|
|
@@ -12,7 +12,6 @@ import (
|
|
|
"net"
|
|
|
"sort"
|
|
|
"strconv"
|
|
|
- "strings"
|
|
|
)
|
|
|
|
|
|
type WebForwardingService interface {
|
|
|
@@ -34,6 +33,7 @@ func NewWebForwardingService(
|
|
|
mq *rabbitmq.RabbitMQ,
|
|
|
gatewayGroupIpRep repository.GateWayGroupIpRepository,
|
|
|
gatewayGroupRep repository.GatewayGroupRepository,
|
|
|
+ cdn CdnService,
|
|
|
) WebForwardingService {
|
|
|
return &webForwardingService{
|
|
|
Service: service,
|
|
|
@@ -46,6 +46,7 @@ func NewWebForwardingService(
|
|
|
mq: mq,
|
|
|
gatewayGroupIpRep: gatewayGroupIpRep,
|
|
|
gatewayGroupRep: gatewayGroupRep,
|
|
|
+ cdn: cdn,
|
|
|
}
|
|
|
}
|
|
|
|
|
|
@@ -60,8 +61,18 @@ type webForwardingService struct {
|
|
|
mq *rabbitmq.RabbitMQ
|
|
|
gatewayGroupIpRep repository.GateWayGroupIpRepository
|
|
|
gatewayGroupRep repository.GatewayGroupRepository
|
|
|
+ cdn CdnService
|
|
|
}
|
|
|
|
|
|
+
|
|
|
+
|
|
|
+const (
|
|
|
+ isHttps = 1
|
|
|
+ protocolHttps = "https"
|
|
|
+ protocolHttp = "http"
|
|
|
+ proxyTypeSuffix = "Proxy"
|
|
|
+ defaultNodeClusterId = 1
|
|
|
+)
|
|
|
func (s *webForwardingService) require(ctx context.Context,req v1.GlobalRequire) (v1.GlobalRequire, error) {
|
|
|
var err error
|
|
|
var res v1.GlobalRequire
|
|
|
@@ -122,25 +133,8 @@ func (s *webForwardingService) GetWebForwarding(ctx context.Context, req v1.GetF
|
|
|
|
|
|
return v1.WebForwardingDataRequest{
|
|
|
Id: webForwarding.Id,
|
|
|
- WafWebId: webForwarding.WafWebId,
|
|
|
- Tag: webForwarding.Tag,
|
|
|
Port: webForwarding.Port,
|
|
|
Domain: webForwarding.Domain,
|
|
|
- CustomHost: webForwarding.CustomHost,
|
|
|
- WafWebLimitId: webForwarding.WebLimitRuleId,
|
|
|
- WafGatewayGroupId: webForwarding.WafGatewayGroupId,
|
|
|
- CcCount: webForwarding.CcCount,
|
|
|
- CcDuration: webForwarding.CcDuration,
|
|
|
- CcBlockCount: webForwarding.CcBlockCount,
|
|
|
- CcBlockDuration: webForwarding.CcBlockDuration,
|
|
|
- Cc4xxCount: webForwarding.Cc4xxCount,
|
|
|
- Cc4xxDuration: webForwarding.Cc4xxDuration,
|
|
|
- Cc4xxBlockCount: webForwarding.Cc4xxBlockCount,
|
|
|
- Cc4xxBlockDuration: webForwarding.Cc4xxBlockDuration,
|
|
|
- Cc5xxCount: webForwarding.Cc5xxCount,
|
|
|
- Cc5xxDuration: webForwarding.Cc5xxDuration,
|
|
|
- Cc5xxBlockCount: webForwarding.Cc5xxBlockCount,
|
|
|
- Cc5xxBlockDuration: webForwarding.Cc5xxBlockDuration,
|
|
|
IsHttps: webForwarding.IsHttps,
|
|
|
Comment: webForwarding.Comment,
|
|
|
BackendList: backend.BackendList,
|
|
|
@@ -152,80 +146,29 @@ func (s *webForwardingService) GetWebForwarding(ctx context.Context, req v1.GetF
|
|
|
}, nil
|
|
|
}
|
|
|
|
|
|
-// buildWafFormData 辅助函数,用于构建通用的 formData
|
|
|
-func (s *webForwardingService) buildWafFormData(req *v1.WebForwardingDataSend, require v1.GlobalRequire) map[string]interface{} {
|
|
|
- // 将BackendList序列化为JSON字符串
|
|
|
- backendJSON, err := json.MarshalIndent(req.BackendList, "", " ")
|
|
|
- var backendStr interface{}
|
|
|
- if err != nil {
|
|
|
- // 如果序列化失败,使用空数组
|
|
|
- backendStr = "[]"
|
|
|
- } else {
|
|
|
- // 成功序列化后,使用JSON字符串
|
|
|
- backendStr = string(backendJSON)
|
|
|
- }
|
|
|
-
|
|
|
- return map[string]interface{}{
|
|
|
- "waf_web_id": req.WafWebId,
|
|
|
- "port": req.Port,
|
|
|
- "domain": req.Domain,
|
|
|
- "custom_host": req.CustomHost,
|
|
|
- "cc_count": req.CcCount,
|
|
|
- "cc_duration": req.CcDuration,
|
|
|
- "cc_block_count": req.CcBlockCount,
|
|
|
- "cc_block_duration": req.CcBlockDuration,
|
|
|
- "cc_4xx_count": req.Cc4xxCount,
|
|
|
- "cc_4xx_duration": req.Cc4xxDuration,
|
|
|
- "cc_4xx_block_count": req.Cc4xxBlockCount,
|
|
|
- "cc_4xx_block_duration": req.Cc4xxBlockDuration,
|
|
|
- "cc_5xx_count": req.Cc5xxCount,
|
|
|
- "cc_5xx_duration": req.Cc5xxDuration,
|
|
|
- "cc_5xx_block_count": req.Cc5xxBlockCount,
|
|
|
- "cc_5xx_block_duration": req.Cc5xxBlockDuration,
|
|
|
- "backend": backendStr,
|
|
|
- "allow_ip_list": req.AllowIpList,
