aidedweb.go 36 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076
  1. package waf
  2. import (
  3. "context"
  4. "encoding/json"
  5. "fmt"
  6. "net"
  7. v1 "github.com/go-nunu/nunu-layout-advanced/api/v1"
  8. "github.com/go-nunu/nunu-layout-advanced/internal/model"
  9. "github.com/go-nunu/nunu-layout-advanced/internal/repository/api/waf"
  10. "github.com/go-nunu/nunu-layout-advanced/internal/service"
  11. "github.com/go-nunu/nunu-layout-advanced/internal/service/api/flexCdn"
  12. )
  13. // AidedWebService Web转发辅助服务接口
  14. type AidedWebService interface {
  15. // 验证相关
  16. ValidateAddRequest(ctx context.Context, req *v1.WebForwardingRequest, require RequireResponse) error
  17. ValidateEditRequest(ctx context.Context, req *v1.WebForwardingRequest, require RequireResponse, oldData *model.WebForwarding) error
  18. ValidateDeletePermission(oldData *model.WebForwarding, hostId int) error
  19. // CDN网站管理
  20. CreateCdnWebsite(ctx context.Context, req *v1.WebForwardingRequest, require RequireResponse, formData v1.Website) (int64, error)
  21. UpdateCdnConfiguration(ctx context.Context, req *v1.WebForwardingRequest, oldData *model.WebForwarding, require RequireResponse, formData v1.Website) error
  22. DeleteCdnServer(ctx context.Context, cdnWebId int) error
  23. // 源站管理
  24. AddOriginsToWebsite(ctx context.Context, req *v1.WebForwardingRequest, webId int64) (map[string]int64, error)
  25. UpdateOriginServers(ctx context.Context, req *v1.WebForwardingRequest, oldData *model.WebForwarding, ipData *model.WebForwardingRule) error
  26. // 功能配置管理
  27. ConfigureWebsocket(ctx context.Context, webId int64) error
  28. ConfigureProxyProtocol(ctx context.Context, req *v1.WebForwardingRequest, webId int64) error
  29. ConfigureCCProtection(ctx context.Context, req *v1.WebForwardingRequest, webId int64) error
  30. ConfigureWafFirewall(ctx context.Context, webId int64, groupId int) error
  31. // 异步任务处理
  32. ProcessAsyncTasks(ctx context.Context, req *v1.WebForwardingRequest, require RequireResponse)
  33. ProcessIpWhitelistChanges(ctx context.Context, req *v1.WebForwardingRequest, ipData *model.WebForwardingRule) error
  34. ProcessDeleteIpWhitelist(ctx context.Context, id int) error
  35. ProcessDomainWhitelistChanges(ctx context.Context, req *v1.WebForwardingRequest, oldData *model.WebForwarding, require RequireResponse) error
  36. ProcessDeleteDomainWhitelist(ctx context.Context, oldData *model.WebForwarding, uid int) error
  37. // 数据库操作
  38. SaveToDatabase(ctx context.Context, req *v1.WebForwardingRequest, require RequireResponse, webId int64, cdnOriginIds map[string]int64) (int, error)
  39. UpdateDatabaseRecords(ctx context.Context, req *v1.WebForwardingRequest, oldData *model.WebForwarding, require RequireResponse, ipData *model.WebForwardingRule) error
  40. CleanupDatabaseRecords(ctx context.Context, id int) error
  41. // SSL证书管理
  42. ProcessSSLCertificate(ctx context.Context, req *v1.WebForwardingRequest, require RequireResponse, formData v1.Website) error
  43. ProcessSSLCertificateUpdate(ctx context.Context, req *v1.WebForwardingRequest, oldData *model.WebForwarding, require RequireResponse) error
  44. CleanupSSLCertificate(ctx context.Context, oldData *model.WebForwarding) error
  45. // 数据准备辅助函数
  46. PrepareWafData(ctx context.Context, req *v1.WebForwardingRequest) (RequireResponse, v1.Website, error)
  47. BuildProxyConfig(ctx context.Context, req *v1.WebForwardingRequest, require RequireResponse) (v1.TypeJSON, error)
  48. BulidFormData(ctx context.Context, formData v1.Website) (v1.WebsiteSend, error)
  49. // 协议判断辅助函数
  50. GetProtocolType(isHttps int) string
  51. IsHttpsProtocol(isHttps int) bool
  52. // 模型构建辅助函数
  53. BuildWebForwardingModel(req *v1.WebForwardingDataRequest, ruleId int, require RequireResponse) *model.WebForwarding
  54. BuildWebRuleModel(reqData *v1.WebForwardingDataRequest, require RequireResponse, localDbId int, cdnOriginIds map[string]int64) *model.WebForwardingRule
  55. // 列表差异处理辅助函数
  56. FindDifferenceList(oldList, newList []v1.BackendList) (added, removed []v1.BackendList)
  57. WashDifferentIp(newIpList []string, oldIpList []string) (addedDenyIps []string, removedDenyIps []string)
  58. // 日志配置辅助函数
  59. EditLog(ctx context.Context, webId int64) error
  60. // 废弃的方法(保持向后兼容)
  61. Require(ctx context.Context, req v1.GlobalRequire) (v1.GlobalRequire, error)
  62. ValidateWebForwardingRequest(ctx context.Context, req *v1.WebForwardingRequest, require RequireResponse) error
  63. CreateOriginServers(ctx context.Context, req *v1.WebForwardingRequest) (map[string]int64, error)
  64. }
  65. func NewAidedWebService(
  66. service *service.Service,
  67. webForwardingRepository waf.WebForwardingRepository,
