aidedweb.go 36 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127
  1. package waf
  2. import (
  3. "context"
  4. "encoding/json"
  5. "fmt"
  6. "net"
  7. v1 "github.com/go-nunu/nunu-layout-advanced/api/v1"
  8. "github.com/go-nunu/nunu-layout-advanced/internal/model"
  9. "github.com/go-nunu/nunu-layout-advanced/internal/repository/api/waf"
  10. "github.com/go-nunu/nunu-layout-advanced/internal/service"
  11. "github.com/go-nunu/nunu-layout-advanced/internal/service/api/flexCdn"
  12. )
  13. // AidedWebService Web转发辅助服务接口
  14. type AidedWebService interface {
  15. // 验证相关
  16. ValidateAddRequest(ctx context.Context, req *v1.WebForwardingRequest, require RequireResponse) error
  17. ValidateEditRequest(ctx context.Context, req *v1.WebForwardingRequest) error
  18. ValidateDeletePermission(oldHostId int, hostId int) error
  19. // CDN网站管理
  20. CreateCdnWebsite(ctx context.Context, formData v1.Website) (int64, error)
  21. UpdateCdnConfiguration(ctx context.Context, req *v1.WebForwardingRequest, oldData *model.WebForwarding, tag string, formData v1.Website) error
  22. DeleteCdnServer(ctx context.Context, cdnWebId int) error
  23. // 源站管理
  24. AddOriginsToWebsite(ctx context.Context, req *v1.WebForwardingRequest, webId int64) (map[string]int64, error)
  25. UpdateOriginServers(ctx context.Context, req *v1.WebForwardingRequest, oldData *model.WebForwarding, ipData *model.WebForwardingRule) error
  26. // 功能配置管理
  27. ConfigureWebsocket(ctx context.Context, webId int64) error
  28. ConfigureProxyProtocol(ctx context.Context, proxy bool, cdnWebId int64) error
  29. ConfigureCCProtection(ctx context.Context, ccConfig v1.CcConfigRequest, webId int64) error
  30. ConfigureWafFirewall(ctx context.Context, webId int64, groupId int) error
  31. // 异步任务处理
  32. ProcessAsyncTasks(ctx context.Context, req *v1.WebForwardingRequest, require RequireResponse)
  33. ProcessIpWhitelistChanges(ctx context.Context, req *v1.WebForwardingRequest, ipData *model.WebForwardingRule) error
  34. ProcessDeleteIpWhitelist(ctx context.Context, id int) error
  35. ProcessDomainWhitelistChanges(ctx context.Context, req *v1.WebForwardingRequest, oldData *model.WebForwarding, require RequireResponse) error
  36. ProcessDeleteDomainWhitelist(ctx context.Context, oldData *model.WebForwarding, uid int) error
  37. // 数据库操作
  38. SaveToDatabase(ctx context.Context, req *v1.WebForwardingRequest, require RequireResponse, webId int64, cdnOriginIds map[string]int64) (int, error)
  39. UpdateDatabaseRecords(ctx context.Context, req *v1.WebForwardingRequest, require RequireResponse, ipData *model.WebForwardingRule) error
  40. CleanupDatabaseRecords(ctx context.Context, id int) error
  41. // SSL证书管理
  42. ProcessSSLCertificate(ctx context.Context, req *v1.WebForwardingRequest, cdnUid int) error
  43. ProcessSSLCertificateUpdate(ctx context.Context, req *v1.WebForwardingRequest, oldData *model.WebForwarding, cdnUid int) error
  44. CleanupSSLCertificate(ctx context.Context, oldData *model.WebForwarding) error
  45. // 数据准备辅助函数
  46. PrepareWafData(ctx context.Context, req *v1.WebForwardingRequest) (RequireResponse, v1.Website, error)
  47. BuildProxyConfig(ctx context.Context, req *v1.WebForwardingRequest, gatewayIps []string) (v1.TypeJSON, error)
  48. BulidFormData(ctx context.Context, formData v1.Website) (v1.WebsiteSend, error)
  49. // 协议判断辅助函数
  50. GetProtocolType(isHttps int) string
  51. IsHttpsProtocol(isHttps int) bool
  52. // 模型构建辅助函数
  53. BuildWebForwardingModel(req *v1.WebForwardingDataRequest, ruleId int, require RequireResponse) *model.WebForwarding
  54. BuildWebRuleModel(reqData *v1.WebForwardingDataRequest, require RequireResponse, localDbId int, cdnOriginIds map[string]int64) *model.WebForwardingRule
  55. // 列表差异处理辅助函数
  56. FindDifferenceList(oldList, newList []v1.BackendList) (added, removed []v1.BackendList)
  57. WashDifferentIp(newIpList []string, oldIpList []string) (addedDenyIps []string, removedDenyIps []string)
  58. // 日志配置辅助函数
  59. EditLog(ctx context.Context, webId int64) error
  60. // 废弃的方法(保持向后兼容)
  61. Require(ctx context.Context, req v1.GlobalRequire) (v1.GlobalRequire, error)
  62. CreateOriginServers(ctx context.Context, req *v1.WebForwardingRequest) (map[string]int64, error)
  63. }
  64. func NewAidedWebService(
  65. service *service.Service,
  66. webForwardingRepository waf.WebForwardingRepository,
  67. wafformatter WafFormatterService,
  68. sslCert flexCdn.SslCertService,
  69. cdn flexCdn.CdnService,
  70. proxy flexCdn.ProxyService,
  71. websocket flexCdn.WebsocketService,
  72. cc CcService,
  73. ccIpList CcIpListService,
  74. gatewayIp GatewayipService,
  75. globalLimitRep waf.GlobalLimitRepository,
  76. ) AidedWebService {
