package waf import ( "context" "fmt" v1 "github.com/go-nunu/nunu-layout-advanced/api/v1" "github.com/go-nunu/nunu-layout-advanced/internal/model" "github.com/go-nunu/nunu-layout-advanced/internal/repository/api/waf" "github.com/go-nunu/nunu-layout-advanced/internal/service" "github.com/go-nunu/nunu-layout-advanced/internal/service/api/flexCdn" "github.com/go-nunu/nunu-layout-advanced/pkg/rabbitmq" "golang.org/x/sync/errgroup" "sort" ) type WebForwardingService interface { GetWebForwarding(ctx context.Context, req v1.GetForwardingRequest) (v1.WebForwardingDataRequest, error) GetWebForwardingWafWebAllIps(ctx context.Context, req v1.GetForwardingRequest) ([]v1.WebForwardingDataRequest, error) AddWebForwarding(ctx context.Context, req *v1.WebForwardingRequest) (int, error) EditWebForwarding(ctx context.Context, req *v1.WebForwardingRequest) error DeleteWebForwarding(ctx context.Context, req v1.DeleteWebForwardingRequest) error } func NewWebForwardingService( service *service.Service, required service.RequiredService, webForwardingRepository waf.WebForwardingRepository, crawler service.CrawlerService, parser service.ParserService, wafformatter WafFormatterService, aoDun service.AoDunService, mq *rabbitmq.RabbitMQ, gatewayIp GatewayipService, globalLimitRep waf.GlobalLimitRepository, cdn flexCdn.CdnService, proxy flexCdn.ProxyService, sslCert flexCdn.SslCertService, websocket flexCdn.WebsocketService, cc CcService, ccIpList CcIpListService, aidedWeb AidedWebService, ) WebForwardingService { return &webForwardingService{ Service: service, webForwardingRepository: webForwardingRepository, required: required, parser: parser, crawler: crawler, wafformatter: wafformatter, aoDun: aoDun, mq: mq, gatewayIp: gatewayIp, cdn: cdn, globalLimitRep: globalLimitRep, proxy: proxy, sslCert: sslCert, websocket: websocket, cc: cc, ccIpList: ccIpList, aidedWeb: aidedWeb, } } type webForwardingService struct { *service.Service webForwardingRepository waf.WebForwardingRepository required service.RequiredService parser service.ParserService crawler service.CrawlerService wafformatter WafFormatterService aoDun service.AoDunService mq *rabbitmq.RabbitMQ gatewayIp GatewayipService cdn flexCdn.CdnService globalLimitRep waf.GlobalLimitRepository proxy flexCdn.ProxyService sslCert flexCdn.SslCertService websocket flexCdn.WebsocketService cc CcService ccIpList CcIpListService aidedWeb AidedWebService } func (s *webForwardingService) GetWebForwarding(ctx context.Context, req v1.GetForwardingRequest) (v1.WebForwardingDataRequest, error) { var webForwarding model.WebForwarding var backend model.WebForwardingRule g, gCtx := errgroup.WithContext(ctx) g.Go(func() error { res, e := s.webForwardingRepository.GetWebForwarding(gCtx, int64(req.Id)) if e != nil { // 直接返回错误,errgroup 会捕获它 return fmt.Errorf("GetWebForwarding failed: %w", e) } if res != nil { webForwarding = *res } return nil }) g.Go(func() error { res, e := s.webForwardingRepository.GetWebForwardingIpsByID(ctx, req.Id) if e != nil { return fmt.Errorf("GetWebForwardingByID failed: %w", e) } if res != nil { backend = *res } return nil }) if err := g.Wait(); err != nil { return v1.WebForwardingDataRequest{}, err } return v1.WebForwardingDataRequest{ Id: webForwarding.Id, Port: webForwarding.Port, Domain: webForwarding.Domain, IsHttps: webForwarding.IsHttps, Comment: webForwarding.Comment, BackendList: backend.BackendList, HttpsKey: webForwarding.HttpsKey, HttpsCert: webForwarding.HttpsCert, Proxy: webForwarding.Proxy, CcConfig: v1.CcConfigRequest{ IsOn: webForwarding.Cc, ThresholdMethod: webForwarding.ThresholdMethod, Level: webForwarding.Level, Limit5s: webForwarding.Limit5s, Limit60s: webForwarding.Limit60s, Limit300s: webForwarding.Limit300s, }, }, nil } // AddWebForwarding 添加Web转发配置 // 该函数负责创建完整的Web转发配置,包括: // 1. 数据验证和预处理 // 2. SSL证书管理 // 3. CDN网站创建和配置 // 4. 源站服务器添加 // 5. 各种功能开启(WebSocket、Proxy、日志、CC防护等) // 6. 数据库记录保存 // 7. 白名单任务发布 func (s *webForwardingService) AddWebForwarding(ctx context.Context, req *v1.WebForwardingRequest) (int, error) { // 1. 数据准备和验证 require, formData, err := s.aidedWeb.PrepareWafData(ctx, req) if err != nil { return 0, err } if err := s.aidedWeb.ValidateAddRequest(ctx, req, require); err != nil { return 0, err } // 2. 处理SSL证书 if err := s.aidedWeb.ProcessSSLCertificate(ctx, req, require, formData); err != nil { return 0, err } // 3. 创建CDN网站 webId, err := s.aidedWeb.CreateCdnWebsite(ctx, req, require, formData) if err != nil { return 0, err } // 4. 配置WebSocket if err := s.aidedWeb.ConfigureWebsocket(ctx, webId); err != nil { return 0, err } // 5. 添加源站到网站 cdnOriginIds, err := s.aidedWeb.AddOriginsToWebsite(ctx, req, webId) if err != nil { return 0, err } // 6. 配置各种功能 if err := s.aidedWeb.ConfigureProxyProtocol(ctx, req, webId); err != nil { return 0, err } if err := s.aidedWeb.EditLog(ctx, webId); err != nil { return 0, err } if err := s.aidedWeb.ConfigureCCProtection(ctx, req, webId); err != nil { return 0, err } if err := s.aidedWeb.ConfigureWafFirewall(ctx, webId, require.GroupId); err != nil { return 0, err } // 7. 保存到数据库 id, err := s.aidedWeb.SaveToDatabase(ctx, req, require, webId, cdnOriginIds) if err != nil { return 0, err } // 8. 处理异步任务 s.aidedWeb.ProcessAsyncTasks(ctx, req, require) return id, nil } func (s *webForwardingService) EditWebForwarding(ctx context.Context, req *v1.WebForwardingRequest) error { // 1. 获取原始数据 oldData, err := s.webForwardingRepository.GetWebForwarding(ctx, int64(req.WebForwardingData.Id)) if err != nil { return fmt.Errorf("获取原始Web转发数据失败: %w", err) } // 继承旧的证书ID和策略ID,以便后续逻辑处理 req.WebForwardingData.SslCertId = int64(oldData.SslCertId) req.WebForwardingData.SslPolicyId = int64(oldData.SslPolicyId) // 2. 准备WAF数据和基础验证 require, formData, err := s.aidedWeb.PrepareWafData(ctx, req) if err != nil { return err } if err := s.aidedWeb.ValidateEditRequest(ctx, req, require, oldData); err != nil { return err } // 3. 处理SSL证书更新 if err := s.aidedWeb.ProcessSSLCertificateUpdate(ctx, req, oldData, require); err != nil { return err } // 4. 更新核心CDN配置(端口、协议、域名、备注等) if err := s.aidedWeb.UpdateCdnConfiguration(ctx, req, oldData, require, formData); err != nil { return err } // 5. 