feat(service): 增加 IP 黑名单功能并优化白名单逻辑

- 在 AoDunService 接口中添加了处理黑名单的方法
- 修改了 TCP、UDP 和 Web 转发服务，支持黑名单功能
- 优化了 WafFormatterService 中的 IP 处理逻辑，支持黑白名单
- 更新了 WhitelistJob 中的 IP 任务处理流程，增加了颜色参数

internal/job/whitelist.go

@@ -160,18 +160,20 @@ func (j *whitelistJob) handleIpMessage(ctx context.Context, logger *zap.Logger,
 	type ipTaskPayload struct {
 		Ips    []string `json:"ips"`
 		Action string   `json:"action"`
+		Color  string   `json:"color"`
 		ReturnSourceIp string `json:"return_source_ip"`
 	}
 
 	var payload ipTaskPayload
 	if err := json.Unmarshal(d.Body, &payload); err != nil {
-		logger.Error("解析IP白名单消息失败", zap.Error(err), zap.ByteString("body", d.Body))
+		logger.Error("解析IP白名单消息失败", zap.Error(err), zap.ByteString("body", d.Body), zap.String("routing_key", d.RoutingKey))
 		return nil // 消息格式错误，不应重试
 	}
 
 	logger.Info("收到IP白名单任务",
 		zap.String("action", payload.Action),
 		zap.Any("ips", payload.Ips),
+		zap.String("color", payload.Color),
 		zap.String("routing_key", d.RoutingKey),
 	)
 
@@ -189,13 +191,13 @@ func (j *whitelistJob) handleIpMessage(ctx context.Context, logger *zap.Logger,
 			wg.Add(2)
 			go func() {
 				defer wg.Done()
-				if err := j.aoDunService.AddWhiteStaticList(ctx, false, ips); err != nil {
+				if err := j.aoDunService.AddWhiteStaticList(ctx, false, ips, payload.Color); err != nil {
 					errChan <- err
 				}
 			}()
 			go func() {
 				defer wg.Done()
-				if err := j.aoDunService.AddWhiteStaticList(ctx, true, ips); err != nil {
+				if err := j.aoDunService.AddWhiteStaticList(ctx, true, ips,payload.Color); err != nil {
 					errChan <- err
 				}
 			}()
@@ -218,13 +220,13 @@ func (j *whitelistJob) handleIpMessage(ctx context.Context, logger *zap.Logger,
 
 		deleteFromWall := func(isSmall bool, ip string) {
 			defer wg.Done()
-			id, err := j.aoDunService.GetWhiteStaticList(ctx, isSmall, ip)
+			id, err := j.aoDunService.GetWhiteStaticList(ctx, isSmall, ip,payload.Color)
 			if err != nil {
-				errChan <- fmt.Errorf("获取IP '%s' (isSmall: %t) ID失败: %w", ip, isSmall, err)
+				errChan <- fmt.Errorf("获取IP '%s' (isSmall: %t) ID失败: %w , color: %s", ip, isSmall, err, payload.Color)
 				return
 			}
-			if err := j.aoDunService.DelWhiteStaticList(ctx, isSmall, strconv.Itoa(id)); err != nil {
-				errChan <- fmt.Errorf("删除IP '%s' (isSmall: %t, id: %d) 失败: %w", ip, isSmall, id, err)
+			if err := j.aoDunService.DelWhiteStaticList(ctx, isSmall, strconv.Itoa(id), payload.Color); err != nil {
+				errChan <- fmt.Errorf("删除IP '%s' (isSmall: %t, id: %d) 失败: %w , color: %s", ip, isSmall, id, err , payload.Color)
 			}
 		}
 
