http_firewall_policy.pb.go
View File

@@ -30,9 +30,12 @@ type HTTPFirewallPolicy struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
Id int64 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
IsOn bool `protobuf:"varint,3,opt,name=isOn,proto3" json:"isOn,omitempty"`
Id int64 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
IsOn bool `protobuf:"varint,3,opt,name=isOn,proto3" json:"isOn,omitempty"`
Description string `protobuf:"bytes,4,opt,name=description,proto3" json:"description,omitempty"`
InboundJSON []byte `protobuf:"bytes,5,opt,name=inboundJSON,proto3" json:"inboundJSON,omitempty"`
OutboundJSON []byte `protobuf:"bytes,6,opt,name=outboundJSON,proto3" json:"outboundJSON,omitempty"`
}
func (x *HTTPFirewallPolicy) Reset() {
@@ -88,18 +91,45 @@ func (x *HTTPFirewallPolicy) GetIsOn() bool {
return false
}
func (x *HTTPFirewallPolicy) GetDescription() string {
if x != nil {
return x.Description
}
return ""
}
func (x *HTTPFirewallPolicy) GetInboundJSON() []byte {
if x != nil {
return x.InboundJSON
}
return nil
}
func (x *HTTPFirewallPolicy) GetOutboundJSON() []byte {
if x != nil {
return x.OutboundJSON
}
return nil
}
var File_model_http_firewall_policy_proto protoreflect.FileDescriptor
var file_model_http_firewall_policy_proto_rawDesc = []byte{
0x0a, 0x20, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x5f, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x66, 0x69, 0x72,
0x65, 0x77, 0x61, 0x6c, 0x6c, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x70, 0x72, 0x6f,
0x74, 0x6f, 0x12, 0x02, 0x70, 0x62, 0x22, 0x4c, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69,
0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x0e, 0x0a, 0x02,
0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04,
0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65,
0x12, 0x12, 0x0a, 0x04, 0x69, 0x73, 0x4f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x04,
0x69, 0x73, 0x4f, 0x6e, 0x42, 0x06, 0x5a, 0x04, 0x2e, 0x2f, 0x70, 0x62, 0x62, 0x06, 0x70, 0x72,
0x6f, 0x74, 0x6f, 0x33,
0x74, 0x6f, 0x12, 0x02, 0x70, 0x62, 0x22, 0xb4, 0x01, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x46,
0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x0e, 0x0a,
0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x12, 0x12, 0x0a,
0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d,
0x65, 0x12, 0x12, 0x0a, 0x04, 0x69, 0x73, 0x4f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52,
0x04, 0x69, 0x73, 0x4f, 0x6e, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70,
0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63,
0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x20, 0x0a, 0x0b, 0x69, 0x6e, 0x62, 0x6f, 0x75,
0x6e, 0x64, 0x4a, 0x53, 0x4f, 0x4e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0b, 0x69, 0x6e,
0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4a, 0x53, 0x4f, 0x4e, 0x12, 0x22, 0x0a, 0x0c, 0x6f, 0x75, 0x74,
0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4a, 0x53, 0x4f, 0x4e, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0c, 0x52,
0x0c, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4a, 0x53, 0x4f, 0x4e, 0x42, 0x06, 0x5a,
0x04, 0x2e, 0x2f, 0x70, 0x62, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
}
var (

