From 5082a4f9f9cd93057f159e283bb9578a959fd2e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=80=97=E5=AD=90?= Date: Fri, 11 Oct 2024 02:34:18 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E5=85=A8=E5=B1=80=E7=A7=BB=E9=99=A4waf?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- internal/data/website.go | 53 ++--------------------------- internal/http/request/website.go | 20 ----------- pkg/types/website.go | 4 --- web/src/api/panel/website/index.ts | 4 +-- web/src/views/website/EditView.vue | 33 ------------------ web/src/views/website/IndexView.vue | 23 ++++++------- web/src/views/website/types.ts | 4 --- 7 files changed, 15 insertions(+), 126 deletions(-) diff --git a/internal/data/website.go b/internal/data/website.go index 6b155d5f..22420902 100644 --- a/internal/data/website.go +++ b/internal/data/website.go @@ -140,21 +140,6 @@ func (r *websiteRepo) Get(id uint) (*types.WebsiteSetting, error) { setting.SSLDNSNames = decode.DNSNames } - waf := str.Cut(config, "# waf标记位开始", "# waf标记位结束") - setting.Waf = strings.Contains(waf, "waf on;") - match = regexp.MustCompile(`waf_mode\s+([^;]*);?`).FindStringSubmatch(waf) - if len(match) > 1 { - setting.WafMode = match[1] - } - match = regexp.MustCompile(`waf_cc_deny\s+([^;]*);?`).FindStringSubmatch(waf) - if len(match) > 1 { - setting.WafCcDeny = match[1] - } - match = regexp.MustCompile(`waf_cache\s+([^;]*);?`).FindStringSubmatch(waf) - if len(match) > 1 { - setting.WafCache = match[1] - } - rewrite, _ := io.Read(filepath.Join(app.Root, "server/vhost/rewrite", website.Name+".conf")) setting.Rewrite = rewrite log, _ := shell.Execf(`tail -n 100 '%s/wwwlogs/%s.log'`, app.Root, website.Name) @@ -268,14 +253,6 @@ server include enable-php-%s.conf; # php标记位结束 - # waf标记位开始 - waf off; - waf_rule_path %s/server/openresty/ngx_waf/assets/rules/; - waf_mode DYNAMIC; - waf_cc_deny rate=1000r/m duration=60m; - waf_cache capacity=50; - # waf标记位结束 - # 错误页配置,可自行设置 error_page 404 /404.html; #error_page 502 /502.html; @@ -302,7 +279,7 @@ server access_log %s/wwwlogs/%s.log; error_log %s/wwwlogs/%s.log; } -`, portList, domainList, req.Path, req.PHP, app.Root, app.Root, req.Name, app.Root, req.Name, app.Root, req.Name, app.Root, req.Name) +`, portList, domainList, req.Path, req.PHP, app.Root, req.Name, app.Root, req.Name, app.Root, req.Name, app.Root, req.Name) if err = io.Write(filepath.Join(app.Root, "server/vhost", req.Name+".conf"), nginxConf, 0644); err != nil { return nil, err @@ -479,24 +456,6 @@ func (r *websiteRepo) Update(req *request.WebsiteUpdate) error { } } - // WAF - wafStr := "off" - if req.Waf { - wafStr = "on" - } - wafConfig := fmt.Sprintf(`# waf标记位开始 - waf %s; - waf_rule_path %s/server/openresty/ngx_waf/assets/rules/; - waf_mode %s; - waf_cc_deny %s; - waf_cache %s; - `, wafStr, app.Root, req.WafMode, req.WafCcDeny, req.WafCache) - wafConfigOld := str.Cut(raw, "# waf标记位开始", "# waf标记位结束") - if len(strings.TrimSpace(wafConfigOld)) != 0 { - raw = strings.Replace(raw, wafConfigOld, "", -1) - } - raw = strings.Replace(raw, "# waf标记位开始", wafConfig, -1) - // SSL if err = io.Write(filepath.Join(app.Root, "server/vhost/ssl", website.Name+".pem"), req.SSLCertificate, 0644); err != nil { return err @@ -689,14 +648,6 @@ server include enable-php-%d.conf; # php标记位结束 - # waf标记位开始 - waf off; - waf_rule_path %s/server/openresty/ngx_waf/assets/rules/; - waf_mode DYNAMIC; - waf_cc_deny rate=1000r/m duration=60m; - waf_cache capacity=50; - # waf标记位结束 - # 错误页配置,可自行设置 error_page 404 /404.html; #error_page 502 /502.html; @@ -724,7 +675,7 @@ server error_log %s/wwwlogs/%s.log; } -`, website.Path, website.PHP, app.Root, app.Root, website.Name, app.Root, website.Name, app.Root, website.Name, app.Root, website.Name) +`, website.Path, website.PHP, app.Root, website.Name, app.Root, website.Name, app.Root, website.Name, app.Root, website.Name) if err := io.Write(filepath.Join(app.Root, "server/vhost", website.Name+".conf"), raw, 0644); err != nil { return nil } diff --git a/internal/http/request/website.go b/internal/http/request/website.go index d38a4bf2..bde171aa 100644 --- a/internal/http/request/website.go +++ b/internal/http/request/website.go @@ -1,7 +1,5 @@ package request -import "net/http" - type WebsiteDefaultConfig struct { Index string `json:"index" form:"index"` Stop string `json:"stop" form:"stop"` @@ -37,10 +35,6 @@ type WebsiteUpdate struct { SSL bool `form:"ssl" json:"ssl"` HTTPRedirect bool `form:"http_redirect" json:"http_redirect"` OpenBasedir bool `form:"open_basedir" json:"open_basedir"` - Waf bool `form:"waf" json:"waf"` - WafCache string `form:"waf_cache" json:"waf_cache"` - WafMode string `form:"waf_mode" json:"waf_mode"` - WafCcDeny string `form:"waf_cc_deny" json:"waf_cc_deny"` Index string `form:"index" json:"index"` Path string `form:"path" json:"path"` Root string `form:"root" json:"root"` @@ -51,20 +45,6 @@ type WebsiteUpdate struct { SSLCertificateKey string `form:"ssl_certificate_key" json:"ssl_certificate_key"` } -func (r *WebsiteUpdate) Prepare(_ *http.Request) error { - if r.WafMode == "" { - r.WafMode = "DYNAMIC" - } - if r.WafCcDeny == "" { - r.WafCcDeny = "rate=1000r/m duration=60m" - } - if r.WafCache == "" { - r.WafCache = "capacity=50" - } - - return nil -} - type WebsiteUpdateRemark struct { ID uint `form:"id" json:"id"` Remark string `form:"remark" json:"remark"` diff --git a/pkg/types/website.go b/pkg/types/website.go index e446aebf..692d76d0 100644 --- a/pkg/types/website.go +++ b/pkg/types/website.go @@ -23,10 +23,6 @@ type WebsiteSetting struct { HTTPRedirect bool `json:"http_redirect"` HSTS bool `json:"hsts"` OCSP bool `json:"ocsp"` - Waf bool `json:"waf"` - WafMode string `json:"waf_mode"` - WafCcDeny string `json:"waf_cc_deny"` - WafCache string `json:"waf_cache"` Rewrite string `json:"rewrite"` Raw string `json:"raw"` Log string `json:"log"` diff --git a/web/src/api/panel/website/index.ts b/web/src/api/panel/website/index.ts index ef45fe6f..97a89123 100644 --- a/web/src/api/panel/website/index.ts +++ b/web/src/api/panel/website/index.ts @@ -6,8 +6,8 @@ export default { // 列表 list: (page: number, limit: number): Promise> => request.get('/website', { params: { page, limit } }), - // 添加 - add: (data: any): Promise> => request.post('/website', data), + // 创建 + create: (data: any): Promise> => request.post('/website', data), // 删除 delete: (data: any): Promise> => request.post('/website/' + data.id, data), // 获取默认配置 diff --git a/web/src/views/website/EditView.vue b/web/src/views/website/EditView.vue index 61d37db4..180d8b29 100644 --- a/web/src/views/website/EditView.vue +++ b/web/src/views/website/EditView.vue @@ -31,10 +31,6 @@ const setting = ref({ http_redirect: false, hsts: false, ocsp: false, - waf: false, - waf_mode: '', - waf_cc_deny: '', - waf_cache: '', rewrite: '', raw: '', log: '' @@ -173,35 +169,6 @@ onMounted(() => { - - - 面板自带开源的 ngx_waf 防火墙 -
- 文档参考:https://docs.addesp.com/ngx_waf/zh-cn/advance/directive.html - - - - - - 只有打开了总开关,下面的设置才会生效! - - - - - - - - - - - - - - 开启 HTTPS 前,请先在域名端口处添加 443 端口! diff --git a/web/src/views/website/IndexView.vue b/web/src/views/website/IndexView.vue index ff238fea..331ae69d 100644 --- a/web/src/views/website/IndexView.vue +++ b/web/src/views/website/IndexView.vue @@ -190,7 +190,7 @@ const buttonDisabled = ref(false) const addModel = ref({ name: '', domains: [] as Array, - ports: [] as Array, + ports: [] as Array, php: '0', db: false, db_type: '0', @@ -307,15 +307,15 @@ const handleAdd = async () => { buttonDisabled.value = true // 去除空的域名和端口 addModel.value.domains = addModel.value.domains.filter((item) => item !== '') - addModel.value.ports = addModel.value.ports.filter((item) => item !== '') + addModel.value.ports = addModel.value.ports.filter((item) => item !== 0) // 端口为空自动添加 80 端口 if (addModel.value.ports.length === 0) { - addModel.value.ports.push('80') + addModel.value.ports.push(80) } await website - .add(addModel.value) + .create(addModel.value) .then(() => { - window.$message.success('添加成功') + window.$message.success('创建成功') getWebsiteList(pagination.page, pagination.pageSize).then((res) => { data.value = res.items pagination.itemCount = res.total @@ -325,7 +325,7 @@ const handleAdd = async () => { addModel.value = { name: '', domains: [] as Array, - ports: [] as Array, + ports: [] as Array, php: '0', db: false, db_type: '0', @@ -448,12 +448,11 @@ onMounted(() => { - + + + diff --git a/web/src/views/website/types.ts b/web/src/views/website/types.ts index 8beae747..e677e818 100644 --- a/web/src/views/website/types.ts +++ b/web/src/views/website/types.ts @@ -32,10 +32,6 @@ export interface WebsiteSetting { http_redirect: boolean hsts: boolean ocsp: boolean - waf: boolean - waf_mode: string - waf_cc_deny: string - waf_cache: string rewrite: string raw: string log: string