Merge pull request #2552 from actiontech/white-black-list-impl

新增黑名单,优化白名单

Author: winfredLIN

sqle/api/controller/v1/audit_plan.go

@@ -6,9 +6,7 @@ import (
 	"encoding/csv"
 	"fmt"
 	"mime"
-	"net"
 	"net/http"
-	"regexp"
 	"strconv"
 	"strings"
 	"time"
@@ -849,93 +847,6 @@ func GetAuditPlanReport(c echo.Context) error {
 	})
 }
 
-func filterSQLsByBlackList(sqls []*AuditPlanSQLReqV1, blackList []*model.BlackListAuditPlanSQL) []*AuditPlanSQLReqV1 {
-	if len(blackList) == 0 {
-		return sqls
-	}
-	filteredSQLs := []*AuditPlanSQLReqV1{}
-	filter := ConvertToBlackFilter(blackList)
-	for _, sql := range sqls {
-		if filter.HasEndpointInBlackList([]string{sql.Endpoint}) || filter.IsSqlInBlackList(sql.LastReceiveText) {
-			continue
-		}
-		filteredSQLs = append(filteredSQLs, sql)
-	}
-	return filteredSQLs
-}
-
-func ConvertToBlackFilter(blackList []*model.BlackListAuditPlanSQL) *BlackFilter {
-	var blackFilter BlackFilter
-	for _, filter := range blackList {
-		switch filter.FilterType {
-		case model.FilterTypeSQL:
-			blackFilter.BlackSqlList = append(blackFilter.BlackSqlList, utils.FullFuzzySearchRegexp(filter.FilterContent))
-		case model.FilterTypeHost:
-			blackFilter.BlackHostList = append(blackFilter.BlackHostList, utils.FullFuzzySearchRegexp(filter.FilterContent))
-		case model.FilterTypeIP:
-			ip := net.ParseIP(filter.FilterContent)
-			if ip == nil {
-				log.Logger().Errorf("wrong ip in black list,ip:%s", filter.FilterContent)
-				continue
-			}
-			blackFilter.BlackIpList = append(blackFilter.BlackIpList, ip)
-		case model.FilterTypeCIDR:
-			_, cidr, err := net.ParseCIDR(filter.FilterContent)
-			if err != nil {
-				log.Logger().Errorf("wrong cidr in black list,cidr:%s,err:%v", filter.FilterContent, err)
-				continue
-			}
-			blackFilter.BlackCidrList = append(blackFilter.BlackCidrList, cidr)
-		}
-	}
-	return &blackFilter
-}
-
-// 构造BlackFilter的目的是缓存黑名单中需要使用的结构体，在每个循环中复用
-type BlackFilter struct {
-	BlackSqlList  []*regexp.Regexp //更换正则匹配提高效率
-	BlackIpList   []net.IP
-	BlackHostList []*regexp.Regexp
-	BlackCidrList []*net.IPNet
-}
-
-func (f BlackFilter) IsSqlInBlackList(checkSql string) bool {
-	for _, blackSql := range f.BlackSqlList {
-		if blackSql.MatchString(checkSql) {
-			return true
-		}
-	}
-	return false
-}
-
-// 输入一组ip若其中有一个ip在黑名单中则返回true
-func (f BlackFilter) HasEndpointInBlackList(checkIps []string) bool {
-	var checkNetIp net.IP
-	for _, checkIp := range checkIps {
-		checkNetIp = net.ParseIP(checkIp)
-		if checkNetIp == nil {
-			// 无法解析IP，可能是域名，需要正则匹配
-			for _, blackHost := range f.BlackHostList {
-				if blackHost.MatchString(checkIp) {
-					return true
-				}
-			}
-		} else {
-			for _, blackIp := range f.BlackIpList {
-				if blackIp.Equal(checkNetIp) {
-					return true
-				}
-			}
-			for _, blackCidr := range f.BlackCidrList {
-				if blackCidr.Contains(checkNetIp) {
-					return true
-				}
-			}
-		}
-	}
-	return false
-}
-
 type FullSyncAuditPlanSQLsReqV1 struct {
 	SQLs []*AuditPlanSQLReqV1 `json:"audit_plan_sql_list" form:"audit_plan_sql_list" valid:"dive"`
 }
@@ -989,13 +900,7 @@ func FullSyncAuditPlanSQLs(c echo.Context) error {
 
 	l := log.NewEntry()
 	reqSQLs := req.SQLs
-	blackList, err := s.GetBlackListAuditPlanSQLs()
-	if err == nil {
-		reqSQLs = filterSQLsByBlackList(reqSQLs, blackList)
-	} else {
-		l.Warnf("blacklist is not used, err:%v", err)
-	}
-	if len(reqSQLs) == 0 {
+	if len(req.SQLs) == 0 {
 		return controller.JSONBaseErrorReq(c, nil)
 	}
 	sqls, err := convertToModelAuditPlanSQL(c, ap, reqSQLs)
@@ -1045,12 +950,6 @@ func PartialSyncAuditPlanSQLs(c echo.Context) error {
 