@@ -239,22 +241,22 @@ func (j *whitelistJob) handleIpMessage(ctx context.Context, logger *zap.Logger,
 
 		var errs []string
 		for err := range errChan {
-			logger.Error("删除IP白名单过程中发生错误", zap.Error(err))
+			logger.Error("删除IP白名单过程中发生错误", zap.Error(err), zap.String("color", payload.Color))
 			errs = append(errs, err.Error())
 		}
 		if len(errs) > 0 {
-			processingErr = fmt.Errorf("删除IP任务中发生错误: %s", strings.Join(errs, "; "))
+			processingErr = fmt.Errorf("删除IP任务中发生错误: %s", strings.Join(errs, "; ") + ", color: " + payload.Color)
 		}
 
 	default:
 		processingErr = fmt.Errorf("unknown action: %s", payload.Action)
-		logger.Warn("在IP白名单任务中收到未知操作", zap.String("action", payload.Action), zap.Any("ips", payload.Ips))
+		logger.Warn("在IP白名单任务中收到未知操作", zap.String("action", payload.Action), zap.Any("ips", payload.Ips), zap.String("color", payload.Color))
 	}
 
 	if processingErr != nil {
-		logger.Error("处理IP白名单任务失败", zap.Error(processingErr), zap.Any("ips", payload.Ips))
+		logger.Error("处理IP白名单任务失败", zap.Error(processingErr), zap.Any("ips", payload.Ips), zap.String("color", payload.Color))
 	} else {
-		logger.Info("已成功处理IP白名单任务", zap.String("action", payload.Action), zap.Any("ips", payload.Ips))
+		logger.Info("已成功处理IP白名单任务", zap.String("action", payload.Action), zap.Any("ips", payload.Ips), zap.String("color", payload.Color))
 	}
 
 	return processingErr

internal/service/aodun.go

@@ -20,9 +20,9 @@ import (
 // AoDunService 定义了与傲盾 API 交互的服务接口
 type AoDunService interface {
 	DomainWhiteList(ctx context.Context, domain string, ip string, apiType string) error
-	AddWhiteStaticList(ctx context.Context, isSmall bool, req []v1.IpInfo) error
-	DelWhiteStaticList(ctx context.Context, isSmall bool, id string) error
-	GetWhiteStaticList(ctx context.Context, isSmall bool, ip string) (int, error)
+	AddWhiteStaticList(ctx context.Context, isSmall bool, req []v1.IpInfo, color string) error
+	DelWhiteStaticList(ctx context.Context, isSmall bool, id string, color string) error
+	GetWhiteStaticList(ctx context.Context, isSmall bool, ip string, color string) (int, error)
 }
 
 // aoDunService 是 AoDunService 接口的实现
@@ -168,10 +168,10 @@ func (s *aoDunService) GetToken(ctx context.Context, isSmall bool) (string, stri
 }
 
 // AddWhiteStaticList 添加 IP 到静态白名单
-func (s *aoDunService) AddWhiteStaticList(ctx context.Context, isSmall bool, req []v1.IpInfo) error {
+func (s *aoDunService) AddWhiteStaticList(ctx context.Context, isSmall bool, req []v1.IpInfo,color string) error {
 	formData := map[string]interface{}{
 		"action":         "add",
-		"bwflag":         "white",
+		"bwflag":         color,
 		"insert_bw_list": req,
 	}
 
@@ -186,17 +186,17 @@ func (s *aoDunService) AddWhiteStaticList(ctx context.Context, isSmall bool, req
 			s.logger.Info(res.Msg, zap.String("isSmall", strconv.FormatBool(isSmall)))
 			return nil
 		}
-		return fmt.Errorf("API 错误 (isSmall: %t): code %d, msg '%s'", isSmall, res.Code, res.Msg)
+		return fmt.Errorf("API 错误 (isSmall: %t): color %s,code %d, msg '%s'", isSmall, color, res.Code, res.Msg)
 	}
 