1254
pkg/rpc/pb/service_http_firewall_policy.pb.go
View File

File diff suppressed because it is too large Load Diff

557
pkg/rpc/pb/service_server.pb.go
View File

@@ -1872,6 +1872,101 @@ func (x *FindAllEnabledServersWithCachePolicyIdResponse) GetServers() []*Server
return nil
}
// 计算使用某个WAF策略的服务数量
type CountAllEnabledServersWithHTTPFirewallPolicyIdRequest struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
FirewallPolicyId int64 `protobuf:"varint,1,opt,name=firewallPolicyId,proto3" json:"firewallPolicyId,omitempty"`
}
func (x *CountAllEnabledServersWithHTTPFirewallPolicyIdRequest) Reset() {
*x = CountAllEnabledServersWithHTTPFirewallPolicyIdRequest{}
if protoimpl.UnsafeEnabled {
mi := &file_service_server_proto_msgTypes[34]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
}
func (x *CountAllEnabledServersWithHTTPFirewallPolicyIdRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*CountAllEnabledServersWithHTTPFirewallPolicyIdRequest) ProtoMessage() {}
func (x *CountAllEnabledServersWithHTTPFirewallPolicyIdRequest) ProtoReflect() protoreflect.Message {
mi := &file_service_server_proto_msgTypes[34]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use CountAllEnabledServersWithHTTPFirewallPolicyIdRequest.ProtoReflect.Descriptor instead.
func (*CountAllEnabledServersWithHTTPFirewallPolicyIdRequest) Descriptor() ([]byte, []int) {
return file_service_server_proto_rawDescGZIP(), []int{34}
}
func (x *CountAllEnabledServersWithHTTPFirewallPolicyIdRequest) GetFirewallPolicyId() int64 {
if x != nil {
return x.FirewallPolicyId
}
return 0
}
type CountAllEnabledServersWithHTTPFirewallPolicyIdResponse struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
Count int64 `protobuf:"varint,1,opt,name=count,proto3" json:"count,omitempty"`
}
func (x *CountAllEnabledServersWithHTTPFirewallPolicyIdResponse) Reset() {
*x = CountAllEnabledServersWithHTTPFirewallPolicyIdResponse{}
if protoimpl.UnsafeEnabled {
mi := &file_service_server_proto_msgTypes[35]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
}
func (x *CountAllEnabledServersWithHTTPFirewallPolicyIdResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*CountAllEnabledServersWithHTTPFirewallPolicyIdResponse) ProtoMessage() {}
func (x *CountAllEnabledServersWithHTTPFirewallPolicyIdResponse) ProtoReflect() protoreflect.Message {
mi := &file_service_server_proto_msgTypes[35]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use CountAllEnabledServersWithHTTPFirewallPolicyIdResponse.ProtoReflect.Descriptor instead.
func (*CountAllEnabledServersWithHTTPFirewallPolicyIdResponse) Descriptor() ([]byte, []int) {
return file_service_server_proto_rawDescGZIP(), []int{35}
}
func (x *CountAllEnabledServersWithHTTPFirewallPolicyIdResponse) GetCount() int64 {
if x != nil {
return x.Count
}
return 0
}
var File_service_server_proto protoreflect.FileDescriptor
var file_service_server_proto_rawDesc = []byte{
@@ -2066,136 +2161,158 @@ var file_service_server_proto_rawDesc = []byte{
0x68, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
0x73, 0x65, 0x12, 0x24, 0x0a, 0x07, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20,
0x03, 0x28, 0x0b, 0x32, 0x0a, 0x2e, 0x70, 0x62, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52,
0x07, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x32, 0xfe, 0x0f, 0x0a, 0x0d, 0x53, 0x65, 0x72,
0x76, 0x65, 0x72, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x41, 0x0a, 0x0c, 0x63, 0x72,
0x65, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x17, 0x2e, 0x70, 0x62, 0x2e,
0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75,
0x65, 0x73, 0x74, 0x1a, 0x18, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x53,
0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x47, 0x0a,
0x11, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x42, 0x61, 0x73,
0x69, 0x63, 0x12, 0x1c, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65,
0x72, 0x76, 0x65, 0x72, 0x42, 0x61, 0x73, 0x69, 0x63, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53,
0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x45, 0x0a, 0x10, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65,
0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x48, 0x54, 0x54, 0x50, 0x12, 0x1b, 0x2e, 0x70, 0x62, 0x2e,
0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x48, 0x54, 0x54, 0x50,
0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43,
0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x47, 0x0a,
0x11, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x48, 0x54, 0x54,
0x50, 0x53, 0x12, 0x1c, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65,
0x72, 0x76, 0x65, 0x72, 0x48, 0x54, 0x54, 0x50, 0x53, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53,
0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x43, 0x0a, 0x0f, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65,
0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x43, 0x50, 0x12, 0x1a, 0x2e, 0x70, 0x62, 0x2e, 0x55,
0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x43, 0x50, 0x52, 0x65,
0x07, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x22, 0x63, 0x0a, 0x35, 0x43, 0x6f, 0x75, 0x6e,
0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65,
0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61,
0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
0x74, 0x12, 0x2a, 0x0a, 0x10, 0x66, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c,
0x69, 0x63, 0x79, 0x49, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x10, 0x66, 0x69, 0x72,
0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x22, 0x4e, 0x0a,
0x36, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64,
0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x48, 0x54, 0x54, 0x50, 0x46,
0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x52,
0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74,
0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x32, 0xa8, 0x11,
0x0a, 0x0d, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12,
0x41, 0x0a, 0x0c, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12,
0x17, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65,
0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x18, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x72,
0x65, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
0x73, 0x65, 0x12, 0x47, 0x0a, 0x11, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76,
0x65, 0x72, 0x42, 0x61, 0x73, 0x69, 0x63, 0x12, 0x1c, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64,
0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x42, 0x61, 0x73, 0x69, 0x63, 0x52, 0x65,
0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x55, 0x70,
0x64, 0x61, 0x74, 0x65, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x45, 0x0a, 0x10, 0x75,
0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x48, 0x54, 0x54, 0x50, 0x12,
0x1b, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65,
0x72, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70,
0x62, 0x2e, 0x52, 0x50, 0x43, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x75, 0x63, 0x63, 0x65,
0x73, 0x73, 0x12, 0x47, 0x0a, 0x11, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76,
0x65, 0x72, 0x48, 0x54, 0x54, 0x50, 0x53, 0x12, 0x1c, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64,
0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x48, 0x54, 0x54, 0x50, 0x53, 0x52, 0x65,
0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x55, 0x70,
0x64, 0x61, 0x74, 0x65, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x43, 0x0a, 0x0f, 0x75,
0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x4c, 0x53, 0x12, 0x1a,
0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x43, 0x50, 0x12, 0x1a,
0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72,
0x54, 0x4c, 0x53, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e,
0x54, 0x43, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e,
0x52, 0x50, 0x43, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73,
0x12, 0x45, 0x0a, 0x10, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72,
0x55, 0x6e, 0x69, 0x78, 0x12, 0x1b, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65,
0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x55, 0x6e, 0x69, 0x78, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65,
0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x43, 0x0a, 0x0f, 0x75, 0x70, 0x64, 0x61, 0x74,
0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x55, 0x44, 0x50, 0x12, 0x1a, 0x2e, 0x70, 0x62, 0x2e,
0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x55, 0x44, 0x50, 0x52,
0x12, 0x43, 0x0a, 0x0f, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72,
0x54, 0x4c, 0x53, 0x12, 0x1a, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53,
0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x4c, 0x53, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x75,
0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x45, 0x0a, 0x10, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53,
0x65, 0x72, 0x76, 0x65, 0x72, 0x55, 0x6e, 0x69, 0x78, 0x12, 0x1b, 0x2e, 0x70, 0x62, 0x2e, 0x55,
0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x55, 0x6e, 0x69, 0x78, 0x52,
0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x55,
0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x43, 0x0a, 0x0f,
0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x57, 0x65, 0x62, 0x12,
0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x55, 0x44, 0x50, 0x12,
0x1a, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65,
0x72, 0x57, 0x65, 0x62, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62,
0x72, 0x55, 0x44, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62,
0x2e, 0x52, 0x50, 0x43, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73,
0x73, 0x12, 0x55, 0x0a, 0x18, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65,
0x72, 0x52, 0x65, 0x76, 0x65, 0x72, 0x73, 0x65, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x12, 0x23, 0x2e,
0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52,
0x65, 0x76, 0x65, 0x72, 0x73, 0x65, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65,
0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x55, 0x70, 0x64, 0x61, 0x74,
0x65, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x47, 0x0a, 0x11, 0x75, 0x70, 0x64, 0x61,
0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x1c, 0x2e,
0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e,
0x61, 0x6d, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62,
0x2e, 0x52, 0x50, 0x43, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73,
0x73, 0x12, 0x5f, 0x0a, 0x16, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61,
0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x12, 0x21, 0x2e, 0x70, 0x62,
0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64,
0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x22,
0x2e, 0x70, 0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62,
0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
0x73, 0x65, 0x12, 0x53, 0x0a, 0x12, 0x6c, 0x69, 0x73, 0x74, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65,
0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x12, 0x1d, 0x2e, 0x70, 0x62, 0x2e, 0x4c, 0x69,
0x73, 0x74, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73,
0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1e, 0x2e, 0x70, 0x62, 0x2e, 0x4c, 0x69, 0x73,
0x74, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x52,
0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x44, 0x0a, 0x0d, 0x64, 0x69, 0x73, 0x61, 0x62,
0x6c, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x18, 0x2e, 0x70, 0x62, 0x2e, 0x44, 0x69,
0x73, 0x61, 0x62, 0x6c, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65,
0x73, 0x74, 0x1a, 0x19, 0x2e, 0x70, 0x62, 0x2e, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x53,
0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x50, 0x0a,
0x11, 0x66, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76,
0x65, 0x72, 0x12, 0x1c, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62,
0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
0x1a, 0x1d, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65,
0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12,
0x5c, 0x0a, 0x15, 0x66, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65,
0x72, 0x76, 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x12, 0x20, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69,
0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54,
0x79, 0x70, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x21, 0x2e, 0x70, 0x62, 0x2e,
0x46, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65,
0x72, 0x54, 0x79, 0x70, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x86, 0x01,
0x0a, 0x23, 0x66, 0x69, 0x6e, 0x64, 0x41, 0x6e, 0x64, 0x49, 0x6e, 0x69, 0x74, 0x53, 0x65, 0x72,
0x76, 0x65, 0x72, 0x52, 0x65, 0x76, 0x65, 0x72, 0x73, 0x65, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43,
0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x2e, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x41,
0x6e, 0x64, 0x49, 0x6e, 0x69, 0x74, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x76, 0x65,
0x72, 0x73, 0x65, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65,
0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2f, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x41,
0x6e, 0x64, 0x49, 0x6e, 0x69, 0x74, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x76, 0x65,
0x72, 0x73, 0x65, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65,
0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x6b, 0x0a, 0x1a, 0x66, 0x69, 0x6e, 0x64, 0x41, 0x6e,
0x64, 0x49, 0x6e, 0x69, 0x74, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x57, 0x65, 0x62, 0x43, 0x6f,
0x6e, 0x66, 0x69, 0x67, 0x12, 0x25, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x41, 0x6e,
0x64, 0x49, 0x6e, 0x69, 0x74, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x57, 0x65, 0x62, 0x43, 0x6f,
0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x26, 0x2e, 0x70, 0x62,
0x2e, 0x46, 0x69, 0x6e, 0x64, 0x41, 0x6e, 0x64, 0x49, 0x6e, 0x69, 0x74, 0x53, 0x65, 0x72, 0x76,
0x65, 0x72, 0x57, 0x65, 0x62, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f,
0x6e, 0x73, 0x65, 0x12, 0x86, 0x01, 0x0a, 0x23, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c,
0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69,
0x74, 0x68, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x49, 0x64, 0x12, 0x2e, 0x2e, 0x70, 0x62,
0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64,
0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x53, 0x53, 0x4c, 0x43, 0x65,
0x72, 0x74, 0x49, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2f, 0x2e, 0x70, 0x62,
0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64,
0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x53, 0x53, 0x4c, 0x43, 0x65,
0x72, 0x74, 0x49, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x83, 0x01, 0x0a,
0x22, 0x66, 0x69, 0x6e, 0x64, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53,
0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72,
0x74, 0x49, 0x64, 0x12, 0x2d, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x41, 0x6c, 0x6c,
0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69,
0x74, 0x68, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x49, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65,
0x73, 0x74, 0x1a, 0x2e, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x41, 0x6c, 0x6c, 0x45,
0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74,
0x68, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x49, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
0x73, 0x65, 0x12, 0x92, 0x01, 0x0a, 0x27, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45,
0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74,
0x68, 0x43, 0x61, 0x63, 0x68, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x12, 0x32,
0x2e, 0x70, 0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62,
0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x43, 0x61,
0x63, 0x68, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65,
0x73, 0x74, 0x1a, 0x33, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c,
0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69,
0x74, 0x68, 0x43, 0x61, 0x63, 0x68, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x52,
0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x8f, 0x01, 0x0a, 0x26, 0x66, 0x69, 0x6e, 0x64,
0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72,
0x73, 0x57, 0x69, 0x74, 0x68, 0x43, 0x61, 0x63, 0x68, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79,
0x49, 0x64, 0x12, 0x31, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x41, 0x6c, 0x6c, 0x45,
0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74,
0x68, 0x43, 0x61, 0x63, 0x68, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x52, 0x65,
0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x32, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x41,
0x73, 0x12, 0x43, 0x0a, 0x0f, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65,
0x72, 0x57, 0x65, 0x62, 0x12, 0x1a, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65,
0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x57, 0x65, 0x62, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53,
0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x55, 0x0a, 0x18, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65,
0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x76, 0x65, 0x72, 0x73, 0x65, 0x50, 0x72, 0x6f,
0x78, 0x79, 0x12, 0x23, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65,
0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x76, 0x65, 0x72, 0x73, 0x65, 0x50, 0x72, 0x6f, 0x78, 0x79,
0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43,
0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x47, 0x0a,
0x11, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d,
0x65, 0x73, 0x12, 0x1c, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65,
0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53,
0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x5f, 0x0a, 0x16, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x41,
0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73,
0x57, 0x69, 0x74, 0x68, 0x43, 0x61, 0x63, 0x68, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49,
0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x06, 0x5a, 0x04, 0x2e, 0x2f, 0x70,
0x62, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
0x12, 0x21, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e,
0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x52, 0x65, 0x71, 0x75,
0x65, 0x73, 0x74, 0x1a, 0x22, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c,
0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x52,
0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x53, 0x0a, 0x12, 0x6c, 0x69, 0x73, 0x74, 0x45,
0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x12, 0x1d, 0x2e,
0x70, 0x62, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65,
0x72, 0x76, 0x65, 0x72, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1e, 0x2e, 0x70,
0x62, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72,
0x76, 0x65, 0x72, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x44, 0x0a, 0x0d,
0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x18, 0x2e,
0x70, 0x62, 0x2e, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72,
0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x70, 0x62, 0x2e, 0x44, 0x69, 0x73,
0x61, 0x62, 0x6c, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
0x73, 0x65, 0x12, 0x50, 0x0a, 0x11, 0x66, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65,
0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x1c, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e,
0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65,
0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1d, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x45,
0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70,
0x6f, 0x6e, 0x73, 0x65, 0x12, 0x5c, 0x0a, 0x15, 0x66, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62,
0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x12, 0x20, 0x2e,
0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65,
0x72, 0x76, 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
0x21, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64,
0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
0x73, 0x65, 0x12, 0x86, 0x01, 0x0a, 0x23, 0x66, 0x69, 0x6e, 0x64, 0x41, 0x6e, 0x64, 0x49, 0x6e,
0x69, 0x74, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x76, 0x65, 0x72, 0x73, 0x65, 0x50,
0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x2e, 0x2e, 0x70, 0x62, 0x2e,
0x46, 0x69, 0x6e, 0x64, 0x41, 0x6e, 0x64, 0x49, 0x6e, 0x69, 0x74, 0x53, 0x65, 0x72, 0x76, 0x65,
0x72, 0x52, 0x65, 0x76, 0x65, 0x72, 0x73, 0x65, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e,
0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2f, 0x2e, 0x70, 0x62, 0x2e,
0x46, 0x69, 0x6e, 0x64, 0x41, 0x6e, 0x64, 0x49, 0x6e, 0x69, 0x74, 0x53, 0x65, 0x72, 0x76, 0x65,
0x72, 0x52, 0x65, 0x76, 0x65, 0x72, 0x73, 0x65, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e,
0x66, 0x69, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x6b, 0x0a, 0x1a, 0x66,
0x69, 0x6e, 0x64, 0x41, 0x6e, 0x64, 0x49, 0x6e, 0x69, 0x74, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72,
0x57, 0x65, 0x62, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x25, 0x2e, 0x70, 0x62, 0x2e, 0x46,
0x69, 0x6e, 0x64, 0x41, 0x6e, 0x64, 0x49, 0x6e, 0x69, 0x74, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72,
0x57, 0x65, 0x62, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
0x1a, 0x26, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x41, 0x6e, 0x64, 0x49, 0x6e, 0x69,
0x74, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x57, 0x65, 0x62, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x86, 0x01, 0x0a, 0x23, 0x63, 0x6f, 0x75,
