go_gameshield/internal/service/tcpforwarding.go

package service

import (
	"context"
	"encoding/json"
	"fmt"
	v1 "github.com/go-nunu/nunu-layout-advanced/api/v1"
	"github.com/go-nunu/nunu-layout-advanced/internal/model"
	"github.com/go-nunu/nunu-layout-advanced/internal/repository"
	"golang.org/x/sync/errgroup"
	"maps"
	"net"
	"sort"
)

type TcpforwardingService interface {
	GetTcpforwarding(ctx context.Context, req v1.GetForwardingRequest) (v1.TcpForwardingDataRequest, error)
	AddTcpForwarding(ctx context.Context, req *v1.TcpForwardingRequest)  error
	EditTcpForwarding(ctx context.Context, req *v1.TcpForwardingRequest)  error
	DeleteTcpForwarding(ctx context.Context, req v1.DeleteTcpForwardingRequest) error
	GetTcpForwardingAllIpsByHostId(ctx context.Context, req v1.GetForwardingRequest) ([]v1.TcpForwardingDataRequest, error)
}

func NewTcpforwardingService(
	service *Service,
	tcpforwardingRepository repository.TcpforwardingRepository,
	parser ParserService,
	required RequiredService,
	crawler CrawlerService,
	globalRep repository.GlobalLimitRepository,
	hostRep repository.HostRepository,
	wafformatter WafFormatterService,
	cdn CdnService,
) TcpforwardingService {
	return &tcpforwardingService{
		Service:                 service,
		tcpforwardingRepository: tcpforwardingRepository,
		parser:                  parser,
		required:                required,
		crawler:                 crawler,
		globalRep:               globalRep,
		hostRep:                 hostRep,
		wafformatter:            wafformatter,
		cdn:                     cdn,
	}
}

type tcpforwardingService struct {
	*Service
	tcpforwardingRepository repository.TcpforwardingRepository
	parser                  ParserService
	required                RequiredService
	crawler                 CrawlerService
	globalRep               repository.GlobalLimitRepository
	hostRep      repository.HostRepository
	wafformatter WafFormatterService
	cdn CdnService
}

func (s *tcpforwardingService) GetTcpforwarding(ctx context.Context, req v1.GetForwardingRequest) (v1.TcpForwardingDataRequest, error) {
	var tcpForwarding model.Tcpforwarding
	var backend model.TcpForwardingRule
	var err error

	g, gCtx := errgroup.WithContext(ctx)
	g.Go(func() error {
		res, e := s.tcpforwardingRepository.GetTcpforwarding(gCtx, int64(req.Id))
		if e != nil {
			return fmt.Errorf("GetTcpforwarding failed: %w", e)
		}
		if res != nil {
			tcpForwarding = *res
		}
		return nil
	})

	g.Go(func() error {
		res, e := s.tcpforwardingRepository.GetTcpForwardingIpsByID(gCtx, req.Id)
		if e != nil {
			return fmt.Errorf("GetTcpforwardingIps failed: %w", e)
		}
		if res != nil {
			backend = *res
		}
		return nil
	})
	if err = g.Wait(); err != nil {
		return v1.TcpForwardingDataRequest{}, err
	}

	return v1.TcpForwardingDataRequest{
		Id:               tcpForwarding.Id,
		Port:             tcpForwarding.Port,
		Comment:          tcpForwarding.Comment,
		BackendList:       backend.BackendList,
		AllowIpList:       backend.AllowIpList,
		DenyIpList:        backend.DenyIpList,
		AccessRule:        backend.AccessRule,
	}, nil
}


func (s *tcpforwardingService) buildTcpForwardingModel(req *v1.TcpForwardingDataRequest, ruleId int, require RequireResponse) *model.Tcpforwarding {
	return &model.Tcpforwarding{
		HostId:  require.HostId,
		CdnWebId: ruleId,
		Port:    req.Port,
		Comment: req.Comment,
	}
}

func (s *tcpforwardingService) buildTcpRuleModel(reqData *v1.TcpForwardingDataRequest, require RequireResponse, localDbId int, cdnOriginIds map[string]int64) *model.TcpForwardingRule {
	return &model.TcpForwardingRule{
		Uid:         require.Uid,
		HostId:      require.HostId,
		TcpId:       localDbId, // 关联到本地数据库的主记录 ID
		CdnOriginIds: cdnOriginIds,
		BackendList: reqData.BackendList,
		AllowIpList: reqData.AllowIpList,
		DenyIpList:  reqData.DenyIpList,
		AccessRule:  reqData.AccessRule,
	}
}

