TRKJ/EdgeCommon
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeCommon.git synced 2025-12-01 10:10:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

WAF支持更多动作

Browse Source
This commit is contained in:
刘祥超
2021-07-14 22:46:31 +08:00
parent b4c72dc8f4
commit 66f04de8c1
16 changed files with 309 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

86
pkg/rpc/dao/http_firewall_policy_dao.go
View File

@@ -7,16 +7,17 @@ import (
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/ipconfigs"
"github.com/iwind/TeaGo/maps"
)
var SharedHTTPFirewallPolicyDAO = new(HTTPFirewallPolicyDAO)
// WAF策略相关
// HTTPFirewallPolicyDAO WAF策略相关
type HTTPFirewallPolicyDAO struct {
BaseDAO
}
// 查找WAF策略基本信息
// FindEnabledHTTPFirewallPolicy 查找WAF策略基本信息
func (this *HTTPFirewallPolicyDAO) FindEnabledHTTPFirewallPolicy(ctx context.Context, policyId int64) (*pb.HTTPFirewallPolicy, error) {
resp, err := this.RPC().HTTPFirewallPolicyRPC().FindEnabledHTTPFirewallPolicy(ctx, &pb.FindEnabledHTTPFirewallPolicyRequest{HttpFirewallPolicyId: policyId})
if err != nil {
@@ -25,7 +26,7 @@ func (this *HTTPFirewallPolicyDAO) FindEnabledHTTPFirewallPolicy(ctx context.Con
return resp.HttpFirewallPolicy, nil
}
// 查找WAF策略配置
// FindEnabledHTTPFirewallPolicyConfig 查找WAF策略配置
func (this *HTTPFirewallPolicyDAO) FindEnabledHTTPFirewallPolicyConfig(ctx context.Context, policyId int64) (*firewallconfigs.HTTPFirewallPolicy, error) {
resp, err := this.RPC().HTTPFirewallPolicyRPC().FindEnabledHTTPFirewallPolicyConfig(ctx, &pb.FindEnabledHTTPFirewallPolicyConfigRequest{HttpFirewallPolicyId: policyId})
if err != nil {
@@ -42,7 +43,7 @@ func (this *HTTPFirewallPolicyDAO) FindEnabledHTTPFirewallPolicyConfig(ctx conte
return firewallPolicy, nil
}
// 查找WAF的Inbound
// FindEnabledHTTPFirewallPolicyInboundConfig 查找WAF的Inbound
func (this *HTTPFirewallPolicyDAO) FindEnabledHTTPFirewallPolicyInboundConfig(ctx context.Context, policyId int64) (*firewallconfigs.HTTPFirewallInboundConfig, error) {
config, err := this.FindEnabledHTTPFirewallPolicyConfig(ctx, policyId)
if err != nil {
@@ -54,7 +55,7 @@ func (this *HTTPFirewallPolicyDAO) FindEnabledHTTPFirewallPolicyInboundConfig(ct
return config.Inbound, nil
}
// 根据类型查找WAF的IP名单
// FindEnabledPolicyIPListIdWithType 根据类型查找WAF的IP名单
func (this *HTTPFirewallPolicyDAO) FindEnabledPolicyIPListIdWithType(ctx context.Context, policyId int64, listType ipconfigs.IPListType) (int64, error) {
switch listType {
case ipconfigs.IPListTypeWhite:
@@ -66,7 +67,7 @@ func (this *HTTPFirewallPolicyDAO) FindEnabledPolicyIPListIdWithType(ctx context
}
}
// 查找WAF的白名单
// FindEnabledPolicyWhiteIPListId 查找WAF的白名单
func (this *HTTPFirewallPolicyDAO) FindEnabledPolicyWhiteIPListId(ctx context.Context, policyId int64) (int64, error) {
config, err := this.FindEnabledHTTPFirewallPolicyConfig(ctx, policyId)
if err != nil {
@@ -110,7 +111,7 @@ func (this *HTTPFirewallPolicyDAO) FindEnabledPolicyWhiteIPListId(ctx context.Co
return config.Inbound.AllowListRef.ListId, nil
}
// 查找WAF的黑名单
// FindEnabledPolicyBlackIPListId 查找WAF的黑名单
func (this *HTTPFirewallPolicyDAO) FindEnabledPolicyBlackIPListId(ctx context.Context, policyId int64) (int64, error) {
