fusu
/
go_gameshield


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195
							package web

import (
	"context"
	"fmt"
	v1 "github.com/go-nunu/nunu-layout-advanced/api/v1"
	"github.com/go-nunu/nunu-layout-advanced/internal/model"
	"github.com/go-nunu/nunu-layout-advanced/internal/service/api/waf/common"
	"net"
)

type Process interface {
	ProcessAsyncTasks(ctx context.Context, req *v1.WebForwardingRequest, require common.RequireResponse)
	ProcessIpWhitelistChanges(ctx context.Context, req *v1.WebForwardingRequest, ipData *model.WebForwardingRule) error
	ProcessDeleteIpWhitelist(ctx context.Context, id int) error
	ProcessDomainWhitelistChanges(ctx context.Context, req *v1.WebForwardingRequest, oldData *model.WebForwarding, require common.RequireResponse) error
	ProcessDeleteDomainWhitelist(ctx context.Context, oldData *model.WebForwarding, uid int) error

}

// ProcessAsyncTasks 处理异步任务
func (s *aidedWebService) ProcessAsyncTasks(ctx context.Context, req *v1.WebForwardingRequest, require common.RequireResponse) {
	// 域名白名单处理
	if req.WebForwardingData.Domain != "" {
		go func() {
			doMain, err := s.wafformatter.ConvertToWildcardDomain(ctx, req.WebForwardingData.Domain)
			if err != nil {
				return
			}
			if len(require.GatewayIps) == 0 {
				return
			}
			firstIp, err := s.gatewayIp.GetGatewayipByHostIdFirst(ctx, int64(require.HostId), int64(require.Uid))
			if err != nil {
				return
			}
			s.wafformatter.PublishDomainWhitelistTask(doMain, firstIp, "add")
		}()
	}

	// 源站IP白名单处理
	if req.WebForwardingData.BackendList != nil {
		go func() {
			var ips []string
			for _, v := range req.WebForwardingData.BackendList {
				ip, _, err := net.SplitHostPort(v.Addr)
				if err != nil {
					continue
				}
				ips = append(ips, ip)
			}
			if len(ips) > 0 {
				s.wafformatter.PublishIpWhitelistTask(ips, "add", "", "white")
			}
		}()
	}
}

// ProcessIpWhitelistChanges 处理IP白名单变更
func (s *aidedWebService) ProcessIpWhitelistChanges(ctx context.Context, req *v1.WebForwardingRequest, ipData *model.WebForwardingRule) error {
	var oldIps, newIps []string

	// 提取旧IP列表
	for _, v := range ipData.BackendList {
		ip, _, err := net.SplitHostPort(v.Addr)
		if err != nil {
			return fmt.Errorf("解析旧IP地址失败: %w", err)
		}
		oldIps = append(oldIps, ip)
	}

	// 提取新IP列表
	for _, v := range req.WebForwardingData.BackendList {
		ip, _, err := net.SplitHostPort(v.Addr)
		if err != nil {
			return fmt.Errorf("解析新IP地址失败: %w", err)
		}
		newIps = append(newIps, ip)
	}

	// 查找IP差异
	addedIps, removedIps := s.wafformatter.FindIpDifferences(oldIps, newIps)

	// 异步处理添加的IP
	if len(addedIps) > 0 {
		go s.wafformatter.PublishIpWhitelistTask(addedIps, "add", "", "white")
	}

	// 异步处理删除的IP
	if len(removedIps) > 0 {
		go func() {
			ipsToDelist, err := s.wafformatter.WashDelIps(ctx, removedIps)
			if err != nil {
				return
			}
			if len(ipsToDelist) > 0 {
				s.wafformatter.PublishIpWhitelistTask(ipsToDelist, "del", "0", "white")
			}
		}()
	}

	return nil
}

// ProcessDeleteIpWhitelist 处理删除IP白名单
func (s *aidedWebService) ProcessDeleteIpWhitelist(ctx context.Context, id int) error {
	ipData, err := s.webForwardingRepository.GetWebForwardingIpsByID(ctx, id)
	if err != nil {
		return fmt.Errorf("获取IP数据失败: %w", err)
	}

	if ipData != nil && len(ipData.BackendList) > 0 {
		var ips []string
		for _, v := range ipData.BackendList {
			ip, _, err := net.SplitHostPort(v.Addr)
			if err != nil {
				continue
			}
			ips = append(ips, ip)
		}

		if len(ips) > 0 {
			go func() {
				ipsToDelist, err := s.wafformatter.WashDelIps(ctx, ips)
				if err != nil {
					return
				}
				if len(ipsToDelist) > 0 {
					s.wafformatter.PublishIpWhitelistTask(ipsToDelist, "del", "0", "white")
				}
			}()
		}
	}

	return nil
}

// ProcessDomainWhitelistChanges 处理域名白名单变更
func (s *aidedWebService) ProcessDomainWhitelistChanges(ctx context.Context, req *v1.WebForwardingRequest, oldData *model.WebForwarding, require common.RequireResponse) error {
	if oldData.Domain != req.WebForwardingData.Domain {
		firstIp, err := s.gatewayIp.GetGatewayipByHostIdFirst(ctx, int64(req.HostId), int64(req.Uid))
		if err != nil {
			return fmt.Errorf("获取网关IP失败: %w", err)
		}

		newDomain, err := s.wafformatter.ConvertToWildcardDomain(ctx, req.WebForwardingData.Domain)
		if err != nil {
			return fmt.Errorf("转换新域名失败: %w", err)
		}

		oldDomain, err := s.wafformatter.ConvertToWildcardDomain(ctx, oldData.Domain)
		if err != nil {
			return fmt.Errorf("转换旧域名失败: %w", err)
		}

		if len(require.GatewayIps) == 0 {
			return fmt.Errorf("网关组不存在")
		}

		// 检查旧域名使用数量
		count, err := s.webForwardingRepository.GetDomainCount(ctx, req.HostId, oldData.Domain)
		if err != nil {
			return fmt.Errorf("获取域名使用数量失败: %w", err)
		}

		// 异步处理域名白名单变更
		go func() {
			if count < 2 {
				s.wafformatter.PublishDomainWhitelistTask(oldDomain, firstIp, "del")
			}
			s.wafformatter.PublishDomainWhitelistTask(newDomain, firstIp, "add")
		}()
	}

	return nil
}

// ProcessDeleteDomainWhitelist 处理删除域名白名单
func (s *aidedWebService) ProcessDeleteDomainWhitelist(ctx context.Context, oldData *model.WebForwarding, uid int) error {
	if oldData.Domain != "" {
		firstIp, err := s.gatewayIp.GetGatewayipByHostIdFirst(ctx, int64(oldData.HostId), int64(uid))
		if err != nil {
			return fmt.Errorf("获取网关IP失败: %w", err)
		}

		doMain, err := s.wafformatter.ConvertToWildcardDomain(ctx, oldData.Domain)
		if err != nil {
			return fmt.Errorf("转换域名失败: %w", err)
		}

		go s.wafformatter.PublishDomainWhitelistTask(doMain, firstIp, "del")
	}

	return nil
}