refactor(waf): 重构 TCP 转发功能并优化相关服务

- 新增 AidedTcpService 辅助服务，用于处理 TCP 转发的通用逻辑
- 重构 TcpforwardingService，使用新的 AidedTcpService 实现大部分功能
- 优化 TCP 转发的添加、编辑和删除流程，提高代码可读性和可维护性
- 并发查询优化，提升 GetTcpforwarding 和 GetTcpForwardingAllIpsByHostId 函数性能- 移除冗余代码，简化 AddTcpForwarding 和 EditTcpForwarding 函数逻辑
-优化 DeleteTcpForwarding 函数，支持批量删除操作

cmd/server/wire/wire.go

@@ -80,6 +80,7 @@ var serviceSet = wire.NewSet(
 	service.NewRequiredService,
 	service.NewCrawlerService,
 	waf.NewWebForwardingService,
+	waf.NewAidedTcpService,
 	waf.NewTcpforwardingService,
 	waf.NewUdpForWardingService,
 	service.NewGameShieldUserIpService,

cmd/server/wire/wire_gen.go

@@ -93,7 +93,8 @@ func NewWire(viperViper *viper.Viper, logger *log.Logger) (*app.App, func(), err
 	ccService := waf2.NewCcService(serviceService, ccRepository, webForwardingRepository, cdnService, ccIpListService)
 	webForwardingService := waf2.NewWebForwardingService(serviceService, requiredService, webForwardingRepository, crawlerService, parserService, wafFormatterService, aoDunService, rabbitMQ, gatewayipService, globalLimitRepository, cdnService, proxyService, sslCertService, websocketService, ccService, ccIpListService)
 	webForwardingHandler := waf3.NewWebForwardingHandler(handlerHandler, webForwardingService, waflogService)
-	tcpforwardingService := waf2.NewTcpforwardingService(serviceService, tcpforwardingRepository, parserService, requiredService, crawlerService, globalLimitRepository, hostRepository, wafFormatterService, cdnService, proxyService)
+	aidedTcpService := waf2.NewAidedTcpService(serviceService, wafFormatterService, cdnService, proxyService, globalLimitRepository, tcpforwardingRepository)
+	tcpforwardingService := waf2.NewTcpforwardingService(serviceService, tcpforwardingRepository, parserService, requiredService, crawlerService, globalLimitRepository, hostRepository, wafFormatterService, cdnService, proxyService, aidedTcpService)
 	tcpforwardingHandler := waf3.NewTcpforwardingHandler(handlerHandler, tcpforwardingService, waflogService)
 	udpForWardingService := waf2.NewUdpForWardingService(serviceService, udpForWardingRepository, requiredService, parserService, crawlerService, globalLimitRepository, hostRepository, wafFormatterService, cdnService, proxyService)
 	udpForWardingHandler := waf3.NewUdpForWardingHandler(handlerHandler, udpForWardingService, waflogService)
@@ -137,7 +138,7 @@ func NewWire(viperViper *viper.Viper, logger *log.Logger) (*app.App, func(), err
 
 var repositorySet = wire.NewSet(repository.NewDB, repository.NewRedis, repository.NewCasbinEnforcer, repository.NewMongoClient, repository.NewMongoDB, repository.NewRabbitMQ, repository.NewRepository, repository.NewTransaction, admin.NewAdminRepository, admin.NewUserRepository, repository.NewGameShieldRepository, repository.NewGameShieldPublicIpRepository, waf.NewWebForwardingRepository, waf.NewTcpforwardingRepository, waf.NewUdpForWardingRepository, repository.NewGameShieldUserIpRepository, repository.NewGameShieldBackendRepository, repository.NewGameShieldSdkIpRepository, repository.NewHostRepository, waf.NewGlobalLimitRepository, repository.NewGatewayGroupRepository, repository.NewGateWayGroupIpRepository, flexCdn.NewCdnRepository, waf.NewAllowAndDenyIpRepository, flexCdn.NewProxyRepository, flexCdn.NewCcRepository, repository.NewExpiredRepository, repository.NewLogRepository, waf.NewGatewayipRepository, admin.NewGatewayIpAdminRepository, flexCdn.NewCcIpListRepository, admin.NewLogRepository, admin.NewWafLogRepository, admin.NewWafManageRepository)
 