func (s *tcpforwardingService) prepareWafData(ctx context.Context, req *v1.TcpForwardingRequest) (RequireResponse, v1.Website, error) {
	// 1. 获取必要的全局信息
	require, err := s.wafformatter.Require(ctx, v1.GlobalRequire{
		HostId:  req.HostId,
		Uid:     req.Uid,
		Comment: req.TcpForwardingData.Comment,
	})
	if err != nil {
		return RequireResponse{}, v1.Website{}, err
	}
	if require.GatewayGroupId == 0 || require.Uid == 0 {
		return RequireResponse{}, v1.Website{}, fmt.Errorf("请先配置实例")
	}
	var jsonData v1.TypeJSON
	jsonData.IsOn = true
	for _, v := range require.GatewayIps {
		jsonData.Listen = append(jsonData.Listen, v1.Listen{
			Protocol: "tcp",
			Host:     v,
			Port: 		req.TcpForwardingData.Port,
		})
	}

	byteData, err := json.Marshal(jsonData)
	if err != nil {
		return RequireResponse{}, v1.Website{}, err
	}

	formData := v1.Website{
		UserId:         int64(require.CdnUid),
		Type:           "tcpProxy",
		Name:           require.Tag,
		Description:    req.TcpForwardingData.Comment,
		TcpJSON:        byteData,
		ServerGroupIds: []int64{int64(require.GroupId)},
		UserPlanId: int64(require.RuleId),
		NodeClusterId:  1,
	}
	return require, formData, nil
}

func (s *tcpforwardingService) AddTcpForwarding(ctx context.Context, req *v1.TcpForwardingRequest)  error {
	require, formData, err := s.prepareWafData(ctx, req)
	if err != nil {
		return err
	}
	err = s.wafformatter.validateWafPortCount(ctx, require.HostId)
	if err != nil {
		return err
	}

	tcpId, err := s.cdn.CreateWebsite(ctx, formData)
	if err != nil {
		return err
	}

	// 添加源站
	cdnOriginIds := make(map[string]int64)
	for _, v := range req.TcpForwardingData.BackendList{
		id, err := s.wafformatter.AddOrigin(ctx, v1.WebJson{
			ApiType:     "tcp",
			BackendList: v,
			Comment:     req.TcpForwardingData.Comment,
		})
		if err != nil {
			return err
		}
		cdnOriginIds[v] = id
	}

	// 添加源站到网站
	for _, v := range cdnOriginIds {
		err = s.cdn.AddServerOrigin(ctx, tcpId, v)
		if err != nil {
			return err
		}
	}



	tcpModel := s.buildTcpForwardingModel(&req.TcpForwardingData, int(tcpId), require)

	id, err := s.tcpforwardingRepository.AddTcpforwarding(ctx, tcpModel)
	if err != nil {
		return  err
	}
	TcpRuleModel := s.buildTcpRuleModel(&req.TcpForwardingData, require, id, cdnOriginIds)
	if _, err = s.tcpforwardingRepository.AddTcpforwardingIps(ctx, *TcpRuleModel); err != nil {
		return err
	}


	// 异步任务：将IP添加到白名单
	var ips []string
	if req.TcpForwardingData.BackendList != nil {
		for _, v := range req.TcpForwardingData.BackendList {
			ip, _, err := net.SplitHostPort(v)
			if err != nil {
				return err
			}
			ips = append(ips, ip)
		}
		go s.wafformatter.PublishIpWhitelistTask(ips, "add","","white")
	}

	//白名单
	var accessRuleIps []string
	if req.TcpForwardingData.AllowIpList != nil {
		for _, v := range require.GatewayIps {
			for _, ip := range req.TcpForwardingData.AllowIpList {
				if net.ParseIP(ip) != nil{
					accessRuleIps = append(accessRuleIps, ip)
				}
			}
			go s.wafformatter.PublishIpWhitelistTask(accessRuleIps, "add",v,"white")
		}

