webforwarding.go 26 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861
  1. package service
  2. import (
  3. "context"
  4. "encoding/json"
  5. "fmt"
  6. v1 "github.com/go-nunu/nunu-layout-advanced/api/v1"
  7. "github.com/go-nunu/nunu-layout-advanced/internal/model"
  8. "github.com/go-nunu/nunu-layout-advanced/internal/repository"
  9. "github.com/go-nunu/nunu-layout-advanced/pkg/rabbitmq"
  10. "golang.org/x/sync/errgroup"
  11. "maps"
  12. "net"
  13. "sort"
  14. )
  15. type WebForwardingService interface {
  16. GetWebForwarding(ctx context.Context, req v1.GetForwardingRequest) (v1.WebForwardingDataRequest, error)
  17. GetWebForwardingWafWebAllIps(ctx context.Context, req v1.GetForwardingRequest) ([]v1.WebForwardingDataRequest, error)
  18. AddWebForwarding(ctx context.Context, req *v1.WebForwardingRequest) error
  19. EditWebForwarding(ctx context.Context, req *v1.WebForwardingRequest) error
  20. DeleteWebForwarding(ctx context.Context, Ids []int) error
  21. }
  22. func NewWebForwardingService(
  23. service *Service,
  24. required RequiredService,
  25. webForwardingRepository repository.WebForwardingRepository,
  26. crawler CrawlerService,
  27. parser ParserService,
  28. wafformatter WafFormatterService,
  29. aoDun AoDunService,
  30. mq *rabbitmq.RabbitMQ,
  31. gatewayGroupIpRep repository.GateWayGroupIpRepository,
  32. gatewayGroupRep repository.GatewayGroupRepository,
  33. cdn CdnService,
  34. ) WebForwardingService {
  35. return &webForwardingService{
  36. Service: service,
  37. webForwardingRepository: webForwardingRepository,
  38. required: required,
  39. parser: parser,
  40. crawler: crawler,
  41. wafformatter: wafformatter,
  42. aoDun: aoDun,
  43. mq: mq,
  44. gatewayGroupIpRep: gatewayGroupIpRep,
  45. gatewayGroupRep: gatewayGroupRep,
  46. cdn: cdn,
  47. }
  48. }
  49. type webForwardingService struct {
  50. *Service
  51. webForwardingRepository repository.WebForwardingRepository
  52. required RequiredService
  53. parser ParserService
  54. crawler CrawlerService
  55. wafformatter WafFormatterService
  56. aoDun AoDunService
  57. mq *rabbitmq.RabbitMQ
  58. gatewayGroupIpRep repository.GateWayGroupIpRepository
  59. gatewayGroupRep repository.GatewayGroupRepository
  60. cdn CdnService
  61. }
  62. const (
  63. isHttps = 1
  64. protocolHttps = "https"
  65. protocolHttp = "http"
  66. defaultNodeClusterId = 1
  67. )
  68. func (s *webForwardingService) require(ctx context.Context,req v1.GlobalRequire) (v1.GlobalRequire, error) {
  69. var err error
  70. var res v1.GlobalRequire
  71. g, gCtx := errgroup.WithContext(ctx)
  72. //g.Go(func() error {
  73. // result, e := s.wafformatter.require(gCtx, req, "web")
  74. // if e != nil {
  75. // return e
  76. // }
  77. // res = result
  78. // return nil
  79. //})
  80. g.Go(func() error {
  81. e := s.wafformatter.validateWafDomainCount(gCtx, req)
  82. if e != nil {
  83. return e
  84. }
  85. return nil
  86. })
  87. if err = g.Wait(); err != nil {
  88. return v1.GlobalRequire{}, err
  89. }
  90. return res, nil
  91. }
  92. func (s *webForwardingService) GetWebForwarding(ctx context.Context, req v1.GetForwardingRequest) (v1.WebForwardingDataRequest, error) {
  93. var webForwarding model.WebForwarding
  94. var backend model.WebForwardingRule
  95. g, gCtx := errgroup.WithContext(ctx)
  96. g.Go(func() error {
  97. res, e := s.webForwardingRepository.GetWebForwarding(gCtx, int64(req.Id))