-var serviceSet = wire.NewSet(service.NewService, admin2.NewUserService, admin2.NewGatewayIpAdminService, admin2.NewAdminService, gameShield.NewGameShieldService, service.NewAoDunService, service.NewGameShieldPublicIpService, service.NewDuedateService, service.NewFormatterService, service.NewParserService, service.NewRequiredService, service.NewCrawlerService, waf2.NewWebForwardingService, waf2.NewTcpforwardingService, waf2.NewUdpForWardingService, service.NewGameShieldUserIpService, gameShield.NewGameShieldBackendService, service.NewGameShieldSdkIpService, service.NewHostService, waf2.NewGlobalLimitService, service.NewGatewayGroupService, waf2.NewWafFormatterService, service.NewGateWayGroupIpService, service.NewRequestService, flexCdn2.NewCdnService, waf2.NewAllowAndDenyIpService, flexCdn2.NewProxyService, flexCdn2.NewSslCertService, flexCdn2.NewWebsocketService, waf2.NewCcService, service.NewLogService, waf2.NewGatewayipService, waf2.NewCcIpListService, waf2.NewCdnLogService, waf2.NewBuildAudunService, waf2.NewZzybgpService, waf2.NewWaflogService, admin2.NewLogService, admin2.NewWafLogService, admin2.NewWafLogDataCleanService, admin2.NewWafManageService, admin2.NewWafOperationsService)
+var serviceSet = wire.NewSet(service.NewService, admin2.NewUserService, admin2.NewGatewayIpAdminService, admin2.NewAdminService, gameShield.NewGameShieldService, service.NewAoDunService, service.NewGameShieldPublicIpService, service.NewDuedateService, service.NewFormatterService, service.NewParserService, service.NewRequiredService, service.NewCrawlerService, waf2.NewWebForwardingService, waf2.NewAidedTcpService, waf2.NewTcpforwardingService, waf2.NewUdpForWardingService, service.NewGameShieldUserIpService, gameShield.NewGameShieldBackendService, service.NewGameShieldSdkIpService, service.NewHostService, waf2.NewGlobalLimitService, service.NewGatewayGroupService, waf2.NewWafFormatterService, service.NewGateWayGroupIpService, service.NewRequestService, flexCdn2.NewCdnService, waf2.NewAllowAndDenyIpService, flexCdn2.NewProxyService, flexCdn2.NewSslCertService, flexCdn2.NewWebsocketService, waf2.NewCcService, service.NewLogService, waf2.NewGatewayipService, waf2.NewCcIpListService, waf2.NewCdnLogService, waf2.NewBuildAudunService, waf2.NewZzybgpService, waf2.NewWaflogService, admin2.NewLogService, admin2.NewWafLogService, admin2.NewWafLogDataCleanService, admin2.NewWafManageService, admin2.NewWafOperationsService)
 
 var handlerSet = wire.NewSet(handler.NewHandler, admin3.NewUserHandler, admin3.NewAdminHandler, admin3.NewGatewayIpAdminHandler, handler.NewGameShieldHandler, handler.NewGameShieldPublicIpHandler, waf3.NewWebForwardingHandler, waf3.NewTcpforwardingHandler, waf3.NewUdpForWardingHandler, handler.NewGameShieldUserIpHandler, handler.NewGameShieldBackendHandler, handler.NewGameShieldSdkIpHandler, handler.NewHostHandler, waf3.NewGlobalLimitHandler, handler.NewGatewayGroupHandler, handler.NewGateWayGroupIpHandler, waf3.NewAllowAndDenyIpHandler, waf3.NewCcHandler, waf3.NewGatewayipHandler, waf3.NewCcIpListHandler, waf3.NewCdnLogHandler, admin3.NewLogHandler, admin3.NewWafLogHandler, admin3.NewWafManageHandler)
 

cmd/task/wire/wire.go

@@ -91,6 +91,7 @@ var serviceSet = wire.NewSet(
 	waf.NewWafFormatterService,
 	flexCdn.NewCdnService,
 	service.NewRequestService,
+	waf.NewAidedTcpService,
 	waf.NewTcpforwardingService,
 	waf.NewUdpForWardingService,
 	waf.NewWebForwardingService,