 	return nil
 }
 
 // GetWhiteStaticList 查询白名单 IP 并返回其 ID
-func (s *aoDunService) GetWhiteStaticList(ctx context.Context, isSmall bool, ip string) (int, error) {
+func (s *aoDunService) GetWhiteStaticList(ctx context.Context, isSmall bool, ip string, color string) (int, error) {
 	formData := map[string]interface{}{
 		"action": "get",
-		"bwflag": "white",
+		"bwflag": color,
 		"page":   1,
 		"ip":    ip,
 	}
@@ -208,20 +208,20 @@ func (s *aoDunService) GetWhiteStaticList(ctx context.Context, isSmall bool, ip
 	}
 
 	if res.Code != 0 {
-		return 0, fmt.Errorf("API 错误 (isSmall: %t): code %d, msg '%s'", isSmall, res.Code, res.Msg)
+		return 0, fmt.Errorf("API 错误 (isSmall: %t): color %s,code %d, msg '%s'", isSmall, color, res.Code, res.Msg)
 	}
 	if len(res.Data) == 0 {
-		return 0, fmt.Errorf("未找到 IP '%s' 相关的白名单记录 (isSmall: %t)", ip, isSmall)
+		return 0, fmt.Errorf("未找到 IP '%s' 相关的 '%s'名单记录 (isSmall: %t)", ip, color, isSmall)
 	}
 
 	return res.Data[0].ID, nil
 }
 
 // DelWhiteStaticList 根据 ID 从白名单中删除 IP
-func (s *aoDunService) DelWhiteStaticList(ctx context.Context, isSmall bool, id string) error {
+func (s *aoDunService) DelWhiteStaticList(ctx context.Context, isSmall bool, id string, color string) error {
 	formData := map[string]interface{}{
 		"action": "del",
-		"bwflag": "white",
+		"bwflag": color,
 		"flag":   0,
 		"ids":    id,
 	}
@@ -233,7 +233,7 @@ func (s *aoDunService) DelWhiteStaticList(ctx context.Context, isSmall bool, id
 	}
 
 	if res.Code != 0 {
-		return fmt.Errorf("API 错误 (isSmall: %t): code %d, msg '%s'", isSmall, res.Code, res.Msg)
+		return fmt.Errorf("API 错误 (isSmall: %t): color %s,code %d, msg '%s'", isSmall, color, res.Code, res.Msg)
 	}
 	return nil
 }

internal/service/tcpforwarding.go

@@ -224,8 +224,10 @@ func (s *tcpforwardingService) AddTcpForwarding(ctx context.Context, req *v1.Tcp
 			}
 			ips = append(ips, ip)
 		}
-		go s.wafformatter.PublishIpWhitelistTask(ips, "add","")
+		go s.wafformatter.PublishIpWhitelistTask(ips, "add","","white")
 	}
+
+	//白名单
 	var accessRuleIps []string
 	if req.TcpForwardingData.AllowIpList != nil {
 		for _, v := range require.GatewayIps {
@@ -234,10 +236,22 @@ func (s *tcpforwardingService) AddTcpForwarding(ctx context.Context, req *v1.Tcp
 					accessRuleIps = append(accessRuleIps, ip)
 				}
 			}
-			go s.wafformatter.PublishIpWhitelistTask(accessRuleIps, "add",v)
+			go s.wafformatter.PublishIpWhitelistTask(accessRuleIps, "add",v,"white")
 		}
 
 	}
+	//黑名单
+	var denyRuleIps []string
+	if req.TcpForwardingData.DenyIpList != nil {
+		for _, v := range require.GatewayIps {
+			for _, ip := range req.TcpForwardingData.DenyIpList {
+				if net.ParseIP(ip) != nil{
+					denyRuleIps = append(denyRuleIps, ip)
+				}
+			}
+			go s.wafformatter.PublishIpWhitelistTask(denyRuleIps, "add",v,"black")
+		}
+	}
 	return  nil
 }
 
