IP名单新增IPv6和所有IP两种类型

This commit is contained in:
GoEdgeLab
2021-02-02 15:25:11 +08:00
parent cf196915e4
commit 21570f4e42
25 changed files with 681 additions and 322 deletions

View File

@@ -2,18 +2,42 @@ package utils
import (
"encoding/binary"
"math/big"
"net"
"regexp"
"strings"
)
// 将IP转换为整型
func IP2Long(ip string) uint32 {
func IP2Long(ip string) uint64 {
s := net.ParseIP(ip)
if s == nil {
if len(s) != 16 {
return 0
}
if len(s) == 16 {
return binary.BigEndian.Uint32(s[12:16])
if strings.Contains(ip, ":") { // IPv6
bigInt := big.NewInt(0)
bigInt.SetBytes(s.To16())
return bigInt.Uint64()
}
return binary.BigEndian.Uint32(s)
return uint64(binary.BigEndian.Uint32(s.To4()))
}
// 判断是否为IPv4
func IsIPv4(ip string) bool {
if !regexp.MustCompile(`^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$`).MatchString(ip) {
return false
}
if IP2Long(ip) == 0 {
return false
}
return true
}
// 判断是否为IPv6
func IsIPv6(ip string) bool {
if !strings.Contains(ip, ":") {
return false
}
return len(net.ParseIP(ip)) == net.IPv6len
}

View File

@@ -0,0 +1,85 @@
package utils
import (
"testing"
)
func TestIP2Long(t *testing.T) {
for _, ip := range []string{
"0.0.0.1",
"0.0.0.2",
"127.0.0.1",
"192.0.0.2",
"255.255.255.255",
"2001:db8:0:1::101",
"2001:db8:0:1::102",
"2406:8c00:0:3409:133:18:203:0",
"2406:8c00:0:3409:133:18:203:158",
"2406:8c00:0:3409:133:18:203:159",
"2406:8c00:0:3409:133:18:203:160",
} {
t.Log(ip, " -> ", IP2Long(ip))
}
}
func TestIsIPv4(t *testing.T) {
type testIP struct {
ip string
ok bool
}
for _, item := range []testIP{
{
ip: "1",
ok: false,
},
{
ip: "192.168.0.1",
ok: true,
},
{
ip: "1.1.0.1",
ok: true,
},
{
ip: "255.255.255.255",
ok: true,
},
{
ip: "192.168.0.1233",
ok: false,
},
} {
if IsIPv4(item.ip) != item.ok {
t.Fatal(item.ip, "should be", item.ok)
}
}
}
func TestIsIPv6(t *testing.T) {
type testIP struct {
ip string
ok bool
}
for _, item := range []testIP{
{
ip: "1",
ok: false,
},
{
ip: "2406:8c00:0:3409:133:18:203:158",
ok: true,
},
{
ip: "2406::8c00:0:3409:133:18:203:158",
ok: false,
},
{
ip: "2001:db8:0:1::101",
ok: true,
},
} {
if IsIPv6(item.ip) != item.ok {
t.Fatal(item.ip, "should be", item.ok)
}
}
}

