增加“极验-行为验”验证码集成支持

2025-11-03 20:40:25 +08:00 · 2023-11-29 16:58:24 +08:00
parent dc38054f36
commit 616b3ee5d8
6 changed files with 69 additions and 25 deletions
--- a/build/rpc.json
+++ b/build/rpc.json
@@ -19914,8 +19914,8 @@
    },
    {
      "name": "HTTPFirewallPolicy",
-      "code": "message HTTPFirewallPolicy {\n\tint64 id = 1;\n\tstring name = 2;\n\tstring mode = 7;\n\tbool isOn = 3;\n\tstring description = 4;\n\tbytes inboundJSON = 5;\n\tbytes outboundJSON = 6;\n\tint64 serverId = 8;\n\tbool useLocalFirewall = 9;\n\tbytes synFloodJSON = 10;\n}",
-      "doc": ""
+      "code": "message HTTPFirewallPolicy {\n\tint64 id = 1; // 策略ID\n\tstring name = 2; // 名称\n\tstring mode = 7; // 模式\n\tbool isOn = 3; // 是否启用\n\tstring description = 4; // 描述\n\tbytes inboundJSON = 5; // 入站配置\n\tbytes outboundJSON = 6; // 出站配置\n\tint64 serverId = 8; // 所属网站ID（如果为0表示公共策略）\n\tbool useLocalFirewall = 9; // 是否使用本机防火墙\n\tbytes synFloodJSON = 10; // synflood配置\n\tbytes blockOptionsJSON = 11; // 拦截配置\n\tbytes captchaOptionsJSON = 12; // 人机识别配置\n}",
+      "doc": "WAF策略"
    },
    {
      "name": "HTTPFirewallRuleGroup",
--- a/pkg/rpc/pb/model_http_firewall_policy.pb.go
+++ b/pkg/rpc/pb/model_http_firewall_policy.pb.go
@@ -20,21 +20,24 @@ const (
 	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
 )

+// WAF策略
 type HTTPFirewallPolicy struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields

-	Id               int64  `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
-	Name             string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
-	Mode             string `protobuf:"bytes,7,opt,name=mode,proto3" json:"mode,omitempty"`
-	IsOn             bool   `protobuf:"varint,3,opt,name=isOn,proto3" json:"isOn,omitempty"`
-	Description      string `protobuf:"bytes,4,opt,name=description,proto3" json:"description,omitempty"`
-	InboundJSON      []byte `protobuf:"bytes,5,opt,name=inboundJSON,proto3" json:"inboundJSON,omitempty"`
-	OutboundJSON     []byte `protobuf:"bytes,6,opt,name=outboundJSON,proto3" json:"outboundJSON,omitempty"`
-	ServerId         int64  `protobuf:"varint,8,opt,name=serverId,proto3" json:"serverId,omitempty"`
-	UseLocalFirewall bool   `protobuf:"varint,9,opt,name=useLocalFirewall,proto3" json:"useLocalFirewall,omitempty"`
-	SynFloodJSON     []byte `protobuf:"bytes,10,opt,name=synFloodJSON,proto3" json:"synFloodJSON,omitempty"`
+	Id                 int64  `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`                                 // 策略ID
+	Name               string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`                              // 名称
+	Mode               string `protobuf:"bytes,7,opt,name=mode,proto3" json:"mode,omitempty"`                              // 模式
+	IsOn               bool   `protobuf:"varint,3,opt,name=isOn,proto3" json:"isOn,omitempty"`                             // 是否启用
+	Description        string `protobuf:"bytes,4,opt,name=description,proto3" json:"description,omitempty"`                // 描述
+	InboundJSON        []byte `protobuf:"bytes,5,opt,name=inboundJSON,proto3" json:"inboundJSON,omitempty"`                // 入站配置
+	OutboundJSON       []byte `protobuf:"bytes,6,opt,name=outboundJSON,proto3" json:"outboundJSON,omitempty"`              // 出站配置
+	ServerId           int64  `protobuf:"varint,8,opt,name=serverId,proto3" json:"serverId,omitempty"`                     // 所属网站ID（如果为0表示公共策略）
+	UseLocalFirewall   bool   `protobuf:"varint,9,opt,name=useLocalFirewall,proto3" json:"useLocalFirewall,omitempty"`     // 是否使用本机防火墙
+	SynFloodJSON       []byte `protobuf:"bytes,10,opt,name=synFloodJSON,proto3" json:"synFloodJSON,omitempty"`             // synflood配置
+	BlockOptionsJSON   []byte `protobuf:"bytes,11,opt,name=blockOptionsJSON,proto3" json:"blockOptionsJSON,omitempty"`     // 拦截配置
+	CaptchaOptionsJSON []byte `protobuf:"bytes,12,opt,name=captchaOptionsJSON,proto3" json:"captchaOptionsJSON,omitempty"` // 人机识别配置
 }

