TRKJ/EdgeCommon
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeCommon.git synced 2025-11-03 20:40:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

增加IP级别和WAF动作相关接口和配置

Browse Source
This commit is contained in:
刘祥超
2021-02-06 17:37:27 +08:00
parent 310872f1d6
commit 6b2cbc2939
12 changed files with 1529 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
pkg/nodeconfigs/node_config.go
View File

@@ -29,10 +29,11 @@ type NodeConfig struct {
GlobalConfig *serverconfigs.GlobalConfig `yaml:"globalConfig" json:"globalConfig"` // 全局配置
// 集群统一配置
HTTPFirewallPolicy *firewallconfigs.HTTPFirewallPolicy `yaml:"httpFirewallPolicy" json:"httpFirewallPolicy"`
HTTPCachePolicy *serverconfigs.HTTPCachePolicy `yaml:"httpCachePolicy" json:"httpCachePolicy"`
TOA *TOAConfig `yaml:"toa" json:"toa"`
SystemServices map[string]maps.Map `yaml:"systemServices" json:"systemServices"` // 系统服务配置 type => params
HTTPFirewallPolicy *firewallconfigs.HTTPFirewallPolicy `yaml:"httpFirewallPolicy" json:"httpFirewallPolicy"`
HTTPCachePolicy *serverconfigs.HTTPCachePolicy `yaml:"httpCachePolicy" json:"httpCachePolicy"`
TOA *TOAConfig `yaml:"toa" json:"toa"`
SystemServices map[string]maps.Map `yaml:"systemServices" json:"systemServices"` // 系统服务配置 type => params
FirewallActions []*firewallconfigs.FirewallActionConfig `yaml:"firewallActions" json:"firewallActions"`
paddedId string
@@ -129,6 +130,14 @@ func (this *NodeConfig) Init() error {
}
}
// firewall actions
for _, action := range this.FirewallActions {
err := action.Init()
if err != nil {
return err
}
}
return nil
}

