webforwarding.go 31 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051
  1. package service
  2. import (
  3. "context"
  4. "encoding/json"
  5. "fmt"
  6. v1 "github.com/go-nunu/nunu-layout-advanced/api/v1"
  7. "github.com/go-nunu/nunu-layout-advanced/internal/model"
  8. "github.com/go-nunu/nunu-layout-advanced/internal/repository"
  9. "github.com/go-nunu/nunu-layout-advanced/pkg/rabbitmq"
  10. "golang.org/x/sync/errgroup"
  11. "maps"
  12. "net"
  13. "sort"
  14. )
  15. type WebForwardingService interface {
  16. GetWebForwarding(ctx context.Context, req v1.GetForwardingRequest) (v1.WebForwardingDataRequest, error)
  17. GetWebForwardingWafWebAllIps(ctx context.Context, req v1.GetForwardingRequest) ([]v1.WebForwardingDataRequest, error)
  18. AddWebForwarding(ctx context.Context, req *v1.WebForwardingRequest) error
  19. EditWebForwarding(ctx context.Context, req *v1.WebForwardingRequest) error
  20. DeleteWebForwarding(ctx context.Context, Ids []int) error
  21. }
  22. func NewWebForwardingService(
  23. service *Service,
  24. required RequiredService,
  25. webForwardingRepository repository.WebForwardingRepository,
  26. crawler CrawlerService,
  27. parser ParserService,
  28. wafformatter WafFormatterService,
  29. aoDun AoDunService,
  30. mq *rabbitmq.RabbitMQ,
  31. gatewayGroupIpRep repository.GateWayGroupIpRepository,
  32. gatewayGroupRep repository.GatewayGroupRepository,
  33. globalLimitRep repository.GlobalLimitRepository,
  34. cdn CdnService,
  35. proxy ProxyService,
  36. ) WebForwardingService {
  37. return &webForwardingService{
  38. Service: service,
  39. webForwardingRepository: webForwardingRepository,
  40. required: required,
  41. parser: parser,
  42. crawler: crawler,
  43. wafformatter: wafformatter,
  44. aoDun: aoDun,
  45. mq: mq,
  46. gatewayGroupIpRep: gatewayGroupIpRep,
  47. gatewayGroupRep: gatewayGroupRep,
  48. cdn: cdn,
  49. globalLimitRep: globalLimitRep,
  50. proxy: proxy,
  51. }
  52. }
  53. const (
  54. isHttps = 1
  55. protocolHttps = "https"
  56. protocolHttp = "http"
  57. defaultNodeClusterId = 1
  58. )
  59. type webForwardingService struct {
  60. *Service
  61. webForwardingRepository repository.WebForwardingRepository
  62. required RequiredService
  63. parser ParserService
  64. crawler CrawlerService
  65. wafformatter WafFormatterService
  66. aoDun AoDunService
  67. mq *rabbitmq.RabbitMQ
  68. gatewayGroupIpRep repository.GateWayGroupIpRepository
  69. gatewayGroupRep repository.GatewayGroupRepository
  70. cdn CdnService
  71. globalLimitRep repository.GlobalLimitRepository
  72. proxy ProxyService
  73. }
  74. func (s *webForwardingService) require(ctx context.Context, req v1.GlobalRequire) (v1.GlobalRequire, error) {
  75. var err error
  76. var res v1.GlobalRequire
  77. g, gCtx := errgroup.WithContext(ctx)
  78. //g.Go(func() error {
  79. // result, e := s.wafformatter.require(gCtx, req, "web")
  80. // if e != nil {
  81. // return e
  82. // }
  83. // res = result
  84. // return nil
  85. //})
  86. g.Go(func() error {
  87. e := s.wafformatter.validateWafDomainCount(gCtx, req)
  88. if e != nil {
  89. return e
  90. }
  91. return nil
  92. })
  93. if err = g.Wait(); err != nil {
  94. return v1.GlobalRequire{}, err
  95. }
  96. return res, nil
  97. }
  98. func (s *webForwardingService) GetWebForwarding(ctx context.Context, req v1.GetForwardingRequest) (v1.WebForwardingDataRequest, error) {
  99. var webForwarding model.WebForwarding
  100. var backend model.WebForwardingRule
  101. g, gCtx := errgroup.WithContext(ctx)
  102. g.Go(func() error {
  103. res, e := s.webForwardingRepository.GetWebForwarding(gCtx, int64(req.Id))
  104. if e != nil {
  105. // 直接返回错误,errgroup 会捕获它
  106. return fmt.Errorf("GetWebForwarding failed: %w", e)
  107. }
  108. if res != nil {
  109. webForwarding = *res
  110. }
  111. return nil
  112. })
  113. g.Go(func() error {
  114. res, e := s.webForwardingRepository.GetWebForwardingIpsByID(ctx, req.Id)
  115. if e != nil {
  116. return fmt.Errorf("GetWebForwardingByID failed: %w", e)
  117. }
  118. if res != nil {
  119. backend = *res
