feat(service): 为 TCP/UDP/Web 转发功能添加 IP 白名单处理逻辑

- 在创建、编辑和删除 TCP/UDP 转发规则时，添加 IP 白名单处理逻辑
- 优化 Web 转发规则的删除流程，先删除关联的 IP 白名单
- 重构代码，提高可读性和可维护性

config/local.yml

@@ -90,7 +90,7 @@ aodun:
   clientId: "bd9d36fc-17e1-11ef-8a72-549f35180370"
   Url: "https://115.238.184.13:16008"
 
-aodunIp:
+aodunSmall:
   clientId: "3f4ab936-0527-11ef-8065-801844e71378"
   Url: "https://115.238.186.169:16008"
 

config/prod.yml

@@ -92,7 +92,7 @@ aodun:
   password: "Nbgaofang.com!@#4"
   clientId: "bd9d36fc-17e1-11ef-8a72-549f35180370"
   Url: "https://115.238.184.13:16008"
-aodunIp:
+aodunSmall:
   clientId: "3f4ab936-0527-11ef-8065-801844e71378"
   Url: "https://115.238.186.169:16008"
 

internal/service/tcpforwarding.go

@@ -7,6 +7,7 @@ import (
 	"github.com/go-nunu/nunu-layout-advanced/internal/model"
 	"github.com/go-nunu/nunu-layout-advanced/internal/repository"
 	"golang.org/x/sync/errgroup"
+	"net"
 	"sort"
 	"strconv"
 	"strings"
@@ -222,6 +223,20 @@ func (s *tcpforwardingService) AddTcpForwarding(ctx context.Context, req *v1.Tcp
 		return err
 	}
 
+	// 异步任务：将IP添加到白名单
+	var ips []string
+	if req.TcpForwardingData.BackendList != nil {
+		for _, v := range req.TcpForwardingData.BackendList {
+			ip, _, err := net.SplitHostPort(v)
+			if err != nil {
+				return err
+			}
+			ips = append(ips, ip)
+		}
+		ips = append(ips, req.TcpForwardingData.AllowIpList...)
+		go s.wafformatter.PublishIpWhitelistTask(ips, "add")
+	}
+
 	tcpModel := s.buildTcpForwardingModel(&req.TcpForwardingData, wafTcpId, require)
 
 	id, err := s.tcpforwardingRepository.AddTcpforwarding(ctx, tcpModel)
@@ -249,6 +264,43 @@ func (s *tcpforwardingService) EditTcpForwarding(ctx context.Context, req *v1.Tc
 	if err != nil {
 		return err
 	}
+
+	// 异步任务：将IP添加到白名单
+	var oldIps []string
+	var newIps []string
+	ipData, err := s.tcpforwardingRepository.GetTcpForwardingIpsByID(ctx, req.TcpForwardingData.Id)
+	if err != nil {
+		return err
+	}
+	for _, v := range ipData.BackendList {
+		ip, _, err := net.SplitHostPort(v)
+		if err != nil {
+			return err
+		}
+		oldIps = append(oldIps, ip)
+	}
+	if ipData.AllowIpList != nil {
+		oldIps = append(oldIps, ipData.AllowIpList...)
+	}
+	if req.TcpForwardingData.BackendList != nil {
+		for _, v := range req.TcpForwardingData.BackendList {
+			ip, _, err := net.SplitHostPort(v)
+			if err != nil {
+				return err
+			}
+			newIps = append(newIps, ip)
+		}
+		newIps = append(newIps, req.TcpForwardingData.AllowIpList...)
+	}
+	addedIps, removedIps := s.wafformatter.findIpDifferences(oldIps, newIps)
+
+	if len(addedIps) > 0 {
+		go s.wafformatter.PublishIpWhitelistTask(addedIps, "add")
+	}
+	if len(removedIps) > 0 {
+		go s.wafformatter.PublishIpWhitelistTask(removedIps, "del")
+	}
+
 	tcpModel := s.buildTcpForwardingModel(&req.TcpForwardingData, req.TcpForwardingData.WafTcpId, require)
 	tcpModel.Id = req.TcpForwardingData.Id
 	if err = s.tcpforwardingRepository.EditTcpforwarding(ctx, tcpModel); err != nil {
@@ -267,11 +319,35 @@ func (s *tcpforwardingService) DeleteTcpForwarding(ctx context.Context, req v1.D
 		if err != nil {
 			return  err
 		}
+
 		_, err = s.crawler.DeleteRule(ctx, wafTcpId, "admin/delete/waf_tcp?page=1&__pageSize=1000000&__sort=waf_tcp_id&__sort_type=desc")
 		if err != nil {
 			return err
 		}
 
