实现集群CC防护策略设置

2026-01-03 09:36:35 +08:00 · 2023-05-23 19:16:09 +08:00
parent 47c0ade078
commit e3ada6da81
7 changed files with 1868 additions and 1148 deletions
--- a/build/rpc.json
+++ b/build/rpc.json
@@ -5589,13 +5589,24 @@
          ],
          "isDeprecated": false
        },
+        {
+          "name": "findNodeHTTPCCPolicies",
+          "requestMessageName": "FindNodeHTTPCCPoliciesRequest",
+          "responseMessageName": "FindNodeHTTPCCPoliciesResponse",
+          "code": "rpc findNodeHTTPCCPolicies(FindNodeHTTPCCPoliciesRequest) returns (FindNodeHTTPCCPoliciesResponse);",
+          "doc": "查找节点的HTTP CC策略",
+          "roles": [],
+          "isDeprecated": false
+        },
        {
          "name": "findNodeHTTPPagesPolicies",
          "requestMessageName": "FindNodeHTTPPagesPoliciesRequest",
          "responseMessageName": "FindNodeHTTPPagesPoliciesResponse",
          "code": "rpc findNodeHTTPPagesPolicies(FindNodeHTTPPagesPoliciesRequest) returns (FindNodeHTTPPagesPoliciesResponse);",
          "doc": "查找节点的自定义页面策略",
-          "roles": [],
+          "roles": [
+            "node"
+          ],
          "isDeprecated": false
        },
        {
@@ -6163,6 +6174,28 @@
          ],
          "isDeprecated": false
        },
+        {
+          "name": "findEnabledNodeClusterHTTPCCPolicy",
+          "requestMessageName": "FindEnabledNodeClusterHTTPCCPolicyRequest",
+          "responseMessageName": "FindEnabledNodeClusterHTTPCCPolicyResponse",
+          "code": "rpc findEnabledNodeClusterHTTPCCPolicy(FindEnabledNodeClusterHTTPCCPolicyRequest) returns (FindEnabledNodeClusterHTTPCCPolicyResponse);",
+          "doc": "读取集群的HTTP CC策略",
+          "roles": [
+            "admin"
+          ],
+          "isDeprecated": false
+        },
+        {
+          "name": "updateNodeClusterHTTPCCPolicy",
+          "requestMessageName": "UpdateNodeClusterHTTPCCPolicyRequest",
+          "responseMessageName": "RPCSuccess",
+          "code": "rpc updateNodeClusterHTTPCCPolicy(UpdateNodeClusterHTTPCCPolicyRequest) returns (RPCSuccess);",
+          "doc": "设置集群的HTTP CC策略",
+          "roles": [
+            "admin"
+          ],
+          "isDeprecated": false
+        },
        {
          "name": "findNodeClusterDDoSProtection",
          "requestMessageName": "FindNodeClusterDDoSProtectionRequest",
@@ -17816,7 +17849,7 @@
    },
    {
      "name": "FindEnabledNodeClusterConfigInfoResponse",
-      "code": "message FindEnabledNodeClusterConfigInfoResponse {\n\tbool healthCheckIsOn = 1;\n\tbool hasFirewallActions = 2;\n\tbool hasThresholds = 3;\n\tbool hasMessageReceivers = 4;\n\tbool isTOAEnabled = 5;\n\tbool hasMetricItems = 6;\n\tbool webpIsOn = 7; // 是否定义了WebP策略\n\tbool uamIsOn = 10; // 是否定义了UAM策略\n\tbool hasSystemServices = 8;\n\tbool hasDDoSProtection = 9;\n\tbool hasHTTPPagesPolicy = 11; // 是否设置了自定义页面策略\n}",
