github.com/TeaOSLab/EdgeNode@v1.3.8/internal/waf/action_get_302.go

github.com/TeaOSLab/EdgeNode@v1.3.8/internal/waf/action_get_302.go (about)

     1  package waf
     2  
     3  import (
     4  	"github.com/TeaOSLab/EdgeNode/internal/remotelogs"
     5  	"github.com/TeaOSLab/EdgeNode/internal/utils"
     6  	"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
     7  	"github.com/iwind/TeaGo/types"
     8  	"net/http"
     9  	"net/url"
    10  	"time"
    11  )
    12  
    13  const (
    14  	Get302Path = "/WAF/VERIFY/GET"
    15  )
    16  
    17  // Get302Action
    18  // 原理：  origin url --> 302 verify url --> origin url
    19  // TODO 将来支持meta refresh验证
    20  type Get302Action struct {
    21  	BaseAction
    22  
    23  	Life  int32  `yaml:"life" json:"life"`
    24  	Scope string `yaml:"scope" json:"scope"`
    25  }
    26  
    27  func (this *Get302Action) Init(waf *WAF) error {
    28  	return nil
    29  }
    30  
    31  func (this *Get302Action) Code() string {
    32  	return ActionGet302
    33  }
    34  
    35  func (this *Get302Action) IsAttack() bool {
    36  	return false
    37  }
    38  
    39  func (this *Get302Action) WillChange() bool {
    40  	return true
    41  }
    42  
    43  func (this *Get302Action) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) PerformResult {
    44  	// 仅限于Get
    45  	if request.WAFRaw().Method != http.MethodGet {
    46  		return PerformResult{
    47  			ContinueRequest: true,
    48  		}
    49  	}
    50  
    51  	// 是否已经在白名单中
    52  	if SharedIPWhiteList.Contains("set:"+types.String(set.Id), this.Scope, request.WAFServerId(), request.WAFRemoteIP()) {
    53  		return PerformResult{
    54  			ContinueRequest: true,
    55  		}
    56  	}
    57  
    58  	var m = InfoArg{
    59  		URL:              request.WAFRaw().URL.String(),
    60  		Timestamp:        time.Now().Unix(),
    61  		Life:             this.Life,
    62  		Scope:            this.Scope,
    63  		PolicyId:         waf.Id,
    64  		GroupId:          group.Id,
    65  		SetId:            set.Id,
    66  		UseLocalFirewall: false,
    67  	}
    68  	info, err := utils.SimpleEncryptObject(m)
    69  	if err != nil {
    70  		remotelogs.Error("WAF_GET_302_ACTION", "encode info failed: "+err.Error())
    71  		return PerformResult{
    72  			ContinueRequest: true,
    73  		}
    74  	}
    75  
    76  	request.DisableStat()
    77  	request.ProcessResponseHeaders(writer.Header(), http.StatusFound)
    78  	http.Redirect(writer, request.WAFRaw(), Get302Path+"?info="+url.QueryEscape(info), http.StatusFound)
    79  
    80  	flusher, ok := writer.(http.Flusher)
    81  	if ok {
    82  		flusher.Flush()
    83  	}
    84  
    85  	return PerformResult{}
    86  }