|
|
|
- "deny_ip_list": req.DenyIpList,
|
|
|
- "access_rule": req.AccessRule,
|
|
|
- "is_https": req.IsHttps,
|
|
|
- "comment": req.Comment,
|
|
|
- "https_cert": req.HttpsCert,
|
|
|
- "https_key": req.HttpsKey,
|
|
|
- }
|
|
|
-}
|
|
|
|
|
|
// buildWebForwardingModel 辅助函数,用于构建通用的 WebForwarding 模型
|
|
|
// ruleId 是从 WAF 系统获取的 ID
|
|
|
-func (s *webForwardingService) buildWebForwardingModel(req *v1.WebForwardingDataRequest,ruleId int, require v1.GlobalRequire) *model.WebForwarding {
|
|
|
+func (s *webForwardingService) buildWebForwardingModel(req *v1.WebForwardingDataRequest,ruleId int, require RequireResponse) *model.WebForwarding {
|
|
|
return &model.WebForwarding{
|
|
|
- HostId: require.HostId,
|
|
|
- WafWebId: ruleId,
|
|
|
- Port: req.Port,
|
|
|
- Domain: req.Domain,
|
|
|
- CustomHost: req.CustomHost,
|
|
|
- CcCount: req.CcCount,
|
|
|
- CcDuration: req.CcDuration,
|
|
|
- CcBlockCount: req.CcBlockCount,
|
|
|
- CcBlockDuration: req.CcBlockDuration,
|
|
|
- Cc4xxCount: req.Cc4xxCount,
|
|
|
- Cc4xxDuration: req.Cc4xxDuration,
|
|
|
- Cc4xxBlockCount: req.Cc4xxBlockCount,
|
|
|
- Cc4xxBlockDuration: req.Cc4xxBlockDuration,
|
|
|
- Cc5xxCount: req.Cc5xxCount,
|
|
|
- Cc5xxDuration: req.Cc5xxDuration,
|
|
|
- Cc5xxBlockCount: req.Cc5xxBlockCount,
|
|
|
- Cc5xxBlockDuration: req.Cc5xxBlockDuration,
|
|
|
- IsHttps: req.IsHttps,
|
|
|
- Comment: req.Comment,
|
|
|
- HttpsCert: req.HttpsCert,
|
|
|
- HttpsKey: req.HttpsKey,
|
|
|
+ HostId: require.HostId,
|
|
|
+ CdnWebId: ruleId,
|
|
|
+ Port: req.Port,
|
|
|
+ Domain: req.Domain,
|
|
|
+ IsHttps: req.IsHttps,
|
|
|
+ Comment: req.Comment,
|
|
|
+ HttpsCert: req.HttpsCert,
|
|
|
+ HttpsKey: req.HttpsKey,
|
|
|
+ SslCertId: int(req.SslCertId),
|
|
|
}
|
|
|
}
|
|
|
|
|
|
-func (s *webForwardingService) buildWebRuleModel(reqData *v1.WebForwardingDataRequest, require v1.GlobalRequire, localDbId int) *model.WebForwardingRule {
|
|
|
+func (s *webForwardingService) buildWebRuleModel(reqData *v1.WebForwardingDataRequest, require RequireResponse, localDbId int, cdnOriginIds map[string]int64) *model.WebForwardingRule {
|
|
|
return &model.WebForwardingRule{
|
|
|
Uid: require.Uid,
|
|
|
HostId: require.HostId,
|
|
|
- WebId: localDbId, // 关联到本地数据库的主记录 ID
|
|
|
+ WebId: localDbId,
|
|
|
+ CdnOriginIds: cdnOriginIds,
|
|
|
BackendList: reqData.BackendList,
|
|
|
AllowIpList: reqData.AllowIpList,
|
|
|
DenyIpList: reqData.DenyIpList,
|
|
|
@@ -233,301 +176,428 @@ func (s *webForwardingService) buildWebRuleModel(reqData *v1.WebForwardingDataRe
|
|
|
}
|
|
|
}
|
|
|
|
|
|
-func (s *webForwardingService) prepareWafData(ctx context.Context, req *v1.WebForwardingRequest) (v1.GlobalRequire, map[string]interface{}, error) {
|
|
|
- // 1. 获取必要的全局信息
|
|
|
- require, err := s.require(ctx, v1.GlobalRequire{
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+// =================================================================
|
|
|
+// 主函数:prepareWafData
|
|
|
+// 职责:协调整个流程,负责获取前置配置和组装最终的 formData。
|
|
|
+// =================================================================
|
|
|
+func (s *webForwardingService) prepareWafData(ctx context.Context, req *v1.WebForwardingRequest) (RequireResponse, v1.Website, error) {
|
|
|
+ // 1. 获取基础配置
|
|
|
+ require, err := s.wafformatter.Require(ctx, v1.GlobalRequire{
|
|
|
HostId: req.HostId,
|
|
|
Uid: req.Uid,
|
|
|
Comment: req.WebForwardingData.Comment,
|
|
|
- Domain: req.WebForwardingData.Domain,
|
|
|
})
|
|
|
if err != nil {
|
|
|
- return v1.GlobalRequire{}, nil, err
|
|
|
+ return RequireResponse{}, v1.Website{}, fmt.Errorf("获取WAF前置配置失败: %w", err)
|
|
|
+ }
|
|
|
+ if require.GatewayGroupId == 0 || require.Uid == 0 {
|
|
|
+ return RequireResponse{}, v1.Website{}, fmt.Errorf("请先配置实例")
|
|
|
+ }
|
|
|
+
|
|
|
+ // 2. 调用辅助函数,构建核心的代理配置 (将复杂逻辑封装起来)
|
|
|
+ apiType, byteData, err := s.buildProxyJSONConfig(ctx, req, require)
|
|
|
+ if err != nil {
|
|
|
