Add endpoints for detailed attack log retrieval in WAF API

- Introduce new API routes for fetching attack log details and response packages.
- Implement corresponding methods in the WafController and wafService to handle the new functionality.
- Update service interface and types to support the new data structures for attack logs and responses.

api/waf.go

@@ -27,6 +27,8 @@ func SetWafRouter(e *gin.Engine, clusterClientManager *utils.ClusterClientManage
 
 	v2 := e.Group("api/v2/containerSec/waf")
 	v2.GET("attack/log/list", wafController.ListAttackLogs)
+	v2.GET("attack/log/details", wafController.GetAttackLogDetails)
+	v2.GET("attack/log/rspPkg", wafController.GetAttackLogRsp)
 	v2.GET("rules", wafController.ListRules)
 	v2.PUT("rules", wafController.UpdateRule)
 	v2.POST("blackwhitelist", wafController.CreateBlackWhiteList)

internal/controller/waf.go

@@ -371,6 +371,56 @@ func getLimitAndOffset(ctx *gin.Context) (int, int, error) {
 	return limit, offset, nil
 }
 
+func (c *WafController) GetAttackLogDetails(ctx *gin.Context) {
+	ctx1, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	defer cancel()
+
+	id := ctx.Query("uuid")
+	idUint, err := strconv.ParseUint(id, 10, 32)
+	if err != nil {
+		utils.AssembleResponse(ctx, nil, err)
+		return
+	}
+
+	details, err := c.service.GetAttackLogDetails(ctx1, uint32(idUint))
+	if err != nil {
+		utils.AssembleResponse(ctx, nil, err)
+		return
+	}
+	resp := &utils.SingleRespData{
+		Item: details,
+	}
+	utils.AssembleResponse(ctx, resp, nil)
+}
+
+func (c *WafController) GetAttackLogRsp(ctx *gin.Context) {
+	ctx1, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	defer cancel()
+
+	id := ctx.Query("uuid")
+	idUint, err := strconv.ParseUint(id, 10, 32)
+	if err != nil {
+		utils.AssembleResponse(ctx, nil, err)
+		return
+	}
+	length := ctx.Query("length")
+	lengthUint, err := strconv.ParseUint(length, 10, 32)
+	if err != nil {
+		utils.AssembleResponse(ctx, nil, err)
+		return
+	}
+
+	rsp, err := c.service.GetAttackLogRsp(ctx1, uint32(idUint), uint32(lengthUint))
+	if err != nil {
+		utils.AssembleResponse(ctx, nil, err)
+		return
+	}
+	resp := &utils.SingleRespData{
+		Item: rsp,
+	}
+	utils.AssembleResponse(ctx, resp, nil)
+}
+
 func (c *WafController) CreateBlackWhiteList(ctx *gin.Context) {
 	ctx1, cancel := context.WithTimeout(context.Background(), 10*time.Second)
 	defer cancel()

internal/service/service.go

@@ -20,6 +20,8 @@ type Service interface {
 	DeleteListenerWaf(ctx context.Context, req *DeleteListenerReq) error
 	EnableListenerWafs(ctx context.Context, req *EnableListenerWafsReq) error
 	ListAttackLogs(ctx context.Context, req *AttackLogFilter) ([]AttackLog, string, error)
+	GetAttackLogDetails(ctx context.Context, id uint32) (*AttackLog, error)
+	GetAttackLogRsp(ctx context.Context, id uint32, length uint32) (*AttackRsp, error)
 	ListRules(ctx context.Context, regionCode, namespace, gatewayName, language, name string) ([]RuleGroupResp, error)
 	CreateBlackWhiteList(ctx context.Context, req *MatcherExpr) error
 	UpdateBlackWhiteList(ctx context.Context, req *MatcherExpr) error

internal/service/types.go

@@ -337,10 +337,19 @@ type AttackLog struct {
 	AttackTime     int64  `json:"attack_time"`
 	AttackedApp    string `json:"attacked_app"`
 	AttackListener string `json:"attack_listener"`
+	AttackLoad     string `json:"attack_load"`
 	ClusterKey     string `json:"cluster_key"`
 	Action         string `json:"action"`
+	RuleName       string `json:"rule_name"`
+	RequestPkg     string `json:"request_pkg"`
 }
 
+type AttackRsp struct {
+	Uuid        string `json:"uuid"`
+	Intact      bool   `json:"intact"`
+	ContentType string `json:"content_type"`
+	RspPkg      string `json:"rspPkg"`
+}
 type AttackLogFilter struct {
 	Offset         int    `json:"offset"`
 	Limit          int    `json:"limit"`

internal/service/waf.go

@@ -1004,6 +1004,60 @@ func (s *wafService) ListAttackLogs(ctx context.Context, req *AttackLogFilter) (
 	return attackLogs, pageToken, nil
 }
 
+func (s *wafService) GetAttackLogDetails(ctx context.Context, id uint32) (*AttackLog, error) {
+	res, err := s.elasticClient.Search("waf-detections*").
+		Query(elastic.NewTermQuery("id.keyword", id)).Do(ctx)
+	if err != nil {
+		return nil, fmt.Errorf("failed to search waf detections: %v", err)
+	}
+
+	wafDetection := model.WafDetection{}
+	if err = json.Unmarshal(res.Hits.Hits[0].Source, &wafDetection); err != nil {
+		return nil, fmt.Errorf("failed to unmarshal waf detection: %v", err)
+	}
+
+	attackLog := &AttackLog{
+		Uuid:           wafDetection.ID,
+		AttackTime:     wafDetection.AttackTime,
+		AttackIp:       wafDetection.AttackIP,
+		AttackListener: wafDetection.AttackedApp,
+		AttackType:     wafDetection.AttackType,
+		Action:         wafDetection.Action,
+		RuleName:       wafDetection.RuleName,
+		AttackLoad:     wafDetection.AttackLoad,
+		RequestPkg:     wafDetection.ReqPkg,
+	}
+	return attackLog, nil
+}
+
+func (s *wafService) GetAttackLogRsp(ctx context.Context, id uint32, length uint32) (*AttackRsp, error) {
+	res, err := s.elasticClient.Search("waf-detections*").
+		Query(elastic.NewTermQuery("id.keyword", id)).Do(ctx)
+	if err != nil {
+		return nil, fmt.Errorf("failed to search waf detections: %v", err)
+	}
+
+	wafDetection := model.WafDetection{}
+	if err = json.Unmarshal(res.Hits.Hits[0].Source, &wafDetection); err != nil {
+		return nil, fmt.Errorf("failed to unmarshal waf detection: %v", err)
+	}
+
+	rspData := wafDetection.RspPkg
+	intact := true
+
+	if length != 0 && length < uint32(len(rspData)) {
+		rspData = wafDetection.RspPkg[0:length]
+		intact = false
+	}
+	attackRsp := &AttackRsp{
+		Uuid:        wafDetection.ID,
+		Intact:      intact,
+		ContentType: wafDetection.RspContentType,
+		RspPkg:      rspData,
+	}
+	return attackRsp, nil
+}
+
 func (s *wafService) ListRules(ctx context.Context, regionCode, namespace, gatewayName, language, name string) ([]RuleGroupResp, error) {
 	ruleCategories := []model.WafRuleCategory{}
 	db := s.db.Model(&model.WafRuleCategory{})