feat(allow-deny-ip): 新增 IP 黑白名单功能- 新增 AllowAndDenyIp 模型和相关 API 接口

- 实现 IP 黑白名单的添加、编辑和删除功能
- 重构 TCP/UDP/Web 转发模型，移除冗余的 IP 列表字段
- 优化 WafFormatterService 接口，简化 IP处理逻辑
- 更新 GatewayGroupIpService，增加通过 hostId 获取网关组 IP 的方法
- 调整 AoDunService 接口，增加 serverIp 参数以支持更精确的白名单管理

api/v1/allowAndDenyIp.go

@@ -0,0 +1,15 @@
+package v1
+
+type AllowAndDenyIpRequest struct {
+	Id     int    `json:"id" form:"id"`
+	Ip     string `json:"ip" form:"ip" validate:"required"`
+	AllowOrDeny int `json:"allowOrDeny" form:"allowOrDeny" validate:"required"`
+	HostId int `json:"hostId" form:"hostId" validate:"required"`
+	Uid    int `json:"uid" form:"uid" validate:"required"`
+}
+
+type DelAllowAndDenyIpRequest struct {
+	HostId int `json:"hostId" form:"hostId" validate:"required"`
+	Uid    int `json:"uid" form:"uid" validate:"required"`
+	Ids []int `json:"ids" form:"ids" validate:"required,min=1,dive,required"`
+}

api/v1/tcpForwarding.go

@@ -7,9 +7,6 @@ type TcpForwardingDataRequest struct {
 	CdnWebId          int      `form:"cdnWebId" json:"cdnWebId"`
 	Port              string   `form:"port" json:"port" validate:"required,numeric,min=1,max=65535"`
 	BackendList       []string `form:"backendList" json:"backendList" validate:"required,dive,hostport"`
-	AllowIpList       []string `form:"allowIpList" json:"allowIpList" validate:"dive,ip"`
-	DenyIpList        []string `form:"denyIpList" json:"denyIpList" validate:"dive,ip"`
-	AccessRule        string   `form:"accessRule" json:"accessRule"`
 	Comment           string   `form:"comment" json:"comment" validate:"max=50"`
 }
 

api/v1/udpForwarding.go

@@ -5,9 +5,6 @@ type UdpForwardingDataRequest struct {
 	CdnWebId          int    `form:"cdnWebId" json:"cdnWebId"`
 	Port              string   `form:"port" json:"port" validate:"required,numeric,min=1,max=65535"`
 	BackendList       []string `form:"backendList" json:"backendList" validate:"required,dive,hostport"`
-	AllowIpList       []string `form:"allowIpList" json:"allowIpList" validate:"dive,ip"`
-	DenyIpList        []string `form:"denyIpList" json:"denyIpList" validate:"dive,ip"`
-	AccessRule        string   `form:"accessRule" json:"accessRule"`
 	Comment           string   `form:"comment" json:"comment" validate:"max=50"`
 }
 type DeleteUdpForwardingRequest struct {

api/v1/webForwarding.go

@@ -7,9 +7,6 @@ type WebForwardingDataRequest struct {
 	Port               string    `form:"port" json:"port" validate:"required,numeric,min=1,max=65535"`
 	Domain             string `form:"domain" json:"domain" validate:"omitempty,hostname_rfc1123|ip"`
 	BackendList        []BackendList `form:"backendList" json:"backendList" validate:"required,dive"`
-	AllowIpList        []string `form:"allowIpList" json:"allowIpList" validate:"dive,ip"`
-	DenyIpList         []string `form:"denyIpList" json:"denyIpList" validate:"dive,ip"`
-	AccessRule         string `form:"accessRule" json:"accessRule"`
 	IsHttps            int    `form:"isHttps" json:"isHttps" default:"0"`
 	Comment            string `form:"comment" json:"comment" validate:"max=50"`
 	HttpsCert          string `form:"httpsCert" json:"httpsCert"`

cmd/server/wire/wire.go

@@ -46,6 +46,7 @@ var repositorySet = wire.NewSet(
 	repository.NewGatewayGroupRepository,
 	repository.NewGateWayGroupIpRepository,
 	repository.NewCdnRepository,
+	repository.NewAllowAndDenyIpRepository,
 
 )
 
@@ -78,6 +79,7 @@ var serviceSet = wire.NewSet(
 	service.NewGateWayGroupIpService,
 	service.NewRequestService,
 	service.NewCdnService,
+	service.NewAllowAndDenyIpService,
 )
 
 var handlerSet = wire.NewSet(
@@ -99,6 +101,7 @@ var handlerSet = wire.NewSet(
 	handler.NewGlobalLimitHandler,
 	handler.NewGatewayGroupHandler,
 	handler.NewGateWayGroupIpHandler,
+	handler.NewAllowAndDenyIpHandler,
 )
 
 