43
pkg/rpc/pb/model_ip_item.pb.go
View File

@@ -30,15 +30,17 @@ type IPItem struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
Id int64 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
IpFrom string `protobuf:"bytes,2,opt,name=ipFrom,proto3" json:"ipFrom,omitempty"`
IpTo string `protobuf:"bytes,3,opt,name=ipTo,proto3" json:"ipTo,omitempty"`
Version int64 `protobuf:"varint,4,opt,name=version,proto3" json:"version,omitempty"`
ExpiredAt int64 `protobuf:"varint,5,opt,name=expiredAt,proto3" json:"expiredAt,omitempty"`
Reason string `protobuf:"bytes,6,opt,name=reason,proto3" json:"reason,omitempty"`
ListId int64 `protobuf:"varint,7,opt,name=listId,proto3" json:"listId,omitempty"`
IsDeleted bool `protobuf:"varint,8,opt,name=isDeleted,proto3" json:"isDeleted,omitempty"`
Type string `protobuf:"bytes,9,opt,name=type,proto3" json:"type,omitempty"`
Id int64 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
IpFrom string `protobuf:"bytes,2,opt,name=ipFrom,proto3" json:"ipFrom,omitempty"`
IpTo string `protobuf:"bytes,3,opt,name=ipTo,proto3" json:"ipTo,omitempty"`
Version int64 `protobuf:"varint,4,opt,name=version,proto3" json:"version,omitempty"`
ExpiredAt int64 `protobuf:"varint,5,opt,name=expiredAt,proto3" json:"expiredAt,omitempty"`
Reason string `protobuf:"bytes,6,opt,name=reason,proto3" json:"reason,omitempty"`
ListId int64 `protobuf:"varint,7,opt,name=listId,proto3" json:"listId,omitempty"`
IsDeleted bool `protobuf:"varint,8,opt,name=isDeleted,proto3" json:"isDeleted,omitempty"`
Type string `protobuf:"bytes,9,opt,name=type,proto3" json:"type,omitempty"`
EventLevel string `protobuf:"bytes,10,opt,name=eventLevel,proto3" json:"eventLevel,omitempty"` // 级别
ListType string `protobuf:"bytes,11,opt,name=listType,proto3" json:"listType,omitempty"` // 所在名单类型加此字段是为了快速定位IP的性质
}
func (x *IPItem) Reset() {
@@ -136,12 +138,26 @@ func (x *IPItem) GetType() string {
return ""
}
func (x *IPItem) GetEventLevel() string {
if x != nil {
return x.EventLevel
}
return ""
}
func (x *IPItem) GetListType() string {
if x != nil {
return x.ListType
}
return ""
}
var File_models_model_ip_item_proto protoreflect.FileDescriptor
var file_models_model_ip_item_proto_rawDesc = []byte{
0x0a, 0x1a, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x73, 0x2f, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x5f, 0x69,
0x70, 0x5f, 0x69, 0x74, 0x65, 0x6d, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x02, 0x70, 0x62,
0x22, 0xde, 0x01, 0x0a, 0x06, 0x49, 0x50, 0x49, 0x74, 0x65, 0x6d, 0x12, 0x0e, 0x0a, 0x02, 0x69,
0x22, 0x9a, 0x02, 0x0a, 0x06, 0x49, 0x50, 0x49, 0x74, 0x65, 0x6d, 0x12, 0x0e, 0x0a, 0x02, 0x69,
0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x69,
0x70, 0x46, 0x72, 0x6f, 0x6d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x69, 0x70, 0x46,
0x72, 0x6f, 0x6d, 0x12, 0x12, 0x0a, 0x04, 0x69, 0x70, 0x54, 0x6f, 0x18, 0x03, 0x20, 0x01, 0x28,
@@ -155,8 +171,11 @@ var file_models_model_ip_item_proto_rawDesc = []byte{
0x1c, 0x0a, 0x09, 0x69, 0x73, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x18, 0x08, 0x20, 0x01,
0x28, 0x08, 0x52, 0x09, 0x69, 0x73, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x12, 0x12, 0x0a,
0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70,
0x65, 0x42, 0x06, 0x5a, 0x04, 0x2e, 0x2f, 0x70, 0x62, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f,
0x33,
0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x18,
0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x4c, 0x65, 0x76, 0x65,
0x6c, 0x12, 0x1a, 0x0a, 0x08, 0x6c, 0x69, 0x73, 0x74, 0x54, 0x79, 0x70, 0x65, 0x18, 0x0b, 0x20,
0x01, 0x28, 0x09, 0x52, 0x08, 0x6c, 0x69, 0x73, 0x74, 0x54, 0x79, 0x70, 0x65, 0x42, 0x06, 0x5a,
0x04, 0x2e, 0x2f, 0x70, 0x62, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
}
var (

