mirror of
https://github.com/TeaOSLab/EdgeNode.git
synced 2025-11-10 12:30:25 +08:00
IP名单中IP创建时保存相关节点、服务、WAF策略信息
This commit is contained in:
GoEdgeLab
@@ -7,4 +7,6 @@ var (
|
|||||||
|
|
||||||
InTrafficBytes = uint64(0)
|
InTrafficBytes = uint64(0)
|
||||||
OutTrafficBytes = uint64(0)
|
OutTrafficBytes = uint64(0)
|
||||||
|
|
||||||
|
NodeId int64 = 0
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -131,6 +131,7 @@ func (this *Node) Start() {
|
|||||||
remotelogs.Error("NODE", "start failed: read node config failed: "+err.Error())
|
remotelogs.Error("NODE", "start failed: read node config failed: "+err.Error())
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
teaconst.NodeId = nodeConfig.Id
|
||||||
err = nodeConfig.Init()
|
err = nodeConfig.Init()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
remotelogs.Error("NODE", "init node config failed: "+err.Error())
|
remotelogs.Error("NODE", "init node config failed: "+err.Error())
|
||||||
@@ -363,6 +364,7 @@ func (this *Node) syncConfig(taskVersion int64) error {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.New("decode config failed: " + err.Error())
|
return errors.New("decode config failed: " + err.Error())
|
||||||
}
|
}
|
||||||
|
teaconst.NodeId = nodeConfig.Id
|
||||||
|
|
||||||
// 写入到文件中
|
// 写入到文件中
|
||||||
err = nodeConfig.Save()
|
err = nodeConfig.Save()
|
||||||
|
|||||||
@@ -61,7 +61,7 @@ func (this *WAFManager) convertWAF(policy *firewallconfigs.HTTPFirewallPolicy) (
|
|||||||
policy.Mode = firewallconfigs.FirewallModeDefend
|
policy.Mode = firewallconfigs.FirewallModeDefend
|
||||||
}
|
}
|
||||||
w := &waf.WAF{
|
w := &waf.WAF{
|
||||||
Id: strconv.FormatInt(policy.Id, 10),
|
Id: policy.Id,
|
||||||
IsOn: policy.IsOn,
|
IsOn: policy.IsOn,
|
||||||
Name: policy.Name,
|
Name: policy.Name,
|
||||||
Mode: policy.Mode,
|
Mode: policy.Mode,
|
||||||
@@ -71,7 +71,7 @@ func (this *WAFManager) convertWAF(policy *firewallconfigs.HTTPFirewallPolicy) (
|
|||||||
if policy.Inbound != nil && policy.Inbound.IsOn {
|
if policy.Inbound != nil && policy.Inbound.IsOn {
|
||||||
for _, group := range policy.Inbound.Groups {
|
for _, group := range policy.Inbound.Groups {
|
||||||
g := &waf.RuleGroup{
|
g := &waf.RuleGroup{
|
||||||
Id: strconv.FormatInt(group.Id, 10),
|
Id: group.Id,
|
||||||
IsOn: group.IsOn,
|
IsOn: group.IsOn,
|
||||||
Name: group.Name,
|
Name: group.Name,
|
||||||
Description: group.Description,
|
Description: group.Description,
|
||||||
@@ -82,7 +82,7 @@ func (this *WAFManager) convertWAF(policy *firewallconfigs.HTTPFirewallPolicy) (
|
|||||||
// rule sets
|
// rule sets
|
||||||
for _, set := range group.Sets {
|
for _, set := range group.Sets {
|
||||||
s := &waf.RuleSet{
|
s := &waf.RuleSet{
|
||||||
Id: strconv.FormatInt(set.Id, 10),
|
Id: set.Id,
|
||||||
Code: set.Code,
|
Code: set.Code,
|
||||||
IsOn: set.IsOn,
|
IsOn: set.IsOn,
|
||||||
Name: set.Name,
|
Name: set.Name,
|
||||||
@@ -126,7 +126,7 @@ func (this *WAFManager) convertWAF(policy *firewallconfigs.HTTPFirewallPolicy) (
|
|||||||
if policy.Outbound != nil && policy.Outbound.IsOn {
|
if policy.Outbound != nil && policy.Outbound.IsOn {
|
||||||
for _, group := range policy.Outbound.Groups {