internal/handler/allowanddenyip.go

@@ -0,0 +1,94 @@
+package handler
+
+import (
+	"github.com/gin-gonic/gin"
+	v1 "github.com/go-nunu/nunu-layout-advanced/api/v1"
+	"github.com/go-nunu/nunu-layout-advanced/internal/service"
+	"net/http"
+)
+
+type AllowAndDenyIpHandler struct {
+	*Handler
+	allowAndDenyIpService service.AllowAndDenyIpService
+}
+
+func NewAllowAndDenyIpHandler(
+    handler *Handler,
+    allowAndDenyIpService service.AllowAndDenyIpService,
+) *AllowAndDenyIpHandler {
+	return &AllowAndDenyIpHandler{
+		Handler:      handler,
+		allowAndDenyIpService: allowAndDenyIpService,
+	}
+}
+
+func (h *AllowAndDenyIpHandler) GetAllowAndDenyIp(ctx *gin.Context) {
+	var req v1.AllowAndDenyIpRequest
+	if err := ctx.ShouldBind(req); err != nil {
+		v1.HandleError(ctx, http.StatusBadRequest, v1.ErrBadRequest, err.Error())
+		return
+	}
+	res, err := h.allowAndDenyIpService.GetAllowAndDenyIp(ctx, int64(req.Id))
+	if err != nil {
+		v1.HandleError(ctx, http.StatusInternalServerError, err, err.Error())
+		return
+	}
+	v1.HandleSuccess(ctx, res)
+}
+
+func (h *AllowAndDenyIpHandler) GetAllowAndDenyIpList(ctx *gin.Context) {
+	var req v1.AllowAndDenyIpRequest
+	if err := ctx.ShouldBind(req); err != nil {
+		v1.HandleError(ctx, http.StatusBadRequest, v1.ErrBadRequest, err.Error())
+		return
+	}
+	res, err := h.allowAndDenyIpService.GetAllowAndDenyIpsAllByHostId(ctx, int64(req.HostId))
+	if err != nil {
+		v1.HandleError(ctx, http.StatusInternalServerError, err, err.Error())
+		return
+	}
+	v1.HandleSuccess(ctx, res)
+}
+
+func (h *AllowAndDenyIpHandler) AddAllowAndDenyIp(ctx *gin.Context) {
+	var req v1.AllowAndDenyIpRequest
+	if err := ctx.ShouldBind(req); err != nil {
+		v1.HandleError(ctx, http.StatusBadRequest, v1.ErrBadRequest, err.Error())
+		return
+	}
+	err := h.allowAndDenyIpService.AddAllowAndDenyIps(ctx,req)
+	if err != nil {
+		v1.HandleError(ctx, http.StatusInternalServerError, err, err.Error())
+		return
+	}
+	v1.HandleSuccess(ctx, nil)
+	
+}
+
+func (h *AllowAndDenyIpHandler) EditAllowAndDenyIp(ctx *gin.Context) {
+	var req v1.AllowAndDenyIpRequest
+	if err := ctx.ShouldBind(req); err != nil {
+		v1.HandleError(ctx, http.StatusBadRequest, v1.ErrBadRequest, err.Error())
+		return
+	}
+	err := h.allowAndDenyIpService.EditAllowAndDenyIps(ctx,req)
+	if err != nil {
+		v1.HandleError(ctx, http.StatusInternalServerError, err, err.Error())
+		return
+	}
+	v1.HandleSuccess(ctx, nil)
+}
+
+func (h *AllowAndDenyIpHandler) DeleteAllowAndDenyIp(ctx *gin.Context) {
+	var req v1.DelAllowAndDenyIpRequest
+	if err := ctx.ShouldBind(req); err != nil {
+		v1.HandleError(ctx, http.StatusBadRequest, v1.ErrBadRequest, err.Error())
+		return
+	}
+	err := h.allowAndDenyIpService.DeleteAllowAndDenyIps(ctx,req)
+	if err != nil {
+		v1.HandleError(ctx, http.StatusInternalServerError, err, err.Error())
+		return
+	}
+	v1.HandleSuccess(ctx, nil)
+}

internal/job/whitelist.go

@@ -220,7 +220,7 @@ func (j *whitelistJob) handleIpMessage(ctx context.Context, logger *zap.Logger,
 
 		deleteFromWall := func(isSmall bool, ip string) {
 			defer wg.Done()
-			id, err := j.aoDunService.GetWhiteStaticList(ctx, isSmall, ip,payload.Color)
+			id, err := j.aoDunService.GetWhiteStaticList(ctx, isSmall, ip, payload.ReturnSourceIp,payload.Color)
 			if err != nil {
 				errChan <- fmt.Errorf("获取IP '%s' (isSmall: %t) ID失败: %w , color: %s", ip, isSmall, err, payload.Color)
 				return

internal/model/allowanddenyip.go

@@ -0,0 +1,18 @@
+package model
+
+import "time"
+
+type AllowAndDenyIp struct {
+	Id       int `gorm:"primary"`
+	HostId   int `gorm:"not null"`
+	Uid      int `gorm:"not null"`
+	Ip       string `gorm:"not null"`
+	AllowOrDeny int `gorm:"not null"`
+	CreatedAt            time.Time
+	UpdatedAt            time.Time
+}
+
+func (m *AllowAndDenyIp) TableName() string {
+    return "shd_waf_allow_and_deny_ip"
+}
+

internal/model/tcpforwarding.go

@@ -27,9 +27,6 @@ type TcpForwardingRule struct {
 	TcpId       int                `bson:"tcp_id" json:"tcp_id"`
 	CdnOriginIds map[string]int64       	`bson:"cdn_origin_ids" json:"cdn_origin_ids"`
 	BackendList []string           `bson:"backend_list" json:"backend_list"`
-	AllowIpList []string           `bson:"allow_ip_list" json:"allow_ip_list"`
-	DenyIpList  []string           `bson:"deny_ip_list" json:"deny_ip_list"`
-	AccessRule  string             `bson:"access_rule" json:"access_rule"`
 	CreatedAt   time.Time          `bson:"created_at" json:"created_at"`
 	UpdatedAt   time.Time          `bson:"updated_at" json:"updated_at"`
 }

internal/model/udpforwarding.go

@@ -27,9 +27,6 @@ type UdpForwardingRule struct {
 	UdpId       int                `bson:"udp_id" json:"udp_id"`
 	CdnOriginIds map[string]int64  `bson:"cdn_origin_ids" json:"cdn_origin_ids"`
 	BackendList []string           `bson:"backend_list" json:"backend_list"`
-	AllowIpList []string           `bson:"allow_ip_list" json:"allow_ip_list"`
-	DenyIpList  []string           `bson:"deny_ip_list" json:"deny_ip_list"`
-	AccessRule  string             `bson:"access_rule" json:"access_rule"`
 	CreatedAt   time.Time          `bson:"created_at" json:"created_at"`
 	UpdatedAt   time.Time          `bson:"updated_at" json:"updated_at"`
 }

internal/model/webforwarding.go

@@ -33,9 +33,6 @@ type WebForwardingRule struct {
 	WebId       int                `bson:"web_id" json:"web_id"`
 	CdnOriginIds map[string]int64  `bson:"cdn_origin_ids" json:"cdn_origin_ids"`
 	BackendList []v1.BackendList   `bson:"backend_list" json:"backend_list"`
-	AllowIpList []string           `bson:"allow_ip_list" json:"allow_ip_list"`
-	DenyIpList  []string           `bson:"deny_ip_list" json:"deny_ip_list"`
-	AccessRule  string             `bson:"access_rule" json:"access_rule"`
 	CreatedAt   time.Time          `bson:"created_at" json:"created_at"`
 	UpdatedAt   time.Time          `bson:"updated_at" json:"updated_at"`
 }