@@ -276,28 +290,42 @@ func (s *tcpforwardingService) EditTcpForwarding(ctx context.Context, req *v1.Tc
 	if err != nil {
 		return err
 	}
-	addedIps, removedIps, addedAllowIps, removedAllowIps, err := s.wafformatter.WashEditWafIp(ctx,req.TcpForwardingData.BackendList,req.TcpForwardingData.AllowIpList,ipData.BackendList,ipData.AllowIpList)
+	addedIps, removedIps, addedAllowIps, removedAllowIps, addedDenyIps, removedDenyIps, err := s.wafformatter.WashEditWafIp(ctx,req.TcpForwardingData.BackendList,req.TcpForwardingData.AllowIpList,req.TcpForwardingData.DenyIpList,ipData.BackendList,ipData.AllowIpList,ipData.DenyIpList)
 	if err != nil {
 		return err
 	}
 	if len(addedIps) > 0 {
-		go s.wafformatter.PublishIpWhitelistTask(addedIps, "add","")
+		go s.wafformatter.PublishIpWhitelistTask(addedIps, "add","","white")
 	}
 	if len(removedIps) > 0 {
-		go s.wafformatter.PublishIpWhitelistTask(removedIps, "del","")
+		go s.wafformatter.PublishIpWhitelistTask(removedIps, "del","","white")
 	}
 
 	if len(addedAllowIps) > 0 {
 		for _, v := range require.GatewayIps {
-			go s.wafformatter.PublishIpWhitelistTask(addedAllowIps, "add",v)
+			go s.wafformatter.PublishIpWhitelistTask(addedAllowIps, "add",v,"white")
 		}
 	}
 	if len(removedAllowIps) > 0 {
 		for _, v := range require.GatewayIps {
-			go s.wafformatter.PublishIpWhitelistTask(removedAllowIps, "del",v)
+			go s.wafformatter.PublishIpWhitelistTask(removedAllowIps, "del",v,"white")
+		}
+	}
+
+	if len(addedDenyIps) > 0 {
+		for _, v := range require.GatewayIps {
+			go s.wafformatter.PublishIpWhitelistTask(addedDenyIps, "add",v,"black")
+		}
+	}
+	if len(removedDenyIps) > 0 {
+		for _, v := range require.GatewayIps {
+			go s.wafformatter.PublishIpWhitelistTask(removedDenyIps, "del",v,"black")
 		}
 	}
 
+
+
+
 	//修改源站
 	addOrigins, delOrigins := s.wafformatter.findIpDifferences(ipData.BackendList, req.TcpForwardingData.BackendList)
 	addedIds := make(map[string]int64)
@@ -368,7 +396,11 @@ func (s *tcpforwardingService) DeleteTcpForwarding(ctx context.Context, req v1.D
 			return err
 		}
 		if len(ips) > 0 {
-			go s.wafformatter.PublishIpWhitelistTask(ips, "del","")
+			go s.wafformatter.PublishIpWhitelistTask(ips, "del","","white")
+		}
+		// 删除黑名单
+		if len(ipData.DenyIpList) > 0 {
+			go s.wafformatter.PublishIpWhitelistTask(ips, "del","","black")
 		}
 
 

internal/service/udpforwarding.go

@@ -223,7 +223,7 @@ func (s *udpForWardingService) AddUdpForwarding(ctx context.Context, req *v1.Udp
 			}
 			ips = append(ips, ip)
 		}
-		go s.wafformatter.PublishIpWhitelistTask(ips, "add","")
+		go s.wafformatter.PublishIpWhitelistTask(ips, "add","","white")
 	}
 	var accessRuleIps []string
 	if req.UdpForwardingData.AllowIpList != nil {
@@ -233,7 +233,19 @@ func (s *udpForWardingService) AddUdpForwarding(ctx context.Context, req *v1.Udp
 					accessRuleIps = append(accessRuleIps, ip)
 				}
 			}
-			go s.wafformatter.PublishIpWhitelistTask(accessRuleIps, "add",v)
+			go s.wafformatter.PublishIpWhitelistTask(accessRuleIps, "add",v,"white")
+		}
+	}
+
+	var denyRuleIps []string
+	if req.UdpForwardingData.DenyIpList != nil {
+		for _, v := range require.GatewayIps {
+			for _, ip := range req.UdpForwardingData.DenyIpList {
+				if net.ParseIP(ip) != nil {
+					denyRuleIps = append(denyRuleIps, ip)
+				}
+			}
+			go s.wafformatter.PublishIpWhitelistTask(denyRuleIps, "add",v,"black")
 		}
 	}
 
