switch to runtime check

2025-02-02 01:28:13 -05:00 · 2024-12-21 23:18:43 +08:00 · 2024-12-21 23:18:43 +08:00 · 18513110cf
commit 18513110cf
parent 48c8ebc1e1
5 changed files with 34 additions and 67 deletions
--- a/cmd/dashboard/controller/alertrule.go
+++ b/cmd/dashboard/controller/alertrule.go
@ -62,7 +62,7 @@ func createAlertRule(c *gin.Context) (uint64, error) {
 	r.TriggerMode = arf.TriggerMode
 	r.Enable = &enable
-	if err := validateRule(c, &r); err != nil {
+	if err := validateRule(&r); err != nil {
 		return 0, err
 	}
@ -116,7 +116,7 @@ func updateAlertRule(c *gin.Context) (any, error) {
 	r.TriggerMode = arf.TriggerMode
 	r.Enable = &enable
-	if err := validateRule(c, &r); err != nil {
+	if err := validateRule(&r); err != nil {
 		return 0, err
 	}
@ -164,34 +164,9 @@ func batchDeleteAlertRule(c *gin.Context) (any, error) {
 	return nil, nil
 }
-func validateRule(c *gin.Context, r *model.AlertRule) error {
+func validateRule(r *model.AlertRule) error {
 	if len(r.Rules) > 0 {
 		for _, rule := range r.Rules {
 			singleton.ServerLock.RLock()
 			isCoverAll := rule.Cover == model.RuleCoverAll
 			isCoverIgnoreAll := rule.Cover == model.RuleCoverIgnoreAll
 			for s, enabled := range rule.Ignore {
 				if isCoverAll {
 					for id, server := range singleton.ServerList {
 						if enabled && id == s {
 							continue
 						}
 						if !server.HasPermission(c) {
 							singleton.ServerLock.RUnlock()
 							return singleton.Localizer.ErrorT("permission denied")
 						}
 					}
 				} else if isCoverIgnoreAll && enabled {
 					if server, ok := singleton.ServerList[s]; ok {
 						if !server.HasPermission(c) {
 							singleton.ServerLock.RUnlock()
 							return singleton.Localizer.ErrorT("permission denied")
 						}
 					}
 				}
 			}
 			singleton.ServerLock.RUnlock()
 			if !rule.IsTransferDurationRule() {
 				if rule.Duration < 3 {
 					return singleton.Localizer.ErrorT("duration need to be at least 3")
--- a/cmd/dashboard/controller/service.go
+++ b/cmd/dashboard/controller/service.go
@ -210,10 +210,6 @@ func createService(c *gin.Context) (uint64, error) {
 	m.RecoverTriggerTasks = mf.RecoverTriggerTasks
 	m.FailTriggerTasks = mf.FailTriggerTasks
 	if err := validateServers(c, &m); err != nil {
 		return 0, err
 	}
 	if err := singleton.DB.Create(&m).Error; err != nil {
 		return 0, newGormError("%v", err)
 	}
@ -355,32 +351,3 @@ func batchDeleteService(c *gin.Context) (any, error) {
 	singleton.ServiceSentinelShared.UpdateServiceList()
 	return nil, nil
 }
 func validateServers(c *gin.Context, ss *model.Service) error {
 	singleton.ServerLock.RLock()
 	defer singleton.ServerLock.RUnlock()
 	isCoverAll := ss.Cover == model.ServiceCoverAll
 	isCoverIgnoreAll := ss.Cover == model.ServiceCoverIgnoreAll
 	for s, enabled := range ss.SkipServers {
 		if isCoverAll {
 			for id, server := range singleton.ServerList {
 				if enabled && id == s {
 					continue
 				}
 				if !server.HasPermission(c) {
 					return singleton.Localizer.ErrorT("permission denied")
 				}
 			}
 		} else if isCoverIgnoreAll && enabled {
 			if server, ok := singleton.ServerList[s]; ok {
 				if !server.HasPermission(c) {
 					return singleton.Localizer.ErrorT("permission denied")
 				}
 			}
 		}
 	}
 	return nil
 }
--- a/cmd/dashboard/controller/waf.go
+++ b/cmd/dashboard/controller/waf.go
@ -18,7 +18,7 @@ import (
 // @Param limit query uint false "Page limit"
 // @Param offset query uint false "Page offset"
 // @Produce json
-// @Success 200 {object} model.CommonResponse[[]model.WAFApiMock]
+// @Success 200 {object} model.PaginatedResponse[[]model.WAFApiMock, model.WAFApiMock]
 // @Router /waf [get]
 func listBlockedAddress(c *gin.Context) (*model.Value[[]*model.WAF], error) {
 	limit, err := strconv.Atoi(c.Query("limit"))
--- a/cmd/dashboard/rpc/rpc.go
+++ b/cmd/dashboard/rpc/rpc.go
@ -100,12 +100,28 @@ func DispatchTask(serviceSentinelDispatchBus <-chan model.Service) {
 				continue
 			}
 			if task.Cover == model.ServiceCoverIgnoreAll && task.SkipServers[singleton.SortedServerList[workedServerIndex].ID] {
 				var role uint8 = model.RoleMember
 				server := singleton.SortedServerList[workedServerIndex]
 				if err := singleton.DB.Model(&model.User{}).Select("role").Where("id = ?", task.UserID).Limit(1).Scan(&role).Error; err != nil {
 					workedServerIndex++
 					continue
 				}
 				if task.UserID == server.UserID || role == model.RoleAdmin {
 					singleton.SortedServerList[workedServerIndex].TaskStream.Send(task.PB())
 				}
 				workedServerIndex++
 				continue
 			}
 			if task.Cover == model.ServiceCoverAll && !task.SkipServers[singleton.SortedServerList[workedServerIndex].ID] {
 				var role uint8 = model.RoleMember
 				server := singleton.SortedServerList[workedServerIndex]
 				if err := singleton.DB.Model(&model.User{}).Select("role").Where("id = ?", task.UserID).Limit(1).Scan(&role).Error; err != nil {
 					workedServerIndex++
 					continue
 				}
 				if task.UserID == server.UserID || role == model.RoleAdmin {
 					singleton.SortedServerList[workedServerIndex].TaskStream.Send(task.PB())
 				}
 				workedServerIndex++
 				continue
 			}
--- a/model/alertrule.go
+++ b/model/alertrule.go
@ -63,9 +63,18 @@ func (r *AlertRule) Enabled() bool {
 // Snapshot 对传入的Server进行该报警规则下所有type的检查 返回每项检查结果
 func (r *AlertRule) Snapshot(cycleTransferStats *CycleTransferStats, server *Server, db *gorm.DB) []bool {
-	point := make([]bool, 0, len(r.Rules))
+	point := make([]bool, len(r.Rules))
-	for _, rule := range r.Rules {
+
-		point = append(point, rule.Snapshot(cycleTransferStats, server, db))
+	var role uint8 = RoleMember
 	if err := db.Model(&User{}).Select("role").Where("id = ?", r.UserID).Limit(1).Scan(&role).Error; err != nil {
 		return point
 	}
 	if r.UserID != server.UserID && role != RoleAdmin {
 		return point
 	}
 	for i, rule := range r.Rules {
 		point[i] = rule.Snapshot(cycleTransferStats, server, db)
 	}
 	return point
 }