View File

@@ -21,7 +21,7 @@ func (this *CreateIPPopupAction) RunGet(params struct {
FirewallPolicyId int64
Type string
}) {
this.Data["type"] = params.Type
this.Data["listType"] = params.Type
listId, err := dao.SharedHTTPFirewallPolicyDAO.FindEnabledPolicyIPListIdWithType(this.AdminContext(), params.FirewallPolicyId, params.Type)
if err != nil {
@@ -40,33 +40,46 @@ func (this *CreateIPPopupAction) RunPost(params struct {
IpTo string
ExpiredAt int64
Reason string
Type string
Must *actions.Must
CSRF *actionutils.CSRF
}) {
// TODO 校验ListId所属用户
params.Must.
Field("ipFrom", params.IpFrom).
Require("请输入开始IP")
switch params.Type {
case "ipv4":
params.Must.
Field("ipFrom", params.IpFrom).
Require("请输入开始IP")
// 校验IP格式ipFrom/ipTo
ipFromLong := utils.IP2Long(params.IpFrom)
if len(params.IpFrom) > 0 {
if ipFromLong == 0 {
// 校验IP格式ipFrom/ipTo
var ipFromLong uint64
if !utils.IsIPv4(params.IpFrom) {
this.Fail("请输入正确的开始IP")
}
}
ipFromLong = utils.IP2Long(params.IpFrom)
ipToLong := utils.IP2Long(params.IpTo)
if len(params.IpTo) > 0 {
if ipToLong == 0 {
var ipToLong uint64
if len(params.IpTo) > 0 && !utils.IsIPv4(params.IpTo) {
ipToLong = utils.IP2Long(params.IpTo)
this.Fail("请输入正确的结束IP")
}
}
if ipFromLong > 0 && ipToLong > 0 && ipFromLong > ipToLong {
params.IpTo, params.IpFrom = params.IpFrom, params.IpTo
if ipFromLong > 0 && ipToLong > 0 && ipFromLong > ipToLong {
params.IpTo, params.IpFrom = params.IpFrom, params.IpTo
}
case "ipv6":
params.Must.
Field("ipFrom", params.IpFrom).
Require("请输入IP")
// 校验IP格式ipFrom
if !utils.IsIPv6(params.IpFrom) {
this.Fail("请输入正确的IPv6地址")
}
case "all":
params.IpFrom = "0.0.0.0"
}
createResp, err := this.RPC().IPItemRPC().CreateIPItem(this.AdminContext(), &pb.CreateIPItemRequest{
@@ -75,6 +88,7 @@ func (this *CreateIPPopupAction) RunPost(params struct {
IpTo: params.IpTo,
ExpiredAt: params.ExpiredAt,
Reason: params.Reason,
Type: params.Type,
})
if err != nil {
this.ErrorPage(err)

View File

@@ -63,6 +63,7 @@ func (this *ListsAction) RunGet(params struct {
"ipTo": item.IpTo,
"expiredTime": expiredTime,
"reason": item.Reason,
"type": item.Type,
})
}
this.Data["items"] = itemMaps

View File

@@ -37,8 +37,11 @@ func (this *UpdateIPPopupAction) RunGet(params struct {
"ipTo": item.IpTo,
"expiredAt": item.ExpiredAt,
"reason": item.Reason,
"type": item.Type,
}
this.Data["type"] = item.Type
this.Show()
}
@@ -50,6 +53,7 @@ func (this *UpdateIPPopupAction) RunPost(params struct {
IpTo string
ExpiredAt int64
Reason string
Type string
Must *actions.Must
CSRF *actionutils.CSRF
@@ -59,27 +63,39 @@ func (this *UpdateIPPopupAction) RunPost(params struct {
// TODO 校验ItemId所属用户
params.Must.
Field("ipFrom", params.IpFrom).
Require("请输入开始IP")
switch params.Type {
case "ipv4":
params.Must.
Field("ipFrom", params.IpFrom).
Require("请输入开始IP")
// 校验IP格式ipFrom/ipTo
ipFromLong := utils.IP2Long(params.IpFrom)
if len(params.IpFrom) > 0 {
if ipFromLong == 0 {
// 校验IP格式ipFrom/ipTo
var ipFromLong uint64
if !utils.IsIPv4(params.IpFrom) {
this.Fail("请输入正确的开始IP")
}
}
ipFromLong = utils.IP2Long(params.IpFrom)
ipToLong := utils.IP2Long(params.IpTo)
if len(params.IpTo) > 0 {
if ipToLong == 0 {
var ipToLong uint64
if len(params.IpTo) > 0 && !utils.IsIPv4(params.IpTo) {
ipToLong = utils.IP2Long(params.IpTo)
this.Fail("请输入正确的结束IP")
}
}
if ipFromLong > 0 && ipToLong > 0 && ipFromLong > ipToLong {
params.IpTo, params.IpFrom = params.IpFrom, params.IpTo
if ipFromLong > 0 && ipToLong > 0 && ipFromLong > ipToLong {
params.IpTo, params.IpFrom = params.IpFrom, params.IpTo
}
case "ipv6":
params.Must.
Field("ipFrom", params.IpFrom).
Require("请输入IP")
// 校验IP格式ipFrom
if !utils.IsIPv6(params.IpFrom) {
this.Fail("请输入正确的IPv6地址")
}
case "all":
params.IpFrom = "0.0.0.0"
}
_, err := this.RPC().IPItemRPC().UpdateIPItem(this.AdminContext(), &pb.UpdateIPItemRequest{
@@ -88,6 +104,7 @@ func (this *UpdateIPPopupAction) RunPost(params struct {
IpTo: params.IpTo,
ExpiredAt: params.ExpiredAt,
Reason: params.Reason,
Type: params.Type,
})
if err != nil {
this.ErrorPage(err)