  120. }
  121. return nil
  122. })
  123. if err := g.Wait(); err != nil {
  124. return v1.WebForwardingDataRequest{}, err
  125. }
  126. return v1.WebForwardingDataRequest{
  127. Id: webForwarding.Id,
  128. Port: webForwarding.Port,
  129. Domain: webForwarding.Domain,
  130. IsHttps: webForwarding.IsHttps,
  131. Comment: webForwarding.Comment,
  132. BackendList: backend.BackendList,
  133. HttpsKey: webForwarding.HttpsKey,
  134. HttpsCert: webForwarding.HttpsCert,
  135. Proxy: webForwarding.Proxy,
  136. CcConfig: v1.CcConfigRequest{
  137. IsOn: webForwarding.Cc,
  138. ThresholdMethod: webForwarding.ThresholdMethod,
  139. Level: webForwarding.Level,
  140. Limit5s: webForwarding.Limit5s,
  141. Limit60s: webForwarding.Limit60s,
  142. Limit300s: webForwarding.Limit300s,
  143. },
  144. }, nil
  145. }
  146. // buildWebForwardingModel 辅助函数,用于构建通用的 WebForwarding 模型
  147. // ruleId 是从 WAF 系统获取的 ID
  148. func (s *webForwardingService) buildWebForwardingModel(req *v1.WebForwardingDataRequest, ruleId int, require RequireResponse) *model.WebForwarding {
  149. return &model.WebForwarding{
  150. HostId: require.HostId,
  151. CdnWebId: ruleId,
  152. Port: req.Port,
  153. Domain: req.Domain,
  154. IsHttps: req.IsHttps,
  155. Comment: req.Comment,
  156. HttpsCert: req.HttpsCert,
  157. HttpsKey: req.HttpsKey,
  158. SslCertId: int(require.SslPolicyId),
  159. Cc: req.CcConfig.IsOn,
  160. ThresholdMethod: req.CcConfig.ThresholdMethod,
  161. Level: req.CcConfig.Level,
  162. Limit5s: req.CcConfig.Limit5s,
  163. Limit60s: req.CcConfig.Limit60s,
  164. Limit300s: req.CcConfig.Limit300s,
  165. Proxy: req.Proxy,
  166. }
  167. }
  168. func (s *webForwardingService) buildWebRuleModel(reqData *v1.WebForwardingDataRequest, require RequireResponse, localDbId int, cdnOriginIds map[string]int64) *model.WebForwardingRule {
  169. return &model.WebForwardingRule{
  170. Uid: require.Uid,
  171. HostId: require.HostId,
  172. WebId: localDbId,
  173. CdnOriginIds: cdnOriginIds,
  174. BackendList: reqData.BackendList,
  175. }
  176. }
  177. // =================================================================
  178. // 主函数:prepareWafData
  179. // 职责:协调整个流程,负责获取前置配置和组装最终的 formData。
  180. // =================================================================
  181. func (s *webForwardingService) prepareWafData(ctx context.Context, req *v1.WebForwardingRequest) (RequireResponse, v1.Website, error) {
  182. // 1. 获取基础配置
  183. require, err := s.wafformatter.Require(ctx, v1.GlobalRequire{
  184. HostId: req.HostId,
  185. Uid: req.Uid,
  186. Comment: req.WebForwardingData.Comment,
  187. })
  188. if err != nil {
  189. return RequireResponse{}, v1.Website{}, fmt.Errorf("获取WAF前置配置失败: %w", err)
  190. }
  191. if require.GatewayGroupId == 0 || require.Uid == 0 {
  192. return RequireResponse{}, v1.Website{}, fmt.Errorf("请先配置实例")
  193. }
  194. // 2. 调用辅助函数,构建核心的代理配置 (将复杂逻辑封装起来)
  195. byteData, sslPolicyId, err := s.buildProxyJSONConfig(ctx, req, require)
  196. if err != nil {
  197. return RequireResponse{}, v1.Website{}, err // 错误信息在辅助函数中已经包装好了
  198. }
  199. require.SslPolicyId = sslPolicyId
  200. type serverNames struct {
  201. ServerNames string `json:"name" form:"name"`
  202. Type string `json:"type" form:"type"`
  203. }
  204. var serverName []serverNames
  205. var serverJson []byte
  206. if req.WebForwardingData.Domain != "" {
  207. serverName = append(serverName, serverNames{
  208. ServerNames: req.WebForwardingData.Domain,
  209. Type: "full",
  210. })
  211. serverJson, err = json.Marshal(serverName)
  212. if err != nil {
  213. return RequireResponse{}, v1.Website{}, err
  214. }
  215. }
  216. // 3. 组装最终的 WAF 表单数据
  217. formData := v1.Website{
  218. UserId: int64(require.CdnUid),
  219. Type: "httpProxy",
  220. Name: require.Tag,
  221. ServerNamesJSON: serverJson,
  222. Description: req.WebForwardingData.Comment,
  223. ServerGroupIds: []int64{int64(require.GroupId)},
  224. UserPlanId: int64(require.RuleId),
  225. NodeClusterId: defaultNodeClusterId,
  226. }
  227. var noSslByteData, _ = json.Marshal(v1.TypeJSON{IsOn: false})