  68. wafformatter WafFormatterService,
  69. sslCert flexCdn.SslCertService,
  70. cdn flexCdn.CdnService,
  71. proxy flexCdn.ProxyService,
  72. websocket flexCdn.WebsocketService,
  73. cc CcService,
  74. ccIpList CcIpListService,
  75. gatewayIp GatewayipService,
  76. globalLimitRep waf.GlobalLimitRepository,
  77. ) AidedWebService {
  78. return &aidedWebService{
  79. Service: service,
  80. webForwardingRepository: webForwardingRepository,
  81. wafformatter: wafformatter,
  82. sslCert: sslCert,
  83. cdn: cdn,
  84. proxy: proxy,
  85. websocket: websocket,
  86. cc: cc,
  87. ccIpList: ccIpList,
  88. gatewayIp: gatewayIp,
  89. globalLimitRep: globalLimitRep,
  90. }
  91. }
  92. type aidedWebService struct {
  93. *service.Service
  94. webForwardingRepository waf.WebForwardingRepository
  95. wafformatter WafFormatterService
  96. sslCert flexCdn.SslCertService
  97. cdn flexCdn.CdnService
  98. proxy flexCdn.ProxyService
  99. websocket flexCdn.WebsocketService
  100. cc CcService
  101. ccIpList CcIpListService
  102. gatewayIp GatewayipService
  103. globalLimitRep waf.GlobalLimitRepository
  104. }
  105. const (
  106. // 协议类型常量
  107. isHttps = 1
  108. isHttp = 0
  109. protocolHttps = "https"
  110. protocolHttp = "http"
  111. // 默认配置常量
  112. defaultNodeClusterId = 2
  113. proxyProtocolVersion = 1
  114. )
  115. // Require 验证函数(原require函数)
  116. func (s *aidedWebService) Require(ctx context.Context, req v1.GlobalRequire) (v1.GlobalRequire, error) {
  117. var res v1.GlobalRequire
  118. //g, gCtx := errgroup.WithContext(ctx)
  119. //g.Go(func() error {
  120. // result, e := s.wafformatter.require(gCtx, req, "web")
  121. // if e != nil {
  122. // return e
  123. // }
  124. // res = result
  125. // return nil
  126. //})
  127. //g.Go(func() error {
  128. // e := s.wafformatter.validateWafDomainCount(gCtx, req)
  129. // if e != nil {
  130. // return e
  131. // }
  132. // return nil
  133. //})
  134. //if err = g.Wait(); err != nil {
  135. // return v1.GlobalRequire{}, err
  136. //}
  137. return res, nil
  138. }
  139. // BuildWebForwardingModel 辅助函数,用于构建通用的 WebForwarding 模型
  140. // ruleId 是从 WAF 系统获取的 ID
  141. func (s *aidedWebService) BuildWebForwardingModel(req *v1.WebForwardingDataRequest, ruleId int, require RequireResponse) *model.WebForwarding {
  142. return &model.WebForwarding{
  143. HostId: require.HostId,
  144. CdnWebId: ruleId,
  145. Port: req.Port,
  146. Domain: req.Domain,
  147. IsHttps: req.IsHttps,
  148. Comment: req.Comment,
  149. HttpsCert: req.HttpsCert,
  150. HttpsKey: req.HttpsKey,
  151. SslCertId: int(req.SslCertId),
  152. SslPolicyId: int(req.SslPolicyId),
  153. Cc: req.CcConfig.IsOn,
  154. ThresholdMethod: req.CcConfig.ThresholdMethod,
  155. Level: req.CcConfig.Level,
  156. Limit5s: req.CcConfig.Limit5s,
  157. Limit60s: req.CcConfig.Limit60s,
  158. Limit300s: req.CcConfig.Limit300s,
  159. Proxy: req.Proxy,
  160. }
  161. }
  162. // BuildWebRuleModel 构建WebForwardingRule模型
  163. func (s *aidedWebService) BuildWebRuleModel(reqData *v1.WebForwardingDataRequest, require RequireResponse, localDbId int, cdnOriginIds map[string]int64) *model.WebForwardingRule {
  164. return &model.WebForwardingRule{
  165. Uid: require.Uid,
  166. HostId: require.HostId,
  167. WebId: localDbId,
  168. CdnOriginIds: cdnOriginIds,
  169. BackendList: reqData.BackendList,
  170. }
  171. }
  172. // PrepareWafData 准备WAF数据
  173. // 职责:协调整个流程,负责获取前置配置和组装最终的 formData。
  174. func (s *aidedWebService) PrepareWafData(ctx context.Context, req *v1.WebForwardingRequest) (RequireResponse, v1.Website, error) {
  175. // 1. 获取基础配置
  176. require, err := s.wafformatter.Require(ctx, v1.GlobalRequire{
  177. HostId: req.HostId,
  178. Uid: req.Uid,
  179. Comment: req.WebForwardingData.Comment,
  180. })
  181. if err != nil {
  182. return RequireResponse{}, v1.Website{}, fmt.Errorf("获取WAF前置配置失败: %w", err)
  183. }
  184. if require.Uid == 0 {
  185. return RequireResponse{}, v1.Website{}, fmt.Errorf("请先配置实例")
  186. }
  187. // 2. 调用辅助函数,构建核心的代理配置 (将复杂逻辑封装起来)
  188. byteData, err := s.BuildProxyConfig(ctx, req, require)
  189. if err != nil {
  190. return RequireResponse{}, v1.Website{}, err // 错误信息在辅助函数中已经包装好了
  191. }
  192. req.WebForwardingData.SslPolicyId = byteData.SslPolicyRef.SslPolicyId
  193. type serverNames struct {
  194. ServerNames string `json:"name" form:"name"`
  195. Type string `json:"type" form:"type"`
  196. }
  197. var serverName []serverNames
  198. var serverJson []byte
  199. if req.WebForwardingData.Domain != "" {
  200. serverName = append(serverName, serverNames{
  201. ServerNames: req.WebForwardingData.Domain,
  202. Type: "full",
  203. })
  204. serverJson, err = json.Marshal(serverName)