0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76,
0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x49, 0x64,
0x12, 0x2e, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e,
0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68,
0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x49, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
0x1a, 0x2f, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e,
0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68,
0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x49, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
0x65, 0x12, 0x83, 0x01, 0x0a, 0x22, 0x66, 0x69, 0x6e, 0x64, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61,
0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x53,
0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x49, 0x64, 0x12, 0x2d, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69,
0x6e, 0x64, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76,
0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x49, 0x64,
0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2e, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e,
0x64, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65,
0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x49, 0x64, 0x52,
0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x92, 0x01, 0x0a, 0x27, 0x63, 0x6f, 0x75, 0x6e,
0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65,
0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x43, 0x61, 0x63, 0x68, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63,
0x79, 0x49, 0x64, 0x12, 0x32, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c,
0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57,
0x69, 0x74, 0x68, 0x43, 0x61, 0x63, 0x68, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64,
0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x33, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x6f, 0x75,
0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76,
0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x43, 0x61, 0x63, 0x68, 0x65, 0x50, 0x6f, 0x6c, 0x69,
0x63, 0x79, 0x49, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x8f, 0x01, 0x0a,
0x26, 0x66, 0x69, 0x6e, 0x64, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53,
0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x43, 0x61, 0x63, 0x68, 0x65, 0x50,
0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x12, 0x31, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e,
0x64, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65,
0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x43, 0x61, 0x63, 0x68, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63,
0x79, 0x49, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x32, 0x2e, 0x70, 0x62, 0x2e,
0x46, 0x69, 0x6e, 0x64, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65,
0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x43, 0x61, 0x63, 0x68, 0x65, 0x50, 0x6f,
0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0xa7,
0x01, 0x0a, 0x2e, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c,
0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x48, 0x54, 0x54,
0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49,
0x64, 0x12, 0x39, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45,
0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74,
0x68, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c,
0x69, 0x63, 0x79, 0x49, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3a, 0x2e, 0x70,
0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65,
0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x48, 0x54, 0x54, 0x50,
0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64,
0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x06, 0x5a, 0x04, 0x2e, 0x2f, 0x70, 0x62,
0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
}
var (
@@ -2210,50 +2327,52 @@ func file_service_server_proto_rawDescGZIP() []byte {
return file_service_server_proto_rawDescData
}
var file_service_server_proto_msgTypes = make([]protoimpl.MessageInfo, 34)
var file_service_server_proto_msgTypes = make([]protoimpl.MessageInfo, 36)
var file_service_server_proto_goTypes = []interface{}{
(*CreateServerRequest)(nil), // 0: pb.CreateServerRequest
(*CreateServerResponse)(nil), // 1: pb.CreateServerResponse
(*UpdateServerBasicRequest)(nil), // 2: pb.UpdateServerBasicRequest
(*UpdateServerHTTPRequest)(nil), // 3: pb.UpdateServerHTTPRequest
(*UpdateServerHTTPSRequest)(nil), // 4: pb.UpdateServerHTTPSRequest
(*UpdateServerTCPRequest)(nil), // 5: pb.UpdateServerTCPRequest
(*UpdateServerTLSRequest)(nil), // 6: pb.UpdateServerTLSRequest
(*UpdateServerUnixRequest)(nil), // 7: pb.UpdateServerUnixRequest
(*UpdateServerUDPRequest)(nil), // 8: pb.UpdateServerUDPRequest
(*UpdateServerWebRequest)(nil), // 9: pb.UpdateServerWebRequest
(*UpdateServerReverseProxyRequest)(nil), // 10: pb.UpdateServerReverseProxyRequest
(*UpdateServerNamesRequest)(nil), // 11: pb.UpdateServerNamesRequest
(*CountAllEnabledServersRequest)(nil), // 12: pb.CountAllEnabledServersRequest
(*CountAllEnabledServersResponse)(nil), // 13: pb.CountAllEnabledServersResponse
(*ListEnabledServersRequest)(nil), // 14: pb.ListEnabledServersRequest
(*ListEnabledServersResponse)(nil), // 15: pb.ListEnabledServersResponse
(*DisableServerRequest)(nil), // 16: pb.DisableServerRequest
(*DisableServerResponse)(nil), // 17: pb.DisableServerResponse
(*FindEnabledServerRequest)(nil), // 18: pb.FindEnabledServerRequest
(*FindEnabledServerResponse)(nil), // 19: pb.FindEnabledServerResponse
(*FindEnabledServerTypeRequest)(nil), // 20: pb.FindEnabledServerTypeRequest
(*FindEnabledServerTypeResponse)(nil), // 21: pb.FindEnabledServerTypeResponse
(*FindAndInitServerReverseProxyConfigRequest)(nil), // 22: pb.FindAndInitServerReverseProxyConfigRequest
(*FindAndInitServerReverseProxyConfigResponse)(nil), // 23: pb.FindAndInitServerReverseProxyConfigResponse
(*FindAndInitServerWebConfigRequest)(nil), // 24: pb.FindAndInitServerWebConfigRequest
(*FindAndInitServerWebConfigResponse)(nil), // 25: pb.FindAndInitServerWebConfigResponse
(*CountAllEnabledServersWithSSLCertIdRequest)(nil), // 26: pb.CountAllEnabledServersWithSSLCertIdRequest
(*CountAllEnabledServersWithSSLCertIdResponse)(nil), // 27: pb.CountAllEnabledServersWithSSLCertIdResponse
(*FindAllEnabledServersWithSSLCertIdRequest)(nil), // 28: pb.FindAllEnabledServersWithSSLCertIdRequest
(*FindAllEnabledServersWithSSLCertIdResponse)(nil), // 29: pb.FindAllEnabledServersWithSSLCertIdResponse
(*CountAllEnabledServersWithCachePolicyIdRequest)(nil), // 30: pb.CountAllEnabledServersWithCachePolicyIdRequest
(*CountAllEnabledServersWithCachePolicyIdResponse)(nil), // 31: pb.CountAllEnabledServersWithCachePolicyIdResponse
(*FindAllEnabledServersWithCachePolicyIdRequest)(nil), // 32: pb.FindAllEnabledServersWithCachePolicyIdRequest
(*FindAllEnabledServersWithCachePolicyIdResponse)(nil), // 33: pb.FindAllEnabledServersWithCachePolicyIdResponse
(*Server)(nil), // 34: pb.Server
(*RPCUpdateSuccess)(nil), // 35: pb.RPCUpdateSuccess
(*CreateServerRequest)(nil), // 0: pb.CreateServerRequest
(*CreateServerResponse)(nil), // 1: pb.CreateServerResponse
(*UpdateServerBasicRequest)(nil), // 2: pb.UpdateServerBasicRequest
(*UpdateServerHTTPRequest)(nil), // 3: pb.UpdateServerHTTPRequest
(*UpdateServerHTTPSRequest)(nil), // 4: pb.UpdateServerHTTPSRequest
(*UpdateServerTCPRequest)(nil), // 5: pb.UpdateServerTCPRequest
(*UpdateServerTLSRequest)(nil), // 6: pb.UpdateServerTLSRequest
(*UpdateServerUnixRequest)(nil), // 7: pb.UpdateServerUnixRequest
(*UpdateServerUDPRequest)(nil), // 8: pb.UpdateServerUDPRequest
(*UpdateServerWebRequest)(nil), // 9: pb.UpdateServerWebRequest
(*UpdateServerReverseProxyRequest)(nil), // 10: pb.UpdateServerReverseProxyRequest
(*UpdateServerNamesRequest)(nil), // 11: pb.UpdateServerNamesRequest
(*CountAllEnabledServersRequest)(nil), // 12: pb.CountAllEnabledServersRequest
(*CountAllEnabledServersResponse)(nil), // 13: pb.CountAllEnabledServersResponse
(*ListEnabledServersRequest)(nil), // 14: pb.ListEnabledServersRequest
(*ListEnabledServersResponse)(nil), // 15: pb.ListEnabledServersResponse
(*DisableServerRequest)(nil), // 16: pb.DisableServerRequest
(*DisableServerResponse)(nil), // 17: pb.DisableServerResponse
(*FindEnabledServerRequest)(nil), // 18: pb.FindEnabledServerRequest
(*FindEnabledServerResponse)(nil), // 19: pb.FindEnabledServerResponse
(*FindEnabledServerTypeRequest)(nil), // 20: pb.FindEnabledServerTypeRequest
(*FindEnabledServerTypeResponse)(nil), // 21: pb.FindEnabledServerTypeResponse
(*FindAndInitServerReverseProxyConfigRequest)(nil), // 22: pb.FindAndInitServerReverseProxyConfigRequest
(*FindAndInitServerReverseProxyConfigResponse)(nil), // 23: pb.FindAndInitServerReverseProxyConfigResponse
(*FindAndInitServerWebConfigRequest)(nil), // 24: pb.FindAndInitServerWebConfigRequest
(*FindAndInitServerWebConfigResponse)(nil), // 25: pb.FindAndInitServerWebConfigResponse
(*CountAllEnabledServersWithSSLCertIdRequest)(nil), // 26: pb.CountAllEnabledServersWithSSLCertIdRequest
(*CountAllEnabledServersWithSSLCertIdResponse)(nil), // 27: pb.CountAllEnabledServersWithSSLCertIdResponse
(*FindAllEnabledServersWithSSLCertIdRequest)(nil), // 28: pb.FindAllEnabledServersWithSSLCertIdRequest
(*FindAllEnabledServersWithSSLCertIdResponse)(nil), // 29: pb.FindAllEnabledServersWithSSLCertIdResponse
(*CountAllEnabledServersWithCachePolicyIdRequest)(nil), // 30: pb.CountAllEnabledServersWithCachePolicyIdRequest
(*CountAllEnabledServersWithCachePolicyIdResponse)(nil), // 31: pb.CountAllEnabledServersWithCachePolicyIdResponse
(*FindAllEnabledServersWithCachePolicyIdRequest)(nil), // 32: pb.FindAllEnabledServersWithCachePolicyIdRequest
(*FindAllEnabledServersWithCachePolicyIdResponse)(nil), // 33: pb.FindAllEnabledServersWithCachePolicyIdResponse
(*CountAllEnabledServersWithHTTPFirewallPolicyIdRequest)(nil), // 34: pb.CountAllEnabledServersWithHTTPFirewallPolicyIdRequest
(*CountAllEnabledServersWithHTTPFirewallPolicyIdResponse)(nil), // 35: pb.CountAllEnabledServersWithHTTPFirewallPolicyIdResponse
(*Server)(nil), // 36: pb.Server
(*RPCUpdateSuccess)(nil), // 37: pb.RPCUpdateSuccess
}
var file_service_server_proto_depIdxs = []int32{
34, // 0: pb.ListEnabledServersResponse.servers:type_name -> pb.Server
34, // 1: pb.FindEnabledServerResponse.server:type_name -> pb.Server
34, // 2: pb.FindAllEnabledServersWithSSLCertIdResponse.servers:type_name -> pb.Server
34, // 3: pb.FindAllEnabledServersWithCachePolicyIdResponse.servers:type_name -> pb.Server
36, // 0: pb.ListEnabledServersResponse.servers:type_name -> pb.Server
36, // 1: pb.FindEnabledServerResponse.server:type_name -> pb.Server
36, // 2: pb.FindAllEnabledServersWithSSLCertIdResponse.servers:type_name -> pb.Server
36, // 3: pb.FindAllEnabledServersWithCachePolicyIdResponse.servers:type_name -> pb.Server
0, // 4: pb.ServerService.createServer:input_type -> pb.CreateServerRequest
2, // 5: pb.ServerService.updateServerBasic:input_type -> pb.UpdateServerBasicRequest
3, // 6: pb.ServerService.updateServerHTTP:input_type -> pb.UpdateServerHTTPRequest
@@ -2276,30 +2395,32 @@ var file_service_server_proto_depIdxs = []int32{
28, // 23: pb.ServerService.findAllEnabledServersWithSSLCertId:input_type -> pb.FindAllEnabledServersWithSSLCertIdRequest
30, // 24: pb.ServerService.countAllEnabledServersWithCachePolicyId:input_type -> pb.CountAllEnabledServersWithCachePolicyIdRequest
32, // 25: pb.ServerService.findAllEnabledServersWithCachePolicyId:input_type -> pb.FindAllEnabledServersWithCachePolicyIdRequest
1, // 26: pb.ServerService.createServer:output_type -> pb.CreateServerResponse
35, // 27: pb.ServerService.updateServerBasic:output_type -> pb.RPCUpdateSuccess
35, // 28: pb.ServerService.updateServerHTTP:output_type -> pb.RPCUpdateSuccess
35, // 29: pb.ServerService.updateServerHTTPS:output_type -> pb.RPCUpdateSuccess
35, // 30: pb.ServerService.updateServerTCP:output_type -> pb.RPCUpdateSuccess
35, // 31: pb.ServerService.updateServerTLS:output_type -> pb.RPCUpdateSuccess
35, // 32: pb.ServerService.updateServerUnix:output_type -> pb.RPCUpdateSuccess
35, // 33: pb.ServerService.updateServerUDP:output_type -> pb.RPCUpdateSuccess
35, // 34: pb.ServerService.updateServerWeb:output_type -> pb.RPCUpdateSuccess
35, // 35: pb.ServerService.updateServerReverseProxy:output_type -> pb.RPCUpdateSuccess
35, // 36: pb.ServerService.updateServerNames:output_type -> pb.RPCUpdateSuccess
13, // 37: pb.ServerService.countAllEnabledServers:output_type -> pb.CountAllEnabledServersResponse
15, // 38: pb.ServerService.listEnabledServers:output_type -> pb.ListEnabledServersResponse
17, // 39: pb.ServerService.disableServer:output_type -> pb.DisableServerResponse
19, // 40: pb.ServerService.findEnabledServer:output_type -> pb.FindEnabledServerResponse
21, // 41: pb.ServerService.findEnabledServerType:output_type -> pb.FindEnabledServerTypeResponse
23, // 42: pb.ServerService.findAndInitServerReverseProxyConfig:output_type -> pb.FindAndInitServerReverseProxyConfigResponse
25, // 43: pb.ServerService.findAndInitServerWebConfig:output_type -> pb.FindAndInitServerWebConfigResponse
27, // 44: pb.ServerService.countAllEnabledServersWithSSLCertId:output_type -> pb.CountAllEnabledServersWithSSLCertIdResponse
29, // 45: pb.ServerService.findAllEnabledServersWithSSLCertId:output_type -> pb.FindAllEnabledServersWithSSLCertIdResponse
31, // 46: pb.ServerService.countAllEnabledServersWithCachePolicyId:output_type -> pb.CountAllEnabledServersWithCachePolicyIdResponse
33, // 47: pb.ServerService.findAllEnabledServersWithCachePolicyId:output_type -> pb.FindAllEnabledServersWithCachePolicyIdResponse
26, // [26:48] is the sub-list for method output_type
4, // [4:26] is the sub-list for method input_type
34, // 26: pb.ServerService.countAllEnabledServersWithHTTPFirewallPolicyId:input_type -> pb.CountAllEnabledServersWithHTTPFirewallPolicyIdRequest
1, // 27: pb.ServerService.createServer:output_type -> pb.CreateServerResponse
37, // 28: pb.ServerService.updateServerBasic:output_type -> pb.RPCUpdateSuccess
37, // 29: pb.ServerService.updateServerHTTP:output_type -> pb.RPCUpdateSuccess
37, // 30: pb.ServerService.updateServerHTTPS:output_type -> pb.RPCUpdateSuccess
37, // 31: pb.ServerService.updateServerTCP:output_type -> pb.RPCUpdateSuccess
37, // 32: pb.ServerService.updateServerTLS:output_type -> pb.RPCUpdateSuccess
37, // 33: pb.ServerService.updateServerUnix:output_type -> pb.RPCUpdateSuccess
37, // 34: pb.ServerService.updateServerUDP:output_type -> pb.RPCUpdateSuccess
37, // 35: pb.ServerService.updateServerWeb:output_type -> pb.RPCUpdateSuccess
37, // 36: pb.ServerService.updateServerReverseProxy:output_type -> pb.RPCUpdateSuccess
37, // 37: pb.ServerService.updateServerNames:output_type -> pb.RPCUpdateSuccess
13, // 38: pb.ServerService.countAllEnabledServers:output_type -> pb.CountAllEnabledServersResponse
15, // 39: pb.ServerService.listEnabledServers:output_type -> pb.ListEnabledServersResponse
17, // 40: pb.ServerService.disableServer:output_type -> pb.DisableServerResponse
19, // 41: pb.ServerService.findEnabledServer:output_type -> pb.FindEnabledServerResponse
21, // 42: pb.ServerService.findEnabledServerType:output_type -> pb.FindEnabledServerTypeResponse
23, // 43: pb.ServerService.findAndInitServerReverseProxyConfig:output_type -> pb.FindAndInitServerReverseProxyConfigResponse
25, // 44: pb.ServerService.findAndInitServerWebConfig:output_type -> pb.FindAndInitServerWebConfigResponse
27, // 45: pb.ServerService.countAllEnabledServersWithSSLCertId:output_type -> pb.CountAllEnabledServersWithSSLCertIdResponse
29, // 46: pb.ServerService.findAllEnabledServersWithSSLCertId:output_type -> pb.FindAllEnabledServersWithSSLCertIdResponse
31, // 47: pb.ServerService.countAllEnabledServersWithCachePolicyId:output_type -> pb.CountAllEnabledServersWithCachePolicyIdResponse
33, // 48: pb.ServerService.findAllEnabledServersWithCachePolicyId:output_type -> pb.FindAllEnabledServersWithCachePolicyIdResponse
35, // 49: pb.ServerService.countAllEnabledServersWithHTTPFirewallPolicyId:output_type -> pb.CountAllEnabledServersWithHTTPFirewallPolicyIdResponse
27, // [27:50] is the sub-list for method output_type
4, // [4:27] is the sub-list for method input_type
4, // [4:4] is the sub-list for extension type_name
4, // [4:4] is the sub-list for extension extendee
0, // [0:4] is the sub-list for field type_name
@@ -2721,6 +2842,30 @@ func file_service_server_proto_init() {
return nil
}
}
file_service_server_proto_msgTypes[34].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*CountAllEnabledServersWithHTTPFirewallPolicyIdRequest); i {
case 0:
return &v.state
case 1:
return &v.sizeCache
case 2:
return &v.unknownFields
default:
return nil
}
}
file_service_server_proto_msgTypes[35].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*CountAllEnabledServersWithHTTPFirewallPolicyIdResponse); i {
case 0:
return &v.state
case 1:
return &v.sizeCache
case 2:
return &v.unknownFields
default:
return nil
}
}
}
type x struct{}
out := protoimpl.TypeBuilder{
@@ -2728,7 +2873,7 @@ func file_service_server_proto_init() {
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
RawDescriptor: file_service_server_proto_rawDesc,
NumEnums: 0,
NumMessages: 34,
NumMessages: 36,
NumExtensions: 0,
NumServices: 1,
},
@@ -2798,6 +2943,8 @@ type ServerServiceClient interface {
CountAllEnabledServersWithCachePolicyId(ctx context.Context, in *CountAllEnabledServersWithCachePolicyIdRequest, opts ...grpc.CallOption) (*CountAllEnabledServersWithCachePolicyIdResponse, error)
// 查找使用某个缓存策略的所有服务
FindAllEnabledServersWithCachePolicyId(ctx context.Context, in *FindAllEnabledServersWithCachePolicyIdRequest, opts ...grpc.CallOption) (*FindAllEnabledServersWithCachePolicyIdResponse, error)
// 计算使用某个WAF策略的服务数量
CountAllEnabledServersWithHTTPFirewallPolicyId(ctx context.Context, in *CountAllEnabledServersWithHTTPFirewallPolicyIdRequest, opts ...grpc.CallOption) (*CountAllEnabledServersWithHTTPFirewallPolicyIdResponse, error)
}
type serverServiceClient struct {
@@ -3006,6 +3153,15 @@ func (c *serverServiceClient) FindAllEnabledServersWithCachePolicyId(ctx context
return out, nil
}
func (c *serverServiceClient) CountAllEnabledServersWithHTTPFirewallPolicyId(ctx context.Context, in *CountAllEnabledServersWithHTTPFirewallPolicyIdRequest, opts ...grpc.CallOption) (*CountAllEnabledServersWithHTTPFirewallPolicyIdResponse, error) {
out := new(CountAllEnabledServersWithHTTPFirewallPolicyIdResponse)
err := c.cc.Invoke(ctx, "/pb.ServerService/countAllEnabledServersWithHTTPFirewallPolicyId", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
// ServerServiceServer is the server API for ServerService service.
type ServerServiceServer interface {
// 创建服务
@@ -3052,6 +3208,8 @@ type ServerServiceServer interface {
CountAllEnabledServersWithCachePolicyId(context.Context, *CountAllEnabledServersWithCachePolicyIdRequest) (*CountAllEnabledServersWithCachePolicyIdResponse, error)
// 查找使用某个缓存策略的所有服务
FindAllEnabledServersWithCachePolicyId(context.Context, *FindAllEnabledServersWithCachePolicyIdRequest) (*FindAllEnabledServersWithCachePolicyIdResponse, error)
// 计算使用某个WAF策略的服务数量
CountAllEnabledServersWithHTTPFirewallPolicyId(context.Context, *CountAllEnabledServersWithHTTPFirewallPolicyIdRequest) (*CountAllEnabledServersWithHTTPFirewallPolicyIdResponse, error)
}
// UnimplementedServerServiceServer can be embedded to have forward compatible implementations.
@@ -3124,6 +3282,9 @@ func (*UnimplementedServerServiceServer) CountAllEnabledServersWithCachePolicyId
func (*UnimplementedServerServiceServer) FindAllEnabledServersWithCachePolicyId(context.Context, *FindAllEnabledServersWithCachePolicyIdRequest) (*FindAllEnabledServersWithCachePolicyIdResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method FindAllEnabledServersWithCachePolicyId not implemented")
}
func (*UnimplementedServerServiceServer) CountAllEnabledServersWithHTTPFirewallPolicyId(context.Context, *CountAllEnabledServersWithHTTPFirewallPolicyIdRequest) (*CountAllEnabledServersWithHTTPFirewallPolicyIdResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method CountAllEnabledServersWithHTTPFirewallPolicyId not implemented")
}
func RegisterServerServiceServer(s *grpc.Server, srv ServerServiceServer) {
s.RegisterService(&_ServerService_serviceDesc, srv)
@@ -3525,6 +3686,24 @@ func _ServerService_FindAllEnabledServersWithCachePolicyId_Handler(srv interface
return interceptor(ctx, in, info, handler)
}
func _ServerService_CountAllEnabledServersWithHTTPFirewallPolicyId_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(CountAllEnabledServersWithHTTPFirewallPolicyIdRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(ServerServiceServer).CountAllEnabledServersWithHTTPFirewallPolicyId(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/pb.ServerService/CountAllEnabledServersWithHTTPFirewallPolicyId",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(ServerServiceServer).CountAllEnabledServersWithHTTPFirewallPolicyId(ctx, req.(*CountAllEnabledServersWithHTTPFirewallPolicyIdRequest))
}
return interceptor(ctx, in, info, handler)
}
var _ServerService_serviceDesc = grpc.ServiceDesc{
ServiceName: "pb.ServerService",
HandlerType: (*ServerServiceServer)(nil),
@@ -3617,6 +3796,10 @@ var _ServerService_serviceDesc = grpc.ServiceDesc{
MethodName: "findAllEnabledServersWithCachePolicyId",
Handler: _ServerService_FindAllEnabledServersWithCachePolicyId_Handler,
},
{
MethodName: "countAllEnabledServersWithHTTPFirewallPolicyId",
Handler: _ServerService_CountAllEnabledServersWithHTTPFirewallPolicyId_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "service_server.proto",