  228. // 4. 根据协议类型,填充 HttpJSON 和 HttpsJSON 字段
  229. if req.WebForwardingData.IsHttps == isHttps {
  230. formData.HttpJSON = noSslByteData
  231. formData.HttpsJSON = byteData
  232. } else {
  233. formData.HttpJSON = byteData
  234. formData.HttpsJSON = noSslByteData
  235. }
  236. return require, formData, nil
  237. }
  238. // =================================================================
  239. // 辅助函数:buildProxyJSONConfig
  240. // 职责:专门负责处理 HTTP/HTTPS 的差异,并生成对应的 JSON 配置。
  241. // =================================================================
  242. func (s *webForwardingService) buildProxyJSONConfig(ctx context.Context, req *v1.WebForwardingRequest, require RequireResponse) ([]byte, int64, error) {
  243. var (
  244. jsonData v1.TypeJSON
  245. apiType string
  246. err error
  247. )
  248. var sslPolicyId int64
  249. jsonData.IsOn = true
  250. apiType = protocolHttps
  251. // 判断协议类型,并处理 HTTPS 的特殊逻辑(证书)
  252. if req.WebForwardingData.IsHttps == isHttps {
  253. // 处理证书信息
  254. if req.WebForwardingData.SslCertId == 0 {
  255. sslPolicyId, _, err = s.wafformatter.AddSSLPolicy(ctx, v1.SSL{
  256. CdnUserId: require.CdnUid,
  257. Domain: req.WebForwardingData.Domain,
  258. Name: req.WebForwardingData.Domain,
  259. Description: req.WebForwardingData.Comment,
  260. CertData: req.WebForwardingData.HttpsCert,
  261. KeyData: req.WebForwardingData.HttpsKey,
  262. })
  263. if err != nil {
  264. return nil, 0, fmt.Errorf("处理证书失败: %w", err)
  265. }
  266. jsonData.SslPolicyRef.SslPolicyId = sslPolicyId
  267. } else {
  268. err = s.wafformatter.EditSSL(ctx, v1.SSL{
  269. WebId: int64(req.WebForwardingData.Id),
  270. SSLPolicyId: int(req.WebForwardingData.SslCertId),
  271. CdnUserId: require.CdnUid,
  272. Name: req.WebForwardingData.Domain,
  273. Description: req.WebForwardingData.Comment,
  274. CertData: req.WebForwardingData.HttpsCert,
  275. KeyData: req.WebForwardingData.HttpsKey,
  276. })
  277. if err != nil {
  278. return nil, 0, fmt.Errorf("处理证书失败: %w", err)
  279. }
  280. jsonData.SslPolicyRef.SslPolicyId = req.WebForwardingData.SslCertId
  281. }
  282. jsonData.SslPolicyRef.IsOn = true
  283. } else {
  284. apiType = protocolHttp
  285. jsonData.SslPolicyRef = v1.SslPolicyRef{
  286. IsOn: false,
  287. SslPolicyId: req.WebForwardingData.SslCertId,
  288. }
  289. }
  290. // 填充通用的 Listen 配置
  291. for _, v := range require.GatewayIps {
  292. jsonData.Listen = append(jsonData.Listen, v1.Listen{
  293. Protocol: apiType,
  294. Host: v,
  295. Port: req.WebForwardingData.Port,
  296. })
  297. }
  298. // 序列化为 JSON
  299. byteData, err := json.Marshal(jsonData)
  300. if err != nil {
  301. return nil, 0, fmt.Errorf("序列化WAF配置失败: %w", err)
  302. }
  303. return byteData, sslPolicyId, nil
  304. }
  305. // 查找两个列表的差异
  306. func (s webForwardingService) FindDifferenceList(oldList, newList []v1.BackendList) (added, removed []v1.BackendList) {
  307. diff := make(map[v1.BackendList]int)
  308. // 1. 遍历旧列表,为每个元素计数 +1
  309. for _, item := range oldList {
  310. diff[item]++
  311. }
  312. // 2. 遍历新列表,为每个元素计数 -1
  313. for _, item := range newList {
  314. diff[item]--
  315. }
  316. // 3. 遍历 diff map 来找出差异
  317. for item, count := range diff {
  318. if count > 0 {
  319. // 如果 count > 0,说明这个元素在 oldList 中但不在 newList 中
  320. removed = append(removed, item)
  321. } else if count < 0 {
  322. // 如果 count < 0,说明这个元素在 newList 中但不在 oldList 中
  323. added = append(added, item)
  324. }
  325. // 如果 count == 0,说明元素在两个列表中都存在,不做任何操作
  326. }
  327. return added, removed
  328. }
  329. func (s *webForwardingService) AddWebForwarding(ctx context.Context, req *v1.WebForwardingRequest) error {
  330. require, formData, err := s.prepareWafData(ctx, req)
  331. if err != nil {
  332. return err
  333. }
  334. err = s.wafformatter.validateWafPortCount(ctx, require.HostId)
  335. if err != nil {
  336. return err
  337. }
  338. // 验证端口重复
  339. err = s.wafformatter.VerifyPort(ctx, "http", req.WebForwardingData.Port, int64(require.HostId), req.WebForwardingData.Domain)
  340. if err != nil {
  341. return err
  342. }
