From fc06ea442de0d4442f2700d01e428c1ed91f0252 Mon Sep 17 00:00:00 2001
From: GoEdgeLab <goedgecloud@gmail.com>
Date: Tue, 6 Dec 2022 11:01:34 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8DWAF=E8=AE=B0=E5=BD=95IP?=
 =?UTF-8?q?=E5=8A=A8=E4=BD=9C=E6=97=B6=E6=97=A0=E6=B3=95=E4=B8=8D=E8=B6=85?=
 =?UTF-8?q?=E6=97=B6=E7=9A=84Bug?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 internal/waf/action_record_ip.go | 21 ++++++++++++++-------
 internal/waf/ip_list.go          |  2 +-
 2 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/internal/waf/action_record_ip.go b/internal/waf/action_record_ip.go
index 78741f7..a0ac7f6 100644
--- a/internal/waf/action_record_ip.go
+++ b/internal/waf/action_record_ip.go
@@ -18,7 +18,7 @@ import (
 type recordIPTask struct {
 	ip        string
 	listId    int64
-	expiredAt int64
+	expiresAt int64
 	level     string
 	serverId  int64
 
@@ -54,7 +54,7 @@ func init() {
 					IpListId:                      task.listId,
 					IpFrom:                        task.ip,
 					IpTo:                          "",
-					ExpiredAt:                     task.expiredAt,
+					ExpiredAt:                     task.expiresAt,
 					Reason:                        reason,
 					Type:                          ipType,
 					EventLevel:                    task.level,
@@ -105,11 +105,13 @@ func (this *RecordIPAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, re
 		return true, false
 	}
 
-	timeout := this.Timeout
+	var timeout = this.Timeout
+	var isForever = false
 	if timeout <= 0 {
+		isForever = true
 		timeout = 86400 // 1天
 	}
-	expiredAt := time.Now().Unix() + int64(timeout)
+	var expiresAt = time.Now().Unix() + int64(timeout)
 
 	if this.Type == "black" {
 		writer.WriteHeader(http.StatusForbidden)
@@ -117,10 +119,10 @@ func (this *RecordIPAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, re
 		request.WAFClose()
 
 		// 先加入本地的黑名单
-		SharedIPBlackList.Add(IPTypeAll, this.Scope, request.WAFServerId(), request.WAFRemoteIP(), expiredAt)
+		SharedIPBlackList.Add(IPTypeAll, this.Scope, request.WAFServerId(), request.WAFRemoteIP(), expiresAt)
 	} else {
 		// 加入本地白名单
-		SharedIPWhiteList.Add("set:"+types.String(set.Id), this.Scope, request.WAFServerId(), request.WAFRemoteIP(), expiredAt)
+		SharedIPWhiteList.Add("set:"+types.String(set.Id), this.Scope, request.WAFServerId(), request.WAFRemoteIP(), expiresAt)
 	}
 
 	// 上报
@@ -130,11 +132,16 @@ func (this *RecordIPAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, re
 			serverId = request.WAFServerId()
 		}
 
+		var realExpiresAt = expiresAt
+		if isForever {
+			realExpiresAt = 0
+		}
+
 		select {
 		case recordIPTaskChan <- &recordIPTask{
 			ip:                            request.WAFRemoteIP(),
 			listId:                        this.IPListId,
-			expiredAt:                     expiredAt,
+			expiresAt:                     realExpiresAt,
 			level:                         this.Level,
 			serverId:                      serverId,
 			sourceServerId:                request.WAFServerId(),
diff --git a/internal/waf/ip_list.go b/internal/waf/ip_list.go
index b053e48..e3a69c6 100644
--- a/internal/waf/ip_list.go
+++ b/internal/waf/ip_list.go
@@ -100,7 +100,7 @@ func (this *IPList) RecordIP(ipType string,
 		case recordIPTaskChan <- &recordIPTask{
 			ip:                            ip,
 			listId:                        firewallconfigs.GlobalListId,
-			expiredAt:                     expiresAt,
+			expiresAt:                     expiresAt,
 			level:                         firewallconfigs.DefaultEventLevel,
 			serverId:                      serverId,
 			sourceServerId:                serverId,