  98. if e != nil {
  99. // 直接返回错误,errgroup 会捕获它
  100. return fmt.Errorf("GetWebForwarding failed: %w", e)
  101. }
  102. if res != nil {
  103. webForwarding = *res
  104. }
  105. return nil
  106. })
  107. g.Go(func() error {
  108. res, e := s.webForwardingRepository.GetWebForwardingIpsByID(ctx, req.Id)
  109. if e != nil {
  110. return fmt.Errorf("GetWebForwardingByID failed: %w", e)
  111. }
  112. if res != nil {
  113. backend = *res
  114. }
  115. return nil
  116. })
  117. if err := g.Wait(); err != nil {
  118. return v1.WebForwardingDataRequest{}, err
  119. }
  120. return v1.WebForwardingDataRequest{
  121. Id: webForwarding.Id,
  122. Port: webForwarding.Port,
  123. Domain: webForwarding.Domain,
  124. IsHttps: webForwarding.IsHttps,
  125. Comment: webForwarding.Comment,
  126. BackendList: backend.BackendList,
  127. AllowIpList: backend.AllowIpList,
  128. DenyIpList: backend.DenyIpList,
  129. AccessRule: backend.AccessRule,
  130. HttpsKey: webForwarding.HttpsKey,
  131. HttpsCert: webForwarding.HttpsCert,
  132. }, nil
  133. }
  134. // buildWebForwardingModel 辅助函数,用于构建通用的 WebForwarding 模型
  135. // ruleId 是从 WAF 系统获取的 ID
  136. func (s *webForwardingService) buildWebForwardingModel(req *v1.WebForwardingDataRequest,ruleId int, require RequireResponse) *model.WebForwarding {
  137. return &model.WebForwarding{
  138. HostId: require.HostId,
  139. CdnWebId: ruleId,
  140. Port: req.Port,
  141. Domain: req.Domain,
  142. IsHttps: req.IsHttps,
  143. Comment: req.Comment,
  144. HttpsCert: req.HttpsCert,
  145. HttpsKey: req.HttpsKey,
  146. SslCertId: int(req.SslCertId),
  147. }
  148. }
  149. func (s *webForwardingService) buildWebRuleModel(reqData *v1.WebForwardingDataRequest, require RequireResponse, localDbId int, cdnOriginIds map[string]int64) *model.WebForwardingRule {
  150. return &model.WebForwardingRule{
  151. Uid: require.Uid,
  152. HostId: require.HostId,
  153. WebId: localDbId,
  154. CdnOriginIds: cdnOriginIds,
  155. BackendList: reqData.BackendList,
  156. AllowIpList: reqData.AllowIpList,
  157. DenyIpList: reqData.DenyIpList,
  158. AccessRule: reqData.AccessRule,
  159. }
  160. }
  161. // =================================================================
  162. // 主函数:prepareWafData
  163. // 职责:协调整个流程,负责获取前置配置和组装最终的 formData。
  164. // =================================================================
  165. func (s *webForwardingService) prepareWafData(ctx context.Context, req *v1.WebForwardingRequest) (RequireResponse, v1.Website, error) {
  166. // 1. 获取基础配置
  167. require, err := s.wafformatter.Require(ctx, v1.GlobalRequire{
  168. HostId: req.HostId,
  169. Uid: req.Uid,
  170. Comment: req.WebForwardingData.Comment,
  171. })
  172. if err != nil {
  173. return RequireResponse{}, v1.Website{}, fmt.Errorf("获取WAF前置配置失败: %w", err)
  174. }
  175. if require.GatewayGroupId == 0 || require.Uid == 0 {
  176. return RequireResponse{}, v1.Website{}, fmt.Errorf("请先配置实例")
  177. }
  178. // 2. 调用辅助函数,构建核心的代理配置 (将复杂逻辑封装起来)
  179. byteData, err := s.buildProxyJSONConfig(ctx, req, require)
  180. if err != nil {
  181. return RequireResponse{}, v1.Website{}, err // 错误信息在辅助函数中已经包装好了
  182. }
  183. type serverNames struct {
  184. ServerNames string `json:"name" form:"name"`
  185. Type string `json:"type" form:"type"`
  186. }
  187. var serverName []serverNames
  188. var serverJson []byte