  343. webId, err := s.cdn.CreateWebsite(ctx, formData)
  344. if err != nil {
  345. return err
  346. }
  347. backendList := make(map[string]string)
  348. for _, k := range req.WebForwardingData.BackendList {
  349. backendList[k.Addr] = k.CustomHost
  350. }
  351. // 添加源站
  352. cdnOriginIds := make(map[string]int64)
  353. for _, v := range req.WebForwardingData.BackendList {
  354. apiType := protocolHttp
  355. // 如果条件满足,则覆盖为 HTTPS
  356. if v.IsHttps == isHttps {
  357. apiType = protocolHttps
  358. }
  359. host, port, err := net.SplitHostPort(v.Addr)
  360. if err != nil {
  361. return err
  362. }
  363. var addrPunyPort string
  364. addrPunyPort = v.Addr
  365. // 如果是 IP 地址,不需要转换
  366. if ok := net.ParseIP(host); ok == nil {
  367. _, hostPuny, err := s.wafformatter.ConvertToPunycodeIfIDN(ctx, host)
  368. if err != nil {
  369. return err
  370. }
  371. addrPunyPort = fmt.Sprintf("%s:%s", hostPuny, port)
  372. }
  373. id, err := s.wafformatter.AddOrigin(ctx, v1.WebJson{
  374. ApiType: apiType,
  375. BackendList: addrPunyPort,
  376. Host: v.CustomHost,
  377. Comment: req.WebForwardingData.Comment,
  378. })
  379. if err != nil {
  380. return err
  381. }
  382. cdnOriginIds[v.Addr] = id
  383. }
  384. // 添加源站到网站
  385. for _, v := range cdnOriginIds {
  386. err = s.cdn.AddServerOrigin(ctx, webId, v)
  387. if err != nil {
  388. return err
  389. }
  390. }
  391. // 开启proxy
  392. if req.WebForwardingData.Proxy {
  393. err = s.proxy.EditProxy(ctx,webId, v1.ProxyProtocolJSON{
  394. IsOn: true,
  395. Version: 1,
  396. })
  397. if err != nil {
  398. return err
  399. }
  400. }
  401. // 开启访问日志
  402. err = s.EditLog(ctx, webId)
  403. if err != nil {
  404. return err
  405. }
  406. // 开启CC
  407. if req.WebForwardingData.CcConfig.IsOn {
  408. err = s.EditCcConfig(ctx, webId, req.WebForwardingData.CcConfig)
  409. if err != nil {
  410. return err
  411. }
  412. }
  413. webModel := s.buildWebForwardingModel(&req.WebForwardingData, int(webId), require)
  414. id, err := s.webForwardingRepository.AddWebForwarding(ctx, webModel)
  415. if err != nil {
  416. return err
  417. }
  418. webRuleModel := s.buildWebRuleModel(&req.WebForwardingData, require, id, cdnOriginIds)
  419. if _, err = s.webForwardingRepository.AddWebForwardingIps(ctx, *webRuleModel); err != nil {
  420. return err
  421. }
  422. if req.WebForwardingData.Domain != "" {
  423. // 异步任务:将域名添加到白名单
  424. doMain, err := s.wafformatter.ConvertToWildcardDomain(ctx, req.WebForwardingData.Domain)
  425. if err != nil {
  426. return err
  427. }
  428. if len(require.GatewayIps) == 0 {
  429. return fmt.Errorf("网关组不存在")
  430. }
  431. firstIp, err := s.GetGatewayFirstIp(ctx, require.HostId)
  432. if err != nil {
  433. return err
  434. }
  435. go s.wafformatter.PublishDomainWhitelistTask(doMain, firstIp, "add")
  436. }
  437. // 源站IP过白
  438. var ips []string
  439. if req.WebForwardingData.BackendList != nil {
  440. for _, v := range req.WebForwardingData.BackendList {
  441. ip, _, err := net.SplitHostPort(v.Addr)
  442. if err != nil {
  443. return err
  444. }
  445. ips = append(ips, ip)
  446. }
  447. go s.wafformatter.PublishIpWhitelistTask(ips, "add", "", "white")
  448. }
  449. return nil
  450. }
  451. func (s *webForwardingService) EditWebForwarding(ctx context.Context, req *v1.WebForwardingRequest) error {
  452. oldData, err := s.webForwardingRepository.GetWebForwarding(ctx, int64(req.WebForwardingData.Id))
  453. if err != nil {
  454. return err
  455. }
  456. req.WebForwardingData.SslCertId = int64(oldData.SslCertId)
  457. require, formData, err := s.prepareWafData(ctx, req)
  458. if err != nil {
  459. return err
  460. }
  461. // 验证端口重复
  462. if oldData.Port != req.WebForwardingData.Port {
  463. err = s.wafformatter.VerifyPort(ctx, "http", req.WebForwardingData.Port, int64(require.HostId), "")
  464. if err != nil {
  465. return err
  466. }
  467. }
  468. //修改网站端口
  469. if oldData.Port != req.WebForwardingData.Port || oldData.IsHttps != req.WebForwardingData.IsHttps || oldData.HttpsCert != req.WebForwardingData.HttpsCert || oldData.HttpsKey != req.WebForwardingData.HttpsKey {