198
pkg/rpc/pb/model_node_cluster_firewall_action.pb.go Normal file
View File

@@ -0,0 +1,198 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.25.0
// protoc v3.12.3
// source: models/model_node_cluster_firewall_action.proto
package pb
import (
proto "github.com/golang/protobuf/proto"
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
reflect "reflect"
sync "sync"
)
const (
// Verify that this generated code is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
// Verify that runtime/protoimpl is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
)
// This is a compile-time assertion that a sufficiently up-to-date version
// of the legacy proto package is being used.
const _ = proto.ProtoPackageIsVersion4
type NodeClusterFirewallAction struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
Id int64 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
NodeClusterId int64 `protobuf:"varint,2,opt,name=nodeClusterId,proto3" json:"nodeClusterId,omitempty"`
Name string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"`
EventLevel string `protobuf:"bytes,4,opt,name=eventLevel,proto3" json:"eventLevel,omitempty"`
ParamsJSON []byte `protobuf:"bytes,5,opt,name=paramsJSON,proto3" json:"paramsJSON,omitempty"`
Type string `protobuf:"bytes,6,opt,name=type,proto3" json:"type,omitempty"`
}
func (x *NodeClusterFirewallAction) Reset() {
*x = NodeClusterFirewallAction{}
if protoimpl.UnsafeEnabled {
mi := &file_models_model_node_cluster_firewall_action_proto_msgTypes[0]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
}
func (x *NodeClusterFirewallAction) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*NodeClusterFirewallAction) ProtoMessage() {}
func (x *NodeClusterFirewallAction) ProtoReflect() protoreflect.Message {
mi := &file_models_model_node_cluster_firewall_action_proto_msgTypes[0]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use NodeClusterFirewallAction.ProtoReflect.Descriptor instead.
func (*NodeClusterFirewallAction) Descriptor() ([]byte, []int) {
return file_models_model_node_cluster_firewall_action_proto_rawDescGZIP(), []int{0}
}
func (x *NodeClusterFirewallAction) GetId() int64 {
if x != nil {
return x.Id
}
return 0
}
func (x *NodeClusterFirewallAction) GetNodeClusterId() int64 {
if x != nil {
return x.NodeClusterId
}
return 0
}
func (x *NodeClusterFirewallAction) GetName() string {
if x != nil {
return x.Name
}
return ""
}
func (x *NodeClusterFirewallAction) GetEventLevel() string {
if x != nil {
return x.EventLevel
}
return ""
}
func (x *NodeClusterFirewallAction) GetParamsJSON() []byte {
if x != nil {
return x.ParamsJSON
}
return nil
}
func (x *NodeClusterFirewallAction) GetType() string {
if x != nil {
return x.Type
}
return ""
}
var File_models_model_node_cluster_firewall_action_proto protoreflect.FileDescriptor
var file_models_model_node_cluster_firewall_action_proto_rawDesc = []byte{
0x0a, 0x2f, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x73, 0x2f, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x5f, 0x6e,
0x6f, 0x64, 0x65, 0x5f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x5f, 0x66, 0x69, 0x72, 0x65,
0x77, 0x61, 0x6c, 0x6c, 0x5f, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74,
0x6f, 0x12, 0x02, 0x70, 0x62, 0x22, 0xb9, 0x01, 0x0a, 0x19, 0x4e, 0x6f, 0x64, 0x65, 0x43, 0x6c,
0x75, 0x73, 0x74, 0x65, 0x72, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x41, 0x63, 0x74,
0x69, 0x6f, 0x6e, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52,
0x02, 0x69, 0x64, 0x12, 0x24, 0x0a, 0x0d, 0x6e, 0x6f, 0x64, 0x65, 0x43, 0x6c, 0x75, 0x73, 0x74,
0x65, 0x72, 0x49, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0d, 0x6e, 0x6f, 0x64, 0x65,
0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x49, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d,
0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1e, 0x0a,
0x0a, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28,
0x09, 0x52, 0x0a, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x1e, 0x0a,
0x0a, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x4a, 0x53, 0x4f, 0x4e, 0x18, 0x05, 0x20, 0x01, 0x28,
0x0c, 0x52, 0x0a, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x4a, 0x53, 0x4f, 0x4e, 0x12, 0x12, 0x0a,
0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70,
0x65, 0x42, 0x06, 0x5a, 0x04, 0x2e, 0x2f, 0x70, 0x62, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f,
0x33,
}
var (
file_models_model_node_cluster_firewall_action_proto_rawDescOnce sync.Once
file_models_model_node_cluster_firewall_action_proto_rawDescData = file_models_model_node_cluster_firewall_action_proto_rawDesc
)
func file_models_model_node_cluster_firewall_action_proto_rawDescGZIP() []byte {
file_models_model_node_cluster_firewall_action_proto_rawDescOnce.Do(func() {
file_models_model_node_cluster_firewall_action_proto_rawDescData = protoimpl.X.CompressGZIP(file_models_model_node_cluster_firewall_action_proto_rawDescData)
})
return file_models_model_node_cluster_firewall_action_proto_rawDescData
}
var file_models_model_node_cluster_firewall_action_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
var file_models_model_node_cluster_firewall_action_proto_goTypes = []interface{}{
(*NodeClusterFirewallAction)(nil), // 0: pb.NodeClusterFirewallAction
}
var file_models_model_node_cluster_firewall_action_proto_depIdxs = []int32{
0, // [0:0] is the sub-list for method output_type
0, // [0:0] is the sub-list for method input_type
0, // [0:0] is the sub-list for extension type_name
0, // [0:0] is the sub-list for extension extendee
0, // [0:0] is the sub-list for field type_name
}
func init() { file_models_model_node_cluster_firewall_action_proto_init() }
func file_models_model_node_cluster_firewall_action_proto_init() {
if File_models_model_node_cluster_firewall_action_proto != nil {
return
}
if !protoimpl.UnsafeEnabled {
file_models_model_node_cluster_firewall_action_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*NodeClusterFirewallAction); i {
case 0:
return &v.state
case 1:
return &v.sizeCache
case 2:
return &v.unknownFields
default:
return nil
}
}
}
type x struct{}
out := protoimpl.TypeBuilder{
File: protoimpl.DescBuilder{
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
RawDescriptor: file_models_model_node_cluster_firewall_action_proto_rawDesc,
NumEnums: 0,
NumMessages: 1,
NumExtensions: 0,
NumServices: 0,
},
GoTypes: file_models_model_node_cluster_firewall_action_proto_goTypes,
DependencyIndexes: file_models_model_node_cluster_firewall_action_proto_depIdxs,
MessageInfos: file_models_model_node_cluster_firewall_action_proto_msgTypes,
}.Build()
File_models_model_node_cluster_firewall_action_proto = out.File
file_models_model_node_cluster_firewall_action_proto_rawDesc = nil
file_models_model_node_cluster_firewall_action_proto_goTypes = nil
file_models_model_node_cluster_firewall_action_proto_depIdxs = nil
}