  77. return &aidedWebService{
  78. Service: service,
  79. webForwardingRepository: webForwardingRepository,
  80. wafformatter: wafformatter,
  81. sslCert: sslCert,
  82. cdn: cdn,
  83. proxy: proxy,
  84. websocket: websocket,
  85. cc: cc,
  86. ccIpList: ccIpList,
  87. gatewayIp: gatewayIp,
  88. globalLimitRep: globalLimitRep,
  89. }
  90. }
  91. type aidedWebService struct {
  92. *service.Service
  93. webForwardingRepository waf.WebForwardingRepository
  94. wafformatter WafFormatterService
  95. sslCert flexCdn.SslCertService
  96. cdn flexCdn.CdnService
  97. proxy flexCdn.ProxyService
  98. websocket flexCdn.WebsocketService
  99. cc CcService
  100. ccIpList CcIpListService
  101. gatewayIp GatewayipService
  102. globalLimitRep waf.GlobalLimitRepository
  103. }
  104. const (
  105. // 协议类型常量
  106. isHttps = 1
  107. isHttp = 0
  108. protocolHttps = "https"
  109. protocolHttp = "http"
  110. // 默认配置常量
  111. defaultNodeClusterId = 2
  112. proxyProtocolVersion = 1
  113. )
  114. // Require 验证函数(原require函数)
  115. func (s *aidedWebService) Require(ctx context.Context, req v1.GlobalRequire) (v1.GlobalRequire, error) {
  116. var res v1.GlobalRequire
  117. //g, gCtx := errgroup.WithContext(ctx)
  118. //g.Go(func() error {
  119. // result, e := s.wafformatter.require(gCtx, req, "web")
  120. // if e != nil {
  121. // return e
  122. // }
  123. // res = result
  124. // return nil
  125. //})
  126. //g.Go(func() error {
  127. // e := s.wafformatter.validateWafDomainCount(gCtx, req)
  128. // if e != nil {
  129. // return e
  130. // }
  131. // return nil
  132. //})
  133. //if err = g.Wait(); err != nil {
  134. // return v1.GlobalRequire{}, err
  135. //}
  136. return res, nil
  137. }
  138. // BuildWebForwardingModel 辅助函数,用于构建通用的 WebForwarding 模型
  139. // ruleId 是从 WAF 系统获取的 ID
  140. func (s *aidedWebService) BuildWebForwardingModel(req *v1.WebForwardingDataRequest, ruleId int, require RequireResponse) *model.WebForwarding {
  141. return &model.WebForwarding{
  142. HostId: require.HostId,
  143. CdnWebId: ruleId,
  144. Port: req.Port,
  145. Domain: req.Domain,
  146. IsHttps: req.IsHttps,
  147. Comment: req.Comment,
  148. HttpsCert: req.HttpsCert,
  149. HttpsKey: req.HttpsKey,
  150. SslCertId: int(req.SslCertId),
  151. SslPolicyId: int(req.SslPolicyId),
  152. Cc: req.CcConfig.IsOn,
  153. ThresholdMethod: req.CcConfig.ThresholdMethod,
  154. Level: req.CcConfig.Level,
  155. Limit5s: req.CcConfig.Limit5s,
  156. Limit60s: req.CcConfig.Limit60s,
  157. Limit300s: req.CcConfig.Limit300s,
  158. Proxy: req.Proxy,
  159. }
  160. }
  161. // BuildWebRuleModel 构建WebForwardingRule模型
  162. func (s *aidedWebService) BuildWebRuleModel(reqData *v1.WebForwardingDataRequest, require RequireResponse, localDbId int, cdnOriginIds map[string]int64) *model.WebForwardingRule {
  163. return &model.WebForwardingRule{
  164. Uid: require.Uid,
  165. HostId: require.HostId,
  166. WebId: localDbId,
  167. CdnOriginIds: cdnOriginIds,
  168. BackendList: reqData.BackendList,
  169. }
  170. }
  171. // getRequire 获取前置配置
  172. func (s *aidedWebService) getRequire (ctx context.Context, req *v1.WebForwardingRequest) (RequireResponse, error) {
  173. // 1. 获取基础配置
  174. require, err := s.wafformatter.Require(ctx, v1.GlobalRequire{
  175. HostId: req.HostId,
  176. Uid: req.Uid,
  177. Comment: req.WebForwardingData.Comment,
  178. })
  179. if err != nil {
  180. return RequireResponse{}, fmt.Errorf("获取WAF前置配置失败: %w", err)
  181. }
  182. if require.Uid == 0 {
  183. return RequireResponse{}, fmt.Errorf("请先配置实例")
  184. }
  185. return require, nil
  186. }
  187. // PrepareWafData 准备WAF数据
  188. // 职责:协调整个流程,负责获取前置配置和组装最终的 formData。
  189. func (s *aidedWebService) PrepareWafData(ctx context.Context, req *v1.WebForwardingRequest) (RequireResponse, v1.Website, error) {
  190. // 1. 获取前置配置
  191. require, err := s.getRequire(ctx, req)
  192. if err != nil {
  193. return RequireResponse{}, v1.Website{}, err
  194. }
  195. // 2. 调用辅助函数,构建核心的代理配置 (将复杂逻辑封装起来)
  196. byteData, err := s.BuildProxyConfig(ctx, req, require.GatewayIps)
  197. if err != nil {
  198. return RequireResponse{}, v1.Website{}, err // 错误信息在辅助函数中已经包装好了
  199. }
  200. type serverNames struct {
  201. ServerNames string `json:"name" form:"name"`
  202. Type string `json:"type" form:"type"`
  203. }
  204. var serverName []serverNames
  205. var serverJson []byte
  206. if req.WebForwardingData.Domain != "" {
  207. serverName = append(serverName, serverNames{
  208. ServerNames: req.WebForwardingData.Domain,
  209. Type: "full",
  210. })
  211. serverJson, err = json.Marshal(serverName)
  212. if err != nil {
  213. return RequireResponse{}, v1.Website{}, err
  214. }
  215. }