+ return RequireResponse{}, v1.Website{}, err // 错误信息在辅助函数中已经包装好了
|
|
|
}
|
|
|
|
|
|
+ var serverName []string
|
|
|
+ var serverJson []byte
|
|
|
+ if req.WebForwardingData.Domain != "" {
|
|
|
+ serverName = append(serverName, req.WebForwardingData.Domain)
|
|
|
+ serverJson, err = json.Marshal(serverName)
|
|
|
+ if err != nil {
|
|
|
+ return RequireResponse{}, v1.Website{}, err
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ // 3. 组装最终的 WAF 表单数据
|
|
|
+ formData := v1.Website{
|
|
|
+ UserId: int64(require.CdnUid),
|
|
|
+ Type: apiType + proxyTypeSuffix,
|
|
|
+ Name: require.Tag,
|
|
|
+ ServerNamesJSON : serverJson,
|
|
|
+ Description: req.WebForwardingData.Comment,
|
|
|
+ ServerGroupIds: []int64{int64(require.GroupId)},
|
|
|
+ UserPlanId: int64(require.RuleId),
|
|
|
+ NodeClusterId: defaultNodeClusterId,
|
|
|
+ }
|
|
|
|
|
|
- // 2. 将字符串切片拼接成字符串,用于 WAF API
|
|
|
- allowIpListStr := strings.Join(req.WebForwardingData.AllowIpList, "\n")
|
|
|
- denyIpListStr := strings.Join(req.WebForwardingData.DenyIpList, "\n")
|
|
|
+ var noSslByteData, _ = json.Marshal(v1.TypeJSON{IsOn: false})
|
|
|
|
|
|
- PortInt, err := strconv.Atoi(req.WebForwardingData.Port)
|
|
|
- if err != nil {
|
|
|
- return v1.GlobalRequire{}, nil, err
|
|
|
- }
|
|
|
- // 3. 创建用于构建 WAF 表单的数据结构
|
|
|
- formDataBase := v1.WebForwardingDataSend{
|
|
|
- WafWebId: req.WebForwardingData.WafWebId,
|
|
|
- Port: PortInt,
|
|
|
- Domain: req.WebForwardingData.Domain,
|
|
|
- CustomHost: req.WebForwardingData.CustomHost,
|
|
|
- CcCount: req.WebForwardingData.CcCount,
|
|
|
- CcDuration: req.WebForwardingData.CcDuration,
|
|
|
- CcBlockCount: req.WebForwardingData.CcBlockCount,
|
|
|
- CcBlockDuration: req.WebForwardingData.CcBlockDuration,
|
|
|
- Cc4xxCount: req.WebForwardingData.Cc4xxCount,
|
|
|
- Cc4xxDuration: req.WebForwardingData.Cc4xxDuration,
|
|
|
- Cc4xxBlockCount: req.WebForwardingData.Cc4xxBlockCount,
|
|
|
- Cc4xxBlockDuration: req.WebForwardingData.Cc4xxBlockDuration,
|
|
|
- Cc5xxCount: req.WebForwardingData.Cc5xxCount,
|
|
|
- Cc5xxDuration: req.WebForwardingData.Cc5xxDuration,
|
|
|
- Cc5xxBlockCount: req.WebForwardingData.Cc5xxBlockCount,
|
|
|
- Cc5xxBlockDuration: req.WebForwardingData.Cc5xxBlockDuration,
|
|
|
- IsHttps: req.WebForwardingData.IsHttps,
|
|
|
- BackendList: req.WebForwardingData.BackendList,
|
|
|
- AllowIpList: allowIpListStr,
|
|
|
- DenyIpList: denyIpListStr,
|
|
|
- AccessRule: req.WebForwardingData.AccessRule,
|
|
|
- Comment: req.WebForwardingData.Comment,
|
|
|
- HttpsCert: req.WebForwardingData.HttpsCert,
|
|
|
- HttpsKey: req.WebForwardingData.HttpsKey,
|
|
|
- }
|
|
|
-
|
|
|
- // 4. 构建 WAF 表单数据映射
|
|
|
- formData := s.buildWafFormData(&formDataBase, require)
|
|
|
+ // 4. 根据协议类型,填充 HttpJSON 和 HttpsJSON 字段
|
|
|
+ if req.WebForwardingData.IsHttps == isHttps {
|
|
|
+ formData.HttpJSON = noSslByteData
|
|
|
+ formData.HttpsJSON = byteData
|
|
|
+ } else {
|
|
|
+ formData.HttpJSON = byteData
|
|
|
+ formData.HttpsJSON = noSslByteData
|
|
|
+ }
|
|
|
|
|
|
return require, formData, nil
|
|
|
}
|
|
|
|
|
|
|
|
|
+// =================================================================
|
|
|
+// 辅助函数:buildProxyJSONConfig
|
|
|
+// 职责:专门负责处理 HTTP/HTTPS 的差异,并生成对应的 JSON 配置。
|
|
|
+// =================================================================
|
|
|
+func (s *webForwardingService) buildProxyJSONConfig(ctx context.Context, req *v1.WebForwardingRequest, require RequireResponse) (string, []byte, error) {
|
|
|
+ var (
|
|
|
+ jsonData v1.TypeJSON
|
|
|
+ apiType string
|
|
|
+ err error
|
|
|
+ )
|
|
|
+ jsonData.IsOn = true
|
|
|
+
|
|
|
+ // 判断协议类型,并处理 HTTPS 的特殊逻辑(证书)
|
|
|
+ if req.WebForwardingData.IsHttps == isHttps {
|
|
|
+ apiType = protocolHttps
|
|
|
+
|
|
|
+ req.WebForwardingData.SslCertId, err = s.cdn.AddSSLCert(ctx, v1.SSlCert{
|
|
|
+ UserId: int64(require.CdnUid),
|
|
|
+ Name: req.WebForwardingData.Domain,
|
|
|
