feat: 防火墙查询
This commit is contained in:
TsMask
82
features/firewall/api_firewall.go
Normal file
82
features/firewall/api_firewall.go
Normal file
@@ -0,0 +1,82 @@
|
||||
package firewall
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"ems.agt/features/firewall/model"
|
||||
"ems.agt/features/firewall/service"
|
||||
"ems.agt/lib/core/utils/ctx"
|
||||
"ems.agt/lib/core/vo/result"
|
||||
"ems.agt/lib/services"
|
||||
"ems.agt/restagent/config"
|
||||
)
|
||||
|
||||
// 防火墙管理接口添加到路由
|
||||
func Routers() []services.RouterItem {
|
||||
// 实例化控制层 FirewallApi 结构体
|
||||
var apis = &FirewallApi{
|
||||
firewallService: *service.NewServiceFirewall,
|
||||
}
|
||||
|
||||
rs := [...]services.RouterItem{
|
||||
{
|
||||
Method: "GET",
|
||||
Pattern: "/base",
|
||||
Handler: apis.BaseInfo,
|
||||
Middleware: nil, //midware.Authorize(nil),
|
||||
},
|
||||
// 添加更多的 Router 对象...
|
||||
}
|
||||
|
||||
// 生成两组前缀路由
|
||||
rsPrefix := []services.RouterItem{}
|
||||
for _, v := range rs {
|
||||
path := "/firewallManage/{apiVersion}" + v.Pattern
|
||||
// 固定前缀
|
||||
v.Pattern = config.DefaultUriPrefix + path
|
||||
rsPrefix = append(rsPrefix, v)
|
||||
// 可配置
|
||||
v.Pattern = config.UriPrefix + path
|
||||
rsPrefix = append(rsPrefix, v)
|
||||
}
|
||||
return rsPrefix
|
||||
}
|
||||
|
||||
// 防火墙管理
|
||||
//
|
||||
// PATH /firewallManage
|
||||
type FirewallApi struct {
|
||||
firewallService service.ServiceFirewall
|
||||
}
|
||||
|
||||
// 获取防火墙基础信息
|
||||
//
|
||||
// GET /base
|
||||
func (s *FirewallApi) BaseInfo(w http.ResponseWriter, r *http.Request) {
|
||||
data, err := s.firewallService.LoadBaseInfo()
|
||||
if err != nil {
|
||||
ctx.JSON(w, 200, result.ErrMsg(err.Error()))
|
||||
return
|
||||
}
|
||||
|
||||
ctx.JSON(w, 200, result.OkData(data))
|
||||
}
|
||||
|
||||
// 获取防火墙规则列表分页
|
||||
//
|
||||
// GET /rule
|
||||
func (s *FirewallApi) Rule(w http.ResponseWriter, r *http.Request) {
|
||||
var body model.RuleQuerys
|
||||
err := ctx.ShouldBindJSON(r, &body)
|
||||
if err != nil || body.Type == "" {
|
||||
ctx.JSON(w, 400, result.CodeMsg(400, "参数错误"))
|
||||
return
|
||||
}
|
||||
data, err := s.firewallService.RulePage(body)
|
||||
if err != nil {
|
||||
ctx.JSON(w, 400, result.ErrMsg(err.Error()))
|
||||
return
|
||||
}
|
||||
|
||||
ctx.JSON(w, 200, result.OkData(data))
|
||||
}
|
||||
10
features/firewall/model/firewall.go
Normal file
10
features/firewall/model/firewall.go
Normal file
@@ -0,0 +1,10 @@
|
||||
package model
|
||||
|
||||
type Firewall struct {
|
||||
Type string `json:"type" xorm:"type"`
|
||||
Port string `json:"port" xorm:"port"`
|
||||
Protocol string `json:"protocol" xorm:"protocol"`
|
||||
Address string `json:"address" xorm:"address"`
|
||||
Strategy string `json:"strategy" xorm:"strategy"`
|
||||
Description string `json:"description" xorm:"description"`
|
||||
}
|
||||
64
features/firewall/model/firewall_vo.go
Normal file
64
features/firewall/model/firewall_vo.go
Normal file
@@ -0,0 +1,64 @@
|
||||
package model
|
||||
|
||||
type FirewallBaseInfo struct {
|
||||
Name string `json:"name"`
|
||||
Status string `json:"status"`
|
||||
Version string `json:"version"`
|
||||
PingStatus string `json:"pingStatus"`
|
||||
}
|
||||
|
||||
type RuleQuerys struct {
|
||||
PageNum int `json:"pageNum" validate:"required,number"`
|
||||
PageSize int `json:"pageSize" validate:"required,number"`
|
||||
Info string `json:"info"`
|
||||
Status string `json:"status"`
|
||||
Strategy string `json:"strategy"`
|
||||
Type string `json:"type" validate:"required"`
|
||||
}
|
||||
|
||||
type FirewallOperation struct {
|
||||
Operation string `json:"operation" validate:"required,oneof=start stop disablePing enablePing"`