+      "code": "message FindEnabledNodeClusterConfigInfoResponse {\n\tbool healthCheckIsOn = 1;\n\tbool hasFirewallActions = 2;\n\tbool hasThresholds = 3;\n\tbool hasMessageReceivers = 4;\n\tbool isTOAEnabled = 5;\n\tbool hasMetricItems = 6;\n\tbool webpIsOn = 7; // 是否定义了WebP策略\n\tbool uamIsOn = 10; // 是否定义了UAM策略\n\tbool httpCCIsOn = 12; // 是否定义了CC策略\n\tbool hasSystemServices = 8;\n\tbool hasDDoSProtection = 9;\n\tbool hasHTTPPagesPolicy = 11; // 是否设置了自定义页面策略\n}",
      "doc": ""
    },
    {
@@ -17839,6 +17872,16 @@
      "code": "message FindEnabledNodeClusterFirewallActionResponse {\n\tNodeClusterFirewallAction nodeClusterFirewallAction = 1;\n}",
      "doc": ""
    },
+    {
+      "name": "FindEnabledNodeClusterHTTPCCPolicyRequest",
+      "code": "message FindEnabledNodeClusterHTTPCCPolicyRequest {\n\tint64 nodeClusterId = 1;\n}",
+      "doc": "读取集群的HTTP CC策略"
+    },
+    {
+      "name": "FindEnabledNodeClusterHTTPCCPolicyResponse",
+      "code": "message FindEnabledNodeClusterHTTPCCPolicyResponse {\n\tbytes httpCCPolicyJSON = 1;\n}",
+      "doc": ""
+    },
    {
      "name": "FindEnabledNodeClusterRequest",
      "code": "message FindEnabledNodeClusterRequest {\n\tint64 nodeClusterId = 1;\n}",
@@ -19039,6 +19082,16 @@
      "code": "message FindNodeGlobalServerConfigResponse {\n\tbytes globalServerConfigJSON = 1;\n}",
      "doc": ""
    },
+    {
+      "name": "FindNodeHTTPCCPoliciesRequest",
+      "code": "message FindNodeHTTPCCPoliciesRequest {\n\tint64 nodeId = 1; // 节点ID\n}",
+      "doc": "查找节点的HTTP CC策略"
+    },
+    {
+      "name": "FindNodeHTTPCCPoliciesResponse",
+      "code": "message FindNodeHTTPCCPoliciesResponse {\n\trepeated HTTPCCPolicy httpCCPolicies = 1; // HTTP CC策略列表\n\n\n\tmessage HTTPCCPolicy {\n\t\tint64 nodeClusterId = 1; // 集群ID\n\t\tbytes httpCCPolicyJSON = 2; // HTTP CC策略配置\n\t}\n}",
+      "doc": ""
+    },
    {
      "name": "FindNodeHTTPPagesPoliciesRequest",
      "code": "message FindNodeHTTPPagesPoliciesRequest {\n\tint64 nodeId = 1; // 节点ID\n}",
@@ -21929,6 +21982,11 @@
      "code": "message UpdateNodeClusterGlobalServerConfigRequest {\n\tint64 nodeClusterId = 1;\n\tbytes globalServerConfigJSON = 2;\n}",
      "doc": "修改集群的全局服务设置"
    },
+    {
+      "name": "UpdateNodeClusterHTTPCCPolicyRequest",
+      "code": "message UpdateNodeClusterHTTPCCPolicyRequest {\n\tint64 nodeClusterId = 1;\n\tbytes httpCCPolicyJSON = 2;\n}",
+      "doc": "设置集群的HTTP CC策略"
+    },
    {
      "name": "UpdateNodeClusterHTTPCachePolicyIdRequest",
      "code": "message UpdateNodeClusterHTTPCachePolicyIdRequest {\n\tint64 nodeClusterId = 1;\n\tint64 httpCachePolicyId = 2;\n}",
--- a/pkg/nodeconfigs/http_cc_policy.go
+++ b/pkg/nodeconfigs/http_cc_policy.go
@@ -0,0 +1,19 @@
+// Copyright 2023 GoEdge CDN goedge.cdn@gmail.com. All rights reserved. Official site: https://goedge.cn .
+//go:build !plus
+
+package nodeconfigs
+
+// HTTPCCPolicy CC策略
+type HTTPCCPolicy struct {
+	IsOn bool `json:"isOn" yaml:"isOn"`
+}
+
+func NewHTTPCCPolicy() *HTTPCCPolicy {
+	return &HTTPCCPolicy{
+		IsOn: true,
+	}
+}
+
+func (this *HTTPCCPolicy) Init() error {
+	return nil
+}
--- a/pkg/nodeconfigs/node_config.go
+++ b/pkg/nodeconfigs/node_config.go
@@ -24,6 +24,7 @@ import (

