优化删除IP名单时操作

2026-04-23 19:45:18 +08:00 · 2023-09-13 17:17:05 +08:00
parent b4b85c9166
commit 8133ba24f1
4 changed files with 112 additions and 9 deletions
--- a/internal/waf/action_record_ip.go
+++ b/internal/waf/action_record_ip.go
@@ -108,11 +108,12 @@ func init() {
 type RecordIPAction struct {
 	BaseAction

-	Type     string `yaml:"type" json:"type"`
-	IPListId int64  `yaml:"ipListId" json:"ipListId"`
-	Level    string `yaml:"level" json:"level"`
-	Timeout  int32  `yaml:"timeout" json:"timeout"`
-	Scope    string `yaml:"scope" json:"scope"`
+	Type            string `yaml:"type" json:"type"`
+	IPListId        int64  `yaml:"ipListId" json:"ipListId"`
+	IPListIsDeleted bool   `yaml:"ipListIsDeleted" json:"ipListIsDeleted"`
+	Level           string `yaml:"level" json:"level"`
+	Timeout         int32  `yaml:"timeout" json:"timeout"`
+	Scope           string `yaml:"scope" json:"scope"`
 }

 func (this *RecordIPAction) Init(waf *WAF) error {
@@ -132,6 +133,9 @@ func (this *RecordIPAction) WillChange() bool {
 }

 func (this *RecordIPAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) (continueRequest bool, goNextSet bool) {
+	// 是否已删除
+	var ipListIsAvailable = this.IPListId > 0 && !this.IPListIsDeleted && !ExistDeletedIPList(this.IPListId)
+
 	// 是否在本地白名单中
 	if SharedIPWhiteList.Contains("set:"+types.String(set.Id), this.Scope, request.WAFServerId(), request.WAFRemoteIP()) {
 		return true, false
@@ -152,14 +156,18 @@ func (this *RecordIPAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, re
 		request.WAFClose()

 		// 先加入本地的黑名单
-		SharedIPBlackList.Add(IPTypeAll, this.Scope, request.WAFServerId(), request.WAFRemoteIP(), expiresAt)
+		if ipListIsAvailable {
+			SharedIPBlackList.Add(IPTypeAll, this.Scope, request.WAFServerId(), request.WAFRemoteIP(), expiresAt)
+		}
 	} else {
 		// 加入本地白名单
-		SharedIPWhiteList.Add("set:"+types.String(set.Id), this.Scope, request.WAFServerId(), request.WAFRemoteIP(), expiresAt)
+		if ipListIsAvailable {
+			SharedIPWhiteList.Add("set:"+types.String(set.Id), this.Scope, request.WAFServerId(), request.WAFRemoteIP(), expiresAt)
+		}
 	}

 	// 上报
-	if this.IPListId > 0 {
+	if this.IPListId > 0 && ipListIsAvailable {
 		var serverId int64
 		if this.Scope == firewallconfigs.FirewallScopeService {
 			serverId = request.WAFServerId()
--- a/internal/waf/ip_lists_deleted.go
+++ b/internal/waf/ip_lists_deleted.go
@@ -0,0 +1,30 @@
+// Copyright 2023 GoEdge CDN goedge.cdn@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package waf
+
+import (
+	"github.com/TeaOSLab/EdgeNode/internal/zero"
+	"sync"
+)
+
+var deletedIPListIdMap = map[int64]zero.Zero{} // listId => Zero
+var deletedIPListLocker = sync.RWMutex{}
+
+// AddDeletedIPList add deleted ip list
+func AddDeletedIPList(ipListId int64) {
+	if ipListId <= 0 {
+		return
+	}
+
+	deletedIPListLocker.Lock()
+	deletedIPListIdMap[ipListId] = zero.Zero{}
+	deletedIPListLocker.Unlock()
+}
+
+// ExistDeletedIPList check if ip list has been deleted
+func ExistDeletedIPList(ipListId int64) bool {
+	deletedIPListLocker.RLock()
+	_, ok := deletedIPListIdMap[ipListId]
+	deletedIPListLocker.RUnlock()
+	return ok
+}