cmd/task/wire/wire_gen.go

@@ -77,7 +77,8 @@ func NewWire(viperViper *viper.Viper, logger *log.Logger) (*app.App, func(), err
 	wafFormatterService := waf2.NewWafFormatterService(serviceService, globalLimitRepository, hostRepository, requiredService, parserService, tcpforwardingRepository, udpForWardingRepository, webForwardingRepository, rabbitMQ, hostService, gatewayipRepository, gatewayipService, cdnService, cdnRepository)
 	proxyRepository := flexCdn.NewProxyRepository(repositoryRepository)
 	proxyService := flexCdn2.NewProxyService(serviceService, proxyRepository, cdnService)
-	tcpforwardingService := waf2.NewTcpforwardingService(serviceService, tcpforwardingRepository, parserService, requiredService, crawlerService, globalLimitRepository, hostRepository, wafFormatterService, cdnService, proxyService)
+	aidedTcpService := waf2.NewAidedTcpService(serviceService, wafFormatterService, cdnService, proxyService, globalLimitRepository, tcpforwardingRepository)
+	tcpforwardingService := waf2.NewTcpforwardingService(serviceService, tcpforwardingRepository, parserService, requiredService, crawlerService, globalLimitRepository, hostRepository, wafFormatterService, cdnService, proxyService, aidedTcpService)
 	udpForWardingService := waf2.NewUdpForWardingService(serviceService, udpForWardingRepository, requiredService, parserService, crawlerService, globalLimitRepository, hostRepository, wafFormatterService, cdnService, proxyService)
 	aoDunService := service.NewAoDunService(serviceService, viperViper, requestService)
 	sslCertService := flexCdn2.NewSslCertService(serviceService, webForwardingRepository, cdnService)
@@ -116,7 +117,7 @@ var jobSet = wire.NewSet(job.NewJob, job.NewUserJob, job.NewWhitelistJob, job.Ne
 
 var serverSet = wire.NewSet(server.NewTaskServer, server.NewJobServer)
 
-var serviceSet = wire.NewSet(service.NewService, service.NewAoDunService, gameShield.NewGameShieldService, service.NewCrawlerService, service.NewGameShieldPublicIpService, service.NewDuedateService, service.NewFormatterService, service.NewParserService, service.NewRequiredService, service.NewHostService, gameShield.NewGameShieldBackendService, service.NewGameShieldSdkIpService, service.NewGameShieldUserIpService, waf2.NewWafFormatterService, flexCdn2.NewCdnService, service.NewRequestService, waf2.NewTcpforwardingService, waf2.NewUdpForWardingService, waf2.NewWebForwardingService, flexCdn2.NewProxyService, flexCdn2.NewSslCertService, flexCdn2.NewWebsocketService, waf2.NewCcService, waf2.NewGatewayipService, service.NewLogService, waf2.NewCcIpListService, waf2.NewBuildAudunService, waf2.NewZzybgpService, waf2.NewWaflogService, admin2.NewWafLogService, admin2.NewWafLogDataCleanService, admin2.NewWafOperationsService)
+var serviceSet = wire.NewSet(service.NewService, service.NewAoDunService, gameShield.NewGameShieldService, service.NewCrawlerService, service.NewGameShieldPublicIpService, service.NewDuedateService, service.NewFormatterService, service.NewParserService, service.NewRequiredService, service.NewHostService, gameShield.NewGameShieldBackendService, service.NewGameShieldSdkIpService, service.NewGameShieldUserIpService, waf2.NewWafFormatterService, flexCdn2.NewCdnService, service.NewRequestService, waf2.NewAidedTcpService, waf2.NewTcpforwardingService, waf2.NewUdpForWardingService, waf2.NewWebForwardingService, flexCdn2.NewProxyService, flexCdn2.NewSslCertService, flexCdn2.NewWebsocketService, waf2.NewCcService, waf2.NewGatewayipService, service.NewLogService, waf2.NewCcIpListService, waf2.NewBuildAudunService, waf2.NewZzybgpService, waf2.NewWaflogService, admin2.NewWafLogService, admin2.NewWafLogDataCleanService, admin2.NewWafOperationsService)
 
 // build App
 func newApp(task2 *server.TaskServer,

internal/service/api/waf/tcpforwarding.go

@@ -2,8 +2,8 @@ package waf
 
 import (
 	"context"
-	"encoding/json"
 	"fmt"
+	"sort"
 	v1 "github.com/go-nunu/nunu-layout-advanced/api/v1"
 	"github.com/go-nunu/nunu-layout-advanced/internal/model"
 	"github.com/go-nunu/nunu-layout-advanced/internal/repository"
@@ -11,15 +11,12 @@ import (
 	"github.com/go-nunu/nunu-layout-advanced/internal/service"
 	"github.com/go-nunu/nunu-layout-advanced/internal/service/api/flexCdn"
 	"golang.org/x/sync/errgroup"
-	"maps"
-	"net"
-	"sort"
 )
 