 var sharedNodeConfig *NodeConfig = nil
 var uamPolicyLocker = &sync.RWMutex{}
+var httpCCPolicyLocker = &sync.RWMutex{}
 var httpPagesPolicyLocker = &sync.RWMutex{}

 type ServerError struct {
@@ -101,6 +102,9 @@ type NodeConfig struct {
 	// UAM相关配置
 	UAMPolicies map[int64]*UAMPolicy `yaml:"uamPolicies" json:"uamPolicies"` // clusterId => *UAMPolicy

+	// CC相关配置
+	HTTPCCPolicies map[int64]*HTTPCCPolicy `yaml:"httpCCPolicies" json:"httpCCPolicies"` // clusterId => *HTTPCCPolicy
+
 	// 自定义页面
 	HTTPPagesPolicies map[int64]*HTTPPagesPolicy `yaml:"httpPagesPolicies" json:"httpPagesPolicies"` // clusterId => *HTTPPagesPolicy

@@ -200,6 +204,9 @@ func CloneNodeConfig(nodeConfig *NodeConfig) (*NodeConfig, error) {
 	uamPolicyLocker.RLock()
 	defer uamPolicyLocker.RUnlock()

+	httpCCPolicyLocker.RLock()
+	defer httpCCPolicyLocker.RUnlock()
+
 	httpPagesPolicyLocker.RLock()
 	defer httpPagesPolicyLocker.RUnlock()

@@ -399,7 +406,20 @@ func (this *NodeConfig) Init(ctx context.Context) (err error, serverErrors []*Se
 	}
 	uamPolicyLocker.RUnlock()

-	// http pages
+	// http cc policy
+	httpCCPolicyLocker.RLock()
+	if len(this.HTTPCCPolicies) > 0 {
+		for _, policy := range this.HTTPCCPolicies {
+			err = policy.Init()
+			if err != nil {
+				httpCCPolicyLocker.RUnlock()
+				return
+			}
+		}
+	}
+	httpCCPolicyLocker.RUnlock()
+
+	// http pages policy
 	httpPagesPolicyLocker.RLock()
 	if len(this.HTTPPagesPolicies) > 0 {
 		for _, policy := range this.HTTPPagesPolicies {
@@ -652,6 +672,23 @@ func (this *NodeConfig) UpdateUAMPolicies(policies map[int64]*UAMPolicy) {
 	this.UAMPolicies = policies
 }

+// FindHTTPCCPolicyWithClusterId 使用集群ID查找CC策略
+func (this *NodeConfig) FindHTTPCCPolicyWithClusterId(clusterId int64) *HTTPCCPolicy {
+	httpCCPolicyLocker.RLock()
+	defer httpCCPolicyLocker.RUnlock()
+	if this.HTTPCCPolicies == nil {
+		return nil
+	}
+	return this.HTTPCCPolicies[clusterId]
+}
+
+// UpdateHTTPCCPolicies 修改集群CC策略
+func (this *NodeConfig) UpdateHTTPCCPolicies(policies map[int64]*HTTPCCPolicy) {
+	httpCCPolicyLocker.Lock()
+	defer httpCCPolicyLocker.Unlock()
+	this.HTTPCCPolicies = policies
+}
+
 // UpdateHTTPPagesPolicies 修改集群自定义页面策略
 func (this *NodeConfig) UpdateHTTPPagesPolicies(policies map[int64]*HTTPPagesPolicy) {
 	httpPagesPolicyLocker.Lock()
--- a/pkg/rpc/pb/service_node.pb.go
+++ b/pkg/rpc/pb/service_node.pb.go
--- a/pkg/rpc/pb/service_node_cluster.pb.go
+++ b/pkg/rpc/pb/service_node_cluster.pb.go
--- a/pkg/rpc/protos/service_node.proto
+++ b/pkg/rpc/protos/service_node.proto
@@ -173,6 +173,9 @@ service NodeService {
 	// 查找节点的UAM策略
 	rpc findNodeUAMPolicies(FindNodeUAMPoliciesRequest) returns (FindNodeUAMPoliciesResponse);

