WAF策略日志也加入地域信息

internal/const/const.go

@@ -1,7 +1,7 @@
 package teaconst
 
 const (
-	Version = "0.0.8"
+	Version = "0.0.9"
 
 	ProductName   = "Edge Admin"
 	ProcessName   = "edge-admin"

internal/rpc/rpc_client.go

@@ -107,6 +107,10 @@ func (this *RPCClient) DBNodeRPC() pb.DBNodeServiceClient {
 	return pb.NewDBNodeServiceClient(this.pickConn())
 }
 
+func (this *RPCClient) DBRPC() pb.DBServiceClient {
+	return pb.NewDBServiceClient(this.pickConn())
+}
+
 func (this *RPCClient) OriginRPC() pb.OriginServiceClient {
 	return pb.NewOriginServiceClient(this.pickConn())
 }

internal/utils/numberutils/utils.go

@@ -1,6 +1,9 @@
 package numberutils
 
-import "strconv"
+import (
+	"fmt"
+	"strconv"
+)
 
 func FormatInt64(value int64) string {
 	return strconv.FormatInt(value, 10)
@@ -9,3 +12,17 @@ func FormatInt64(value int64) string {
 func FormatInt(value int) string {
 	return strconv.Itoa(value)
 }
+
+func FormatBytes(bytes int64) string {
+	if bytes < 1024 {
+		return FormatInt64(bytes) + "B"
+	} else if bytes < 1024*1024 {
+		return fmt.Sprintf("%.2fK", float64(bytes)/1024)
+	} else if bytes < 1024*1024*1024 {
+		return fmt.Sprintf("%.2fM", float64(bytes)/1024/1024)
+	} else if bytes < 1024*1024*1024*1024 {
+		return fmt.Sprintf("%.2fG", float64(bytes)/1024/1024/1024)
+	} else {
+		return fmt.Sprintf("%.2fP", float64(bytes)/1024/1024/1024/1024)
+	}
+}

internal/web/actions/default/db/cleanPopup.go

@@ -0,0 +1,56 @@
+package db
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/utils/numberutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type CleanPopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *CleanPopupAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *CleanPopupAction) RunGet(params struct {
+	NodeId int64
+}) {
+	this.Data["nodeId"] = params.NodeId
+
+	this.Show()
+}
+
+func (this *CleanPopupAction) RunPost(params struct {
+	NodeId int64
+
+	Must *actions.Must
+}) {
+	tablesResp, err := this.RPC().DBNodeRPC().FindAllDBNodeTables(this.AdminContext(), &pb.FindAllDBNodeTablesRequest{
+		DbNodeId: params.NodeId,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	tableMaps := []maps.Map{}
+	for _, table := range tablesResp.DbNodeTables {
+		if !table.IsBaseTable || (!table.CanClean && !table.CanDelete) {
+			continue
+		}
+		tableMaps = append(tableMaps, maps.Map{
+			"name":      table.Name,
+			"rows":      table.Rows,
+			"size":      numberutils.FormatBytes(table.DataLength + table.IndexLength),
+			"canDelete": table.CanDelete,
+			"canClean":  table.CanClean,
+			"comment":   table.Comment,
+		})
+	}
+	this.Data["tables"] = tableMaps
+	this.Success()
+}

internal/web/actions/default/db/createPopup.go

@@ -62,7 +62,7 @@ func (this *CreatePopupAction) RunPost(params struct {
 	}
 
 	// 创建日志
-	defer this.CreateLog(oplogs.LevelInfo, "创建数据库节点 %d", createResp.NodeId)
+	defer this.CreateLog(oplogs.LevelInfo, "创建数据库节点 %d", createResp.DbNodeId)
 
 	this.Success()
 }

internal/web/actions/default/db/delete.go

@@ -16,7 +16,7 @@ func (this *DeleteAction) RunPost(params struct {
 	// 创建日志
 	defer this.CreateLog(oplogs.LevelInfo, "删除数据库节点 %d", params.NodeId)
 
-	_, err := this.RPC().DBNodeRPC().DeleteDBNode(this.AdminContext(), &pb.DeleteDBNodeRequest{NodeId: params.NodeId})
+	_, err := this.RPC().DBNodeRPC().DeleteDBNode(this.AdminContext(), &pb.DeleteDBNodeRequest{DbNodeId: params.NodeId})
 	if err != nil {
 		this.ErrorPage(err)
 		return

internal/web/actions/default/db/deleteTable.go

@@ -0,0 +1,27 @@
+package db
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+)
+
+type DeleteTableAction struct {
+	actionutils.ParentAction
+}
+
+func (this *DeleteTableAction) RunPost(params struct {
+	NodeId int64
+	Table  string
+}) {
+	defer this.CreateLogInfo("删除数据库节点 %d 数据表 %s", params.NodeId, params.Table)
+
+	_, err := this.RPC().DBNodeRPC().DeleteDBNodeTable(this.AdminContext(), &pb.DeleteDBNodeTableRequest{
+		DbNodeId:    params.NodeId,
+		DbNodeTable: params.Table,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Success()
+}

internal/web/actions/default/db/index.go

@@ -1,6 +1,7 @@
 package db
 
 import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/utils/numberutils"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/iwind/TeaGo/maps"
@@ -32,7 +33,7 @@ func (this *IndexAction) RunGet(params struct{}) {
 		return
 	}
 	nodeMaps := []maps.Map{}
-	for _, node := range listResp.Nodes {
+	for _, node := range listResp.DbNodes {
 		nodeMaps = append(nodeMaps, maps.Map{
 			"id":       node.Id,
 			"isOn":     node.IsOn,
@@ -40,6 +41,11 @@ func (this *IndexAction) RunGet(params struct{}) {
 			"host":     node.Host,
 			"port":     node.Port,
 			"database": node.Database,
+			"status": maps.Map{
+				"isOk":  node.Status.IsOk,
+				"error": node.Status.Error,
+				"size":  numberutils.FormatBytes(node.Status.Size),
+			},
 		})
 	}
 

internal/web/actions/default/db/init.go

@@ -18,6 +18,9 @@ func init() {
 			GetPost("/createPopup", new(CreatePopupAction)).
 			GetPost("/updatePopup", new(UpdatePopupAction)).
 			Post("/delete", new(DeleteAction)).
+			GetPost("/cleanPopup", new(CleanPopupAction)).
+			Post("/deleteTable", new(DeleteTableAction)).
+			Post("/truncateTable", new(TruncateTableAction)).
 
 			EndAll()
 	})

internal/web/actions/default/db/truncateTable.go

@@ -0,0 +1,27 @@
+package db
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+)
+
+type TruncateTableAction struct {
+	actionutils.ParentAction
+}
+
+func (this *TruncateTableAction) RunPost(params struct {
+	NodeId int64
+	Table  string
+}) {
+	defer this.CreateLogInfo("清空数据库节点 %d 数据表 %s 数据", params.NodeId, params.Table)
+
+	_, err := this.RPC().DBNodeRPC().TruncateDBNodeTable(this.AdminContext(), &pb.TruncateDBNodeTableRequest{
+		DbNodeId:    params.NodeId,
+		DbNodeTable: params.Table,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Success()
+}

internal/web/actions/default/db/updatePopup.go

@@ -19,13 +19,13 @@ func (this *UpdatePopupAction) Init() {
 func (this *UpdatePopupAction) RunGet(params struct {
 	NodeId int64
 }) {
-	nodeResp, err := this.RPC().DBNodeRPC().FindEnabledDBNode(this.AdminContext(), &pb.FindEnabledDBNodeRequest{NodeId: params.NodeId})
+	nodeResp, err := this.RPC().DBNodeRPC().FindEnabledDBNode(this.AdminContext(), &pb.FindEnabledDBNodeRequest{DbNodeId: params.NodeId})
 	if err != nil {
 		this.ErrorPage(err)
 		return
 	}
 
-	node := nodeResp.Node
+	node := nodeResp.DbNode
 	if node == nil {
 		this.NotFound("dbNode", params.NodeId)
 		return
@@ -78,7 +78,7 @@ func (this *UpdatePopupAction) RunPost(params struct {
 		Require("请输入连接数据库的用户名")
 
 	_, err := this.RPC().DBNodeRPC().UpdateDBNode(this.AdminContext(), &pb.UpdateDBNodeRequest{
-		NodeId:      params.NodeId,
+		DbNodeId:    params.NodeId,
 		IsOn:        params.IsOn,
 		Name:        params.Name,
 		Description: params.Description,

internal/web/actions/default/servers/components/waf/log.go

@@ -5,6 +5,7 @@ import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/lists"
 	"github.com/iwind/TeaGo/maps"
 	timeutil "github.com/iwind/TeaGo/utils/time"
 	"regexp"
@@ -35,6 +36,7 @@ func (this *LogAction) RunGet(params struct {
 	this.Data["accessLogs"] = []interface{}{}
 
 	day := params.Day
+	ipList := []string{}
 	if len(day) > 0 && regexp.MustCompile(`\d{4}-\d{2}-\d{2}`).MatchString(day) {
 		day = strings.ReplaceAll(day, "-", "")
 		size := int64(10)
@@ -55,6 +57,13 @@ func (this *LogAction) RunGet(params struct {
 			this.Data["accessLogs"] = []interface{}{}
 		} else {
 			this.Data["accessLogs"] = resp.AccessLogs
+			for _, accessLog := range resp.AccessLogs {
+				if len(accessLog.RemoteAddr) > 0 {
+					if !lists.ContainsString(ipList, accessLog.RemoteAddr) {
+						ipList = append(ipList, accessLog.RemoteAddr)
+					}
+				}
+			}
 		}
 		this.Data["hasMore"] = resp.HasMore
 		this.Data["nextRequestId"] = resp.RequestId
@@ -106,5 +115,21 @@ func (this *LogAction) RunGet(params struct {
 	}
 	this.Data["groups"] = groupMaps
 
+	// 根据IP查询区域
+	regionMap := map[string]string{} // ip => region
+	if len(ipList) > 0 {
+		resp, err := this.RPC().IPLibraryRPC().LookupIPRegions(this.AdminContext(), &pb.LookupIPRegionsRequest{IpList: ipList})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		if resp.IpRegionMap != nil {
+			for ip, region := range resp.IpRegionMap {
+				regionMap[ip] = region.Summary
+			}
+		}
+	}
+	this.Data["regions"] = regionMap
+
 	this.Show()
 }