	}
	//黑名单
	var denyRuleIps []string
	if req.TcpForwardingData.DenyIpList != nil {
		for _, v := range require.GatewayIps {
			for _, ip := range req.TcpForwardingData.DenyIpList {
				if net.ParseIP(ip) != nil{
					denyRuleIps = append(denyRuleIps, ip)
				}
			}
			go s.wafformatter.PublishIpWhitelistTask(denyRuleIps, "add",v,"black")
		}
	}
	return  nil
}

func (s *tcpforwardingService) EditTcpForwarding(ctx context.Context, req *v1.TcpForwardingRequest) error {
	require, formData, err := s.prepareWafData(ctx, req)
	if err != nil {
		return  err
	}

	oldData, err := s.tcpforwardingRepository.GetTcpforwarding(ctx, int64(req.TcpForwardingData.Id))
	if err != nil {
		return err
	}

	//修改网站端口
	if oldData.Port != req.TcpForwardingData.Port {
		err = s.cdn.EditServerType(ctx, v1.EditWebsite{
			Id:       int64(oldData.CdnWebId),
			TypeJSON: formData.TcpJSON,
		}, "tcp")
		if err != nil {
			return err
		}
	}

	//修改网站名字
	if oldData.Comment != req.TcpForwardingData.Comment {
		err = s.cdn.EditServerBasic(ctx, int64(oldData.CdnWebId), require.Tag)
		if err != nil {
			return err
		}
	}

	// 异步任务：将IP添加到白名单
	ipData, err := s.tcpforwardingRepository.GetTcpForwardingIpsByID(ctx, req.TcpForwardingData.Id)
	if err != nil {
		return err
	}
	addedIps, removedIps, addedAllowIps, removedAllowIps, addedDenyIps, removedDenyIps, err := s.wafformatter.WashEditWafIp(ctx,req.TcpForwardingData.BackendList,req.TcpForwardingData.AllowIpList,req.TcpForwardingData.DenyIpList,ipData.BackendList,ipData.AllowIpList,ipData.DenyIpList)
	if err != nil {
		return err
	}
	if len(addedIps) > 0 {
		go s.wafformatter.PublishIpWhitelistTask(addedIps, "add","","white")
	}
	if len(removedIps) > 0 {
		go s.wafformatter.PublishIpWhitelistTask(removedIps, "del","","white")
	}

	if len(addedAllowIps) > 0 {
		for _, v := range require.GatewayIps {
			go s.wafformatter.PublishIpWhitelistTask(addedAllowIps, "add",v,"white")
		}
	}
	if len(removedAllowIps) > 0 {
		for _, v := range require.GatewayIps {
			go s.wafformatter.PublishIpWhitelistTask(removedAllowIps, "del",v,"white")
		}
	}

	if len(addedDenyIps) > 0 {
		for _, v := range require.GatewayIps {
			go s.wafformatter.PublishIpWhitelistTask(addedDenyIps, "add",v,"black")
		}
	}
	if len(removedDenyIps) > 0 {
		for _, v := range require.GatewayIps {
			go s.wafformatter.PublishIpWhitelistTask(removedDenyIps, "del",v,"black")
		}
	}




	//修改源站
	addOrigins, delOrigins := s.wafformatter.findIpDifferences(ipData.BackendList, req.TcpForwardingData.BackendList)
	addedIds := make(map[string]int64)
	for _, v := range addOrigins {
		id, err := s.wafformatter.AddOrigin(ctx,v1.WebJson{
			ApiType: "tcp",
			BackendList: v,
			Comment: req.TcpForwardingData.Comment,
		})
		if err != nil {
			return err
		}
		addedIds[v] = id
	}
	for _, v := range addedIds {
		err = s.cdn.AddServerOrigin(ctx, int64(oldData.CdnWebId), v)
		if err != nil {
			return err
		}
	}

	maps.Copy(ipData.CdnOriginIds, addedIds)
	for k, v := range ipData.CdnOriginIds {
		for _, ip := range delOrigins {
			if k == ip {
				err = s.cdn.DelServerOrigin(ctx, int64(oldData.CdnWebId), v)
				if err != nil {
					return err
				}
				delete(ipData.CdnOriginIds, k)
			}
		}
	}

	tcpModel := s.buildTcpForwardingModel(&req.TcpForwardingData,oldData.CdnWebId, require)
	tcpModel.Id = req.TcpForwardingData.Id
		if err = s.tcpforwardingRepository.EditTcpforwarding(ctx, tcpModel); err != nil {
		return  err
	}
	TcpRuleModel := s.buildTcpRuleModel(&req.TcpForwardingData, require, req.TcpForwardingData.Id, ipData.CdnOriginIds)
	if err = s.tcpforwardingRepository.EditTcpforwardingIps(ctx, *TcpRuleModel); err != nil {
		return err
	}
	return  nil
}

func (s *tcpforwardingService) DeleteTcpForwarding(ctx context.Context, req v1.DeleteTcpForwardingRequest)  error {
	for _, Id := range req.Ids {
		oldData, err := s.tcpforwardingRepository.GetTcpforwarding(ctx, int64(Id))
		if err != nil {
			return err
		}

		err = s.cdn.DelServer(ctx, int64(oldData.CdnWebId))
		if err != nil {
			return err
		}