  189. if req.WebForwardingData.Domain != "" {
  190. serverName = append(serverName, serverNames{
  191. ServerNames: req.WebForwardingData.Domain,
  192. Type: "full",
  193. })
  194. serverJson, err = json.Marshal(serverName)
  195. if err != nil {
  196. return RequireResponse{}, v1.Website{}, err
  197. }
  198. }
  199. // 3. 组装最终的 WAF 表单数据
  200. formData := v1.Website{
  201. UserId: int64(require.CdnUid),
  202. Type: "httpProxy",
  203. Name: require.Tag,
  204. ServerNamesJSON : serverJson,
  205. Description: req.WebForwardingData.Comment,
  206. ServerGroupIds: []int64{int64(require.GroupId)},
  207. UserPlanId: int64(require.RuleId),
  208. NodeClusterId: defaultNodeClusterId,
  209. }
  210. var noSslByteData, _ = json.Marshal(v1.TypeJSON{IsOn: false})
  211. // 4. 根据协议类型,填充 HttpJSON 和 HttpsJSON 字段
  212. if req.WebForwardingData.IsHttps == isHttps {
  213. formData.HttpJSON = noSslByteData
  214. formData.HttpsJSON = byteData
  215. } else {
  216. formData.HttpJSON = byteData
  217. formData.HttpsJSON = noSslByteData
  218. }
  219. return require, formData, nil
  220. }
  221. // =================================================================
  222. // 辅助函数:buildProxyJSONConfig
  223. // 职责:专门负责处理 HTTP/HTTPS 的差异,并生成对应的 JSON 配置。
  224. // =================================================================
  225. func (s *webForwardingService) buildProxyJSONConfig(ctx context.Context, req *v1.WebForwardingRequest, require RequireResponse) ([]byte, error) {
  226. var (
  227. jsonData v1.TypeJSON
  228. apiType string
  229. err error
  230. )
  231. jsonData.IsOn = true
  232. // 判断协议类型,并处理 HTTPS 的特殊逻辑(证书)
  233. if req.WebForwardingData.IsHttps == isHttps {
  234. apiType = protocolHttps
  235. req.WebForwardingData.SslCertId, err = s.cdn.AddSSLCert(ctx, v1.SSlCert{
  236. UserId: int64(require.CdnUid),
  237. Name: req.WebForwardingData.Domain,
  238. Description: req.WebForwardingData.Comment,
  239. CertData: []byte(req.WebForwardingData.HttpsCert),
  240. KeyData: []byte(req.WebForwardingData.HttpsKey),
  241. IsSelfSigned: false,
  242. })
  243. if err != nil {
  244. return nil, fmt.Errorf("添加SSL证书失败: %w", err)
  245. }
  246. jsonData.SslPolicyRef.IsOn = true
  247. jsonData.SslPolicyRef.SslPolicyId = req.WebForwardingData.SslCertId
  248. } else {
  249. apiType = protocolHttp
  250. }
  251. // 填充通用的 Listen 配置
  252. for _, v := range require.GatewayIps {
  253. jsonData.Listen = append(jsonData.Listen, v1.Listen{
  254. Protocol: apiType,
  255. Host: v,
  256. Port: req.WebForwardingData.Port,
  257. })
  258. }
  259. // 序列化为 JSON
  260. byteData, err := json.Marshal(jsonData)
  261. if err != nil {
  262. return nil, fmt.Errorf("序列化WAF配置失败: %w", err)
  263. }
  264. return byteData, nil
  265. }
  266. // 查找两个列表的差异
  267. func (s webForwardingService) FindDifferenceList (oldList, newList []v1.BackendList) (added, removed []v1.BackendList) {
  268. diff := make(map[v1.BackendList]int)
  269. // 1. 遍历旧列表,为每个元素计数 +1
  270. for _, item := range oldList {
  271. diff[item]++
  272. }
  273. // 2. 遍历新列表,为每个元素计数 -1
  274. for _, item := range newList {
  275. diff[item]--
  276. }
  277. // 3. 遍历 diff map 来找出差异
  278. for item, count := range diff {
  279. if count > 0 {
  280. // 如果 count > 0,说明这个元素在 oldList 中但不在 newList 中
  281. removed = append(removed, item)
  282. } else if count < 0 {
  283. // 如果 count < 0,说明这个元素在 newList 中但不在 oldList 中
  284. added = append(added, item)
