commit

0110ce11 · qiuqunfeng · 9838a846 · 0110ce11
Commit 0110ce11 authored Feb 15, 2025 by qiuqunfeng
Show whitespace changes
Inline Side-by-side

Showing with 63 additions and 0 deletions

internal/service/waf.go internal/service/waf.go +63 -0

No files found.
--- a/internal/service/waf.go
+++ b/internal/service/waf.go
@@ -54,6 +54,69 @@ func (s *wafService) GetWaf(ctx context.Context, regionCode, namespace, gatewayN
 	}, nil
 }

+func (s *wafService) getRulesForService(req *CreateWafReq) ([]v1alpha1.Rule, error) {
+	rules := []v1alpha1.Rule{}
+	ruleCategories := []model.WafRuleCategory{}
+	if err := s.db.Model(&model.WafRuleCategory{}).Where("status = ?", 0).Find(&ruleCategories).Error; err != nil {
+		return nil, fmt.Errorf("failed to get rule categories: %v", err)
+	}
+
+	// Get existing WAF service config if any
+	wafService := &model.WafService{}
+	err := s.db.Model(&model.WafService{}).Where("gateway_name = ? AND namespace = ? AND region_code = ?", req.GatewayName, req.Namespace, req.RegionCode).First(wafService).Error
+	if err != nil {
+		if err == gorm.ErrRecordNotFound {
+			// Create new WAF service record if not found
+			wafService = &model.WafService{
+				RegionCode:  req.RegionCode,
+				Namespace:   req.Namespace,
+				GatewayName: req.GatewayName,
+				Mode:        string(WafModeAlert),
+				Host:        model.HostList(req.Host),
+			}
+			if err := s.db.Create(wafService).Error; err != nil {
+				return nil, fmt.Errorf("failed to create WAF service: %v", err)
+			}
+		} else {
+			return nil, fmt.Errorf("failed to query WAF service: %v", err)
+		}
+	}
+
+	// Determine which rule categories to enable
+	var enabledCategories []model.WafRuleCategory
+
+	if wafService.RuleCategoryStatus != nil && len(wafService.RuleCategoryStatus.CategoryID) > 0 {
+		// Only include categories not already enabled
+		for _, category := range ruleCategories {
+			for _, id := range wafService.RuleCategoryStatus.CategoryID {
+				if id == category.CategoryID {
+					enabledCategories = append(enabledCategories, category)
+					continue
+				}
+			}
+		}
+	} else {
+		// Enable all categories if none specified
+		enabledCategories = ruleCategories
+	}
+
+	for _, category := range enabledCategories {
+		for _, rule := range category.Rules {
+			rules = append(rules, v1alpha1.Rule{
+				ID:          rule.ID,
+				Level:       rule.Level,
+				Name:        rule.Name,
+				Type:        rule.Type,
+				Description: rule.Description,
+				Expr:        rule.Expr,
+				Mode:        rule.Mode,
+			})
+		}
+	}
+
+	return rules, nil
+}
+
 func (s *wafService) CreateWaf(ctx context.Context, req *CreateWafReq) (*WafService, error) {
 	// Create the WAF service resource
 	name := fmt.Sprintf("%s-%d", req.GatewayName, req.Port)