View File

@@ -16,6 +16,7 @@ func (this *GroupsAction) Init() {
}
func (this *GroupsAction) RunGet(params struct {
ServerId int64
FirewallPolicyId int64
Type string
}) {
@@ -70,5 +71,13 @@ func (this *GroupsAction) RunGet(params struct {
this.Data["groups"] = groupMaps
// WAF是否启用
webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerId(this.AdminContext(), params.ServerId)
if err != nil {
this.ErrorPage(err)
return
}
this.Data["wafIsOn"] = webConfig.FirewallRef != nil && webConfig.FirewallRef.IsOn
this.Show()
}

View File

@@ -6,6 +6,7 @@ import (
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
"github.com/iwind/TeaGo/maps"
timeutil "github.com/iwind/TeaGo/utils/time"
"time"
)
type AllowListAction struct {
@@ -74,9 +75,19 @@ func (this *AllowListAction) RunGet(params struct {
"ipTo": item.IpTo,
"expiredTime": expiredTime,
"reason": item.Reason,
"type": item.Type,
"isExpired": item.ExpiredAt > 0 && item.ExpiredAt < time.Now().Unix(),
})
}
this.Data["items"] = itemMaps
// WAF是否启用
webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerId(this.AdminContext(), params.ServerId)
if err != nil {
this.ErrorPage(err)
return
}
this.Data["wafIsOn"] = webConfig.FirewallRef != nil && webConfig.FirewallRef.IsOn
this.Show()
}

View File

@@ -20,7 +20,7 @@ func (this *CreateIPPopupAction) RunGet(params struct {
ListId int64
Type string
}) {
this.Data["type"] = params.Type
this.Data["listType"] = params.Type
this.Data["listId"] = params.ListId
this.Show()
@@ -32,33 +32,46 @@ func (this *CreateIPPopupAction) RunPost(params struct {
IpTo string
ExpiredAt int64
Reason string
Type string
Must *actions.Must
CSRF *actionutils.CSRF
}) {
// TODO 校验ListId所属用户
params.Must.
Field("ipFrom", params.IpFrom).
Require("请输入开始IP")
switch params.Type {
case "ipv4":
params.Must.
Field("ipFrom", params.IpFrom).
Require("请输入开始IP")
// 校验IP格式ipFrom/ipTo
ipFromLong := utils.IP2Long(params.IpFrom)
if len(params.IpFrom) > 0 {
if ipFromLong == 0 {
// 校验IP格式ipFrom/ipTo
var ipFromLong uint64
if !utils.IsIPv4(params.IpFrom) {
this.Fail("请输入正确的开始IP")
}
}
ipFromLong = utils.IP2Long(params.IpFrom)
ipToLong := utils.IP2Long(params.IpTo)
if len(params.IpTo) > 0 {
if ipToLong == 0 {
var ipToLong uint64
if len(params.IpTo) > 0 && !utils.IsIPv4(params.IpTo) {
ipToLong = utils.IP2Long(params.IpTo)
this.Fail("请输入正确的结束IP")
}
}
if ipFromLong > 0 && ipToLong > 0 && ipFromLong > ipToLong {
params.IpTo, params.IpFrom = params.IpFrom, params.IpTo
if ipFromLong > 0 && ipToLong > 0 && ipFromLong > ipToLong {
params.IpTo, params.IpFrom = params.IpFrom, params.IpTo
}
case "ipv6":
params.Must.
Field("ipFrom", params.IpFrom).
Require("请输入IP")
// 校验IP格式ipFrom
if !utils.IsIPv6(params.IpFrom) {
this.Fail("请输入正确的IPv6地址")
}
case "all":
params.IpFrom = "0.0.0.0"
}
createResp, err := this.RPC().IPItemRPC().CreateIPItem(this.AdminContext(), &pb.CreateIPItemRequest{
@@ -67,6 +80,7 @@ func (this *CreateIPPopupAction) RunPost(params struct {
IpTo: params.IpTo,
ExpiredAt: params.ExpiredAt,
Reason: params.Reason,
Type: params.Type,
})
if err != nil {
this.ErrorPage(err)