internal/repository/allowanddenyip.go

@@ -0,0 +1,64 @@
+package repository
+
+import (
+	"context"
+	"fmt"
+	"github.com/go-nunu/nunu-layout-advanced/internal/model"
+)
+
+type AllowAndDenyIpRepository interface {
+	GetAllowAndDenyIp(ctx context.Context, id int64) (*model.AllowAndDenyIp, error)
+	AddAllowAndDenyIps(ctx context.Context, req model.AllowAndDenyIp) error
+	EditAllowAndDenyIps(ctx context.Context, req model.AllowAndDenyIp) error
+	DeleteAllowAndDenyIps(ctx context.Context, id int64) error
+	GetAllowAndDenyIpsAllByHostId(ctx context.Context, hostId int64) ([]*model.AllowAndDenyIp, error)
+}
+
+func NewAllowAndDenyIpRepository(
+	repository *Repository,
+) AllowAndDenyIpRepository {
+	return &allowAndDenyIpRepository{
+		Repository: repository,
+	}
+}
+
+type allowAndDenyIpRepository struct {
+	*Repository
+}
+
+func (r *allowAndDenyIpRepository) GetAllowAndDenyIp(ctx context.Context, id int64) (*model.AllowAndDenyIp, error) {
+	var res model.AllowAndDenyIp
+	if err := r.DB(ctx).Where("id = ?", id).First(&res).Error; err != nil {
+		return nil, err
+	}
+	return &res, nil
+}
+
+func (r *allowAndDenyIpRepository) AddAllowAndDenyIps(ctx context.Context, req model.AllowAndDenyIp) error {
+	if err := r.db.WithContext(ctx).Create(&req).Error; err != nil {
+		return fmt.Errorf("create error: %v", err)
+	}
+	return nil
+}
+
+func (r *allowAndDenyIpRepository) EditAllowAndDenyIps(ctx context.Context, req model.AllowAndDenyIp) error {
+	if err := r.db.WithContext(ctx).Where("id = ?", req.Id).Updates(&req).Error; err != nil {
+		return fmt.Errorf("update error: %v", err)
+	}
+	return nil
+}
+
+func (r *allowAndDenyIpRepository) DeleteAllowAndDenyIps(ctx context.Context, id int64) error {
+	if err := r.db.WithContext(ctx).Where("id = ?", id).Delete(&model.AllowAndDenyIp{}).Error; err != nil {
+		return fmt.Errorf("delete error: %v", err)
+	}
+	return nil
+}
+
+func (r *allowAndDenyIpRepository) GetAllowAndDenyIpsAllByHostId(ctx context.Context, hostId int64) ([]*model.AllowAndDenyIp, error) {
+	var res []*model.AllowAndDenyIp
+	if err := r.DB(ctx).Where("host_id = ?", hostId).Find(&res).Error; err != nil {
+		return nil, err
+	}
+	return res, nil
+}

internal/repository/tcpforwarding.go

@@ -121,18 +121,11 @@ func (r *tcpforwardingRepository) EditTcpforwardingIps(ctx context.Context, req
 		updateData["tcp_id"] = req.TcpId
 	}
 
-	if req.AccessRule != "" {
-		updateData["access_rule"] = req.AccessRule
-	}
 
 	if len(req.BackendList) > 0 {
 		updateData["backend_list"] = req.BackendList
 	}
 
-	updateData["allow_ip_list"] = req.AllowIpList
-
-
-	updateData["deny_ip_list"] = req.DenyIpList
 
 	updateData["cdn_origin_ids"] = req.CdnOriginIds
 	// 始终更新更新时间

internal/repository/udpforwarding.go

@@ -122,18 +122,11 @@ func (r *udpForWardingRepository) EditUdpForwardingIps(ctx context.Context, req
 		updateData["udp_id"] = req.UdpId
 	}
 
-	if req.AccessRule != "" {
-		updateData["access_rule"] = req.AccessRule
-	}
 
 	if len(req.BackendList) > 0 {
 		updateData["backend_list"] = req.BackendList
 	}
 
-	updateData["allow_ip_list"] = req.AllowIpList
-
-
-	updateData["deny_ip_list"] = req.DenyIpList
 
 	updateData["cdn_origin_ids"] = req.CdnOriginIds
 

internal/repository/webforwarding.go

@@ -139,17 +139,11 @@ func (r *webForwardingRepository) EditWebForwardingIps(ctx context.Context, req
 		updateData["web_id"] = req.WebId
 	}
 
-	if req.AccessRule != "" {
-		updateData["access_rule"] = req.AccessRule
-	}
 
 	if len(req.BackendList) > 0 {
 		updateData["backend_list"] = req.BackendList
 	}
 
-	updateData["allow_ip_list"] = req.AllowIpList
-
-	updateData["deny_ip_list"] = req.DenyIpList
 
 	updateData["cdn_origin_ids"] = req.CdnOriginIds
 

internal/server/http.go

@@ -36,7 +36,7 @@ func NewHTTPServer(
 	adminHandler *handler.AdminHandler,
 	gatewayHandler *handler.GatewayGroupHandler,
 	gatewayIpHandler *handler.GateWayGroupIpHandler,
-
+	allowAnddenyHandler *handler.AllowAndDenyHandler,
 ) *http.Server {
 	gin.SetMode(gin.DebugMode)
 	s := http.NewServer(
@@ -127,6 +127,7 @@ func NewHTTPServer(
 			noAuthRouter.POST("/globalLimit/add", ipAllowlistMiddleware, globalLimitHandler.AddGlobalLimit)
 			noAuthRouter.POST("/globalLimit/edit", ipAllowlistMiddleware, globalLimitHandler.EditGlobalLimit)
 			noAuthRouter.POST("/globalLimit/delete", ipAllowlistMiddleware, globalLimitHandler.DeleteGlobalLimit)
+
 		}
 		// Non-strict permission routing group
 		//noStrictAuthRouter := v1.Group("/").Use(middleware.NoStrictAuth(jwt, logger))