  216. // 3. 组装最终的 WAF 表单数据
  217. formData := v1.Website{
  218. UserId: int64(require.CdnUid),
  219. Type: "httpProxy",
  220. Name: require.Tag,
  221. ServerNamesJSON: serverJson,
  222. Description: req.WebForwardingData.Comment,
  223. ServerGroupIds: []int64{int64(require.GroupId)},
  224. NodeClusterId: defaultNodeClusterId,
  225. }
  226. // 4. 根据协议类型,填充 HttpJSON 和 HttpsJSON 字段
  227. if req.WebForwardingData.IsHttps == isHttps {
  228. formData.HttpJSON = v1.TypeJSON{IsOn: false}
  229. formData.HttpsJSON = byteData
  230. } else {
  231. formData.HttpJSON = byteData
  232. formData.HttpsJSON = v1.TypeJSON{IsOn: false}
  233. }
  234. return require, formData, nil
  235. }
  236. func (s *aidedWebService) buildSslPolicy(ctx context.Context, data *v1.WebForwardingDataRequest) (v1.SslPolicyRef, error) {
  237. // 如果不是 HTTPS,直接返回关闭状态的 SSL 策略
  238. if data.IsHttps != isHttps {
  239. return v1.SslPolicyRef{
  240. IsOn: false,
  241. SslPolicyId: data.SslPolicyId,
  242. }, nil
  243. }
  244. // --- 以下是 HTTPS 的逻辑 ---
  245. sslPolicyID := data.SslPolicyId
  246. // 如果请求中没有提供 SSL 策略 ID,则为其创建一个新的
  247. if sslPolicyID == 0 {
  248. var err error
  249. sslPolicyID, err = s.sslCert.AddSslPolicy(ctx, nil)
  250. if err != nil {
  251. // 如果创建失败,返回零值和错误
  252. return v1.SslPolicyRef{}, err
  253. }
  254. }
  255. // 返回开启状态的 HTTPS 策略
  256. return v1.SslPolicyRef{
  257. IsOn: true,
  258. SslPolicyId: sslPolicyID,
  259. }, nil
  260. }
  261. // BuildProxyConfig 构建代理配置
  262. // 职责:专门负责处理 HTTP/HTTPS 的差异,并生成对应的 JSON 配置。
  263. func (s *aidedWebService) BuildProxyConfig(ctx context.Context, req *v1.WebForwardingRequest, gatewayIps []string) (v1.TypeJSON, error) {
  264. // 第一步:构建 SSL 策略。所有复杂的 if/else 都被封装在辅助函数中
  265. sslPolicy, err := s.buildSslPolicy(ctx, &req.WebForwardingData)
  266. if err != nil {
  267. return v1.TypeJSON{}, err
  268. }
  269. // 更新请求中的 SSL 策略
  270. req.WebForwardingData.SslPolicyId = sslPolicy.SslPolicyId
  271. // 第二步:根据协议类型确定 apiType
  272. apiType := protocolHttp
  273. if req.WebForwardingData.IsHttps == isHttps {
  274. apiType = protocolHttps
  275. }
  276. // 第三步:构建通用的 Listen 配置
  277. listenConfigs := make([]v1.Listen, 0, len(gatewayIps))
  278. for _, ip := range gatewayIps {
  279. listenConfigs = append(listenConfigs, v1.Listen{
  280. Protocol: apiType,
  281. Host: ip,
  282. Port: req.WebForwardingData.Port,
  283. })
  284. }
  285. // 第四步:组装并返回最终结果
  286. jsonData := v1.TypeJSON{
  287. IsOn: true,
  288. SslPolicyRef: sslPolicy,
  289. Listen: listenConfigs,
  290. }
  291. return jsonData, nil
  292. }
  293. // FindDifferenceList 查找两个列表的差异
  294. func (s *aidedWebService) FindDifferenceList(oldList, newList []v1.BackendList) (added, removed []v1.BackendList) {
  295. diff := make(map[v1.BackendList]int)
  296. // 1. 遍历旧列表,为每个元素计数 +1
  297. for _, item := range oldList {
  298. diff[item]++
  299. }
  300. // 2. 遍历新列表,为每个元素计数 -1
  301. for _, item := range newList {
  302. diff[item]--
  303. }
  304. // 3. 遍历 diff map 来找出差异
  305. for item, count := range diff {
  306. if count > 0 {
  307. // 如果 count > 0,说明这个元素在 oldList 中但不在 newList 中
  308. removed = append(removed, item)
  309. } else if count < 0 {
  310. // 如果 count < 0,说明这个元素在 newList 中但不在 oldList 中
  311. added = append(added, item)
  312. }
  313. // 如果 count == 0,说明元素在两个列表中都存在,不做任何操作
  314. }
  315. return added, removed
  316. }
  317. // WashDifferentIp 清洗IP差异 - 并发版本
  318. func (s *aidedWebService) WashDifferentIp(newIpList []string, oldIpList []string) (addedDenyIps []string, removedDenyIps []string) {
  319. // 并发验证并过滤有效IP
  320. oldAllowIps := s.filterValidIpsConcurrently(oldIpList)
  321. newAllowIps := s.filterValidIpsConcurrently(newIpList)
  322. addedDenyIps, removedDenyIps = s.wafformatter.findIpDifferences(oldAllowIps, newAllowIps)
  323. return addedDenyIps, removedDenyIps
  324. }
  325. // filterValidIpsConcurrently 并发过滤有效IP地址
  326. func (s *aidedWebService) filterValidIpsConcurrently(ipList []string) []string {
  327. if len(ipList) == 0 {
  328. return nil
  329. }
  330. // 小于10个IP时不使用并发,避免overhead
  331. if len(ipList) < 10 {
  332. return s.filterValidIpsSequentially(ipList)
  333. }
  334. type ipResult struct {
  335. ip string
  336. valid bool
  337. index int
  338. }
  339. resultChan := make(chan ipResult, len(ipList))
  340. semaphore := make(chan struct{}, 20) // 限制并发数为20
  341. // 启动goroutine验证IP
  342. for i, ip := range ipList {
  343. go func(ip string, index int) {
  344. semaphore <- struct{}{} // 获取信号量
  345. defer func() { <-semaphore }() // 释放信号量
  346. valid := net.ParseIP(ip) != nil
  347. resultChan <- ipResult{ip: ip, valid: valid, index: index}
  348. }(ip, i)
  349. }
  350. // 收集结果并保持原始顺序
  351. results := make([]ipResult, len(ipList))