52
pkg/rpc/pb/service_ip_item.pb.go
View File

@@ -35,12 +35,13 @@ type CreateIPItemRequest struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
IpListId int64 `protobuf:"varint,1,opt,name=ipListId,proto3" json:"ipListId,omitempty"` // IP列表ID
IpFrom string `protobuf:"bytes,2,opt,name=ipFrom,proto3" json:"ipFrom,omitempty"` // 开始IP
IpTo string `protobuf:"bytes,3,opt,name=ipTo,proto3" json:"ipTo,omitempty"` // 结束IP可选
ExpiredAt int64 `protobuf:"varint,4,opt,name=expiredAt,proto3" json:"expiredAt,omitempty"` // 过期时间戳(可选)
Reason string `protobuf:"bytes,5,opt,name=reason,proto3" json:"reason,omitempty"` // 加入理由(可选)
Type string `protobuf:"bytes,6,opt,name=type,proto3" json:"type,omitempty"` // 类型
IpListId int64 `protobuf:"varint,1,opt,name=ipListId,proto3" json:"ipListId,omitempty"` // IP列表ID
IpFrom string `protobuf:"bytes,2,opt,name=ipFrom,proto3" json:"ipFrom,omitempty"` // 开始IP
IpTo string `protobuf:"bytes,3,opt,name=ipTo,proto3" json:"ipTo,omitempty"` // 结束IP可选
ExpiredAt int64 `protobuf:"varint,4,opt,name=expiredAt,proto3" json:"expiredAt,omitempty"` // 过期时间戳(可选)
Reason string `protobuf:"bytes,5,opt,name=reason,proto3" json:"reason,omitempty"` // 加入理由(可选)
Type string `protobuf:"bytes,6,opt,name=type,proto3" json:"type,omitempty"` // 类型
EventLevel string `protobuf:"bytes,7,opt,name=eventLevel,proto3" json:"eventLevel,omitempty"` // 级别
}
func (x *CreateIPItemRequest) Reset() {
@@ -117,6 +118,13 @@ func (x *CreateIPItemRequest) GetType() string {
return ""
}
func (x *CreateIPItemRequest) GetEventLevel() string {
if x != nil {
return x.EventLevel
}
return ""
}
type CreateIPItemResponse struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
@@ -170,12 +178,13 @@ type UpdateIPItemRequest struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
IpItemId int64 `protobuf:"varint,1,opt,name=ipItemId,proto3" json:"ipItemId,omitempty"`
IpFrom string `protobuf:"bytes,2,opt,name=ipFrom,proto3" json:"ipFrom,omitempty"`
IpTo string `protobuf:"bytes,3,opt,name=ipTo,proto3" json:"ipTo,omitempty"`
ExpiredAt int64 `protobuf:"varint,4,opt,name=expiredAt,proto3" json:"expiredAt,omitempty"`
Reason string `protobuf:"bytes,5,opt,name=reason,proto3" json:"reason,omitempty"`
Type string `protobuf:"bytes,6,opt,name=type,proto3" json:"type,omitempty"` // 类型
IpItemId int64 `protobuf:"varint,1,opt,name=ipItemId,proto3" json:"ipItemId,omitempty"`
IpFrom string `protobuf:"bytes,2,opt,name=ipFrom,proto3" json:"ipFrom,omitempty"`
IpTo string `protobuf:"bytes,3,opt,name=ipTo,proto3" json:"ipTo,omitempty"`
ExpiredAt int64 `protobuf:"varint,4,opt,name=expiredAt,proto3" json:"expiredAt,omitempty"`
Reason string `protobuf:"bytes,5,opt,name=reason,proto3" json:"reason,omitempty"`
Type string `protobuf:"bytes,6,opt,name=type,proto3" json:"type,omitempty"` // 类型
EventLevel string `protobuf:"bytes,7,opt,name=eventLevel,proto3" json:"eventLevel,omitempty"` // 级别
}
func (x *UpdateIPItemRequest) Reset() {
@@ -252,6 +261,13 @@ func (x *UpdateIPItemRequest) GetType() string {
return ""
}
func (x *UpdateIPItemRequest) GetEventLevel() string {
if x != nil {
return x.EventLevel
}
return ""
}
// 删除IP
type DeleteIPItemRequest struct {
state protoimpl.MessageState
@@ -665,7 +681,7 @@ var file_service_ip_item_proto_rawDesc = []byte{
0x65, 0x6c, 0x73, 0x2f, 0x72, 0x70, 0x63, 0x5f, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x73,