|
for _, group := range policy.Outbound.Groups {
|
||||||
g := &waf.RuleGroup{
|
g := &waf.RuleGroup{
|
||||||
Id: strconv.FormatInt(group.Id, 10),
|
Id: group.Id,
|
||||||
IsOn: group.IsOn,
|
IsOn: group.IsOn,
|
||||||
Name: group.Name,
|
Name: group.Name,
|
||||||
Description: group.Description,
|
Description: group.Description,
|
||||||
@@ -137,7 +137,7 @@ func (this *WAFManager) convertWAF(policy *firewallconfigs.HTTPFirewallPolicy) (
|
|||||||
// rule sets
|
// rule sets
|
||||||
for _, set := range group.Sets {
|
for _, set := range group.Sets {
|
||||||
s := &waf.RuleSet{
|
s := &waf.RuleSet{
|
||||||
Id: strconv.FormatInt(set.Id, 10),
|
Id: set.Id,
|
||||||
Code: set.Code,
|
Code: set.Code,
|
||||||
IsOn: set.IsOn,
|
IsOn: set.IsOn,
|
||||||
Name: set.Name,
|
Name: set.Name,
|
||||||
|
|||||||
@@ -5,6 +5,7 @@ import (
|
|||||||
"github.com/TeaOSLab/EdgeNode/internal/utils"
|
"github.com/TeaOSLab/EdgeNode/internal/utils"
|
||||||
"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
|
"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
|
||||||
"github.com/iwind/TeaGo/maps"
|
"github.com/iwind/TeaGo/maps"
|
||||||
|
"github.com/iwind/TeaGo/types"
|
||||||
stringutil "github.com/iwind/TeaGo/utils/string"
|
stringutil "github.com/iwind/TeaGo/utils/string"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
@@ -44,7 +45,7 @@ func (this *CaptchaAction) WillChange() bool {
|
|||||||
|
|
||||||
func (this *CaptchaAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) (allow bool) {
|
func (this *CaptchaAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) (allow bool) {
|
||||||
// 是否在白名单中
|
// 是否在白名单中
|
||||||
if SharedIPWhiteList.Contains("set:"+set.Id, this.Scope, request.WAFServerId(), request.WAFRemoteIP()) {
|
if SharedIPWhiteList.Contains("set:"+types.String(set.Id), this.Scope, request.WAFServerId(), request.WAFRemoteIP()) {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -5,6 +5,7 @@ import (
|
|||||||
"github.com/TeaOSLab/EdgeNode/internal/utils"
|
"github.com/TeaOSLab/EdgeNode/internal/utils"
|
||||||
"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
|
"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
|
||||||
"github.com/iwind/TeaGo/maps"
|
"github.com/iwind/TeaGo/maps"
|
||||||
|
"github.com/iwind/TeaGo/types"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
"time"
|
"time"
|
||||||
@@ -47,7 +48,7 @@ func (this *Get302Action) Perform(waf *WAF, group *RuleGroup, set *RuleSet, requ
|
|||||||
}
|
}
|
||||||
|
|
||||||
// 是否已经在白名单中
|
// 是否已经在白名单中
|
||||||
if SharedIPWhiteList.Contains("set:"+set.Id, this.Scope, request.WAFServerId(), request.WAFRemoteIP()) {
|
if SharedIPWhiteList.Contains("set:"+types.String(set.Id), this.Scope, request.WAFServerId(), request.WAFRemoteIP()) {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -3,6 +3,7 @@ package waf
|
|||||||
import (
|
import (
|
||||||
"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
|
"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
|
||||||
"github.com/iwind/TeaGo/logs"
|
"github.com/iwind/TeaGo/logs"
|
||||||
|
"github.com/iwind/TeaGo/types"
|
||||||
"net/http"
|
"net/http"