+
+		// 删除白名单
+		var ips []string
+		ipData, err := s.tcpforwardingRepository.GetTcpForwardingIpsByID(ctx, Id)
+		if err != nil {
+			return err
+		}
+
+		if ipData.BackendList != nil {
+			for _, v := range ipData.BackendList {
+				ip, _, err := net.SplitHostPort(v)
+				if err != nil {
+					return err
+				}
+				ips = append(ips, ip)
+			}
+			ips = append(ips, ipData.AllowIpList...)
+		}
+		if len(ips) > 0 {
+			go s.wafformatter.PublishIpWhitelistTask(ips, "del")
+		}
+
+
 		if err = s.tcpforwardingRepository.DeleteTcpforwarding(ctx, int64(Id)); err != nil {
 			return  err
 		}

internal/service/udpforwarding.go

@@ -7,6 +7,7 @@ import (
 	"github.com/go-nunu/nunu-layout-advanced/internal/model"
 	"github.com/go-nunu/nunu-layout-advanced/internal/repository"
 	"golang.org/x/sync/errgroup"
+	"net"
 	"sort"
 	"strconv"
 	"strings"
@@ -240,6 +241,20 @@ func (s *udpForWardingService) AddUdpForwarding(ctx context.Context, req *v1.Udp
 		return err
 	}
 
+	// 异步任务：将IP添加到白名单
+	var ips []string
+	if req.UdpForwardingData.BackendList != nil {
+		for _, v := range req.UdpForwardingData.BackendList {
+			ip, _, err := net.SplitHostPort(v)
+			if err != nil {
+				return err
+			}
+			ips = append(ips, ip)
+		}
+		ips = append(ips, req.UdpForwardingData.AllowIpList...)
+		go s.wafformatter.PublishIpWhitelistTask(ips, "add")
+	}
+
 	udpModel := s.buildUdpForwardingModel(&req.UdpForwardingData, wafUdpId, require)
 
 	id, err := s.udpForWardingRepository.AddUdpForwarding(ctx, udpModel)
@@ -267,6 +282,46 @@ func (s *udpForWardingService) EditUdpForwarding(ctx context.Context, req *v1.Ud
 	if err != nil {
 		return err
 	}
+
+	// 异步任务：将IP添加到白名单
+	var oldIps []string
+	var newIps []string
+	ipData, err := s.udpForWardingRepository.GetUdpForwardingIpsByID(ctx, req.UdpForwardingData.Id)
+	if err != nil {
+		return err
+	}
+	for _, v := range ipData.BackendList {
+		ip, _, err := net.SplitHostPort(v)
+		if err != nil {
+			return err
+		}
+		oldIps = append(oldIps, ip)
+	}
+	if ipData.AllowIpList != nil {
+		oldIps = append(oldIps, ipData.AllowIpList...)
+	}
+
+	if req.UdpForwardingData.BackendList != nil {
+		for _, v := range req.UdpForwardingData.BackendList {
+			ip, _, err := net.SplitHostPort(v)
+			if err != nil {
+				return err
+			}
+			newIps = append(newIps, ip)
+		}
+		newIps = append(newIps, req.UdpForwardingData.AllowIpList...)
+	}
+	addedIps, removedIps := s.wafformatter.findIpDifferences(oldIps, newIps)
+
+	if len(addedIps) > 0 {
+		go s.wafformatter.PublishIpWhitelistTask(addedIps, "add")
+	}
+	if len(removedIps) > 0 {
+		go s.wafformatter.PublishIpWhitelistTask(removedIps, "del")
+	}
+
+
+
 	udpModel := s.buildUdpForwardingModel(&req.UdpForwardingData, req.UdpForwardingData.WafUdpId, require)
 	udpModel.Id = req.UdpForwardingData.Id
 	if err = s.udpForWardingRepository.EditUdpForwarding(ctx, udpModel); err != nil {
@@ -290,6 +345,27 @@ func (s *udpForWardingService) DeleteUdpForwarding(ctx context.Context, Ids []in
 			return err
 		}
 
+		// 异步任务：将IP添加到白名单
+		ipData, err := s.udpForWardingRepository.GetUdpForwardingIpsByID(ctx, id)
+		if err != nil {
+			return err
+		}
+		var ips []string
+		if ipData.BackendList != nil {
+			for _, v := range ipData.BackendList {
+				ip, _, err := net.SplitHostPort(v)
+				if err != nil {
+					return err
+				}
+				ips = append(ips, ip)
+			}
+			ips = append(ips, ipData.AllowIpList...)
+		}
+		if len(ips) > 0 {
+			go s.wafformatter.PublishIpWhitelistTask(ips, "del")
+		}
+
+
 		if err = s.udpForWardingRepository.DeleteUdpForwarding(ctx, int64(id)); err != nil {
 			return err
 		}

internal/service/webforwarding.go

@@ -459,6 +459,10 @@ func (s *webForwardingService) DeleteWebForwarding(ctx context.Context, Ids []in
 		if err != nil {
 			return err
 		}
+		_, err = s.crawler.DeleteRule(ctx, wafWebId, "admin/delete/waf_web?page=1&__pageSize=10&__sort=waf_web_id&__sort_type=desc")
+		if err != nil {
+			return err
+		}
 		webData, err := s.webForwardingRepository.GetWebForwarding(ctx, int64(Id))
 		if err != nil {
 			return err
@@ -498,10 +502,6 @@ func (s *webForwardingService) DeleteWebForwarding(ctx context.Context, Ids []in
 		}
 
 
-		_, err = s.crawler.DeleteRule(ctx, wafWebId, "admin/delete/waf_web?page=1&__pageSize=10&__sort=waf_web_id&__sort_type=desc")
-		if err != nil {
-			return err
-		}
 		if err = s.webForwardingRepository.DeleteWebForwarding(ctx, int64(Id)); err != nil {
 			return err
 		}