@@ -276,28 +288,39 @@ func (s *udpForWardingService) EditUdpForwarding(ctx context.Context, req *v1.Ud
 	if err != nil {
 		return err
 	}
-	addedIps, removedIps, addedAllowIps, removedAllowIps, err := s.wafformatter.WashEditWafIp(ctx,req.UdpForwardingData.BackendList,req.UdpForwardingData.AllowIpList,ipData.BackendList,ipData.AllowIpList)
+	addedIps, removedIps, addedAllowIps, removedAllowIps,addedDenyIps, removedDenyIps, err := s.wafformatter.WashEditWafIp(ctx,req.UdpForwardingData.BackendList,req.UdpForwardingData.AllowIpList,req.UdpForwardingData.DenyIpList,ipData.BackendList,ipData.AllowIpList,ipData.DenyIpList)
 	if err != nil {
 		return err
 	}
 	if len(addedIps) > 0 {
-		go s.wafformatter.PublishIpWhitelistTask(addedIps, "add","")
+		go s.wafformatter.PublishIpWhitelistTask(addedIps, "add","","white")
 	}
 	if len(removedIps) > 0 {
-		go s.wafformatter.PublishIpWhitelistTask(removedIps, "del","")
+		go s.wafformatter.PublishIpWhitelistTask(removedIps, "del","","white")
 	}
-
+	//白名单
 	if len(addedAllowIps) > 0 {
 		for _, v := range require.GatewayIps {
-			go s.wafformatter.PublishIpWhitelistTask(addedAllowIps, "add",v)
+			go s.wafformatter.PublishIpWhitelistTask(addedAllowIps, "add",v,"white")
 		}
 	}
 	if len(removedAllowIps) > 0 {
 		for _, v := range require.GatewayIps {
-			go s.wafformatter.PublishIpWhitelistTask(removedAllowIps, "del",v)
+			go s.wafformatter.PublishIpWhitelistTask(removedAllowIps, "del",v,"white")
 		}
 
 	}
+	//黑名单
+	if len(addedDenyIps) > 0 {
+		for _, v := range require.GatewayIps {
+			go s.wafformatter.PublishIpWhitelistTask(addedDenyIps, "add",v,"black")
+		}
+	}
+	if len(removedDenyIps) > 0 {
+		for _, v := range require.GatewayIps {
+			go s.wafformatter.PublishIpWhitelistTask(removedDenyIps, "del",v,"black")
+		}
+	}
 
 
 	//修改源站
@@ -371,7 +394,11 @@ func (s *udpForWardingService) DeleteUdpForwarding(ctx context.Context, Ids []in
 			return err
 		}
 		if len(ips) > 0 {
-			go s.wafformatter.PublishIpWhitelistTask(ips, "del","")
+			go s.wafformatter.PublishIpWhitelistTask(ips, "del","","white")
+		}
+		// 删除黑名单
+		if len(ipData.DenyIpList) > 0 {
+			go s.wafformatter.PublishIpWhitelistTask(ips, "del","","black")
 		}
 