internal/web/actions/default/servers/server/settings/waf/group.go

@@ -0,0 +1,110 @@
+package waf
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/lists"
+	"github.com/iwind/TeaGo/maps"
+	"strconv"
+	"strings"
+)
+
+type GroupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *GroupAction) Init() {
+	this.Nav("", "setting", this.ParamString("type"))
+	this.SecondMenu("waf")
+}
+
+func (this *GroupAction) RunGet(params struct {
+	FirewallPolicyId int64
+	GroupId          int64
+	Type             string
+}) {
+	this.Data["type"] = params.Type
+	this.Data["firewallPolicyId"] = params.FirewallPolicyId
+
+	// policy
+	firewallPolicy, err := dao.SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if firewallPolicy == nil {
+		this.NotFound("firewallPolicy", params.FirewallPolicyId)
+		return
+	}
+
+	// group config
+	groupConfig, err := dao.SharedHTTPFirewallRuleGroupDAO.FindRuleGroupConfig(this.AdminContext(), params.GroupId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if groupConfig == nil {
+		this.NotFound("firewallRuleGroup", params.GroupId)
+		return
+	}
+
+	this.Data["group"] = groupConfig
+
+	// rule sets
+	this.Data["sets"] = lists.Map(groupConfig.Sets, func(k int, v interface{}) interface{} {
+		set := v.(*firewallconfigs.HTTPFirewallRuleSet)
+
+		// 动作说明
+		actionLinks := []maps.Map{}
+		if set.Action == firewallconfigs.HTTPFirewallActionGoGroup {
+			nextGroup := firewallPolicy.FindRuleGroup(set.ActionOptions.GetInt64("groupId"))
+			if nextGroup != nil {
+				actionLinks = append(actionLinks, maps.Map{
+					"name": nextGroup.Name,
+					"url":  "/servers/components/waf/group?firewallPolicyId=" + strconv.FormatInt(params.FirewallPolicyId, 10) + "&type=" + params.Type + "&groupId=" + strconv.FormatInt(nextGroup.Id, 10),
+				})
+			}
+		} else if set.Action == firewallconfigs.HTTPFirewallActionGoSet {
+			nextGroup := firewallPolicy.FindRuleGroup(set.ActionOptions.GetInt64("groupId"))
+			if nextGroup != nil {
+				actionLinks = append(actionLinks, maps.Map{
+					"name": nextGroup.Name,
+					"url":  "/servers/components/waf/group?firewallPolicyId=" + strconv.FormatInt(params.FirewallPolicyId, 10) + "&type=" + params.Type + "&groupId=" + strconv.FormatInt(nextGroup.Id, 10),
+				})
+
+				nextSet := nextGroup.FindRuleSet(set.ActionOptions.GetInt64("setId"))
+				if nextSet != nil {
+					actionLinks = append(actionLinks, maps.Map{
+						"name": nextSet.Name,
+						"url":  "/servers/components/waf/group?firewallPolicyId=" + strconv.FormatInt(params.FirewallPolicyId, 10) + "&type=" + params.Type + "&groupId=" + strconv.FormatInt(nextGroup.Id, 10),
+					})
+				}
+			}
+		}
+
+		return maps.Map{
+			"id":   set.Id,
+			"name": set.Name,
+			"rules": lists.Map(set.Rules, func(k int, v interface{}) interface{} {
+				rule := v.(*firewallconfigs.HTTPFirewallRule)
+				return maps.Map{
+					"param":             rule.Param,
+					"paramFilters":      rule.ParamFilters,
+					"operator":          rule.Operator,
+					"value":             rule.Value,
+					"isCaseInsensitive": rule.IsCaseInsensitive,
+					"isComposed":        firewallconfigs.CheckCheckpointIsComposed(rule.Prefix()),
+				}
+			}),
+			"isOn":          set.IsOn,
+			"action":        strings.ToUpper(set.Action),
+			"actionOptions": set.ActionOptions,
+			"actionName":    firewallconfigs.FindActionName(set.Action),
+			"actionLinks":   actionLinks,
+			"connector":     strings.ToUpper(set.Connector),
+		}
+	})
+
+	this.Show()
+}

internal/web/actions/default/servers/server/settings/waf/groups.go

@@ -0,0 +1,74 @@
+package waf
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type GroupsAction struct {
+	actionutils.ParentAction
+}
+
+func (this *GroupsAction) Init() {
+	this.Nav("", "setting", this.ParamString("type"))
+	this.SecondMenu("waf")
+}
+
+func (this *GroupsAction) RunGet(params struct {
+	FirewallPolicyId int64
+	Type             string
+}) {
+	this.Data["firewallPolicyId"] = params.FirewallPolicyId
+	this.Data["type"] = params.Type
+
+	firewallPolicy, err := dao.SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if firewallPolicy == nil {
+		this.NotFound("firewallPolicy", params.FirewallPolicyId)
+		return
+	}
+
+	groupMaps := []maps.Map{}
+
+	// inbound
+	if params.Type == "inbound" {
+		if firewallPolicy.Inbound != nil {
+			for _, g := range firewallPolicy.Inbound.Groups {
+				groupMaps = append(groupMaps, maps.Map{
+					"id":          g.Id,
+					"name":        g.Name,
+					"code":        g.Code,
+					"isOn":        g.IsOn,
+					"description": g.Description,
+					"countSets":   len(g.Sets),
+					"canDelete":   len(g.Code) == 0,
+				})
+			}
+		}
+	}
+
+	// outbound
+	if params.Type == "outbound" {
+		if firewallPolicy.Outbound != nil {
+			for _, g := range firewallPolicy.Outbound.Groups {
+				groupMaps = append(groupMaps, maps.Map{
+					"id":          g.Id,
+					"name":        g.Name,
+					"code":        g.Code,
+					"isOn":        g.IsOn,
+					"description": g.Description,
+					"countSets":   len(g.Sets),
+					"canDelete":   len(g.Code) == 0,
+				})
+			}
+		}
+	}
+
+	this.Data["groups"] = groupMaps
+
+	this.Show()
+}

internal/web/actions/default/servers/server/settings/waf/index.go

@@ -45,6 +45,18 @@ func (this *IndexAction) RunGet(params struct {
 		this.Data["firewallPolicy"] = nil
 	}
 
+	// 当前的Server独立设置
+	if webConfig.FirewallRef == nil || webConfig.FirewallRef.FirewallPolicyId == 0 {
+		firewallPolicyId, err := dao.SharedHTTPWebDAO.InitEmptyHTTPFirewallPolicy(this.AdminContext(), params.ServerId, webConfig.Id, webConfig.FirewallRef != nil && webConfig.FirewallRef.IsOn)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		this.Data["firewallPolicyId"] = firewallPolicyId
+	} else {
+		this.Data["firewallPolicyId"] = webConfig.FirewallRef.FirewallPolicyId
+	}
+
 	this.Show()
 }
 

internal/web/actions/default/servers/server/settings/waf/init.go

@@ -2,6 +2,7 @@ package waf
 
 import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/waf/ipadmin"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/serverutils"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
 	"github.com/iwind/TeaGo"
@@ -14,6 +15,17 @@ func init() {
 			Helper(serverutils.NewServerHelper()).
 			Prefix("/servers/server/settings/waf").
 			GetPost("", new(IndexAction)).
+			Get("/ipadmin/allowList", new(ipadmin.AllowListAction)).
+			Get("/ipadmin/denyList", new(ipadmin.DenyListAction)).
+			//GetPost("/ipadmin", new(ipadmin.IndexAction)).
+			//GetPost("/ipadmin/provinces", new(ipadmin.ProvincesAction)).
+			GetPost("/ipadmin/createIPPopup", new(ipadmin.CreateIPPopupAction)).
+			GetPost("/ipadmin/updateIPPopup", new(ipadmin.UpdateIPPopupAction)).
+			Post("/ipadmin/deleteIP", new(ipadmin.DeleteIPAction)).
+
+			// 规则相关
+			Get("/groups", new(GroupsAction)).
+			Get("/group", new(GroupAction)).
 			EndAll()
 	})
 }

internal/web/actions/default/servers/server/settings/waf/ipadmin/allowList.go

@@ -0,0 +1,82 @@
+package ipadmin
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/maps"
+	timeutil "github.com/iwind/TeaGo/utils/time"
+)
+
+type AllowListAction struct {
+	actionutils.ParentAction
+}
+
+func (this *AllowListAction) Init() {
+	this.Nav("", "setting", "allowList")
+	this.SecondMenu("waf")
+}
+
+func (this *AllowListAction) RunGet(params struct {
+	ServerId         int64
+	FirewallPolicyId int64
+}) {
+	this.Data["featureIsOn"] = true
+	this.Data["firewallPolicyId"] = params.FirewallPolicyId
+
+	listId, err := dao.SharedIPListDAO.FindAllowIPListIdWithServerId(this.AdminContext(), params.ServerId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	// 创建
+	if listId == 0 {
+		listId, err = dao.SharedIPListDAO.CreateIPListForServerId(this.AdminContext(), params.ServerId, "white")
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+	}
+
+	this.Data["listId"] = listId
+
+	// 数量
+	countResp, err := this.RPC().IPItemRPC().CountIPItemsWithListId(this.AdminContext(), &pb.CountIPItemsWithListIdRequest{IpListId: listId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	count := countResp.Count
+	page := this.NewPage(count)
+	this.Data["page"] = page.AsHTML()
+
+	// 列表
+	itemsResp, err := this.RPC().IPItemRPC().ListIPItemsWithListId(this.AdminContext(), &pb.ListIPItemsWithListIdRequest{
+		IpListId: listId,
+		Offset:   page.Offset,
+		Size:     page.Size,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	itemMaps := []maps.Map{}
+	for _, item := range itemsResp.IpItems {
+		expiredTime := ""
+		if item.ExpiredAt > 0 {
+			expiredTime = timeutil.FormatTime("Y-m-d H:i:s", item.ExpiredAt)
+		}
+
+		itemMaps = append(itemMaps, maps.Map{
+			"id":          item.Id,
+			"ipFrom":      item.IpFrom,
+			"ipTo":        item.IpTo,
+			"expiredTime": expiredTime,
+			"reason":      item.Reason,
+		})
+	}
+	this.Data["items"] = itemMaps
+
+	this.Show()
+}

internal/web/actions/default/servers/server/settings/waf/ipadmin/createIPPopup.go

@@ -0,0 +1,81 @@
+package ipadmin
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/oplogs"
+	"github.com/TeaOSLab/EdgeAdmin/internal/utils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+)
+
+type CreateIPPopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *CreateIPPopupAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *CreateIPPopupAction) RunGet(params struct {
+	ListId int64
+	Type   string
+}) {
+	this.Data["type"] = params.Type
+	this.Data["listId"] = params.ListId
+
+	this.Show()
+}
+
+func (this *CreateIPPopupAction) RunPost(params struct {
+	ListId    int64
+	IpFrom    string
+	IpTo      string
+	ExpiredAt int64
+	Reason    string
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	// TODO 校验ListId所属用户
+
+	params.Must.
+		Field("ipFrom", params.IpFrom).
+		Require("请输入开始IP")
+
+	// 校验IP格式（ipFrom/ipTo）
+	ipFromLong := utils.IP2Long(params.IpFrom)
+	if len(params.IpFrom) > 0 {
+		if ipFromLong == 0 {
+			this.Fail("请输入正确的开始IP")
+		}
+	}
+
+	ipToLong := utils.IP2Long(params.IpTo)
+	if len(params.IpTo) > 0 {
+		if ipToLong == 0 {
+			this.Fail("请输入正确的结束IP")
+		}
+	}
+
+	if ipFromLong > 0 && ipToLong > 0 && ipFromLong > ipToLong {
+		params.IpTo, params.IpFrom = params.IpFrom, params.IpTo
+	}
+
+	createResp, err := this.RPC().IPItemRPC().CreateIPItem(this.AdminContext(), &pb.CreateIPItemRequest{
+		IpListId:  params.ListId,
+		IpFrom:    params.IpFrom,
+		IpTo:      params.IpTo,
+		ExpiredAt: params.ExpiredAt,
+		Reason:    params.Reason,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	itemId := createResp.IpItemId
+
+	// 日志
+	defer this.CreateLog(oplogs.LevelInfo, "在WAF策略 %d 名单中添加IP %d", params.ListId, itemId)
+
+	this.Success()
+}

internal/web/actions/default/servers/server/settings/waf/ipadmin/deleteIP.go

@@ -0,0 +1,29 @@
+package ipadmin
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/oplogs"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+)
+
+type DeleteIPAction struct {
+	actionutils.ParentAction
+}
+
+func (this *DeleteIPAction) RunPost(params struct {
+	FirewallPolicyId int64
+	ItemId           int64
+}) {
+	// 日志
+	defer this.CreateLog(oplogs.LevelInfo, "从WAF策略 %d 名单中删除IP %d", params.FirewallPolicyId, params.ItemId)
+
+	// TODO 判断权限
+
+	_, err := this.RPC().IPItemRPC().DeleteIPItem(this.AdminContext(), &pb.DeleteIPItemRequest{IpItemId: params.ItemId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}