更新Proxy Protocol配置 if oldData.Proxy != req.WebForwardingData.Proxy { if err := s.aidedWeb.ConfigureProxyProtocol(ctx, req, int64(oldData.CdnWebId)); err != nil { return err } } // 6. 更新CC防护配置 if err := s.aidedWeb.ConfigureCCProtection(ctx, req, int64(oldData.CdnWebId)); err != nil { return err } // 7. 处理域名白名单变更 if err := s.aidedWeb.ProcessDomainWhitelistChanges(ctx, req, oldData, require); err != nil { return err } // 8. 获取后端IP规则数据 ipData, err := s.webForwardingRepository.GetWebForwardingIpsByID(ctx, req.WebForwardingData.Id) if err != nil { return fmt.Errorf("获取Web转发IP规则失败: %w", err) } // 9. 处理源站IP白名单变更 if err := s.aidedWeb.ProcessIpWhitelistChanges(ctx, req, ipData); err != nil { return err } // 10. 更新CDN上的源站服务器 if err := s.aidedWeb.UpdateOriginServers(ctx, req, oldData, ipData); err != nil { return err } // 11. 更新本地数据库记录 if err := s.aidedWeb.UpdateDatabaseRecords(ctx, req, oldData, require, ipData); err != nil { return err } return nil } // DeleteWebForwarding 批量删除Web转发配置 // 该函数遍历ID列表,对每个ID执行完整的、独立的删除流程 func (s *webForwardingService) DeleteWebForwarding(ctx context.Context, req v1.DeleteWebForwardingRequest) error { for _, id := range req.Ids { if err := s.deleteSingleWebForwarding(ctx, id, req.HostId, req.Uid); err != nil { // 增加错误上下文,方便定位问题 return fmt.Errorf("删除Web转发配置失败 ID:%d, %w", id, err) } } return nil } // deleteSingleWebForwarding 删除单个Web转发配置的完整流程 func (s *webForwardingService) deleteSingleWebForwarding(ctx context.Context, id int, hostId int, uid int) error { // 1. 获取并验证数据 oldData, err := s.webForwardingRepository.GetWebForwarding(ctx, int64(id)) if err != nil { return fmt.Errorf("获取Web转发数据失败: %w", err) } if err := s.aidedWeb.ValidateDeletePermission(oldData, hostId); err != nil { return err } // 2. 删除CDN服务器 if err := s.aidedWeb.DeleteCdnServer(ctx, oldData.CdnWebId); err != nil { return err } // 3. 处理域名白名单清理 if err := s.aidedWeb.ProcessDeleteDomainWhitelist(ctx, oldData, uid); err != nil { return err } // 4. 处理IP白名单清理 if err := s.aidedWeb.ProcessDeleteIpWhitelist(ctx, id); err != nil { return err } // 5. 清理SSL证书 if err := s.aidedWeb.CleanupSSLCertificate(ctx, oldData); err != nil { return err } // 6. 清理数据库记录 if err := s.aidedWeb.CleanupDatabaseRecords(ctx, id); err != nil { return err } return nil } func (s *webForwardingService) GetWebForwardingWafWebAllIps(ctx context.Context, req v1.GetForwardingRequest) ([]v1.WebForwardingDataRequest, error) { type CombinedResult struct { Id int Forwarding *model.WebForwarding BackendRule *model.WebForwardingRule Err error // 如果此ID的处理出错,则携带错误 } g, gCtx := errgroup.WithContext(ctx) ids, err := s.webForwardingRepository.GetWebForwardingWafWebAllIds(gCtx, req.HostId) if err != nil { return nil, fmt.Errorf("GetWebForwardingWafWebAllIds failed: %w", err) } if len(ids) == 0 { return nil, nil // 没有ID,直接返回空切片 } // 创建一个通道来接收每个ID的处理结果 // 通道缓冲区大小设为ID数量,这样发送者不会因为接收者慢而阻塞(在所有goroutine都启动后) resultsChan := make(chan CombinedResult, len(ids)) for _, idVal := range ids { currentID := idVal // 捕获循环变量 g.Go(func() error { var wf *model.WebForwarding var bk *model.WebForwardingRule var localErr error // 1. 