  205. if err != nil {
  206. return RequireResponse{}, v1.Website{}, err
  207. }
  208. }
  209. // 3. 组装最终的 WAF 表单数据
  210. formData := v1.Website{
  211. UserId: int64(require.CdnUid),
  212. Type: "httpProxy",
  213. Name: require.Tag,
  214. ServerNamesJSON: serverJson,
  215. Description: req.WebForwardingData.Comment,
  216. ServerGroupIds: []int64{int64(require.GroupId)},
  217. NodeClusterId: defaultNodeClusterId,
  218. }
  219. // 4. 根据协议类型,填充 HttpJSON 和 HttpsJSON 字段
  220. if req.WebForwardingData.IsHttps == isHttps {
  221. formData.HttpJSON = v1.TypeJSON{IsOn: false}
  222. formData.HttpsJSON = byteData
  223. } else {
  224. formData.HttpJSON = byteData
  225. formData.HttpsJSON = v1.TypeJSON{IsOn: false}
  226. }
  227. return require, formData, nil
  228. }
  229. // BuildProxyConfig 构建代理配置
  230. // 职责:专门负责处理 HTTP/HTTPS 的差异,并生成对应的 JSON 配置。
  231. func (s *aidedWebService) BuildProxyConfig(ctx context.Context, req *v1.WebForwardingRequest, require RequireResponse) (v1.TypeJSON, error) {
  232. var (
  233. jsonData v1.TypeJSON
  234. apiType string
  235. )
  236. jsonData.IsOn = true
  237. apiType = protocolHttps
  238. jsonData.SslPolicyRef.SslPolicyId = req.WebForwardingData.SslPolicyId
  239. // 判断协议类型,并处理 HTTPS 的特殊逻辑(证书)
  240. if req.WebForwardingData.IsHttps == isHttps {
  241. // 处理证书信息
  242. if jsonData.SslPolicyRef.SslPolicyId == 0 {
  243. sslPolicyId, err := s.sslCert.AddSslPolicy(ctx, nil)
  244. if err != nil {
  245. return v1.TypeJSON{}, err
  246. }
  247. jsonData.SslPolicyRef.SslPolicyId = sslPolicyId
  248. }
  249. jsonData.SslPolicyRef.IsOn = true
  250. } else {
  251. apiType = protocolHttp
  252. jsonData.SslPolicyRef = v1.SslPolicyRef{
  253. IsOn: false,
  254. SslPolicyId: req.WebForwardingData.SslCertId,
  255. }
  256. }
  257. // 填充通用的 Listen 配置
  258. for _, v := range require.GatewayIps {
  259. jsonData.Listen = append(jsonData.Listen, v1.Listen{
  260. Protocol: apiType,
  261. Host: v,
  262. Port: req.WebForwardingData.Port,
  263. })
  264. }
  265. return jsonData, nil
  266. }
  267. // FindDifferenceList 查找两个列表的差异
  268. func (s *aidedWebService) FindDifferenceList(oldList, newList []v1.BackendList) (added, removed []v1.BackendList) {
  269. diff := make(map[v1.BackendList]int)
  270. // 1. 遍历旧列表,为每个元素计数 +1
  271. for _, item := range oldList {
  272. diff[item]++
  273. }
  274. // 2. 遍历新列表,为每个元素计数 -1
  275. for _, item := range newList {
  276. diff[item]--
  277. }
  278. // 3. 遍历 diff map 来找出差异
  279. for item, count := range diff {
  280. if count > 0 {
  281. // 如果 count > 0,说明这个元素在 oldList 中但不在 newList 中
  282. removed = append(removed, item)
  283. } else if count < 0 {
  284. // 如果 count < 0,说明这个元素在 newList 中但不在 oldList 中
  285. added = append(added, item)
  286. }
  287. // 如果 count == 0,说明元素在两个列表中都存在,不做任何操作
  288. }
  289. return added, removed
  290. }
  291. // WashDifferentIp 清洗IP差异
  292. func (s *aidedWebService) WashDifferentIp(newIpList []string, oldIpList []string) (addedDenyIps []string, removedDenyIps []string) {
  293. var newAllowIps []string
  294. var oldAllowIps []string
  295. if len(oldIpList) > 0 {
  296. for _, v := range oldIpList {
  297. if net.ParseIP(v) != nil {
  298. oldAllowIps = append(oldAllowIps, v)
  299. }
  300. }
  301. }
  302. if len(newIpList) > 0 {
  303. for _, v := range newIpList {
  304. if net.ParseIP(v) != nil {
  305. newAllowIps = append(newAllowIps, v)
  306. }
  307. }
  308. }
  309. addedDenyIps, removedDenyIps = s.wafformatter.findIpDifferences(oldAllowIps, newAllowIps)
  310. return addedDenyIps, removedDenyIps
  311. }
  312. // EditLog 修改日志配置
  313. func (s *aidedWebService) EditLog(ctx context.Context, webId int64) error {
  314. webConfigId, err := s.webForwardingRepository.GetWebConfigId(ctx, webId)
  315. if err != nil {
  316. return err
  317. }
  318. if err := s.cdn.EditWebLog(ctx, webConfigId, v1.WebLog{
  319. IsPrior: false,
  320. IsOn: true,
  321. Fields: []int64{1, 2, 6, 7},
  322. Status1: true,
  323. Status2: true,
  324. Status3: true,
  325. Status4: true,
  326. Status5: true,
  327. FirewallOnly: false,
  328. EnableClientClosed: false,
  329. }); err != nil {
  330. return err
  331. }
  332. return nil
  333. }
  334. // BulidFormData 构建表单数据
  335. func (s *aidedWebService) BulidFormData(ctx context.Context, formData v1.Website) (v1.WebsiteSend, error) {
  336. httpJSON, err := json.Marshal(formData.HttpJSON)
  337. if err != nil {
  338. return v1.WebsiteSend{}, err
  339. }
  340. httpsJSON, err := json.Marshal(formData.HttpsJSON)
  341. if err != nil {
  342. return v1.WebsiteSend{}, err
  343. }
  344. formDataSend := v1.WebsiteSend{
  345. UserId: formData.UserId,
  346. AdminId: formData.AdminId,
  347. Type: formData.Type,