 type TcpforwardingService interface {
 	GetTcpforwarding(ctx context.Context, req v1.GetForwardingRequest) (v1.TcpForwardingDataRequest, error)
-	AddTcpForwarding(ctx context.Context, req *v1.TcpForwardingRequest)  (int, error)
-	EditTcpForwarding(ctx context.Context, req *v1.TcpForwardingRequest)  error
+	AddTcpForwarding(ctx context.Context, req *v1.TcpForwardingRequest) (int, error)
+	EditTcpForwarding(ctx context.Context, req *v1.TcpForwardingRequest) error
 	DeleteTcpForwarding(ctx context.Context, req v1.DeleteTcpForwardingRequest) error
 	GetTcpForwardingAllIpsByHostId(ctx context.Context, req v1.GetForwardingRequest) ([]v1.TcpForwardingDataRequest, error)
 }
@@ -35,6 +32,7 @@ func NewTcpforwardingService(
 	wafformatter WafFormatterService,
 	cdn flexCdn.CdnService,
 	proxy flexCdn.ProxyService,
+	aidedTcp AidedTcpService,
 ) TcpforwardingService {
 	return &tcpforwardingService{
 		Service:                 service,
@@ -47,6 +45,7 @@ func NewTcpforwardingService(
 		wafformatter:            wafformatter,
 		cdn:                     cdn,
 		proxy:                   proxy,
+		aidedTcp:                aidedTcp,
 	}
 }
 
@@ -58,23 +57,30 @@ type tcpforwardingService struct {
 	crawler                 service.CrawlerService
 	globalRep               waf.GlobalLimitRepository
 	hostRep                 repository.HostRepository
-	wafformatter WafFormatterService
-	cdn   flexCdn.CdnService
-	proxy flexCdn.ProxyService
+	wafformatter            WafFormatterService
+	cdn                     flexCdn.CdnService
+	proxy                   flexCdn.ProxyService
+	aidedTcp                AidedTcpService
 }
 
-
-
+// GetTcpforwarding 获取单个TCP转发配置详情
+// 该函数根据ID同时查询主记录和规则记录，并合并返回完整的配置信息
 func (s *tcpforwardingService) GetTcpforwarding(ctx context.Context, req v1.GetForwardingRequest) (v1.TcpForwardingDataRequest, error) {
+	// 参数验证
+	if req.Id <= 0 {
+		return v1.TcpForwardingDataRequest{}, fmt.Errorf("非法的ID参数: %d", req.Id)
+	}
+
 	var tcpForwarding model.Tcpforwarding
 	var backend model.TcpForwardingRule
 	var err error
 
+	// 并发查询主记录和规则记录以提高性能
 	g, gCtx := errgroup.WithContext(ctx)
 	g.Go(func() error {
 		res, e := s.tcpforwardingRepository.GetTcpforwarding(gCtx, int64(req.Id))
 		if e != nil {
-			return fmt.Errorf("GetTcpforwarding failed: %w", e)
+			return fmt.Errorf("查询TCP转发主记录失败 ID:%d, %w", req.Id, e)
 		}
 		if res != nil {
 			tcpForwarding = *res
@@ -85,368 +91,177 @@ func (s *tcpforwardingService) GetTcpforwarding(ctx context.Context, req v1.GetF
 	g.Go(func() error {
 		res, e := s.tcpforwardingRepository.GetTcpForwardingIpsByID(gCtx, req.Id)
 		if e != nil {
-			return fmt.Errorf("GetTcpforwardingIps failed: %w", e)
+			return fmt.Errorf("查询TCP转发规则记录失败 ID:%d, %w", req.Id, e)
 		}
 		if res != nil {
 			backend = *res
 		}
 		return nil
 	})
+
 	if err = g.Wait(); err != nil {
 		return v1.TcpForwardingDataRequest{}, err
 	}
 
-	return v1.TcpForwardingDataRequest{
-		Id:               tcpForwarding.Id,
-		Port:             tcpForwarding.Port,
-		Comment:          tcpForwarding.Comment,
-		Proxy:            tcpForwarding.Proxy,
-		BackendList:       backend.BackendList,
-	}, nil
-}
-
-
-func (s *tcpforwardingService) buildTcpForwardingModel(req *v1.TcpForwardingDataRequest, ruleId int, require RequireResponse) *model.Tcpforwarding {
-	return &model.Tcpforwarding{
-		HostId:  require.HostId,
-		CdnWebId: ruleId,
-		Port:    req.Port,
-		Comment: req.Comment,
-		Proxy:   req.Proxy,
+	// 检查是否找到主记录
+	if tcpForwarding.Id == 0 {
+		return v1.TcpForwardingDataRequest{}, fmt.Errorf("TCP转发配置不存在 ID:%d", req.Id)
 	}
-}
 
