From 0677923f9835cd742b908b58574f5354a1311157 Mon Sep 17 00:00:00 2001
From: GoEdgeLab <goedgecloud@gmail.com>
Date: Sat, 21 May 2022 21:32:10 +0800
Subject: [PATCH] =?UTF-8?q?=E8=87=AA=E5=8A=A8=E5=B0=86=E5=90=8C=E9=9B=86?=
 =?UTF-8?q?=E7=BE=A4=E8=8A=82=E7=82=B9IP=E5=8A=A0=E5=85=A5=E7=99=BD?=
 =?UTF-8?q?=E5=90=8D=E5=8D=95/=E5=B0=9D=E8=AF=95=E4=BD=BF=E7=94=A8?=
 =?UTF-8?q?=E6=9C=AC=E5=9C=B0=E9=98=B2=E7=81=AB=E5=A2=99=E6=8F=90=E5=8D=87?=
 =?UTF-8?q?=E9=BB=91=E5=90=8D=E5=8D=95=E8=BF=9E=E6=8E=A5=E5=B0=81=E9=94=81?=
 =?UTF-8?q?=E6=95=88=E7=8E=87?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 internal/iplibrary/list_utils.go  | 7 +++++++
 internal/nodes/client_listener.go | 8 ++++++++
 internal/nodes/node.go            | 3 ++-
 internal/waf/ip_list.go           | 2 +-
 4 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/internal/iplibrary/list_utils.go b/internal/iplibrary/list_utils.go
index 29c1fb2..0b92e1e 100644
--- a/internal/iplibrary/list_utils.go
+++ b/internal/iplibrary/list_utils.go
@@ -3,6 +3,7 @@
 package iplibrary
 
 import (
+	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
 	"github.com/TeaOSLab/EdgeNode/internal/utils"
 )
 
@@ -14,6 +15,12 @@ func AllowIP(ip string, serverId int64) (canGoNext bool, inAllowList bool) {
 		return false, false
 	}
 
+	// check node
+	nodeConfig, err := nodeconfigs.SharedNodeConfig()
+	if err == nil && nodeConfig.IPIsAutoAllowed(ip) {
+		return true, true
+	}
+
 	// check white lists
 	if GlobalWhiteIPList.Contains(ipLong) {
 		return true, true
diff --git a/internal/nodes/client_listener.go b/internal/nodes/client_listener.go
index 58a2496..42b799e 100644
--- a/internal/nodes/client_listener.go
+++ b/internal/nodes/client_listener.go
@@ -4,6 +4,7 @@ package nodes
 
 import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/TeaOSLab/EdgeNode/internal/firewalls"
 	"github.com/TeaOSLab/EdgeNode/internal/iplibrary"
 	"github.com/TeaOSLab/EdgeNode/internal/waf"
 	"net"
@@ -51,6 +52,13 @@ func (this *ClientListener) Accept() (net.Conn, error) {
 			}
 
 			_ = conn.Close()
+
+			// 使用本地防火墙延长封禁
+			var fw = firewalls.Firewall()
+			if fw != nil && !fw.IsMock() {
+				_ = fw.DropSourceIP(ip, 60)
+			}
+
 			return this.Accept()
 		}
 	}
diff --git a/internal/nodes/node.go b/internal/nodes/node.go
index 594b7f9..f96c102 100644
--- a/internal/nodes/node.go
+++ b/internal/nodes/node.go
@@ -116,6 +116,7 @@ func (this *Node) Start() {
 	this.checkDisk()
 
 	// 读取API配置
+	remotelogs.Println("NODE", "init config ...")
 	err = this.syncConfig(0)
 	if err != nil {
 		_, err := nodeconfigs.SharedNodeConfig()
@@ -429,7 +430,7 @@ func (this *Node) syncConfig(taskVersion int64) error {
 			clusterErr := this.checkClusterConfig()
 			if clusterErr != nil {
 				if os.IsNotExist(clusterErr) {
-					return err
+					return errors.New("can not find config file 'configs/api.yaml'")
 				}
 				return errors.New("check cluster config failed: " + clusterErr.Error())
 			}
diff --git a/internal/waf/ip_list.go b/internal/waf/ip_list.go
index 90c141d..212988e 100644
--- a/internal/waf/ip_list.go
+++ b/internal/waf/ip_list.go
@@ -130,8 +130,8 @@ func (this *IPList) Contains(ipType string, scope firewallconfigs.FirewallScope,
 	}
 
 	this.locker.RLock()
-	defer this.locker.RUnlock()
 	_, ok := this.ipMap[ip]
+	this.locker.RUnlock()
 	return ok
 }