3
pkg/rpc/protos/model_http_firewall_policy.proto
View File

@@ -7,4 +7,7 @@ message HTTPFirewallPolicy {
int64 id = 1;
string name = 2;
bool isOn = 3;
string description = 4;
bytes inboundJSON = 5;
bytes outboundJSON = 6;
}

83
pkg/rpc/protos/service_http_firewall_policy.proto
View File

@@ -4,10 +4,32 @@ option go_package = "./pb";
package pb;
import "model_http_firewall_policy.proto";
import "rpc_messages.proto";
service HTTPFirewallPolicyService {
// 获取所有可用策略
rpc findAllEnabledHTTPFirewallPolicies (FindAllEnabledHTTPFirewallPoliciesRequest) returns (FindAllEnabledHTTPFirewallPoliciesResponse);
// 创建防火墙策略
rpc createHTTPFirewallPolicy (CreateHTTPFirewallPolicyRequest) returns (CreateHTTPFirewallPolicyResponse);
// 修改防火墙策略
rpc updateHTTPFirewallPolicy (UpdateHTTPFirewallPolicyRequest) returns (RPCUpdateSuccess);
// 计算可用的防火墙策略数量
rpc countAllEnabledFirewallPolicies (CountAllEnabledFirewallPoliciesRequest) returns (CountAllEnabledFirewallPoliciesResponse);
// 列出单页的防火墙策略
rpc listEnabledFirewallPolicies (ListEnabledFirewallPoliciesRequest) returns (ListEnabledFirewallPoliciesResponse);
// 删除某个防火墙策略
rpc deleteFirewallPolicy (DeleteFirewallPolicyRequest) returns (RPCDeleteSuccess);
// 查找单个防火墙配置
rpc findEnabledFirewallPolicyConfig (FindEnabledFirewallPolicyConfigRequest) returns (FindEnabledFirewallPolicyConfigResponse);
// 获取防火墙的基本信息
rpc findEnabledFirewallPolicy (FindEnabledFirewallPolicyRequest) returns (FindEnabledFirewallPolicyResponse);
}
// 获取所有可用策略
@@ -19,3 +41,64 @@ message FindAllEnabledHTTPFirewallPoliciesResponse {
repeated HTTPFirewallPolicy firewallPolicies = 1;
}
// 创建防火墙策略
message CreateHTTPFirewallPolicyRequest {
bool isOn = 1;
string name = 2;
string description = 3;
repeated string firewallGroupCodes = 4;
}
message CreateHTTPFirewallPolicyResponse {
int64 firewallPolicyId = 1;
}
// 修改防火墙策略
message UpdateHTTPFirewallPolicyRequest {
int64 firewallPolicyId = 1;
bool isOn = 2;
string name = 3;
string description = 4;
repeated string firewallGroupCodes = 5;
}
// 计算可用的防火墙策略数量
message CountAllEnabledFirewallPoliciesRequest {
}
message CountAllEnabledFirewallPoliciesResponse {
int64 count = 1;
}
// 列出单页的防火墙策略
message ListEnabledFirewallPoliciesRequest {
int64 offset = 1;
int64 size = 2;
}
message ListEnabledFirewallPoliciesResponse {
repeated HTTPFirewallPolicy firewallPolicies = 1;
}
// 删除某个防火墙策略
message DeleteFirewallPolicyRequest {
int64 firewallPolicyId = 1;
}
// 查找单个防火墙配置
message FindEnabledFirewallPolicyConfigRequest {
int64 firewallPolicyId = 1;
}
message FindEnabledFirewallPolicyConfigResponse {
bytes firewallPolicyJSON = 1;
}
// 获取防火墙的基本信息
message FindEnabledFirewallPolicyRequest {
int64 firewallPolicyId = 1;
}
message FindEnabledFirewallPolicyResponse {
HTTPFirewallPolicy firewallPolicy = 1;
}

