Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
qiuqunfeng
waf-console
Commits
0110ce11
Commit
0110ce11
authored
Feb 15, 2025
by
qiuqunfeng
Browse files
commit
parent
9838a846
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
63 additions
and
0 deletions
+63
-0
internal/service/waf.go
internal/service/waf.go
+63
-0
No files found.
internal/service/waf.go
View file @
0110ce11
...
@@ -54,6 +54,69 @@ func (s *wafService) GetWaf(ctx context.Context, regionCode, namespace, gatewayN
...
@@ -54,6 +54,69 @@ func (s *wafService) GetWaf(ctx context.Context, regionCode, namespace, gatewayN
},
nil
},
nil
}
}
func
(
s
*
wafService
)
getRulesForService
(
req
*
CreateWafReq
)
([]
v1alpha1
.
Rule
,
error
)
{
rules
:=
[]
v1alpha1
.
Rule
{}
ruleCategories
:=
[]
model
.
WafRuleCategory
{}
if
err
:=
s
.
db
.
Model
(
&
model
.
WafRuleCategory
{})
.
Where
(
"status = ?"
,
0
)
.
Find
(
&
ruleCategories
)
.
Error
;
err
!=
nil
{
return
nil
,
fmt
.
Errorf
(
"failed to get rule categories: %v"
,
err
)
}
// Get existing WAF service config if any
wafService
:=
&
model
.
WafService
{}
err
:=
s
.
db
.
Model
(
&
model
.
WafService
{})
.
Where
(
"gateway_name = ? AND namespace = ? AND region_code = ?"
,
req
.
GatewayName
,
req
.
Namespace
,
req
.
RegionCode
)
.
First
(
wafService
)
.
Error
if
err
!=
nil
{
if
err
==
gorm
.
ErrRecordNotFound
{
// Create new WAF service record if not found
wafService
=
&
model
.
WafService
{
RegionCode
:
req
.
RegionCode
,
Namespace
:
req
.
Namespace
,
GatewayName
:
req
.
GatewayName
,
Mode
:
string
(
WafModeAlert
),
Host
:
model
.
HostList
(
req
.
Host
),
}
if
err
:=
s
.
db
.
Create
(
wafService
)
.
Error
;
err
!=
nil
{
return
nil
,
fmt
.
Errorf
(
"failed to create WAF service: %v"
,
err
)
}
}
else
{
return
nil
,
fmt
.
Errorf
(
"failed to query WAF service: %v"
,
err
)
}
}
// Determine which rule categories to enable
var
enabledCategories
[]
model
.
WafRuleCategory
if
wafService
.
RuleCategoryStatus
!=
nil
&&
len
(
wafService
.
RuleCategoryStatus
.
CategoryID
)
>
0
{
// Only include categories not already enabled
for
_
,
category
:=
range
ruleCategories
{
for
_
,
id
:=
range
wafService
.
RuleCategoryStatus
.
CategoryID
{
if
id
==
category
.
CategoryID
{
enabledCategories
=
append
(
enabledCategories
,
category
)
continue
}
}
}
}
else
{
// Enable all categories if none specified
enabledCategories
=
ruleCategories
}
for
_
,
category
:=
range
enabledCategories
{
for
_
,
rule
:=
range
category
.
Rules
{
rules
=
append
(
rules
,
v1alpha1
.
Rule
{
ID
:
rule
.
ID
,
Level
:
rule
.
Level
,
Name
:
rule
.
Name
,
Type
:
rule
.
Type
,
Description
:
rule
.
Description
,
Expr
:
rule
.
Expr
,
Mode
:
rule
.
Mode
,
})
}
}
return
rules
,
nil
}
func
(
s
*
wafService
)
CreateWaf
(
ctx
context
.
Context
,
req
*
CreateWafReq
)
(
*
WafService
,
error
)
{
func
(
s
*
wafService
)
CreateWaf
(
ctx
context
.
Context
,
req
*
CreateWafReq
)
(
*
WafService
,
error
)
{
// Create the WAF service resource
// Create the WAF service resource
name
:=
fmt
.
Sprintf
(
"%s-%d"
,
req
.
GatewayName
,
req
.
Port
)
name
:=
fmt
.
Sprintf
(
"%s-%d"
,
req
.
GatewayName
,
req
.
Port
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