  352. for i := 0; i < len(ipList); i++ {
  353. result := <-resultChan
  354. results[result.index] = result
  355. }
  356. close(resultChan)
  357. // 按原始顺序提取有效IP
  358. var validIps []string
  359. for _, result := range results {
  360. if result.valid {
  361. validIps = append(validIps, result.ip)
  362. }
  363. }
  364. return validIps
  365. }
  366. // filterValidIpsSequentially 顺序过滤有效IP地址(用于小数据集)
  367. func (s *aidedWebService) filterValidIpsSequentially(ipList []string) []string {
  368. var validIps []string
  369. for _, ip := range ipList {
  370. if net.ParseIP(ip) != nil {
  371. validIps = append(validIps, ip)
  372. }
  373. }
  374. return validIps
  375. }
  376. // EditLog 修改日志配置
  377. func (s *aidedWebService) EditLog(ctx context.Context, webId int64) error {
  378. webConfigId, err := s.webForwardingRepository.GetWebConfigId(ctx, webId)
  379. if err != nil {
  380. return err
  381. }
  382. if err := s.cdn.EditWebLog(ctx, webConfigId, v1.WebLog{
  383. IsPrior: false,
  384. IsOn: true,
  385. Fields: []int64{1, 2, 6, 7},
  386. Status1: true,
  387. Status2: true,
  388. Status3: true,
  389. Status4: true,
  390. Status5: true,
  391. FirewallOnly: false,
  392. EnableClientClosed: false,
  393. }); err != nil {
  394. return err
  395. }
  396. return nil
  397. }
  398. // BulidFormData 构建表单数据
  399. func (s *aidedWebService) BulidFormData(ctx context.Context, formData v1.Website) (v1.WebsiteSend, error) {
  400. httpJSON, err := json.Marshal(formData.HttpJSON)
  401. if err != nil {
  402. return v1.WebsiteSend{}, err
  403. }
  404. httpsJSON, err := json.Marshal(formData.HttpsJSON)
  405. if err != nil {
  406. return v1.WebsiteSend{}, err
  407. }
  408. formDataSend := v1.WebsiteSend{
  409. UserId: formData.UserId,
  410. AdminId: formData.AdminId,
  411. Type: formData.Type,
  412. Name: formData.Name,
  413. Description: formData.Description,
  414. ServerNamesJSON: formData.ServerNamesJSON,
  415. HttpJSON: httpJSON,
  416. HttpsJSON: httpsJSON,
  417. TcpJSON: formData.TcpJSON,
  418. TlsJSON: formData.TlsJSON,
  419. UdpJSON: formData.UdpJSON,
  420. WebId: formData.WebId,
  421. ReverseProxyJSON: formData.ReverseProxyJSON,
  422. ServerGroupIds: formData.ServerGroupIds,
  423. UserPlanId: formData.UserPlanId,
  424. NodeClusterId: formData.NodeClusterId,
  425. IncludeNodesJSON: formData.IncludeNodesJSON,
  426. ExcludeNodesJSON: formData.ExcludeNodesJSON,
  427. }
  428. return formDataSend, nil
  429. }
  430. // ProcessSSLCertificate 处理SSL证书
  431. func (s *aidedWebService) ProcessSSLCertificate(ctx context.Context, req *v1.WebForwardingRequest, cdnUid int) error {
  432. if !s.IsHttpsProtocol(req.WebForwardingData.IsHttps) {
  433. return nil // 非HTTPS协议不需要处理SSL证书
  434. }
  435. // 添加SSL证书
  436. sslCertId, err := s.sslCert.AddSSLCert(ctx, v1.SSL{
  437. Name: req.WebForwardingData.Domain,
  438. Domain: req.WebForwardingData.Domain,
  439. CertData: req.WebForwardingData.HttpsCert,
  440. KeyData: req.WebForwardingData.HttpsKey,
  441. CdnUserId: cdnUid,
  442. Description: req.WebForwardingData.Comment,
  443. })
  444. if err != nil {
  445. return fmt.Errorf("添加SSL证书失败: %w", err)
  446. }
  447. // 更新请求中的证书ID
  448. req.WebForwardingData.SslCertId = sslCertId
  449. // 编辑SSL策略
  450. if err := s.sslCert.EditSslPolicy(ctx, req.WebForwardingData.SslPolicyId, []int64{sslCertId}, "add"); err != nil {
  451. return fmt.Errorf("编辑SSL策略失败: %w", err)
  452. }
  453. return nil
  454. }
  455. // CreateOriginServers 创建源站服务器
  456. func (s *aidedWebService) CreateOriginServers(ctx context.Context, req *v1.WebForwardingRequest) (map[string]int64, error) {
  457. cdnOriginIds := make(map[string]int64)
  458. for _, backend := range req.WebForwardingData.BackendList {
  459. apiType := s.GetProtocolType(backend.IsHttps)
  460. id, err := s.wafformatter.AddOrigin(ctx, v1.WebJson{
  461. ApiType: apiType,
  462. BackendList: backend.Addr,
  463. Host: backend.CustomHost,
  464. Comment: req.WebForwardingData.Comment,
  465. })
  466. if err != nil {
  467. return nil, fmt.Errorf("添加源站 %s 失败: %w", backend.Addr, err)
  468. }
  469. cdnOriginIds[backend.Addr] = id
  470. }
  471. return cdnOriginIds, nil
  472. }
  473. // GetProtocolType 获取协议类型字符串
  474. func (s *aidedWebService) GetProtocolType(isHttps int) string {
  475. if s.IsHttpsProtocol(isHttps) {
  476. return protocolHttps
  477. }
  478. return protocolHttp
  479. }
  480. // IsHttpsProtocol 判断是否为HTTPS协议
  481. func (s *aidedWebService) IsHttpsProtocol(httpsFlag int) bool {
  482. return httpsFlag == isHttps
  483. }
  484. // ValidateAddRequest 验证添加请求
  485. func (s *aidedWebService) ValidateAddRequest(ctx context.Context, req *v1.WebForwardingRequest, require RequireResponse) error {