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -27,7 +28,7 @@ func (this *GoGroupAction) WillChange() bool {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (this *GoGroupAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) (allow bool) {
|
func (this *GoGroupAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) (allow bool) {
|
||||||
nextGroup := waf.FindRuleGroup(this.GroupId)
|
nextGroup := waf.FindRuleGroup(types.Int64(this.GroupId))
|
||||||
if nextGroup == nil || !nextGroup.IsOn {
|
if nextGroup == nil || !nextGroup.IsOn {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -3,6 +3,7 @@ package waf
|
|||||||
import (
|
import (
|
||||||
"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
|
"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
|
||||||
"github.com/iwind/TeaGo/logs"
|
"github.com/iwind/TeaGo/logs"
|
||||||
|
"github.com/iwind/TeaGo/types"
|
||||||
"net/http"
|
"net/http"
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -28,11 +29,11 @@ func (this *GoSetAction) WillChange() bool {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (this *GoSetAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) (allow bool) {
|
func (this *GoSetAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) (allow bool) {
|
||||||
nextGroup := waf.FindRuleGroup(this.GroupId)
|
nextGroup := waf.FindRuleGroup(types.Int64(this.GroupId))
|
||||||
if nextGroup == nil || !nextGroup.IsOn {
|
if nextGroup == nil || !nextGroup.IsOn {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
nextSet := nextGroup.FindRuleSet(this.SetId)
|
nextSet := nextGroup.FindRuleSet(types.Int64(this.SetId))
|
||||||
if nextSet == nil || !nextSet.IsOn {
|
if nextSet == nil || !nextSet.IsOn {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -5,6 +5,7 @@ import (
|
|||||||
"github.com/TeaOSLab/EdgeNode/internal/utils"
|
"github.com/TeaOSLab/EdgeNode/internal/utils"
|
||||||
"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
|
"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
|
||||||
"github.com/iwind/TeaGo/maps"
|
"github.com/iwind/TeaGo/maps"
|
||||||
|
"github.com/iwind/TeaGo/types"
|
||||||
"net/http"
|
"net/http"
|
||||||
"time"
|
"time"
|
||||||
)
|
)
|
||||||
@@ -41,7 +42,7 @@ func (this *Post307Action) Perform(waf *WAF, group *RuleGroup, set *RuleSet, req
|
|||||||
}
|
}
|
||||||
|
|
||||||
// 是否已经在白名单中
|
// 是否已经在白名单中
|
||||||
if SharedIPWhiteList.Contains("set:"+set.Id, this.Scope, request.WAFServerId(), request.WAFRemoteIP()) {
|
if SharedIPWhiteList.Contains("set:"+types.String(set.Id), this.Scope, request.WAFServerId(), request.WAFRemoteIP()) {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -2,10 +2,12 @@ package waf
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
|
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
|
||||||
|
teaconst "github.com/TeaOSLab/EdgeNode/internal/const"
|
||||||
"github.com/TeaOSLab/EdgeNode/internal/events"
|
"github.com/TeaOSLab/EdgeNode/internal/events"
|
||||||
"github.com/TeaOSLab/EdgeNode/internal/remotelogs"
|
"github.com/TeaOSLab/EdgeNode/internal/remotelogs"
|
||||||
"github.com/TeaOSLab/EdgeNode/internal/rpc"
|
"github.com/TeaOSLab/EdgeNode/internal/rpc"
|
||||||
"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
