| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194 |
- package waf
- import (
- "context"
- "fmt"
- v1 "github.com/go-nunu/nunu-layout-advanced/api/v1"
- "github.com/go-nunu/nunu-layout-advanced/internal/repository/api/flexCdn"
- "github.com/go-nunu/nunu-layout-advanced/internal/repository/api/waf"
- "github.com/go-nunu/nunu-layout-advanced/internal/service"
- flexCdn2 "github.com/go-nunu/nunu-layout-advanced/internal/service/api/flexCdn"
- )
- type CcIpListService interface {
- GetCcIpList(ctx context.Context, webId int64) ([]v1.CcIpListResponse, error)
- AddCcIpListPolicy(ctx context.Context, serverId int64,serverGroupId int64) error
- AddCcWhiteIp(ctx context.Context, webId int64,ip string,comment string) error
- DelCcWhiteIp(ctx context.Context, webId int64,ips []string) error
- EditCcWhiteIp(ctx context.Context, webId int64,oldIp string,newIp string,comment string) error
- GetServerId(ctx context.Context, webId int64) (int64, error)
- }
- func NewCcIpListService(
- service *service.Service,
- ccIpListRepository flexCdn.CcIpListRepository,
- cdn flexCdn2.CdnService,
- webForwardingRep waf.WebForwardingRepository,
- ) CcIpListService {
- return &ccIpListService{
- Service: service,
- ccIpListRepository: ccIpListRepository,
- cdn: cdn,
- webForwardingRep: webForwardingRep,
- }
- }
- type ccIpListService struct {
- *service.Service
- ccIpListRepository flexCdn.CcIpListRepository
- cdn flexCdn2.CdnService
- webForwardingRep waf.WebForwardingRepository
- }
- func (s *ccIpListService) GetServerId(ctx context.Context, webId int64) (int64, error) {
- webData, err := s.webForwardingRep.GetWebForwarding(ctx, webId)
- if err != nil {
- return 0, err
- }
- return int64(webData.CdnWebId), nil
- }
- func (s *ccIpListService) GetCcIpList(ctx context.Context, webId int64) ([]v1.CcIpListResponse, error) {
- webData, err := s.webForwardingRep.GetWebForwarding(ctx, webId)
- if err != nil {
- return nil, err
- }
- return s.ccIpListRepository.GetCcIpList(ctx, int64(webData.CdnWebId))
- }
- func (s *ccIpListService) AddCcIpListPolicy(ctx context.Context, serverId int64,serverGroupId int64) error {
- httpWebId, err := s.ccIpListRepository.GetHttpWebId(ctx, serverId)
- if err != nil {
- return err
- }
- // 创建用户自定义防火墙策略
- httpFirewallPolicyId, err := s.cdn.AddWafPolicy(ctx, v1.AddWafPolicy{
- IsOn: true,
- ServerId: serverId,
- ServerGroupId: serverGroupId,
- Name: "用户自定义防火墙策略",
- Description: "",
- })
- if err != nil {
- return err
- }
- if httpFirewallPolicyId == 0 {
- return fmt.Errorf("创建用户自定义防火墙策略失败")
- }
- // 修改防火墙
- err = s.cdn.EditHTTPWebFirewal(ctx, httpWebId, v1.Firewall{
- IsOn: true,
- IsPrior: false,
- FirewallPolicyId: httpFirewallPolicyId,
- IgnoreGlobalRules: true,
- DefaultCaptchaType: "none",
- })
- if err != nil {
- return err
- }
- return nil
- }
- // 添加白名单
- func (s *ccIpListService) AddCcWhiteIp(ctx context.Context, webId int64,ip string,comment string) error {
- serverId, err := s.GetServerId(ctx, webId)
- if err != nil {
- return err
- }
- ipListId, err := s.ccIpListRepository.GetIpListId(ctx, serverId,"white")
- if err != nil {
- return err
- }
- count, err := s.ccIpListRepository.GetCcIpCount(ctx,ipListId, ip,"cc")
- if err != nil {
- return err
- }
- if count > 0 {
- return fmt.Errorf("ip已存在")
- }
- err = s.cdn.AddIpItem(ctx,v1.AddIpItem{
- IpListId: ipListId,
- Value: ip,
- Reason: comment,
- EventLevel: "notice",
- SourceCategory: "cc",
- })
- if err != nil {
- return err
- }
- return nil
- }
- func (s *ccIpListService) EditCcWhiteIp(ctx context.Context, webId int64,oldIp string,newIp string,comment string) error {
- serverId, err := s.GetServerId(ctx, webId)
- if err != nil {
- return err
- }
- ipListId, err := s.ccIpListRepository.GetIpListId(ctx, serverId,"white")
- if err != nil {
- return err
- }
- count, err := s.ccIpListRepository.GetCcIpCount(ctx,ipListId, newIp,"cc")
- if err != nil {
- return err
- }
- if count > 0 {
- return fmt.Errorf("ip已存在")
- }
- ipItemId, err := s.ccIpListRepository.GetIpId(ctx, ipListId,oldIp,"cc")
- if err != nil {
- return err
- }
- err = s.cdn.EditIpItem(ctx,v1.AddIpItem{
- IpItemId: ipItemId,
- Value: newIp,
- Reason: comment,
- EventLevel: "notice",
- SourceCategory: "cc",
- })
- if err != nil {
- return err
- }
- return nil
- }
- func (s *ccIpListService) DelCcWhiteIp(ctx context.Context, webId int64,ips []string) error {
- serverId, err := s.GetServerId(ctx, webId)
- if err != nil {
- return err
- }
- for _,ip := range ips {
- ipListId, err := s.ccIpListRepository.GetIpListId(ctx, serverId,"white")
- if err != nil {
- return err
- }
- ipItemId, err := s.ccIpListRepository.GetIpId(ctx, ipListId,ip,"cc")
- if err != nil {
- return err
- }
- err = s.cdn.DelIpItem(ctx,ipItemId,ip,"", "", ipListId)
- if err != nil {
- return err
- }
- }
- return nil
- }
|
