From a7336fafbf98e8d42eff64bffc6ea275b6ebe03d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=88=98=E7=A5=A5=E8=B6=85?= Date: Wed, 29 Nov 2023 16:58:24 +0800 Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E2=80=9C=E6=9E=81=E9=AA=8C-?= =?UTF-8?q?=E8=A1=8C=E4=B8=BA=E9=AA=8C=E2=80=9D=E9=AA=8C=E8=AF=81=E7=A0=81?= =?UTF-8?q?=E9=9B=86=E6=88=90=E6=94=AF=E6=8C=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- build/rpc.json | 4 +- pkg/rpc/pb/model_http_firewall_policy.pb.go | 48 ++++++++++++++----- .../models/model_http_firewall_policy.proto | 23 +++++---- .../firewallconfigs/captcha_types.go | 6 +++ .../http_firewall_action_captcha.go | 12 +++++ .../firewallconfigs/http_firewall_ref.go | 1 + 6 files changed, 69 insertions(+), 25 deletions(-) diff --git a/build/rpc.json b/build/rpc.json index 48e45d1..38b8af3 100644 --- a/build/rpc.json +++ b/build/rpc.json @@ -19914,8 +19914,8 @@ }, { "name": "HTTPFirewallPolicy", - "code": "message HTTPFirewallPolicy {\n\tint64 id = 1;\n\tstring name = 2;\n\tstring mode = 7;\n\tbool isOn = 3;\n\tstring description = 4;\n\tbytes inboundJSON = 5;\n\tbytes outboundJSON = 6;\n\tint64 serverId = 8;\n\tbool useLocalFirewall = 9;\n\tbytes synFloodJSON = 10;\n}", - "doc": "" + "code": "message HTTPFirewallPolicy {\n\tint64 id = 1; // 策略ID\n\tstring name = 2; // 名称\n\tstring mode = 7; // 模式\n\tbool isOn = 3; // 是否启用\n\tstring description = 4; // 描述\n\tbytes inboundJSON = 5; // 入站配置\n\tbytes outboundJSON = 6; // 出站配置\n\tint64 serverId = 8; // 所属网站ID(如果为0表示公共策略)\n\tbool useLocalFirewall = 9; // 是否使用本机防火墙\n\tbytes synFloodJSON = 10; // synflood配置\n\tbytes blockOptionsJSON = 11; // 拦截配置\n\tbytes captchaOptionsJSON = 12; // 人机识别配置\n}", + "doc": "WAF策略" }, { "name": "HTTPFirewallRuleGroup", diff --git a/pkg/rpc/pb/model_http_firewall_policy.pb.go b/pkg/rpc/pb/model_http_firewall_policy.pb.go index c187cbf..b26b35c 100644 --- a/pkg/rpc/pb/model_http_firewall_policy.pb.go +++ b/pkg/rpc/pb/model_http_firewall_policy.pb.go @@ -20,21 +20,24 @@ const ( _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) ) +// WAF策略 type HTTPFirewallPolicy struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Id int64 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"` - Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` - Mode string `protobuf:"bytes,7,opt,name=mode,proto3" json:"mode,omitempty"` - IsOn bool `protobuf:"varint,3,opt,name=isOn,proto3" json:"isOn,omitempty"` - Description string `protobuf:"bytes,4,opt,name=description,proto3" json:"description,omitempty"` - InboundJSON []byte `protobuf:"bytes,5,opt,name=inboundJSON,proto3" json:"inboundJSON,omitempty"` - OutboundJSON []byte `protobuf:"bytes,6,opt,name=outboundJSON,proto3" json:"outboundJSON,omitempty"` - ServerId int64 `protobuf:"varint,8,opt,name=serverId,proto3" json:"serverId,omitempty"` - UseLocalFirewall bool `protobuf:"varint,9,opt,name=useLocalFirewall,proto3" json:"useLocalFirewall,omitempty"` - SynFloodJSON []byte `protobuf:"bytes,10,opt,name=synFloodJSON,proto3" json:"synFloodJSON,omitempty"` + Id int64 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"` // 策略ID + Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` // 名称 + Mode string `protobuf:"bytes,7,opt,name=mode,proto3" json:"mode,omitempty"` // 模式 + IsOn bool `protobuf:"varint,3,opt,name=isOn,proto3" json:"isOn,omitempty"` // 是否启用 + Description string `protobuf:"bytes,4,opt,name=description,proto3" json:"description,omitempty"` // 