+ Description: req.WebForwardingData.Comment,
|
|
|
+ CertData: []byte(req.WebForwardingData.HttpsCert),
|
|
|
+ KeyData: []byte(req.WebForwardingData.HttpsKey),
|
|
|
+ IsSelfSigned: false,
|
|
|
+ })
|
|
|
+ if err != nil {
|
|
|
+ return "", nil, fmt.Errorf("添加SSL证书失败: %w", err)
|
|
|
+ }
|
|
|
+ jsonData.SslPolicyRef.IsOn = true
|
|
|
+ jsonData.SslPolicyRef.SslPolicyId = req.WebForwardingData.SslCertId
|
|
|
+ } else {
|
|
|
+ apiType = protocolHttp
|
|
|
+ }
|
|
|
|
|
|
-func (s *webForwardingService) AddWebForwarding(ctx context.Context, req *v1.WebForwardingRequest) error {
|
|
|
- //require, formData, err := s.prepareWafData(ctx, req)
|
|
|
- //if err != nil {
|
|
|
- // return err
|
|
|
- //}
|
|
|
- //err = s.wafformatter.validateWafPortCount(ctx, require.HostId)
|
|
|
- //if err != nil {
|
|
|
- // return err
|
|
|
- //}
|
|
|
- //
|
|
|
- //
|
|
|
- //gatewayIps, firstIp, err := s.wafformatter.GetIp(ctx, require.WafGatewayGroupId)
|
|
|
- //if err != nil {
|
|
|
- // return err
|
|
|
- //}
|
|
|
- //if req.WebForwardingData.Domain != "" {
|
|
|
- // // 异步任务:将域名添加到白名单
|
|
|
- // doMain, err := s.wafformatter.ConvertToWildcardDomain(ctx, req.WebForwardingData.Domain)
|
|
|
- // if err != nil {
|
|
|
- // return err
|
|
|
- // }
|
|
|
- // go s.wafformatter.PublishDomainWhitelistTask(doMain,firstIp, "add")
|
|
|
- //
|
|
|
- //}
|
|
|
- //
|
|
|
- //// IP过白
|
|
|
- //var ips []string
|
|
|
- //if req.WebForwardingData.BackendList != nil {
|
|
|
- // for _, v := range req.WebForwardingData.BackendList {
|
|
|
- // ip, _, err := net.SplitHostPort(v.Addr)
|
|
|
- // if err != nil {
|
|
|
- // return err
|
|
|
- // }
|
|
|
- // ips = append(ips,ip)
|
|
|
- // }
|
|
|
- // go s.wafformatter.PublishIpWhitelistTask(ips, "add","")
|
|
|
- //}
|
|
|
- //var accessRuleIps []string
|
|
|
- //if len(req.WebForwardingData.AllowIpList) > 0 {
|
|
|
- // for _, v := range gatewayIps {
|
|
|
- // for _, ip := range req.WebForwardingData.AllowIpList {
|
|
|
- // if net.ParseIP(ip) != nil{
|
|
|
- // accessRuleIps = append(accessRuleIps, ip)
|
|
|
- // }
|
|
|
- // }
|
|
|
- // go s.wafformatter.PublishIpWhitelistTask(accessRuleIps, "add",v)
|
|
|
- // }
|
|
|
- //}
|
|
|
- //
|
|
|
- //
|
|
|
- //
|
|
|
- //webModel := s.buildWebForwardingModel(&req.WebForwardingData, wafWebId, require)
|
|
|
- //
|
|
|
- //id, err := s.webForwardingRepository.AddWebForwarding(ctx, webModel)
|
|
|
- //if err != nil {
|
|
|
- // return err
|
|
|
- //}
|
|
|
- //webRuleModel := s.buildWebRuleModel(&req.WebForwardingData, require, id)
|
|
|
- //
|
|
|
- //
|
|
|
- //if _, err = s.webForwardingRepository.AddWebForwardingIps(ctx, *webRuleModel); err != nil {
|
|
|
- // return err
|
|
|
- //}
|
|
|
- return nil
|
|
|
-}
|
|
|
+ // 填充通用的 Listen 配置
|
|
|
+ for _, v := range require.GatewayIps {
|
|
|
+ jsonData.Listen = append(jsonData.Listen, v1.Listen{
|
|
|
+ Protocol: apiType,
|
|
|
+ Host: v,
|
|
|
+ Port: req.WebForwardingData.Port,
|
|
|
+ })
|
|
|
+ }
|
|
|
|
|
|
-func (s *webForwardingService) EditWebForwarding(ctx context.Context, req *v1.WebForwardingRequest) error {
|
|
|
- //WafWebId, err := s.webForwardingRepository.GetWebForwardingWafWebIdById(ctx, req.WebForwardingData.Id)
|
|
|
- //if err != nil {
|
|
|
- // return err
|
|
|
- //}
|
|
|
- //req.WebForwardingData.WafWebId = WafWebId
|
|
|
- //require, formData, err := s.prepareWafData(ctx, req)
|
|
|
- //if err != nil {
|
|
|
- // return err
|
|
|
- //}
|
|
|
- //_, err = s.wafformatter.sendFormData(ctx, "admin/info/waf_web/edit?&__goadmin_edit_pk="+strconv.Itoa(req.WebForwardingData.WafWebId), "admin/edit/waf_web", formData)
|
|
|
- //if err != nil {
|
|
|
- // return err
|
|
|
- //}
|
|
|
- //
|
|
|
- //// 将域名添加到白名单
|
|
|
- //webData, err := s.webForwardingRepository.GetWebForwarding(ctx, int64(req.WebForwardingData.Id))
|
|
|
- //if err != nil {
|
|
|
- // return err
|
|
|
- //}
|
|
|