internal/web/actions/default/servers/server/settings/waf/ipadmin/denyList.go

@@ -0,0 +1,82 @@
+package ipadmin
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/maps"
+	timeutil "github.com/iwind/TeaGo/utils/time"
+)
+
+type DenyListAction struct {
+	actionutils.ParentAction
+}
+
+func (this *DenyListAction) Init() {
+	this.Nav("", "setting", "denyList")
+	this.SecondMenu("waf")
+}
+
+func (this *DenyListAction) RunGet(params struct {
+	FirewallPolicyId int64
+	ServerId         int64
+}) {
+	this.Data["featureIsOn"] = true
+	this.Data["firewallPolicyId"] = params.FirewallPolicyId
+
+	listId, err := dao.SharedIPListDAO.FindDenyIPListIdWithServerId(this.AdminContext(), params.ServerId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	// 创建
+	if listId == 0 {
+		listId, err = dao.SharedIPListDAO.CreateIPListForServerId(this.AdminContext(), params.ServerId, "black")
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+	}
+
+	this.Data["listId"] = listId
+
+	// 数量
+	countResp, err := this.RPC().IPItemRPC().CountIPItemsWithListId(this.AdminContext(), &pb.CountIPItemsWithListIdRequest{IpListId: listId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	count := countResp.Count
+	page := this.NewPage(count)
+	this.Data["page"] = page.AsHTML()
+
+	// 列表
+	itemsResp, err := this.RPC().IPItemRPC().ListIPItemsWithListId(this.AdminContext(), &pb.ListIPItemsWithListIdRequest{
+		IpListId: listId,
+		Offset:   page.Offset,
+		Size:     page.Size,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	itemMaps := []maps.Map{}
+	for _, item := range itemsResp.IpItems {
+		expiredTime := ""
+		if item.ExpiredAt > 0 {
+			expiredTime = timeutil.FormatTime("Y-m-d H:i:s", item.ExpiredAt)
+		}
+
+		itemMaps = append(itemMaps, maps.Map{
+			"id":          item.Id,
+			"ipFrom":      item.IpFrom,
+			"ipTo":        item.IpTo,
+			"expiredTime": expiredTime,
+			"reason":      item.Reason,
+		})
+	}
+	this.Data["items"] = itemMaps
+
+	this.Show()
+}

internal/web/actions/default/servers/server/settings/waf/ipadmin/index.go

@@ -0,0 +1,108 @@
+package ipadmin
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/oplogs"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/lists"
+	"github.com/iwind/TeaGo/maps"
+	"strings"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "", "ipadmin")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	FirewallPolicyId int64
+}) {
+	this.Data["subMenuItem"] = "region"
+
+	// 当前选中的地区
+	policyConfig, err := dao.SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if policyConfig == nil {
+		this.NotFound("firewallPolicy", params.FirewallPolicyId)
+		return
+	}
+	selectedCountryIds := []int64{}
+	if policyConfig.Inbound != nil && policyConfig.Inbound.Region != nil {
+		selectedCountryIds = policyConfig.Inbound.Region.DenyCountryIds
+	}
+
+	countriesResp, err := this.RPC().RegionCountryRPC().FindAllEnabledRegionCountries(this.AdminContext(), &pb.FindAllEnabledRegionCountriesRequest{})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	countryMaps := []maps.Map{}
+	for _, country := range countriesResp.Countries {
+		countryMaps = append(countryMaps, maps.Map{
+			"id":        country.Id,
+			"name":      country.Name,
+			"letter":    strings.ToUpper(string(country.Pinyin[0][0])),
+			"isChecked": lists.ContainsInt64(selectedCountryIds, country.Id),
+		})
+	}
+	this.Data["countries"] = countryMaps
+
+	this.Show()
+}
+
+func (this *IndexAction) RunPost(params struct {
+	FirewallPolicyId int64
+	CountryIds       []int64
+
+	Must *actions.Must
+}) {
+	// 日志
+	defer this.CreateLog(oplogs.LevelInfo, "WAF策略 %d 设置禁止访问的国家和地区", params.FirewallPolicyId)
+
+	policyConfig, err := dao.SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if policyConfig == nil {
+		this.NotFound("firewallPolicy", params.FirewallPolicyId)
+		return
+	}
+
+	if policyConfig.Inbound == nil {
+		policyConfig.Inbound = &firewallconfigs.HTTPFirewallInboundConfig{IsOn: true}
+	}
+	if policyConfig.Inbound.Region == nil {
+		policyConfig.Inbound.Region = &firewallconfigs.HTTPFirewallRegionConfig{
+			IsOn: true,
+		}
+	}
+	policyConfig.Inbound.Region.DenyCountryIds = params.CountryIds
+
+	inboundJSON, err := json.Marshal(policyConfig.Inbound)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	_, err = this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallInboundConfig(this.AdminContext(), &pb.UpdateHTTPFirewallInboundConfigRequest{
+		HttpFirewallPolicyId: params.FirewallPolicyId,
+		InboundJSON:          inboundJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}

internal/web/actions/default/servers/server/settings/waf/ipadmin/provinces.go

@@ -0,0 +1,110 @@
+package ipadmin
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/oplogs"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/lists"
+	"github.com/iwind/TeaGo/maps"
+)
+
+const ChinaCountryId = 1
+
+type ProvincesAction struct {
+	actionutils.ParentAction
+}
+
+func (this *ProvincesAction) Init() {
+	this.Nav("", "", "ipadmin")
+}
+
+func (this *ProvincesAction) RunGet(params struct {
+	FirewallPolicyId int64
+}) {
+	this.Data["subMenuItem"] = "province"
+
+	// 当前选中的省份
+	policyConfig, err := dao.SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if policyConfig == nil {
+		this.NotFound("firewallPolicy", params.FirewallPolicyId)
+		return
+	}
+	selectedProvinceIds := []int64{}
+	if policyConfig.Inbound != nil && policyConfig.Inbound.Region != nil {
+		selectedProvinceIds = policyConfig.Inbound.Region.DenyProvinceIds
+	}
+
+	provincesResp, err := this.RPC().RegionProvinceRPC().FindAllEnabledRegionProvincesWithCountryId(this.AdminContext(), &pb.FindAllEnabledRegionProvincesWithCountryIdRequest{
+		CountryId: int64(ChinaCountryId),
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	provinceMaps := []maps.Map{}
+	for _, province := range provincesResp.Provinces {
+		provinceMaps = append(provinceMaps, maps.Map{
+			"id":        province.Id,
+			"name":      province.Name,
+			"isChecked": lists.ContainsInt64(selectedProvinceIds, province.Id),
+		})
+	}
+	this.Data["provinces"] = provinceMaps
+
+	this.Show()
+}
+
+func (this *ProvincesAction) RunPost(params struct {
+	FirewallPolicyId int64
+	ProvinceIds      []int64
+
+	Must *actions.Must
+}) {
+	// 日志
+	defer this.CreateLog(oplogs.LevelInfo, "WAF策略 %d 设置禁止访问的省份", params.FirewallPolicyId)
+
+	policyConfig, err := dao.SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if policyConfig == nil {
+		this.NotFound("firewallPolicy", params.FirewallPolicyId)
+		return
+	}
+
+	if policyConfig.Inbound == nil {
+		policyConfig.Inbound = &firewallconfigs.HTTPFirewallInboundConfig{IsOn: true}
+	}
+	if policyConfig.Inbound.Region == nil {
+		policyConfig.Inbound.Region = &firewallconfigs.HTTPFirewallRegionConfig{
+			IsOn: true,
+		}
+	}
+	policyConfig.Inbound.Region.DenyProvinceIds = params.ProvinceIds
+
+	inboundJSON, err := json.Marshal(policyConfig.Inbound)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	_, err = this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallInboundConfig(this.AdminContext(), &pb.UpdateHTTPFirewallInboundConfigRequest{
+		HttpFirewallPolicyId: params.FirewallPolicyId,
+		InboundJSON:          inboundJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}

internal/web/actions/default/servers/server/settings/waf/ipadmin/updateIPPopup.go

@@ -0,0 +1,97 @@
+package ipadmin
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/oplogs"
+	"github.com/TeaOSLab/EdgeAdmin/internal/utils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type UpdateIPPopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *UpdateIPPopupAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *UpdateIPPopupAction) RunGet(params struct {
+	ItemId int64
+}) {
+	itemResp, err := this.RPC().IPItemRPC().FindEnabledIPItem(this.AdminContext(), &pb.FindEnabledIPItemRequest{IpItemId: params.ItemId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	item := itemResp.IpItem
+	if item == nil {
+		this.NotFound("ipItem", params.ItemId)
+		return
+	}
+
+	this.Data["item"] = maps.Map{
+		"id":        item.Id,
+		"ipFrom":    item.IpFrom,
+		"ipTo":      item.IpTo,
+		"expiredAt": item.ExpiredAt,
+		"reason":    item.Reason,
+	}
+
+	this.Show()
+}
+
+func (this *UpdateIPPopupAction) RunPost(params struct {
+	ItemId int64
+
+	IpFrom    string
+	IpTo      string
+	ExpiredAt int64
+	Reason    string
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	// 日志
+	defer this.CreateLog(oplogs.LevelInfo, "修改WAF策略名单中的IP %d", params.ItemId)
+
+	// TODO 校验ItemId所属用户
+
+	params.Must.
+		Field("ipFrom", params.IpFrom).
+		Require("请输入开始IP")
+
+	// 校验IP格式（ipFrom/ipTo）
+	ipFromLong := utils.IP2Long(params.IpFrom)
+	if len(params.IpFrom) > 0 {
+		if ipFromLong == 0 {
+			this.Fail("请输入正确的开始IP")
+		}
+	}
+
+	ipToLong := utils.IP2Long(params.IpTo)
+	if len(params.IpTo) > 0 {
+		if ipToLong == 0 {
+			this.Fail("请输入正确的结束IP")
+		}
+	}
+
+	if ipFromLong > 0 && ipToLong > 0 && ipFromLong > ipToLong {
+		params.IpTo, params.IpFrom = params.IpFrom, params.IpTo
+	}
+
+	_, err := this.RPC().IPItemRPC().UpdateIPItem(this.AdminContext(), &pb.UpdateIPItemRequest{
+		IpItemId:  params.ItemId,
+		IpFrom:    params.IpFrom,
+		IpTo:      params.IpTo,
+		ExpiredAt: params.ExpiredAt,
+		Reason:    params.Reason,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}

internal/web/actions/default/settings/backup/init.go

@@ -11,7 +11,7 @@ func init() {
 	TeaGo.BeforeStart(func(server *TeaGo.Server) {
 		server.
 			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeSetting)).
-			Helper(settingutils.NewHelper("backup")).
+			Helper(settingutils.NewAdvancedHelper("backup")).
 			Prefix("/settings/backup").
 			Get("", new(IndexAction)).
 			EndAll()

internal/web/actions/default/settings/database/clean.go

@@ -0,0 +1,48 @@
+package database
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/utils/numberutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type CleanAction struct {
+	actionutils.ParentAction
+}
+
+func (this *CleanAction) Init() {
+	this.Nav("", "", "clean")
+}
+
+func (this *CleanAction) RunGet(params struct{}) {
+	this.Show()
+}
+
+func (this *CleanAction) RunPost(params struct {
+	Must *actions.Must
+}) {
+	tablesResp, err := this.RPC().DBRPC().FindAllDBTables(this.AdminContext(), &pb.FindAllDBTablesRequest{})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	tableMaps := []maps.Map{}
+	for _, table := range tablesResp.DbTables {
+		if !table.IsBaseTable || (!table.CanClean && !table.CanDelete) {
+			continue
+		}
+		tableMaps = append(tableMaps, maps.Map{
+			"name":      table.Name,
+			"rows":      table.Rows,
+			"size":      numberutils.FormatBytes(table.DataLength + table.IndexLength),
+			"canDelete": table.CanDelete,
+			"canClean":  table.CanClean,
+			"comment":   table.Comment,
+		})
+	}
+	this.Data["tables"] = tableMaps
+	this.Success()
+}