  285. }
  286. // 如果 count == 0,说明元素在两个列表中都存在,不做任何操作
  287. }
  288. return added, removed
  289. }
  290. func (s *webForwardingService) AddWebForwarding(ctx context.Context, req *v1.WebForwardingRequest) error {
  291. require, formData, err := s.prepareWafData(ctx, req)
  292. if err != nil {
  293. return err
  294. }
  295. err = s.wafformatter.validateWafPortCount(ctx, require.HostId)
  296. if err != nil {
  297. return err
  298. }
  299. webId, err := s.cdn.CreateWebsite(ctx, formData)
  300. if err != nil {
  301. return err
  302. }
  303. backendList := make(map[string]string)
  304. for _,k := range req.WebForwardingData.BackendList {
  305. backendList[k.Addr] = k.CustomHost
  306. }
  307. // 添加源站
  308. cdnOriginIds := make(map[string]int64)
  309. for _, v := range req.WebForwardingData.BackendList {
  310. apiType := protocolHttp
  311. // 如果条件满足,则覆盖为 HTTPS
  312. if v.IsHttps == isHttps {
  313. apiType = protocolHttps
  314. }
  315. id, err := s.wafformatter.AddOrigin(ctx, v1.WebJson{
  316. ApiType: apiType,
  317. BackendList: v.Addr,
  318. Host: v.CustomHost,
  319. Comment: req.WebForwardingData.Comment,
  320. })
  321. if err != nil {
  322. return err
  323. }
  324. cdnOriginIds[v.Addr] = id
  325. }
  326. // 添加源站到网站
  327. for _, v := range cdnOriginIds {
  328. err = s.cdn.AddServerOrigin(ctx, webId, v)
  329. if err != nil {
  330. return err
  331. }
  332. }
  333. webModel := s.buildWebForwardingModel(&req.WebForwardingData, int(webId), require)
  334. id, err := s.webForwardingRepository.AddWebForwarding(ctx, webModel)
  335. if err != nil {
  336. return err
  337. }
  338. webRuleModel := s.buildWebRuleModel(&req.WebForwardingData,require, id, cdnOriginIds)
  339. if _, err = s.webForwardingRepository.AddWebForwardingIps(ctx, *webRuleModel); err != nil {
  340. return err
  341. }
  342. if req.WebForwardingData.Domain != "" {
  343. // 异步任务:将域名添加到白名单
  344. doMain, err := s.wafformatter.ConvertToWildcardDomain(ctx, req.WebForwardingData.Domain)
  345. if err != nil {
  346. return err
  347. }
  348. if len(require.GatewayIps) == 0 {
  349. return fmt.Errorf("网关组不存在")
  350. }
  351. firstIp,err := s.GetGatewayFirstIp(ctx, require.HostId)
  352. if err != nil {
  353. return err
  354. }
  355. go s.wafformatter.PublishDomainWhitelistTask(doMain, firstIp, "add")
  356. }
  357. // IP过白
  358. var ips []string
  359. if req.WebForwardingData.BackendList != nil {
  360. for _, v := range req.WebForwardingData.BackendList {
  361. ip, _, err := net.SplitHostPort(v.Addr)
  362. if err != nil {
  363. return err
  364. }
  365. ips = append(ips,ip)
  366. }
  367. go s.wafformatter.PublishIpWhitelistTask(ips, "add","","white")
  368. }
  369. var accessRuleIps []string
  370. if len(req.WebForwardingData.AllowIpList) > 0 {
  371. for _, v := range require.GatewayIps {
  372. for _, ip := range req.WebForwardingData.AllowIpList {
  373. if net.ParseIP(ip) != nil{
  374. accessRuleIps = append(accessRuleIps, ip)
  375. }
  376. }
  377. go s.wafformatter.PublishIpWhitelistTask(accessRuleIps, "add",v,"white")
  378. }
  379. }
  380. // 黑名单
  381. var denyRuleIps []string
  382. if len(req.WebForwardingData.DenyIpList) > 0 {
  383. for _, v := range require.GatewayIps {
  384. for _, ip := range req.WebForwardingData.DenyIpList {
  385. if net.ParseIP(ip) != nil{
  386. denyRuleIps = append(denyRuleIps, ip)
  387. }
  388. }