internal/service/allowanddenyip.go

@@ -0,0 +1,141 @@
+package service
+
+import (
+    "context"
+	v1 "github.com/go-nunu/nunu-layout-advanced/api/v1"
+	"github.com/go-nunu/nunu-layout-advanced/internal/model"
+	"github.com/go-nunu/nunu-layout-advanced/internal/repository"
+)
+
+type AllowAndDenyIpService interface {
+	GetAllowAndDenyIp(ctx context.Context, id int64) (*model.AllowAndDenyIp, error)
+	GetAllowAndDenyIpsAllByHostId(ctx context.Context, hostId int64) ([]*model.AllowAndDenyIp, error)
+	AddAllowAndDenyIps(ctx context.Context, req v1.AllowAndDenyIpRequest) error
+	EditAllowAndDenyIps(ctx context.Context, req v1.AllowAndDenyIpRequest) error
+	DeleteAllowAndDenyIps(ctx context.Context, req v1.DelAllowAndDenyIpRequest) error
+}
+func NewAllowAndDenyIpService(
+    service *Service,
+    allowAndDenyIpRepository repository.AllowAndDenyIpRepository,
+	gatewayGroupIp gateWayGroupIpService,
+	wafformatter WafFormatterService,
+
+) AllowAndDenyIpService {
+	return &allowAndDenyIpService{
+		Service:        service,
+		allowAndDenyIpRepository: allowAndDenyIpRepository,
+		gatewayGroupIp: gatewayGroupIp,
+		wafformatter : wafformatter,
+	}
+}
+
+type allowAndDenyIpService struct {
+	*Service
+	allowAndDenyIpRepository repository.AllowAndDenyIpRepository
+	gatewayGroupIp gateWayGroupIpService
+	wafformatter WafFormatterService
+}
+
+func (s *allowAndDenyIpService) GetAllowAndDenyIp(ctx context.Context, id int64) (*model.AllowAndDenyIp, error) {
+	res, err := s.allowAndDenyIpRepository.GetAllowAndDenyIp(ctx, id)
+	if err != nil {
+		return nil, err
+	}
+	return res, nil
+}
+
+func (s *allowAndDenyIpService) GetAllowAndDenyIpsAllByHostId(ctx context.Context, hostId int64) ([]*model.AllowAndDenyIp, error) {
+	res, err := s.allowAndDenyIpRepository.GetAllowAndDenyIpsAllByHostId(ctx, hostId)
+	if err != nil {
+		return nil, err
+	}
+	return res, nil
+}
+
+func (s *allowAndDenyIpService) AddAllowAndDenyIps(ctx context.Context, req v1.AllowAndDenyIpRequest) error {
+	gatewayGroupIps, err := s.gatewayGroupIp.GetGateWayGroupIpByHostId(ctx, req.HostId)
+	if err != nil {
+		return err
+	}
+
+	color := "black"
+	if req.AllowOrDeny == 1 {
+		color = "white"
+	}
+	for _, v := range gatewayGroupIps {
+		go s.wafformatter.PublishIpWhitelistTask([]string{req.Ip}, "add",v,color)
+	}
+	if err := s.allowAndDenyIpRepository.AddAllowAndDenyIps(ctx, model.AllowAndDenyIp{
+		Ip:         req.Ip,
+		HostId:     req.HostId,
+		AllowOrDeny: req.AllowOrDeny,
+		Uid:        req.Uid,
+	}); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (s *allowAndDenyIpService) EditAllowAndDenyIps(ctx context.Context, req v1.AllowAndDenyIpRequest) error {
+	gatewayGroupIps, err := s.gatewayGroupIp.GetGateWayGroupIpByHostId(ctx, req.HostId)
+	if err != nil {
+		return err
+	}
+	color := "black"
+	if req.AllowOrDeny == 1 {
+		color = "white"
+	}
+	oldIp, err := s.GetAllowAndDenyIp(ctx, int64(req.Id))
+	if err != nil {
+		return err
+	}
+
+	if oldIp.Ip != req.Ip {
+		for _, v := range gatewayGroupIps {
+			go s.wafformatter.PublishIpWhitelistTask([]string{oldIp.Ip}, "del",v,color)
+		}
+	}
+
+	for _, v := range gatewayGroupIps {
+		go s.wafformatter.PublishIpWhitelistTask([]string{req.Ip}, "add",v,color)
+	}
+
+
+	if err := s.allowAndDenyIpRepository.EditAllowAndDenyIps(ctx, model.AllowAndDenyIp{
+		Id:         req.Id,
+		Ip:         req.Ip,
+		HostId:     req.HostId,
+		AllowOrDeny: req.AllowOrDeny,
+		Uid:        req.Uid,
+	}); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (s *allowAndDenyIpService) DeleteAllowAndDenyIps(ctx context.Context, req v1.DelAllowAndDenyIpRequest) error {
+
+	for _, id := range req.Ids {
+		gatewayGroupIps, err := s.gatewayGroupIp.GetGateWayGroupIpByHostId(ctx, req.HostId)
+		if err != nil {
+			return err
+		}
+		ip, err := s.GetAllowAndDenyIp(ctx, int64(id))
+		if err != nil {
+			return err
+		}
+		color := "black"
+		if ip.AllowOrDeny == 1 {
+			color = "white"
+		}
+		for _, v := range gatewayGroupIps {
+			go s.wafformatter.PublishIpWhitelistTask([]string{ip.Ip}, "del",v,color)
+		}
+
+		if err := s.allowAndDenyIpRepository.DeleteAllowAndDenyIps(ctx, int64(id)); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+

internal/service/aodun.go

@@ -22,7 +22,7 @@ type AoDunService interface {
 	DomainWhiteList(ctx context.Context, domain string, ip string, apiType string) error
 	AddWhiteStaticList(ctx context.Context, isSmall bool, req []v1.IpInfo, color string) error
 	DelWhiteStaticList(ctx context.Context, isSmall bool, id string, color string) error
-	GetWhiteStaticList(ctx context.Context, isSmall bool, ip string, color string) (int, error)
+	GetWhiteStaticList(ctx context.Context, isSmall bool, ip string,serverIp string, color string) (int, error)
 }
 
 // aoDunService 是 AoDunService 接口的实现
@@ -193,7 +193,7 @@ func (s *aoDunService) AddWhiteStaticList(ctx context.Context, isSmall bool, req
 }
 