  470. var typeJson []byte
  471. var closeJson []byte
  472. var apiType string
  473. var closeType string
  474. if req.WebForwardingData.IsHttps == isHttps {
  475. typeJson = formData.HttpsJSON
  476. closeJson = formData.HttpJSON
  477. apiType = protocolHttps
  478. closeType = protocolHttp
  479. } else {
  480. typeJson = formData.HttpJSON
  481. closeJson = formData.HttpsJSON
  482. apiType = protocolHttp
  483. closeType = protocolHttps
  484. }
  485. err = s.cdn.EditServerType(ctx, v1.EditWebsite{
  486. Id: int64(oldData.CdnWebId),
  487. TypeJSON: typeJson,
  488. }, apiType)
  489. if err != nil {
  490. return err
  491. }
  492. err = s.cdn.EditServerType(ctx, v1.EditWebsite{
  493. Id: int64(oldData.CdnWebId),
  494. TypeJSON: closeJson,
  495. }, closeType)
  496. if err != nil {
  497. return err
  498. }
  499. }
  500. //修改网站域名
  501. if oldData.Domain != req.WebForwardingData.Domain {
  502. type serverName struct {
  503. Name string `json:"name" form:"name"`
  504. Type string `json:"type" form:"type"`
  505. }
  506. var serverData []serverName
  507. var serverJson []byte
  508. serverData = append(serverData, serverName{
  509. Name: req.WebForwardingData.Domain,
  510. Type: "full",
  511. })
  512. serverJson, err = json.Marshal(serverData)
  513. if err != nil {
  514. return err
  515. }
  516. err = s.cdn.EditServerName(ctx, v1.EditServerNames{
  517. ServerId: int64(oldData.CdnWebId),
  518. ServerNamesJSON: serverJson,
  519. })
  520. if err != nil {
  521. return err
  522. }
  523. }
  524. //修改网站名字
  525. if oldData.Comment != req.WebForwardingData.Comment {
  526. nodeId,err := s.globalLimitRep.GetNodeId(ctx, oldData.CdnWebId)
  527. if err != nil {
  528. return err
  529. }
  530. err = s.cdn.EditServerBasic(ctx, int64(oldData.CdnWebId), require.Tag,nodeId)
  531. if err != nil {
  532. return err
  533. }
  534. }
  535. //修改Proxy
  536. if oldData.Proxy != req.WebForwardingData.Proxy {
  537. err = s.proxy.EditProxy(ctx, int64(oldData.CdnWebId), v1.ProxyProtocolJSON{
  538. IsOn: req.WebForwardingData.Proxy,
  539. Version: 1,
  540. })
  541. if err != nil {
  542. return err
  543. }
  544. }
  545. // 修改CC配置
  546. err = s.EditCcConfig(ctx, int64(oldData.CdnWebId), v1.CcConfigRequest{
  547. IsOn: req.WebForwardingData.CcConfig.IsOn,
  548. Level: req.WebForwardingData.CcConfig.Level,
  549. Limit5s: req.WebForwardingData.CcConfig.Limit5s,
  550. Limit60s: req.WebForwardingData.CcConfig.Limit60s,
  551. Limit300s: req.WebForwardingData.CcConfig.Limit300s,
  552. ThresholdMethod: req.WebForwardingData.CcConfig.ThresholdMethod,
  553. })
  554. if err != nil {
  555. return err
  556. }
  557. // 将域名添加到白名单
  558. webData, err := s.webForwardingRepository.GetWebForwarding(ctx, int64(req.WebForwardingData.Id))
  559. if err != nil {
  560. return err
  561. }
  562. // 异步任务:将域名添加到白名单
  563. if webData.Domain != req.WebForwardingData.Domain {
  564. firstIp, err := s.GetGatewayFirstIp(ctx, req.HostId)
  565. if err != nil {
  566. return err
  567. }
  568. doMain, err := s.wafformatter.ConvertToWildcardDomain(ctx, req.WebForwardingData.Domain)
  569. if err != nil {
  570. return err
  571. }
  572. oldDomain, err := s.wafformatter.ConvertToWildcardDomain(ctx, webData.Domain)
  573. if err != nil {
  574. return err
  575. }
  576. if len(require.GatewayIps) == 0 {
  577. return fmt.Errorf("网关组不存在")
  578. }
  579. // 查找域名数量,如果数量小于2,删除旧域名
  580. count, err := s.webForwardingRepository.GetDomainCount(ctx, req.HostId, webData.Domain)
  581. if err != nil {
  582. return err
  583. }
  584. if count < 2 {
  585. go s.wafformatter.PublishDomainWhitelistTask(oldDomain, firstIp, "del")
  586. }
  587. go s.wafformatter.PublishDomainWhitelistTask(doMain, firstIp, "add")
  588. }
  589. // IP过白
  590. ipData, err := s.webForwardingRepository.GetWebForwardingIpsByID(ctx, req.WebForwardingData.Id)
  591. if err != nil {
  592. return err
  593. }
  594. var oldIps []string
  595. var newIps []string
  596. for _, v := range ipData.BackendList {
  597. ip, _, err := net.SplitHostPort(v.Addr)
  598. if err != nil {