|
"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
|
||||||
|
"github.com/iwind/TeaGo/types"
|
||||||
"net/http"
|
"net/http"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
@@ -16,6 +18,11 @@ type recordIPTask struct {
|
|||||||
listId int64
|
listId int64
|
||||||
expiredAt int64
|
expiredAt int64
|
||||||
level string
|
level string
|
||||||
|
|
||||||
|
sourceServerId int64
|
||||||
|
sourceHTTPFirewallPolicyId int64
|
||||||
|
sourceHTTPFirewallRuleGroupId int64
|
||||||
|
sourceHTTPFirewallRuleSetId int64
|
||||||
}
|
}
|
||||||
|
|
||||||
var recordIPTaskChan = make(chan *recordIPTask, 1024)
|
var recordIPTaskChan = make(chan *recordIPTask, 1024)
|
||||||
@@ -42,6 +49,11 @@ func init() {
|
|||||||
Reason: "触发WAF规则自动加入",
|
Reason: "触发WAF规则自动加入",
|
||||||
Type: ipType,
|
Type: ipType,
|
||||||
EventLevel: task.level,
|
EventLevel: task.level,
|
||||||
|
SourceNodeId: teaconst.NodeId,
|
||||||
|
SourceServerId: task.sourceServerId,
|
||||||
|
SourceHTTPFirewallPolicyId: task.sourceHTTPFirewallPolicyId,
|
||||||
|
SourceHTTPFirewallRuleGroupId: task.sourceHTTPFirewallRuleGroupId,
|
||||||
|
SourceHTTPFirewallRuleSetId: task.sourceHTTPFirewallRuleSetId,
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
remotelogs.Error("WAF_RECORD_IP_ACTION", "create ip item failed: "+err.Error())
|
remotelogs.Error("WAF_RECORD_IP_ACTION", "create ip item failed: "+err.Error())
|
||||||
@@ -79,7 +91,7 @@ func (this *RecordIPAction) WillChange() bool {
|
|||||||
|
|
||||||
func (this *RecordIPAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) (allow bool) {
|
func (this *RecordIPAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) (allow bool) {
|
||||||
// 是否在本地白名单中
|
// 是否在本地白名单中
|
||||||
if SharedIPWhiteList.Contains("set:"+set.Id, this.Scope, request.WAFServerId(), request.WAFRemoteIP()) {
|
if SharedIPWhiteList.Contains("set:"+types.String(set.Id), this.Scope, request.WAFServerId(), request.WAFRemoteIP()) {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -98,7 +110,7 @@ func (this *RecordIPAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, re
|
|||||||
SharedIPBlackList.Add(IPTypeAll, this.Scope, request.WAFServerId(), request.WAFRemoteIP(), expiredAt)
|
SharedIPBlackList.Add(IPTypeAll, this.Scope, request.WAFServerId(), request.WAFRemoteIP(), expiredAt)
|
||||||
} else {
|
} else {
|
||||||
// 加入本地白名单
|
// 加入本地白名单
|
||||||
SharedIPWhiteList.Add("set:"+set.Id, this.Scope, request.WAFServerId(), request.WAFRemoteIP(), expiredAt)
|
SharedIPWhiteList.Add("set:"+types.String(set.Id), this.Scope, request.WAFServerId(), request.WAFRemoteIP(), expiredAt)
|
||||||
}
|
}
|
||||||
|
|
||||||
// 上报
|
// 上报
|
||||||
@@ -109,6 +121,10 @@ func (this *RecordIPAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, re
|
|||||||
listId: this.IPListId,
|
listId: this.IPListId,
|
||||||
expiredAt: expiredAt,
|
expiredAt: expiredAt,
|
||||||
level: this.Level,
|
level: this.Level,
|
||||||
|
sourceServerId: request.WAFServerId(),
|
||||||
|
sourceHTTPFirewallPolicyId: waf.Id,
|
||||||
|
sourceHTTPFirewallRuleGroupId: group.Id,
|
||||||
|
sourceHTTPFirewallRuleSetId: set.Id,
|
||||||
}:
|
}:
|
||||||
default:
|
default:
|
||||||
|
|
