commit

2dc4972e · qiuqunfeng · dc1f4c96 · 2dc4972e · 2dc4972e · 2dc4972e
Commit 2dc4972e authored Feb 06, 2025 by qiuqunfeng
Showing with 70 additions and 17 deletions

db/migrations/create_waf_tables.sql db/migrations/create_waf_tables.sql +2 -2

internal/model/waf.go internal/model/waf.go +20 -12

internal/service/waf.go internal/service/waf.go +48 -3

No files found.
--- a/db/migrations/create_waf_tables.sql
+++ b/db/migrations/create_waf_tables.sql
@@ -9,7 +9,7 @@ CREATE TABLE waf_services (
    mode VARCHAR(50) NOT NULL,
    rule_num INTEGER DEFAULT 0,
    attack_num INTEGER DEFAULT 0,
-    rule_category_status JSONB NOT NULL
+    rule_category_status JSON NOT NULL
 );

 -- Create waf_rules table
@@ -33,7 +33,7 @@ CREATE TABLE waf_rule_categories (
    description_en TEXT,
    description_zh TEXT,
    status INTEGER NOT NULL,
-    rules JSONB NOT NULL
+    rules JSON NOT NULL
 );

 -- Add indexes for better query performance

--- a/internal/model/waf.go
+++ b/internal/model/waf.go
@@ -18,8 +18,16 @@ func (h *HostList) Scan(src interface{}) error {
 }

 type RuleCategoryStatus struct {
-	CategoryID string `json:"category_id"`
-	Status     int    `json:"status"`
+	CategoryID []string `json:"category_id"`
+	Status     int      `json:"status"`
+}
+
+func (r *RuleCategoryStatus) Scan(src interface{}) error {
+	return json.Unmarshal(src.([]byte), r)
+}
+
+func (r RuleCategoryStatus) Value() (driver.Value, error) {
+	return json.Marshal(r)
 }

 type RuleCategoryStatusList []RuleCategoryStatus
@@ -33,16 +41,16 @@ func (r *RuleCategoryStatusList) Scan(src interface{}) error {
 }

 type WafService struct {
-	ID                 uint                   `gorm:"column:id;primaryKey;autoIncrement"`
-	GatewayName        string                 `gorm:"column:gateway_name"`
-	Port               int                    `gorm:"column:port"`
-	Namespace          string                 `gorm:"column:namespace"`
-	RegionCode         string                 `gorm:"column:region_code"`
-	Host               HostList               `gorm:"column:host"`
-	Mode               string                 `gorm:"column:mode"`
-	RuleNum            int                    `gorm:"column:rule_num"`
-	AttackNum          int                    `gorm:"column:attack_num"`
-	RuleCategoryStatus RuleCategoryStatusList `gorm:"column:rule_category_status;type:json"`
+	ID                 uint                `gorm:"column:id;primaryKey;autoIncrement"`
+	GatewayName        string              `gorm:"column:gateway_name"`
+	Port               int                 `gorm:"column:port"`
+	Namespace          string              `gorm:"column:namespace"`
+	RegionCode         string              `gorm:"column:region_code"`
+	Host               HostList            `gorm:"column:host"`
+	Mode               string              `gorm:"column:mode"`
+	RuleNum            int                 `gorm:"column:rule_num"`
+	AttackNum          int                 `gorm:"column:attack_num"`
+	RuleCategoryStatus *RuleCategoryStatus `gorm:"column:rule_category_status;type:json"`
 }

 func (WafService) TableName() string {

--- a/internal/service/waf.go
+++ b/internal/service/waf.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"os"
+	"slices"

 	"gitlab.com/tensorsecurity-rd/waf-console/internal/model"
 	"gitlab.com/tensorsecurity-rd/waf-console/pkg/apis/waf.security.io/v1alpha1"
@@ -33,6 +34,7 @@ func (s *wafService) GetWaf(ctx context.Context, gatewayName string) (*Waf, erro
 }

 func (s *wafService) CreateWaf(ctx context.Context, req *CreateWafReq) (*Waf, error) {
+	// Create the WAF service resource
 	service := &v1alpha1.Service{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      req.GatewayName,
@@ -49,9 +51,52 @@ func (s *wafService) CreateWaf(ctx context.Context, req *CreateWafReq) (*Waf, er
 			},
 		},
 	}
-	_, err := s.client.WafV1alpha1().Services(req.Namespace).Create(context.Background(), service, metav1.CreateOptions{})
-	if err != nil {
-		return nil, err
+
+	// Get enabled rule categories from DB
+	var ruleCategories []model.WafRuleCategory
+	if err := s.db.Model(&model.WafRuleCategory{}).Where("status = ?", 1).Find(&ruleCategories).Error; err != nil {
+		return nil, fmt.Errorf("failed to get rule categories: %v", err)
+	}
+
+	// Get existing WAF service config if any
+	wafService := &model.WafService{}
+	err := s.db.Model(&model.WafService{}).Where("gateway_name = ?", req.GatewayName).First(wafService).Error
+	if err != nil && err != gorm.ErrRecordNotFound {
+		return nil, fmt.Errorf("failed to get WAF service: %v", err)
+	}
+
+	// Determine which rule categories to enable
+	var enabledCategories []model.WafRuleCategory
+	if len(wafService.RuleCategoryStatus.CategoryID) > 0 {
+		// Only include categories not already enabled
+		for _, category := range ruleCategories {
+			if !slices.Contains(wafService.RuleCategoryStatus.CategoryID, category.CategoryID) {
+				enabledCategories = append(enabledCategories, category)
+			}
+		}
+	} else {
+		// Enable all categories if none specified
+		enabledCategories = ruleCategories
+	}
+
+	// Add rules from enabled categories
+	for _, category := range enabledCategories {
+		for _, rule := range category.Rules {
+			service.Spec.Rules = append(service.Spec.Rules, v1alpha1.Rule{
+				ID:          rule.ID,
+				Level:       rule.Level,
+				Name:        rule.Name,
+				Type:        rule.Type,
+				Description: rule.Description,
+				Expr:        rule.Expr,
+				Mode:        rule.Mode,
+			})
+		}
+	}
+
+	// Create the WAF service in Kubernetes
+	if _, err := s.client.WafV1alpha1().Services(req.Namespace).Create(ctx, service, metav1.CreateOptions{}); err != nil {
+		return nil, fmt.Errorf("failed to create WAF service: %v", err)
 	}

 	return nil, nil