11
pkg/rpc/protos/service_server.proto
View File

@@ -72,6 +72,9 @@ service ServerService {
// 查找使用某个缓存策略的所有服务
rpc findAllEnabledServersWithCachePolicyId (FindAllEnabledServersWithCachePolicyIdRequest) returns (FindAllEnabledServersWithCachePolicyIdResponse);
// 计算使用某个WAF策略的服务数量
rpc countAllEnabledServersWithHTTPFirewallPolicyId (CountAllEnabledServersWithHTTPFirewallPolicyIdRequest) returns (CountAllEnabledServersWithHTTPFirewallPolicyIdResponse);
}
// 创建服务
@@ -258,3 +261,11 @@ message FindAllEnabledServersWithCachePolicyIdResponse {
repeated Server servers = 1;
}
// 计算使用某个WAF策略的服务数量
message CountAllEnabledServersWithHTTPFirewallPolicyIdRequest {
int64 firewallPolicyId = 1;
}
message CountAllEnabledServersWithHTTPFirewallPolicyIdResponse {
int64 count = 1;
}

4
pkg/serverconfigs/firewallconfigs/http_firewall_action_allow.go Normal file
View File

@@ -0,0 +1,4 @@
package firewallconfigs
type HTTPFirewallAllowAction struct {
}

8
pkg/serverconfigs/firewallconfigs/http_firewall_action_block.go Normal file
View File

@@ -0,0 +1,8 @@
package firewallconfigs
// url client configure
type HTTPFirewallBlockAction struct {
StatusCode int `yaml:"statusCode" json:"statusCode"`
Body string `yaml:"body" json:"body"` // supports HTML
URL string `yaml:"url" json:"url"`
}

4
pkg/serverconfigs/firewallconfigs/http_firewall_action_captcha.go Normal file
View File

@@ -0,0 +1,4 @@
package firewallconfigs
type HTTPFirewallCaptchaAction struct {
}

11
pkg/serverconfigs/firewallconfigs/http_firewall_action_definition.go Normal file
View File

@@ -0,0 +1,11 @@
package firewallconfigs
import "reflect"
// action definition
type HTTPFirewallActionDefinition struct {
Name string
Code HTTPFirewallActionString
Description string
Type reflect.Type
}

5
pkg/serverconfigs/firewallconfigs/http_firewall_action_go_group.go Normal file
View File

@@ -0,0 +1,5 @@
package firewallconfigs
type HTTPFirewallGoGroupAction struct {
GroupId string `yaml:"groupId" json:"groupId"`
}

6
pkg/serverconfigs/firewallconfigs/http_firewall_action_go_set.go Normal file
View File

@@ -0,0 +1,6 @@
package firewallconfigs
type HTTPFirewallGoSetAction struct {
GroupId string `yaml:"groupId" json:"groupId"`
SetId string `yaml:"setId" json:"setId"`
}

5
pkg/serverconfigs/firewallconfigs/http_firewall_action_instance.go Normal file
View File

@@ -0,0 +1,5 @@
package firewallconfigs
type Action struct {
}

4
pkg/serverconfigs/firewallconfigs/http_firewall_action_log.go Normal file
View File

@@ -0,0 +1,4 @@
package firewallconfigs
type HTTPFirewallLogAction struct {
}

12
pkg/serverconfigs/firewallconfigs/http_firewall_action_type.go Normal file
View File

@@ -0,0 +1,12 @@
package firewallconfigs
type HTTPFirewallActionString = string
const (
HTTPFirewallActionLog = "log" // allow and log
HTTPFirewallActionBlock = "block" // block
HTTPFirewallActionCaptcha = "captcha" // block and show captcha
HTTPFirewallActionAllow = "allow" // allow
HTTPFirewallActionGoGroup = "go_group" // go to next rule group
HTTPFirewallActionGoSet = "go_set" // go to next rule set
)

43
pkg/serverconfigs/firewallconfigs/http_firewall_action_utils.go Normal file
View File

@@ -0,0 +1,43 @@
package firewallconfigs
import (
"reflect"
)
var AllActions = []*HTTPFirewallActionDefinition{
{
Name: "阻止",
Code: HTTPFirewallActionBlock,
},
{
Name: "允许通过",
Code: HTTPFirewallActionAllow,
},
{
Name: "允许并记录日志",
Code: HTTPFirewallActionLog,
},
{
Name: "Captcha验证码",
Code: HTTPFirewallActionCaptcha,
},
{
Name: "跳到下一个规则分组",
Code: HTTPFirewallActionGoGroup,
Type: reflect.TypeOf(new(HTTPFirewallGoGroupAction)).Elem(),
},
{
Name: "跳到下一个规则集",
Code: HTTPFirewallActionGoSet,
Type: reflect.TypeOf(new(HTTPFirewallGoSetAction)).Elem(),
},
}
func FindActionName(action HTTPFirewallActionString) string {
for _, def := range AllActions {
if def.Code == action {
return def.Name
}
}
return ""
}

1
pkg/serverconfigs/firewallconfigs/http_firewall_action_utils_test.go Normal file
View File

@@ -0,0 +1 @@
package firewallconfigs

28
pkg/serverconfigs/firewallconfigs/http_firewall_inbound_config.go Normal file
View File

@@ -0,0 +1,28 @@
package firewallconfigs
type HTTPFirewallInboundConfig struct {
IsOn bool `yaml:"isOn" json:"isOn"`
GroupRefs []*HTTPFirewallRuleGroupRef `yaml:"groupRefs" json:"groupRefs"`
Groups []*HTTPFirewallRuleGroup `yaml:"groups" json:"groups"`
}
// 初始化
func (this *HTTPFirewallInboundConfig) Init() error {
for _, group := range this.Groups {
err := group.Init()
if err != nil {
return err
}
}
return nil
}
// 根据Code查找Group
func (this *HTTPFirewallInboundConfig) FindGroupWithCode(code string) *HTTPFirewallRuleGroup {
for _, group := range this.Groups {
if group.Code == code {
return group
}
}
return nil
}

28
pkg/serverconfigs/firewallconfigs/http_firewall_outbound_config.go Normal file
View File

@@ -0,0 +1,28 @@
package firewallconfigs
type HTTPFirewallOutboundConfig struct {
IsOn bool `yaml:"isOn" json:"isOn"`
GroupRefs []*HTTPFirewallRuleGroupRef `yaml:"groupRefs" json:"groupRefs"`
Groups []*HTTPFirewallRuleGroup `yaml:"groups" json:"groups"`
}
// 初始化
func (this *HTTPFirewallOutboundConfig) Init() error {
for _, group := range this.Groups {
err := group.Init()
if err != nil {
return err
}
}
return nil
}
// 根据Code查找Group
func (this *HTTPFirewallOutboundConfig) FindGroupWithCode(code string) *HTTPFirewallRuleGroup {
for _, group := range this.Groups {
if group.Code == code {
return group
}
}
return nil
}

51
pkg/serverconfigs/firewallconfigs/http_firewall_policy.go Normal file
View File

@@ -0,0 +1,51 @@
package firewallconfigs
// 防火墙策略
type HTTPFirewallPolicy struct {
Id int64 `yaml:"id" json:"id"`
IsOn bool `yaml:"isOn" json:"isOn"`
Name string `yaml:"name" json:"name"`
Description string `yaml:"description" json:"description"`
Inbound *HTTPFirewallInboundConfig `yaml:"inbound" json:"inbound"`
Outbound *HTTPFirewallOutboundConfig `yaml:"outbound" json:"outbound"`
}
// 初始化
func (this *HTTPFirewallPolicy) Init() error {
if this.Inbound != nil {
err := this.Inbound.Init()
if err != nil {
return err
}
}
if this.Outbound != nil {
err := this.Outbound.Init()
if err != nil {
return err
}
}
return nil
}
// 获取所有分组
func (this *HTTPFirewallPolicy) AllRuleGroups() []*HTTPFirewallRuleGroup {
result := []*HTTPFirewallRuleGroup{}
if this.Inbound != nil {
result = append(result, this.Inbound.Groups...)
}
if this.Outbound != nil {
result = append(result, this.Outbound.Groups...)
}
return result
}
// 根据代号获取分组
func (this *HTTPFirewallPolicy) FindRuleGroupWithCode(code string) *HTTPFirewallRuleGroup {
for _, g := range this.AllRuleGroups() {
if g.Code == code {
return g
}
}
return nil
}

2
pkg/serverconfigs/http_firewall_ref.go → pkg/serverconfigs/firewallconfigs/http_firewall_ref.go
View File

@@ -1,4 +1,4 @@
package serverconfigs
package firewallconfigs
type HTTPFirewallRef struct {
IsPrior bool `yaml:"isPrior" json:"isPrior"`

16
pkg/serverconfigs/firewallconfigs/http_firewall_rule.go Normal file
View File

@@ -0,0 +1,16 @@
package firewallconfigs
type HTTPFirewallRule struct {
Id int64 `yaml:"id" json:"id"`
IsOn bool `yaml:"isOn" json:"isOn"`
Param string `yaml:"param" json:"param"`
Operator string `yaml:"operator" json:"operator"`
Value string `yaml:"value" json:"value"`
IsCaseInsensitive bool `yaml:"isCaseInsensitive" json:"isCaseInsensitive"`
CheckpointOptions map[string]interface{} `yaml:"checkpointOptions" json:"checkpointOptions"`
Description string `yaml:"description" json:"description"`
}
func (this *HTTPFirewallRule) Init() error {
return nil
}

28
pkg/serverconfigs/firewallconfigs/http_firewall_rule_group.go Normal file
View File

@@ -0,0 +1,28 @@
package firewallconfigs
// 规则组
type HTTPFirewallRuleGroup struct {
Id int64 `yaml:"id" json:"id"`
IsOn bool `yaml:"isOn" json:"isOn"`
Name string `yaml:"name" json:"name"`
Description string `yaml:"description" json:"description"`
Code string `yaml:"code" json:"code"`
SetRefs []*HTTPFirewallRuleSetRef `yaml:"setRefs" json:"setRefs"`
Sets []*HTTPFirewallRuleSet `yaml:"sets" json:"sets"`
}
// 初始化
func (this *HTTPFirewallRuleGroup) Init() error {
for _, set := range this.Sets {
err := set.Init()
if err != nil {
return err
}
}
return nil
}
// 添加规则集
func (this *HTTPFirewallRuleGroup) AddRuleSet(ruleSet *HTTPFirewallRuleSet) {
this.Sets = append(this.Sets, ruleSet)
}

6
pkg/serverconfigs/firewallconfigs/http_firewall_rule_group_ref.go Normal file
View File

@@ -0,0 +1,6 @@
package firewallconfigs
type HTTPFirewallRuleGroupRef struct {
IsOn bool `yaml:"isOn" json:"isOn"`
GroupId int64 `yaml:"groupId" json:"groupId"`
}

219
pkg/serverconfigs/firewallconfigs/http_firewall_rule_operator.go Normal file
View File