-func (s *tcpforwardingService) buildTcpRuleModel(reqData *v1.TcpForwardingDataRequest, require RequireResponse, localDbId int, cdnOriginIds map[string]int64) *model.TcpForwardingRule {
-	return &model.TcpForwardingRule{
-		Uid:         require.Uid,
-		HostId:      require.HostId,
-		TcpId:       localDbId, // 关联到本地数据库的主记录 ID
-		CdnOriginIds: cdnOriginIds,
-		BackendList: reqData.BackendList,
-	}
+	return v1.TcpForwardingDataRequest{
+		Id:          tcpForwarding.Id,
+		Port:        tcpForwarding.Port,
+		Comment:     tcpForwarding.Comment,
+		Proxy:       tcpForwarding.Proxy,
+		BackendList: backend.BackendList,
+	}, nil
 }
 
-func (s *tcpforwardingService) prepareWafData(ctx context.Context, req *v1.TcpForwardingRequest) (RequireResponse, v1.WebsiteSend, error) {
-	// 1. 获取必要的全局信息
-	require, err := s.wafformatter.Require(ctx, v1.GlobalRequire{
-		HostId:  req.HostId,
-		Uid:     req.Uid,
-		Comment: req.TcpForwardingData.Comment,
-	})
-	if err != nil {
-		return RequireResponse{}, v1.WebsiteSend{}, err
-	}
-
-
-
-	if require.Uid == 0 {
-		return RequireResponse{}, v1.WebsiteSend{}, fmt.Errorf("请先配置实例")
-	}
-
-
-	var jsonData v1.TypeJSON
-	jsonData.IsOn = true
-	for _, v := range require.GatewayIps {
-		jsonData.Listen = append(jsonData.Listen, v1.Listen{
-			Protocol: "tcp",
-			Host:     v,
-			Port: 		req.TcpForwardingData.Port,
-		})
-	}
-
-	byteData, err := json.Marshal(jsonData)
-	if err != nil {
-		return RequireResponse{}, v1.WebsiteSend{}, err
-	}
-
 
-	formData := v1.WebsiteSend{
-		UserId:         int64(require.CdnUid),
-		Type:           "tcpProxy",
-		Name:           require.Tag,
-		Description:    req.TcpForwardingData.Comment,
-		TcpJSON:        byteData,
-		ServerGroupIds: []int64{int64(require.GroupId)},
-		NodeClusterId:  2,
-	}
-	return require, formData, nil
-}
-
-func (s *tcpforwardingService) AddTcpForwarding(ctx context.Context, req *v1.TcpForwardingRequest)  (int, error) {
-	require, formData, err := s.prepareWafData(ctx, req)
+// AddTcpForwarding 添加 TCP 转发配置
+// 该函数完成 TCP 转发的完整创建流程：验证、创建 CDN、添加源站、配置代理、保存数据、处理异步任务
+func (s *tcpforwardingService) AddTcpForwarding(ctx context.Context, req *v1.TcpForwardingRequest) (int, error) {
+	// 1. 数据准备和验证
+	require, formData, err := s.aidedTcp.PrepareWafData(ctx, req)
 	if err != nil {
 		return 0, err
 	}
-	err = s.wafformatter.validateWafPortCount(ctx, require.HostId)
-	if err != nil {
+
+	if err := s.aidedTcp.ValidateAddRequest(ctx, req, require); err != nil {
 		return 0, err
 	}
-	// 验证端口重复
-	err = s.wafformatter.VerifyPort(ctx, "tcp", int64(req.TcpForwardingData.Id),req.TcpForwardingData.Port, int64(require.HostId), "")
+
+	// 2. 创建CDN网站
+	tcpId, err := s.aidedTcp.CreateCdnWebsite(ctx, formData)
 	if err != nil {
 		return 0, err
 	}
 
-
-	tcpId, err := s.cdn.CreateWebsite(ctx, formData)
+	// 3. 添加源站
+	cdnOriginIds, err := s.aidedTcp.AddOriginsToWebsite(ctx, req, tcpId)
 	if err != nil {
 		return 0, err
 	}
 
-	// 添加源站
-	cdnOriginIds := make(map[string]int64)
-	for _, v := range req.TcpForwardingData.BackendList{
-		id, err := s.wafformatter.AddOrigin(ctx, v1.WebJson{
-			ApiType:     "tcp",
-			BackendList: v,
-			Comment:     req.TcpForwardingData.Comment,
-		})
-		if err != nil {
-			return 0, err
-		}
-		cdnOriginIds[v] = id
-	}
-
-	// 添加源站到网站
-	for _, v := range cdnOriginIds {
-		err = s.cdn.AddServerOrigin(ctx, tcpId, v)
-		if err != nil {
-			return 0, err
-		}
-	}
-
-	// 开启proxy
-	if req.TcpForwardingData.Proxy {
-		err = s.proxy.EditProxy(ctx,tcpId, v1.ProxyProtocolJSON{
-			IsOn: true,
-			Version: 1,
-		})
-		if err != nil {
-			return 0, err
-		}
+	// 4. 配置代理协议
+	if err := s.aidedTcp.ConfigureProxyProtocol(ctx, req, tcpId); err != nil {
+		return 0, err
 	}
 