config, err := this.FindEnabledHTTPFirewallPolicyConfig(ctx, policyId)
if err != nil {
@@ -154,7 +155,7 @@ func (this *HTTPFirewallPolicyDAO) FindEnabledPolicyBlackIPListId(ctx context.Co
return config.Inbound.DenyListRef.ListId, nil
}
// 根据服务Id查找WAF策略
// FindEnabledHTTPFirewallPolicyWithServerId 根据服务Id查找WAF策略
func (this *HTTPFirewallPolicyDAO) FindEnabledHTTPFirewallPolicyWithServerId(ctx context.Context, serverId int64) (*pb.HTTPFirewallPolicy, error) {
serverResp, err := this.RPC().ServerRPC().FindEnabledServer(ctx, &pb.FindEnabledServerRequest{ServerId: serverId})
if err != nil {
@@ -180,3 +181,72 @@ func (this *HTTPFirewallPolicyDAO) FindEnabledHTTPFirewallPolicyWithServerId(ctx
}
return SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicy(ctx, cluster.HttpFirewallPolicyId)
}
// FindHTTPFirewallActionConfigs 查找动作相关信息
func (this *HTTPFirewallPolicyDAO) FindHTTPFirewallActionConfigs(ctx context.Context, actions []*firewallconfigs.HTTPFirewallActionConfig) ([]maps.Map, error) {
var actionConfigs = []maps.Map{}
for _, action := range actions {
def := firewallconfigs.FindActionDefinition(action.Code)
if def == nil {
continue
}
if action.Options == nil {
action.Options = maps.Map{}
}
switch action.Code {
case firewallconfigs.HTTPFirewallActionRecordIP:
listId := action.Options.GetInt64("ipListId")
listResp, err := this.RPC().IPListRPC().FindEnabledIPList(ctx, &pb.FindEnabledIPListRequest{IpListId: listId})
if err != nil {
return nil, err
}
if listResp.IpList != nil {
action.Options["ipListName"] = listResp.IpList.Name
} else {
action.Options["ipListName"] = action.Options.GetString("ipListName") + "(已删除)"
}
case firewallconfigs.HTTPFirewallActionGoGroup:
groupId := action.Options.GetInt64("groupId")
groupResp, err := this.RPC().HTTPFirewallRuleGroupRPC().FindEnabledHTTPFirewallRuleGroup(ctx, &pb.FindEnabledHTTPFirewallRuleGroupRequest{FirewallRuleGroupId: groupId})
if err != nil {
return nil, err
}
if groupResp.FirewallRuleGroup != nil {
action.Options["groupName"] = groupResp.FirewallRuleGroup.Name
} else {
action.Options["groupName"] = action.Options.GetString("groupName") + "(已删除)"
}
case firewallconfigs.HTTPFirewallActionGoSet:
groupId := action.Options.GetInt64("groupId")
groupResp, err := this.RPC().HTTPFirewallRuleGroupRPC().FindEnabledHTTPFirewallRuleGroup(ctx, &pb.FindEnabledHTTPFirewallRuleGroupRequest{FirewallRuleGroupId: groupId})
if err != nil {
return nil, err
}
if groupResp.FirewallRuleGroup != nil {
action.Options["groupName"] = groupResp.FirewallRuleGroup.Name
} else {
action.Options["groupName"] = action.Options.GetString("groupName") + "(已删除)"
}
setId := action.Options.GetInt64("setId")
setResp, err := this.RPC().HTTPFirewallRuleSetRPC().FindEnabledHTTPFirewallRuleSet(ctx, &pb.FindEnabledHTTPFirewallRuleSetRequest{FirewallRuleSetId: setId})
if err != nil {
return nil, err
}
if setResp.FirewallRuleSet != nil {
action.Options["setName"] = setResp.FirewallRuleSet.Name
} else {
action.Options["setName"] = action.Options.GetString("setName") + "(已删除)"
}
}
actionConfigs = append(actionConfigs, maps.Map{
"name": def.Name,
"code": def.Code,
"category": def.Category,
"options": action.Options,
})
}
return actionConfigs, nil
}