  348. Name: formData.Name,
  349. Description: formData.Description,
  350. ServerNamesJSON: formData.ServerNamesJSON,
  351. HttpJSON: httpJSON,
  352. HttpsJSON: httpsJSON,
  353. TcpJSON: formData.TcpJSON,
  354. TlsJSON: formData.TlsJSON,
  355. UdpJSON: formData.UdpJSON,
  356. WebId: formData.WebId,
  357. ReverseProxyJSON: formData.ReverseProxyJSON,
  358. ServerGroupIds: formData.ServerGroupIds,
  359. UserPlanId: formData.UserPlanId,
  360. NodeClusterId: formData.NodeClusterId,
  361. IncludeNodesJSON: formData.IncludeNodesJSON,
  362. ExcludeNodesJSON: formData.ExcludeNodesJSON,
  363. }
  364. return formDataSend, nil
  365. }
  366. // ValidateWebForwardingRequest 验证Web转发请求
  367. func (s *aidedWebService) ValidateWebForwardingRequest(ctx context.Context, req *v1.WebForwardingRequest, require RequireResponse) error {
  368. // 验证域名限制
  369. if err := s.wafformatter.validateWafDomainCount(ctx, v1.GlobalRequire{
  370. HostId: req.HostId,
  371. Domain: req.WebForwardingData.Domain,
  372. Comment: req.WebForwardingData.Comment,
  373. Uid: req.Uid,
  374. }); err != nil {
  375. return fmt.Errorf("域名数量验证失败: %w", err)
  376. }
  377. // 验证端口数量限制
  378. if err := s.wafformatter.validateWafPortCount(ctx, require.HostId); err != nil {
  379. return fmt.Errorf("端口数量验证失败: %w", err)
  380. }
  381. // 验证端口重复
  382. protocol := s.GetProtocolType(req.WebForwardingData.IsHttps)
  383. if err := s.wafformatter.VerifyPort(ctx, protocol, int64(req.WebForwardingData.Id), req.WebForwardingData.Port, int64(require.HostId), req.WebForwardingData.Domain); err != nil {
  384. return fmt.Errorf("端口 %d 验证失败: %w", req.WebForwardingData.Port, err)
  385. }
  386. return nil
  387. }
  388. // ProcessSSLCertificate 处理SSL证书
  389. func (s *aidedWebService) ProcessSSLCertificate(ctx context.Context, req *v1.WebForwardingRequest, require RequireResponse, formData v1.Website) error {
  390. if !s.IsHttpsProtocol(req.WebForwardingData.IsHttps) {
  391. return nil // 非HTTPS协议不需要处理SSL证书
  392. }
  393. // 添加SSL证书
  394. sslCertId, err := s.sslCert.AddSSLCert(ctx, v1.SSL{
  395. Name: req.WebForwardingData.Domain,
  396. Domain: req.WebForwardingData.Domain,
  397. CertData: req.WebForwardingData.HttpsCert,
  398. KeyData: req.WebForwardingData.HttpsKey,
  399. CdnUserId: require.CdnUid,
  400. Description: req.WebForwardingData.Comment,
  401. })
  402. if err != nil {
  403. return fmt.Errorf("添加SSL证书失败: %w", err)
  404. }
  405. // 更新请求中的证书ID
  406. req.WebForwardingData.SslCertId = sslCertId
  407. req.WebForwardingData.SslPolicyId = formData.HttpsJSON.SslPolicyRef.SslPolicyId
  408. // 编辑SSL策略
  409. if err := s.sslCert.EditSslPolicy(ctx, formData.HttpsJSON.SslPolicyRef.SslPolicyId, []int64{sslCertId}, "add"); err != nil {
  410. return fmt.Errorf("编辑SSL策略失败: %w", err)
  411. }
  412. return nil
  413. }
  414. // CreateOriginServers 创建源站服务器
  415. func (s *aidedWebService) CreateOriginServers(ctx context.Context, req *v1.WebForwardingRequest) (map[string]int64, error) {
  416. cdnOriginIds := make(map[string]int64)
  417. for _, backend := range req.WebForwardingData.BackendList {
  418. apiType := s.GetProtocolType(backend.IsHttps)
  419. id, err := s.wafformatter.AddOrigin(ctx, v1.WebJson{
  420. ApiType: apiType,
  421. BackendList: backend.Addr,
  422. Host: backend.CustomHost,
  423. Comment: req.WebForwardingData.Comment,
  424. })
  425. if err != nil {
  426. return nil, fmt.Errorf("添加源站 %s 失败: %w", backend.Addr, err)
  427. }
  428. cdnOriginIds[backend.Addr] = id
  429. }
  430. return cdnOriginIds, nil
  431. }
  432. // GetProtocolType 获取协议类型字符串
  433. func (s *aidedWebService) GetProtocolType(isHttps int) string {
  434. if s.IsHttpsProtocol(isHttps) {
  435. return protocolHttps
  436. }
  437. return protocolHttp
  438. }
  439. // IsHttpsProtocol 判断是否为HTTPS协议
  440. func (s *aidedWebService) IsHttpsProtocol(httpsFlag int) bool {
  441. return httpsFlag == isHttps
  442. }
  443. // ValidateAddRequest 验证添加请求
  444. func (s *aidedWebService) ValidateAddRequest(ctx context.Context, req *v1.WebForwardingRequest, require RequireResponse) error {
  445. if err := s.wafformatter.validateWafDomainCount(ctx, v1.GlobalRequire{
  446. HostId: req.HostId,
  447. Domain: req.WebForwardingData.Domain,
  448. Comment: req.WebForwardingData.Comment,
  449. Uid: req.Uid,
  450. }); err != nil {
  451. return fmt.Errorf("域名数量验证失败: %w", err)
  452. }
  453. if err := s.wafformatter.validateWafPortCount(ctx, require.HostId); err != nil {
  454. return fmt.Errorf("端口数量验证失败: %w", err)
  455. }
  456. protocol := s.GetProtocolType(req.WebForwardingData.IsHttps)
  457. if err := s.wafformatter.VerifyPort(ctx, protocol, int64(req.WebForwardingData.Id), req.WebForwardingData.Port, int64(require.HostId), req.WebForwardingData.Domain); err != nil {