		// 删除白名单
		var ips []string
		ipData, err := s.tcpforwardingRepository.GetTcpForwardingIpsByID(ctx, Id)
		if err != nil {
			return err
		}
		ips, err = s.wafformatter.WashDeleteWafIp(ctx, ipData.BackendList, ipData.AllowIpList)
		if err != nil {
			return err
		}
		if len(ips) > 0 {
			go s.wafformatter.PublishIpWhitelistTask(ips, "del","","white")
		}
		// 删除黑名单
		if len(ipData.DenyIpList) > 0 {
			go s.wafformatter.PublishIpWhitelistTask(ips, "del","","black")
		}


		if err = s.tcpforwardingRepository.DeleteTcpforwarding(ctx, int64(Id)); err != nil {
			return  err
		}

		if err = s.tcpforwardingRepository.DeleteTcpForwardingIpsById(ctx, Id); err != nil {
			return  err
		}
	}
	return  nil
}

func (s *tcpforwardingService) GetTcpForwardingAllIpsByHostId(ctx context.Context, req v1.GetForwardingRequest) ([]v1.TcpForwardingDataRequest, error) {
	type CombinedResult struct {
		Id          int
		Forwarding  *model.Tcpforwarding
		BackendRule *model.TcpForwardingRule
		Err         error // 如果此ID的处理出错，则携带错误
	}
	g,gCtx := errgroup.WithContext(ctx)
	ids, err := s.tcpforwardingRepository.GetTcpForwardingAllIdsByID(gCtx, req.HostId)
	if err != nil {
		return nil, fmt.Errorf("GetTcpForwardingAllIds failed: %w", err)
	}
	if len(ids) == 0 {
		return nil, nil
	}
	resChan := make(chan CombinedResult, len(ids))
	g.Go(func() error {
		for _, idVal := range ids {
			currentID := idVal
			g.Go(func() error {
				var wf *model.Tcpforwarding
				var bk *model.TcpForwardingRule
				var localErr error
				wf, localErr = s.tcpforwardingRepository.GetTcpforwarding(gCtx, int64(currentID))
				if localErr != nil {
					resChan <- CombinedResult{Id: currentID, Err: localErr}
					return localErr
				}
				bk, localErr = s.tcpforwardingRepository.GetTcpForwardingIpsByID(gCtx, currentID)
				if localErr != nil {
					resChan <- CombinedResult{Id: currentID, Err: localErr}
					return localErr
				}
				resChan <- CombinedResult{Id: currentID, Forwarding: wf, BackendRule: bk}
				return nil
			})
		}
		return nil
	})
	groupErr := g.Wait()
	close(resChan)
	if groupErr != nil {
		return nil, groupErr
	}
	res := make([]v1.TcpForwardingDataRequest, 0, len(ids))
	for r := range resChan {
		if r.Err != nil {
			return nil, fmt.Errorf("received error from goroutine for ID %d: %w", r.Id, r.Err)
		}
		if r.Forwarding == nil {
			return nil,fmt.Errorf("received nil forwarding from goroutine for ID %d", r.Id)
		}

		dataReq := v1.TcpForwardingDataRequest{
			Id: r.Forwarding.Id,
			Port: r.Forwarding.Port,
			Comment: r.Forwarding.Comment,

		}
		if r.BackendRule != nil {
			dataReq.BackendList = r.BackendRule.BackendList
			dataReq.AllowIpList = r.BackendRule.AllowIpList
			dataReq.DenyIpList = r.BackendRule.DenyIpList
			dataReq.AccessRule = r.BackendRule.AccessRule
		}
		res = append(res, dataReq)
	}

	sort.Slice(res, func(i, j int) bool {
		return res[i].Id > res[j].Id
	})
	return res, nil

}