internal/web/actions/default/settings/database/cleanSetting.go

@@ -0,0 +1,82 @@
+package database
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/systemconfigs"
+	"github.com/iwind/TeaGo/actions"
+)
+
+type CleanSettingAction struct {
+	actionutils.ParentAction
+}
+
+func (this *CleanSettingAction) Init() {
+	this.Nav("", "", "cleanSetting")
+}
+
+func (this *CleanSettingAction) RunGet(params struct{}) {
+	// 读取设置
+	configResp, err := this.RPC().SysSettingRPC().ReadSysSetting(this.AdminContext(), &pb.ReadSysSettingRequest{Code: systemconfigs.SettingCodeDatabaseConfigSetting})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var config = &systemconfigs.DatabaseConfig{}
+	if len(configResp.ValueJSON) > 0 {
+		err = json.Unmarshal(configResp.ValueJSON, config)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+	}
+	this.Data["config"] = config.ServerAccessLog.Clean
+
+	this.Show()
+}
+
+func (this *CleanSettingAction) RunPost(params struct {
+	Days int
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	defer this.CreateLogInfo("修改数据库自动清理设置")
+
+	days := params.Days
+	if days < 0 {
+		days = 0
+	}
+
+	// 读取设置
+	configResp, err := this.RPC().SysSettingRPC().ReadSysSetting(this.AdminContext(), &pb.ReadSysSettingRequest{Code: systemconfigs.SettingCodeDatabaseConfigSetting})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var config = &systemconfigs.DatabaseConfig{}
+	if len(configResp.ValueJSON) > 0 {
+		err = json.Unmarshal(configResp.ValueJSON, config)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+	}
+	config.ServerAccessLog.Clean.Days = days
+	configJSON, err := json.Marshal(config)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	_, err = this.RPC().SysSettingRPC().UpdateSysSetting(this.AdminContext(), &pb.UpdateSysSettingRequest{
+		Code:      systemconfigs.SettingCodeDatabaseConfigSetting,
+		ValueJSON: configJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}

internal/web/actions/default/settings/database/deleteTable.go

@@ -0,0 +1,23 @@
+package database
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+)
+
+type DeleteTableAction struct {
+	actionutils.ParentAction
+}
+
+func (this *DeleteTableAction) RunPost(params struct {
+	Table string
+}) {
+	defer this.CreateLogInfo("删除数据表 %s", params.Table)
+
+	_, err := this.RPC().DBRPC().DeleteDBTable(this.AdminContext(), &pb.DeleteDBTableRequest{DbTable: params.Table})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Success()
+}

internal/web/actions/default/settings/database/index.go

@@ -1,4 +1,4 @@
-package profile
+package database
 
 import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"

internal/web/actions/default/settings/database/init.go

@@ -1,4 +1,4 @@
-package profile
+package database
 
 import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
@@ -15,6 +15,10 @@ func init() {
 			Prefix("/settings/database").
 			Get("", new(IndexAction)).
 			GetPost("/update", new(UpdateAction)).
+			GetPost("/clean", new(CleanAction)).
+			GetPost("/cleanSetting", new(CleanSettingAction)).
+			GetPost("/truncateTable", new(TruncateTableAction)).
+			GetPost("/deleteTable", new(DeleteTableAction)).
 			EndAll()
 	})
 }

internal/web/actions/default/settings/database/truncateTable.go

@@ -0,0 +1,23 @@
+package database
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+)
+
+type TruncateTableAction struct {
+	actionutils.ParentAction
+}
+
+func (this *TruncateTableAction) RunPost(params struct {
+	Table string
+}) {
+	defer this.CreateLogInfo("清空数据表 %s 数据", params.Table)
+
+	_, err := this.RPC().DBRPC().TruncateDBTable(this.AdminContext(), &pb.TruncateDBTableRequest{DbTable: params.Table})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Success()
+}

internal/web/actions/default/settings/database/update.go

@@ -1,17 +1,15 @@
-package profile
+package database
 
 import (
 	"fmt"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/dbs"
 	"github.com/iwind/TeaGo/maps"
 	"gopkg.in/yaml.v3"
 	"io/ioutil"
-	"net/url"
-	"path/filepath"
-	"regexp"
 	"strings"
 )
 
@@ -57,28 +55,33 @@ func (this *UpdateAction) RunGet(params struct{}) {
 	}
 
 	dsn := dbConfig.Dsn
-	dsn = regexp.MustCompile(`tcp\((.+)\)`).ReplaceAllString(dsn, "$1")
-	dsnURL, err := url.Parse("mysql://" + dsn)
+	cfg, err := mysql.ParseDSN(dsn)
 	if err != nil {
+		this.Data["dbConfig"] = maps.Map{
+			"host":     "",
+			"port":     "",
+			"username": "",
+			"password": "",
+			"database": "",
+		}
 		this.Show()
 		return
 	}
 
-	host := dsnURL.Host
+	host := cfg.Addr
 	port := "3306"
-	index := strings.LastIndex(dsnURL.Host, ":")
+	index := strings.LastIndex(cfg.Addr, ":")
 	if index > 0 {
-		host = dsnURL.Host[:index]
-		port = dsnURL.Host[index+1:]
+		host = cfg.Addr[:index]
+		port = cfg.Addr[index+1:]
 	}
 
-	password, _ := dsnURL.User.Password()
 	this.Data["dbConfig"] = maps.Map{
 		"host":     host,
 		"port":     port,
-		"username": dsnURL.User.Username(),
-		"password": password,
-		"database": filepath.Base(dsnURL.Path),
+		"username": cfg.User,
+		"password": cfg.Passwd,
+		"database": cfg.DBName,
 	}
 
 	this.Show()

internal/web/actions/default/settings/profile/index.go

@@ -1,4 +1,4 @@
-package profile
+package database
 
 import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"

internal/web/actions/default/settings/profile/init.go

@@ -1,4 +1,4 @@
-package profile
+package database
 
 import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"

internal/web/actions/default/settings/settingutils/advanced_helper.go

@@ -34,6 +34,7 @@ func (this *AdvancedHelper) BeforeAction(actionPtr actions.ActionWrapper) (goNex
 		tabbar.Add("API节点", "", "/api", "", this.tab == "apiNodes")
 		tabbar.Add("用户节点", "", "/settings/userNodes", "", this.tab == "userNodes")
 		tabbar.Add("日志数据库", "", "/db", "", this.tab == "dbNodes")
+		//tabbar.Add("备份", "", "/settings/backup", "", this.tab == "backup")
 	}
 	actionutils.SetTabbar(actionPtr, tabbar)
 

internal/web/actions/default/settings/settingutils/helper.go

@@ -34,7 +34,6 @@ func (this *Helper) BeforeAction(actionPtr actions.ActionWrapper) (goNext bool)
 		tabbar.Add("用户界面设置", "", "/settings/user-ui", "", this.tab == "userUI")
 		tabbar.Add("安全设置", "", "/settings/security", "", this.tab == "security")
 		tabbar.Add("IP库", "", "/settings/ip-library", "", this.tab == "ipLibrary")
-		tabbar.Add("备份", "", "/settings/backup", "", this.tab == "backup")
 	}
 	tabbar.Add("个人资料", "", "/settings/profile", "", this.tab == "profile")
 	tabbar.Add("登录设置", "", "/settings/login", "", this.tab == "login")

internal/web/actions/default/settings/user-nodes/index.go

@@ -1,9 +1,14 @@
 package usernodes
 
 import (
+	"encoding/json"
+	"fmt"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/logs"
 	"github.com/iwind/TeaGo/maps"
+	"time"
 )
 
 type IndexAction struct {
@@ -36,11 +41,32 @@ func (this *IndexAction) RunGet(params struct{}) {
 		}
 
 		for _, node := range nodesResp.Nodes {
+			// 状态
+			status := &nodeconfigs.NodeStatus{}
+			if len(node.StatusJSON) > 0 {
+				err = json.Unmarshal(node.StatusJSON, &status)
+				if err != nil {
+					logs.Error(err)
+					continue
+				}
+				status.IsActive = status.IsActive && time.Now().Unix()-status.UpdatedAt <= 60 // N秒之内认为活跃
+			}
+
 			nodeMaps = append(nodeMaps, maps.Map{
 				"id":          node.Id,
 				"isOn":        node.IsOn,
 				"name":        node.Name,
 				"accessAddrs": node.AccessAddrs,
+				"status": maps.Map{
+					"isActive":     status.IsActive,
+					"updatedAt":    status.UpdatedAt,
+					"hostname":     status.Hostname,
+					"cpuUsage":     status.CPUUsage,
+					"cpuUsageText": fmt.Sprintf("%.2f%%", status.CPUUsage*100),
+					"memUsage":     status.MemoryUsage,
+					"memUsageText": fmt.Sprintf("%.2f%%", status.MemoryUsage*100),
+					"buildVersion": status.BuildVersion,
+				},
 			})
 		}
 	}

internal/web/actions/default/setup/install.go

@@ -83,6 +83,7 @@ func (this *InstallAction) RunPost(params struct {
 					Prefix: "edge",
 				}},
 		}
+		dbConfig.Default.DB = "prod"
 		dbConfigData, err := yaml.Marshal(dbConfig)
 		if err != nil {
 			this.Fail("生成数据库配置失败：" + err.Error())

web/views/@default/@layout.css

@@ -119,6 +119,13 @@ pre:not(.CodeMirror-line) {
 tbody {
   background: transparent;
 }
+.table-box {
+  margin-top: 1em;
+  overflow-x: auto;
+}
+.table-box::-webkit-scrollbar {
+  height: 6px;
+}
 .table.width30 {
   width: 30em !important;
 }
@@ -128,6 +135,9 @@ tbody {
 .table.width40 {
   width: 40em !important;
 }
+.table.width1024 {
+  width: 1024px !important;
+}
 .table th,
 .table td {
   font-size: 0.9em !important;

web/views/@default/@layout.less

@@ -45,6 +45,15 @@ tbody {
 	background: transparent;
 }
 
+.table-box {
+	margin-top: 1em;
+	overflow-x: auto;
+}
+
+.table-box::-webkit-scrollbar {
+	height: 6px;
+}
+
 .table.width30 {
 	width: 30em !important;
 }
@@ -57,6 +66,10 @@ tbody {
 	width: 40em !important;
 }
 
