From 67d3f2eb5c508da17e76ec240a9acbbfb6347ae9 Mon Sep 17 00:00:00 2001
From: GoEdgeLab <goedgecloud@gmail.com>
Date: Thu, 25 May 2023 12:02:25 +0800
Subject: [PATCH] =?UTF-8?q?WAF=E5=9B=BD=E5=AE=B6/=E5=9C=B0=E5=8C=BA?=
 =?UTF-8?q?=E5=B0=81=E7=A6=81=E3=80=81=E7=9C=81=E4=BB=BD=E5=B0=81=E7=A6=81?=
 =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E4=BE=8B=E5=A4=96URL=E3=80=81=E9=99=90?=
 =?UTF-8?q?=E5=88=B6URL?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../http_firewall_region_config.go            | 81 +++++++++++++++++++
 1 file changed, 81 insertions(+)

diff --git a/pkg/serverconfigs/firewallconfigs/http_firewall_region_config.go b/pkg/serverconfigs/firewallconfigs/http_firewall_region_config.go
index 9edcfde..71ce515 100644
--- a/pkg/serverconfigs/firewallconfigs/http_firewall_region_config.go
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_region_config.go
@@ -1,18 +1,99 @@
 package firewallconfigs
 
+import "github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
+
 type HTTPFirewallRegionConfig struct {
 	IsOn            bool    `yaml:"isOn" json:"isOn"`
 	DenyCountryIds  []int64 `yaml:"denyCountryIds" json:"denyCountryIds"`   // 封禁的国家|地区
 	DenyProvinceIds []int64 `yaml:"denyProvinceIds" json:"denyProvinceIds"` // 封禁的省或自治区
 
+	CountryOnlyURLPatterns   []*shared.URLPattern `yaml:"countryOnlyURLPatterns" json:"countryOnlyURLPatterns"`     // 仅限的URL
+	CountryExceptURLPatterns []*shared.URLPattern `yaml:"countryExceptURLPatterns" json:"countryExceptURLPatterns"` // 排除的URL
+
+	ProvinceOnlyURLPatterns   []*shared.URLPattern `yaml:"provinceOnlyURLPatterns" json:"provinceOnlyURLPatterns"`     // 仅限的URL
+	ProvinceExceptURLPatterns []*shared.URLPattern `yaml:"provinceExceptURLPatterns" json:"provinceExceptURLPatterns"` // 排除的URL
+
 	isNotEmpty bool
 }
 
 func (this *HTTPFirewallRegionConfig) Init() error {
 	this.isNotEmpty = len(this.DenyCountryIds) > 0 || len(this.DenyProvinceIds) > 0
+
+	for _, pattern := range this.CountryExceptURLPatterns {
+		err := pattern.Init()
+		if err != nil {
+			return err
+		}
+	}
+
+	for _, pattern := range this.CountryOnlyURLPatterns {
+		err := pattern.Init()
+		if err != nil {
+			return err
+		}
+	}
+
+	for _, pattern := range this.ProvinceExceptURLPatterns {
+		err := pattern.Init()
+		if err != nil {
+			return err
+		}
+	}
+
+	for _, pattern := range this.ProvinceOnlyURLPatterns {
+		err := pattern.Init()
+		if err != nil {
+			return err
+		}
+	}
+
 	return nil
 }
 
 func (this *HTTPFirewallRegionConfig) IsNotEmpty() bool {
 	return this.isNotEmpty
 }
+
+func (this *HTTPFirewallRegionConfig) MatchCountryURL(url string) bool {
+	// except
+	if len(this.CountryExceptURLPatterns) > 0 {
+		for _, pattern := range this.CountryExceptURLPatterns {
+			if pattern.Match(url) {
+				return false
+			}
+		}
+	}
+
+	if len(this.CountryOnlyURLPatterns) > 0 {
+		for _, pattern := range this.CountryOnlyURLPatterns {
+			if pattern.Match(url) {
+				return true
+			}
+		}
+		return false
+	}
+
+	return true
+}
+
+func (this *HTTPFirewallRegionConfig) MatchProvinceURL(url string) bool {
+	// except
+	if len(this.ProvinceExceptURLPatterns) > 0 {
+		for _, pattern := range this.ProvinceExceptURLPatterns {
+			if pattern.Match(url) {
+				return false
+			}
+		}
+	}
+
+	if len(this.ProvinceOnlyURLPatterns) > 0 {
+		for _, pattern := range this.ProvinceOnlyURLPatterns {
+			if pattern.Match(url) {
+				return true
+			}
+		}
+		return false
+	}
+
+	return true
+}