- //gatewayIps, firstIp, err := s.wafformatter.GetIp(ctx, webData.WafGatewayGroupId)
|
|
|
- //if err != nil {
|
|
|
- // return err
|
|
|
- //}
|
|
|
- //// 异步任务:将域名添加到白名单
|
|
|
- //if webData.Domain != req.WebForwardingData.Domain {
|
|
|
- //
|
|
|
- // doMain, err := s.wafformatter.ConvertToWildcardDomain(ctx, req.WebForwardingData.Domain)
|
|
|
- // if err != nil {
|
|
|
- // return err
|
|
|
- // }
|
|
|
- // oldDomain, err := s.wafformatter.ConvertToWildcardDomain(ctx, webData.Domain)
|
|
|
- // if err != nil {
|
|
|
- // return err
|
|
|
- // }
|
|
|
- // go s.wafformatter.PublishDomainWhitelistTask(oldDomain, firstIp, "del")
|
|
|
- // go s.wafformatter.PublishDomainWhitelistTask(doMain, firstIp, "add")
|
|
|
- //}
|
|
|
- //
|
|
|
- //// IP过白
|
|
|
- //ipData, err := s.webForwardingRepository.GetWebForwardingIpsByID(ctx, req.WebForwardingData.Id)
|
|
|
- //if err != nil {
|
|
|
- // return err
|
|
|
- //}
|
|
|
- //var oldIps []string
|
|
|
- //var oldAllowIps []string
|
|
|
- //var newIps []string
|
|
|
- //var newAllowIps []string
|
|
|
- //for _, v := range ipData.BackendList {
|
|
|
- // ip, _, err := net.SplitHostPort(v.Addr)
|
|
|
- // if err != nil {
|
|
|
- // return err
|
|
|
- // }
|
|
|
- // oldIps = append(oldIps, ip)
|
|
|
- //
|
|
|
- //}
|
|
|
- //for _, v := range req.WebForwardingData.BackendList {
|
|
|
- // ip, _, err := net.SplitHostPort(v.Addr)
|
|
|
- // if err != nil {
|
|
|
- // return err
|
|
|
- // }
|
|
|
- // newIps = append(newIps, ip)
|
|
|
- //}
|
|
|
- //addedIps, removedIps := s.wafformatter.findIpDifferences(oldIps, newIps)
|
|
|
- //if len(addedIps) > 0 {
|
|
|
- // go s.wafformatter.PublishIpWhitelistTask(addedIps, "add","")
|
|
|
- //}
|
|
|
- //if len(removedIps) > 0 {
|
|
|
- // go s.wafformatter.PublishIpWhitelistTask(removedIps, "del","")
|
|
|
- //}
|
|
|
- //if len(ipData.AllowIpList) > 0 {
|
|
|
- // for _, v := range ipData.AllowIpList {
|
|
|
- // if net.ParseIP(v) != nil{
|
|
|
- // oldAllowIps = append(oldAllowIps, v)
|
|
|
- // }
|
|
|
- // }
|
|
|
- //}
|
|
|
- //
|
|
|
- //if len(req.WebForwardingData.AllowIpList) > 0 {
|
|
|
- // for _, v := range req.WebForwardingData.AllowIpList {
|
|
|
- // if net.ParseIP(v) != nil{
|
|
|
- // newAllowIps = append(newAllowIps, v)
|
|
|
- // }
|
|
|
- // }
|
|
|
- //}
|
|
|
- //addedAllowIps, removedAllowIps := s.wafformatter.findIpDifferences(oldAllowIps, newAllowIps)
|
|
|
- //for _, v := range gatewayIps {
|
|
|
- // if len(addedAllowIps) > 0 {
|
|
|
- // go s.wafformatter.PublishIpWhitelistTask(addedAllowIps, "add",v)
|
|
|
- // }
|
|
|
- // if len(removedAllowIps) > 0 {
|
|
|
- // go s.wafformatter.PublishIpWhitelistTask(removedAllowIps, "del",v)
|
|
|
- // }
|
|
|
- //}
|
|
|
- //
|
|
|
- //
|
|
|
- //
|
|
|
- //
|
|
|
- //
|
|
|
- //
|
|
|
- //
|
|
|
- //webModel := s.buildWebForwardingModel(&req.WebForwardingData, req.WebForwardingData.WafWebId, require)
|
|
|
- //webModel.Id = req.WebForwardingData.Id
|
|
|
- //if err = s.webForwardingRepository.EditWebForwarding(ctx, webModel); err != nil {
|
|
|
- // return err
|
|
|
- //}
|
|
|
- //webRuleModel := s.buildWebRuleModel(&req.WebForwardingData, require, req.WebForwardingData.Id)
|
|
|
- //if err = s.webForwardingRepository.EditWebForwardingIps(ctx, *webRuleModel); err != nil {
|
|
|
- // return err
|
|
|
- //}
|
|
|
- return nil
|
|
|
+ // 序列化为 JSON
|
|
|
+ byteData, err := json.Marshal(jsonData)
|
|
|
+ if err != nil {
|
|
|
+ return "", nil, fmt.Errorf("序列化WAF配置失败: %w", err)
|
|
|
+ }
|
|
|
+
|
|
|
+ return apiType, byteData, nil
|
|
|
}
|
|
|
|
|
|
-func (s *webForwardingService) DeleteWebForwarding(ctx context.Context, Ids []int) error {
|
|
|
- for _, Id := range Ids {
|
|
|
- wafWebId, err := s.webForwardingRepository.GetWebForwardingWafWebIdById(ctx, Id)
|
|
|
- if err != nil {
|
|
|
- return err
|
|
|
+
|
|
|
+
|
|
|
+func (s *webForwardingService) AddWebForwarding(ctx context.Context, req *v1.WebForwardingRequest) error {