+.table.width1024 {
+	width: 1024px !important;
+}
+
 .table th, .table td {
 	font-size: 0.9em !important;
 }

web/views/@default/api/index.html

@@ -6,58 +6,64 @@
 
 <p class="comment" v-if="nodes.length == 0">暂时还没有节点。</p>
 
-<table class="ui table selectable celled" v-if="nodes.length > 0">
-	<thead>
-		<tr>
-			<th>节点名称</th>
-			<th>GRPC访问地址</th>
-            <th>HTTP访问地址</th>
-            <th class="width6 center">版本号</th>
-            <th class="width5 center">CPU</th>
-            <th class="width5 center">内存</th>
-			<th class="center width10">状态</th>
-			<th class="two op">操作</th>
-		</tr>
-	</thead>
-	<tr v-for="node in nodes">
-		<td>{{node.name}}</td>
-		<td>
-			<div v-if="node.accessAddrs != null && node.accessAddrs.length > 0">
-				<span class="ui label tiny basic" v-for="addr in node.accessAddrs" style="margin-bottom: 0.5em">{{addr}}</span>
-			</div>
-            <div v-else class="disabled">-</div>
-		</td>
-        <td>
-            <div v-if="node.restAccessAddrs != null && node.restAccessAddrs.length > 0">
-                <span class="ui label tiny basic" v-for="addr in node.restAccessAddrs" style="margin-bottom: 0.5em">{{addr}}</span>
-            </div>
-            <div v-else class="disabled">-</div>
-        </td>
-        <td class="center">
-            <span v-if="node.status.buildVersion.length > 0">v{{node.status.buildVersion}}</span>
-            <span v-else class="disabled">-</span>
-        </td>
-        <td class="center">
-            <span v-if="node.status.isActive" :class="{red:node.status.cpuUsage > 0.80}">{{node.status.cpuUsageText}}</span>
-            <span v-else class="disabled">-</span>
-        </td>
-        <td class="center">
-            <span v-if="node.status.isActive" :class="{red:node.status.memUsage > 0.80}">{{node.status.memUsageText}}</span>
-            <span v-else class="disabled">-</span>
-        </td>
-		<td class="center">
-			<span v-if="!node.isOn"><label-on :v-is-on="node.isOn"></label-on></span>
-            <div v-else-if="node.status.isActive">
-                <span class="green">运行中</span>
-            </div>
-            <span v-else-if="node.status.updatedAt > 0" class="red">已断开</span>
-            <span v-else-if="node.status.updatedAt == 0" class="red">未连接</span>
-		</td>
-		<td>
-			<a :href="'/api/node?nodeId=' + node.id">详情</a> &nbsp;
-			<a href="" @click.prevent="deleteNode(node.id)">删除</a>
-		</td>
-	</tr>
-</table>
+<div class="table-box">
+    <table class="ui table selectable celled" v-if="nodes.length > 0">
+        <thead>
+            <tr>
+                <th>节点名称</th>
+                <th>GRPC访问地址</th>
+                <th>HTTP访问地址</th>
+                <th class="width6 center">版本号</th>
+                <th class="width5 center">CPU</th>
+                <th class="width5 center">内存</th>
+                <th class="center width10">状态</th>
+                <th class="two op">操作</th>
+            </tr>
+        </thead>
+        <tr v-for="node in nodes">
+            <td>{{node.name}}</td>
+            <td>
+                <div v-if="node.accessAddrs != null && node.accessAddrs.length > 0">
+                    <div v-for="addr in node.accessAddrs">
+                        <span class="ui label tiny basic" style="margin-bottom: 0.5em">{{addr}}</span>
+                    </div>
+                </div>
+                <div v-else class="disabled">-</div>
+            </td>
+            <td>
+                <div v-if="node.restAccessAddrs != null && node.restAccessAddrs.length > 0">
+                    <div v-for="addr in node.restAccessAddrs">
+                        <span class="ui label tiny basic" style="margin-bottom: 0.5em">{{addr}}</span>
+                    </div>
+                </div>
+                <div v-else class="disabled">-</div>
+            </td>
+            <td class="center">
+                <span v-if="node.status.buildVersion.length > 0">v{{node.status.buildVersion}}</span>
+                <span v-else class="disabled">-</span>
+            </td>
+            <td class="center">
+                <span v-if="node.status.isActive" :class="{red:node.status.cpuUsage > 0.80}">{{node.status.cpuUsageText}}</span>
+                <span v-else class="disabled">-</span>
+            </td>
+            <td class="center">
+                <span v-if="node.status.isActive" :class="{red:node.status.memUsage > 0.80}">{{node.status.memUsageText}}</span>
+                <span v-else class="disabled">-</span>
+            </td>
+            <td class="center">
+                <span v-if="!node.isOn"><label-on :v-is-on="node.isOn"></label-on></span>
+                <div v-else-if="node.status.isActive">
+                    <span class="green">运行中</span>
+                </div>
+                <span v-else-if="node.status.updatedAt > 0" class="red">已断开</span>
+                <span v-else-if="node.status.updatedAt == 0" class="red">未连接</span>
+            </td>
+            <td>
+                <a :href="'/api/node?nodeId=' + node.id">详情</a> &nbsp;
+                <a href="" @click.prevent="deleteNode(node.id)">删除</a>
+            </td>
+        </tr>
+    </table>
+</div>
 
 <div class="page" v-html="page"></div>

web/views/@default/clusters/tasks/listPopup.js

@@ -12,7 +12,7 @@ Tea.context(function () {
             .done(function () {
                 this.$delay(function () {
                     this.reload()
-                }, 5000)
+                }, 3000)
             })
     }
 

web/views/@default/db/cleanPopup.html

@@ -0,0 +1,23 @@
+{$layout "layout_popup"}
+
+<div class="ui message" v-if="isLoading">正在加载中...</div>
+
+<table class="ui table selectable">
+    <thead>
+        <tr>
+            <th>表名</th>
+            <th>占用空间</th>
+            <th>用途</th>
+            <th class="two op">操作</th>
+        </tr>
+    </thead>
+    <tr v-for="table in tables">
+        <td>{{table.name}}</td>
+        <td>{{table.size}}</td>
+        <td>{{table.comment}}</td>
+        <td>
+            <a href="" v-if="table.canDelete" @click.prevent="deleteTable(table.name)">删除</a><span v-if="table.canDelete"> &nbsp;</span>
+            <a href="" v-if="table.canClean" @click.prevent="truncateTable(table.name)">清空</a>
+        </td>
+    </tr>
+</table>

web/views/@default/db/cleanPopup.js

@@ -0,0 +1,52 @@
+Tea.context(function () {
+    this.tables = []
+    this.isLoading = true
+
+    this.$delay(function () {
+        this.reload()
+    })
+
+    this.reload = function () {
+        this.isLoading = true
+        this.$post("$")
+            .params({ nodeId: this.nodeId })
+            .success(function (resp) {
+                this.tables = resp.data.tables;
+            })
+            .done(function () {
+                this.isLoading = false
+            })
+    }
+
+    this.deleteTable = function (tableName) {
+        let that = this
+        teaweb.confirm("html:确定要删除此数据表吗？<br/>删除后数据不能恢复！", function () {
+            that.$post(".deleteTable")
+                .params({
+                    nodeId: that.nodeId,
+                    table: tableName
+                })
+                .success(function () {
+                    teaweb.success("操作成功", function () {
+                        that.reload()
+                    })
+                })
+        })
+    }
+
+    this.truncateTable = function (tableName) {
+        let that = this
+        teaweb.confirm("html:确定要清空此数据表吗？<br/>清空后数据不能恢复！", function () {
+            that.$post(".truncateTable")
+                .params({
+                    nodeId: that.nodeId,
+                    table: tableName
+                })
+                .success(function () {
+                    teaweb.success("操作成功", function () {
+                        that.reload()
+                    })
+                })
+        })
+    }
+})

web/views/@default/db/index.html

@@ -12,16 +12,30 @@
 			<th>节点名称</th>
 			<th>连接地址</th>
 			<th>数据库名</th>
+            <th>用量</th>
 			<th class="center width10">状态</th>
-			<th class="two op">操作</th>
+			<th class="three op">操作</th>
 		</tr>
 	</thead>
 	<tr v-for="node in nodes">
 		<td>{{node.name}}</td>
 		<td>{{node.host}}:{{node.port}}</td>
 		<td>{{node.database}}</td>
-		<td class="center"><label-on :v-is-on="node.isOn"></label-on></td>
+        <td>
+            <span v-if="node.status.isOk">{{node.status.size}}</span>
+            <span v-else class="disabled">-</span>
+        </td>
+		<td class="center">
+            <div v-if="node.isOn">
+                <span v-if="node.status.isOk" class="green">连接正常</span>
+                <a href="" title="点击查看具体错误" v-else @click.prevent="showError(node.status.error)"><span class="red" style="border-bottom: 1px #db2828 dashed">连接错误</span></a>
+            </div>
+            <span v-else>
+                <label-on :v-is-on="node.isOn"></label-on>
+            </span>
+        </td>
 		<td>
+            <a href="" @click.prevent="cleanNode(node.id)" v-if="node.isOn && node.status.isOk">清理</a><span v-else class="disabled">清理 </span> &nbsp;
 			<a href="" @click.prevent="updateNode(node.id)">修改</a> &nbsp;
 			<a href="" @click.prevent="deleteNode(node.id)">删除</a>
 		</td>

web/views/@default/db/index.js

@@ -34,4 +34,14 @@ Tea.context(function () {
 				.refresh()
 		})
 	}
+
+    // 清理节点
+    this.cleanNode = function (nodeId) {
+        teaweb.popup("/db/cleanPopup?nodeId=" + nodeId)
+    }
+
+	// 显示错误信息
+    this.showError = function (err) {
+	    teaweb.popupTip("<span style=\"color:#db2828\">错误信息：" + err + "</span>")
+    }
 })

web/views/@default/servers/components/waf/log.js

@@ -5,4 +5,13 @@ Tea.context(function () {
 			that.day = day
 		})
 	})
+
+    let that = this
+    this.accessLogs.forEach(function (accessLog) {
+        if (typeof (that.regions[accessLog.remoteAddr]) == "string") {
+            accessLog.region = that.regions[accessLog.remoteAddr]
+        } else {
+            accessLog.region = ""
+        }
+    })
 })

web/views/@default/servers/server/settings/waf/@menu.html

@@ -0,0 +1,7 @@
+<first-menu>
+    <menu-item :href="'/servers/server/settings/waf?serverId=' + serverId" code="index">设置</menu-item>
+    <menu-item :href="'/servers/server/settings/waf/groups?serverId=' + serverId + '&type=inbound&firewallPolicyId='+firewallPolicyId" code="inbound">入站规则</menu-item>
+    <menu-item :href="'/servers/server/settings/waf/groups?serverId=' + serverId + '&type=outbound&firewallPolicyId='+firewallPolicyId" code="outbound">出站规则</menu-item>
+    <menu-item :href="'/servers/server/settings/waf/ipadmin/allowList?serverId=' + serverId + '&firewallPolicyId='+firewallPolicyId" code="allowList">白名单</menu-item>
+    <menu-item :href="'/servers/server/settings/waf/ipadmin/denyList?serverId=' + serverId + '&firewallPolicyId='+firewallPolicyId" code="denyList">黑名单</menu-item>
+</first-menu>

web/views/@default/servers/server/settings/waf/group.html

@@ -0,0 +1,69 @@
+{$layout}
+{$template "/left_menu"}
+
+<div class="right-box">
+    {$template "menu"}
+
+	<h3>分组<a href="" @click.prevent="updateGroup(group.id)">[修改]</a></h3>
+	<table class="ui table selectable definition">
+		<tr>
+			<td class="title">名称</td>
+			<td>{{group.name}}</td>
+		</tr>
+		<tr>
+			<td>描述</td>
+			<td>
+				<span v-if="group.description.length == 0" class="disabled">暂时还没有描述。</span>
+				<span v-if="group.description.length > 0">{{group.description}}</span>
+			</td>
+		</tr>
+		<tr>
+			<td>启用状态</td>
+			<td>
+				<label-on :v-is-on="group.isOn"></label-on>
+			</td>
+		</tr>
+	</table>
+
+	<h3 style="padding-top:0.8em">规则集<a href="" @click.prevent="createSet(group.id)">[添加规则集]</a> </h3>
+	<p class="comment" v-if="sets == null || sets.length == 0">暂时还没有规则。</p>
+	<table class="ui table selectable celled" id="sortable-table" v-if="sets != null && sets.length > 0">
+		<thead>
+			<tr>
+				<th style="width:3em"></th>
+				<th nowrap="">规则集名称</th>
+				<th nowrap="">规则</th>
+				<th nowrap="" class="center">关系</th>
+				<th nowrap="">动作</th>
+				<th class="three op">操作</th>
+			</tr>
+		</thead>
+		<tbody v-for="set in sets" :data-set-id="set.id">
+		<tr>
+			<td style="text-align: center;"><i class="icon bars handle grey"></i> </td>
+			<td nowrap=""><span :class="{disabled:!set.isOn}">{{set.name}}</span>
+				<p style="margin-top:0.5em">
+					<label-on :v-is-on="set.isOn"></label-on>
+				</p>
+			</td>
+			<td class="rules-box">
+				<div v-for="rule in set.rules" style="margin-top: 0.4em;margin-bottom:0.4em">
+					<span class="ui label tiny basic">{{rule.name}}[{{rule.param}}] <span v-if="rule.paramFilters != null && rule.paramFilters.length > 0" v-for="paramFilter in rule.paramFilters"> | {{paramFilter.code}}</span> <var :class="{dash:rule.isCaseInsensitive}" :title="rule.isCaseInsensitive ? '大小写不敏感':''" v-if="!rule.isComposed">{{rule.operator}}</var> {{rule.value}}</span>
+				</div>
+				<span class="ui disabled" v-if="set.rules.length == 0">暂时还没有规则</span>
+			</td>
+			<td class="center">{{set.connector.toUpperCase()}}</td>
+			<td nowrap=""><span :class="{red:set.action == 'BLOCK' || set.action == 'CAPTCHA', green:set.action != 'BLOCK' && set.action != 'CAPTCHA'}">{{set.actionName}}[{{set.action.toUpperCase()}}]</span>
+				<div v-if="set.actionLinks != null && set.actionLinks.length > 0" style="margin-top:0.3em">
+					<span class="disabled">-&gt;</span> <span v-for="link in set.actionLinks"><a :href="link.url"><span class="disabled">[{{link.name}}]</span></a> &nbsp;</span>
+				</div>
+			</td>
+			<td>
+				<a href="" @click.prevent="updateSet(set.id)">修改</a> &nbsp; <a href="" @click.prevent="updateSetOn(set.id, false)" v-if="set.isOn">停用</a><a href="" @click.prevent="updateSetOn(set.id, true)" v-if="!set.isOn">启用</a> &nbsp; <a href="" @click.prevent="deleteSet(set.id)">删除</a>
+			</td>
+		</tr>
+		</tbody>
+	</table>
+
+	<p class="comment" v-if="group.sets != null && group.sets.length > 1">所有规则匹配顺序为从上到下，可以拖动左侧的<i class="icon bars"></i>排序。</p>
+</div>