||||||
|
|||||||
@@ -6,7 +6,7 @@ import (
|
|||||||
|
|
||||||
// rule group
|
// rule group
|
||||||
type RuleGroup struct {
|
type RuleGroup struct {
|
||||||
Id string `yaml:"id" json:"id"`
|
Id int64 `yaml:"id" json:"id"`
|
||||||
IsOn bool `yaml:"isOn" json:"isOn"`
|
IsOn bool `yaml:"isOn" json:"isOn"`
|
||||||
Name string `yaml:"name" json:"name"` // such as SQL Injection
|
Name string `yaml:"name" json:"name"` // such as SQL Injection
|
||||||
Description string `yaml:"description" json:"description"`
|
Description string `yaml:"description" json:"description"`
|
||||||
@@ -41,10 +41,7 @@ func (this *RuleGroup) AddRuleSet(ruleSet *RuleSet) {
|
|||||||
this.RuleSets = append(this.RuleSets, ruleSet)
|
this.RuleSets = append(this.RuleSets, ruleSet)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (this *RuleGroup) FindRuleSet(id string) *RuleSet {
|
func (this *RuleGroup) FindRuleSet(id int64) *RuleSet {
|
||||||
if len(id) == 0 {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
for _, ruleSet := range this.RuleSets {
|
for _, ruleSet := range this.RuleSets {
|
||||||
if ruleSet.Id == id {
|
if ruleSet.Id == id {
|
||||||
return ruleSet
|
return ruleSet
|
||||||
@@ -65,10 +62,7 @@ func (this *RuleGroup) FindRuleSetWithCode(code string) *RuleSet {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (this *RuleGroup) RemoveRuleSet(id string) {
|
func (this *RuleGroup) RemoveRuleSet(id int64) {
|
||||||
if len(id) == 0 {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
result := []*RuleSet{}
|
result := []*RuleSet{}
|
||||||
for _, ruleSet := range this.RuleSets {
|
for _, ruleSet := range this.RuleSets {
|
||||||
if ruleSet.Id == id {
|
if ruleSet.Id == id {
|
||||||
|
|||||||
@@ -6,7 +6,6 @@ import (
|
|||||||
"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
|
"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
|
||||||
"github.com/iwind/TeaGo/lists"
|
"github.com/iwind/TeaGo/lists"
|
||||||
"github.com/iwind/TeaGo/maps"
|
"github.com/iwind/TeaGo/maps"
|
||||||
"github.com/iwind/TeaGo/utils/string"
|
|
||||||
"net/http"
|
"net/http"
|
||||||
"sort"
|
"sort"
|
||||||
)
|
)
|
||||||
@@ -19,7 +18,7 @@ const (
|
|||||||
)
|
)
|
||||||
|
|
||||||
type RuleSet struct {
|
type RuleSet struct {
|
||||||
Id string `yaml:"id" json:"id"`
|
Id int64 `yaml:"id" json:"id"`
|
||||||
Code string `yaml:"code" json:"code"`
|
Code string `yaml:"code" json:"code"`
|
||||||
IsOn bool `yaml:"isOn" json:"isOn"`
|
IsOn bool `yaml:"isOn" json:"isOn"`
|
||||||
Name string `yaml:"name" json:"name"`
|
Name string `yaml:"name" json:"name"`
|
||||||
@@ -36,7 +35,6 @@ type RuleSet struct {
|
|||||||
|
|
||||||
func NewRuleSet() *RuleSet {
|
func NewRuleSet() *RuleSet {
|
||||||
return &RuleSet{
|
return &RuleSet{
|
||||||
Id: stringutil.Rand(16),
|
|
||||||
IsOn: true,
|
IsOn: true,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -2,7 +2,7 @@ package waf
|
|||||||
|
|
||||||
func Template() *WAF {
|
func Template() *WAF {
|
||||||
waf := NewWAF()
|
waf := NewWAF()
|
||||||
waf.Id = "template"
|
waf.Id = 0
|
||||||
waf.IsOn = true
|
waf.IsOn = true
|
||||||
|
|
||||||
// xss
|
// xss
|
||||||
|
|||||||
@@ -8,7 +8,6 @@ import (
|
|||||||