描述 + InboundJSON []byte `protobuf:"bytes,5,opt,name=inboundJSON,proto3" json:"inboundJSON,omitempty"` // 入站配置 + OutboundJSON []byte `protobuf:"bytes,6,opt,name=outboundJSON,proto3" json:"outboundJSON,omitempty"` // 出站配置 + ServerId int64 `protobuf:"varint,8,opt,name=serverId,proto3" json:"serverId,omitempty"` // 所属网站ID(如果为0表示公共策略) + UseLocalFirewall bool `protobuf:"varint,9,opt,name=useLocalFirewall,proto3" json:"useLocalFirewall,omitempty"` // 是否使用本机防火墙 + SynFloodJSON []byte `protobuf:"bytes,10,opt,name=synFloodJSON,proto3" json:"synFloodJSON,omitempty"` // synflood配置 + BlockOptionsJSON []byte `protobuf:"bytes,11,opt,name=blockOptionsJSON,proto3" json:"blockOptionsJSON,omitempty"` // 拦截配置 + CaptchaOptionsJSON []byte `protobuf:"bytes,12,opt,name=captchaOptionsJSON,proto3" json:"captchaOptionsJSON,omitempty"` // 人机识别配置 } func (x *HTTPFirewallPolicy) Reset() { @@ -139,12 +142,26 @@ func (x *HTTPFirewallPolicy) GetSynFloodJSON() []byte { return nil } +func (x *HTTPFirewallPolicy) GetBlockOptionsJSON() []byte { + if x != nil { + return x.BlockOptionsJSON + } + return nil +} + +func (x *HTTPFirewallPolicy) GetCaptchaOptionsJSON() []byte { + if x != nil { + return x.CaptchaOptionsJSON + } + return nil +} + var File_models_model_http_firewall_policy_proto protoreflect.FileDescriptor var file_models_model_http_firewall_policy_proto_rawDesc = []byte{ 0x0a, 0x27, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x73, 0x2f, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x5f, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x66, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x5f, 0x70, 0x6f, 0x6c, - 0x69, 0x63, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x02, 0x70, 0x62, 0x22, 0xb4, 0x02, + 0x69, 0x63, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x02, 0x70, 0x62, 0x22, 0x90, 0x03, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, @@ -164,8 +181,13 @@ var file_models_model_http_firewall_policy_proto_rawDesc = []byte{ 0x75, 0x73, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x12, 0x22, 0x0a, 0x0c, 0x73, 0x79, 0x6e, 0x46, 0x6c, 0x6f, 0x6f, 0x64, 0x4a, 0x53, 0x4f, 0x4e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0c, 0x73, 0x79, 0x6e, 0x46, 0x6c, 0x6f, 0x6f, 0x64, - 0x4a, 0x53, 0x4f, 0x4e, 0x42, 0x06, 0x5a, 0x04, 0x2e, 0x2f, 0x70, 0x62, 0x62, 0x06, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x33, + 0x4a, 0x53, 0x4f, 0x4e, 0x12, 0x2a, 0x0a, 0x10, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x4f, 0x70, 0x74, + 0x69, 0x6f, 0x6e, 0x73, 0x4a, 0x53, 0x4f, 0x4e, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x10, + 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x4a, 0x53, 0x4f, 0x4e, + 0x12, 0x2e, 0x0a, 0x12, 0x63, 0x61, 0x70, 0x74, 0x63, 0x68, 0x61, 0x4f, 0x70, 0x74, 0x69, 0x6f, + 0x6e, 0x73, 0x4a, 0x53, 0x4f, 0x4e, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x12, 0x63, 0x61, + 0x70, 0x74, 0x63, 0x68, 0x61, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x4a, 0x53, 0x4f, 0x4e, + 0x42, 0x06, 0x5a, 0x04, 0x2e, 0x2f, 0x70, 0x62, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/pkg/rpc/protos/models/model_http_firewall_policy.proto b/pkg/rpc/protos/models/model_http_firewall_policy.proto index 6b9caba..33c6c8f 100644 --- a/pkg/rpc/protos/models/model_http_firewall_policy.proto +++ b/pkg/rpc/protos/models/model_http_firewall_policy.proto @@ -3,15 +3,18 @@ option go_package = "./pb"; package pb; +// WAF策略 message HTTPFirewallPolicy { - int64 id = 1; - string name = 2; - string mode = 7; - bool isOn = 3; - string description = 4; - bytes inboundJSON = 5; - bytes outboundJSON = 6; - int64 serverId = 8; - bool useLocalFirewall = 9; - bytes synFloodJSON = 10; + int64 id = 1; // 策略ID + string name = 2; // 名称 + string mode = 7; // 模式 + bool isOn = 3; // 是否启用 + string description = 4; // 描述 + bytes inboundJSON = 5; // 入站配置 + bytes outboundJSON = 6; // 出站配置 + int64 serverId = 8; // 所属网站ID(如果为0表示公共策略) + bool useLocalFirewall = 9; // 是否使用本机防火墙 + bytes synFloodJSON = 10; // synflood配置 + bytes blockOptionsJSON = 11; // 拦截配置 + bytes captchaOptionsJSON = 12; // 人机识别配置 } \ No newline at end of file diff --git a/pkg/serverconfigs/firewallconfigs/captcha_types.go b/pkg/serverconfigs/firewallconfigs/captcha_types.go index c9cb6ce..8815259 100644 --- a/pkg/serverconfigs/firewallconfigs/captcha_types.go +++ b/pkg/serverconfigs/firewallconfigs/captcha_types.go @@ -10,6 +10,7 @@ const ( CaptchaTypeDefault CaptchaType = "default" CaptchaTypeOneClick CaptchaType = "oneClick" CaptchaTypeSlide CaptchaType = "slide" + CaptchaTypeGeeTest CaptchaType = "geetest" ) // FindAllCaptchaTypes Find all captcha types @@ -30,6 +31,11 @@ func FindAllCaptchaTypes() []*shared.Definition { Name: "滑动解锁", Description: "通过滑动方块解锁来验证人机。", }, + { + Code: CaptchaTypeGeeTest, + Name: "极验-行为验", + Description: "使用极验-行为验提供的人机验证方式。", + }, } } diff --git a/pkg/serverconfigs/firewallconfigs/http_firewall_action_captcha.go b/pkg/serverconfigs/firewallconfigs/http_firewall_action_captcha.go index 6ae2c42..9dbfc27 100644 --- a/pkg/serverconfigs/firewallconfigs/http_firewall_action_captcha.go +++ b/pkg/serverconfigs/firewallconfigs/http_firewall_action_captcha.go @@ -1,5 +1,11 @@ package firewallconfigs +type GeeTestConfig struct { + IsOn bool `yaml:"isOn" json:"isOn"` + CaptchaId string `yaml:"captchaId" json:"captchaId"` + CaptchaKey string `yaml:"captchaKey" json:"captchaKey"` +} + type HTTPFirewallCaptchaAction struct { IsPrior bool `yaml:"isPrior" json:"isPrior"` @@ -10,6 +16,8 @@ type HTTPFirewallCaptchaAction struct { FailBlockTimeout int `yaml:"failBlockTimeout" json:"failBlockTimeout"` // 失败拦截时间 FailBlockScopeAll bool `yaml:"failBlockScopeAll" json:"failBlockScopeAll"` // 是否全局有效 + // 验证码相关配置 + CountLetters int8 `yaml:"countLetters" json:"countLetters"` // 字符数量 UIIsOn bool `yaml:"uiIsOn" json:"uiIsOn"` // 是否使用自定义UI @@ -24,6 +32,10 @@ type HTTPFirewallCaptchaAction struct { CookieId string `yaml:"cookieId" json:"cookieId"` // TODO Lang string `yaml:"lang" json:"lang"` // 语言,zh-CN, en-US ... TODO 需要实现,目前是根据浏览器Accept-Language动态获取 + + // 极验相关配置 + // MUST be struct + GeeTestConfig GeeTestConfig `yaml:"geeTestConfig" json:"geeTestConfig"` } func DefaultHTTPFirewallCaptchaAction() *HTTPFirewallCaptchaAction { diff --git a/pkg/serverconfigs/firewallconfigs/http_firewall_ref.go b/pkg/serverconfigs/firewallconfigs/http_firewall_ref.go index 48303b0..aab7b93 100644 --- a/pkg/serverconfigs/firewallconfigs/http_firewall_ref.go +++ b/pkg/serverconfigs/firewallconfigs/http_firewall_ref.go @@ -7,6 +7,7 @@ const ( ServerCaptchaTypeDefault ServerCaptchaType = CaptchaTypeDefault ServerCaptchaTypeOneClick ServerCaptchaType = CaptchaTypeOneClick ServerCaptchaTypeSlide ServerCaptchaType = CaptchaTypeSlide + ServerCaptchaTypeGeeTest ServerCaptchaType = CaptchaTypeGeeTest ) type HTTPFirewallRef struct {