@@ -0,0 +1,219 @@
package firewallconfigs
type HTTPFirewallRuleOperator = string
type HTTPFirewallRuleCaseInsensitive = string
const (
HTTPFirewallRuleOperatorGt HTTPFirewallRuleOperator = "gt"
HTTPFirewallRuleOperatorGte HTTPFirewallRuleOperator = "gte"
HTTPFirewallRuleOperatorLt HTTPFirewallRuleOperator = "lt"
HTTPFirewallRuleOperatorLte HTTPFirewallRuleOperator = "lte"
HTTPFirewallRuleOperatorEq HTTPFirewallRuleOperator = "eq"
HTTPFirewallRuleOperatorNeq HTTPFirewallRuleOperator = "neq"
HTTPFirewallRuleOperatorEqString HTTPFirewallRuleOperator = "eq string"
HTTPFirewallRuleOperatorNeqString HTTPFirewallRuleOperator = "neq string"
HTTPFirewallRuleOperatorMatch HTTPFirewallRuleOperator = "match"
HTTPFirewallRuleOperatorNotMatch HTTPFirewallRuleOperator = "not match"
HTTPFirewallRuleOperatorContains HTTPFirewallRuleOperator = "contains"
HTTPFirewallRuleOperatorNotContains HTTPFirewallRuleOperator = "not contains"
HTTPFirewallRuleOperatorPrefix HTTPFirewallRuleOperator = "prefix"
HTTPFirewallRuleOperatorSuffix HTTPFirewallRuleOperator = "suffix"
HTTPFirewallRuleOperatorHasKey HTTPFirewallRuleOperator = "has key" // has key in slice or map
HTTPFirewallRuleOperatorVersionGt HTTPFirewallRuleOperator = "version gt"
HTTPFirewallRuleOperatorVersionLt HTTPFirewallRuleOperator = "version lt"
HTTPFirewallRuleOperatorVersionRange HTTPFirewallRuleOperator = "version range"
// ip
HTTPFirewallRuleOperatorEqIP HTTPFirewallRuleOperator = "eq ip"
HTTPFirewallRuleOperatorGtIP HTTPFirewallRuleOperator = "gt ip"
HTTPFirewallRuleOperatorGteIP HTTPFirewallRuleOperator = "gte ip"
HTTPFirewallRuleOperatorLtIP HTTPFirewallRuleOperator = "lt ip"
HTTPFirewallRuleOperatorLteIP HTTPFirewallRuleOperator = "lte ip"
HTTPFirewallRuleOperatorIPRange HTTPFirewallRuleOperator = "ip range"
HTTPFirewallRuleOperatorNotIPRange HTTPFirewallRuleOperator = "not ip range"
HTTPFirewallRuleOperatorIPMod10 HTTPFirewallRuleOperator = "ip mod 10"
HTTPFirewallRuleOperatorIPMod100 HTTPFirewallRuleOperator = "ip mod 100"
HTTPFirewallRuleOperatorIPMod HTTPFirewallRuleOperator = "ip mod"
HTTPFirewallRuleCaseInsensitiveNone = "none"
HTTPFirewallRuleCaseInsensitiveYes = "yes"
HTTPFirewallRuleCaseInsensitiveNo = "no"
)
type RuleOperatorDefinition struct {
Name string
Code string
Description string
CaseInsensitive HTTPFirewallRuleCaseInsensitive // default caseInsensitive setting
}
var AllRuleOperators = []*RuleOperatorDefinition{
{
Name: "数值大于",
Code: HTTPFirewallRuleOperatorGt,
Description: "使用数值对比大于",
CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone,
},
{
Name: "数值大于等于",
Code: HTTPFirewallRuleOperatorGte,
Description: "使用数值对比大于等于",
CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone,
},
{
Name: "数值小于",
Code: HTTPFirewallRuleOperatorLt,
Description: "使用数值对比小于",
CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone,
},
{
Name: "数值小于等于",
Code: HTTPFirewallRuleOperatorLte,
Description: "使用数值对比小于等于",
CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone,
},
{
Name: "数值等于",
Code: HTTPFirewallRuleOperatorEq,
Description: "使用数值对比等于",
CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone,
},
{
Name: "数值不等于",
Code: HTTPFirewallRuleOperatorNeq,
Description: "使用数值对比不等于",
CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone,
},
{
Name: "字符串等于",
Code: HTTPFirewallRuleOperatorEqString,
Description: "使用字符串对比等于",
CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
},
{
Name: "字符串不等于",
Code: HTTPFirewallRuleOperatorNeqString,
Description: "使用字符串对比不等于",
CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
},
{
Name: "正则匹配",
Code: HTTPFirewallRuleOperatorMatch,
Description: "使用正则表达式匹配,在头部使用(?i)表示不区分大小写,<a href=\"http://teaos.cn/doc/regexp/Regexp.md\" target=\"_blank\">正则表达式语法 &raquo;</a>",
CaseInsensitive: HTTPFirewallRuleCaseInsensitiveYes,
},
{
Name: "正则不匹配",
Code: HTTPFirewallRuleOperatorNotMatch,
Description: "使用正则表达式不匹配,在头部使用(?i)表示不区分大小写,<a href=\"http://teaos.cn/doc/regexp/Regexp.md\" target=\"_blank\">正则表达式语法 &raquo;</a>",
CaseInsensitive: HTTPFirewallRuleCaseInsensitiveYes,
},
{
Name: "包含字符串",
Code: HTTPFirewallRuleOperatorContains,
Description: "包含某个字符串",
CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
},
{
Name: "不包含字符串",
Code: HTTPFirewallRuleOperatorNotContains,
Description: "不包含某个字符串",
CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
},
{
Name: "包含前缀",
Code: HTTPFirewallRuleOperatorPrefix,
Description: "包含某个前缀",
CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
},
{
Name: "包含后缀",
Code: HTTPFirewallRuleOperatorSuffix,
Description: "包含某个后缀",
CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
},
{
Name: "包含索引",
Code: HTTPFirewallRuleOperatorHasKey,
Description: "对于一组数据拥有某个键值或者索引",
CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
},
{
Name: "版本号大于",
Code: HTTPFirewallRuleOperatorVersionGt,
Description: "对比版本号大于",
CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
},
{
Name: "版本号小于",
Code: HTTPFirewallRuleOperatorVersionLt,
Description: "对比版本号小于",
CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
},
{
Name: "版本号范围",
Code: HTTPFirewallRuleOperatorVersionRange,
Description: "判断版本号在某个范围内格式为version1,version2",
CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
},
{
Name: "IP等于",
Code: HTTPFirewallRuleOperatorEqIP,
Description: "将参数转换为IP进行对比",
CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
},
{
Name: "IP大于",
Code: HTTPFirewallRuleOperatorGtIP,
Description: "将参数转换为IP进行对比",
CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
},
{
Name: "IP大于等于",
Code: HTTPFirewallRuleOperatorGteIP,
Description: "将参数转换为IP进行对比",
CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
},
{
Name: "IP小于",
Code: HTTPFirewallRuleOperatorLtIP,
Description: "将参数转换为IP进行对比",
CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
},
{
Name: "IP小于等于",
Code: HTTPFirewallRuleOperatorLteIP,
Description: "将参数转换为IP进行对比",
CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
},
{
Name: "IP范围",
Code: HTTPFirewallRuleOperatorIPRange,
Description: "IP在某个范围之内范围格式可以是英文逗号分隔的ip1,ip2或者CIDR格式的ip/bits",
CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
},
{
Name: "不在IP范围",
Code: HTTPFirewallRuleOperatorNotIPRange,
Description: "IP不在某个范围之内范围格式可以是英文逗号分隔的ip1,ip2或者CIDR格式的ip/bits",
CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
},
{
Name: "IP取模10",
Code: HTTPFirewallRuleOperatorIPMod10,
Description: "对IP参数值取模除数为10对比值为余数",
CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
},
{
Name: "IP取模100",
Code: HTTPFirewallRuleOperatorIPMod100,
Description: "对IP参数值取模除数为100对比值为余数",
CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
},
{
Name: "IP取模",
Code: HTTPFirewallRuleOperatorIPMod,
Description: "对IP参数值取模对比值格式为除数,余数比如10,1",
CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
},
}

19
pkg/serverconfigs/firewallconfigs/http_firewall_rule_operator_test.go Normal file
View File

@@ -0,0 +1,19 @@
package firewallconfigs
import (
"fmt"
"strings"
"testing"
)
func TestRuleOperator_Markdown(t *testing.T) {
result := []string{}
for _, def := range AllRuleOperators {
row := "## " + def.Name + "\n"
row += "符号:`" + def.Code + "`\n"
row += "描述:" + def.Description + "\n"
result = append(result, row)
}
fmt.Print(strings.Join(result, "\n") + "\n")
}

6
pkg/serverconfigs/firewallconfigs/http_firewall_rule_ref.go Normal file
View File

@@ -0,0 +1,6 @@
package firewallconfigs
type HTTPFirewallRuleRef struct {
IsOn bool `yaml:"isOn" json:"isOn"`
RuleId int64 `yaml:"ruleId" json:"ruleId"`
}

33
pkg/serverconfigs/firewallconfigs/http_firewall_rule_set.go Normal file
View File

@@ -0,0 +1,33 @@
package firewallconfigs
import "github.com/iwind/TeaGo/maps"
// 规则集定义
type HTTPFirewallRuleSet struct {
Id int64 `yaml:"id" json:"id"`
IsOn bool `yaml:"isOn" json:"isOn"`
Name string `yaml:"name" json:"name"`
Code string `yaml:"code" json:"code"`
Description string `yaml:"description" json:"description"`
Connector string `yaml:"connector" json:"connector"`
RuleRefs []*HTTPFirewallRuleRef `yaml:"ruleRefs" json:"ruleRefs"`
Rules []*HTTPFirewallRule `yaml:"rules" json:"rules"`
Action string `yaml:"action" json:"action"`
ActionOptions maps.Map `yaml:"actionOptions" json:"actionOptions"`
}
// 初始化
func (this *HTTPFirewallRuleSet) Init() error {
for _, rule := range this.Rules {
err := rule.Init()
if err != nil {
return err
}
}
return nil
}
// 添加规则
func (this *HTTPFirewallRuleSet) AddRule(rule *HTTPFirewallRule) {
this.Rules = append(this.Rules, rule)
}

6
pkg/serverconfigs/firewallconfigs/http_firewall_rule_set_ref.go Normal file
View File

@@ -0,0 +1,6 @@
package firewallconfigs
type HTTPFirewallRuleSetRef struct {
IsOn bool `yaml:"isOn" json:"isOn"`
SetId int64 `yaml:"setId" json:"setId"`
}

511
pkg/serverconfigs/firewallconfigs/http_firewall_template.go Normal file
View File