|
|
|
+ require, formData, err := s.prepareWafData(ctx, req)
|
|
|
+ if err != nil {
|
|
|
+ return err
|
|
|
+ }
|
|
|
+ err = s.wafformatter.validateWafPortCount(ctx, require.HostId)
|
|
|
+ if err != nil {
|
|
|
+ return err
|
|
|
+ }
|
|
|
+
|
|
|
+ webId, err := s.cdn.CreateWebsite(ctx, formData)
|
|
|
+ if err != nil {
|
|
|
+ return err
|
|
|
+ }
|
|
|
+ backendList := make(map[string]string)
|
|
|
+ for _,k := range req.WebForwardingData.BackendList {
|
|
|
+ backendList[k.Addr] = k.CustomHost
|
|
|
+ }
|
|
|
+ // 添加源站
|
|
|
+ cdnOriginIds := make(map[string]int64)
|
|
|
+ for _, v := range req.WebForwardingData.BackendList {
|
|
|
+ var apiType string
|
|
|
+ if v.IsHttps == isHttps {
|
|
|
+ apiType = protocolHttps
|
|
|
+ }else {
|
|
|
+ apiType = protocolHttp
|
|
|
}
|
|
|
- _, err = s.crawler.DeleteRule(ctx, wafWebId, "admin/delete/waf_web?page=1&__pageSize=10&__sort=waf_web_id&__sort_type=desc")
|
|
|
+ id, err := s.wafformatter.AddOrigin(ctx, v1.WebJson{
|
|
|
+ ApiType: apiType,
|
|
|
+ BackendList: v.Addr,
|
|
|
+ Host: v.CustomHost,
|
|
|
+ Comment: req.WebForwardingData.Comment,
|
|
|
+ })
|
|
|
if err != nil {
|
|
|
return err
|
|
|
}
|
|
|
- webData, err := s.webForwardingRepository.GetWebForwarding(ctx, int64(Id))
|
|
|
+ cdnOriginIds[v.Addr] = id
|
|
|
+ }
|
|
|
+
|
|
|
+ // 添加源站到网站
|
|
|
+ for _, v := range cdnOriginIds {
|
|
|
+ err = s.cdn.AddServerOrigin(ctx, webId, v)
|
|
|
if err != nil {
|
|
|
return err
|
|
|
}
|
|
|
+ }
|
|
|
+
|
|
|
+ webModel := s.buildWebForwardingModel(&req.WebForwardingData, int(webId), require)
|
|
|
+
|
|
|
+ id, err := s.webForwardingRepository.AddWebForwarding(ctx, webModel)
|
|
|
+ if err != nil {
|
|
|
+ return err
|
|
|
+ }
|
|
|
+ webRuleModel := s.buildWebRuleModel(&req.WebForwardingData,require, id, cdnOriginIds)
|
|
|
+ if _, err = s.webForwardingRepository.AddWebForwardingIps(ctx, *webRuleModel); err != nil {
|
|
|
+ return err
|
|
|
+ }
|
|
|
+
|
|
|
+
|
|
|
|
|
|
- _, firstIp, err := s.wafformatter.GetIp(ctx, webData.WafGatewayGroupId)
|
|
|
+
|
|
|
+ if req.WebForwardingData.Domain != "" {
|
|
|
+ // 异步任务:将域名添加到白名单
|
|
|
+ doMain, err := s.wafformatter.ConvertToWildcardDomain(ctx, req.WebForwardingData.Domain)
|
|
|
if err != nil {
|
|
|
return err
|
|
|
}
|
|
|
- // 异步任务:将域名添加到白名单
|
|
|
- if webData.Domain != "" {
|
|
|
+ if len(require.GatewayIps) == 0 {
|
|
|
+ return fmt.Errorf("网关组不存在")
|
|
|
+ }
|
|
|
+ go s.wafformatter.PublishDomainWhitelistTask(doMain, require.GatewayIps[0], "add")
|
|
|
|
|
|
- doMain, err := s.wafformatter.ConvertToWildcardDomain(ctx, webData.Domain)
|
|
|
+ }
|
|
|
+
|
|
|
+ // IP过白
|
|
|
+ var ips []string
|
|
|
+ if req.WebForwardingData.BackendList != nil {
|
|
|
+ for _, v := range req.WebForwardingData.BackendList {
|
|
|
+ ip, _, err := net.SplitHostPort(v.Addr)
|
|
|
if err != nil {
|
|
|
return err
|
|
|
}
|
|
|
- go s.wafformatter.PublishDomainWhitelistTask(doMain,firstIp, "del")
|
|
|
- }
|
|
|
- // IP过白
|
|
|
- ipData, err := s.webForwardingRepository.GetWebForwardingIpsByID(ctx, Id)
|
|
|
- if err != nil {
|
|
|
- return err
|
|
|
+ ips = append(ips,ip)
|
|
|
}
|
|
|
- var ips []string
|
|
|
- if len(ipData.BackendList) > 0 {
|
|
|
- for _, v := range ipData.BackendList {
|
|
|
- ip, _, err := net.SplitHostPort(v.Addr)
|
|
|
- if err != nil {
|
|
|
- return err
|
|
|
+ go s.wafformatter.PublishIpWhitelistTask(ips, "add","")
|
|
|
+ }
|
|
|
+ var accessRuleIps []string
|
|
|
+ if len(req.WebForwardingData.AllowIpList) > 0 {
|
|
|
+ for _, v := range require.GatewayIps {
|
|
|
+ for _, ip := range req.WebForwardingData.AllowIpList {
|
|
|
+ if net.ParseIP(ip) != nil{
|
|
|
+ accessRuleIps = append(accessRuleIps, ip)
|
|
|
}
|
|
|
- ips = append(ips, ip)
|
|
|
}
|
|
|
+ go s.wafformatter.PublishIpWhitelistTask(accessRuleIps, "add",v)
|
|
|
}
|
|
|
- if len(ipData.AllowIpList) > 0 {
|
|
|
- ips = append(ips, ipData.AllowIpList...)