+	// 查找节点的HTTP CC策略
+	rpc findNodeHTTPCCPolicies(FindNodeHTTPCCPoliciesRequest) returns (FindNodeHTTPCCPoliciesResponse);
+
 	// 查找节点的自定义页面策略
 	rpc findNodeHTTPPagesPolicies(FindNodeHTTPPagesPoliciesRequest) returns (FindNodeHTTPPagesPoliciesResponse);

@@ -701,6 +704,20 @@ message FindNodeUAMPoliciesResponse {
 	}
 }

+// 查找节点的HTTP CC策略
+message FindNodeHTTPCCPoliciesRequest {
+	int64 nodeId = 1; // 节点ID
+}
+
+message FindNodeHTTPCCPoliciesResponse {
+	repeated HTTPCCPolicy httpCCPolicies = 1; // HTTP CC策略列表
+
+	message HTTPCCPolicy {
+		int64 nodeClusterId = 1; // 集群ID
+		bytes httpCCPolicyJSON = 2; // HTTP CC策略配置
+	}
+}
+
 // 查找节点的自定义页面策略
 message FindNodeHTTPPagesPoliciesRequest {
 	int64 nodeId = 1; // 节点ID
--- a/pkg/rpc/protos/service_node_cluster.proto
+++ b/pkg/rpc/protos/service_node_cluster.proto
@@ -129,6 +129,12 @@ service NodeClusterService {
 	// 设置集群的UAM策略
 	rpc updateNodeClusterUAMPolicy(UpdateNodeClusterUAMPolicyRequest) returns (RPCSuccess);

+	// 读取集群的HTTP CC策略
+	rpc findEnabledNodeClusterHTTPCCPolicy(FindEnabledNodeClusterHTTPCCPolicyRequest) returns (FindEnabledNodeClusterHTTPCCPolicyResponse);
+
+	// 设置集群的HTTP CC策略
+	rpc updateNodeClusterHTTPCCPolicy(UpdateNodeClusterHTTPCCPolicyRequest) returns (RPCSuccess);
+
 	// 获取集群的DDoS设置
 	rpc findNodeClusterDDoSProtection(FindNodeClusterDDoSProtectionRequest) returns (FindNodeClusterDDoSProtectionResponse);

@@ -464,6 +470,7 @@ message FindEnabledNodeClusterConfigInfoResponse {
 	bool hasMetricItems = 6;
 	bool webpIsOn = 7; // 是否定义了WebP策略
 	bool uamIsOn = 10; // 是否定义了UAM策略
+	bool httpCCIsOn = 12; // 是否定义了CC策略
 	bool hasSystemServices = 8;
 	bool hasDDoSProtection = 9;
 	bool hasHTTPPagesPolicy = 11; // 是否设置了自定义页面策略
@@ -505,6 +512,21 @@ message UpdateNodeClusterUAMPolicyRequest {
 	bytes uamPolicyJSON = 2;
 }

+// 读取集群的HTTP CC策略
+message FindEnabledNodeClusterHTTPCCPolicyRequest {
+	int64 nodeClusterId = 1;
+}
+
+message FindEnabledNodeClusterHTTPCCPolicyResponse {
+	bytes httpCCPolicyJSON = 1;
+}
+
+// 设置集群的HTTP CC策略
+message UpdateNodeClusterHTTPCCPolicyRequest {
+	int64 nodeClusterId = 1;
+	bytes httpCCPolicyJSON = 2;
+}
+
 // 获取集群的DDoS设置
 message FindNodeClusterDDoSProtectionRequest {
 	int64 nodeClusterId = 1;