 

internal/service/wafformatter.go

@@ -23,11 +23,11 @@ type WafFormatterService interface {
 	ConvertToWildcardDomain(ctx context.Context,domain string) (string, error)
 	AppendWafIp(ctx context.Context, req []string,returnSourceIp string) ([]v1.IpInfo, error)
 	WashIps(ctx context.Context, req []string) ([]string, error)
-	PublishIpWhitelistTask(ips []string, action string,returnSourceIp string)
+	PublishIpWhitelistTask(ips []string, action string,returnSourceIp string, color string)
 	PublishDomainWhitelistTask(domain, ip, action string)
 	findIpDifferences(oldIps, newIps []string) ([]string, []string)
 	WashDeleteWafIp(ctx context.Context, backendList []string,allowIpList []string) ([]string, error)
-	WashEditWafIp(ctx context.Context, newBackendList []string,newAllowIpList []string,oldBackendList []string,oldAllowIpList []string) ([]string, []string, []string,  []string, error)
+	WashEditWafIp(ctx context.Context, newBackendList []string,newAllowIpList []string, newDenyIpList []string,oldBackendList []string,oldAllowIpList []string,oldDenyIpList []string) ([]string, []string, []string,  []string, []string,[]string, error)
 	//cdn添加网站
 	AddOrigin(ctx context.Context, req v1.WebJson) (int64, error)
 }
@@ -263,23 +263,25 @@ func (s *wafFormatterService) PublishDomainWhitelistTask(domain, ip, action stri
 }
 
 
-func (s *wafFormatterService) PublishIpWhitelistTask(ips []string, action string, returnSourceIp string) {
+func (s *wafFormatterService) PublishIpWhitelistTask(ips []string, action string, returnSourceIp string,color string) {
 	// Define message payload, including the action
 	type ipTaskPayload struct {
 		Ips     []string `json:"ips"`
 		Action string `json:"action"`
 		ReturnSourceIp string `json:"return_source_ip"`
+		Color string `json:"color"`
 	}
 	payload := ipTaskPayload{
 		Ips:     ips,
 		Action: action,
 		ReturnSourceIp: returnSourceIp,
+		Color: color,
 	}
 
 	// Serialize the message
 	msgBody, err := json.Marshal(payload)
 	if err != nil {
-		s.logger.Error("序列化 IP 白名单任务消息失败", zap.Error(err), zap.Any("IPs", ips), zap.String("action", action))
+		s.logger.Error("序列化 IP 白名单任务消息失败", zap.Error(err), zap.Any("IPs", ips), zap.String("action", action),zap.String("color", color))
 		return
 	}
 
@@ -303,9 +305,9 @@ func (s *wafFormatterService) PublishIpWhitelistTask(ips []string, action string
 	// Publish the message
 	err = s.mq.PublishWithCh(taskCfg.Exchange, routingKey, publishingMsg)
 	if err != nil {
-		s.logger.Error("发布 IP 白名单任务到 MQ 失败", zap.Error(err), zap.String("action", action))
+		s.logger.Error("发布 IP 白名单任务到 MQ 失败", zap.Error(err), zap.String("action", action),zap.String("color", color))
 	} else {
-		s.logger.Info("成功将 IP 白名单任务发布到 MQ", zap.String("action", action))
+		s.logger.Info("成功将 IP 白名单任务发布到 MQ", zap.String("action", action),zap.String("color", color))
 	}
 }
 
@@ -354,15 +356,17 @@ func (s *wafFormatterService) WashDeleteWafIp(ctx context.Context, backendList [
 	return res, nil
 }
 