|
|
|
+ }
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ return nil
|
|
|
+}
|
|
|
+
|
|
|
+func (s *webForwardingService) EditWebForwarding(ctx context.Context, req *v1.WebForwardingRequest) error {
|
|
|
+
|
|
|
+ require, formData, err := s.prepareWafData(ctx, req)
|
|
|
+ if err != nil {
|
|
|
+ return err
|
|
|
+ }
|
|
|
+
|
|
|
+ oldData, err := s.webForwardingRepository.GetWebForwarding(ctx, int64(req.WebForwardingData.Id))
|
|
|
+ if err != nil {
|
|
|
+ return err
|
|
|
+ }
|
|
|
+
|
|
|
+ //修改网站端口
|
|
|
+ if oldData.Port != req.WebForwardingData.Port || oldData.Domain != req.WebForwardingData.Domain {
|
|
|
+ var typeJson []byte
|
|
|
+ var apiType string
|
|
|
+ if req.WebForwardingData.IsHttps == isHttps {
|
|
|
+ typeJson = formData.HttpJSON
|
|
|
+ apiType = protocolHttps
|
|
|
+ }else {
|
|
|
+ typeJson = formData.HttpsJSON
|
|
|
+ apiType = protocolHttp
|
|
|
+ }
|
|
|
+ err = s.cdn.EditServerType(ctx, v1.EditWebsite{
|
|
|
+ Id: int64(oldData.CdnWebId),
|
|
|
+ TypeJSON: typeJson,
|
|
|
+ }, apiType)
|
|
|
+ if err != nil {
|
|
|
+ return err
|
|
|
}
|
|
|
- if len(ips) > 0 {
|
|
|
- go s.wafformatter.PublishIpWhitelistTask(ips, "del","")
|
|
|
+ }
|
|
|
+
|
|
|
+ //修改网站名字
|
|
|
+ if oldData.Comment != req.WebForwardingData.Comment {
|
|
|
+ err = s.cdn.EditServerBasic(ctx, int64(oldData.CdnWebId), require.Tag)
|
|
|
+ if err != nil {
|
|
|
+ return err
|
|
|
}
|
|
|
+ }
|
|
|
+
|
|
|
+
|
|
|
|
|
|
|
|
|
- if err = s.webForwardingRepository.DeleteWebForwarding(ctx, int64(Id)); err != nil {
|
|
|
+ // 将域名添加到白名单
|
|
|
+ webData, err := s.webForwardingRepository.GetWebForwarding(ctx, int64(req.WebForwardingData.Id))
|
|
|
+ if err != nil {
|
|
|
+ return err
|
|
|
+ }
|
|
|
+ gatewayIps, firstIp, err := s.wafformatter.GetIp(ctx, webData.WafGatewayGroupId)
|
|
|
+ if err != nil {
|
|
|
+ return err
|
|
|
+ }
|
|
|
+ // 异步任务:将域名添加到白名单
|
|
|
+ if webData.Domain != req.WebForwardingData.Domain {
|
|
|
+
|
|
|
+ doMain, err := s.wafformatter.ConvertToWildcardDomain(ctx, req.WebForwardingData.Domain)
|
|
|
+ if err != nil {
|
|
|
+ return err
|
|
|
+ }
|
|
|
+ oldDomain, err := s.wafformatter.ConvertToWildcardDomain(ctx, webData.Domain)
|
|
|
+ if err != nil {
|
|
|
+ return err
|
|
|
+ }
|
|
|
+ go s.wafformatter.PublishDomainWhitelistTask(oldDomain, firstIp, "del")
|
|
|
+ go s.wafformatter.PublishDomainWhitelistTask(doMain, firstIp, "add")
|
|
|
+ }
|
|
|
+
|
|
|
+ // IP过白
|
|
|
+ ipData, err := s.webForwardingRepository.GetWebForwardingIpsByID(ctx, req.WebForwardingData.Id)
|
|
|
+ if err != nil {
|
|
|
+ return err
|
|
|
+ }
|
|
|
+ var oldIps []string
|
|
|
+ var oldAllowIps []string
|
|
|
+ var newIps []string
|
|
|
+ var newAllowIps []string
|
|
|
+ for _, v := range ipData.BackendList {
|
|
|
+ ip, _, err := net.SplitHostPort(v.Addr)
|
|
|
+ if err != nil {
|
|
|
return err
|
|
|
}
|
|
|
- if err = s.webForwardingRepository.DeleteWebForwardingIpsById(ctx, Id); err != nil {
|
|
|
+ oldIps = append(oldIps, ip)
|
|
|
+
|
|
|
+ }
|
|
|
+ for _, v := range req.WebForwardingData.BackendList {
|
|
|
+ ip, _, err := net.SplitHostPort(v.Addr)
|
|
|
+ if err != nil {
|
|
|
return err
|
|
|
}
|
|
|
+ newIps = append(newIps, ip)
|
|
|
+ }
|
|
|
+ addedIps, removedIps := s.wafformatter.findIpDifferences(oldIps, newIps)
|
|
|
+ if len(addedIps) > 0 {
|
|
|
+ go s.wafformatter.PublishIpWhitelistTask(addedIps, "add","")
|
|
|
+ }
|
|
|
+ if len(removedIps) > 0 {
|
|
|
+ go s.wafformatter.PublishIpWhitelistTask(removedIps, "del","")
|
|
|
+ }
|
|
|
+ if len(ipData.AllowIpList) > 0 {
|
|
|
+ for _, v := range ipData.AllowIpList {
|
|
|
+ if net.ParseIP(v) != nil{
|
|
|
+ oldAllowIps = append(oldAllowIps, v)
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ if len(req.WebForwardingData.AllowIpList) > 0 {
|
|
|
+ for _, v := range req.WebForwardingData.AllowIpList {
|
|
|
+ if net.ParseIP(v) != nil{
|
|
|
+ newAllowIps = append(newAllowIps, v)
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+ addedAllowIps, removedAllowIps := s.wafformatter.findIpDifferences(oldAllowIps, newAllowIps)