  389. go s.wafformatter.PublishIpWhitelistTask(denyRuleIps, "add",v,"black")
  390. }
  391. }
  392. return nil
  393. }
  394. func (s *webForwardingService) EditWebForwarding(ctx context.Context, req *v1.WebForwardingRequest) error {
  395. require, formData, err := s.prepareWafData(ctx, req)
  396. if err != nil {
  397. return err
  398. }
  399. oldData, err := s.webForwardingRepository.GetWebForwarding(ctx, int64(req.WebForwardingData.Id))
  400. if err != nil {
  401. return err
  402. }
  403. //修改网站端口
  404. if oldData.Port != req.WebForwardingData.Port || oldData.Domain != req.WebForwardingData.Domain {
  405. var typeJson []byte
  406. var apiType string
  407. if req.WebForwardingData.IsHttps == isHttps {
  408. typeJson = formData.HttpJSON
  409. apiType = protocolHttps
  410. }else {
  411. typeJson = formData.HttpsJSON
  412. apiType = protocolHttp
  413. }
  414. err = s.cdn.EditServerType(ctx, v1.EditWebsite{
  415. Id: int64(oldData.CdnWebId),
  416. TypeJSON: typeJson,
  417. }, apiType)
  418. if err != nil {
  419. return err
  420. }
  421. }
  422. //修改网站名字
  423. if oldData.Comment != req.WebForwardingData.Comment {
  424. err = s.cdn.EditServerBasic(ctx, int64(oldData.CdnWebId), require.Tag)
  425. if err != nil {
  426. return err
  427. }
  428. }
  429. // 将域名添加到白名单
  430. webData, err := s.webForwardingRepository.GetWebForwarding(ctx, int64(req.WebForwardingData.Id))
  431. if err != nil {
  432. return err
  433. }
  434. // 异步任务:将域名添加到白名单
  435. if webData.Domain != req.WebForwardingData.Domain {
  436. firstIp,err := s.GetGatewayFirstIp(ctx, req.HostId)
  437. if err != nil {
  438. return err
  439. }
  440. doMain, err := s.wafformatter.ConvertToWildcardDomain(ctx, req.WebForwardingData.Domain)
  441. if err != nil {
  442. return err
  443. }
  444. oldDomain, err := s.wafformatter.ConvertToWildcardDomain(ctx, webData.Domain)
  445. if err != nil {
  446. return err
  447. }
  448. if len(require.GatewayIps) == 0 {
  449. return fmt.Errorf("网关组不存在")
  450. }
  451. go s.wafformatter.PublishDomainWhitelistTask(oldDomain, firstIp, "del")
  452. go s.wafformatter.PublishDomainWhitelistTask(doMain, firstIp, "add")
  453. }
  454. // IP过白
  455. ipData, err := s.webForwardingRepository.GetWebForwardingIpsByID(ctx, req.WebForwardingData.Id)
  456. if err != nil {
  457. return err
  458. }
  459. var oldIps []string
  460. var newIps []string
  461. for _, v := range ipData.BackendList {
  462. ip, _, err := net.SplitHostPort(v.Addr)
  463. if err != nil {
  464. return err
  465. }
  466. oldIps = append(oldIps, ip)
  467. }
  468. for _, v := range req.WebForwardingData.BackendList {
  469. ip, _, err := net.SplitHostPort(v.Addr)
  470. if err != nil {
  471. return err
  472. }
  473. newIps = append(newIps, ip)
  474. }
  475. addedIps, removedIps := s.wafformatter.findIpDifferences(oldIps, newIps)
  476. if len(addedIps) > 0 {
  477. go s.wafformatter.PublishIpWhitelistTask(addedIps, "add","","white")
  478. }
  479. if len(removedIps) > 0 {
  480. go s.wafformatter.PublishIpWhitelistTask(removedIps, "del","","white")
  481. }
  482. //白名单IP
  483. addedAllowIps, removedAllowIps := s.WashDifferentIp(ipData.AllowIpList, req.WebForwardingData.AllowIpList)
  484. for _, v := range require.GatewayIps {
  485. if len(addedAllowIps) > 0 {
  486. go s.wafformatter.PublishIpWhitelistTask(addedAllowIps, "add",v,"white")
  487. }
  488. if len(removedAllowIps) > 0 {