 // GetWhiteStaticList 查询白名单 IP 并返回其 ID
-func (s *aoDunService) GetWhiteStaticList(ctx context.Context, isSmall bool, ip string, color string) (int, error) {
+func (s *aoDunService) GetWhiteStaticList(ctx context.Context, isSmall bool, ip string,serverIp string, color string) (int, error) {
 	// 使用一个无限循环，直到API返回空数据页才停止
 	for i := 0; ; i++ { //  i++ 会持续请求下一页
 		formData := map[string]interface{}{
@@ -222,7 +222,7 @@ func (s *aoDunService) GetWhiteStaticList(ctx context.Context, isSmall bool, ip
 
 		// 在当前页的数据中查找目标记录
 		for _, v := range res.Data {
-			if v.Remark == "宁波高防IP过白" {
+			if v.Remark == "宁波高防IP过白" && v.ServerIP == serverIp {
 				// 找到了，立即返回ID
 				return v.ID, nil
 			}

internal/service/gatewaygroupip.go

@@ -16,17 +16,22 @@ type GateWayGroupIpService interface {
 	EditGateWayGroupIp(ctx context.Context,  req *v1.GateWayGroupIpRequest) error
 	DeleteGateWayGroupIp(ctx context.Context, req *v1.DeleteGateWayGroupIpRequest) error
 	GetGateWayGroupIpAdmin(ctx context.Context,req *v1.SearchGatewayGroupIpParams) (*v1.PaginatedResponse[model.GateWayGroupIp], error)
+
+	//hostid获取网关组ip']\\
+	GetGateWayGroupIpByHostId(ctx context.Context, hostId int) ([]string, error)
 }
 
 func NewGateWayGroupIpService(
 	service *Service,
 	gateWayGroupIpRepository repository.GateWayGroupIpRepository,
+	gateWayGroupRep repository.GatewayGroupRepository,
 	request RequestService,
 ) GateWayGroupIpService {
 	return &gateWayGroupIpService{
 		Service:                  service,
 		gateWayGroupIpRepository: gateWayGroupIpRepository,
 		request: request,
+		gateWayGroupRep: gateWayGroupRep,
 	}
 }
 
@@ -34,6 +39,7 @@ type gateWayGroupIpService struct {
 	*Service
 	gateWayGroupIpRepository repository.GateWayGroupIpRepository
 	request RequestService
+	gateWayGroupRep repository.GatewayGroupRepository
 }
 
 func (s *gateWayGroupIpService) GetGateWayGroupIp(ctx context.Context, id int64) (*model.GateWayGroupIp, error) {
@@ -145,4 +151,16 @@ func (s *gateWayGroupIpService) sendIp(ctx context.Context, ip string, action st
 	}
 	return nil
 
+}
+
+func (s *gateWayGroupIpService) GetGateWayGroupIpByHostId(ctx context.Context, hostId int) ([]string, error) {
+	gatewayGroup, err := s.gateWayGroupRep.GetGatewayGroupByHostId(ctx, int64(hostId))
+	if err != nil {
+		return nil, err
+	}
+	res, err := s.gateWayGroupIpRepository.GetGateWayGroupAllIpByGatewayGroupId(ctx, gatewayGroup.Id)
+	if err != nil {
+		return nil, err
+	}
+	return res, nil
 }

internal/service/globallimit.go

@@ -260,7 +260,7 @@ func (s *globalLimitService) AddGlobalLimit(ctx context.Context, req v1.GlobalLi
 
 	ruleId, err := s.cdnService.BindPlan(ctx, v1.Plan{
 		UserId:    userId,
-		PlanId: 	5,
+		PlanId: 	4,
 		DayTo:     outputTimeStr,
 		Name:      require.GlobalLimitName,
 		IsFree:    true,

internal/service/tcpforwarding.go

@@ -93,9 +93,6 @@ func (s *tcpforwardingService) GetTcpforwarding(ctx context.Context, req v1.GetF
 		Port:             tcpForwarding.Port,
 		Comment:          tcpForwarding.Comment,
 		BackendList:       backend.BackendList,
-		AllowIpList:       backend.AllowIpList,
-		DenyIpList:        backend.DenyIpList,
-		AccessRule:        backend.AccessRule,
 	}, nil
 }
 
@@ -116,9 +113,6 @@ func (s *tcpforwardingService) buildTcpRuleModel(reqData *v1.TcpForwardingDataRe
 		TcpId:       localDbId, // 关联到本地数据库的主记录 ID
 		CdnOriginIds: cdnOriginIds,
 		BackendList: reqData.BackendList,
-		AllowIpList: reqData.AllowIpList,
-		DenyIpList:  reqData.DenyIpList,
-		AccessRule:  reqData.AccessRule,
 	}
 }
 
@@ -214,7 +208,7 @@ func (s *tcpforwardingService) AddTcpForwarding(ctx context.Context, req *v1.Tcp
 	}
 
 
-	// 异步任务：将IP添加到白名单
+	// 异步任务：将源站IP添加到白名单
 	var ips []string
 	if req.TcpForwardingData.BackendList != nil {
 		for _, v := range req.TcpForwardingData.BackendList {
@@ -227,31 +221,7 @@ func (s *tcpforwardingService) AddTcpForwarding(ctx context.Context, req *v1.Tcp
 		go s.wafformatter.PublishIpWhitelistTask(ips, "add","","white")
 	}
 
-	//白名单
-	var accessRuleIps []string
-	if req.TcpForwardingData.AllowIpList != nil {
-		for _, v := range require.GatewayIps {
-			for _, ip := range req.TcpForwardingData.AllowIpList {
-				if net.ParseIP(ip) != nil{
-					accessRuleIps = append(accessRuleIps, ip)
-				}
-			}
-			go s.wafformatter.PublishIpWhitelistTask(accessRuleIps, "add",v,"white")
-		}
 
-	}
-	//黑名单
-	var denyRuleIps []string
-	if req.TcpForwardingData.DenyIpList != nil {
-		for _, v := range require.GatewayIps {
-			for _, ip := range req.TcpForwardingData.DenyIpList {
-				if net.ParseIP(ip) != nil{
-					denyRuleIps = append(denyRuleIps, ip)
-				}
-			}
-			go s.wafformatter.PublishIpWhitelistTask(denyRuleIps, "add",v,"black")
-		}
-	}
 	return  nil
 }
 