|
|
|
+ for _, v := range gatewayIps {
|
|
|
+ if len(addedAllowIps) > 0 {
|
|
|
+ go s.wafformatter.PublishIpWhitelistTask(addedAllowIps, "add",v)
|
|
|
+ }
|
|
|
+ if len(removedAllowIps) > 0 {
|
|
|
+ go s.wafformatter.PublishIpWhitelistTask(removedAllowIps, "del",v)
|
|
|
+ }
|
|
|
}
|
|
|
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ webModel := s.buildWebForwardingModel(&req.WebForwardingData, req.WebForwardingData.WafWebId, require)
|
|
|
+ webModel.Id = req.WebForwardingData.Id
|
|
|
+ if err = s.webForwardingRepository.EditWebForwarding(ctx, webModel); err != nil {
|
|
|
+ return err
|
|
|
+ }
|
|
|
+ webRuleModel := s.buildWebRuleModel(&req.WebForwardingData, require, req.WebForwardingData.Id)
|
|
|
+ if err = s.webForwardingRepository.EditWebForwardingIps(ctx, *webRuleModel); err != nil {
|
|
|
+ return err
|
|
|
+ }
|
|
|
+ return nil
|
|
|
+}
|
|
|
+
|
|
|
+func (s *webForwardingService) DeleteWebForwarding(ctx context.Context, Ids []int) error {
|
|
|
+ //for _, Id := range Ids {
|
|
|
+ // wafWebId, err := s.webForwardingRepository.GetWebForwardingWafWebIdById(ctx, Id)
|
|
|
+ // if err != nil {
|
|
|
+ // return err
|
|
|
+ // }
|
|
|
+ // _, err = s.crawler.DeleteRule(ctx, wafWebId, "admin/delete/waf_web?page=1&__pageSize=10&__sort=waf_web_id&__sort_type=desc")
|
|
|
+ // if err != nil {
|
|
|
+ // return err
|
|
|
+ // }
|
|
|
+ // webData, err := s.webForwardingRepository.GetWebForwarding(ctx, int64(Id))
|
|
|
+ // if err != nil {
|
|
|
+ // return err
|
|
|
+ // }
|
|
|
+ //
|
|
|
+ // _, firstIp, err := s.wafformatter.GetIp(ctx, webData.WafGatewayGroupId)
|
|
|
+ // if err != nil {
|
|
|
+ // return err
|
|
|
+ // }
|
|
|
+ // // 异步任务:将域名添加到白名单
|
|
|
+ // if webData.Domain != "" {
|
|
|
+ //
|
|
|
+ // doMain, err := s.wafformatter.ConvertToWildcardDomain(ctx, webData.Domain)
|
|
|
+ // if err != nil {
|
|
|
+ // return err
|
|
|
+ // }
|
|
|
+ // go s.wafformatter.PublishDomainWhitelistTask(doMain,firstIp, "del")
|
|
|
+ // }
|
|
|
+ // // IP过白
|
|
|
+ // ipData, err := s.webForwardingRepository.GetWebForwardingIpsByID(ctx, Id)
|
|
|
+ // if err != nil {
|
|
|
+ // return err
|
|
|
+ // }
|
|
|
+ // var ips []string
|
|
|
+ // if len(ipData.BackendList) > 0 {
|
|
|
+ // for _, v := range ipData.BackendList {
|
|
|
+ // ip, _, err := net.SplitHostPort(v.Addr)
|
|
|
+ // if err != nil {
|
|
|
+ // return err
|
|
|
+ // }
|
|
|
+ // ips = append(ips, ip)
|
|
|
+ // }
|
|
|
+ // }
|
|
|
+ // if len(ipData.AllowIpList) > 0 {
|
|
|
+ // ips = append(ips, ipData.AllowIpList...)
|
|
|
+ // }
|
|
|
+ // if len(ips) > 0 {
|
|
|
+ // go s.wafformatter.PublishIpWhitelistTask(ips, "del","")
|
|
|
+ // }
|
|
|
+ //
|
|
|
+ //
|
|
|
+ // if err = s.webForwardingRepository.DeleteWebForwarding(ctx, int64(Id)); err != nil {
|
|
|
+ // return err
|
|
|
+ // }
|
|
|
+ // if err = s.webForwardingRepository.DeleteWebForwardingIpsById(ctx, Id); err != nil {
|
|
|
+ // return err
|
|
|
+ // }
|
|
|
+ //}
|
|
|
+
|
|
|
return nil
|
|
|
}
|
|
|
|
|
|
@@ -633,19 +703,6 @@ func (s *webForwardingService) GetWebForwardingWafWebAllIps(ctx context.Context,
|
|
|
Id: res.Forwarding.Id,
|
|
|
Port: res.Forwarding.Port,
|
|
|
Domain: res.Forwarding.Domain,
|
|
|
- CustomHost: res.Forwarding.CustomHost,
|
|
|
- CcCount: res.Forwarding.CcCount,
|
|
|
- CcDuration: res.Forwarding.CcDuration,
|
|
|
- CcBlockCount: res.Forwarding.CcBlockCount,
|
|
|
- CcBlockDuration: res.Forwarding.CcBlockDuration,
|
|
|
- Cc4xxCount: res.Forwarding.Cc4xxCount,
|
|
|
- Cc4xxDuration: res.Forwarding.Cc4xxDuration,
|
|
|
- Cc4xxBlockCount: res.Forwarding.Cc4xxBlockCount,
|
|
|
- Cc4xxBlockDuration: res.Forwarding.Cc4xxBlockDuration,
|
|
|
- Cc5xxCount: res.Forwarding.Cc5xxCount,
|
|
|
- Cc5xxDuration: res.Forwarding.Cc5xxDuration,
|
|
|
- Cc5xxBlockCount: res.Forwarding.Cc5xxBlockCount,
|
|
|
- Cc5xxBlockDuration: res.Forwarding.Cc5xxBlockDuration,
|
|
|
IsHttps: res.Forwarding.IsHttps,
|
|
|
Comment: res.Forwarding.Comment,
|
|
|
HttpsKey: res.Forwarding.HttpsKey,
|