@@ -0,0 +1,511 @@
package firewallconfigs
type HTTPFirewallRuleConnector = string
const (
HTTPFirewallRuleConnectorAnd = "and"
HTTPFirewallRuleConnectorOr = "or"
)
func HTTPFirewallTemplate() *HTTPFirewallPolicy {
policy := &HTTPFirewallPolicy{}
policy.IsOn = true
policy.Inbound = &HTTPFirewallInboundConfig{}
policy.Outbound = &HTTPFirewallOutboundConfig{}
// black list
{
group := &HTTPFirewallRuleGroup{}
group.IsOn = false
group.Name = "白名单"
group.Code = "whiteList"
group.Description = "在此名单中的IP地址可以直接跳过防火墙设置"
{
set := &HTTPFirewallRuleSet{}
set.IsOn = true
set.Name = "IP白名单"
set.Code = "9001"
set.Connector = HTTPFirewallRuleConnectorOr
set.Action = HTTPFirewallActionAllow
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${remoteAddr}",
Operator: HTTPFirewallRuleOperatorMatch,
Value: `127\.0\.0\.1|0\.0\.0\.0`,
IsCaseInsensitive: false,
})
group.AddRuleSet(set)
}
policy.Inbound.Groups = append(policy.Inbound.Groups, group)
}
// black list
{
group := &HTTPFirewallRuleGroup{}
group.IsOn = false
group.Name = "黑名单"
group.Code = "blackList"
group.Description = "在此名单中的IP地址直接阻止"
{
set := &HTTPFirewallRuleSet{}
set.IsOn = true
set.Name = "IP黑名单"
set.Code = "10001"
set.Connector = HTTPFirewallRuleConnectorOr
set.Action = HTTPFirewallActionBlock
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${remoteAddr}",
Operator: HTTPFirewallRuleOperatorMatch,
Value: `1\.1\.1\.1|2\.2\.2\.2`,
IsCaseInsensitive: false,
})
group.AddRuleSet(set)
}
policy.Inbound.Groups = append(policy.Inbound.Groups, group)
}
// xss
{
group := &HTTPFirewallRuleGroup{}
group.IsOn = true
group.Name = "XSS"
group.Code = "xss"
group.Description = "防跨站脚本攻击Cross Site Scripting"
{
set := &HTTPFirewallRuleSet{}
set.IsOn = true
set.Name = "Javascript事件"
set.Code = "1001"
set.Connector = HTTPFirewallRuleConnectorOr
set.Action = HTTPFirewallActionBlock
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${requestURI}",
Operator: HTTPFirewallRuleOperatorMatch,
Value: `(onmouseover|onmousemove|onmousedown|onmouseup|onerror|onload|onclick|ondblclick|onkeydown|onkeyup|onkeypress)\s*=`, // TODO more keywords here
IsCaseInsensitive: true,
})
group.AddRuleSet(set)
}
{
set := &HTTPFirewallRuleSet{}
set.IsOn = true
set.Name = "Javascript函数"
set.Code = "1002"
set.Connector = HTTPFirewallRuleConnectorOr
set.Action = HTTPFirewallActionBlock
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${requestURI}",
Operator: HTTPFirewallRuleOperatorMatch,
Value: `(alert|eval|prompt|confirm)\s*\(`, // TODO more keywords here
IsCaseInsensitive: true,
})
group.AddRuleSet(set)
}
{
set := &HTTPFirewallRuleSet{}
set.IsOn = true
set.Name = "HTML标签"
set.Code = "1003"
set.Connector = HTTPFirewallRuleConnectorOr
set.Action = HTTPFirewallActionBlock
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${requestURI}",
Operator: HTTPFirewallRuleOperatorMatch,
Value: `<(script|iframe|link)`, // TODO more keywords here
IsCaseInsensitive: true,
})
group.AddRuleSet(set)
}
policy.Inbound.Groups = append(policy.Inbound.Groups, group)
}
// upload
{
group := &HTTPFirewallRuleGroup{}
group.IsOn = true
group.Name = "文件上传"
group.Code = "upload"
group.Description = "防止上传可执行脚本文件到服务器"
{
set := &HTTPFirewallRuleSet{}
set.IsOn = true
set.Name = "上传文件扩展名"
set.Code = "2001"
set.Connector = HTTPFirewallRuleConnectorOr
set.Action = HTTPFirewallActionBlock
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${requestUpload.ext}",
Operator: HTTPFirewallRuleOperatorMatch,
Value: `\.(php|jsp|aspx|asp|exe|asa|rb|py)\b`, // TODO more keywords here
IsCaseInsensitive: true,
})
group.AddRuleSet(set)
}
policy.Inbound.Groups = append(policy.Inbound.Groups, group)
}
// web shell
{
group := &HTTPFirewallRuleGroup{}
group.IsOn = true
group.Name = "Web Shell"
group.Code = "webShell"
group.Description = "防止远程执行服务器命令"
{
set := &HTTPFirewallRuleSet{}
set.IsOn = true
set.Name = "Web Shell"
set.Code = "3001"
set.Connector = HTTPFirewallRuleConnectorOr
set.Action = HTTPFirewallActionBlock
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${requestAll}",
Operator: HTTPFirewallRuleOperatorMatch,
Value: `\b(eval|system|exec|execute|passthru|shell_exec|phpinfo)\s*\(`, // TODO more keywords here
IsCaseInsensitive: true,
})
group.AddRuleSet(set)
}
policy.Inbound.Groups = append(policy.Inbound.Groups, group)
}
// command injection
{
group := &HTTPFirewallRuleGroup{}
group.IsOn = true
group.Name = "命令注入"
group.Code = "commandInjection"
{
set := &HTTPFirewallRuleSet{}
set.IsOn = true
set.Name = "命令注入"
set.Code = "4001"
set.Connector = HTTPFirewallRuleConnectorOr
set.Action = HTTPFirewallActionBlock
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${requestURI}",
Operator: HTTPFirewallRuleOperatorMatch,
Value: `\b(pwd|ls|ll|whoami|id|net\s+user)\s*$`, // TODO more keywords here
IsCaseInsensitive: false,
})
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${requestBody}",
Operator: HTTPFirewallRuleOperatorMatch,
Value: `\b(pwd|ls|ll|whoami|id|net\s+user)\s*$`, // TODO more keywords here
IsCaseInsensitive: false,
})
group.AddRuleSet(set)
}
policy.Inbound.Groups = append(policy.Inbound.Groups, group)
}
// path traversal
{
group := &HTTPFirewallRuleGroup{}
group.IsOn = true
group.Name = "路径穿越"
group.Code = "pathTraversal"
group.Description = "防止读取网站目录之外的其他系统文件"
{
set := &HTTPFirewallRuleSet{}
set.IsOn = true
set.Name = "路径穿越"
set.Code = "5001"
set.Connector = HTTPFirewallRuleConnectorOr
set.Action = HTTPFirewallActionBlock
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${requestURI}",
Operator: HTTPFirewallRuleOperatorMatch,
Value: `((\.+)(/+)){2,}`, // TODO more keywords here
IsCaseInsensitive: false,
})
group.AddRuleSet(set)
}
policy.Inbound.Groups = append(policy.Inbound.Groups, group)
}
// special dirs
{
group := &HTTPFirewallRuleGroup{}
group.IsOn = true
group.Name = "特殊目录"
group.Code = "denyDirs"
group.Description = "防止通过Web访问到一些特殊目录"
{
set := &HTTPFirewallRuleSet{}
set.IsOn = true
set.Name = "特殊目录"
set.Code = "6001"
set.Connector = HTTPFirewallRuleConnectorOr
set.Action = HTTPFirewallActionBlock
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${requestPath}",
Operator: HTTPFirewallRuleOperatorMatch,
Value: `/\.(git|svn|htaccess|idea)\b`, // TODO more keywords here
IsCaseInsensitive: true,
})
group.AddRuleSet(set)
}
policy.Inbound.Groups = append(policy.Inbound.Groups, group)
}
// sql injection
{
group := &HTTPFirewallRuleGroup{}
group.IsOn = true
group.Name = "SQL注入"
group.Code = "sqlInjection"
group.Description = "防止SQL注入漏洞"
{
set := &HTTPFirewallRuleSet{}
set.IsOn = true
set.Name = "Union SQL Injection"
set.Code = "7001"
set.Connector = HTTPFirewallRuleConnectorOr
set.Action = HTTPFirewallActionBlock
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${requestAll}",
Operator: HTTPFirewallRuleOperatorMatch,
Value: `union[\s/\*]+select`,
IsCaseInsensitive: true,
})
group.AddRuleSet(set)
}
{
set := &HTTPFirewallRuleSet{}
set.IsOn = true
set.Name = "SQL注释"
set.Code = "7002"
set.Connector = HTTPFirewallRuleConnectorOr
set.Action = HTTPFirewallActionBlock
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${requestAll}",
Operator: HTTPFirewallRuleOperatorMatch,
Value: `/\*(!|\x00)`,
IsCaseInsensitive: true,
})
group.AddRuleSet(set)
}
{
set := &HTTPFirewallRuleSet{}
set.IsOn = true
set.Name = "SQL条件"
set.Code = "7003"
set.Connector = HTTPFirewallRuleConnectorOr
set.Action = HTTPFirewallActionBlock
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${requestAll}",
Operator: HTTPFirewallRuleOperatorMatch,
Value: `\s(and|or|rlike)\s+(if|updatexml)\s*\(`,
IsCaseInsensitive: true,
})
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${requestAll}",
Operator: HTTPFirewallRuleOperatorMatch,
Value: `\s+(and|or|rlike)\s+(select|case)\s+`,
IsCaseInsensitive: true,
})
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${requestAll}",
Operator: HTTPFirewallRuleOperatorMatch,
Value: `\s+(and|or|procedure)\s+[\w\p{L}]+\s*=\s*[\w\p{L}]+(\s|$|--|#)`,
IsCaseInsensitive: true,
})
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${requestAll}",
Operator: HTTPFirewallRuleOperatorMatch,
Value: `\(\s*case\s+when\s+[\w\p{L}]+\s*=\s*[\w\p{L}]+\s+then\s+`,
IsCaseInsensitive: true,
})
group.AddRuleSet(set)
}
{
set := &HTTPFirewallRuleSet{}
set.IsOn = true
set.Name = "SQL函数"
set.Code = "7004"
set.Connector = HTTPFirewallRuleConnectorOr
set.Action = HTTPFirewallActionBlock
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${requestAll}",
Operator: HTTPFirewallRuleOperatorMatch,
Value: `(updatexml|extractvalue|ascii|ord|char|chr|count|concat|rand|floor|substr|length|len|user|database|benchmark|analyse)\s*\(`,
IsCaseInsensitive: true,
})
group.AddRuleSet(set)
}
{
set := &HTTPFirewallRuleSet{}
set.IsOn = true
set.Name = "SQL附加语句"
set.Code = "7005"
set.Connector = HTTPFirewallRuleConnectorOr
set.Action = HTTPFirewallActionBlock
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${requestAll}",
Operator: HTTPFirewallRuleOperatorMatch,
Value: `;\s*(declare|use|drop|create|exec|delete|update|insert)\s`,
IsCaseInsensitive: true,
})
group.AddRuleSet(set)
}
policy.Inbound.Groups = append(policy.Inbound.Groups, group)
}
// bot
{
group := &HTTPFirewallRuleGroup{}
group.IsOn = true
group.Name = "网络爬虫"
group.Code = "bot"
group.Description = "禁止一些网络爬虫"
{
set := &HTTPFirewallRuleSet{}
set.IsOn = true
set.Name = "常见网络爬虫"
set.Code = "20001"
set.Connector = HTTPFirewallRuleConnectorOr
set.Action = HTTPFirewallActionBlock
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${userAgent}",
Operator: HTTPFirewallRuleOperatorMatch,
Value: `Googlebot|AdsBot|bingbot|BingPreview|facebookexternalhit|Slurp|Sogou|proximic|Baiduspider|yandex|twitterbot|spider|python`,
IsCaseInsensitive: true,
})
group.AddRuleSet(set)
}
policy.Inbound.Groups = append(policy.Inbound.Groups, group)
}
// cc
{
group := &HTTPFirewallRuleGroup{}
group.IsOn = true
group.Name = "CC攻击"
group.Description = "Challenge Collapsar防止短时间大量请求涌入请谨慎开启和设置"
group.Code = "cc"
{
set := &HTTPFirewallRuleSet{}
set.IsOn = true
set.Name = "CC请求数"
set.Description = "限制单IP在一定时间内的请求数"
set.Code = "8001"
set.Connector = HTTPFirewallRuleConnectorAnd
set.Action = HTTPFirewallActionBlock
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${cc.requests}",
Operator: HTTPFirewallRuleOperatorGt,
Value: "1000",
CheckpointOptions: map[string]interface{}{
"period": "60",
},
IsCaseInsensitive: false,
})
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${remoteAddr}",
Operator: HTTPFirewallRuleOperatorNotIPRange,
Value: `127.0.0.1/8`,
IsCaseInsensitive: false,
})
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${remoteAddr}",
Operator: HTTPFirewallRuleOperatorNotIPRange,
Value: `192.168.0.1/16`,
IsCaseInsensitive: false,
})
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${remoteAddr}",
Operator: HTTPFirewallRuleOperatorNotIPRange,
Value: `10.0.0.1/8`,
IsCaseInsensitive: false,
})
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${remoteAddr}",
Operator: HTTPFirewallRuleOperatorNotIPRange,
Value: `172.16.0.1/12`,
IsCaseInsensitive: false,
})
group.AddRuleSet(set)
}
policy.Inbound.Groups = append(policy.Inbound.Groups, group)
}
// custom
{
group := &HTTPFirewallRuleGroup{}
group.IsOn = true
group.Name = "自定义规则分组"
group.Description = "我的自定义规则分组,可以将自定义的规则放在这个分组下"
group.Code = "custom"
policy.Inbound.Groups = append(policy.Inbound.Groups, group)
}
return policy
}