  458. return fmt.Errorf("端口 %d 验证失败: %w", req.WebForwardingData.Port, err)
  459. }
  460. return nil
  461. }
  462. // ValidateEditRequest 验证编辑请求
  463. func (s *aidedWebService) ValidateEditRequest(ctx context.Context, req *v1.WebForwardingRequest, require RequireResponse, oldData *model.WebForwarding) error {
  464. if err := s.wafformatter.validateWafDomainCount(ctx, v1.GlobalRequire{
  465. HostId: req.HostId,
  466. Domain: req.WebForwardingData.Domain,
  467. Comment: req.WebForwardingData.Comment,
  468. Uid: req.Uid,
  469. }); err != nil {
  470. return fmt.Errorf("域名数量验证失败: %w", err)
  471. }
  472. protocol := s.GetProtocolType(req.WebForwardingData.IsHttps)
  473. if err := s.wafformatter.VerifyPort(ctx, protocol, int64(req.WebForwardingData.Id), req.WebForwardingData.Port, int64(require.HostId), req.WebForwardingData.Domain); err != nil {
  474. return fmt.Errorf("端口 %d 验证失败: %w", req.WebForwardingData.Port, err)
  475. }
  476. return nil
  477. }
  478. // ValidateDeletePermission 验证删除权限
  479. func (s *aidedWebService) ValidateDeletePermission(oldData *model.WebForwarding, hostId int) error {
  480. if oldData.HostId != hostId {
  481. return fmt.Errorf("用户权限不足")
  482. }
  483. return nil
  484. }
  485. // CreateCdnWebsite 创建CDN网站
  486. func (s *aidedWebService) CreateCdnWebsite(ctx context.Context, req *v1.WebForwardingRequest, require RequireResponse, formData v1.Website) (int64, error) {
  487. formDataSend, err := s.BulidFormData(ctx, formData)
  488. if err != nil {
  489. return 0, fmt.Errorf("构建表单数据失败: %w", err)
  490. }
  491. webId, err := s.cdn.CreateWebsite(ctx, formDataSend)
  492. if err != nil {
  493. return 0, fmt.Errorf("创建CDN网站失败: %w", err)
  494. }
  495. return webId, nil
  496. }
  497. // UpdateCdnConfiguration 更新CDN配置
  498. func (s *aidedWebService) UpdateCdnConfiguration(ctx context.Context, req *v1.WebForwardingRequest, oldData *model.WebForwarding, require RequireResponse, formData v1.Website) error {
  499. // 修改网站端口、协议或证书
  500. if oldData.Port != req.WebForwardingData.Port || oldData.IsHttps != req.WebForwardingData.IsHttps ||
  501. oldData.HttpsCert != req.WebForwardingData.HttpsCert || oldData.HttpsKey != req.WebForwardingData.HttpsKey {
  502. if err := s.updateWebsiteProtocolAndCert(ctx, req, oldData, require, formData); err != nil {
  503. return err
  504. }
  505. }
  506. // 修改网站域名
  507. if oldData.Domain != req.WebForwardingData.Domain {
  508. if err := s.updateWebsiteDomain(ctx, req, oldData); err != nil {
  509. return err
  510. }
  511. }
  512. // 修改网站名字
  513. if oldData.Comment != req.WebForwardingData.Comment {
  514. if err := s.updateWebsiteBasicInfo(ctx, oldData, require); err != nil {
  515. return err
  516. }
  517. }
  518. return nil
  519. }
  520. // DeleteCdnServer 删除CDN服务器
  521. func (s *aidedWebService) DeleteCdnServer(ctx context.Context, cdnWebId int) error {
  522. if err := s.cdn.DelServer(ctx, int64(cdnWebId)); err != nil {
  523. return fmt.Errorf("删除CDN服务器失败: %w", err)
  524. }
  525. return nil
  526. }
  527. // updateWebsiteProtocolAndCert 更新网站协议和证书
  528. func (s *aidedWebService) updateWebsiteProtocolAndCert(ctx context.Context, req *v1.WebForwardingRequest, oldData *model.WebForwarding, require RequireResponse, formData v1.Website) error {
  529. // 切换协议
  530. var typeConfig, closeConfig v1.TypeJSON
  531. var apiType, closeType string
  532. if s.IsHttpsProtocol(req.WebForwardingData.IsHttps) {
  533. typeConfig = formData.HttpsJSON
  534. closeConfig = formData.HttpJSON
  535. apiType = s.GetProtocolType(req.WebForwardingData.IsHttps)
  536. closeType = s.GetProtocolType(0) // HTTP
  537. } else {
  538. typeConfig = formData.HttpJSON
  539. closeConfig = formData.HttpsJSON
  540. apiType = s.GetProtocolType(req.WebForwardingData.IsHttps)
  541. closeType = s.GetProtocolType(1) // HTTPS
  542. }
  543. typeJson, err := json.Marshal(typeConfig)
  544. if err != nil {
  545. return fmt.Errorf("序列化协议配置失败: %w", err)
  546. }
  547. closeJson, err := json.Marshal(closeConfig)
  548. if err != nil {
  549. return fmt.Errorf("序列化关闭协议配置失败: %w", err)
  550. }
  551. // 切换协议
  552. if err := s.cdn.EditServerType(ctx, v1.EditWebsite{
  553. Id: int64(oldData.CdnWebId),
  554. TypeJSON: typeJson,
  555. }, apiType); err != nil {
  556. return fmt.Errorf("切换到%s协议失败: %w", apiType, err)
  557. }
  558. if err := s.cdn.EditServerType(ctx, v1.EditWebsite{
  559. Id: int64(oldData.CdnWebId),
  560. TypeJSON: closeJson,
  561. }, closeType); err != nil {
  562. return fmt.Errorf("关闭%s协议失败: %w", closeType, err)
  563. }
  564. return nil
  565. }
  566. // updateWebsiteDomain 更新网站域名