  486. if err := s.wafformatter.validateWafDomainCount(ctx, v1.GlobalRequire{
  487. HostId: req.HostId,
  488. Domain: req.WebForwardingData.Domain,
  489. Comment: req.WebForwardingData.Comment,
  490. Uid: req.Uid,
  491. }); err != nil {
  492. return fmt.Errorf("域名数量验证失败: %w", err)
  493. }
  494. if err := s.wafformatter.validateWafPortCount(ctx, require.HostId); err != nil {
  495. return fmt.Errorf("端口数量验证失败: %w", err)
  496. }
  497. protocol := s.GetProtocolType(req.WebForwardingData.IsHttps)
  498. if err := s.wafformatter.VerifyPort(ctx, protocol, int64(req.WebForwardingData.Id), req.WebForwardingData.Port, int64(require.HostId), req.WebForwardingData.Domain); err != nil {
  499. return fmt.Errorf("端口 %d 验证失败: %w", req.WebForwardingData.Port, err)
  500. }
  501. return nil
  502. }
  503. // ValidateEditRequest 验证编辑请求
  504. func (s *aidedWebService) ValidateEditRequest(ctx context.Context, req *v1.WebForwardingRequest) error {
  505. if err := s.wafformatter.validateWafDomainCount(ctx, v1.GlobalRequire{
  506. HostId: req.HostId,
  507. Domain: req.WebForwardingData.Domain,
  508. Comment: req.WebForwardingData.Comment,
  509. Uid: req.Uid,
  510. }); err != nil {
  511. return fmt.Errorf("域名数量验证失败: %w", err)
  512. }
  513. protocol := s.GetProtocolType(req.WebForwardingData.IsHttps)
  514. if err := s.wafformatter.VerifyPort(ctx, protocol, int64(req.WebForwardingData.Id), req.WebForwardingData.Port, int64(req.HostId), req.WebForwardingData.Domain); err != nil {
  515. return fmt.Errorf("端口 %d 验证失败: %w", req.WebForwardingData.Port, err)
  516. }
  517. return nil
  518. }
  519. // ValidateDeletePermission 验证删除权限
  520. func (s *aidedWebService) ValidateDeletePermission(oldHostId int, hostId int) error {
  521. if oldHostId != hostId {
  522. return fmt.Errorf("用户权限不足")
  523. }
  524. return nil
  525. }
  526. // CreateCdnWebsite 创建CDN网站
  527. func (s *aidedWebService) CreateCdnWebsite(ctx context.Context, formData v1.Website) (int64, error) {
  528. formDataSend, err := s.BulidFormData(ctx, formData)
  529. if err != nil {
  530. return 0, fmt.Errorf("构建表单数据失败: %w", err)
  531. }
  532. webId, err := s.cdn.CreateWebsite(ctx, formDataSend)
  533. if err != nil {
  534. return 0, fmt.Errorf("创建CDN网站失败: %w", err)
  535. }
  536. return webId, nil
  537. }
  538. // UpdateCdnConfiguration 更新CDN配置
  539. func (s *aidedWebService) UpdateCdnConfiguration(ctx context.Context, req *v1.WebForwardingRequest, oldData *model.WebForwarding, tag string, formData v1.Website) error {
  540. // 修改网站端口、协议或证书
  541. if oldData.Port != req.WebForwardingData.Port || oldData.IsHttps != req.WebForwardingData.IsHttps ||
  542. oldData.HttpsCert != req.WebForwardingData.HttpsCert || oldData.HttpsKey != req.WebForwardingData.HttpsKey {
  543. if err := s.updateWebsiteProtocolAndCert(ctx, req.WebForwardingData.IsHttps, int64(oldData.CdnWebId), formData); err != nil {
  544. return err
  545. }
  546. }
  547. // 修改网站域名
  548. if oldData.Domain != req.WebForwardingData.Domain {
  549. if err := s.updateWebsiteDomain(ctx, req.WebForwardingData.Domain, int64(oldData.CdnWebId)); err != nil {
  550. return err
  551. }
  552. }
  553. // 修改网站名字
  554. if oldData.Comment != req.WebForwardingData.Comment {
  555. if err := s.updateWebsiteBasicInfo(ctx, int64(oldData.CdnWebId), tag); err != nil {
  556. return err
  557. }
  558. }
  559. return nil
  560. }
  561. // DeleteCdnServer 删除CDN服务器
  562. func (s *aidedWebService) DeleteCdnServer(ctx context.Context, cdnWebId int) error {
  563. if err := s.cdn.DelServer(ctx, int64(cdnWebId)); err != nil {
  564. return fmt.Errorf("删除CDN服务器失败: %w", err)
  565. }
  566. return nil
  567. }
  568. // updateWebsiteProtocolAndCert 更新网站协议和证书
  569. func (s *aidedWebService) updateWebsiteProtocolAndCert(ctx context.Context, isHttps int, cdnWebId int64, formData v1.Website) error {
  570. // 切换协议
  571. var typeConfig, closeConfig v1.TypeJSON
  572. var apiType, closeType string
  573. if s.IsHttpsProtocol(isHttps) {
  574. typeConfig = formData.HttpsJSON
  575. closeConfig = formData.HttpJSON
  576. apiType = s.GetProtocolType(isHttps)
  577. closeType = s.GetProtocolType(0) // HTTP
  578. } else {
  579. typeConfig = formData.HttpJSON
  580. closeConfig = formData.HttpsJSON
  581. apiType = s.GetProtocolType(isHttps)
  582. closeType = s.GetProtocolType(1) // HTTPS
  583. }
  584. typeJson, err := json.Marshal(typeConfig)
  585. if err != nil {
  586. return fmt.Errorf("序列化协议配置失败: %w", err)
  587. }
  588. closeJson, err := json.Marshal(closeConfig)
  589. if err != nil {
  590. return fmt.Errorf("序列化关闭协议配置失败: %w", err)
  591. }
  592. // 切换协议
  593. if err := s.cdn.EditServerType(ctx, v1.EditWebsite{