-func (s *wafFormatterService) WashEditWafIp(ctx context.Context, newBackendList []string,newAllowIpList []string,oldBackendList []string,oldAllowIpList []string) ([]string, []string, []string, []string, error) {
+func (s *wafFormatterService) WashEditWafIp(ctx context.Context, newBackendList []string,newAllowIpList []string, newDenyIpList []string,oldBackendList []string,oldAllowIpList []string,oldDenyIpList []string) ([]string, []string, []string, []string, []string,[]string,error) {
 	var oldIps []string
 	var newIps []string
 	var oldAllowIps []string
 	var newAllowIps []string
+	var oldDenyIps []string
+	var newDenyIps []string
 	for _, v := range oldBackendList {
 		ip, _, err := net.SplitHostPort(v)
 		if err != nil {
-			return nil, nil, nil, nil, err
+			return nil, nil, nil, nil,nil, nil, err
 		}
 		oldIps = append(oldIps, ip)
 	}
@@ -370,7 +374,7 @@ func (s *wafFormatterService) WashEditWafIp(ctx context.Context, newBackendList
 		for _, v := range newBackendList {
 			ip, _, err := net.SplitHostPort(v)
 			if err != nil {
-				return nil, nil, nil, nil, err
+				return nil, nil, nil, nil,nil, nil, err
 			}
 			newIps = append(newIps, ip)
 		}
@@ -385,9 +389,16 @@ func (s *wafFormatterService) WashEditWafIp(ctx context.Context, newBackendList
 	}
 	addedAllowIps, removedAllowIps := s.findIpDifferences(oldAllowIps, newAllowIps)
 
+	if oldDenyIpList != nil {
+		oldDenyIps = append(oldDenyIps, oldDenyIpList...)
+	}
+	if newDenyIpList != nil {
+		newDenyIps = append(newDenyIps, newDenyIpList...)
+	}
+	addedDenyIps, removedDenyIps := s.findIpDifferences(oldDenyIps, newDenyIps)
 
 
-	return addedIps, removedIps ,addedAllowIps, removedAllowIps, nil
+	return addedIps, removedIps ,addedAllowIps, removedAllowIps, addedDenyIps, removedDenyIps, nil
 }
 
 

internal/service/webforwarding.go

@@ -416,7 +416,7 @@ func (s *webForwardingService) AddWebForwarding(ctx context.Context, req *v1.Web
 			}
 			ips = append(ips,ip)
 		}
-		go s.wafformatter.PublishIpWhitelistTask(ips, "add","")
+		go s.wafformatter.PublishIpWhitelistTask(ips, "add","","white")
 	}
 	var accessRuleIps []string
 	if len(req.WebForwardingData.AllowIpList) > 0 {
@@ -426,7 +426,19 @@ func (s *webForwardingService) AddWebForwarding(ctx context.Context, req *v1.Web
 					accessRuleIps = append(accessRuleIps, ip)
 				}
 			}
-			go s.wafformatter.PublishIpWhitelistTask(accessRuleIps, "add",v)
+			go s.wafformatter.PublishIpWhitelistTask(accessRuleIps, "add",v,"white")
+		}
+	}
+	// 黑名单
+	var denyRuleIps []string
+	if len(req.WebForwardingData.DenyIpList) > 0 {
+		for _, v := range require.GatewayIps {
+			for _, ip := range req.WebForwardingData.DenyIpList {
+				if net.ParseIP(ip) != nil{
+					denyRuleIps = append(denyRuleIps, ip)
+				}
+			}
+			go s.wafformatter.PublishIpWhitelistTask(denyRuleIps, "add",v,"black")
 		}
 	}
 
@@ -512,9 +524,7 @@ func (s *webForwardingService) EditWebForwarding(ctx context.Context, req *v1.We
 		return err
 	}
 	var oldIps []string
-	var oldAllowIps []string
 	var newIps []string
-	var newAllowIps []string
 	for _, v := range ipData.BackendList {
 		ip, _, err := net.SplitHostPort(v.Addr)
 		if err != nil {
@@ -532,33 +542,31 @@ func (s *webForwardingService) EditWebForwarding(ctx context.Context, req *v1.We
 	}
 	addedIps, removedIps := s.wafformatter.findIpDifferences(oldIps, newIps)
 	if len(addedIps) > 0 {
-		go s.wafformatter.PublishIpWhitelistTask(addedIps, "add","")
+		go s.wafformatter.PublishIpWhitelistTask(addedIps, "add","","white")
 	}
 	if len(removedIps) > 0 {
-		go s.wafformatter.PublishIpWhitelistTask(removedIps, "del","")
-	}
-	if len(ipData.AllowIpList) > 0 {
-		for _, v := range ipData.AllowIpList {
-			if net.ParseIP(v) != nil{
-				oldAllowIps = append(oldAllowIps, v)
-			}
-		}
+		go s.wafformatter.PublishIpWhitelistTask(removedIps, "del","","white")
 	}
 
