2021-07-18 15:51:49 +08:00
|
|
|
// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
|
|
|
|
|
|
|
|
|
|
package waf
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"github.com/TeaOSLab/EdgeNode/internal/utils"
|
|
|
|
|
"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
|
2023-02-24 17:02:59 +08:00
|
|
|
"github.com/iwind/TeaGo/types"
|
2021-07-18 15:51:49 +08:00
|
|
|
"net/http"
|
|
|
|
|
"time"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
var get302Validator = NewGet302Validator()
|
|
|
|
|
|
|
|
|
|
type Get302Validator struct {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func NewGet302Validator() *Get302Validator {
|
|
|
|
|
return &Get302Validator{}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (this *Get302Validator) Run(request requests.Request, writer http.ResponseWriter) {
|
|
|
|
|
var info = request.WAFRaw().URL.Query().Get("info")
|
|
|
|
|
if len(info) == 0 {
|
2023-06-11 10:46:20 +08:00
|
|
|
request.ProcessResponseHeaders(writer.Header(), http.StatusBadRequest)
|
2021-07-18 15:51:49 +08:00
|
|
|
writer.WriteHeader(http.StatusBadRequest)
|
2024-04-07 14:31:22 +08:00
|
|
|
_, _ = writer.Write([]byte("invalid request (002)"))
|
2021-07-18 15:51:49 +08:00
|
|
|
return
|
|
|
|
|
}
|
2024-04-07 14:31:22 +08:00
|
|
|
|
|
|
|
|
var timestamp int64
|
|
|
|
|
var life int64
|
|
|
|
|
var setId int64
|
|
|
|
|
var policyId int64
|
|
|
|
|
var groupId int64
|
|
|
|
|
var scope string
|
|
|
|
|
var url string
|
|
|
|
|
|
|
|
|
|
var infoArg = &InfoArg{}
|
|
|
|
|
decodeErr := infoArg.Decode(info)
|
|
|
|
|
var success bool
|
|
|
|
|
if decodeErr == nil && infoArg.IsValid() {
|
|
|
|
|
success = true
|
|
|
|
|
|
|
|
|
|
timestamp = infoArg.Timestamp
|
|
|
|
|
life = int64(infoArg.Life)
|
|
|
|
|
setId = infoArg.SetId
|
|
|
|
|
policyId = infoArg.PolicyId
|
|
|
|
|
groupId = infoArg.GroupId
|
|
|
|
|
scope = infoArg.Scope
|
|
|
|
|
url = infoArg.URL
|
|
|
|
|
} else {
|
|
|
|
|
// 兼容老版本
|
|
|
|
|
m, decodeMapErr := utils.SimpleDecryptMap(info)
|
|
|
|
|
if decodeMapErr == nil {
|
|
|
|
|
success = true
|
|
|
|
|
|
|
|
|
|
timestamp = m.GetInt64("timestamp")
|
|
|
|
|
life = m.GetInt64("life")
|
|
|
|
|
setId = m.GetInt64("setId")
|
|
|
|
|
policyId = m.GetInt64("policyId")
|
|
|
|
|
groupId = m.GetInt64("groupId")
|
|
|
|
|
scope = m.GetString("scope")
|
|
|
|
|
url = m.GetString("url")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !success {
|
2023-06-12 18:07:07 +08:00
|
|
|
request.ProcessResponseHeaders(writer.Header(), http.StatusBadRequest)
|
|
|
|
|
writer.WriteHeader(http.StatusBadRequest)
|
2024-04-07 14:31:22 +08:00
|
|
|
_, _ = writer.Write([]byte("invalid request (003)"))
|
2021-07-18 15:51:49 +08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if time.Now().Unix()-timestamp > 5 { // 超过5秒认为失效
|
2023-06-11 10:46:20 +08:00
|
|
|
request.ProcessResponseHeaders(writer.Header(), http.StatusBadRequest)
|
2021-07-18 15:51:49 +08:00
|
|
|
writer.WriteHeader(http.StatusBadRequest)
|
2024-04-07 14:31:22 +08:00
|
|
|
_, _ = writer.Write([]byte("invalid request (004)"))
|
2021-07-18 15:51:49 +08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// 加入白名单
|
|
|
|
|
if life <= 0 {
|
|
|
|
|
life = 600 // 默认10分钟
|
|
|
|
|
}
|
2024-04-07 14:31:22 +08:00
|
|
|
SharedIPWhiteList.RecordIP("set:"+types.String(setId), scope, request.WAFServerId(), request.WAFRemoteIP(), time.Now().Unix()+life, policyId, false, groupId, setId, "")
|
2021-07-18 15:51:49 +08:00
|
|
|
|
|
|
|
|
// 返回原始URL
|
2023-06-12 18:07:07 +08:00
|
|
|
request.ProcessResponseHeaders(writer.Header(), http.StatusFound)
|
2021-07-18 15:51:49 +08:00
|
|
|
http.Redirect(writer, request.WAFRaw(), url, http.StatusFound)
|
|
|
|
|
}
|