"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
|
"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
|
||||||
"github.com/iwind/TeaGo/Tea"
|
"github.com/iwind/TeaGo/Tea"
|
||||||
"github.com/iwind/TeaGo/files"
|
"github.com/iwind/TeaGo/files"
|
||||||
"github.com/iwind/TeaGo/utils/string"
|
|
||||||
"gopkg.in/yaml.v3"
|
"gopkg.in/yaml.v3"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"net/http"
|
"net/http"
|
||||||
@@ -16,7 +15,7 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
type WAF struct {
|
type WAF struct {
|
||||||
Id string `yaml:"id" json:"id"`
|
Id int64 `yaml:"id" json:"id"`
|
||||||
IsOn bool `yaml:"isOn" json:"isOn"`
|
IsOn bool `yaml:"isOn" json:"isOn"`
|
||||||
Name string `yaml:"name" json:"name"`
|
Name string `yaml:"name" json:"name"`
|
||||||
Inbound []*RuleGroup `yaml:"inbound" json:"inbound"`
|
Inbound []*RuleGroup `yaml:"inbound" json:"inbound"`
|
||||||
@@ -35,7 +34,6 @@ type WAF struct {
|
|||||||
|
|
||||||
func NewWAF() *WAF {
|
func NewWAF() *WAF {
|
||||||
return &WAF{
|
return &WAF{
|
||||||
Id: stringutil.Rand(16),
|
|
||||||
IsOn: true,
|
IsOn: true,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -121,11 +119,7 @@ func (this *WAF) AddRuleGroup(ruleGroup *RuleGroup) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (this *WAF) RemoveRuleGroup(ruleGroupId string) {
|
func (this *WAF) RemoveRuleGroup(ruleGroupId int64) {
|
||||||
if len(ruleGroupId) == 0 {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
{
|
{
|
||||||
result := []*RuleGroup{}
|
result := []*RuleGroup{}
|
||||||
for _, group := range this.Inbound {
|
for _, group := range this.Inbound {
|
||||||
@@ -149,10 +143,7 @@ func (this *WAF) RemoveRuleGroup(ruleGroupId string) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (this *WAF) FindRuleGroup(ruleGroupId string) *RuleGroup {
|
func (this *WAF) FindRuleGroup(ruleGroupId int64) *RuleGroup {
|
||||||
if len(ruleGroupId) == 0 {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
for _, group := range this.Inbound {
|
for _, group := range this.Inbound {
|
||||||
if group.Id == ruleGroupId {
|
if group.Id == ruleGroupId {
|
||||||
return group
|
return group
|
||||||
@@ -396,10 +387,14 @@ func (this *WAF) MergeTemplate() (changedItems []string) {
|
|||||||
groups := []*RuleGroup{}
|
groups := []*RuleGroup{}
|
||||||
groups = append(groups, template.Inbound...)
|
groups = append(groups, template.Inbound...)
|
||||||
groups = append(groups, template.Outbound...)
|
groups = append(groups, template.Outbound...)
|
||||||
|
|
||||||
|
var newGroupId int64 = 1_000_000_000
|
||||||
|
|
||||||
for _, group := range groups {
|
for _, group := range groups {
|
||||||
oldGroup := this.FindRuleGroupWithCode(group.Code)
|
oldGroup := this.FindRuleGroupWithCode(group.Code)
|
||||||
if oldGroup == nil {
|
if oldGroup == nil {
|
||||||
group.Id = stringutil.Rand(16)
|
newGroupId++
|
||||||
|
group.Id = newGroupId
|
||||||
this.AddRuleGroup(group)
|
this.AddRuleGroup(group)
|
||||||
changedItems = append(changedItems, "+group "+group.Name)
|
changedItems = append(changedItems, "+group "+group.Name)
|
||||||
continue
|
continue
|
||||||
|
|||||||
Reference in New Issue
Block a user