/
ip_geo.go
150 lines (124 loc) · 4.84 KB
/
ip_geo.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
package appsec
import (
"context"
"fmt"
"net/http"
validation "github.com/go-ozzo/ozzo-validation/v4"
)
type (
// The IPGeo interface supports querying which network lists are used in the IP/Geo firewall settings,
// as well as updating the method and which network lists are used for IP/Geo firewall blocking.
//
// https://developer.akamai.com/api/cloud_security/application_security/v1.html#ipgeofirewall
IPGeo interface {
// https://developer.akamai.com/api/cloud_security/application_security/v1.html#getipgeofirewall
GetIPGeo(ctx context.Context, params GetIPGeoRequest) (*GetIPGeoResponse, error)
// https://developer.akamai.com/api/cloud_security/application_security/v1.html#putipgeofirewall
UpdateIPGeo(ctx context.Context, params UpdateIPGeoRequest) (*UpdateIPGeoResponse, error)
}
// GetIPGeoRequest is used to retrieve the network lists used in IP/Geo firewall settings.
GetIPGeoRequest struct {
ConfigID int `json:"-"`
Version int `json:"-"`
PolicyID string `json:"-"`
}
// IPGeoNetworkLists is used to specify IP or GEO network lists to be blocked or allowed.
IPGeoNetworkLists struct {
NetworkList []string `json:"networkList,omitempty"`
}
// IPGeoGeoControls is used to specify GEO network lists to be blocked.
IPGeoGeoControls struct {
BlockedIPNetworkLists *IPGeoNetworkLists `json:"blockedIPNetworkLists,omitempty"`
}
// IPGeoIPControls is used to specify IP or GEO network lists to be blocked or allowed.
IPGeoIPControls struct {
AllowedIPNetworkLists *IPGeoNetworkLists `json:"allowedIPNetworkLists,omitempty"`
BlockedIPNetworkLists *IPGeoNetworkLists `json:"blockedIPNetworkLists,omitempty"`
}
// UpdateIPGeoRequest is used to update the method and which network lists are used for IP/Geo firewall blocking.
UpdateIPGeoRequest struct {
ConfigID int `json:"-"`
Version int `json:"-"`
PolicyID string `json:"-"`
Block string `json:"block"`
GeoControls *IPGeoGeoControls `json:"geoControls,omitempty"`
IPControls *IPGeoIPControls `json:"ipControls,omitempty"`
}
// IPGeoFirewall is used to describe an IP/Geo firewall.
IPGeoFirewall struct {
Block string `json:"block"`
GeoControls *IPGeoGeoControls `json:"geoControls,omitempty"`
IPControls *IPGeoIPControls `json:"ipControls,omitempty"`
}
// GetIPGeoResponse is returned from a call to GetIPGeo
GetIPGeoResponse IPGeoFirewall
// UpdateIPGeoResponse is returned from a call to UpdateIPGeo
UpdateIPGeoResponse IPGeoFirewall
)
// Validate validates a GetIPGeoRequest.
func (v GetIPGeoRequest) Validate() error {
return validation.Errors{
"ConfigID": validation.Validate(v.ConfigID, validation.Required),
"Version": validation.Validate(v.Version, validation.Required),
"PolicyID": validation.Validate(v.PolicyID, validation.Required),
}.Filter()
}
// Validate validates an UpdateIPGeoRequest.
func (v UpdateIPGeoRequest) Validate() error {
return validation.Errors{
"ConfigID": validation.Validate(v.ConfigID, validation.Required),
"Version": validation.Validate(v.Version, validation.Required),
"PolicyID": validation.Validate(v.PolicyID, validation.Required),
}.Filter()
}
func (p *appsec) GetIPGeo(ctx context.Context, params GetIPGeoRequest) (*GetIPGeoResponse, error) {
logger := p.Log(ctx)
logger.Debug("GetIPGeo")
if err := params.Validate(); err != nil {
return nil, fmt.Errorf("%w: %s", ErrStructValidation, err.Error())
}
uri := fmt.Sprintf(
"/appsec/v1/configs/%d/versions/%d/security-policies/%s/ip-geo-firewall",
params.ConfigID,
params.Version,
params.PolicyID)
req, err := http.NewRequestWithContext(ctx, http.MethodGet, uri, nil)
if err != nil {
return nil, fmt.Errorf("failed to create GetIPGeo request: %w", err)
}
var result GetIPGeoResponse
resp, err := p.Exec(req, &result)
if err != nil {
return nil, fmt.Errorf("get IPGeo request failed: %w", err)
}
if resp.StatusCode != http.StatusOK {
return nil, p.Error(resp)
}
return &result, nil
}
func (p *appsec) UpdateIPGeo(ctx context.Context, params UpdateIPGeoRequest) (*UpdateIPGeoResponse, error) {
logger := p.Log(ctx)
logger.Debug("UpdateIPGeo")
if err := params.Validate(); err != nil {
return nil, fmt.Errorf("%w: %s", ErrStructValidation, err.Error())
}
uri := fmt.Sprintf(
"/appsec/v1/configs/%d/versions/%d/security-policies/%s/ip-geo-firewall",
params.ConfigID,
params.Version,
params.PolicyID,
)
req, err := http.NewRequestWithContext(ctx, http.MethodPut, uri, nil)
if err != nil {
return nil, fmt.Errorf("failed to create UpdateIPGeo request: %w", err)
}
var result UpdateIPGeoResponse
resp, err := p.Exec(req, &result, params)
if err != nil {
return nil, fmt.Errorf("update IPGeo request failed: %w", err)
}
if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusCreated {
return nil, p.Error(resp)
}
return &result, nil
}