web/views/@default/servers/server/settings/waf/group.js

@@ -0,0 +1,82 @@
+Tea.context(function () {
+	this.$delay(function () {
+		let that = this
+		sortTable(function () {
+			let setIds = []
+			document
+				.querySelectorAll("tbody[data-set-id]")
+				.forEach(function (v) {
+					setIds.push(v.getAttribute("data-set-id"))
+				})
+			that.$post("/servers/components/waf/sortSets")
+				.params({
+					groupId: that.group.id,
+					setIds: setIds
+				})
+				.success(function () {
+					teaweb.successToast("排序保存成功")
+				})
+		})
+	})
+
+	// 更改分组
+	this.updateGroup = function (groupId) {
+		teaweb.popup("/servers/components/waf/updateGroupPopup?groupId=" + groupId, {
+			height: "16em",
+			callback: function () {
+				teaweb.success("保存成功", function () {
+					window.location.reload()
+				})
+			}
+		})
+	}
+
+	// 创建规则集
+	this.createSet = function (groupId) {
+		teaweb.popup("/servers/components/waf/createSetPopup?firewallPolicyId=" + this.firewallPolicyId + "&groupId=" + groupId + "&type=" + this.type, {
+			width: "50em",
+			height: "30em",
+			callback: function () {
+				teaweb.success("保存成功", function () {
+					window.location.reload()
+				})
+			}
+		})
+	}
+
+	// 修改规则集
+	this.updateSet = function (setId) {
+		teaweb.popup("/servers/components/waf/updateSetPopup?firewallPolicyId=" + this.firewallPolicyId + "&groupId=" + this.group.id + "&type=" + this.type + "&setId=" + setId, {
+			width: "50em",
+			height: "30em",
+			callback: function () {
+				teaweb.success("保存成功", function () {
+					window.location.reload()
+				})
+			}
+		})
+	}
+
+	// 停用|启用规则集
+	this.updateSetOn = function (setId, isOn) {
+		this.$post("/servers/components/waf/updateSetOn")
+			.params({
+				setId: setId,
+				isOn: isOn ? 1 : 0
+			})
+			.refresh()
+	}
+
+	// 删除规则集
+	this.deleteSet = function (setId) {
+		let that = this
+		teaweb.confirm("确定要删除此规则集吗？", function () {
+			that.$post("/servers/components/waf/deleteSet")
+				.params({
+					groupId: this.group.id,
+					setId: setId
+				})
+				.refresh()
+		})
+	}
+})

web/views/@default/servers/server/settings/waf/groups.html

@@ -0,0 +1,48 @@
+{$layout}
+{$template "/left_menu"}
+
+<div class="right-box">
+    {$template "menu"}
+
+	<second-menu>
+		<a href="" class="item" @click.prevent="createGroup(type)">[添加分组]</a>
+	</second-menu>
+
+	<p class="comment" v-if="groups.length == 0">暂时还没有规则分组。</p>
+
+	<table class="ui table selectable celled" v-if="groups.length > 0" id="sortable-table">
+		<thead>
+		<tr>
+			<th style="width:3em"></th>
+			<th>规则分组</th>
+			<th class="center">规则集</th>
+			<th class="three op">操作</th>
+		</tr>
+		</thead>
+		<tbody  v-for="group in groups" :data-group-id="group.id">
+			<tr>
+				<td style="text-align: center;"><i class="icon bars handle grey" title="拖动排序"></i> </td>
+				<td><span :class="{disabled:!group.isOn}">{{group.name}}</span>
+					<p class="comment" v-if="group.description.length > 0" style="padding-bottom:0">{{group.description}}</p>
+					<p>
+						<span v-if="group.isOn" class="ui label tiny basic green">启用</span>
+						<span v-if="!group.isOn" class="ui label tiny basic red">停用</span>
+						<span v-if="group.code.length > 0" class="ui label basic tiny">预置</span>
+						<span v-if="group.code.length == 0" class="ui label basic tiny">自定义</span>
+					</p>
+				</td>
+				<td class="center">
+					<a :href="'/servers/server/settings/waf/group?serverId=' + serverId + '&firewallPolicyId=' + firewallPolicyId + '&type=' + type + '&groupId=' + group.id">{{group.countSets}}</a>
+				</td>
+				<td>
+					<a :href="'/servers/server/settings/waf/group?serverId=' + serverId + '&firewallPolicyId=' + firewallPolicyId + '&type=' + type + '&groupId=' + group.id">详情</a> &nbsp;
+					<a href="" v-if="!group.isOn" @click.prevent="enableGroup(group.id)">启用</a><a href="" v-if="group.isOn" @click.prevent="disableGroup(group.id)">停用</a> &nbsp;
+					<a href="" @click.prevent="deleteGroup(group.id)" v-if="group.canDelete">删除</a>
+				</td>
+			</tr>
+		</tbody>
+	</table>
+
+	<p class="comment" v-if="groups.length > 0">所有规则匹配顺序为从上到下，可以拖动左侧的<i class="icon bars"></i>排序。</p>
+
+</div>

web/views/@default/servers/server/settings/waf/groups.js

@@ -0,0 +1,68 @@
+Tea.context(function () {
+	// 排序
+	this.$delay(function () {
+		let that = this
+		sortTable(function () {
+			let groupIds = []
+			document.querySelectorAll("tbody[data-group-id]")
+				.forEach(function (v) {
+					groupIds.push(v.getAttribute("data-group-id"))
+				})
+
+			that.$post("/servers/components/waf/sortGroups")
+				.params({
+					firewallPolicyId: that.firewallPolicyId,
+					type: that.type,
+					groupIds: groupIds
+				})
+				.success(function () {
+					teaweb.successToast("排序保存成功")
+				})
+		})
+	})
+
+	// 启用
+	this.enableGroup = function (groupId) {
+		this.$post("/servers/components/waf/updateGroupOn")
+			.params({
+				groupId: groupId,
+				isOn: 1
+			})
+			.refresh()
+
+	}
+
+	// 停用
+	this.disableGroup = function (groupId) {
+		this.$post("/servers/components/waf/updateGroupOn")
+			.params({
+				groupId: groupId,
+				isOn: 0
+			})
+			.refresh()
+	}
+
+	// 删除
+	this.deleteGroup = function (groupId) {
+		teaweb.confirm("确定要删除此规则分组吗？", function () {
+			this.$post("/servers/components/waf/deleteGroup")
+				.params({
+					firewallPolicyId: this.firewallPolicyId,
+					groupId: groupId
+				})
+				.refresh()
+		})
+	}
+
+	// 添加分组
+	this.createGroup = function (type) {
+		teaweb.popup("/servers/components/waf/createGroupPopup?firewallPolicyId=" + this.firewallPolicyId + "&type=" + type, {
+			height: "16em",
+			callback: function () {
+				teaweb.success("保存成功", function () {
+					window.location.reload()
+				})
+			}
+		})
+	}
+})

web/views/@default/servers/server/settings/waf/index.html

@@ -2,6 +2,7 @@
 {$template "/left_menu"}
 
 <div class="right-box">
+    {$template "menu"}
     <form method="post" class="ui form" data-tea-action="$"  data-tea-success="success">
         <input type="hidden" name="webId" :value="webId"/>
         <http-firewall-config-box :v-firewall-config="firewallConfig" :v-firewall-policy="firewallPolicy"></http-firewall-config-box>

web/views/@default/servers/server/settings/waf/ipadmin/allowList.html

@@ -0,0 +1,46 @@
+{$layout}
+{$template "/left_menu"}
+
+<div class="right-box">
+    {$template "../menu"}
+
+    <div class="ui message warning" v-if="!featureIsOn">尚未为当前用户开通此功能。</div>
+
+    {$ if .featureIsOn}
+    <second-menu>
+        <menu-item @click.prevent="createIP('white')">添加IP</menu-item>
+        <span class="item">|</span>
+        <span class="item">ID: {{listId}} &nbsp; <tip-icon content="ID可以用于使用API操作此IP名单"></tip-icon></span>
+    </second-menu>
+
+    <p class="comment" v-if="items.length == 0">暂时还没有IP。</p>
+
+    <table class="ui table selectable celled" v-if="items.length > 0">
+        <thead>
+            <tr>
+                <th>IP</th>
+                <th>过期时间</th>
+                <th>备注</th>
+                <th class="two op">操作</th>
+            </tr>
+        </thead>
+        <tr v-for="item in items">
+            <td>{{item.ipFrom}}<span v-if="item.ipTo.length > 0"> - {{item.ipTo}}</span></td>
+            <td>
+                <span v-if="item.expiredTime.length > 0">{{item.expiredTime}}</span>
+                <span v-else class="disabled">不过期</span>
+            </td>
+            <td>
+                <span v-if="item.reason.length > 0">{{item.reason}}</span>
+                <span v-else class="disabled">-</span>
+            </td>
+            <td>
+                <a href="" @click.prevent="updateItem(item.id)">修改</a> &nbsp;
+                <a href="" @click.prevent="deleteItem(item.id)">删除</a>
+            </td>
+        </tr>
+    </table>
+
+    <div class="page" v-html="page"></div>
+    {$end}
+</div>

web/views/@default/servers/server/settings/waf/ipadmin/allowList.js

@@ -0,0 +1,36 @@
+Tea.context(function () {
+	this.updateItem = function (itemId) {
+		teaweb.popup(Tea.url(".updateIPPopup?listId=" + this.listId, {itemId: itemId}), {
+			height: "23em",
+			callback: function () {
+				teaweb.success("保存成功", function () {
+					teaweb.reload()
+				})
+			}
+		})
+	}
+
+	this.deleteItem = function (itemId) {
+		let that = this
+		teaweb.confirm("确定要删除这个IP吗？", function () {
+			that.$post(".deleteIP")
+				.params({
+					"listId": this.listId,
+					"itemId": itemId
+				})
+				.refresh()
+		})
+	}
+
+	/**
+	 * 添加IP名单菜单
+	 */
+	this.createIP = function (type) {
+		teaweb.popup("/servers/server/settings/waf/ipadmin/createIPPopup?listId=" + this.listId + '&type=' + type, {
+			height: "23em",
+			callback: function () {
+				window.location.reload()
+			}
+		})
+	}
+})