|
||||
}
|
||||
|
||||
type PortRuleOperate struct {
|
||||
Operation string `json:"operation" validate:"required,oneof=add remove"`
|
||||
Address string `json:"address"`
|
||||
Port string `json:"port" validate:"required"`
|
||||
Protocol string `json:"protocol" validate:"required,oneof=tcp udp tcp/udp"`
|
||||
Strategy string `json:"strategy" validate:"required,oneof=accept drop"`
|
||||
|
||||
Description string `json:"description"`
|
||||
}
|
||||
|
||||
type UpdateFirewallDescription struct {
|
||||
Type string `json:"type"`
|
||||
Address string `json:"address"`
|
||||
Port string `json:"port"`
|
||||
Protocol string `json:"protocol"`
|
||||
Strategy string `json:"strategy" validate:"required,oneof=accept drop"`
|
||||
|
||||
Description string `json:"description"`
|
||||
}
|
||||
|
||||
type AddrRuleOperate struct {
|
||||
Operation string `json:"operation" validate:"required,oneof=add remove"`
|
||||
Address string `json:"address" validate:"required"`
|
||||
Strategy string `json:"strategy" validate:"required,oneof=accept drop"`
|
||||
|
||||
Description string `json:"description"`
|
||||
}
|
||||
|
||||
type PortRuleUpdate struct {
|
||||
OldRule PortRuleOperate `json:"oldRule"`
|
||||
NewRule PortRuleOperate `json:"newRule"`
|
||||
}
|
||||
|
||||
type AddrRuleUpdate struct {
|
||||
OldRule AddrRuleOperate `json:"oldRule"`
|
||||
NewRule AddrRuleOperate `json:"newRule"`
|
||||
}
|
||||
|
||||
type BatchRuleOperate struct {
|
||||
Type string `json:"type" validate:"required"`
|
||||
Rules []PortRuleOperate `json:"rules"`
|
||||
}
|
||||
186
features/firewall/service/service_firewall.go
Normal file
186
features/firewall/service/service_firewall.go
Normal file
@@ -0,0 +1,186 @@
|
||||
package service
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
"ems.agt/features/firewall/model"
|
||||
"ems.agt/lib/core/cmd"
|
||||
"ems.agt/lib/core/utils/firewall"
|
||||
fireClient "ems.agt/lib/core/utils/firewall/client"
|
||||
"ems.agt/lib/core/utils/scan"
|
||||
)
|
||||
|
||||
// 实例化服务层 ServiceFirewall 结构体
|
||||
var NewServiceFirewall = &ServiceFirewall{}
|
||||
|
||||
// ServiceFirewall 防火墙 服务层处理
|
||||
type ServiceFirewall struct {
|
||||
}
|
||||
|
||||
// LoadBaseInfo 获取防火墙基础信息
|
||||
func (s *ServiceFirewall) LoadBaseInfo() (model.FirewallBaseInfo, error) {
|
||||
var baseInfo model.FirewallBaseInfo
|
||||
baseInfo.PingStatus = s.pingStatus()
|
||||
baseInfo.Status = "not running"
|
||||
baseInfo.Version = "-"
|
||||
baseInfo.Name = "-"
|
||||
client, err := firewall.NewFirewallClient()
|
||||
if err != nil {
|
||||
if err.Error() == "no such type" {
|
||||
return baseInfo, nil
|
||||
}
|
||||
return baseInfo, err
|
||||
}
|
||||
baseInfo.Name = client.Name()
|
||||
baseInfo.Status, err = client.Status()
|
||||
if err != nil {
|
||||
return baseInfo, err
|
||||
}
|
||||
if baseInfo.Status == "not running" {
|
||||
return baseInfo, err
|
||||
}
|
||||
baseInfo.Version, err = client.Version()
|
||||
if err != nil {
|
||||
return baseInfo, err
|
||||
}
|
||||
return baseInfo, nil
|
||||
}
|
||||
|
||||
// LoadBaseInfo 获取防火墙基础信息
|
||||
func (s *ServiceFirewall) RulePage(querys model.RuleQuerys) (map[string]any, error) {
|
||||
var (
|
||||
datas []fireClient.FireInfo
|
||||
backDatas []fireClient.FireInfo
|
||||
)
|
||||
|
||||
data := map[string]any{
|
||||
"total": 0,
|
||||
"rows": backDatas,
|
||||
}
|
||||
|
||||
client, err := firewall.NewFirewallClient()
|
||||
if err != nil {
|
||||
return data, err
|
||||
}
|
||||
if querys.Type == "port" {
|
||||
ports, err := client.ListPort()
|
||||
if err != nil {
|
||||
return data, err
|
||||
}
|
||||
if len(querys.Info) != 0 {
|