  599. return err
  600. }
  601. oldIps = append(oldIps, ip)
  602. }
  603. for _, v := range req.WebForwardingData.BackendList {
  604. ip, _, err := net.SplitHostPort(v.Addr)
  605. if err != nil {
  606. return err
  607. }
  608. newIps = append(newIps, ip)
  609. }
  610. addedIps, removedIps := s.wafformatter.findIpDifferences(oldIps, newIps)
  611. if len(addedIps) > 0 {
  612. go s.wafformatter.PublishIpWhitelistTask(addedIps, "add", "", "white")
  613. }
  614. // IP过白
  615. if len(removedIps) > 0 {
  616. // 1. 一次性获取所有相关IP的数量
  617. ipsToDelist, err := s.wafformatter.WashDelIps(ctx, removedIps)
  618. if err != nil {
  619. return err
  620. }
  621. // 4. 如果有需要处理的IP,则批量发布一次任务
  622. if len(ipsToDelist) > 0 {
  623. go s.wafformatter.PublishIpWhitelistTask(ipsToDelist, "del", "0", "white")
  624. }
  625. }
  626. //修改源站
  627. addOrigins, delOrigins := s.FindDifferenceList(ipData.BackendList, req.WebForwardingData.BackendList)
  628. addedIds := make(map[string]int64)
  629. for _, v := range addOrigins {
  630. var apiType string
  631. if v.IsHttps == isHttps {
  632. apiType = protocolHttps
  633. } else {
  634. apiType = protocolHttp
  635. }
  636. id, err := s.wafformatter.AddOrigin(ctx, v1.WebJson{
  637. ApiType: apiType,
  638. BackendList: v.Addr,
  639. Host: v.CustomHost,
  640. Comment: req.WebForwardingData.Comment,
  641. })
  642. if err != nil {
  643. return err
  644. }
  645. addedIds[v.Addr] = id
  646. }
  647. for _, v := range addedIds {
  648. err = s.cdn.AddServerOrigin(ctx, int64(oldData.CdnWebId), v)
  649. if err != nil {
  650. return err
  651. }
  652. }
  653. for k, v := range ipData.CdnOriginIds {
  654. for _, ip := range delOrigins {
  655. if k == ip.Addr {
  656. err = s.cdn.DelServerOrigin(ctx, int64(oldData.CdnWebId), v)
  657. if err != nil {
  658. return err
  659. }
  660. delete(ipData.CdnOriginIds, k)
  661. }
  662. }
  663. }
  664. maps.Copy(ipData.CdnOriginIds, addedIds)
  665. webModel := s.buildWebForwardingModel(&req.WebForwardingData, req.WebForwardingData.CdnWebId, require)
  666. webModel.Id = req.WebForwardingData.Id
  667. if err = s.webForwardingRepository.EditWebForwarding(ctx, webModel); err != nil {
  668. return err
  669. }
  670. webRuleModel := s.buildWebRuleModel(&req.WebForwardingData, require, req.WebForwardingData.Id, ipData.CdnOriginIds)
  671. if err = s.webForwardingRepository.EditWebForwardingIps(ctx, *webRuleModel); err != nil {
  672. return err
  673. }
  674. return nil
  675. }
  676. func (s *webForwardingService) DeleteWebForwarding(ctx context.Context, Ids []int) error {
  677. for _, Id := range Ids {
  678. oldData, err := s.webForwardingRepository.GetWebForwarding(ctx, int64(Id))
  679. if err != nil {
  680. return err
  681. }
  682. err = s.cdn.DelServer(ctx, int64(oldData.CdnWebId))
  683. if err != nil {
  684. return err
  685. }
  686. // 异步任务:将域名添加到白名单
  687. firstIp, err := s.GetGatewayFirstIp(ctx, oldData.HostId)
  688. if err != nil {
  689. return err
  690. }
  691. if oldData.Domain != "" {
  692. doMain, err := s.wafformatter.ConvertToWildcardDomain(ctx, oldData.Domain)
  693. if err != nil {
  694. return err
  695. }
  696. go s.wafformatter.PublishDomainWhitelistTask(doMain, firstIp, "del")
  697. }
  698. // IP过白
  699. ipData, err := s.webForwardingRepository.GetWebForwardingIpsByID(ctx, Id)
  700. if err != nil {
  701. return err
  702. }
  703. var ips []string
  704. if len(ipData.BackendList) > 0 {
  705. for _, v := range ipData.BackendList {
  706. ip, _, err := net.SplitHostPort(v.Addr)
  707. if err != nil {
  708. return err
  709. }
  710. ips = append(ips, ip)
  711. }
  712. }
  713. if len(ips) > 0 {
  714. ipsToDelist, err := s.wafformatter.WashDelIps(ctx, ips)
  715. if err != nil {
  716. return err
  717. }
  718. // 4. 如果有需要处理的IP,则批量发布一次任务
  719. if len(ipsToDelist) > 0 {
  720. go s.wafformatter.PublishIpWhitelistTask(ipsToDelist, "del", "0", "white")
  721. }
  722. }
  723. // 删除ssl
  724. data, err := s.webForwardingRepository.GetWebForwarding(ctx, int64(Id))
  725. if err != nil {
  726. return err
  727. }