  567. func (s *aidedWebService) updateWebsiteDomain(ctx context.Context, req *v1.WebForwardingRequest, oldData *model.WebForwarding) error {
  568. type serverName struct {
  569. Name string `json:"name" form:"name"`
  570. Type string `json:"type" form:"type"`
  571. }
  572. var serverData []serverName
  573. serverData = append(serverData, serverName{
  574. Name: req.WebForwardingData.Domain,
  575. Type: "full",
  576. })
  577. serverJson, err := json.Marshal(serverData)
  578. if err != nil {
  579. return fmt.Errorf("序列化服务器名称失败: %w", err)
  580. }
  581. if err := s.cdn.EditServerName(ctx, v1.EditServerNames{
  582. ServerId: int64(oldData.CdnWebId),
  583. ServerNamesJSON: serverJson,
  584. }); err != nil {
  585. return fmt.Errorf("更新服务器名称失败: %w", err)
  586. }
  587. return nil
  588. }
  589. // updateWebsiteBasicInfo 更新网站基本信息
  590. func (s *aidedWebService) updateWebsiteBasicInfo(ctx context.Context, oldData *model.WebForwarding, require RequireResponse) error {
  591. // 通过globalLimitRep获取节点ID,这是项目中现有的方法
  592. nodeId, err := s.globalLimitRep.GetNodeId(ctx, oldData.CdnWebId)
  593. if err != nil {
  594. return fmt.Errorf("获取节点ID失败: %w", err)
  595. }
  596. if err := s.cdn.EditServerBasic(ctx, int64(oldData.CdnWebId), require.Tag, nodeId); err != nil {
  597. return fmt.Errorf("更新服务器基本信息失败: %w", err)
  598. }
  599. return nil
  600. }
  601. // AddOriginsToWebsite 添加源站到网站
  602. func (s *aidedWebService) AddOriginsToWebsite(ctx context.Context, req *v1.WebForwardingRequest, webId int64) (map[string]int64, error) {
  603. cdnOriginIds, err := s.CreateOriginServers(ctx, req)
  604. if err != nil {
  605. return nil, fmt.Errorf("创建源站服务器失败: %w", err)
  606. }
  607. // 添加源站到网站
  608. for _, originId := range cdnOriginIds {
  609. if err := s.cdn.AddServerOrigin(ctx, webId, originId); err != nil {
  610. return nil, fmt.Errorf("添加源站到网站失败: %w", err)
  611. }
  612. }
  613. return cdnOriginIds, nil
  614. }
  615. // UpdateOriginServers 更新源站服务器
  616. func (s *aidedWebService) UpdateOriginServers(ctx context.Context, req *v1.WebForwardingRequest, oldData *model.WebForwarding, ipData *model.WebForwardingRule) error {
  617. addOrigins, delOrigins := s.FindDifferenceList(ipData.BackendList, req.WebForwardingData.BackendList)
  618. addedIds := make(map[string]int64)
  619. // 添加新源站
  620. for _, v := range addOrigins {
  621. apiType := s.GetProtocolType(v.IsHttps)
  622. id, err := s.wafformatter.AddOrigin(ctx, v1.WebJson{
  623. ApiType: apiType,
  624. BackendList: v.Addr,
  625. Host: v.CustomHost,
  626. Comment: req.WebForwardingData.Comment,
  627. })
  628. if err != nil {
  629. return fmt.Errorf("添加源站 %s 失败: %w", v.Addr, err)
  630. }
  631. addedIds[v.Addr] = id
  632. }
  633. // 将新源站添加到网站
  634. for _, v := range addedIds {
  635. if err := s.cdn.AddServerOrigin(ctx, int64(oldData.CdnWebId), v); err != nil {
  636. return fmt.Errorf("添加源站到网站失败: %w", err)
  637. }
  638. }
  639. // 删除旧源站
  640. for k, v := range ipData.CdnOriginIds {
  641. for _, ip := range delOrigins {
  642. if k == ip.Addr {
  643. if err := s.cdn.DelServerOrigin(ctx, int64(oldData.CdnWebId), v); err != nil {
  644. return fmt.Errorf("删除源站失败: %w", err)
  645. }
  646. delete(ipData.CdnOriginIds, k)
  647. }
  648. }
  649. }
  650. // 合并新的源站ID
  651. for k, v := range addedIds {
  652. ipData.CdnOriginIds[k] = v
  653. }
  654. return nil
  655. }
  656. // ConfigureWebsocket 配置WebSocket
  657. func (s *aidedWebService) ConfigureWebsocket(ctx context.Context, webId int64) error {
  658. websocketId, err := s.websocket.AddWebsocket(ctx)
  659. if err != nil {
  660. return fmt.Errorf("添加WebSocket失败: %w", err)
  661. }
  662. if err := s.websocket.EnableOrDisable(ctx, webId, websocketId, true, false); err != nil {
  663. return fmt.Errorf("启用WebSocket失败: %w", err)
  664. }
  665. return nil
  666. }
  667. // ConfigureProxyProtocol 配置代理协议
  668. func (s *aidedWebService) ConfigureProxyProtocol(ctx context.Context, req *v1.WebForwardingRequest, webId int64) error {
  669. if req.WebForwardingData.Proxy {
  670. if err := s.proxy.EditProxy(ctx, webId, v1.ProxyProtocolJSON{
  671. IsOn: true,
  672. Version: proxyProtocolVersion,
  673. }); err != nil {
  674. return fmt.Errorf("启用代理协议失败: %w", err)
  675. }
  676. }
  677. return nil
  678. }
  679. // ConfigureCCProtection 配置CC防护
  680. func (s *aidedWebService) ConfigureCCProtection(ctx context.Context, req *v1.WebForwardingRequest, webId int64) error {
  681. if req.WebForwardingData.CcConfig.IsOn {
  682. if err := s.cc.EditCcConfig(ctx, webId, req.WebForwardingData.CcConfig); err != nil {
  683. return fmt.Errorf("配置CC防护失败: %w", err)
  684. }
  685. }
  686. return nil
  687. }
  688. // ConfigureWafFirewall 配置WAF防火墙
  689. func (s *aidedWebService) ConfigureWafFirewall(ctx context.Context, webId int64, groupId int) error {