||||
for _, port := range ports {
|
||||
if strings.Contains(port.Port, querys.Info) {
|
||||
datas = append(datas, port)
|
||||
}
|
||||
}
|
||||
} else {
|
||||
datas = ports
|
||||
}
|
||||
} else {
|
||||
addrs, err := client.ListAddress()
|
||||
if err != nil {
|
||||
return data, err
|
||||
}
|
||||
if len(querys.Info) != 0 {
|
||||
for _, addr := range addrs {
|
||||
if strings.Contains(addr.Address, querys.Info) {
|
||||
datas = append(datas, addr)
|
||||
}
|
||||
}
|
||||
} else {
|
||||
datas = addrs
|
||||
}
|
||||
}
|
||||
|
||||
var datasFilterStatus []fireClient.FireInfo
|
||||
if len(querys.Status) != 0 {
|
||||
for _, data := range datas {
|
||||
portItem, _ := strconv.Atoi(data.Port)
|
||||
if querys.Status == "free" && !scan.ScanPortWithProto(portItem, data.Protocol) {
|
||||
datasFilterStatus = append(datasFilterStatus, data)
|
||||
}
|
||||
if querys.Status == "used" && scan.ScanPortWithProto(portItem, data.Protocol) {
|
||||
datasFilterStatus = append(datasFilterStatus, data)
|
||||
}
|
||||
}
|
||||
} else {
|
||||
datasFilterStatus = datas
|
||||
}
|
||||
var datasFilterStrategy []fireClient.FireInfo
|
||||
if len(querys.Strategy) != 0 {
|
||||
for _, data := range datasFilterStatus {
|
||||
if querys.Strategy == data.Strategy {
|
||||
datasFilterStrategy = append(datasFilterStrategy, data)
|
||||
}
|
||||
}
|
||||
} else {
|
||||
datasFilterStrategy = datasFilterStatus
|
||||
}
|
||||
|
||||
total, start, end := len(datasFilterStrategy), (querys.PageNum-1)*querys.PageSize, querys.PageNum*querys.PageSize
|
||||
if start > total {
|
||||
backDatas = make([]fireClient.FireInfo, 0)
|
||||
} else {
|
||||
if end >= total {
|
||||
end = total
|
||||
}
|
||||
backDatas = datasFilterStrategy[start:end]
|
||||
}
|
||||
|
||||
// datasFromDB, _ := hostRepo.ListFirewallRecord()
|
||||
for i := 0; i < len(backDatas); i++ {
|
||||
// for _, des := range datasFromDB {
|
||||
// if querys.Type != des.Type {
|
||||
// continue
|
||||
// }
|
||||
// if backDatas[i].Port == des.Port && querys.Type == "port" &&
|
||||
// backDatas[i].Protocol == des.Protocol &&
|
||||
// backDatas[i].Strategy == des.Strategy &&
|
||||
// backDatas[i].Address == des.Address {
|
||||
// backDatas[i].Description = des.Description
|
||||
// break
|
||||
// }
|
||||
// if querys.Type == "address" && backDatas[i].Strategy == des.Strategy && backDatas[i].Address == des.Address {
|
||||
// backDatas[i].Description = des.Description
|
||||
// break
|
||||
// }
|
||||
// }
|
||||
}
|
||||
|
||||
// if req.Type == "port" {
|
||||
// apps := u.loadPortByApp()
|
||||
// for i := 0; i < len(backDatas); i++ {
|
||||
// port, _ := strconv.Atoi(backDatas[i].Port)
|
||||
// backDatas[i].IsUsed = common.ScanPort(port)
|
||||
// if backDatas[i].Protocol == "udp" {
|
||||
// backDatas[i].IsUsed = common.ScanUDPPort(port)
|
||||
// continue
|
||||
// }
|
||||
// for _, app := range apps {
|
||||
// if app.HttpPort == backDatas[i].Port || app.HttpsPort == backDatas[i].Port {
|
||||
// backDatas[i].APPName = app.AppName
|
||||
// break
|
||||
// }
|
||||
// }
|
||||
// }
|
||||
// }
|
||||
// go u.cleanUnUsedData(client)
|
||||
|
||||
return data, nil
|
||||
}
|
||||
|
||||
func (s *ServiceFirewall) pingStatus() string {
|
||||
if _, err := os.Stat("/etc/sysctl.conf"); err != nil {
|
||||
return "None"
|
||||
}
|
||||
sudo := cmd.SudoHandleCmd()
|
||||
command := fmt.Sprintf("%s cat /etc/sysctl.conf | grep net/ipv4/icmp_echo_ignore_all= ", sudo)
|
||||
stdout, _ := cmd.Exec(command)
|
||||
if stdout == "net/ipv4/icmp_echo_ignore_all=1\n" {
|
||||
return "Enable"
|
||||
}
|
||||
return "Disable"
|
||||
}
|
||||
Reference in New Issue
Block a user