@@ -290,7 +260,7 @@ func (s *tcpforwardingService) EditTcpForwarding(ctx context.Context, req *v1.Tc
 	if err != nil {
 		return err
 	}
-	addedIps, removedIps, addedAllowIps, removedAllowIps, addedDenyIps, removedDenyIps, err := s.wafformatter.WashEditWafIp(ctx,req.TcpForwardingData.BackendList,req.TcpForwardingData.AllowIpList,req.TcpForwardingData.DenyIpList,ipData.BackendList,ipData.AllowIpList,ipData.DenyIpList)
+	addedIps, removedIps, err := s.wafformatter.WashEditWafIp(ctx,req.TcpForwardingData.BackendList, ipData.BackendList)
 	if err != nil {
 		return err
 	}
@@ -298,30 +268,9 @@ func (s *tcpforwardingService) EditTcpForwarding(ctx context.Context, req *v1.Tc
 		go s.wafformatter.PublishIpWhitelistTask(addedIps, "add","","white")
 	}
 	if len(removedIps) > 0 {
-		go s.wafformatter.PublishIpWhitelistTask(removedIps, "del","","white")
+		go s.wafformatter.PublishIpWhitelistTask(removedIps, "del","0","white")
 	}
 
-	if len(addedAllowIps) > 0 {
-		for _, v := range require.GatewayIps {
-			go s.wafformatter.PublishIpWhitelistTask(addedAllowIps, "add",v,"white")
-		}
-	}
-	if len(removedAllowIps) > 0 {
-		for _, v := range require.GatewayIps {
-			go s.wafformatter.PublishIpWhitelistTask(removedAllowIps, "del",v,"white")
-		}
-	}
-
-	if len(addedDenyIps) > 0 {
-		for _, v := range require.GatewayIps {
-			go s.wafformatter.PublishIpWhitelistTask(addedDenyIps, "add",v,"black")
-		}
-	}
-	if len(removedDenyIps) > 0 {
-		for _, v := range require.GatewayIps {
-			go s.wafformatter.PublishIpWhitelistTask(removedDenyIps, "del",v,"black")
-		}
-	}
 
 
 
@@ -391,16 +340,12 @@ func (s *tcpforwardingService) DeleteTcpForwarding(ctx context.Context, req v1.D
 		if err != nil {
 			return err
 		}
-		ips, err = s.wafformatter.WashDeleteWafIp(ctx, ipData.BackendList, ipData.AllowIpList)
+		ips, err = s.wafformatter.WashDeleteWafIp(ctx, ipData.BackendList)
 		if err != nil {
 			return err
 		}
 		if len(ips) > 0 {
-			go s.wafformatter.PublishIpWhitelistTask(ips, "del","","white")
-		}
-		// 删除黑名单
-		if len(ipData.DenyIpList) > 0 {
-			go s.wafformatter.PublishIpWhitelistTask(ips, "del","","black")
+			go s.wafformatter.PublishIpWhitelistTask(ips, "del","0","white")
 		}
 
 
@@ -476,9 +421,6 @@ func (s *tcpforwardingService) GetTcpForwardingAllIpsByHostId(ctx context.Contex
 		}
 		if r.BackendRule != nil {
 			dataReq.BackendList = r.BackendRule.BackendList
-			dataReq.AllowIpList = r.BackendRule.AllowIpList
-			dataReq.DenyIpList = r.BackendRule.DenyIpList
-			dataReq.AccessRule = r.BackendRule.AccessRule
 		}
 		res = append(res, dataReq)
 	}

internal/service/udpforwarding.go

@@ -91,9 +91,6 @@ func (s *udpForWardingService) GetUdpForWarding(ctx context.Context,req v1.GetFo
 		Id:                 udpForWarding.Id,
 		Port:               udpForWarding.Port,
 		BackendList:         backend.BackendList,
-		AllowIpList:        backend.AllowIpList,
-		DenyIpList:         backend.DenyIpList,
-		AccessRule:         backend.AccessRule,
 		Comment:            udpForWarding.Comment,
 
 	}, nil
@@ -116,9 +113,6 @@ func (s *udpForWardingService) buildUdpRuleModel(reqData *v1.UdpForwardingDataRe
 		UdpId:       localDbId, // 关联到本地数据库的主记录 ID
 		CdnOriginIds: cdnOriginIds,
 		BackendList: reqData.BackendList,
-		AllowIpList: reqData.AllowIpList,
-		DenyIpList:  reqData.DenyIpList,
-		AccessRule:  reqData.AccessRule,
 	}
 }
 
@@ -225,30 +219,6 @@ func (s *udpForWardingService) AddUdpForwarding(ctx context.Context, req *v1.Udp
 		}
 		go s.wafformatter.PublishIpWhitelistTask(ips, "add","","white")
 	}
-	var accessRuleIps []string
-	if req.UdpForwardingData.AllowIpList != nil {
-		for _, v := range require.GatewayIps {
-			for _, ip := range req.UdpForwardingData.AllowIpList {
-				if net.ParseIP(ip) != nil {
-					accessRuleIps = append(accessRuleIps, ip)
-				}
-			}
-			go s.wafformatter.PublishIpWhitelistTask(accessRuleIps, "add",v,"white")
-		}
-	}
-
-	var denyRuleIps []string
-	if req.UdpForwardingData.DenyIpList != nil {
-		for _, v := range require.GatewayIps {
-			for _, ip := range req.UdpForwardingData.DenyIpList {
-				if net.ParseIP(ip) != nil {
-					denyRuleIps = append(denyRuleIps, ip)
-				}
-			}
-			go s.wafformatter.PublishIpWhitelistTask(denyRuleIps, "add",v,"black")
-		}
-	}
-
 