  690. if err := s.ccIpList.AddCcIpListPolicy(ctx, webId, int64(groupId)); err != nil {
  691. return fmt.Errorf("配置WAF防火墙失败: %w", err)
  692. }
  693. return nil
  694. }
  695. // ProcessAsyncTasks 处理异步任务
  696. func (s *aidedWebService) ProcessAsyncTasks(ctx context.Context, req *v1.WebForwardingRequest, require RequireResponse) {
  697. // 域名白名单处理
  698. if req.WebForwardingData.Domain != "" {
  699. go func() {
  700. doMain, err := s.wafformatter.ConvertToWildcardDomain(ctx, req.WebForwardingData.Domain)
  701. if err != nil {
  702. return
  703. }
  704. if len(require.GatewayIps) == 0 {
  705. return
  706. }
  707. firstIp, err := s.gatewayIp.GetGatewayipByHostIdFirst(ctx, int64(require.HostId), int64(require.Uid))
  708. if err != nil {
  709. return
  710. }
  711. s.wafformatter.PublishDomainWhitelistTask(doMain, firstIp, "add")
  712. }()
  713. }
  714. // 源站IP白名单处理
  715. if req.WebForwardingData.BackendList != nil {
  716. go func() {
  717. var ips []string
  718. for _, v := range req.WebForwardingData.BackendList {
  719. ip, _, err := net.SplitHostPort(v.Addr)
  720. if err != nil {
  721. continue
  722. }
  723. ips = append(ips, ip)
  724. }
  725. if len(ips) > 0 {
  726. s.wafformatter.PublishIpWhitelistTask(ips, "add", "", "white")
  727. }
  728. }()
  729. }
  730. }
  731. // ProcessIpWhitelistChanges 处理IP白名单变更
  732. func (s *aidedWebService) ProcessIpWhitelistChanges(ctx context.Context, req *v1.WebForwardingRequest, ipData *model.WebForwardingRule) error {
  733. var oldIps, newIps []string
  734. // 提取旧IP列表
  735. for _, v := range ipData.BackendList {
  736. ip, _, err := net.SplitHostPort(v.Addr)
  737. if err != nil {
  738. return fmt.Errorf("解析旧IP地址失败: %w", err)
  739. }
  740. oldIps = append(oldIps, ip)
  741. }
  742. // 提取新IP列表
  743. for _, v := range req.WebForwardingData.BackendList {
  744. ip, _, err := net.SplitHostPort(v.Addr)
  745. if err != nil {
  746. return fmt.Errorf("解析新IP地址失败: %w", err)
  747. }
  748. newIps = append(newIps, ip)
  749. }
  750. // 查找IP差异
  751. addedIps, removedIps := s.wafformatter.findIpDifferences(oldIps, newIps)
  752. // 异步处理添加的IP
  753. if len(addedIps) > 0 {
  754. go s.wafformatter.PublishIpWhitelistTask(addedIps, "add", "", "white")
  755. }
  756. // 异步处理删除的IP
  757. if len(removedIps) > 0 {
  758. go func() {
  759. ipsToDelist, err := s.wafformatter.WashDelIps(ctx, removedIps)
  760. if err != nil {
  761. return
  762. }
  763. if len(ipsToDelist) > 0 {
  764. s.wafformatter.PublishIpWhitelistTask(ipsToDelist, "del", "0", "white")
  765. }
  766. }()
  767. }
  768. return nil
  769. }
  770. // ProcessDeleteIpWhitelist 处理删除IP白名单
  771. func (s *aidedWebService) ProcessDeleteIpWhitelist(ctx context.Context, id int) error {
  772. ipData, err := s.webForwardingRepository.GetWebForwardingIpsByID(ctx, id)
  773. if err != nil {
  774. return fmt.Errorf("获取IP数据失败: %w", err)
  775. }
  776. if ipData != nil && len(ipData.BackendList) > 0 {
  777. var ips []string
  778. for _, v := range ipData.BackendList {
  779. ip, _, err := net.SplitHostPort(v.Addr)
  780. if err != nil {
  781. continue
  782. }
  783. ips = append(ips, ip)
  784. }
  785. if len(ips) > 0 {
  786. go func() {
  787. ipsToDelist, err := s.wafformatter.WashDelIps(ctx, ips)
  788. if err != nil {
  789. return
  790. }
  791. if len(ipsToDelist) > 0 {
  792. s.wafformatter.PublishIpWhitelistTask(ipsToDelist, "del", "0", "white")
  793. }
  794. }()
  795. }
  796. }
  797. return nil
  798. }
  799. // ProcessDomainWhitelistChanges 处理域名白名单变更
  800. func (s *aidedWebService) ProcessDomainWhitelistChanges(ctx context.Context, req *v1.WebForwardingRequest, oldData *model.WebForwarding, require RequireResponse) error {
  801. if oldData.Domain != req.WebForwardingData.Domain {
  802. firstIp, err := s.gatewayIp.GetGatewayipByHostIdFirst(ctx, int64(req.HostId), int64(req.Uid))
  803. if err != nil {
  804. return fmt.Errorf("获取网关IP失败: %w", err)
  805. }
  806. newDomain, err := s.wafformatter.ConvertToWildcardDomain(ctx, req.WebForwardingData.Domain)
  807. if err != nil {
  808. return fmt.Errorf("转换新域名失败: %w", err)
  809. }
  810. oldDomain, err := s.wafformatter.ConvertToWildcardDomain(ctx, oldData.Domain)
  811. if err != nil {
  812. return fmt.Errorf("转换旧域名失败: %w", err)
  813. }
  814. if len(require.GatewayIps) == 0 {
  815. return fmt.Errorf("网关组不存在")
  816. }
  817. // 检查旧域名使用数量
  818. count, err := s.webForwardingRepository.GetDomainCount(ctx, req.HostId, oldData.Domain)
  819. if err != nil {
  820. return fmt.Errorf("获取域名使用数量失败: %w", err)
  821. }
  822. // 异步处理域名白名单变更
  823. go func() {
  824. if count < 2 {
  825. s.wafformatter.PublishDomainWhitelistTask(oldDomain, firstIp, "del")
