From 2063015eeb2074593b2d3c49157b2cb926e6787e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=88=98=E7=A5=A5=E8=B6=85?= <iwind.liu@gmail.com>
Date: Fri, 5 Nov 2021 14:58:10 +0800
Subject: [PATCH] =?UTF-8?q?=E5=88=A0=E9=99=A4IP=E5=90=8D=E5=8D=95=E4=B8=AD?=
 =?UTF-8?q?=E6=9F=90=E4=B8=AAIP=E6=97=B6=EF=BC=8C=E4=B9=9F=E4=BC=9A?=
 =?UTF-8?q?=E5=88=A0=E9=99=A4WAF=E4=BF=9D=E5=AD=98=E5=9C=A8=E5=86=85?=
 =?UTF-8?q?=E5=AD=98=E4=B8=AD=E7=9A=84=E5=90=8D=E5=8D=95=E4=B8=AD=E7=9A=84?=
 =?UTF-8?q?IP?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 internal/iplibrary/manager_ip_list.go | 11 +++++++++++
 internal/waf/ip_list.go               |  8 ++++++++
 internal/waf/ip_list_test.go          |  1 +
 3 files changed, 20 insertions(+)

diff --git a/internal/iplibrary/manager_ip_list.go b/internal/iplibrary/manager_ip_list.go
index f24e240..c41cfd6 100644
--- a/internal/iplibrary/manager_ip_list.go
+++ b/internal/iplibrary/manager_ip_list.go
@@ -6,6 +6,7 @@ import (
 	"github.com/TeaOSLab/EdgeNode/internal/remotelogs"
 	"github.com/TeaOSLab/EdgeNode/internal/rpc"
 	"github.com/TeaOSLab/EdgeNode/internal/utils"
+	"github.com/TeaOSLab/EdgeNode/internal/waf"
 	"github.com/iwind/TeaGo/Tea"
 	"sync"
 	"time"
@@ -125,6 +126,16 @@ func (this *IPListManager) fetch() (hasNext bool, err error) {
 		if item.IsDeleted {
 			list.Delete(item.Id)
 
+			// 从临时名单中删除
+			if len(item.IpFrom) > 0 && len(item.IpTo) == 0 {
+				switch item.ListType {
+				case "black":
+					waf.SharedIPBlackList.RemoveIP(item.IpFrom)
+				case "white":
+					waf.SharedIPWhiteList.RemoveIP(item.IpFrom)
+				}
+			}
+
 			// 操作事件
 			SharedActionManager.DeleteItem(item.ListType, item)
 
diff --git a/internal/waf/ip_list.go b/internal/waf/ip_list.go
index 7fb0747..6f71e23 100644
--- a/internal/waf/ip_list.go
+++ b/internal/waf/ip_list.go
@@ -80,6 +80,14 @@ func (this *IPList) Contains(ipType string, scope firewallconfigs.FirewallScope,
 	return ok
 }
 
+// RemoveIP 删除IP
+// 暂时没办法清除某个服务相关的IP
+func (this *IPList) RemoveIP(ip string) {
+	this.locker.Lock()
+	delete(this.ipMap, "*@"+ip+"@"+IPTypeAll)
+	this.locker.Unlock()
+}
+
 func (this *IPList) remove(id int64) {
 	this.locker.Lock()
 	ip, ok := this.idMap[id]
diff --git a/internal/waf/ip_list_test.go b/internal/waf/ip_list_test.go
index 3da3e17..0877aa4 100644
--- a/internal/waf/ip_list_test.go
+++ b/internal/waf/ip_list_test.go
@@ -39,6 +39,7 @@ func TestIPList_Contains(t *testing.T) {
 	for i := 0; i < 1_0000; i++ {
 		list.Add(IPTypeAll, firewallconfigs.FirewallScopeGlobal, 1, "192.168.1."+strconv.Itoa(i), time.Now().Unix()+3600)
 	}
+	//list.RemoveIP("192.168.1.100")
 	a.IsTrue(list.Contains(IPTypeAll, firewallconfigs.FirewallScopeGlobal, 1, "192.168.1.100"))
 	a.IsFalse(list.Contains(IPTypeAll, firewallconfigs.FirewallScopeGlobal, 1, "192.168.2.100"))
 }