-	tcpModel := s.buildTcpForwardingModel(&req.TcpForwardingData, int(tcpId), require)
-
-	id, err := s.tcpforwardingRepository.AddTcpforwarding(ctx, tcpModel)
+	// 5. 保存到数据库
+	id, err := s.aidedTcp.SaveToDatabase(ctx, req, require, tcpId, cdnOriginIds)
 	if err != nil {
 		return 0, err
 	}
-	TcpRuleModel := s.buildTcpRuleModel(&req.TcpForwardingData, require, id, cdnOriginIds)
-	if _, err = s.tcpforwardingRepository.AddTcpforwardingIps(ctx, *TcpRuleModel); err != nil {
-		return 0, err
-	}
-
-
-	// 异步任务：将源站IP添加到白名单
-	var ips []string
-	if req.TcpForwardingData.BackendList != nil {
-		for _, v := range req.TcpForwardingData.BackendList {
-			ip, _, err := net.SplitHostPort(v)
-			if err != nil {
-				return 0, err
-			}
-			ips = append(ips, ip)
-		}
-		go s.wafformatter.PublishIpWhitelistTask(ips, "add","","white")
-	}
 
+	// 6. 处理异步任务
+	s.aidedTcp.ProcessAsyncTasks(req)
 
-	return id,nil
+	return id, nil
 }
 
+
+// EditTcpForwarding 编辑 TCP 转发配置
+// 该函数完成 TCP 转发的完整编辑流程：验证、更新 CDN、处理IP白名单、更新源站、更新数据库
 func (s *tcpforwardingService) EditTcpForwarding(ctx context.Context, req *v1.TcpForwardingRequest) error {
-	require, formData, err := s.prepareWafData(ctx, req)
+	// 1. 数据准备和验证
+	require, formData, err := s.aidedTcp.PrepareWafData(ctx, req)
 	if err != nil {
-		return  err
+		return err
 	}
 
 	oldData, err := s.tcpforwardingRepository.GetTcpforwarding(ctx, int64(req.TcpForwardingData.Id))
 	if err != nil {
-		return err
+		return fmt.Errorf("获取原始数据失败: %w", err)
 	}
 
-	// 验证端口重复
-	if oldData.Port != req.TcpForwardingData.Port {
-		err = s.wafformatter.VerifyPort(ctx, "tcp", int64(req.TcpForwardingData.Id), req.TcpForwardingData.Port, int64(require.HostId), "")
-		if err != nil {
-			return err
-		}
+	if err := s.aidedTcp.ValidateEditRequest(ctx, req, require, oldData); err != nil {
+		return err
 	}
 
-
-
-	//修改网站端口
-	if oldData.Port != req.TcpForwardingData.Port {
-		err = s.cdn.EditServerType(ctx, v1.EditWebsite{
-			Id:       int64(oldData.CdnWebId),
-			TypeJSON: formData.TcpJSON,
-		}, "tcp")
-		if err != nil {
-			return err
-		}
+	// 2. 更新CDN配置
+	if err := s.aidedTcp.UpdateCdnConfiguration(ctx, req, oldData, require, formData); err != nil {
+		return err
 	}
 
-	//修改网站名字
-	if oldData.Comment != req.TcpForwardingData.Comment {
-		nodeId, err := s.globalRep.GetNodeId(ctx, oldData.CdnWebId)
-		err = s.cdn.EditServerBasic(ctx, int64(oldData.CdnWebId), require.Tag, nodeId)
-		if err != nil {
-			return err
-		}
+	// 3. 获取IP数据并处理白名单
+	ipData, err := s.tcpforwardingRepository.GetTcpForwardingIpsByID(ctx, req.TcpForwardingData.Id)
+	if err != nil {
+		return fmt.Errorf("获取IP数据失败: %w", err)
 	}
 
-
-	//修改Proxy
-	if oldData.Proxy != req.TcpForwardingData.Proxy {
-		err = s.proxy.EditProxy(ctx, int64(oldData.CdnWebId), v1.ProxyProtocolJSON{
-			IsOn:    req.TcpForwardingData.Proxy,
-			Version: 1,
-		})
-		if err != nil {
-			return err
-		}
+	if err := s.aidedTcp.ProcessIpWhitelistChanges(ctx, req, ipData); err != nil {
+		return err
 	}
 