 	return nil
 }
@@ -288,7 +258,7 @@ func (s *udpForWardingService) EditUdpForwarding(ctx context.Context, req *v1.Ud
 	if err != nil {
 		return err
 	}
-	addedIps, removedIps, addedAllowIps, removedAllowIps,addedDenyIps, removedDenyIps, err := s.wafformatter.WashEditWafIp(ctx,req.UdpForwardingData.BackendList,req.UdpForwardingData.AllowIpList,req.UdpForwardingData.DenyIpList,ipData.BackendList,ipData.AllowIpList,ipData.DenyIpList)
+	addedIps, removedIps, err := s.wafformatter.WashEditWafIp(ctx,req.UdpForwardingData.BackendList,ipData.BackendList)
 	if err != nil {
 		return err
 	}
@@ -296,31 +266,9 @@ func (s *udpForWardingService) EditUdpForwarding(ctx context.Context, req *v1.Ud
 		go s.wafformatter.PublishIpWhitelistTask(addedIps, "add","","white")
 	}
 	if len(removedIps) > 0 {
-		go s.wafformatter.PublishIpWhitelistTask(removedIps, "del","","white")
+		go s.wafformatter.PublishIpWhitelistTask(removedIps, "del","0","white")
 	}
-	//白名单
-	if len(addedAllowIps) > 0 {
-		for _, v := range require.GatewayIps {
-			go s.wafformatter.PublishIpWhitelistTask(addedAllowIps, "add",v,"white")
-		}
-	}
-	if len(removedAllowIps) > 0 {
-		for _, v := range require.GatewayIps {
-			go s.wafformatter.PublishIpWhitelistTask(removedAllowIps, "del",v,"white")
-		}
 
-	}
-	//黑名单
-	if len(addedDenyIps) > 0 {
-		for _, v := range require.GatewayIps {
-			go s.wafformatter.PublishIpWhitelistTask(addedDenyIps, "add",v,"black")
-		}
-	}
-	if len(removedDenyIps) > 0 {
-		for _, v := range require.GatewayIps {
-			go s.wafformatter.PublishIpWhitelistTask(removedDenyIps, "del",v,"black")
-		}
-	}
 
 
 	//修改源站
@@ -389,19 +337,16 @@ func (s *udpForWardingService) DeleteUdpForwarding(ctx context.Context, Ids []in
 			return err
 		}
 		var ips []string
-		ips, err = s.wafformatter.WashDeleteWafIp(ctx, ipData.BackendList, ipData.AllowIpList)
+		ips, err = s.wafformatter.WashDeleteWafIp(ctx, ipData.BackendList)
 		if err != nil {
 			return err
 		}
 		if len(ips) > 0 {
-			go s.wafformatter.PublishIpWhitelistTask(ips, "del","","white")
-		}
-		// 删除黑名单
-		if len(ipData.DenyIpList) > 0 {
-			go s.wafformatter.PublishIpWhitelistTask(ips, "del","","black")
+			go s.wafformatter.PublishIpWhitelistTask(ips, "del","0","white")
 		}
 
 
+
 		if err = s.udpForWardingRepository.DeleteUdpForwarding(ctx, int64(id)); err != nil {
 			return err
 		}
@@ -473,9 +418,6 @@ func (s *udpForWardingService) GetUdpForwardingWafUdpAllIps(ctx context.Context,
 
 		if r.BackendRule != nil {
 			dataReq.BackendList = r.BackendRule.BackendList
-			dataReq.AllowIpList = r.BackendRule.AllowIpList
-			dataReq.DenyIpList = r.BackendRule.DenyIpList
-			dataReq.AccessRule = r.BackendRule.AccessRule
 		}
 		res = append(res, dataReq)
 	}

internal/service/wafformatter.go

@@ -26,8 +26,8 @@ type WafFormatterService interface {
 	PublishIpWhitelistTask(ips []string, action string,returnSourceIp string, color string)
 	PublishDomainWhitelistTask(domain, ip, action string)
 	findIpDifferences(oldIps, newIps []string) ([]string, []string)
-	WashDeleteWafIp(ctx context.Context, backendList []string,allowIpList []string) ([]string, error)
-	WashEditWafIp(ctx context.Context, newBackendList []string,newAllowIpList []string, newDenyIpList []string,oldBackendList []string,oldAllowIpList []string,oldDenyIpList []string) ([]string, []string, []string,  []string, []string,[]string, error)
+	WashDeleteWafIp(ctx context.Context, backendList []string) ([]string, error)
+	WashEditWafIp(ctx context.Context, newBackendList []string,oldBackendList []string) ([]string, []string, error)
 	//cdn添加网站
 	AddOrigin(ctx context.Context, req v1.WebJson) (int64, error)
 }
@@ -346,7 +346,7 @@ func (s *wafFormatterService) findIpDifferences(oldIps, newIps []string) ([]stri
 	return addedIps, removedIps
 }
 
-func (s *wafFormatterService) WashDeleteWafIp(ctx context.Context, backendList []string,allowIpList []string) ([]string, error) {
+func (s *wafFormatterService) WashDeleteWafIp(ctx context.Context, backendList []string) ([]string, error) {
 	var res []string
 	for _, v := range backendList {
 		ip, _, err := net.SplitHostPort(v)
@@ -355,21 +355,16 @@ func (s *wafFormatterService) WashDeleteWafIp(ctx context.Context, backendList [
 		}
 		res = append(res, ip)
 	}
-	res = append(res, allowIpList...)
 	return res, nil
 }
 
-func (s *wafFormatterService) WashEditWafIp(ctx context.Context, newBackendList []string,newAllowIpList []string, newDenyIpList []string,oldBackendList []string,oldAllowIpList []string,oldDenyIpList []string) ([]string, []string, []string, []string, []string,[]string,error) {
+func (s *wafFormatterService) WashEditWafIp(ctx context.Context, newBackendList []string,oldBackendList []string) ([]string, []string,error) {
 	var oldIps []string
 	var newIps []string
-	var oldAllowIps []string
-	var newAllowIps []string
-	var oldDenyIps []string
-	var newDenyIps []string
 	for _, v := range oldBackendList {
 		ip, _, err := net.SplitHostPort(v)
 		if err != nil {
-			return nil, nil, nil, nil,nil, nil, err
+			return nil, nil, err
 		}
 		oldIps = append(oldIps, ip)
 	}
@@ -377,31 +372,16 @@ func (s *wafFormatterService) WashEditWafIp(ctx context.Context, newBackendList
 		for _, v := range newBackendList {
 			ip, _, err := net.SplitHostPort(v)
 			if err != nil {
-				return nil, nil, nil, nil,nil, nil, err
+				return nil, nil, err
 			}
 			newIps = append(newIps, ip)
 		}
 	}
 	addedIps, removedIps := s.findIpDifferences(oldIps, newIps)
 
