实现公用的IP名单

internal/nodes/http_request_waf.go

@@ -47,48 +47,55 @@ func (this *HTTPRequest) checkWAFRequest(firewallPolicy *firewallconfigs.HTTPFir
 	// 检查IP白名单
 	remoteAddrs := this.requestRemoteAddrs()
 	inbound := firewallPolicy.Inbound
-	if inbound.AllowListRef != nil && inbound.AllowListRef.IsOn && inbound.AllowListRef.ListId > 0 {
+	if inbound == nil {
-		list := iplibrary.SharedIPListManager.FindList(inbound.AllowListRef.ListId)
+		return
-		if list != nil {
+	}
-			found, _ := list.ContainsIPStrings(remoteAddrs)
+	for _, ref := range inbound.AllAllowListRefs() {
-			if found {
+		if ref.IsOn && ref.ListId > 0 {
-				breakChecking = true
+			list := iplibrary.SharedIPListManager.FindList(ref.ListId)
-				return
+			if list != nil {
+				found, _ := list.ContainsIPStrings(remoteAddrs)
+				if found {
+					breakChecking = true
+					return
+				}
 			}
 		}
 	}
 
 	// 检查IP黑名单
-	if inbound.DenyListRef != nil && inbound.DenyListRef.IsOn && inbound.DenyListRef.ListId > 0 {
+	for _, ref := range inbound.AllDenyListRefs() {
-		list := iplibrary.SharedIPListManager.FindList(inbound.DenyListRef.ListId)
+		if ref.IsOn && ref.ListId > 0 {
-		if list != nil {
+			list := iplibrary.SharedIPListManager.FindList(ref.ListId)
-			found, item := list.ContainsIPStrings(remoteAddrs)
+			if list != nil {
-			if found {
+				found, item := list.ContainsIPStrings(remoteAddrs)
-				// 触发事件
+				if found {
-				if item != nil && len(item.EventLevel) > 0 {
+					// 触发事件
-					actions := iplibrary.SharedActionManager.FindEventActions(item.EventLevel)
+					if item != nil && len(item.EventLevel) > 0 {
-					for _, action := range actions {
+						actions := iplibrary.SharedActionManager.FindEventActions(item.EventLevel)
-						goNext, err := action.DoHTTP(this.RawReq, this.RawWriter)
+						for _, action := range actions {
-						if err != nil {
+							goNext, err := action.DoHTTP(this.RawReq, this.RawWriter)
-							remotelogs.Error("HTTP_REQUEST_WAF", "do action '"+err.Error()+"' failed: "+err.Error())
+							if err != nil {
-							return true, false
+								remotelogs.Error("HTTP_REQUEST_WAF", "do action '"+err.Error()+"' failed: "+err.Error())
-						}
+								return true, false
-						if !goNext {
+							}
-							this.disableLog = true
+							if !goNext {
-							return true, false
+								this.disableLog = true
+								return true, false
+							}
 						}
 					}
+
+					// TODO 需要记录日志信息
+
+					this.writer.WriteHeader(http.StatusForbidden)
+					this.writer.Close()
+
+					// 停止日志
+					this.disableLog = true
+
+					return true, false
 				}
-
-				// TODO 需要记录日志信息
-
-				this.writer.WriteHeader(http.StatusForbidden)
-				this.writer.Close()
-
-				// 停止日志
-				this.disableLog = true
-
-				return true, false
 			}
 		}
 	}

internal/stats/http_request_stat_manager.go

@@ -17,7 +17,7 @@ import (
 
 var SharedHTTPRequestStatManager = NewHTTPRequestStatManager()
 
-// HTTP请求相关的统计
+// HTTPRequestStatManager HTTP请求相关的统计
 // 这里的统计是一个辅助统计，注意不要因为统计而影响服务工作性能
 type HTTPRequestStatManager struct {
 	ipChan                chan string
@@ -32,7 +32,7 @@ type HTTPRequestStatManager struct {
 	dailyFirewallRuleGroupMap map[string]int64 // serverId@firewallRuleGroupId@action => count
 }
 
-// 获取新对象
+// NewHTTPRequestStatManager 获取新对象
 func NewHTTPRequestStatManager() *HTTPRequestStatManager {
 	return &HTTPRequestStatManager{
 		ipChan:                    make(chan string, 10_000), // TODO 将来可以配置容量
@@ -46,7 +46,7 @@ func NewHTTPRequestStatManager() *HTTPRequestStatManager {
 	}
 }
 
-// 启动
+// Start 启动
 func (this *HTTPRequestStatManager) Start() {
 	loopTicker := time.NewTicker(1 * time.Second)
 	uploadTicker := time.NewTicker(30 * time.Minute)
@@ -76,7 +76,7 @@ func (this *HTTPRequestStatManager) Start() {
 	}
 }
 
-// 添加客户端地址
+// AddRemoteAddr 添加客户端地址
 func (this *HTTPRequestStatManager) AddRemoteAddr(serverId int64, remoteAddr string) {
 	if len(remoteAddr) == 0 {
 		return
@@ -100,7 +100,7 @@ func (this *HTTPRequestStatManager) AddRemoteAddr(serverId int64, remoteAddr str
 	}
 }
 
-// 添加UserAgent
+// AddUserAgent 添加UserAgent
 func (this *HTTPRequestStatManager) AddUserAgent(serverId int64, userAgent string) {
 	if len(userAgent) == 0 {
 		return
@@ -113,7 +113,7 @@ func (this *HTTPRequestStatManager) AddUserAgent(serverId int64, userAgent strin
 	}
 }
 
-// 添加防火墙拦截动作
+// AddFirewallRuleGroupId 添加防火墙拦截动作
 func (this *HTTPRequestStatManager) AddFirewallRuleGroupId(serverId int64, firewallRuleGroupId int64, action string) {
 	if firewallRuleGroupId <= 0 {
 		return
@@ -125,7 +125,7 @@ func (this *HTTPRequestStatManager) AddFirewallRuleGroupId(serverId int64, firew
 	}
 }
 
-// 单个循环
+// Loop 单个循环
 func (this *HTTPRequestStatManager) Loop() error {
 	timeout := time.NewTimer(10 * time.Minute) // 执行的最大时间
 	userAgentParser := &user_agent.UserAgent{}
@@ -189,6 +189,7 @@ Loop:
 	return nil
 }
 
+// Upload 上传数据
 func (this *HTTPRequestStatManager) Upload() error {
 	// 上传统计数据
 	rpcClient, err := rpc.SharedRPC()