-	// 异步任务：将IP添加到白名单
-	ipData, err := s.tcpforwardingRepository.GetTcpForwardingIpsByID(ctx, req.TcpForwardingData.Id)
-	if err != nil {
+	// 4. 更新源站配置
+	if err := s.aidedTcp.UpdateOriginServers(ctx, req, oldData, ipData); err != nil {
 		return err
 	}
-	addedIps, removedIps, err := s.wafformatter.WashEditWafIp(ctx,req.TcpForwardingData.BackendList, ipData.BackendList)
-	if err != nil {
+
+	// 5. 更新数据库记录
+	if err := s.aidedTcp.UpdateDatabaseRecords(ctx, req, oldData, require, ipData); err != nil {
 		return err
 	}
-	if len(addedIps) > 0 {
-		go s.wafformatter.PublishIpWhitelistTask(addedIps, "add","","white")
-	}
 
+	return nil
+}
 
-	if len(removedIps) > 0 {
-		ipsToDelist, err := s.wafformatter.WashDelIps(ctx, removedIps)
-		if err != nil {
-			return err
-		}
 
-		// 4. 如果有需要处理的IP，则批量发布一次任务
-		if len(ipsToDelist) > 0 {
-			go s.wafformatter.PublishIpWhitelistTask(ipsToDelist, "del", "0", "white")
+// DeleteTcpForwarding 批量删除 TCP 转发配置
+// 该函数支持批量删除多个 TCP 转发配置，对每个配置都执行完整的删除流程
+func (s *tcpforwardingService) DeleteTcpForwarding(ctx context.Context, req v1.DeleteTcpForwardingRequest) error {
+	// 批量删除处理
+	for _, id := range req.Ids {
+		if err := s.deleteSingleTcpForwarding(ctx, id, req.HostId); err != nil {
+			return fmt.Errorf("删除TCP转发配置失败 ID:%d, %w", id, err)
 		}
 	}
+	return nil
+}
 
-
-
-
-
-	//修改源站
-	addOrigins, delOrigins := s.wafformatter.findIpDifferences(ipData.BackendList, req.TcpForwardingData.BackendList)
-	addedIds := make(map[string]int64)
-	for _, v := range addOrigins {
-		id, err := s.wafformatter.AddOrigin(ctx,v1.WebJson{
-			ApiType: "tcp",
-			BackendList: v,
-			Comment: req.TcpForwardingData.Comment,
-		})
-		if err != nil {
-			return err
-		}
-		addedIds[v] = id
-	}
-	for _, v := range addedIds {
-		err = s.cdn.AddServerOrigin(ctx, int64(oldData.CdnWebId), v)
-		if err != nil {
-			return err
-		}
+// deleteSingleTcpForwarding 删除单个 TCP 转发配置
+// 该函数完成单个配置的完整删除流程：权限验证、删除 CDN、清理IP白名单、清理数据库
+func (s *tcpforwardingService) deleteSingleTcpForwarding(ctx context.Context, id int, hostId int) error {
+	// 1. 获取原始数据并验证权限
+	oldData, err := s.tcpforwardingRepository.GetTcpforwarding(ctx, int64(id))
+	if err != nil {
+		return fmt.Errorf("获取TCP转发数据失败: %w", err)
 	}
 
-	maps.Copy(ipData.CdnOriginIds, addedIds)
-	for k, v := range ipData.CdnOriginIds {
-		for _, ip := range delOrigins {
-			if k == ip {
-				err = s.cdn.DelServerOrigin(ctx, int64(oldData.CdnWebId), v)
-				if err != nil {
-					return err
-				}
-				delete(ipData.CdnOriginIds, k)
-			}
-		}
+	if err := s.aidedTcp.ValidateDeletePermission(oldData, hostId); err != nil {
+		return err
 	}
 