  728. if data.SslCertId != 0 {
  729. sslPolicyData, err := s.webForwardingRepository.GetSslCertId(ctx, data.SslCertId)
  730. if err != nil {
  731. return err
  732. }
  733. if sslPolicyData != nil {
  734. for _, v := range sslPolicyData {
  735. err := s.cdn.DelSSLCert(ctx, v.CertId)
  736. if err != nil {
  737. return err
  738. }
  739. }
  740. }
  741. }
  742. if err = s.webForwardingRepository.DeleteWebForwarding(ctx, int64(Id)); err != nil {
  743. return err
  744. }
  745. if err = s.webForwardingRepository.DeleteWebForwardingIpsById(ctx, Id); err != nil {
  746. return err
  747. }
  748. }
  749. return nil
  750. }
  751. func (s *webForwardingService) GetWebForwardingWafWebAllIps(ctx context.Context, req v1.GetForwardingRequest) ([]v1.WebForwardingDataRequest, error) {
  752. type CombinedResult struct {
  753. Id int
  754. Forwarding *model.WebForwarding
  755. BackendRule *model.WebForwardingRule
  756. Err error // 如果此ID的处理出错,则携带错误
  757. }
  758. g, gCtx := errgroup.WithContext(ctx)
  759. ids, err := s.webForwardingRepository.GetWebForwardingWafWebAllIds(gCtx, req.HostId)
  760. if err != nil {
  761. return nil, fmt.Errorf("GetWebForwardingWafWebAllIds failed: %w", err)
  762. }
  763. if len(ids) == 0 {
  764. return nil, nil // 没有ID,直接返回空切片
  765. }
  766. // 创建一个通道来接收每个ID的处理结果
  767. // 通道缓冲区大小设为ID数量,这样发送者不会因为接收者慢而阻塞(在所有goroutine都启动后)
  768. resultsChan := make(chan CombinedResult, len(ids))
  769. for _, idVal := range ids {
  770. currentID := idVal // 捕获循环变量
  771. g.Go(func() error {
  772. var wf *model.WebForwarding
  773. var bk *model.WebForwardingRule
  774. var localErr error
  775. // 1. 获取 WebForwarding 信息
  776. wf, localErr = s.webForwardingRepository.GetWebForwarding(gCtx, int64(currentID))
  777. if localErr != nil {
  778. // 发送错误到通道,并由 errgroup 捕获
  779. // errgroup 会处理第一个非nil错误,并取消其他 goroutine
  780. resultsChan <- CombinedResult{Id: currentID, Err: fmt.Errorf("GetWebForwarding for id %d failed: %w", currentID, localErr)}
  781. return localErr // 返回错误给 errgroup
  782. }
  783. if wf == nil { // 正常情况下,如果没错误,wf不应为nil,但防御性检查
  784. localErr = fmt.Errorf("GetWebForwarding for id %d returned nil data without error", currentID)
  785. resultsChan <- CombinedResult{Id: currentID, Err: localErr}
  786. return localErr
  787. }
  788. // 2. 获取 Backend IP 信息
  789. // 注意:这里我们允许 GetWebForwardingIpsByID 可能返回 nil 数据(例如没有规则)而不是错误
  790. // 如果它也可能返回错误,则处理方式与上面类似
  791. bk, localErr = s.webForwardingRepository.GetWebForwardingIpsByID(gCtx, currentID)
  792. if localErr != nil {
  793. // 如果获取IP信息失败是一个致命错误,则也应返回错误
  794. // 如果允许部分成功(比如有WebForwarding但没有IP信息),则可以不将此视为errgroup的错误
  795. // 这里假设它也是一个需要errgroup捕获的错误
  796. resultsChan <- CombinedResult{Id: currentID, Forwarding: wf, Err: fmt.Errorf("GetWebForwardingIpsByID for id %d failed: %w", currentID, localErr)}
  797. return localErr // 返回错误给 errgroup
  798. }
  799. // bk 可能是 nil 如果没有错误且没有规则,这取决于业务逻辑
  800. // 发送成功的结果到通道
  801. resultsChan <- CombinedResult{Id: currentID, Forwarding: wf, BackendRule: bk}
  802. return nil // 此goroutine成功
  803. })
  804. }
  805. // 等待所有goroutine完成
  806. groupErr := g.Wait()
  807. // 关闭通道,表示所有发送者都已完成
  808. // 这一步很重要,这样下面的 range 循环才能正常结束
  809. close(resultsChan)
  810. // 如果 errgroup 捕获到任何错误,优先返回该错误
  811. if groupErr != nil {
  812. // 虽然errgroup已经出错了,但通道中可能已经有一些结果(来自出错前成功或出错的goroutine)
  813. // 我们需要排空通道以避免goroutine泄漏(如果它们在发送时阻塞)
  814. // 但由于我们优先返回groupErr,这些结果将被丢弃。
  815. // 在这种设计下,通常任何一个子任务失败都会导致整个操作失败。
  816. return nil, groupErr
  817. }
  818. // 如果没有错误,收集所有成功的结果
  819. finalResults := make([]v1.WebForwardingDataRequest, 0, len(ids))
  820. for res := range resultsChan {
  821. // 再次检查通道中的错误,尽管 errgroup 应该已经捕获了
  822. // 但这是一种更细致的错误处理,以防万一有goroutine在errgroup.Wait()前发送了错误但未被errgroup捕获
  823. // (理论上,如果goroutine返回了错误,errgroup会处理)
  824. // 主要目的是处理 res.forwarding 为 nil 的情况 (如果上面允许不返回错误)
  825. if res.Err != nil {
  826. // 如果到这里还有错误,说明逻辑可能有问题,或者我们决定忽略某些类型的子错误
  827. // 在此示例中,因为 g.Wait() 没有错误,所以这里的 res.err 应该是nil
  828. // 如果不是,那么可能是goroutine在return nil前发送了带有错误的res。
  829. // 严格来说,如果errgroup没有错误,这里res.err也应该是nil
  830. // 但以防万一,我们可以记录日志