  489. go s.wafformatter.PublishIpWhitelistTask(removedAllowIps, "del",v,"white")
  490. }
  491. }
  492. // 黑名单IP
  493. addedDenyIps, removedDenyIps := s.WashDifferentIp(ipData.DenyIpList, req.WebForwardingData.DenyIpList)
  494. for _, v := range require.GatewayIps {
  495. if len(addedDenyIps) > 0 {
  496. go s.wafformatter.PublishIpWhitelistTask(addedDenyIps, "add",v,"black")
  497. }
  498. if len(removedDenyIps) > 0 {
  499. go s.wafformatter.PublishIpWhitelistTask(removedDenyIps, "del",v,"black")
  500. }
  501. }
  502. //修改源站
  503. addOrigins, delOrigins := s.FindDifferenceList(ipData.BackendList, req.WebForwardingData.BackendList)
  504. addedIds := make(map[string]int64)
  505. for _, v := range addOrigins {
  506. var apiType string
  507. if v.IsHttps == isHttps {
  508. apiType = protocolHttps
  509. }else {
  510. apiType = protocolHttp
  511. }
  512. id, err := s.wafformatter.AddOrigin(ctx,v1.WebJson{
  513. ApiType: apiType,
  514. BackendList: v.Addr,
  515. Host: v.CustomHost,
  516. Comment: req.WebForwardingData.Comment,
  517. })
  518. if err != nil {
  519. return err
  520. }
  521. addedIds[v.Addr] = id
  522. }
  523. for _, v := range addedIds {
  524. err = s.cdn.AddServerOrigin(ctx, int64(oldData.CdnWebId), v)
  525. if err != nil {
  526. return err
  527. }
  528. }
  529. maps.Copy(ipData.CdnOriginIds, addedIds)
  530. for k, v := range ipData.CdnOriginIds {
  531. for _, ip := range delOrigins {
  532. if k == ip.Addr {
  533. err = s.cdn.DelServerOrigin(ctx, int64(oldData.CdnWebId), v)
  534. if err != nil {
  535. return err
  536. }
  537. delete(ipData.CdnOriginIds, k)
  538. }
  539. }
  540. }
  541. webModel := s.buildWebForwardingModel(&req.WebForwardingData, req.WebForwardingData.CdnWebId, require)
  542. webModel.Id = req.WebForwardingData.Id
  543. if err = s.webForwardingRepository.EditWebForwarding(ctx, webModel); err != nil {
  544. return err
  545. }
  546. webRuleModel := s.buildWebRuleModel(&req.WebForwardingData, require, req.WebForwardingData.Id,ipData.CdnOriginIds)
  547. if err = s.webForwardingRepository.EditWebForwardingIps(ctx, *webRuleModel); err != nil {
  548. return err
  549. }
  550. return nil
  551. }
  552. func (s *webForwardingService) DeleteWebForwarding(ctx context.Context, Ids []int) error {
  553. for _, Id := range Ids {
  554. oldData, err := s.webForwardingRepository.GetWebForwarding(ctx, int64(Id))
  555. if err != nil {
  556. return err
  557. }
  558. err = s.cdn.DelServer(ctx, int64(oldData.CdnWebId))
  559. if err != nil {
  560. return err
  561. }
  562. // 异步任务:将域名添加到白名单
  563. firstIp,err := s.GetGatewayFirstIp(ctx, oldData.HostId)
  564. if err != nil {
  565. return err
  566. }
  567. if oldData.Domain != "" {
  568. doMain, err := s.wafformatter.ConvertToWildcardDomain(ctx, oldData.Domain)
  569. if err != nil {
  570. return err
  571. }
  572. go s.wafformatter.PublishDomainWhitelistTask(doMain,firstIp, "del")
  573. }
  574. // IP过白
  575. ipData, err := s.webForwardingRepository.GetWebForwardingIpsByID(ctx, Id)
  576. if err != nil {
  577. return err
  578. }
  579. var ips []string
  580. if len(ipData.BackendList) > 0 {
  581. for _, v := range ipData.BackendList {
  582. ip, _, err := net.SplitHostPort(v.Addr)
  583. if err != nil {
  584. return err
  585. }
  586. ips = append(ips, ip)
  587. }
  588. }
  589. if len(ipData.AllowIpList) > 0 {
  590. ips = append(ips, ipData.AllowIpList...)