 func (x *HTTPFirewallPolicy) Reset() {
@@ -139,12 +142,26 @@ func (x *HTTPFirewallPolicy) GetSynFloodJSON() []byte {
 	return nil
 }

+func (x *HTTPFirewallPolicy) GetBlockOptionsJSON() []byte {
+	if x != nil {
+		return x.BlockOptionsJSON
+	}
+	return nil
+}
+
+func (x *HTTPFirewallPolicy) GetCaptchaOptionsJSON() []byte {
+	if x != nil {
+		return x.CaptchaOptionsJSON
+	}
+	return nil
+}
+
 var File_models_model_http_firewall_policy_proto protoreflect.FileDescriptor

 var file_models_model_http_firewall_policy_proto_rawDesc = []byte{
 	0x0a, 0x27, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x73, 0x2f, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x5f, 0x68,
 	0x74, 0x74, 0x70, 0x5f, 0x66, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x5f, 0x70, 0x6f, 0x6c,
-	0x69, 0x63, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x02, 0x70, 0x62, 0x22, 0xb4, 0x02,
+	0x69, 0x63, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x02, 0x70, 0x62, 0x22, 0x90, 0x03,
 	0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f,
 	0x6c, 0x69, 0x63, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03,
 	0x52, 0x02, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01,
@@ -164,8 +181,13 @@ var file_models_model_http_firewall_policy_proto_rawDesc = []byte{
 	0x75, 0x73, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c,
 	0x12, 0x22, 0x0a, 0x0c, 0x73, 0x79, 0x6e, 0x46, 0x6c, 0x6f, 0x6f, 0x64, 0x4a, 0x53, 0x4f, 0x4e,
 	0x18, 0x0a, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0c, 0x73, 0x79, 0x6e, 0x46, 0x6c, 0x6f, 0x6f, 0x64,
-	0x4a, 0x53, 0x4f, 0x4e, 0x42, 0x06, 0x5a, 0x04, 0x2e, 0x2f, 0x70, 0x62, 0x62, 0x06, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x33,
+	0x4a, 0x53, 0x4f, 0x4e, 0x12, 0x2a, 0x0a, 0x10, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x4f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x73, 0x4a, 0x53, 0x4f, 0x4e, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x10,
+	0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x4a, 0x53, 0x4f, 0x4e,
+	0x12, 0x2e, 0x0a, 0x12, 0x63, 0x61, 0x70, 0x74, 0x63, 0x68, 0x61, 0x4f, 0x70, 0x74, 0x69, 0x6f,
+	0x6e, 0x73, 0x4a, 0x53, 0x4f, 0x4e, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x12, 0x63, 0x61,
+	0x70, 0x74, 0x63, 0x68, 0x61, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x4a, 0x53, 0x4f, 0x4e,
+	0x42, 0x06, 0x5a, 0x04, 0x2e, 0x2f, 0x70, 0x62, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }

 var (
--- a/pkg/rpc/protos/models/model_http_firewall_policy.proto
+++ b/pkg/rpc/protos/models/model_http_firewall_policy.proto
@@ -3,15 +3,18 @@ option go_package = "./pb";

 package pb;