View File

@@ -6,6 +6,7 @@ import (
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
"github.com/iwind/TeaGo/maps"
timeutil "github.com/iwind/TeaGo/utils/time"
"time"
)
type DenyListAction struct {
@@ -74,9 +75,19 @@ func (this *DenyListAction) RunGet(params struct {
"ipTo": item.IpTo,
"expiredTime": expiredTime,
"reason": item.Reason,
"type": item.Type,
"isExpired": item.ExpiredAt > 0 && item.ExpiredAt < time.Now().Unix(),
})
}
this.Data["items"] = itemMaps
// WAF是否启用
webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerId(this.AdminContext(), params.ServerId)
if err != nil {
this.ErrorPage(err)
return
}
this.Data["wafIsOn"] = webConfig.FirewallRef != nil && webConfig.FirewallRef.IsOn
this.Show()
}

View File

@@ -37,8 +37,11 @@ func (this *UpdateIPPopupAction) RunGet(params struct {
"ipTo": item.IpTo,
"expiredAt": item.ExpiredAt,
"reason": item.Reason,
"type": item.Type,
}
this.Data["type"] = item.Type
this.Show()
}
@@ -49,6 +52,7 @@ func (this *UpdateIPPopupAction) RunPost(params struct {
IpTo string
ExpiredAt int64
Reason string
Type string
Must *actions.Must
CSRF *actionutils.CSRF
@@ -58,27 +62,39 @@ func (this *UpdateIPPopupAction) RunPost(params struct {
// TODO 校验ItemId所属用户
params.Must.
Field("ipFrom", params.IpFrom).
Require("请输入开始IP")
switch params.Type {
case "ipv4":
params.Must.
Field("ipFrom", params.IpFrom).
Require("请输入开始IP")
// 校验IP格式ipFrom/ipTo
ipFromLong := utils.IP2Long(params.IpFrom)
if len(params.IpFrom) > 0 {
if ipFromLong == 0 {
// 校验IP格式ipFrom/ipTo
var ipFromLong uint64
if !utils.IsIPv4(params.IpFrom) {
this.Fail("请输入正确的开始IP")
}
}
ipFromLong = utils.IP2Long(params.IpFrom)
ipToLong := utils.IP2Long(params.IpTo)
if len(params.IpTo) > 0 {
if ipToLong == 0 {
var ipToLong uint64
if len(params.IpTo) > 0 && !utils.IsIPv4(params.IpTo) {
ipToLong = utils.IP2Long(params.IpTo)
this.Fail("请输入正确的结束IP")
}
}
if ipFromLong > 0 && ipToLong > 0 && ipFromLong > ipToLong {
params.IpTo, params.IpFrom = params.IpFrom, params.IpTo
if ipFromLong > 0 && ipToLong > 0 && ipFromLong > ipToLong {
params.IpTo, params.IpFrom = params.IpFrom, params.IpTo
}
case "ipv6":
params.Must.
Field("ipFrom", params.IpFrom).
Require("请输入IP")
// 校验IP格式ipFrom
if !utils.IsIPv6(params.IpFrom) {
this.Fail("请输入正确的IPv6地址")
}
case "all":
params.IpFrom = "0.0.0.0"
}
_, err := this.RPC().IPItemRPC().UpdateIPItem(this.AdminContext(), &pb.UpdateIPItemRequest{
@@ -87,6 +103,7 @@ func (this *UpdateIPPopupAction) RunPost(params struct {
IpTo: params.IpTo,
ExpiredAt: params.ExpiredAt,
Reason: params.Reason,
Type: params.Type,
})
if err != nil {
this.ErrorPage(err)