  831. return nil, fmt.Errorf("received error from goroutine for ID %d: %w", res.Id, res.Err)
  832. }
  833. if res.Forwarding == nil {
  834. return nil, fmt.Errorf("received nil forwarding from goroutine for ID %d", res.Id)
  835. }
  836. dataReq := v1.WebForwardingDataRequest{
  837. Id: res.Forwarding.Id,
  838. Port: res.Forwarding.Port,
  839. Domain: res.Forwarding.Domain,
  840. IsHttps: res.Forwarding.IsHttps,
  841. Comment: res.Forwarding.Comment,
  842. HttpsKey: res.Forwarding.HttpsKey,
  843. HttpsCert: res.Forwarding.HttpsCert,
  844. Proxy: res.Forwarding.Proxy,
  845. CcConfig: v1.CcConfigRequest{
  846. IsOn: res.Forwarding.Cc,
  847. ThresholdMethod: res.Forwarding.ThresholdMethod,
  848. Level: res.Forwarding.Level,
  849. Limit5s: res.Forwarding.Limit5s,
  850. Limit60s: res.Forwarding.Limit60s,
  851. Limit300s: res.Forwarding.Limit300s,
  852. },
  853. }
  854. if res.BackendRule != nil { // 只有当 BackendRule 存在时才填充相关字段
  855. dataReq.BackendList = res.BackendRule.BackendList
  856. }
  857. finalResults = append(finalResults, dataReq)
  858. }
  859. sort.Slice(finalResults, func(i, j int) bool {
  860. return finalResults[i].Id > finalResults[j].Id
  861. })
  862. return finalResults, nil
  863. }
  864. func (s *webForwardingService) GetGatewayFirstIp(ctx context.Context, hostId int) (string, error) {
  865. gateWayGroup, err := s.gatewayGroupRep.GetGatewayGroupByHostId(ctx, int64(hostId))
  866. if err != nil {
  867. return "", err
  868. }
  869. if gateWayGroup == nil {
  870. return "", fmt.Errorf("网关组不存在")
  871. }
  872. gateWayIps, err := s.gatewayGroupIpRep.GetGateWayGroupFirstIpByGatewayGroupId(ctx, gateWayGroup.Id)
  873. if err != nil {
  874. return "", err
  875. }
  876. if len(gateWayIps) == 0 {
  877. return "", fmt.Errorf("网关组IP为空")
  878. }
  879. return gateWayIps, nil
  880. }
  881. // 清洗IP
  882. func (s *webForwardingService) WashDifferentIp(newIpList []string, oldIpList []string) (addedDenyIps []string, removedDenyIps []string) {
  883. var newAllowIps []string
  884. var oldAllowIps []string
  885. if len(oldIpList) > 0 {
  886. for _, v := range oldIpList {
  887. if net.ParseIP(v) != nil {
  888. oldAllowIps = append(oldAllowIps, v)
  889. }
  890. }
  891. }
  892. if len(newIpList) > 0 {
  893. for _, v := range newIpList {
  894. if net.ParseIP(v) != nil {
  895. newAllowIps = append(newAllowIps, v)
  896. }
  897. }
  898. }
  899. addedDenyIps, removedDenyIps = s.wafformatter.findIpDifferences(oldAllowIps, newAllowIps)
  900. return addedDenyIps, removedDenyIps
  901. }
  902. // 修改日志配置
  903. func (s *webForwardingService) EditLog(ctx context.Context,webId int64) error {
  904. webConfigId, err := s.webForwardingRepository.GetWebConfigId(ctx, webId)
  905. if err != nil {
  906. return err
  907. }
  908. if err := s.cdn.EditWebLog(ctx, webConfigId,v1.WebLog{
  909. IsPrior: false,
  910. IsOn: true,
  911. Fields: []int64{1, 2, 6, 7},
  912. Status1: true,
  913. Status2: true,
  914. Status3: true,
  915. Status4: true,
  916. Status5: true,
  917. FirewallOnly: false,
  918. EnableClientClosed: false,
  919. }); err != nil {
  920. return err
  921. }
  922. return nil
  923. }
  924. // 修改CC配置
  925. func (s *webForwardingService) EditCcConfig(ctx context.Context,webId int64, req v1.CcConfigRequest) error {
  926. webConfigId, err := s.webForwardingRepository.GetWebConfigId(ctx, webId)
  927. if err != nil {
  928. return err
  929. }
  930. configThreshold := []struct{
  931. MaxRequests int `json:"maxRequests"`
  932. BlockSeconds int `json:"blockSeconds"`
  933. PeriodSeconds int `json:"periodSeconds"`
  934. }{
  935. {MaxRequests: req.Limit5s},
  936. {MaxRequests: req.Limit60s},
  937. {MaxRequests: req.Limit300s},
  938. }
  939. if err := s.cdn.EditCcConfig(ctx, webConfigId, v1.CcConfig{
  940. IsOn: req.IsOn,
  941. ThresholdMethod: req.ThresholdMethod,
  942. Thresholds: configThreshold,
  943. Level: req.Level,
  944. UseDefaultThresholds : true,
  945. EnableGET302: true,
  946. EnableFingerprint : true,
  947. IgnoreCommonFiles : true,
  948. }); err != nil {
  949. return err
  950. }
  951. return nil
  952. }