  594. Id: cdnWebId,
  595. TypeJSON: typeJson,
  596. }, apiType); err != nil {
  597. return fmt.Errorf("切换到%s协议失败: %w", apiType, err)
  598. }
  599. if err := s.cdn.EditServerType(ctx, v1.EditWebsite{
  600. Id: cdnWebId,
  601. TypeJSON: closeJson,
  602. }, closeType); err != nil {
  603. return fmt.Errorf("关闭%s协议失败: %w", closeType, err)
  604. }
  605. return nil
  606. }
  607. // updateWebsiteDomain 更新网站域名
  608. func (s *aidedWebService) updateWebsiteDomain(ctx context.Context, domain string, cdnWebId int64) error {
  609. type serverName struct {
  610. Name string `json:"name" form:"name"`
  611. Type string `json:"type" form:"type"`
  612. }
  613. var serverData []serverName
  614. serverData = append(serverData, serverName{
  615. Name: domain,
  616. Type: "full",
  617. })
  618. serverJson, err := json.Marshal(serverData)
  619. if err != nil {
  620. return fmt.Errorf("序列化服务器名称失败: %w", err)
  621. }
  622. if err := s.cdn.EditServerName(ctx, v1.EditServerNames{
  623. ServerId: cdnWebId,
  624. ServerNamesJSON: serverJson,
  625. }); err != nil {
  626. return fmt.Errorf("更新服务器名称失败: %w", err)
  627. }
  628. return nil
  629. }
  630. // updateWebsiteBasicInfo 更新网站基本信息
  631. func (s *aidedWebService) updateWebsiteBasicInfo(ctx context.Context, cdnWebId int64, tag string) error {
  632. // 通过globalLimitRep获取节点ID,这是项目中现有的方法
  633. nodeId, err := s.globalLimitRep.GetNodeId(ctx, int(cdnWebId))
  634. if err != nil {
  635. return fmt.Errorf("获取节点ID失败: %w", err)
  636. }
  637. if err := s.cdn.EditServerBasic(ctx, cdnWebId, tag, nodeId); err != nil {
  638. return fmt.Errorf("更新服务器基本信息失败: %w", err)
  639. }
  640. return nil
  641. }
  642. // AddOriginsToWebsite 添加源站到网站
  643. func (s *aidedWebService) AddOriginsToWebsite(ctx context.Context, req *v1.WebForwardingRequest, webId int64) (map[string]int64, error) {
  644. cdnOriginIds, err := s.CreateOriginServers(ctx, req)
  645. if err != nil {
  646. return nil, fmt.Errorf("创建源站服务器失败: %w", err)
  647. }
  648. // 添加源站到网站
  649. for _, originId := range cdnOriginIds {
  650. if err := s.cdn.AddServerOrigin(ctx, webId, originId); err != nil {
  651. return nil, fmt.Errorf("添加源站到网站失败: %w", err)
  652. }
  653. }
  654. return cdnOriginIds, nil
  655. }
  656. // UpdateOriginServers 更新源站服务器
  657. func (s *aidedWebService) UpdateOriginServers(ctx context.Context, req *v1.WebForwardingRequest, oldData *model.WebForwarding, ipData *model.WebForwardingRule) error {
  658. addOrigins, delOrigins := s.FindDifferenceList(ipData.BackendList, req.WebForwardingData.BackendList)
  659. addedIds := make(map[string]int64)
  660. // 添加新源站
  661. for _, v := range addOrigins {
  662. apiType := s.GetProtocolType(v.IsHttps)
  663. id, err := s.wafformatter.AddOrigin(ctx, v1.WebJson{
  664. ApiType: apiType,
  665. BackendList: v.Addr,
  666. Host: v.CustomHost,
  667. Comment: req.WebForwardingData.Comment,
  668. })
  669. if err != nil {
  670. return fmt.Errorf("添加源站 %s 失败: %w", v.Addr, err)
  671. }
  672. addedIds[v.Addr] = id
  673. }
  674. // 将新源站添加到网站
  675. for _, v := range addedIds {
  676. if err := s.cdn.AddServerOrigin(ctx, int64(oldData.CdnWebId), v); err != nil {
  677. return fmt.Errorf("添加源站到网站失败: %w", err)
  678. }
  679. }
  680. // 删除旧源站
  681. for k, v := range ipData.CdnOriginIds {
  682. for _, ip := range delOrigins {
  683. if k == ip.Addr {
  684. if err := s.cdn.DelServerOrigin(ctx, int64(oldData.CdnWebId), v); err != nil {
  685. return fmt.Errorf("删除源站失败: %w", err)
  686. }
  687. delete(ipData.CdnOriginIds, k)
  688. }
  689. }
  690. }
  691. // 合并新的源站ID
  692. for k, v := range addedIds {
  693. ipData.CdnOriginIds[k] = v
  694. }
  695. return nil
  696. }
  697. // ConfigureWebsocket 配置WebSocket
  698. func (s *aidedWebService) ConfigureWebsocket(ctx context.Context, webId int64) error {
  699. websocketId, err := s.websocket.AddWebsocket(ctx)
  700. if err != nil {
  701. return fmt.Errorf("添加WebSocket失败: %w", err)
  702. }
  703. if err := s.websocket.EnableOrDisable(ctx, webId, websocketId, true, false); err != nil {
  704. return fmt.Errorf("启用WebSocket失败: %w", err)
  705. }
  706. return nil
  707. }
  708. // ConfigureProxyProtocol 配置代理协议
  709. func (s *aidedWebService) ConfigureProxyProtocol(ctx context.Context, proxy bool, cdnWebId int64) error {
  710. if err := s.proxy.EditProxy(ctx, cdnWebId, v1.ProxyProtocolJSON{
  711. IsOn: proxy,
  712. Version: proxyProtocolVersion,
  713. }); err != nil {
  714. return fmt.Errorf("启用代理协议失败: %w", err)
  715. }
  716. return nil
  717. }
  718. // ConfigureCCProtection 配置CC防护
  719. func (s *aidedWebService) ConfigureCCProtection(ctx context.Context, ccConfig v1.CcConfigRequest, webId int64) error {
  720. if err := s.cc.EditCcConfig(ctx, webId, ccConfig); err != nil {