0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1a, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x73, 0x2f, 0x6d,
0x6f, 0x64, 0x65, 0x6c, 0x5f, 0x69, 0x70, 0x5f, 0x69, 0x74, 0x65, 0x6d, 0x2e, 0x70, 0x72, 0x6f,
0x74, 0x6f, 0x22, 0xa7, 0x01, 0x0a, 0x13, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x49, 0x50, 0x49,
0x74, 0x6f, 0x22, 0xc7, 0x01, 0x0a, 0x13, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x49, 0x50, 0x49,
0x74, 0x65, 0x6d, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x70,
0x4c, 0x69, 0x73, 0x74, 0x49, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x69, 0x70,
0x4c, 0x69, 0x73, 0x74, 0x49, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x69, 0x70, 0x46, 0x72, 0x6f, 0x6d,
@@ -675,11 +691,13 @@ var file_service_ip_item_proto_rawDesc = []byte{
0x04, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x64, 0x41, 0x74,
0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09,
0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65,
0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x22, 0x32, 0x0a, 0x14,
0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x1e, 0x0a, 0x0a,
0x65, 0x76, 0x65, 0x6e, 0x74, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09,
0x52, 0x0a, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x22, 0x32, 0x0a, 0x14,
0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x49, 0x50, 0x49, 0x74, 0x65, 0x6d, 0x52, 0x65, 0x73, 0x70,
0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x70, 0x49, 0x74, 0x65, 0x6d, 0x49, 0x64,
0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x69, 0x70, 0x49, 0x74, 0x65, 0x6d, 0x49, 0x64,
0x22, 0xa7, 0x01, 0x0a, 0x13, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x49, 0x50, 0x49, 0x74, 0x65,
0x22, 0xc7, 0x01, 0x0a, 0x13, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x49, 0x50, 0x49, 0x74, 0x65,
0x6d, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x70, 0x49, 0x74,
0x65, 0x6d, 0x49, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x69, 0x70, 0x49, 0x74,
0x65, 0x6d, 0x49, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x69, 0x70, 0x46, 0x72, 0x6f, 0x6d, 0x18, 0x02,
@@ -689,7 +707,9 @@ var file_service_ip_item_proto_rawDesc = []byte{
0x01, 0x28, 0x03, 0x52, 0x09, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x64, 0x41, 0x74, 0x12, 0x16,
0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06,
0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x06,
0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x22, 0x31, 0x0a, 0x13, 0x44, 0x65,
0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x65, 0x76,
0x65, 0x6e, 0x74, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a,
0x65, 0x76, 0x65, 0x6e, 0x74, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x22, 0x31, 0x0a, 0x13, 0x44, 0x65,
0x6c, 0x65, 0x74, 0x65, 0x49, 0x50, 0x49, 0x74, 0x65, 0x6d, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
0x74, 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x70, 0x49, 0x74, 0x65, 0x6d, 0x49, 0x64, 0x18, 0x01, 0x20,
0x01, 0x28, 0x03, 0x52, 0x08, 0x69, 0x70, 0x49, 0x74, 0x65, 0x6d, 0x49, 0x64, 0x22, 0x3b, 0x0a,

1002
pkg/rpc/pb/service_node_cluster_firewall_action.pb.go Normal file
View File

File diff suppressed because it is too large Load Diff

2
pkg/rpc/protos/models/model_ip_item.proto
View File

@@ -13,4 +13,6 @@ message IPItem {
int64 listId = 7;
bool isDeleted = 8;
string type = 9;
string eventLevel = 10; // 级别
string listType = 11; // 所在名单类型加此字段是为了快速定位IP的性质
}