 	l := log.NewEntry()
 	reqSQLs := req.SQLs
-	blackList, err := s.GetBlackListAuditPlanSQLs()
-	if err == nil {
-		reqSQLs = filterSQLsByBlackList(reqSQLs, blackList)
-	} else {
-		l.Warnf("blacklist is not used, err:%v", err)
-	}
 	if len(reqSQLs) == 0 {
 		return controller.JSONBaseErrorReq(c, nil)
 	}

sqle/api/controller/v1/blacklist.go

@@ -1,9 +1,15 @@
 package v1
 
 import (
+	"context"
+	"fmt"
+	"net/http"
 	"time"
 
 	"github.com/actiontech/sqle/sqle/api/controller"
+	"github.com/actiontech/sqle/sqle/dms"
+	"github.com/actiontech/sqle/sqle/errors"
+	"github.com/actiontech/sqle/sqle/model"
 	"github.com/labstack/echo/v4"
 )
 
@@ -25,7 +31,27 @@ type CreateBlacklistReqV1 struct {
 // @Success 200 {object} controller.BaseRes
 // @router /v1/projects/{project_name}/blacklist [post]
 func CreateBlacklist(c echo.Context) error {
-	return nil
+	req := new(CreateBlacklistReqV1)
+	if err := controller.BindAndValidateReq(c, req); err != nil {
+		return controller.JSONBaseErrorReq(c, err)
+	}
+
+	projectUid, err := dms.GetPorjectUIDByName(context.TODO(), c.Param("project_name"), true)
+	if err != nil {
+		return controller.JSONBaseErrorReq(c, err)
+	}
+	s := model.GetStorage()
+	err = s.Save(&model.BlackListAuditPlanSQL{
+		ProjectId:     model.ProjectUID(projectUid),
+		FilterType:    model.BlacklistFilterType(req.Type),
+		FilterContent: req.Content,
+		Desc:          req.Desc,
+	})
+	if err != nil {
+		return controller.JSONBaseErrorReq(c, err)
+	}
+
+	return c.JSON(http.StatusOK, controller.NewBaseReq(nil))
 }
 
 // DeleteBlacklist
@@ -38,7 +64,28 @@ func CreateBlacklist(c echo.Context) error {
 // @Success 200 {object} controller.BaseRes
 // @router /v1/projects/{project_name}/blacklist/{blacklist_id}/ [delete]
 func DeleteBlacklist(c echo.Context) error {
-	return nil
+	blacklistId := c.Param("blacklist_id")
+
+	projectUid, err := dms.GetPorjectUIDByName(context.TODO(), c.Param("project_name"))
+	if err != nil {
+		return controller.JSONBaseErrorReq(c, err)
+	}
+
+	s := model.GetStorage()
+	blacklist, exist, err := s.GetBlacklistByID(model.ProjectUID(projectUid), blacklistId)
+	if err != nil {
+		return controller.JSONBaseErrorReq(c, err)
+	}
+	if !exist {
+		return controller.JSONBaseErrorReq(c, errors.New(errors.DataNotExist,
+			fmt.Errorf("blacklist is not exist")))
+	}
+
+	if err := s.Delete(blacklist); err != nil {
+		return controller.JSONBaseErrorReq(c, err)
+	}
+
+	return c.JSON(http.StatusOK, controller.NewBaseReq(nil))
 }
 
 type UpdateBlacklistReqV1 struct {
@@ -60,7 +107,43 @@ type UpdateBlacklistReqV1 struct {
 // @Success 200 {object} controller.BaseRes
 // @router /v1/projects/{project_name}/blacklist/{blacklist_id}/ [patch]
 func UpdateBlacklist(c echo.Context) error {
-	return nil
+	req := new(UpdateBlacklistReqV1)
+	if err := controller.BindAndValidateReq(c, req); err != nil {
+		return controller.JSONBaseErrorReq(c, err)
+	}
+
+	blacklistId := c.Param("blacklist_id")
+	projectUid, err := dms.GetPorjectUIDByName(context.TODO(), c.Param("project_name"))
+	if err != nil {
+		return controller.JSONBaseErrorReq(c, err)
+	}
+
+	s := model.GetStorage()
+	blacklist, exist, err := s.GetBlacklistByID(model.ProjectUID(projectUid), blacklistId)
+	if err != nil {
+		return controller.JSONBaseErrorReq(c, err)
+	}
+	if !exist {
+		return controller.JSONBaseErrorReq(c, errors.New(errors.DataNotExist,
+			fmt.Errorf("blacklist is not exist")))
+	}
+
+	if req.Content != nil {
+		blacklist.FilterContent = *req.Content
+	}
+	if req.Type != nil {
+		blacklist.FilterType = model.BlacklistFilterType(*req.Type)
+	}
+	if req.Desc != nil {
+		blacklist.Desc = *req.Desc
+	}
+
+	err = s.Save(blacklist)
+	if err != nil {
+		return controller.JSONBaseErrorReq(c, err)
+	}
+
+	return c.JSON(http.StatusOK, controller.NewBaseReq(nil))
 }
 
