b8788c239e
MCP Docker / build-and-push (push) Has been cancelled
- Remove telemetry: disabled all phone-home (installation notify, false positives, behavior tracking, upgrade tips) - Version branding: removed 'ce-' prefix, product name changed to '长亭雷池 WAF' - Detection engine enhancement: strict preset enables all 17 modules with aggressive configs - Multi-user RBAC: admin/operator/viewer roles with password + TOTP 2FA - Rate limiting: nginx limit_req per website (RPS, burst, action) - JS Challenge: browser fingerprint verification page with cookie-based bypass - Security fixes: removed InsecureSkipVerify, hardcoded credentials, NO_AUTH backdoor
122 lines
3.0 KiB
Go
122 lines
3.0 KiB
Go
package api
|
|
|
|
import (
|
|
"net/http"
|
|
"strconv"
|
|
"strings"
|
|
|
|
"chaitin.cn/dev/go/errors"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
|
|
"chaitin.cn/patronus/safeline-2/management/webserver/api/response"
|
|
"chaitin.cn/patronus/safeline-2/management/webserver/model"
|
|
"chaitin.cn/patronus/safeline-2/management/webserver/pkg/database"
|
|
)
|
|
|
|
type (
|
|
GetDetectLogDetailRequest struct {
|
|
EventId string `json:"event_id" form:"event_id"`
|
|
}
|
|
|
|
PostFalsePositivesRequest struct {
|
|
EventId string `json:"event_id"`
|
|
}
|
|
)
|
|
|
|
func getDetectLog(eventId string) (*model.DetectLog, error) {
|
|
db := database.GetDB()
|
|
var detectLogBasic model.DetectLogBasic
|
|
res := db.Where(&model.DetectLogBasic{EventId: eventId}).First(&detectLogBasic)
|
|
if res.RowsAffected == 0 {
|
|
return nil, errors.New("Data queried does not exist")
|
|
}
|
|
|
|
var detectLogDetail model.DetectLogDetail
|
|
db.Where(&model.DetectLogDetail{EventId: eventId}).First(&detectLogDetail)
|
|
|
|
detectLog, err := model.TransformDetectLog(&detectLogBasic, &detectLogDetail)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return detectLog, nil
|
|
}
|
|
|
|
func GetDetectLogList(c *gin.Context) {
|
|
var params pageRequest
|
|
if err := c.BindQuery(¶ms); err != nil {
|
|
logger.Error(err)
|
|
response.Error(c, response.ErrorParamNotOK, http.StatusInternalServerError)
|
|
return
|
|
}
|
|
db := database.GetDB()
|
|
|
|
tx := db.Where("")
|
|
// 按 ip 搜索条件
|
|
if ip := c.Query("ip"); ip != "" {
|
|
tx = tx.Where("src_ip = ?", ip)
|
|
}
|
|
// 按 url 搜索条件
|
|
if url := c.Query("url"); url != "" {
|
|
tx = tx.Where("url_path like ?", "%"+url+"%")
|
|
}
|
|
// 按 type 搜索条件
|
|
if at := c.Query("attack_type"); at != "" {
|
|
ns := make([]int, 0)
|
|
for _, s := range strings.Split(at, ",") {
|
|
n, err := strconv.Atoi(s)
|
|
if err == nil {
|
|
ns = append(ns, n)
|
|
}
|
|
}
|
|
tx = tx.Where("attack_type in (?)", ns)
|
|
}
|
|
|
|
var total int64
|
|
tx.Model(&model.DetectLogBasic{}).Count(&total)
|
|
|
|
var basicList []model.DetectLogBasic
|
|
tx.Limit(params.PageSize).Offset(params.PageSize * (params.Page - 1)).Order("id desc").Find(&basicList)
|
|
var dLogList []*model.DetectLog
|
|
for _, basic := range basicList {
|
|
dLog, err := model.TransformDetectLog(&basic, nil)
|
|
if err != nil {
|
|
logger.Warn(err)
|
|
continue
|
|
}
|
|
dLogList = append(dLogList, dLog)
|
|
}
|
|
response.Success(c, gin.H{"data": dLogList, "total": total})
|
|
}
|
|
|
|
func GetDetectLogDetail(c *gin.Context) {
|
|
var params GetDetectLogDetailRequest
|
|
if err := c.BindQuery(¶ms); err != nil {
|
|
logger.Error(err)
|
|
response.Error(c, response.ErrorParamNotOK, http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
detectLog, err := getDetectLog(params.EventId)
|
|
if err != nil {
|
|
logger.Error(err)
|
|
response.Error(c, response.ErrorDataNotExist, http.StatusNotFound)
|
|
return
|
|
}
|
|
|
|
response.Success(c, detectLog)
|
|
}
|
|
|
|
func PostFalsePositives(c *gin.Context) {
|
|
var params PostFalsePositivesRequest
|
|
if err := c.BindJSON(¶ms); err != nil {
|
|
logger.Error(err)
|
|
response.Error(c, response.ErrorParamNotOK, http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
// Telemetry reporting removed - just return success
|
|
response.Success(c, nil)
|
|
}
|