  591. }
  592. if len(ips) > 0 {
  593. go s.wafformatter.PublishIpWhitelistTask(ips, "del","","white")
  594. }
  595. // IP过黑
  596. if len(ipData.DenyIpList) > 0 {
  597. go s.wafformatter.PublishIpWhitelistTask(ipData.DenyIpList, "del","","black")
  598. }
  599. if err = s.webForwardingRepository.DeleteWebForwarding(ctx, int64(Id)); err != nil {
  600. return err
  601. }
  602. if err = s.webForwardingRepository.DeleteWebForwardingIpsById(ctx, Id); err != nil {
  603. return err
  604. }
  605. }
  606. return nil
  607. }
  608. func (s *webForwardingService) GetWebForwardingWafWebAllIps(ctx context.Context, req v1.GetForwardingRequest) ([]v1.WebForwardingDataRequest, error) {
  609. type CombinedResult struct {
  610. Id int
  611. Forwarding *model.WebForwarding
  612. BackendRule *model.WebForwardingRule
  613. Err error // 如果此ID的处理出错,则携带错误
  614. }
  615. g, gCtx := errgroup.WithContext(ctx)
  616. ids, err := s.webForwardingRepository.GetWebForwardingWafWebAllIds(gCtx, req.HostId)
  617. if err != nil {
  618. return nil, fmt.Errorf("GetWebForwardingWafWebAllIds failed: %w", err)
  619. }
  620. if len(ids) == 0 {
  621. return nil, nil // 没有ID,直接返回空切片
  622. }
  623. // 创建一个通道来接收每个ID的处理结果
  624. // 通道缓冲区大小设为ID数量,这样发送者不会因为接收者慢而阻塞(在所有goroutine都启动后)
  625. resultsChan := make(chan CombinedResult, len(ids))
  626. for _, idVal := range ids {
  627. currentID := idVal // 捕获循环变量
  628. g.Go(func() error {
  629. var wf *model.WebForwarding
  630. var bk *model.WebForwardingRule
  631. var localErr error
  632. // 1. 获取 WebForwarding 信息
  633. wf, localErr = s.webForwardingRepository.GetWebForwarding(gCtx, int64(currentID))
  634. if localErr != nil {
  635. // 发送错误到通道,并由 errgroup 捕获
  636. // errgroup 会处理第一个非nil错误,并取消其他 goroutine
  637. resultsChan <- CombinedResult{Id: currentID, Err: fmt.Errorf("GetWebForwarding for id %d failed: %w", currentID, localErr)}
  638. return localErr // 返回错误给 errgroup
  639. }
  640. if wf == nil { // 正常情况下,如果没错误,wf不应为nil,但防御性检查
  641. localErr = fmt.Errorf("GetWebForwarding for id %d returned nil data without error", currentID)
  642. resultsChan <- CombinedResult{Id: currentID, Err: localErr}
  643. return localErr
  644. }
  645. // 2. 获取 Backend IP 信息
  646. // 注意:这里我们允许 GetWebForwardingIpsByID 可能返回 nil 数据(例如没有规则)而不是错误
  647. // 如果它也可能返回错误,则处理方式与上面类似
  648. bk, localErr = s.webForwardingRepository.GetWebForwardingIpsByID(gCtx, currentID)
  649. if localErr != nil {
  650. // 如果获取IP信息失败是一个致命错误,则也应返回错误
  651. // 如果允许部分成功(比如有WebForwarding但没有IP信息),则可以不将此视为errgroup的错误
  652. // 这里假设它也是一个需要errgroup捕获的错误
  653. resultsChan <- CombinedResult{Id: currentID, Forwarding: wf, Err: fmt.Errorf("GetWebForwardingIpsByID for id %d failed: %w", currentID, localErr)}
  654. return localErr // 返回错误给 errgroup
  655. }
  656. // bk 可能是 nil 如果没有错误且没有规则,这取决于业务逻辑
  657. // 发送成功的结果到通道
  658. resultsChan <- CombinedResult{Id: currentID, Forwarding: wf, BackendRule: bk}
  659. return nil // 此goroutine成功
  660. })
  661. }
  662. // 等待所有goroutine完成
  663. groupErr := g.Wait()
  664. // 关闭通道,表示所有发送者都已完成
  665. // 这一步很重要,这样下面的 range 循环才能正常结束
  666. close(resultsChan)
  667. // 如果 errgroup 捕获到任何错误,优先返回该错误
  668. if groupErr != nil {