 type GetBlacklistReqV1 struct {
@@ -99,5 +182,37 @@ type BlacklistResV1 struct {
 // @Success 200 {object} v1.GetBlacklistResV1
 // @router /v1/projects/{project_name}/blacklist [get]
 func GetBlacklist(c echo.Context) error {
-	return nil
+	req := new(GetBlacklistReqV1)
+	if err := controller.BindAndValidateReq(c, req); err != nil {
+		return controller.JSONBaseErrorReq(c, err)
+	}
+
+	projectUid, err := dms.GetPorjectUIDByName(context.TODO(), c.Param("project_name"))
+	if err != nil {
+		return controller.JSONBaseErrorReq(c, err)
+	}
+
+	s := model.GetStorage()
+	blacklistList, count, err := s.GetBlacklistList(model.ProjectUID(projectUid), model.BlacklistFilterType(req.FilterType), req.FuzzySearchContent, req.PageIndex, req.PageSize)
+	if err != nil {
+		return controller.JSONBaseErrorReq(c, err)
+	}
+
+	res := make([]*BlacklistResV1, 0, len(blacklistList))
+	for _, blacklist := range blacklistList {
+		res = append(res, &BlacklistResV1{
+			BlacklistID:   blacklist.ID,
+			Content:       blacklist.FilterContent,
+			Desc:          blacklist.Desc,
+			Type:          string(blacklist.FilterType),
+			MatchedCount:  blacklist.MatchedCount,
+			LastMatchTime: blacklist.LastMatchTime,
+		})
+	}
+
+	return c.JSON(http.StatusOK, &GetBlacklistResV1{
+		BaseRes:   controller.NewBaseReq(nil),
+		Data:      res,
+		TotalNums: count,
+	})
 }

sqle/api/controller/v1/sql_whitelist.go

@@ -153,10 +153,10 @@ func DeleteAuditWhitelistById(c echo.Context) error {
 }
 
 type GetAuditWhitelistReqV1 struct {
-	FuzzySearchValue string `json:"fuzzy_value" query:"fuzzy_value" valid:"omitempty"`
-	FilterMatchType  string `json:"filter_match_type" query:"filter_match_type" valid:"omitempty,oneof=exact_match fp_match" enums:"exact_match,fp_match"`
-	PageIndex        uint32 `json:"page_index" query:"page_index" valid:"required"`
-	PageSize         uint32 `json:"page_size" query:"page_size" valid:"required"`
+	FuzzySearchValue *string `json:"fuzzy_value" query:"fuzzy_value" valid:"omitempty"`
+	FilterMatchType  *string `json:"filter_match_type" query:"filter_match_type" valid:"omitempty,oneof=exact_match fp_match" enums:"exact_match,fp_match"`
+	PageIndex        uint32  `json:"page_index" query:"page_index" valid:"required"`
+	PageSize         uint32  `json:"page_size" query:"page_size" valid:"required"`
 }
 
 type GetAuditWhitelistResV1 struct {
@@ -197,17 +197,19 @@ func GetSqlWhitelist(c echo.Context) error {
 	}
 
 	s := model.GetStorage()
-	sqlWhitelist, count, err := s.GetSqlWhitelistByProjectUID(req.PageIndex, req.PageSize, model.ProjectUID(projectUid))
+	sqlWhitelist, count, err := s.GetSqlWhitelistByProjectUID(req.PageIndex, req.PageSize, model.ProjectUID(projectUid), req.FuzzySearchValue, req.FilterMatchType)
 	if err != nil {
 		return controller.JSONBaseErrorReq(c, err)
 	}
 	whitelistRes := make([]*AuditWhitelistResV1, 0, len(sqlWhitelist))
 	for _, v := range sqlWhitelist {
 		whitelistRes = append(whitelistRes, &AuditWhitelistResV1{
-			Id:        v.ID,
-			Value:     v.Value,
-			Desc:      v.Desc,
-			MatchType: v.MatchType,
+			Id:            v.ID,
+			Value:         v.Value,
+			Desc:          v.Desc,
+			MatchType:     v.MatchType,
+			MatchedCount:  uint(v.MatchedCount),
+			LastMatchTime: v.LastMatchedTime,
 		})
 	}
 	return c.JSON(http.StatusOK, &GetAuditWhitelistResV1{