13
pkg/rpc/protos/models/model_node_cluster_firewall_action.proto Normal file
View File

@@ -0,0 +1,13 @@
syntax = "proto3";
option go_package = "./pb";
package pb;
message NodeClusterFirewallAction {
int64 id = 1;
int64 nodeClusterId = 2;
string name = 3;
string eventLevel = 4;
bytes paramsJSON = 5;
string type = 6;
}

2
pkg/rpc/protos/service_ip_item.proto
View File

@@ -38,6 +38,7 @@ message CreateIPItemRequest {
int64 expiredAt = 4; // 过期时间戳(可选)
string reason = 5; // 加入理由(可选)
string type = 6; // 类型
string eventLevel = 7; // 级别
}
message CreateIPItemResponse {
@@ -52,6 +53,7 @@ message UpdateIPItemRequest {
int64 expiredAt = 4;
string reason = 5;
string type = 6; // 类型
string eventLevel = 7; // 级别
}
// 删除IP

70
pkg/rpc/protos/service_node_cluster_firewall_action.proto Normal file
View File

@@ -0,0 +1,70 @@
syntax = "proto3";
option go_package = "./pb";
package pb;
import "models/model_node_cluster_firewall_action.proto";
import "models/rpc_messages.proto";
// 防火墙动作服务
service NodeClusterFirewallActionService {
// 创建动作
rpc createNodeClusterFirewallAction (CreateNodeClusterFirewallActionRequest) returns (NodeClusterFirewallActionResponse);
// 修改动作
rpc updateNodeClusterFirewallAction (UpdateNodeClusterFirewallActionRequest) returns (RPCSuccess);
// 删除动作
rpc deleteNodeClusterFirewallAction (DeleteNodeClusterFirewallActionRequest) returns (RPCSuccess);
// 查询集群的所有动作
rpc findAllEnabledNodeClusterFirewallActions (FindAllEnabledNodeClusterFirewallActionsRequest) returns (FindAllEnabledNodeClusterFirewallActionsResponse);
// 查询单个动作
rpc findEnabledNodeClusterFirewallAction (FindEnabledNodeClusterFirewallActionRequest) returns (FindEnabledNodeClusterFirewallActionResponse);
}
// 创建动作
message CreateNodeClusterFirewallActionRequest {
int64 nodeClusterId = 1;
string name = 2;
string eventLevel = 3;
string type = 4;
bytes paramsJSON = 5;
}
message NodeClusterFirewallActionResponse {
int64 nodeClusterFirewallActionId = 1;
}
// 修改动作
message UpdateNodeClusterFirewallActionRequest {
int64 nodeClusterFirewallActionId = 1;
string name = 2;
string eventLevel = 3;
string type = 4;
bytes paramsJSON = 5;
}
// 删除动作
message DeleteNodeClusterFirewallActionRequest {
int64 nodeClusterFirewallActionId = 1;
}
// 查询集群的所有动作
message FindAllEnabledNodeClusterFirewallActionsRequest {
int64 nodeClusterId = 1;
}
message FindAllEnabledNodeClusterFirewallActionsResponse {
repeated NodeClusterFirewallAction nodeClusterFirewallActions = 1;
}
// 查询单个动作
message FindEnabledNodeClusterFirewallActionRequest {
int64 nodeClusterFirewallActionId = 1;
}
message FindEnabledNodeClusterFirewallActionResponse {
NodeClusterFirewallAction nodeClusterFirewallAction = 1;
}

16
pkg/serverconfigs/firewallconfigs/firewall_action_config.go Normal file
View File

@@ -0,0 +1,16 @@
package firewallconfigs
import "github.com/iwind/TeaGo/maps"
// 防火墙动作配置
type FirewallActionConfig struct {
Id int64 `yaml:"id" json:"id"` // Id
Type string `yaml:"type" json:"type"` // 类型
Params maps.Map `yaml:"params" json:"params"` // 参数
EventLevel string `yaml:"eventLevel" json:"eventLevel"` // 事件级别
}
// 初始化
func (this *FirewallActionConfig) Init() error {
return nil
}