  826. }
  827. s.wafformatter.PublishDomainWhitelistTask(newDomain, firstIp, "add")
  828. }()
  829. }
  830. return nil
  831. }
  832. // ProcessDeleteDomainWhitelist 处理删除域名白名单
  833. func (s *aidedWebService) ProcessDeleteDomainWhitelist(ctx context.Context, oldData *model.WebForwarding, uid int) error {
  834. if oldData.Domain != "" {
  835. firstIp, err := s.gatewayIp.GetGatewayipByHostIdFirst(ctx, int64(oldData.HostId), int64(uid))
  836. if err != nil {
  837. return fmt.Errorf("获取网关IP失败: %w", err)
  838. }
  839. doMain, err := s.wafformatter.ConvertToWildcardDomain(ctx, oldData.Domain)
  840. if err != nil {
  841. return fmt.Errorf("转换域名失败: %w", err)
  842. }
  843. go s.wafformatter.PublishDomainWhitelistTask(doMain, firstIp, "del")
  844. }
  845. return nil
  846. }
  847. // SaveToDatabase 保存到数据库
  848. func (s *aidedWebService) SaveToDatabase(ctx context.Context, req *v1.WebForwardingRequest, require RequireResponse, webId int64, cdnOriginIds map[string]int64) (int, error) {
  849. webModel := s.BuildWebForwardingModel(&req.WebForwardingData, int(webId), require)
  850. id, err := s.webForwardingRepository.AddWebForwarding(ctx, webModel)
  851. if err != nil {
  852. return 0, fmt.Errorf("添加Web转发记录失败: %w", err)
  853. }
  854. webRuleModel := s.BuildWebRuleModel(&req.WebForwardingData, require, id, cdnOriginIds)
  855. if _, err = s.webForwardingRepository.AddWebForwardingIps(ctx, *webRuleModel); err != nil {
  856. return 0, fmt.Errorf("添加Web转发规则失败: %w", err)
  857. }
  858. return id, nil
  859. }
  860. // UpdateDatabaseRecords 更新数据库记录
  861. func (s *aidedWebService) UpdateDatabaseRecords(ctx context.Context, req *v1.WebForwardingRequest, oldData *model.WebForwarding, require RequireResponse, ipData *model.WebForwardingRule) error {
  862. webModel := s.BuildWebForwardingModel(&req.WebForwardingData, req.WebForwardingData.CdnWebId, require)
  863. webModel.Id = req.WebForwardingData.Id
  864. if err := s.webForwardingRepository.EditWebForwarding(ctx, webModel); err != nil {
  865. return fmt.Errorf("更新Web转发记录失败: %w", err)
  866. }
  867. webRuleModel := s.BuildWebRuleModel(&req.WebForwardingData, require, req.WebForwardingData.Id, ipData.CdnOriginIds)
  868. if err := s.webForwardingRepository.EditWebForwardingIps(ctx, *webRuleModel); err != nil {
  869. return fmt.Errorf("更新Web转发规则失败: %w", err)
  870. }
  871. return nil
  872. }
  873. // CleanupDatabaseRecords 清理数据库记录
  874. func (s *aidedWebService) CleanupDatabaseRecords(ctx context.Context, id int) error {
  875. if err := s.webForwardingRepository.DeleteWebForwarding(ctx, int64(id)); err != nil {
  876. return fmt.Errorf("删除Web转发记录失败: %w", err)
  877. }
  878. if err := s.webForwardingRepository.DeleteWebForwardingIpsById(ctx, id); err != nil {
  879. return fmt.Errorf("删除Web转发规则失败: %w", err)
  880. }
  881. return nil
  882. }
  883. // ProcessSSLCertificateUpdate 处理SSL证书更新
  884. func (s *aidedWebService) ProcessSSLCertificateUpdate(ctx context.Context, req *v1.WebForwardingRequest, oldData *model.WebForwarding, require RequireResponse) error {
  885. if !s.IsHttpsProtocol(req.WebForwardingData.IsHttps) {
  886. return nil // 非HTTPS协议不需要处理SSL证书
  887. }
  888. // 如果证书ID为0
  889. if oldData.SslCertId == 0 {
  890. err := s.ProcessSSLCertificate(ctx, req, require, v1.Website{
  891. HttpsJSON: v1.TypeJSON{
  892. SslPolicyRef: v1.SslPolicyRef{
  893. SslPolicyId: req.WebForwardingData.SslPolicyId,
  894. },
  895. },
  896. })
  897. if err != nil {
  898. return fmt.Errorf("处理SSL证书失败: %w", err)
  899. }
  900. return nil
  901. }
  902. // 如果证书内容有变化
  903. if oldData.HttpsCert != req.WebForwardingData.HttpsCert || oldData.HttpsKey != req.WebForwardingData.HttpsKey {
  904. if err := s.sslCert.EditSSLCert(ctx, v1.SSL{
  905. Name: req.WebForwardingData.Domain,
  906. CertId: oldData.SslCertId,
  907. CertData: req.WebForwardingData.HttpsCert,
  908. KeyData: req.WebForwardingData.HttpsKey,
  909. CdnUserId: require.CdnUid,
  910. Domain: req.WebForwardingData.Domain,
  911. Description: req.WebForwardingData.Comment,
  912. }); err != nil {
  913. return fmt.Errorf("更新SSL证书失败: %w", err)
  914. }
  915. }
  916. return nil
  917. }
  918. // CleanupSSLCertificate 清理SSL证书
  919. func (s *aidedWebService) CleanupSSLCertificate(ctx context.Context, oldData *model.WebForwarding) error {
  920. if oldData.SslCertId != 0 {
  921. if err := s.cdn.DelSSLCert(ctx, int64(oldData.SslCertId)); err != nil {
  922. return fmt.Errorf("删除SSL证书失败: %w", err)
  923. }
  924. if err := s.sslCert.EditSslPolicy(ctx, int64(oldData.SslPolicyId), []int64{int64(oldData.SslCertId)}, "del"); err != nil {
  925. return fmt.Errorf("删除SSL策略失败: %w", err)
  926. }
  927. }
  928. return nil
  929. }