-	if len(req.WebForwardingData.AllowIpList) > 0 {
-		for _, v := range req.WebForwardingData.AllowIpList {
-			if net.ParseIP(v) != nil{
-				newAllowIps = append(newAllowIps, v)
-			}
-		}
-	}
-	addedAllowIps, removedAllowIps := s.wafformatter.findIpDifferences(oldAllowIps, newAllowIps)
+	//白名单IP
+	addedAllowIps, removedAllowIps := s.WashDifferentIp(ipData.AllowIpList, req.WebForwardingData.AllowIpList)
 	for _, v := range require.GatewayIps {
 		if len(addedAllowIps) > 0 {
-			go s.wafformatter.PublishIpWhitelistTask(addedAllowIps, "add",v)
+			go s.wafformatter.PublishIpWhitelistTask(addedAllowIps, "add",v,"white")
 		}
 		if len(removedAllowIps) > 0 {
-			go s.wafformatter.PublishIpWhitelistTask(removedAllowIps, "del",v)
+			go s.wafformatter.PublishIpWhitelistTask(removedAllowIps, "del",v,"white")
+		}
+	}
+
+	// 黑名单IP
+	addedDenyIps, removedDenyIps := s.WashDifferentIp(ipData.DenyIpList, req.WebForwardingData.DenyIpList)
+	for _, v := range require.GatewayIps {
+		if len(addedDenyIps) > 0 {
+			go s.wafformatter.PublishIpWhitelistTask(addedDenyIps, "add",v,"black")
+		}
+		if len(removedDenyIps) > 0 {
+			go s.wafformatter.PublishIpWhitelistTask(removedDenyIps, "del",v,"black")
 		}
 	}
 
@@ -667,9 +675,15 @@ func (s *webForwardingService) DeleteWebForwarding(ctx context.Context, Ids []in
 			ips = append(ips, ipData.AllowIpList...)
 		}
 		if len(ips) > 0 {
-			go s.wafformatter.PublishIpWhitelistTask(ips, "del","")
+			go s.wafformatter.PublishIpWhitelistTask(ips, "del","","white")
 		}
 
+		// IP过黑
+		if len(ipData.DenyIpList) > 0 {
+			go s.wafformatter.PublishIpWhitelistTask(ipData.DenyIpList, "del","","black")
+		}
+
+
 
 		if err = s.webForwardingRepository.DeleteWebForwarding(ctx, int64(Id)); err != nil {
 			return err
@@ -821,4 +835,27 @@ func (s *webForwardingService) GetGatewayFirstIp(ctx context.Context, hostId int
 		return  "",fmt.Errorf("网关组IP为空")
 	}
 	return gateWayIps, nil
+}
+
+
+// 清洗IP
+func (s *webForwardingService) WashDifferentIp(newIpList []string, oldIpList []string) (addedDenyIps []string,removedDenyIps []string) {
+	var newAllowIps []string
+	var oldAllowIps []string
+	if len(oldIpList) > 0 {
+		for _, v := range oldIpList {
+			if net.ParseIP(v) != nil{
+				oldAllowIps = append(oldAllowIps, v)
+			}
+		}
+	}
+	if len(newIpList) > 0 {
+		for _, v := range newIpList {
+			if net.ParseIP(v) != nil{
+				newAllowIps = append(newAllowIps, v)
+			}
+		}
+	}
+	addedDenyIps, removedDenyIps = s.wafformatter.findIpDifferences(oldAllowIps, newAllowIps)
+	return addedDenyIps, removedDenyIps
 }