WAF动作支持有效范围

2026-03-13 21:55:38 +08:00 · 2021-10-18 20:08:43 +08:00
parent cc5d2f1862
commit 1ef59ccf65
11 changed files with 73 additions and 35 deletions
--- a/internal/waf/ip_list.go
+++ b/internal/waf/ip_list.go
@@ -3,7 +3,9 @@
 package waf

 import (
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
 	"github.com/TeaOSLab/EdgeNode/internal/utils/expires"
+	"github.com/iwind/TeaGo/types"
 	"sync"
 	"sync/atomic"
 )
@@ -43,8 +45,15 @@ func NewIPList() *IPList {
 }

 // Add 添加IP
-func (this *IPList) Add(ipType string, ip string, expiresAt int64) {
-	ip = ip + "@" + ipType
+func (this *IPList) Add(ipType string, scope firewallconfigs.FirewallScope, serverId int64, ip string, expiresAt int64) {
+	switch scope {
+	case firewallconfigs.FirewallScopeGlobal:
+		ip = "*@" + ip + "@" + ipType
+	case firewallconfigs.FirewallScopeService:
+		ip = types.String(serverId) + "@" + ip + "@" + ipType
+	default:
+		ip = types.String(serverId) + "@" + ip + "@" + ipType
+	}

 	var id = this.nextId()
 	this.expireList.Add(id, expiresAt)
@@ -55,8 +64,15 @@ func (this *IPList) Add(ipType string, ip string, expiresAt int64) {
 }

 // Contains 判断是否有某个IP
-func (this *IPList) Contains(ipType string, ip string) bool {
-	ip = ip + "@" + ipType
+func (this *IPList) Contains(ipType string, scope firewallconfigs.FirewallScope, serverId int64, ip string) bool {
+	switch scope {
+	case firewallconfigs.FirewallScopeGlobal:
+		ip = "*@" + ip + "@" + ipType
+	case firewallconfigs.FirewallScopeService:
+		ip = types.String(serverId) + "@" + ip + "@" + ipType
+	default:
+		ip = types.String(serverId) + "@" + ip + "@" + ipType
+	}

 	this.locker.RLock()
 	defer this.locker.RUnlock()