web/views/@default/servers/server/settings/waf/ipadmin/createIPPopup.html

@@ -0,0 +1,42 @@
+{$layout "layout_popup"}
+
+<h3 v-if="type == 'white'">添加IP到白名单</h3>
+<h3 v-if="type == 'black'">添加IP到黑名单</h3>
+
+<form method="post" class="ui form" data-tea-action="$" data-tea-success="success">
+	<input type="hidden" name="listId" :value="listId"/>
+	<csrf-token></csrf-token>
+	<table class="ui table definition selectable">
+		<tr>
+			<td class="title">开始IP *</td>
+			<td>
+				<input type="text" name="ipFrom" maxlength="64" placeholder="x.x.x.x" ref="focus"/>
+			</td>
+		</tr>
+		<tr>
+			<td>结束IP</td>
+			<td>
+				<input type="text" name="ipTo" maxlength="64" placeholder="x.x.x.x"/>
+				<p class="comment">表示IP段的时候需要填写此项。</p>
+			</td>
+		</tr>
+		<tr>
+			<td colspan="2"><more-options-indicator></more-options-indicator></td>
+		</tr>
+		<tbody v-show="moreOptionsVisible">
+			<tr>
+				<td>过期时间</td>
+				<td>
+					<datetime-input :v-name="'expiredAt'"></datetime-input>
+					<p class="comment">在加入名单某一段时间后会失效，留空表示永久有效。</p>
+				</td>
+			</tr>
+			<tr>
+				<td>备注</td>
+				<td><input type="text" name="reason" maxlength="100"/></td>
+			</tr>
+		</tbody>
+	</table>
+    <p class="comment">添加后将会在5分钟后生效。</p>
+	<submit-btn></submit-btn>
+</form>

web/views/@default/servers/server/settings/waf/ipadmin/denyList.html

@@ -0,0 +1,46 @@
+{$layout}
+{$template "/left_menu"}
+
+<div class="right-box">
+    {$template "../menu"}
+
+    <div class="ui message warning" v-if="!featureIsOn">尚未为当前用户开通此功能。</div>
+
+    {$ if .featureIsOn}
+    <second-menu>
+        <menu-item @click.prevent="createIP('white')">添加IP</menu-item>
+        <span class="item">|</span>
+        <span class="item">ID: {{listId}} &nbsp; <tip-icon content="ID可以用于使用API操作此IP名单"></tip-icon></span>
+    </second-menu>
+
+    <p class="comment" v-if="items.length == 0">暂时还没有IP。</p>
+
+    <table class="ui table selectable celled" v-if="items.length > 0">
+        <thead>
+            <tr>
+                <th>IP</th>
+                <th>过期时间</th>
+                <th>备注</th>
+                <th class="two op">操作</th>
+            </tr>
+        </thead>
+        <tr v-for="item in items">
+            <td>{{item.ipFrom}}<span v-if="item.ipTo.length > 0"> - {{item.ipTo}}</span></td>
+            <td>
+                <span v-if="item.expiredTime.length > 0">{{item.expiredTime}}</span>
+                <span v-else class="disabled">不过期</span>
+            </td>
+            <td>
+                <span v-if="item.reason.length > 0">{{item.reason}}</span>
+                <span v-else class="disabled">-</span>
+            </td>
+            <td>
+                <a href="" @click.prevent="updateItem(item.id)">修改</a> &nbsp;
+                <a href="" @click.prevent="deleteItem(item.id)">删除</a>
+            </td>
+        </tr>
+    </table>
+
+    <div class="page" v-html="page"></div>
+    {$end}
+</div>

web/views/@default/servers/server/settings/waf/ipadmin/denyList.js

@@ -0,0 +1,36 @@
+Tea.context(function () {
+	this.updateItem = function (itemId) {
+		teaweb.popup(Tea.url(".updateIPPopup?listId=" + this.listId, {itemId: itemId}), {
+			height: "23em",
+			callback: function () {
+				teaweb.success("保存成功", function () {
+					teaweb.reload()
+				})
+			}
+		})
+	}
+
+	this.deleteItem = function (itemId) {
+		let that = this
+		teaweb.confirm("确定要删除这个IP吗？", function () {
+			that.$post(".deleteIP")
+				.params({
+					"listId": this.listId,
+					"itemId": itemId
+				})
+				.refresh()
+		})
+	}
+
+	/**
+	 * 添加IP名单菜单
+	 */
+	this.createIP = function (type) {
+		teaweb.popup("/servers/server/settings/waf/ipadmin/createIPPopup?listId=" + this.listId + '&type=' + type, {
+			height: "23em",
+			callback: function () {
+				window.location.reload()
+			}
+		})
+	}
+})

web/views/@default/servers/server/settings/waf/ipadmin/index.css

@@ -0,0 +1,16 @@
+.region-letter-group .item {
+  padding-left: 1em !important;
+  padding-right: 1em !important;
+}
+.country-group {
+  padding-bottom: 1em;
+}
+.country-group .country-list .item {
+  float: left;
+  width: 12em;
+  margin-bottom: 0.5em;
+}
+.country-group .country-list .item .checkbox label {
+  font-size: 12px !important;
+}
+/*# sourceMappingURL=index.css.map */

web/views/@default/servers/server/settings/waf/ipadmin/index.css.map

@@ -0,0 +1 @@
+{"version":3,"sources":["index.less"],"names":[],"mappings":"AAAA,oBACC;EACC,4BAAA;EACA,6BAAA;;AAIF;EAaC,mBAAA;;AAbD,cACC,cACC;EACC,WAAA;EACA,WAAA;EACA,oBAAA;;AALH,cACC,cACC,MAKC,UAAU;EACT,0BAAA","file":"index.css"}

web/views/@default/servers/server/settings/waf/ipadmin/index.html

@@ -0,0 +1,51 @@
+{$layout}
+
+	{$template "../waf_menu"}
+	{$template "menu"}
+
+	<form method="post" class="ui form" data-tea-action="$" data-tea-success="success">
+		<input type="hidden" name="firewallPolicyId" :value="firewallPolicyId"/>
+		<table class="ui table selectable definition">
+			<tr>
+				<td class="title">已封禁</td>
+				<td>
+					<span v-if="countSelectedCountries == 0" class="disabled">暂时没有选择封禁区域。</span>
+					<div class="ui label tiny basic" v-for="country in countries" v-if="country.isChecked" style="margin-bottom: 0.5em">
+						<input type="hidden" name="countryIds" :value="country.id"/>
+						({{country.letter}}){{country.name}} <a href="" @click.prevent="deselectCountry(country)" title="取消封禁"><i class="icon remove"></i></a>
+					</div>
+				</td>
+			</tr>
+			<tr>
+				<td>选择封禁区域</td>
+				<td>
+					<more-options-indicator>选择区域</more-options-indicator>
+
+					<div class="ui menu tabular tiny region-letter-group" v-show="moreOptionsVisible">
+						<a href="" v-for="group in letterGroups" class="item" :class="{active: group == selectedGroup}" @click.prevent="selectGroup(group)">{{group}}</a>
+						<div class="item right">
+							<div class="ui checkbox" @click.prevent="checkAll">
+								<input type="checkbox" v-model="isCheckingAll"/>
+								<label>全选</label>
+							</div>
+						</div>
+					</div>
+					<div v-for="group in letterGroups"  v-show="moreOptionsVisible">
+						<div v-for="letter in group" v-if="letterCountries[letter] != null && group == selectedGroup" class="country-group">
+							<h4>{{letter}}</h4>
+							<div class="country-list">
+								<div class="item" v-for="country in letterCountries[letter]">
+									<div class="ui checkbox" @click.prevent="selectCountry(country)">
+										<input type="checkbox" v-model="country.isChecked"/>
+										<label>{{country.name}}</label>
+									</div>
+								</div>
+							</div>
+							<div class="clear"></div>
+						</div>
+					</div>
+				</td>
+			</tr>
+		</table>
+		<submit-btn></submit-btn>
+	</form>

web/views/@default/servers/server/settings/waf/ipadmin/index.js

@@ -0,0 +1,66 @@
+Tea.context(function () {
+	this.letterGroups = [
+		"ABC", "DEF", "GHI", "JKL", "MNO", "PQR", "STU", "VWX", "YZ"
+	];
+	this.selectedGroup = "ABC"
+	this.letterCountries = {}
+	let that = this
+	this.countSelectedCountries = this.countries.$count(function (k, country) {
+		return country.isChecked
+	})
+	this.countries.forEach(function (country) {
+		if (typeof (that.letterCountries[country.letter]) == "undefined") {
+			that.letterCountries[country.letter] = []
+		}
+		that.letterCountries[country.letter].push(country)
+	})
+	this.isCheckingAll = false
+
+	this.selectGroup = function (group) {
+		this.selectedGroup = group
+	}
+
+	this.selectCountry = function (country) {
+		country.isChecked = !country.isChecked
+		this.change()
+	}
+
+	this.deselectCountry = function (country) {
+		country.isChecked = false
+		this.change()
+	}
+
+	this.checkAll = function () {
+		this.isCheckingAll = !this.isCheckingAll
+
+		this.countries.forEach(function (country) {
+			country.isChecked = that.isCheckingAll
+		})
+
+		this.change()
+	}
+
+	this.success = function () {
+		teaweb.success("保存成功", function () {
+			teaweb.reload()
+		})
+	}
+
+	this.change = function () {
+		this.countSelectedCountries = this.countries.$count(function (k, country) {
+			return country.isChecked
+		})
+	}
+
+	/**
+	 * 添加IP名单菜单
+	 */
+	this.createIP = function (type) {
+		teaweb.popup("/servers/components/waf/ipadmin/createIPPopup?firewallPolicyId=" + this.firewallPolicyId + '&type=' + type, {
+			height: "23em",
+			callback: function () {
+				window.location = "/servers/components/waf/ipadmin/lists?firewallPolicyId=" + this.firewallPolicyId + "&type=" + type
+			}
+		})
+	}
+})

web/views/@default/servers/server/settings/waf/ipadmin/index.less

@@ -0,0 +1,22 @@
+.region-letter-group {
+	.item {
+		padding-left: 1em !important;
+		padding-right: 1em !important;
+	}
+}
+
+.country-group {
+	.country-list {
+		.item {
+			float: left;
+			width: 12em;
+			margin-bottom: 0.5em;
+
+			.checkbox label {
+				font-size: 12px !important;
+			}
+		}
+	}
+
+	padding-bottom: 1em;
+}

web/views/@default/servers/server/settings/waf/ipadmin/lists.js

@@ -0,0 +1,36 @@
+Tea.context(function () {
+	this.updateItem = function (itemId) {
+		teaweb.popup(Tea.url(".updateIPPopup?firewallPolicyId=" + this.firewallPolicyId, {itemId: itemId}), {
+			height: "23em",
+			callback: function () {
+				teaweb.success("保存成功", function () {
+					teaweb.reload()
+				})
+			}
+		})
+	}
+
+	this.deleteItem = function (itemId) {
+		let that = this
+		teaweb.confirm("确定要删除这个IP吗？", function () {
+			that.$post(".deleteIP")
+				.params({
+					"firewallPolicyId": this.firewallPolicyId,
+					"itemId": itemId
+				})
+				.refresh()
+		})
+	}
+
+	/**
+	 * 添加IP名单菜单
+	 */
+	this.createIP = function (type) {
+		teaweb.popup("/servers/components/waf/ipadmin/createIPPopup?firewallPolicyId=" + this.firewallPolicyId + '&type=' + type, {
+			height: "23em",
+			callback: function () {
+				window.location = "/servers/components/waf/ipadmin/lists?firewallPolicyId=" + this.firewallPolicyId + "&type=" + type
+			}
+		})
+	}
+})

web/views/@default/servers/server/settings/waf/ipadmin/provinces.css

@@ -0,0 +1,9 @@
+.province-list .item {
+  float: left;
+  width: 12em;
+  margin-bottom: 0.5em;
+}
+.province-list .item .checkbox label {
+  font-size: 12px !important;
+}
+/*# sourceMappingURL=provinces.css.map */

