-
Notifications
You must be signed in to change notification settings - Fork 6
/
upgradeTemplate.go
125 lines (113 loc) · 3.27 KB
/
upgradeTemplate.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
// Copyright 2021 GoEdge CDN goedge.cdn@gmail.com. All rights reserved.
package waf
import (
"encoding/json"
"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
"github.com/TeaOSLab/EdgeCommon/pkg/langs/codes"
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
)
type UpgradeTemplateAction struct {
actionutils.ParentAction
}
func (this *UpgradeTemplateAction) RunPost(params struct {
PolicyId int64
}) {
defer this.CreateLogInfo(codes.WAFPolicy_LogUpgradeWAFPolicy, params.PolicyId)
policy, err := dao.SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicyConfig(this.AdminContext(), params.PolicyId)
if err != nil {
this.ErrorPage(err)
return
}
if policy == nil {
this.NotFound("firewallPolicy", params.PolicyId)
return
}
// 检查是否有升级
var templatePolicy = firewallconfigs.HTTPFirewallTemplate()
if templatePolicy.Inbound != nil {
for _, group := range templatePolicy.Inbound.Groups {
if len(group.Code) == 0 {
continue
}
var oldGroup = policy.FindRuleGroupWithCode(group.Code)
if oldGroup == nil {
createGroupResp, err := this.RPC().HTTPFirewallRuleGroupRPC().CreateHTTPFirewallRuleGroup(this.AdminContext(), &pb.CreateHTTPFirewallRuleGroupRequest{
IsOn: true,
Name: group.Name,
Code: group.Code,
Description: group.Description,
})
if err != nil {
this.ErrorPage(err)
return
}
var groupId = createGroupResp.FirewallRuleGroupId
policy.Inbound.GroupRefs = append(policy.Inbound.GroupRefs, &firewallconfigs.HTTPFirewallRuleGroupRef{
IsOn: true,
GroupId: groupId,
})
for _, set := range group.Sets {
setJSON, err := json.Marshal(set)
if err != nil {
this.ErrorPage(err)
return
}
_, err = this.RPC().HTTPFirewallRuleGroupRPC().AddHTTPFirewallRuleGroupSet(this.AdminContext(), &pb.AddHTTPFirewallRuleGroupSetRequest{
FirewallRuleGroupId: groupId,
FirewallRuleSetConfigJSON: setJSON,
})
if err != nil {
this.ErrorPage(err)
return
}
}
continue
}
for _, set := range group.Sets {
if len(set.Code) == 0 {
continue
}
var oldSet = oldGroup.FindRuleSetWithCode(set.Code)
if oldSet == nil {
setJSON, err := json.Marshal(set)
if err != nil {
this.ErrorPage(err)
return
}
_, err = this.RPC().HTTPFirewallRuleGroupRPC().AddHTTPFirewallRuleGroupSet(this.AdminContext(), &pb.AddHTTPFirewallRuleGroupSetRequest{
FirewallRuleGroupId: oldGroup.Id,
FirewallRuleSetConfigJSON: setJSON,
})
if err != nil {
this.ErrorPage(err)
return
}
continue
}
}
}
}
// 保存inbound
inboundJSON, err := policy.InboundJSON()
if err != nil {
this.ErrorPage(err)
return
}
outboundJSON, err := policy.OutboundJSON()
if err != nil {
this.ErrorPage(err)
return
}
_, err = this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallPolicyGroups(this.AdminContext(), &pb.UpdateHTTPFirewallPolicyGroupsRequest{
HttpFirewallPolicyId: params.PolicyId,
InboundJSON: inboundJSON,
OutboundJSON: outboundJSON,
})
if err != nil {
this.ErrorPage(err)
return
}
this.Success()
}