-	if oldAllowIpList != nil {
-		oldAllowIps = append(oldAllowIps, oldAllowIpList...)
-	}
-	if newAllowIpList != nil {
-		newAllowIps = append(newAllowIps, newAllowIpList...)
-	}
-	addedAllowIps, removedAllowIps := s.findIpDifferences(oldAllowIps, newAllowIps)
-
-	if oldDenyIpList != nil {
-		oldDenyIps = append(oldDenyIps, oldDenyIpList...)
-	}
-	if newDenyIpList != nil {
-		newDenyIps = append(newDenyIps, newDenyIpList...)
-	}
-	addedDenyIps, removedDenyIps := s.findIpDifferences(oldDenyIps, newDenyIps)
 
 
-	return addedIps, removedIps ,addedAllowIps, removedAllowIps, addedDenyIps, removedDenyIps, nil
+	return addedIps, removedIps , nil
 }
 
 

internal/service/webforwarding.go

@@ -137,9 +137,6 @@ func (s *webForwardingService) GetWebForwarding(ctx context.Context, req v1.GetF
 		IsHttps:             webForwarding.IsHttps,
 		Comment:             webForwarding.Comment,
 		BackendList:         backend.BackendList,
-		AllowIpList:         backend.AllowIpList,
-		DenyIpList:          backend.DenyIpList,
-		AccessRule:          backend.AccessRule,
 		HttpsKey: 			webForwarding.HttpsKey,
 		HttpsCert: 			webForwarding.HttpsCert,
 	}, nil
@@ -169,9 +166,6 @@ func (s *webForwardingService) buildWebRuleModel(reqData *v1.WebForwardingDataRe
 		WebId:       localDbId,
 		CdnOriginIds: cdnOriginIds,
 		BackendList: reqData.BackendList,
-		AllowIpList: reqData.AllowIpList,
-		DenyIpList:  reqData.DenyIpList,
-		AccessRule:  reqData.AccessRule,
 	}
 }
 
@@ -406,7 +400,7 @@ func (s *webForwardingService) AddWebForwarding(ctx context.Context, req *v1.Web
 
 	}
 
-	// IP过白
+	// 源站IP过白
 	var ips []string
 	if req.WebForwardingData.BackendList != nil {
 		for _, v := range req.WebForwardingData.BackendList {
@@ -418,29 +412,7 @@ func (s *webForwardingService) AddWebForwarding(ctx context.Context, req *v1.Web
 		}
 		go s.wafformatter.PublishIpWhitelistTask(ips, "add","","white")
 	}
-	var accessRuleIps []string
-	if len(req.WebForwardingData.AllowIpList) > 0 {
-		for _, v := range require.GatewayIps {
-			for _, ip := range req.WebForwardingData.AllowIpList {
-				if net.ParseIP(ip) != nil{
-					accessRuleIps = append(accessRuleIps, ip)
-				}
-			}
-			go s.wafformatter.PublishIpWhitelistTask(accessRuleIps, "add",v,"white")
-		}
-	}
-	// 黑名单
-	var denyRuleIps []string
-	if len(req.WebForwardingData.DenyIpList) > 0 {
-		for _, v := range require.GatewayIps {
-			for _, ip := range req.WebForwardingData.DenyIpList {
-				if net.ParseIP(ip) != nil{
-					denyRuleIps = append(denyRuleIps, ip)
-				}
-			}
-			go s.wafformatter.PublishIpWhitelistTask(denyRuleIps, "add",v,"black")
-		}
-	}
+
 
 
 
@@ -571,30 +543,10 @@ func (s *webForwardingService) EditWebForwarding(ctx context.Context, req *v1.We
 		go s.wafformatter.PublishIpWhitelistTask(addedIps, "add","","white")
 	}
 	if len(removedIps) > 0 {
-		go s.wafformatter.PublishIpWhitelistTask(removedIps, "del","","white")
+		go s.wafformatter.PublishIpWhitelistTask(removedIps, "del","0","white")
 	}
 
-	//白名单IP
-	addedAllowIps, removedAllowIps := s.WashDifferentIp(req.WebForwardingData.AllowIpList, ipData.AllowIpList)
-	for _, v := range require.GatewayIps {
-		if len(addedAllowIps) > 0 {
-			go s.wafformatter.PublishIpWhitelistTask(addedAllowIps, "add",v,"white")
-		}
-		if len(removedAllowIps) > 0 {
-			go s.wafformatter.PublishIpWhitelistTask(removedAllowIps, "del",v,"white")
-		}
-	}
 
-	// 黑名单IP
-	addedDenyIps, removedDenyIps := s.WashDifferentIp(req.WebForwardingData.DenyIpList, ipData.DenyIpList)
-	for _, v := range require.GatewayIps {
-		if len(addedDenyIps) > 0 {
-			go s.wafformatter.PublishIpWhitelistTask(addedDenyIps, "add",v,"black")
-		}
-		if len(removedDenyIps) > 0 {
-			go s.wafformatter.PublishIpWhitelistTask(removedDenyIps, "del",v,"black")
-		}
-	}
 
 
 
@@ -697,17 +649,11 @@ func (s *webForwardingService) DeleteWebForwarding(ctx context.Context, Ids []in
 				ips = append(ips, ip)
 			}
 		}
-		if len(ipData.AllowIpList) > 0 {
-			ips = append(ips, ipData.AllowIpList...)
-		}
 		if len(ips) > 0 {
-			go s.wafformatter.PublishIpWhitelistTask(ips, "del","","white")
+			go s.wafformatter.PublishIpWhitelistTask(ips, "del","0","white")
 		}
 
-		// IP过黑
-		if len(ipData.DenyIpList) > 0 {
-			go s.wafformatter.PublishIpWhitelistTask(ipData.DenyIpList, "del","","black")
-		}
+
 
 
 
@@ -832,9 +778,6 @@ func (s *webForwardingService) GetWebForwardingWafWebAllIps(ctx context.Context,
 
 		if res.BackendRule != nil { // 只有当 BackendRule 存在时才填充相关字段
 			dataReq.BackendList = res.BackendRule.BackendList
-			dataReq.AllowIpList = res.BackendRule.AllowIpList
-			dataReq.DenyIpList = res.BackendRule.DenyIpList
-			dataReq.AccessRule = res.BackendRule.AccessRule
 		}
 		finalResults = append(finalResults, dataReq)
 	}