web/views/@default/servers/server/settings/waf/ipadmin/provinces.css.map

@@ -0,0 +1 @@
+{"version":3,"sources":["provinces.less"],"names":[],"mappings":"AAAA,cACC;EACC,WAAA;EACA,WAAA;EACA,oBAAA;;AAJF,cACC,MAKC,UAAU;EACT,0BAAA","file":"provinces.css"}

web/views/@default/servers/server/settings/waf/ipadmin/provinces.html

@@ -0,0 +1,46 @@
+{$layout}
+
+	{$template "../waf_menu"}
+	{$template "menu"}
+
+	<form method="post" class="ui form" data-tea-action="$" data-tea-success="success">
+		<input type="hidden" name="firewallPolicyId" :value="firewallPolicyId"/>
+		<table class="ui table selectable definition">
+			<tr>
+				<td class="title">已封禁</td>
+				<td>
+					<span v-if="countSelectedProvinces == 0" class="disabled">暂时没有选择封禁省份。</span>
+					<div class="ui label tiny basic" v-for="province in provinces" v-if="province.isChecked" style="margin-bottom: 0.5em">
+						<input type="hidden" name="provinceIds" :value="province.id"/>
+						{{province.name}} <a href="" @click.prevent="deselectProvince(province)" title="取消封禁"><i class="icon remove"></i></a>
+					</div>
+				</td>
+			</tr>
+			<tr>
+				<td>选择封禁区域</td>
+				<td>
+
+					<first-menu>
+						<menu-item><more-options-indicator>选择省份/自治区</more-options-indicator></menu-item>
+						<div class="item right" v-if="moreOptionsVisible">
+							<div class="ui checkbox" @click.prevent="checkAll">
+								<input type="checkbox" v-model="isCheckingAll"/>
+								<label>全选</label>
+							</div>
+						</div>
+					</first-menu>
+
+					<div class="province-list" v-show="moreOptionsVisible" style="margin-top:0.5em">
+						<div class="item" v-for="province in provinces">
+							<div class="ui checkbox" @click.prevent="selectProvince(province)">
+								<input type="checkbox" v-model="province.isChecked"/>
+								<label>{{province.name}}</label>
+							</div>
+						</div>
+					</div>
+					<div class="clear"></div>
+				</td>
+			</tr>
+		</table>
+		<submit-btn></submit-btn>
+	</form>

web/views/@default/servers/server/settings/waf/ipadmin/provinces.js

@@ -0,0 +1,52 @@
+Tea.context(function () {
+	this.isCheckingAll = false
+
+	this.countSelectedProvinces = this.provinces.$count(function (k, province) {
+		return province.isChecked
+	})
+
+	this.selectProvince = function (province) {
+		province.isChecked = !province.isChecked
+		this.change()
+	}
+
+	this.deselectProvince = function (province) {
+		province.isChecked = false
+		this.change()
+	}
+
+	this.checkAll = function () {
+		this.isCheckingAll = !this.isCheckingAll
+		let that = this
+		this.provinces.forEach(function (province) {
+			province.isChecked = that.isCheckingAll
+		})
+
+		this.change()
+	}
+
+	this.success = function () {
+		teaweb.success("保存成功", function () {
+			teaweb.reload()
+		})
+	}
+
+
+	this.change = function () {
+		this.countSelectedProvinces = this.provinces.$count(function (k, province) {
+			return province.isChecked
+		})
+	}
+
+	/**
+	 * 添加IP名单菜单
+	 */
+	this.createIP = function (type) {
+		teaweb.popup("/servers/components/waf/ipadmin/createIPPopup?firewallPolicyId=" + this.firewallPolicyId + '&type=' + type, {
+			height: "23em",
+			callback: function () {
+				window.location = "/servers/components/waf/ipadmin/lists?firewallPolicyId=" + this.firewallPolicyId + "&type=" + type
+			}
+		})
+	}
+})

web/views/@default/servers/server/settings/waf/ipadmin/provinces.less

@@ -0,0 +1,11 @@
+.province-list {
+	.item {
+		float: left;
+		width: 12em;
+		margin-bottom: 0.5em;
+
+		.checkbox label {
+			font-size: 12px !important;
+		}
+	}
+}

web/views/@default/servers/server/settings/waf/ipadmin/updateIPPopup.html

@@ -0,0 +1,40 @@
+{$layout "layout_popup"}
+
+<h3>修改IP</h3>
+
+<form method="post" class="ui form" data-tea-action="$" data-tea-success="success">
+	<input type="hidden" name="itemId" :value="item.id"/>
+	<csrf-token></csrf-token>
+	<table class="ui table definition selectable">
+		<tr>
+			<td class="title">开始IP *</td>
+			<td>
+				<input type="text" name="ipFrom" maxlength="64" placeholder="x.x.x.x" ref="focus" v-model="item.ipFrom"/>
+			</td>
+		</tr>
+		<tr>
+			<td>结束IP</td>
+			<td>
+				<input type="text" name="ipTo" maxlength="64" placeholder="x.x.x.x" v-model="item.ipTo"/>
+				<p class="comment">表示IP段的时候需要填写此项。</p>
+			</td>
+		</tr>
+		<tr>
+			<td colspan="2"><more-options-indicator></more-options-indicator></td>
+		</tr>
+		<tbody v-show="moreOptionsVisible">
+			<tr>
+				<td>过期时间</td>
+				<td>
+					<datetime-input :v-name="'expiredAt'" :v-timestamp="item.expiredAt"></datetime-input>
+					<p class="comment">在加入名单某一段时间后会失效，留空表示永久有效。</p>
+				</td>
+			</tr>
+			<tr>
+				<td>备注</td>
+				<td><input type="text" name="reason" maxlength="100" v-model="item.reason"/></td>
+			</tr>
+		</tbody>
+	</table>
+	<submit-btn></submit-btn>
+</form>

web/views/@default/settings/database/@menu.html

@@ -1,5 +1,9 @@
 <first-menu>
 	<menu-item href="/settings/database" code="index">详情</menu-item>
 	<menu-item href="/settings/database/update" code="update">修改</menu-item>
+    <menu-item href="/settings/database/clean" code="clean">手动清理</menu-item>
+    <menu-item href="/settings/database/cleanSetting" code="cleanSetting">自动清理设置</menu-item>
+    <span class="item">|</span>
+    <span class="item"><tip-icon content="在这里可以设置API节点可以使用的数据库，修改后请重新配置并启动API节点才能生效。"></tip-icon></span>
 </first-menu>
 <div class="margin"></div>

web/views/@default/settings/database/clean.html

@@ -0,0 +1,24 @@
+{$layout}
+{$template "menu"}
+
+<div class="ui message" v-if="isLoading">正在加载中...</div>
+
+<table class="ui table selectable">
+    <thead>
+        <tr>
+            <th>表名</th>
+            <th>占用空间</th>
+            <th>用途</th>
+            <th class="two op">操作</th>
+        </tr>
+    </thead>
+    <tr v-for="table in tables">
+        <td>{{table.name}}</td>
+        <td>{{table.size}}</td>
+        <td>{{table.comment}}</td>
+        <td>
+            <a href="" v-if="table.canDelete" @click.prevent="deleteTable(table.name)">删除</a><span v-if="table.canDelete"> &nbsp;</span>
+            <a href="" v-if="table.canClean" @click.prevent="truncateTable(table.name)">清空</a>
+        </td>
+    </tr>
+</table>

web/views/@default/settings/database/clean.js

@@ -0,0 +1,49 @@
+Tea.context(function () {
+    this.tables = []
+    this.isLoading = true
+
+    this.$delay(function () {
+        this.reload()
+    })
+
+    this.reload = function () {
+        this.isLoading = true
+        this.$post("$")
+            .success(function (resp) {
+                this.tables = resp.data.tables;
+            })
+            .done(function () {
+                this.isLoading = false
+            })
+    }
+
+    this.deleteTable = function (tableName) {
+        let that = this
+        teaweb.confirm("html:确定要删除此数据表吗？<br/>删除后数据不能恢复！", function () {
+            that.$post(".deleteTable")
+                .params({
+                    table: tableName
+                })
+                .success(function () {
+                    teaweb.success("操作成功", function () {
+                        that.reload()
+                    })
+                })
+        })
+    }
+
+    this.truncateTable = function (tableName) {
+        let that = this
+        teaweb.confirm("html:确定要清空此数据表吗？<br/>清空后数据不能恢复！", function () {
+            that.$post(".truncateTable")
+                .params({
+                    table: tableName
+                })
+                .success(function () {
+                    teaweb.success("操作成功", function () {
+                        that.reload()
+                    })
+                })
+        })
+    }
+})

web/views/@default/settings/database/cleanSetting.html

@@ -0,0 +1,21 @@
+{$layout}
+{$template "menu"}
+
+<form class="ui form" data-tea-success="success" data-tea-action="$">
+    <csrf-token></csrf-token>
+
+    <h4 style="margin-top: 0">服务访问日志</h4>
+    <table class="ui table definition selectable">
+        <tr>
+            <td class="title">保存天数 *</td>
+            <td>
+                <div class="ui input right labeled">
+                    <input type="text" name="days" v-model="config.days" style="width:6em" maxlength="6"/>
+                    <span class="ui label">天</span>
+                </div>
+                <p class="comment">天数包括当天。如果填0表示不自动清理。此设置也会同时作用于日志数据库。</p>
+            </td>
+        </tr>
+    </table>
+    <submit-btn></submit-btn>
+</form>

web/views/@default/settings/database/cleanSetting.js

@@ -0,0 +1,3 @@
+Tea.context(function () {
+    this.success = NotifyReloadSuccess("保存成功")
+})

web/views/@default/settings/database/index.html

@@ -32,7 +32,3 @@
 		</tr>
 	</table>
 </div>
-
-<div class="ui message tiny">
-	<p>在这里可以设置API节点可以使用的数据库。</p>
-</div>

web/views/@default/settings/user-nodes/index.html

@@ -11,7 +11,10 @@
 		<tr>
 			<th>节点名称</th>
 			<th>访问地址</th>
-			<th class="center width10">状态</th>
+            <th class="width6 center">版本号</th>
+            <th class="width5 center">CPU</th>
+            <th class="width5 center">内存</th>
+            <th class="center width10">状态</th>
 			<th class="two op">操作</th>
 		</tr>
 	</thead>
@@ -22,9 +25,26 @@
 				<span class="ui label tiny basic" v-for="addr in node.accessAddrs">{{addr}}</span>
 			</div>
 		</td>
-		<td class="center">
-			<label-on :v-is-on="node.isOn"></label-on>
-		</td>
+        <td class="center">
+            <span v-if="node.status.buildVersion.length > 0">v{{node.status.buildVersion}}</span>
+            <span v-else class="disabled">-</span>
+        </td>
+        <td class="center">
+            <span v-if="node.status.isActive" :class="{red:node.status.cpuUsage > 0.80}">{{node.status.cpuUsageText}}</span>
+            <span v-else class="disabled">-</span>
+        </td>
+        <td class="center">
+            <span v-if="node.status.isActive" :class="{red:node.status.memUsage > 0.80}">{{node.status.memUsageText}}</span>
+            <span v-else class="disabled">-</span>
+        </td>
+        <td class="center">
+            <span v-if="!node.isOn"><label-on :v-is-on="node.isOn"></label-on></span>
+            <div v-else-if="node.status.isActive">
+                <span class="green">运行中</span>
+            </div>
+            <span v-else-if="node.status.updatedAt > 0" class="red">已断开</span>
+            <span v-else-if="node.status.updatedAt == 0" class="red">未连接</span>
+        </td>
 		<td>
 			<a :href="'/settings/userNodes/node?nodeId=' + node.id">详情</a> &nbsp;
 			<a href="" @click.prevent="deleteNode(node.id)">删除</a>