+// WAF策略
 message HTTPFirewallPolicy {
-	int64 id = 1;
-	string name = 2;
-	string mode = 7;
-	bool isOn = 3;
-	string description = 4;
-	bytes inboundJSON = 5;
-	bytes outboundJSON = 6;
-	int64 serverId = 8;
-	bool useLocalFirewall = 9;
-	bytes synFloodJSON = 10;
+	int64 id = 1; // 策略ID
+	string name = 2; // 名称
+	string mode = 7; // 模式
+	bool isOn = 3; // 是否启用
+	string description = 4; // 描述
+	bytes inboundJSON = 5; // 入站配置
+	bytes outboundJSON = 6; // 出站配置
+	int64 serverId = 8; // 所属网站ID（如果为0表示公共策略）
+	bool useLocalFirewall = 9; // 是否使用本机防火墙
+	bytes synFloodJSON = 10; // synflood配置
+	bytes blockOptionsJSON = 11; // 拦截配置
+	bytes captchaOptionsJSON = 12; // 人机识别配置
 }
--- a/pkg/serverconfigs/firewallconfigs/captcha_types.go
+++ b/pkg/serverconfigs/firewallconfigs/captcha_types.go
@@ -10,6 +10,7 @@ const (
 	CaptchaTypeDefault  CaptchaType = "default"
 	CaptchaTypeOneClick CaptchaType = "oneClick"
 	CaptchaTypeSlide    CaptchaType = "slide"
+	CaptchaTypeGeeTest  CaptchaType = "geetest"
 )

 // FindAllCaptchaTypes Find all captcha types
@@ -30,6 +31,11 @@ func FindAllCaptchaTypes() []*shared.Definition {
 			Name:        "滑动解锁",
 			Description: "通过滑动方块解锁来验证人机。",
 		},
+		{
+			Code:        CaptchaTypeGeeTest,
+			Name:        "极验-行为验",
+			Description: "使用极验-行为验提供的人机验证方式。",
+		},
 	}
 }

--- a/pkg/serverconfigs/firewallconfigs/http_firewall_action_captcha.go
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_action_captcha.go
@@ -1,5 +1,11 @@
 package firewallconfigs

+type GeeTestConfig struct {
+	IsOn       bool   `yaml:"isOn" json:"isOn"`
+	CaptchaId  string `yaml:"captchaId" json:"captchaId"`
+	CaptchaKey string `yaml:"captchaKey" json:"captchaKey"`
+}
+
 type HTTPFirewallCaptchaAction struct {
 	IsPrior bool `yaml:"isPrior" json:"isPrior"`

@@ -10,6 +16,8 @@ type HTTPFirewallCaptchaAction struct {
 	FailBlockTimeout  int   `yaml:"failBlockTimeout" json:"failBlockTimeout"`   // 失败拦截时间
 	FailBlockScopeAll bool  `yaml:"failBlockScopeAll" json:"failBlockScopeAll"` // 是否全局有效

+	// 验证码相关配置
+
 	CountLetters int8 `yaml:"countLetters" json:"countLetters"` // 字符数量

 	UIIsOn          bool   `yaml:"uiIsOn" json:"uiIsOn"`                   // 是否使用自定义UI
@@ -24,6 +32,10 @@ type HTTPFirewallCaptchaAction struct {
 	CookieId string `yaml:"cookieId" json:"cookieId"` // TODO

 	Lang string `yaml:"lang" json:"lang"` // 语言，zh-CN, en-US ... TODO 需要实现，目前是根据浏览器Accept-Language动态获取
+
+	// 极验相关配置
+	// MUST be struct
+	GeeTestConfig GeeTestConfig `yaml:"geeTestConfig" json:"geeTestConfig"`
 }

 func DefaultHTTPFirewallCaptchaAction() *HTTPFirewallCaptchaAction {
--- a/pkg/serverconfigs/firewallconfigs/http_firewall_ref.go
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_ref.go
@@ -7,6 +7,7 @@ const (
 	ServerCaptchaTypeDefault  ServerCaptchaType = CaptchaTypeDefault
 	ServerCaptchaTypeOneClick ServerCaptchaType = CaptchaTypeOneClick
 	ServerCaptchaTypeSlide    ServerCaptchaType = CaptchaTypeSlide
+	ServerCaptchaTypeGeeTest  ServerCaptchaType = CaptchaTypeGeeTest
 )

 type HTTPFirewallRef struct {