  721. return fmt.Errorf("配置CC防护失败: %w", err)
  722. }
  723. return nil
  724. }
  725. // ConfigureWafFirewall 配置WAF防火墙
  726. func (s *aidedWebService) ConfigureWafFirewall(ctx context.Context, webId int64, groupId int) error {
  727. if err := s.ccIpList.AddCcIpListPolicy(ctx, webId, int64(groupId)); err != nil {
  728. return fmt.Errorf("配置WAF防火墙失败: %w", err)
  729. }
  730. return nil
  731. }
  732. // ProcessAsyncTasks 处理异步任务
  733. func (s *aidedWebService) ProcessAsyncTasks(ctx context.Context, req *v1.WebForwardingRequest, require RequireResponse) {
  734. // 域名白名单处理
  735. if req.WebForwardingData.Domain != "" {
  736. go func() {
  737. doMain, err := s.wafformatter.ConvertToWildcardDomain(ctx, req.WebForwardingData.Domain)
  738. if err != nil {
  739. return
  740. }
  741. if len(require.GatewayIps) == 0 {
  742. return
  743. }
  744. firstIp, err := s.gatewayIp.GetGatewayipByHostIdFirst(ctx, int64(require.HostId), int64(require.Uid))
  745. if err != nil {
  746. return
  747. }
  748. s.wafformatter.PublishDomainWhitelistTask(doMain, firstIp, "add")
  749. }()
  750. }
  751. // 源站IP白名单处理
  752. if req.WebForwardingData.BackendList != nil {
  753. go func() {
  754. var ips []string
  755. for _, v := range req.WebForwardingData.BackendList {
  756. ip, _, err := net.SplitHostPort(v.Addr)
  757. if err != nil {
  758. continue
  759. }
  760. ips = append(ips, ip)
  761. }
  762. if len(ips) > 0 {
  763. s.wafformatter.PublishIpWhitelistTask(ips, "add", "", "white")
  764. }
  765. }()
  766. }
  767. }
  768. // ProcessIpWhitelistChanges 处理IP白名单变更
  769. func (s *aidedWebService) ProcessIpWhitelistChanges(ctx context.Context, req *v1.WebForwardingRequest, ipData *model.WebForwardingRule) error {
  770. var oldIps, newIps []string
  771. // 提取旧IP列表
  772. for _, v := range ipData.BackendList {
  773. ip, _, err := net.SplitHostPort(v.Addr)
  774. if err != nil {
  775. return fmt.Errorf("解析旧IP地址失败: %w", err)
  776. }
  777. oldIps = append(oldIps, ip)
  778. }
  779. // 提取新IP列表
  780. for _, v := range req.WebForwardingData.BackendList {
  781. ip, _, err := net.SplitHostPort(v.Addr)
  782. if err != nil {
  783. return fmt.Errorf("解析新IP地址失败: %w", err)
  784. }
  785. newIps = append(newIps, ip)
  786. }
  787. // 查找IP差异
  788. addedIps, removedIps := s.wafformatter.findIpDifferences(oldIps, newIps)
  789. // 异步处理添加的IP
  790. if len(addedIps) > 0 {
  791. go s.wafformatter.PublishIpWhitelistTask(addedIps, "add", "", "white")
  792. }
  793. // 异步处理删除的IP
  794. if len(removedIps) > 0 {
  795. go func() {
  796. ipsToDelist, err := s.wafformatter.WashDelIps(ctx, removedIps)
  797. if err != nil {
  798. return
  799. }
  800. if len(ipsToDelist) > 0 {
  801. s.wafformatter.PublishIpWhitelistTask(ipsToDelist, "del", "0", "white")
  802. }
  803. }()
  804. }
  805. return nil
  806. }
  807. // ProcessDeleteIpWhitelist 处理删除IP白名单
  808. func (s *aidedWebService) ProcessDeleteIpWhitelist(ctx context.Context, id int) error {
  809. ipData, err := s.webForwardingRepository.GetWebForwardingIpsByID(ctx, id)
  810. if err != nil {
  811. return fmt.Errorf("获取IP数据失败: %w", err)
  812. }
  813. if ipData != nil && len(ipData.BackendList) > 0 {
  814. var ips []string
  815. for _, v := range ipData.BackendList {
  816. ip, _, err := net.SplitHostPort(v.Addr)
  817. if err != nil {
  818. continue
  819. }
  820. ips = append(ips, ip)
  821. }
  822. if len(ips) > 0 {
  823. go func() {
  824. ipsToDelist, err := s.wafformatter.WashDelIps(ctx, ips)
  825. if err != nil {
  826. return
  827. }
  828. if len(ipsToDelist) > 0 {
  829. s.wafformatter.PublishIpWhitelistTask(ipsToDelist, "del", "0", "white")
  830. }
  831. }()
  832. }
  833. }
  834. return nil
  835. }
  836. // ProcessDomainWhitelistChanges 处理域名白名单变更
  837. func (s *aidedWebService) ProcessDomainWhitelistChanges(ctx context.Context, req *v1.WebForwardingRequest, oldData *model.WebForwarding, require RequireResponse) error {
  838. if oldData.Domain != req.WebForwardingData.Domain {
  839. firstIp, err := s.gatewayIp.GetGatewayipByHostIdFirst(ctx, int64(req.HostId), int64(req.Uid))
  840. if err != nil {
  841. return fmt.Errorf("获取网关IP失败: %w", err)
  842. }
  843. newDomain, err := s.wafformatter.ConvertToWildcardDomain(ctx, req.WebForwardingData.Domain)
  844. if err != nil {
  845. return fmt.Errorf("转换新域名失败: %w", err)
  846. }
  847. oldDomain, err := s.wafformatter.ConvertToWildcardDomain(ctx, oldData.Domain)
  848. if err != nil {
  849. return fmt.Errorf("转换旧域名失败: %w", err)
  850. }
  851. if len(require.GatewayIps) == 0 {
  852. return fmt.Errorf("网关组不存在")
  853. }
  854. // 检查旧域名使用数量
  855. count, err := s.webForwardingRepository.GetDomainCount(ctx, req.HostId, oldData.Domain)