-	tcpModel := s.buildTcpForwardingModel(&req.TcpForwardingData,oldData.CdnWebId, require)
-	tcpModel.Id = req.TcpForwardingData.Id
-		if err = s.tcpforwardingRepository.EditTcpforwarding(ctx, tcpModel); err != nil {
-		return  err
-	}
-	TcpRuleModel := s.buildTcpRuleModel(&req.TcpForwardingData, require, req.TcpForwardingData.Id, ipData.CdnOriginIds)
-	if err = s.tcpforwardingRepository.EditTcpforwardingIps(ctx, *TcpRuleModel); err != nil {
+	// 2. 删除CDN服务器
+	if err := s.aidedTcp.DeleteCdnServer(ctx, oldData.CdnWebId); err != nil {
 		return err
 	}
-	return  nil
-}
-
-func (s *tcpforwardingService) DeleteTcpForwarding(ctx context.Context, req v1.DeleteTcpForwardingRequest)  error {
-	for _, Id := range req.Ids {
-		oldData, err := s.tcpforwardingRepository.GetTcpforwarding(ctx, int64(Id))
-		if err != nil {
-			return err
-		}
-		if oldData.HostId != req.HostId {
-			return fmt.Errorf("用户权限不足")
-		}
-
-		err = s.cdn.DelServer(ctx, int64(oldData.CdnWebId))
-		if err != nil {
-			return err
-		}
-
-
-		// 删除白名单
-		var ips []string
-		ipData, err := s.tcpforwardingRepository.GetTcpForwardingIpsByID(ctx, Id)
-		if err != nil {
-			return err
-		}
-
-		if ipData != nil && len(ipData.BackendList) > 0 {
-			ips, err = s.wafformatter.WashDeleteWafIp(ctx, ipData.BackendList)
-			if err != nil {
-				return err
-			}
-		}
 
+	// 3. 处理IP白名单清理
+	if err := s.aidedTcp.ProcessDeleteIpWhitelist(ctx, id); err != nil {
+		return err
+	}
 
-		if len(ips) > 0 {
-			ipsToDelist, err := s.wafformatter.WashDelIps(ctx, ips)
-			if err != nil {
-				return err
-			}
-
-			// 4. 如果有需要处理的IP，则批量发布一次任务
-			if len(ipsToDelist) > 0 {
-				go s.wafformatter.PublishIpWhitelistTask(ipsToDelist, "del", "0", "white")
-			}
-		}
-
-
-		if err = s.tcpforwardingRepository.DeleteTcpforwarding(ctx, int64(Id)); err != nil {
-			return  err
-		}
-
-		if err = s.tcpforwardingRepository.DeleteTcpForwardingIpsById(ctx, Id); err != nil {
-			return  err
-		}
+	// 4. 清理数据库记录
+	if err := s.aidedTcp.CleanupDatabaseRecords(ctx, id); err != nil {
+		return err
 	}
-	return  nil
+
+	return nil
 }
 
+
+// GetTcpForwardingAllIpsByHostId 获取指定主机的所有 TCP 转发配置列表
+// 该函数使用并发查询优化性能，同时获取多个配置的详细信息并按ID降序排列
 func (s *tcpforwardingService) GetTcpForwardingAllIpsByHostId(ctx context.Context, req v1.GetForwardingRequest) ([]v1.TcpForwardingDataRequest, error) {
 	type CombinedResult struct {
 		Id          int
 		Forwarding  *model.Tcpforwarding
 		BackendRule *model.TcpForwardingRule
-		Err         error // 如果此ID的处理出错，则携带错误
+		Err         error
 	}
-	g,gCtx := errgroup.WithContext(ctx)
+	g, gCtx := errgroup.WithContext(ctx)
 	ids, err := s.tcpforwardingRepository.GetTcpForwardingAllIdsByID(gCtx, req.HostId)
 	if err != nil {
 		return nil, fmt.Errorf("GetTcpForwardingAllIds failed: %w", err)
@@ -489,14 +304,14 @@ func (s *tcpforwardingService) GetTcpForwardingAllIpsByHostId(ctx context.Contex
 			return nil, fmt.Errorf("received error from goroutine for ID %d: %w", r.Id, r.Err)
 		}
 		if r.Forwarding == nil {
-			return nil,fmt.Errorf("received nil forwarding from goroutine for ID %d", r.Id)
+			return nil, fmt.Errorf("received nil forwarding from goroutine for ID %d", r.Id)
 		}
 
 		dataReq := v1.TcpForwardingDataRequest{
-			Id: r.Forwarding.Id,
-			Port: r.Forwarding.Port,
+			Id:      r.Forwarding.Id,
+			Port:    r.Forwarding.Port,
 			Comment: r.Forwarding.Comment,
-			Proxy: r.Forwarding.Proxy,
+			Proxy:   r.Forwarding.Proxy,
 		}
 		if r.BackendRule != nil {
 			dataReq.BackendList = r.BackendRule.BackendList
@@ -508,5 +323,4 @@ func (s *tcpforwardingService) GetTcpForwardingAllIpsByHostId(ctx context.Contex
 		return res[i].Id > res[j].Id
 	})
 	return res, nil
-
 }