95
pkg/serverconfigs/firewallconfigs/firewall_actions.go Normal file
View File

@@ -0,0 +1,95 @@
package firewallconfigs
type FirewallActionType = string
const (
FirewallActionTypeIPSet FirewallActionType = "ipset"
FirewallActionTypeFirewalld FirewallActionType = "firewalld"
FirewallActionTypeIPTables FirewallActionType = "iptables"
FirewallActionTypeScript FirewallActionType = "script"
FirewallActionTypeHTTPAPI FirewallActionType = "httpAPI"
)
type FirewallActionTypeDefinition struct {
Name string `json:"name"`
Code FirewallActionType `json:"code"`
Description string `json:"description"`
}
func FindAllFirewallActionTypes() []*FirewallActionTypeDefinition {
return []*FirewallActionTypeDefinition{
{
Name: "ipset",
Code: FirewallActionTypeIPSet,
Description: "使用特定的ipset管理IP可以结合iptables和firewalld等工具一起工作。",
},
{
Name: "firewalld",
Code: FirewallActionTypeFirewalld,
Description: "使用Firewalld管理IP非持久保存reload之后重置规则。",
},
{
Name: "iptables",
Code: FirewallActionTypeIPTables,
Description: "使用IPTables管理IP不支持超时时间设定非持久保存reload之后重置规则。",
},
{
Name: "自定义脚本",
Code: FirewallActionTypeScript,
Description: "使用自定义的脚本执行IP操作。",
},
{
Name: "自定义HTTP API",
Code: FirewallActionTypeHTTPAPI,
Description: "使用自定义的HTTP API执行IP操作。",
},
}
}
func FindFirewallActionTypeName(actionType FirewallActionType) string {
for _, a := range FindAllFirewallActionTypes() {
if a.Code == actionType {
return a.Name
}
}
return ""
}
type FirewallActionIPSetConfig struct {
Path string `json:"path"` // 命令路径 TODO 暂时不实现
WhiteName string `json:"whiteName"` // IPSet白名单名称
BlackName string `json:"blackName"` // IPSet黑名单名称
MaxElements int `json:"maxElements"` // 最多IP数量 TODO 暂时不实现
AutoAddToIPTables bool `json:"autoAddToIPTables"` // 是否自动创建IPTables规则
AutoAddToFirewalld bool `json:"autoAddToFirewalld"` // 是否自动加入到Firewalld
// TODO 添加需要阻止的端口列表
}
type FirewallActionFirewalldConfig struct {
Path string `json:"path"` // 命令路径 TODO 暂时不实现
// TODO 添加需要阻止的端口列表
}
type FirewallActionIPTablesConfig struct {
Path string `json:"path"` // 命令路径 TODO 暂时不实现
// TODO 添加需要阻止的端口列表
}
type FirewallActionScriptConfig struct {
Path string `json:"path"` // 脚本路径
Cwd string `json:"cwd"` // 工作目录 TODO 暂时不实现
Args []string `json:"args"` // 附加参数 TODO 暂时不实现
// TODO 添加需要阻止的端口列表
}
type FirewallActionHTTPAPIConfig struct {
URL string `json:"url"` // URL路径
TimeoutSeconds int `json:"timeoutSeconds"` // 超时时间 TODO 暂时不实现
Secret string `json:"secret"` // 认证密钥 TODO 暂时不实现
// TODO 添加需要阻止的端口列表
}

51
pkg/serverconfigs/firewallconfigs/firewall_levels.go Normal file
View File

@@ -0,0 +1,51 @@
package firewallconfigs
type FirewallEventLevelDefinition struct {
Name string `json:"name"`
Code string `json:"code"`
Description string `json:"description"`
}
func FindAllFirewallEventLevels() []*FirewallEventLevelDefinition {
return []*FirewallEventLevelDefinition{
{
Name: "调试",
Code: "debug",
Description: "仅作为调试用途",
},
{
Name: "通知",
Code: "notice",
Description: "需要通知的事件",
},
{
Name: "警告",
Code: "warning",
Description: "需要警告的事件",
},
{
Name: "错误",
Code: "error",
Description: "发生系统错误的事件",
},
{
Name: "严重",
Code: "critical",
Description: "性质较为严重的事件",
},
{
Name: "致命",
Code: "fatal",
Description: "对系统有重大影响的事件",
},
}
}
func FindFirewallEventLevelName(code string) string {
for _, level := range FindAllFirewallEventLevels() {
if level.Code == code {
return level.Name
}
}
return ""
}