  669. // 虽然errgroup已经出错了,但通道中可能已经有一些结果(来自出错前成功或出错的goroutine)
  670. // 我们需要排空通道以避免goroutine泄漏(如果它们在发送时阻塞)
  671. // 但由于我们优先返回groupErr,这些结果将被丢弃。
  672. // 在这种设计下,通常任何一个子任务失败都会导致整个操作失败。
  673. return nil, groupErr
  674. }
  675. // 如果没有错误,收集所有成功的结果
  676. finalResults := make([]v1.WebForwardingDataRequest, 0, len(ids))
  677. for res := range resultsChan {
  678. // 再次检查通道中的错误,尽管 errgroup 应该已经捕获了
  679. // 但这是一种更细致的错误处理,以防万一有goroutine在errgroup.Wait()前发送了错误但未被errgroup捕获
  680. // (理论上,如果goroutine返回了错误,errgroup会处理)
  681. // 主要目的是处理 res.forwarding 为 nil 的情况 (如果上面允许不返回错误)
  682. if res.Err != nil {
  683. // 如果到这里还有错误,说明逻辑可能有问题,或者我们决定忽略某些类型的子错误
  684. // 在此示例中,因为 g.Wait() 没有错误,所以这里的 res.err 应该是nil
  685. // 如果不是,那么可能是goroutine在return nil前发送了带有错误的res。
  686. // 严格来说,如果errgroup没有错误,这里res.err也应该是nil
  687. // 但以防万一,我们可以记录日志
  688. return nil, fmt.Errorf("received error from goroutine for ID %d: %w", res.Id, res.Err)
  689. }
  690. if res.Forwarding == nil {
  691. return nil, fmt.Errorf("received nil forwarding from goroutine for ID %d", res.Id)
  692. }
  693. dataReq := v1.WebForwardingDataRequest{
  694. Id: res.Forwarding.Id,
  695. Port: res.Forwarding.Port,
  696. Domain: res.Forwarding.Domain,
  697. IsHttps: res.Forwarding.IsHttps,
  698. Comment: res.Forwarding.Comment,
  699. HttpsKey: res.Forwarding.HttpsKey,
  700. HttpsCert: res.Forwarding.HttpsCert,
  701. }
  702. if res.BackendRule != nil { // 只有当 BackendRule 存在时才填充相关字段
  703. dataReq.BackendList = res.BackendRule.BackendList
  704. dataReq.AllowIpList = res.BackendRule.AllowIpList
  705. dataReq.DenyIpList = res.BackendRule.DenyIpList
  706. dataReq.AccessRule = res.BackendRule.AccessRule
  707. }
  708. finalResults = append(finalResults, dataReq)
  709. }
  710. sort.Slice(finalResults, func(i, j int) bool {
  711. return finalResults[i].Id > finalResults[j].Id
  712. })
  713. return finalResults, nil
  714. }
  715. func (s *webForwardingService) GetGatewayFirstIp(ctx context.Context, hostId int) (string, error) {
  716. gateWayGroup, err := s.gatewayGroupRep.GetGatewayGroupByHostId(ctx, int64(hostId))
  717. if err != nil {
  718. return "", err
  719. }
  720. if gateWayGroup == nil {
  721. return "",fmt.Errorf("网关组不存在")
  722. }
  723. gateWayIps, err := s.gatewayGroupIpRep.GetGateWayGroupFirstIpByGatewayGroupId(ctx, gateWayGroup.Id)
  724. if err != nil {
  725. return "", err
  726. }
  727. if len(gateWayIps) == 0 {
  728. return "",fmt.Errorf("网关组IP为空")
  729. }
  730. return gateWayIps, nil
  731. }
  732. // 清洗IP
  733. func (s *webForwardingService) WashDifferentIp(newIpList []string, oldIpList []string) (addedDenyIps []string,removedDenyIps []string) {
  734. var newAllowIps []string
  735. var oldAllowIps []string
  736. if len(oldIpList) > 0 {
  737. for _, v := range oldIpList {
  738. if net.ParseIP(v) != nil{
  739. oldAllowIps = append(oldAllowIps, v)
  740. }
  741. }
  742. }
  743. if len(newIpList) > 0 {
  744. for _, v := range newIpList {
  745. if net.ParseIP(v) != nil{
  746. newAllowIps = append(newAllowIps, v)
  747. }
  748. }
  749. }
  750. addedDenyIps, removedDenyIps = s.wafformatter.findIpDifferences(oldAllowIps, newAllowIps)
  751. return addedDenyIps, removedDenyIps
  752. }