获取 WebForwarding 信息 wf, localErr = s.webForwardingRepository.GetWebForwarding(gCtx, int64(currentID)) if localErr != nil { // 发送错误到通道,并由 errgroup 捕获 // errgroup 会处理第一个非nil错误,并取消其他 goroutine resultsChan <- CombinedResult{Id: currentID, Err: fmt.Errorf("GetWebForwarding for id %d failed: %w", currentID, localErr)} return localErr // 返回错误给 errgroup } if wf == nil { // 正常情况下,如果没错误,wf不应为nil,但防御性检查 localErr = fmt.Errorf("GetWebForwarding for id %d returned nil data without error", currentID) resultsChan <- CombinedResult{Id: currentID, Err: localErr} return localErr } // 2. 获取 Backend IP 信息 // 注意:这里我们允许 GetWebForwardingIpsByID 可能返回 nil 数据(例如没有规则)而不是错误 // 如果它也可能返回错误,则处理方式与上面类似 bk, localErr = s.webForwardingRepository.GetWebForwardingIpsByID(gCtx, currentID) if localErr != nil { // 如果获取IP信息失败是一个致命错误,则也应返回错误 // 如果允许部分成功(比如有WebForwarding但没有IP信息),则可以不将此视为errgroup的错误 // 这里假设它也是一个需要errgroup捕获的错误 resultsChan <- CombinedResult{Id: currentID, Forwarding: wf, Err: fmt.Errorf("GetWebForwardingIpsByID for id %d failed: %w", currentID, localErr)} return localErr // 返回错误给 errgroup } // bk 可能是 nil 如果没有错误且没有规则,这取决于业务逻辑 // 发送成功的结果到通道 resultsChan <- CombinedResult{Id: currentID, Forwarding: wf, BackendRule: bk} return nil // 此goroutine成功 }) } // 等待所有goroutine完成 groupErr := g.Wait() // 关闭通道,表示所有发送者都已完成 // 这一步很重要,这样下面的 range 循环才能正常结束 close(resultsChan) // 如果 errgroup 捕获到任何错误,优先返回该错误 if groupErr != nil { // 虽然errgroup已经出错了,但通道中可能已经有一些结果(来自出错前成功或出错的goroutine) // 我们需要排空通道以避免goroutine泄漏(如果它们在发送时阻塞) // 但由于我们优先返回groupErr,这些结果将被丢弃。 // 在这种设计下,通常任何一个子任务失败都会导致整个操作失败。 return nil, groupErr } // 如果没有错误,收集所有成功的结果 finalResults := make([]v1.WebForwardingDataRequest, 0, len(ids)) for res := range resultsChan { // 再次检查通道中的错误,尽管 errgroup 应该已经捕获了 // 但这是一种更细致的错误处理,以防万一有goroutine在errgroup.Wait()前发送了错误但未被errgroup捕获 // (理论上,如果goroutine返回了错误,errgroup会处理) // 主要目的是处理 res.forwarding 为 nil 的情况 (如果上面允许不返回错误) if res.Err != nil { // 如果到这里还有错误,说明逻辑可能有问题,或者我们决定忽略某些类型的子错误 // 在此示例中,因为 g.Wait() 没有错误,所以这里的 res.err 应该是nil // 如果不是,那么可能是goroutine在return nil前发送了带有错误的res。 // 严格来说,如果errgroup没有错误,这里res.err也应该是nil // 但以防万一,我们可以记录日志 return nil, fmt.Errorf("received error from goroutine for ID %d: %w", res.Id, res.Err) } if res.Forwarding == nil { return nil, fmt.Errorf("received nil forwarding from goroutine for ID %d", res.Id) } dataReq := v1.WebForwardingDataRequest{ Id: res.Forwarding.Id, Port: res.Forwarding.Port, Domain: res.Forwarding.Domain, IsHttps: res.Forwarding.IsHttps, Comment: res.Forwarding.Comment, HttpsKey: res.Forwarding.HttpsKey, HttpsCert: res.Forwarding.HttpsCert, Proxy: res.Forwarding.Proxy, CcConfig: v1.CcConfigRequest{ IsOn: res.Forwarding.Cc, ThresholdMethod: res.Forwarding.ThresholdMethod, Level: res.Forwarding.Level, Limit5s: res.Forwarding.Limit5s, Limit60s: res.Forwarding.Limit60s, Limit300s: res.Forwarding.Limit300s, }, } if res.BackendRule != nil { // 只有当 BackendRule 存在时才填充相关字段 dataReq.BackendList = res.BackendRule.BackendList } finalResults = append(finalResults, dataReq) } sort.Slice(finalResults, func(i, j int) bool { return finalResults[i].Id > finalResults[j].Id }) return finalResults, nil }