52
pkg/serverconfigs/http_web_config.go
View File

@@ -1,28 +1,32 @@
package serverconfigs
import "github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
import (
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
)
type HTTPWebConfig struct {
Id int64 `yaml:"id" json:"id"` // ID
IsOn bool `yaml:"isOn" json:"isOn"` // 是否启用
Locations []*HTTPLocationConfig `yaml:"locations" json:"locations"` // 路径规则 TODO
LocationRefs []*HTTPLocationRef `yaml:"locationRefs" json:"locationRefs"` // 路径规则应用
GzipRef *HTTPGzipRef `yaml:"gzipRef" json:"gzipRef"` // Gzip引用
Gzip *HTTPGzipConfig `yaml:"gzip" json:"gzip"` // Gzip配置
Charset *HTTPCharsetConfig `yaml:"charset" json:"charset"` // 字符编码
Shutdown *HTTPShutdownConfig `yaml:"shutdown" json:"shutdown"` // 临时关闭配置
Pages []*HTTPPageConfig `yaml:"pages" json:"pages"` // 特殊页面配置
RedirectToHttps *HTTPRedirectToHTTPSConfig `yaml:"redirectToHTTPS" json:"redirectToHTTPS"` // 是否自动跳转到Https
Root *HTTPRootConfig `yaml:"root" json:"root"` // 资源根目录 TODO
MaxRequestBodySize string `yaml:"maxRequestBodySize" json:"maxRequestBodySize"` // 请求body最大尺寸 TODO 需要实现
AccessLogRef *HTTPAccessLogRef `yaml:"accessLog" json:"accessLog"` // 访问日志配置
StatRef *HTTPStatRef `yaml:"statRef" json:"statRef"` // 统计配置
Cache *HTTPCacheConfig `yaml:"cache" json:"cache"`
FirewallRef *HTTPFirewallRef `yaml:"firewallRef" json:"firewallRef"` // 防火墙设置
WebsocketRef *HTTPWebsocketRef `yaml:"websocketRef" json:"websocketRef"` // Websocket应用配置
Websocket *HTTPWebsocketConfig `yaml:"websocket" json:"websocket"` // Websocket配置
RewriteRefs []*HTTPRewriteRef `yaml:"rewriteRefs" json:"rewriteRefs"` // 重写规则配置
RewriteRules []*HTTPRewriteRule `yaml:"rewriteRules" json:"rewriteRules"` // 重写规则
Id int64 `yaml:"id" json:"id"` // ID
IsOn bool `yaml:"isOn" json:"isOn"` // 是否启用
Locations []*HTTPLocationConfig `yaml:"locations" json:"locations"` // 路径规则 TODO
LocationRefs []*HTTPLocationRef `yaml:"locationRefs" json:"locationRefs"` // 路径规则应用
GzipRef *HTTPGzipRef `yaml:"gzipRef" json:"gzipRef"` // Gzip引用
Gzip *HTTPGzipConfig `yaml:"gzip" json:"gzip"` // Gzip配置
Charset *HTTPCharsetConfig `yaml:"charset" json:"charset"` // 字符编码
Shutdown *HTTPShutdownConfig `yaml:"shutdown" json:"shutdown"` // 临时关闭配置
Pages []*HTTPPageConfig `yaml:"pages" json:"pages"` // 特殊页面配置
RedirectToHttps *HTTPRedirectToHTTPSConfig `yaml:"redirectToHTTPS" json:"redirectToHTTPS"` // 是否自动跳转到Https
Root *HTTPRootConfig `yaml:"root" json:"root"` // 资源根目录 TODO
MaxRequestBodySize string `yaml:"maxRequestBodySize" json:"maxRequestBodySize"` // 请求body最大尺寸 TODO 需要实现
AccessLogRef *HTTPAccessLogRef `yaml:"accessLog" json:"accessLog"` // 访问日志配置
StatRef *HTTPStatRef `yaml:"statRef" json:"statRef"` // 统计配置
Cache *HTTPCacheConfig `yaml:"cache" json:"cache"`
FirewallRef *firewallconfigs.HTTPFirewallRef `yaml:"firewallRef" json:"firewallRef"` // 防火墙设置
FirewallPolicy *firewallconfigs.HTTPFirewallPolicy `yaml:"firewallPolicy" json:"firewallPolicy"` // 防火墙策略
WebsocketRef *HTTPWebsocketRef `yaml:"websocketRef" json:"websocketRef"` // Websocket应用配置
Websocket *HTTPWebsocketConfig `yaml:"websocket" json:"websocket"` // Websocket配置
RewriteRefs []*HTTPRewriteRef `yaml:"rewriteRefs" json:"rewriteRefs"` // 重写规则配置
RewriteRules []*HTTPRewriteRule `yaml:"rewriteRules" json:"rewriteRules"` // 重写规则
RequestHeaderPolicyRef *shared.HTTPHeaderPolicyRef `yaml:"requestHeaderPolicyRef" json:"requestHeaderPolicyRef"` // 请求Header
RequestHeaderPolicy *shared.HTTPHeaderPolicy `yaml:"requestHeaderPolicy" json:"requestHeaderPolicy"` // 请求Header策略
@@ -125,6 +129,12 @@ func (this *HTTPWebConfig) Init() error {
return err
}
}
if this.FirewallPolicy != nil {
err := this.FirewallPolicy.Init()
if err != nil {
return err
}
}
// websocket
if this.WebsocketRef != nil {

147
pkg/serverconfigs/shared/ip_range.go Normal file
View File

@@ -0,0 +1,147 @@
package shared
import (
"bytes"
"errors"
"github.com/iwind/TeaGo/utils/string"
"net"
"regexp"
"strings"
)
// IP Range类型
type IPRangeType = int
const (
IPRangeTypeRange IPRangeType = 1
IPRangeTypeCIDR IPRangeType = 2
IPRangeTypeAll IPRangeType = 3
IPRangeTypeWildcard IPRangeType = 4 // 通配符,可以使用*
)
// IP Range
type IPRangeConfig struct {
Id string `yaml:"id" json:"id"`
Type IPRangeType `yaml:"type" json:"type"`
Param string `yaml:"param" json:"param"`
CIDR string `yaml:"cidr" json:"cidr"`
IPFrom string `yaml:"ipFrom" json:"ipFrom"`
IPTo string `yaml:"ipTo" json:"ipTo"`
cidr *net.IPNet
ipFrom net.IP
ipTo net.IP
reg *regexp.Regexp
}
// 获取新对象
func NewIPRangeConfig() *IPRangeConfig {
return &IPRangeConfig{
Id: stringutil.Rand(16),
}
}
// 从字符串中分析
func ParseIPRange(s string) (*IPRangeConfig, error) {
if len(s) == 0 {
return nil, errors.New("invalid ip range")
}
ipRange := &IPRangeConfig{}
if s == "*" || s == "all" || s == "ALL" || s == "0.0.0.0" {
ipRange.Type = IPRangeTypeAll
return ipRange, nil
}
if strings.Contains(s, "/") {
ipRange.Type = IPRangeTypeCIDR
ipRange.CIDR = strings.Replace(s, " ", "", -1)
} else if strings.Contains(s, "-") {
ipRange.Type = IPRangeTypeRange
pieces := strings.SplitN(s, "-", 2)
ipRange.IPFrom = strings.TrimSpace(pieces[0])
ipRange.IPTo = strings.TrimSpace(pieces[1])
} else if strings.Contains(s, ",") {
ipRange.Type = IPRangeTypeRange
pieces := strings.SplitN(s, ",", 2)
ipRange.IPFrom = strings.TrimSpace(pieces[0])
ipRange.IPTo = strings.TrimSpace(pieces[1])
} else if strings.Contains(s, "*") {
ipRange.Type = IPRangeTypeWildcard
s = "^" + strings.Replace(regexp.QuoteMeta(s), `\*`, `\d+`, -1) + "$"
ipRange.reg = regexp.MustCompile(s)
} else {
ipRange.Type = IPRangeTypeRange
ipRange.IPFrom = s
ipRange.IPTo = s
}
err := ipRange.Validate()
if err != nil {
return nil, err
}
return ipRange, nil
}
// 校验
func (this *IPRangeConfig) Validate() error {
if this.Type == IPRangeTypeCIDR {
if len(this.CIDR) == 0 {
return errors.New("cidr should not be empty")
}
_, cidr, err := net.ParseCIDR(this.CIDR)
if err != nil {
return err
}
this.cidr = cidr
}
if this.Type == IPRangeTypeRange {
this.ipFrom = net.ParseIP(this.IPFrom)
this.ipTo = net.ParseIP(this.IPTo)
if this.ipFrom.To4() == nil && this.ipFrom.To16() == nil {
return errors.New("from ip should in IPv4 or IPV6 format")
}
if this.ipTo.To4() == nil && this.ipTo.To16() == nil {
return errors.New("to ip should in IPv4 or IPV6 format")
}
}
return nil
}
// 是否包含某个IP
func (this *IPRangeConfig) Contains(ipString string) bool {
ip := net.ParseIP(ipString)
if ip.To4() == nil {
return false
}
if this.Type == IPRangeTypeCIDR {
if this.cidr == nil {
return false
}
return this.cidr.Contains(ip)
}
if this.Type == IPRangeTypeRange {
if this.ipFrom == nil || this.ipTo == nil {
return false
}
return bytes.Compare(ip, this.ipFrom) >= 0 && bytes.Compare(ip, this.ipTo) <= 0
}
if this.Type == IPRangeTypeWildcard {
if this.reg == nil {
return false
}
return this.reg.MatchString(ipString)
}
if this.Type == IPRangeTypeAll {
return true
}
return false
}

125
pkg/serverconfigs/shared/ip_range_test.go Normal file
View File

@@ -0,0 +1,125 @@
package shared
import (
"github.com/iwind/TeaGo/assert"
"testing"
)
func TestGeoConfig_Contains(t *testing.T) {
a := assert.NewAssertion(t)
{
geo := NewIPRangeConfig()
geo.Type = IPRangeTypeRange
geo.IPFrom = "192.168.1.100"
geo.IPTo = "192.168.1.110"
a.IsNil(geo.Validate())
a.IsTrue(geo.Contains("192.168.1.100"))
a.IsTrue(geo.Contains("192.168.1.101"))
a.IsTrue(geo.Contains("192.168.1.110"))
a.IsFalse(geo.Contains("192.168.1.111"))
}
{
geo := NewIPRangeConfig()
geo.Type = IPRangeTypeCIDR
geo.CIDR = "192.168.1.1/24"
a.IsNil(geo.Validate())
a.IsTrue(geo.Contains("192.168.1.100"))
a.IsFalse(geo.Contains("192.168.2.100"))
}
{
geo := NewIPRangeConfig()
geo.Type = IPRangeTypeCIDR
geo.CIDR = "192.168.1.1/16"
a.IsNil(geo.Validate())
a.IsTrue(geo.Contains("192.168.2.100"))
}
}
func TestParseIPRange(t *testing.T) {
a := assert.NewAssertion(t)
{
_, err := ParseIPRange("")
a.IsNotNil(err)
}
{
r, err := ParseIPRange("192.168.1.100")
a.IsNil(err)
a.IsTrue(r.IPFrom == r.IPTo)
a.IsTrue(r.IPFrom == "192.168.1.100")
a.IsTrue(r.Contains("192.168.1.100"))
a.IsFalse(r.Contains("192.168.1.99"))
}
{
r, err := ParseIPRange("192.168.1.100/24")
a.IsNil(err)
a.IsTrue(r.CIDR == "192.168.1.100/24")
a.IsTrue(r.Contains("192.168.1.100"))
a.IsTrue(r.Contains("192.168.1.99"))
a.IsFalse(r.Contains("192.168.2.100"))
}
{
r, err := ParseIPRange("192.168.1.100, 192.168.1.200")
a.IsNil(err)
a.IsTrue(r.IPFrom == "192.168.1.100")
a.IsTrue(r.IPTo == "192.168.1.200")
a.IsTrue(r.Contains("192.168.1.100"))
a.IsTrue(r.Contains("192.168.1.150"))
a.IsFalse(r.Contains("192.168.2.100"))
}
{
r, err := ParseIPRange("192.168.1.100-192.168.1.200")
a.IsNil(err)
a.IsTrue(r.IPFrom == "192.168.1.100")
a.IsTrue(r.IPTo == "192.168.1.200")
a.IsTrue(r.Contains("192.168.1.100"))
a.IsTrue(r.Contains("192.168.1.150"))
a.IsFalse(r.Contains("192.168.2.100"))
}
{
r, err := ParseIPRange("all")
a.IsNil(err)
a.IsTrue(r.Type == IPRangeTypeAll)
a.IsTrue(r.Contains("192.168.1.100"))
a.IsTrue(r.Contains("192.168.1.150"))
a.IsTrue(r.Contains("192.168.2.100"))
}
{
r, err := ParseIPRange("192.168.1.*")
a.IsNil(err)
if r != nil {
a.IsTrue(r.Type == IPRangeTypeWildcard)
a.IsTrue(r.Contains("192.168.1.100"))
a.IsFalse(r.Contains("192.168.2.100"))
}
}
{
r, err := ParseIPRange("192.168.*.*")
a.IsNil(err)
if r != nil {
a.IsTrue(r.Type == IPRangeTypeWildcard)
a.IsTrue(r.Contains("192.168.1.100"))
a.IsTrue(r.Contains("192.168.2.100"))
}
}
}
func BenchmarkIPRangeConfig_Contains(b *testing.B) {
r, err := ParseIPRange("192.168.1.*")
if err != nil {
b.Fatal(err)
}
for i := 0; i < b.N; i++ {
_ = r.Contains("192.168.1.100")
}
}