  856. if err != nil {
  857. return fmt.Errorf("获取域名使用数量失败: %w", err)
  858. }
  859. // 异步处理域名白名单变更
  860. go func() {
  861. if count < 2 {
  862. s.wafformatter.PublishDomainWhitelistTask(oldDomain, firstIp, "del")
  863. }
  864. s.wafformatter.PublishDomainWhitelistTask(newDomain, firstIp, "add")
  865. }()
  866. }
  867. return nil
  868. }
  869. // ProcessDeleteDomainWhitelist 处理删除域名白名单
  870. func (s *aidedWebService) ProcessDeleteDomainWhitelist(ctx context.Context, oldData *model.WebForwarding, uid int) error {
  871. if oldData.Domain != "" {
  872. firstIp, err := s.gatewayIp.GetGatewayipByHostIdFirst(ctx, int64(oldData.HostId), int64(uid))
  873. if err != nil {
  874. return fmt.Errorf("获取网关IP失败: %w", err)
  875. }
  876. doMain, err := s.wafformatter.ConvertToWildcardDomain(ctx, oldData.Domain)
  877. if err != nil {
  878. return fmt.Errorf("转换域名失败: %w", err)
  879. }
  880. go s.wafformatter.PublishDomainWhitelistTask(doMain, firstIp, "del")
  881. }
  882. return nil
  883. }
  884. // SaveToDatabase 保存到数据库
  885. func (s *aidedWebService) SaveToDatabase(ctx context.Context, req *v1.WebForwardingRequest, require RequireResponse, webId int64, cdnOriginIds map[string]int64) (int, error) {
  886. webModel := s.BuildWebForwardingModel(&req.WebForwardingData, int(webId), require)
  887. id, err := s.webForwardingRepository.AddWebForwarding(ctx, webModel)
  888. if err != nil {
  889. return 0, fmt.Errorf("添加Web转发记录失败: %w", err)
  890. }
  891. webRuleModel := s.BuildWebRuleModel(&req.WebForwardingData, require, id, cdnOriginIds)
  892. if _, err = s.webForwardingRepository.AddWebForwardingIps(ctx, *webRuleModel); err != nil {
  893. return 0, fmt.Errorf("添加Web转发规则失败: %w", err)
  894. }
  895. return id, nil
  896. }
  897. // UpdateDatabaseRecords 更新数据库记录
  898. func (s *aidedWebService) UpdateDatabaseRecords(ctx context.Context, req *v1.WebForwardingRequest, require RequireResponse, ipData *model.WebForwardingRule) error {
  899. webModel := s.BuildWebForwardingModel(&req.WebForwardingData, req.WebForwardingData.CdnWebId, require)
  900. webModel.Id = req.WebForwardingData.Id
  901. if err := s.webForwardingRepository.EditWebForwarding(ctx, webModel); err != nil {
  902. return fmt.Errorf("更新Web转发记录失败: %w", err)
  903. }
  904. webRuleModel := s.BuildWebRuleModel(&req.WebForwardingData, require, req.WebForwardingData.Id, ipData.CdnOriginIds)
  905. if err := s.webForwardingRepository.EditWebForwardingIps(ctx, *webRuleModel); err != nil {
  906. return fmt.Errorf("更新Web转发规则失败: %w", err)
  907. }
  908. return nil
  909. }
  910. // CleanupDatabaseRecords 清理数据库记录
  911. func (s *aidedWebService) CleanupDatabaseRecords(ctx context.Context, id int) error {
  912. if err := s.webForwardingRepository.DeleteWebForwarding(ctx, int64(id)); err != nil {
  913. return fmt.Errorf("删除Web转发记录失败: %w", err)
  914. }
  915. if err := s.webForwardingRepository.DeleteWebForwardingIpsById(ctx, id); err != nil {
  916. return fmt.Errorf("删除Web转发规则失败: %w", err)
  917. }
  918. return nil
  919. }
  920. // ProcessSSLCertificateUpdate 处理SSL证书更新
  921. func (s *aidedWebService) ProcessSSLCertificateUpdate(ctx context.Context, req *v1.WebForwardingRequest, oldData *model.WebForwarding, cdnUid int) error {
  922. if !s.IsHttpsProtocol(req.WebForwardingData.IsHttps) {
  923. return nil // 非HTTPS协议不需要处理SSL证书
  924. }
  925. // 如果证书ID为0
  926. if oldData.SslCertId == 0 {
  927. err := s.ProcessSSLCertificate(ctx, req, cdnUid)
  928. if err != nil {
  929. return fmt.Errorf("处理SSL证书失败: %w", err)
  930. }
  931. return nil
  932. }
  933. // 如果证书内容有变化
  934. if oldData.HttpsCert != req.WebForwardingData.HttpsCert || oldData.HttpsKey != req.WebForwardingData.HttpsKey {
  935. if err := s.sslCert.EditSSLCert(ctx, v1.SSL{
  936. Name: req.WebForwardingData.Domain,
  937. CertId: oldData.SslCertId,
  938. CertData: req.WebForwardingData.HttpsCert,
  939. KeyData: req.WebForwardingData.HttpsKey,
  940. CdnUserId: cdnUid,
  941. Domain: req.WebForwardingData.Domain,
  942. Description: req.WebForwardingData.Comment,
  943. }); err != nil {
  944. return fmt.Errorf("更新SSL证书失败: %w", err)
  945. }
  946. }
  947. return nil
  948. }
  949. // CleanupSSLCertificate 清理SSL证书
  950. func (s *aidedWebService) CleanupSSLCertificate(ctx context.Context, oldData *model.WebForwarding) error {
  951. if oldData.SslCertId != 0 {
  952. if err := s.cdn.DelSSLCert(ctx, int64(oldData.SslCertId)); err != nil {
  953. return fmt.Errorf("删除SSL证书失败: %w", err)
  954. }
  955. if err := s.sslCert.EditSslPolicy(ctx, int64(oldData.SslPolicyId), []int64{int64(oldData.SslCertId)}, "del"); err != nil {
  956. return fmt.Errorf("删除SSL策略失败: %w", err)
  957. }
  958. }
  959. return nil
  960. }