From c8a97d8ea65f5ba18b9b0be3b58cbc5c00f58f9e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=B2=90?= Date: Sat, 12 Apr 2025 18:06:19 +0800 Subject: [PATCH] =?UTF-8?q?feat(core):=20=E6=B7=BB=E5=8A=A0=E5=86=85?= =?UTF-8?q?=E7=BD=91IP=E6=9B=B4=E6=96=B0=E5=AE=9D=E5=A1=94=E5=AE=89?= =?UTF-8?q?=E5=85=A8=E5=8A=9F=E8=83=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 新增 checkNwIp 方法,用于查询内网IP并更新宝塔安全规则 - 实现域名解析功能,支持多个域名的IP解析- 添加白名单规则更新逻辑,可创建或更新管理后台IP白名单 - 新增王白名单规则删除功能 - 优化了与宝塔服务器的HTTP通信方法 --- app/core/BtWafService.php | 112 ++++++++++++++++++++++++++++++-- app/openapi/controller/Test.php | 22 +++++++ app/task/controller/Task.php | 76 +++++++++++++++++++++- 3 files changed, 203 insertions(+), 7 deletions(-) diff --git a/app/core/BtWafService.php b/app/core/BtWafService.php index 536cc98..6ea84bb 100644 --- a/app/core/BtWafService.php +++ b/app/core/BtWafService.php @@ -105,6 +105,7 @@ class BtWafService 'WAF_customize_rule' =>'/plugin?action=a&name=btwaf&s=update_customize_rule', //Nginx自定义规则 'WAF_customize_rule_create' =>'/plugin?action=a&name=btwaf&s=create_customize_rule', //Nginx自定义规则 'WAF_customize_rule_list' => '/plugin?action=a&name=btwaf&s=get_customize_list', //Nginx自定义规则列表 + 'WAF_customize_rule_del' => '/plugin?action=a&name=btwaf&s=remove_customize_rule', ); @@ -154,10 +155,9 @@ class BtWafService * 获取系统基础统计 */ public function update_waf_whiteIp($rule_id,$whiteName,$domain,$ip_white){ + # {"name":"ip白名单-6","servers":["apis.gcdat.com"],"status":1,"is_global":0,"priority":0,"root":{"logic":"or","type":"block","option":null,"children":[{"logic":"and","type":"block","option":null,"children":[{"type":"option","logic":"","children":[],"option":{"type":"ip","operator":"eq","left_factor":"","right_factor":"8.149.139.230"}}]},{"logic":"and","type":"block","option":null,"children":[{"type":"option","logic":"","children":[],"option":{"type":"ip","operator":"eq","left_factor":"","right_factor":"122.234.200.204"}}]}]},"action":{"type":"allow","response":{"type":"","response_id":0,"status":0,"headers":{},"body":""}}} - #infos: {"name":"ip白名单-2","servers":["apis.gcdat.com"],"status":1,"is_global":0,"priority":0,"root":{"logic":"or","type":"block","option":null,"children":[{"logic":"and","type":"block","option":null,"children":[{"type":"option","logic":"","children":[],"option":{"type":"ip","operator":"eq","left_factor":"","right_factor":"12.12.12.12"}}]}]},"action":{"type":"allow","response":{"type":"","response_id":0,"status":0,"headers":{},"body":""}}} - $p_data = $this->GetKeyData(); @@ -176,15 +176,15 @@ class BtWafService $root_info = []; $root_info['logic'] = 'or'; $root_info['type'] = 'block'; - $root_info['option'] = 'null'; + $root_info['option'] = null; // $children; $num = 0; // var_dump($ip_white);die; foreach ($ip_white as $k => $v){ $children[$num]['logic'] = 'and'; $children[$num]['type'] = 'block'; - $children[$num]['option'] = 'null'; - $children[$num]['children'][0]['type'] = 'block'; + $children[$num]['option'] = null; + $children[$num]['children'][0]['type'] = 'option'; $children[$num]['children'][0]['logic'] = ''; $children[$num]['children'][0]['children'] = []; $children[$num]['children'][0]['option'] = [ @@ -205,7 +205,7 @@ class BtWafService 'type'=>'', 'response_id'=>0, 'status'=>0, -// 'headers'=>[], + 'headers'=>[], 'body'=>'' ] ]; @@ -221,11 +221,111 @@ class BtWafService $result = $this->HttpPostCookie($url,$p_data); +// var_dump($p_data);die; + $data = json_decode($result,true); return $data; } + public function update_waf_whiteIp_lj($rule_id,$whiteName,$domain,$ip_white){ + #{"name":"后台管理白名单","servers":["htadmin.gcdat.com"],"status":1,"is_global":0,"priority":0,"root":{"logic":"or","type":"block","option":null,"children":[{"logic":"and","type":"block","option":null,"children":[{"type":"option","logic":"","children":[],"option":{"type":"ip","operator":"neq","left_factor":"","right_factor":"36.20.116.48"}},{"type":"option","logic":"","children":[],"option":{"type":"ip","operator":"neq","left_factor":"","right_factor":"60.176.85.193"}}]}]},"action":{"type":"deny","response":{"type":"no_response","response_id":0,"status":0,"headers":{},"body":""}}} + +// {"name":"管理后台IP白名单","servers":["htadmin.gcdat.com"],"status":1,"is_global":0,"priority":0,"root":{"logic":"or","type":"block","option":null,"children":[{"logic":"and","type":"block","option":null,"children":[{"type":"option","logic":"","children":[],"option":{"type":"ip","operator":"neq","left_factor":"","right_factor":"10.0.0.1"}},{"type":"option","logic":"","children":[],"option":{"type":"ip","operator":"neq","left_factor":"","right_factor":"192.168.0.1"}}]}]},"action":{"type":"deny","response":{"type":"black_page","response_id":0,"status":0,"headers":{},"body":""}}} + +// {"name":"管理后台IP白名单","servers":["htadmin.gcdat.com"],"status":1,"is_global":0,"priority":0,"root":{"logic":"or","type":"block","option":null,"children":[{"type":"option","logic":"","children":[],"option":{"option":{"type":"ip","operator":"neq","left_factor":"","right_factor":"36.20.116.48"}}},{"type":"option","logic":"","children":[],"option":{"option":{"type":"ip","operator":"neq","left_factor":"","right_factor":"36.20.116.48"}}}]},"action":{"type":"deny","response":{"type":"no_response","response_id":0,"status":0,"headers":[],"body":""}}} + + + + + $p_data = $this->GetKeyData(); + if(isset($rule_id)&& $rule_id){ + $url = $this->BT_PANEL.$this->config["WAF_customize_rule"]; + $p_data['id'] = $rule_id; + }else{ + $url = $this->BT_PANEL.$this->config["WAF_customize_rule_create"]; + } + $info = array(); + $info['name'] = $whiteName; + $info['servers'] = [$domain]; + $info['status'] = 1; + $info['is_global'] = 0; + $info['priority'] = 0; + $root_info = []; + $root_info['logic'] = 'or'; + $root_info['type'] = 'block'; + $root_info['option'] = null; + $children = [ + 'logic'=>'and', + 'type'=>'block', + 'option'=>null, + ]; +// $children; + $num = 0; +// var_dump($ip_white);die; + foreach ($ip_white as $k => $v){ +// + $children['children'][$num]['type'] = 'option'; + $children['children'][$num]['logic'] = ''; + $children['children'][$num]['children'] = []; + $children['children'][$num]['option'] = [ + 'type' => 'ip', + 'operator' => 'neq', + 'left_factor' => '', + 'right_factor' => $v, + ]; + $num++; + } + + + $root_info['children'][] = $children; + $info['root'] = $root_info; + $info['action'] = [ + 'type'=>'deny', + 'response'=>[ + 'type'=>'no_response', + 'response_id'=>0, + 'status'=>0, + 'headers'=>[], + 'body'=>'' + ] + ]; +// var_dump($info);die; + $json = json_encode($info,JSON_UNESCAPED_UNICODE); +// var_dump($json);die; + + +// + $p_data['infos'] = $json; + +// var_dump($p_data); + + + $result = $this->HttpPostCookie($url,$p_data); +// var_dump($p_data);die; + + + return json_decode($result,true); + } + + public function remove_waf_whiteIp($rule_id){ + + + + $p_data = $this->GetKeyData(); + if(isset($rule_id)&& $rule_id){ + $url = $this->BT_PANEL.$this->config["WAF_customize_rule_del"]; + $p_data['id'] = $rule_id; + }else{ + return false; + } + + $result = $this->HttpPostCookie($url,$p_data); + + + return json_decode($result,true); + } + private function HttpPostCookie($url, $data,$timeout = 60) { //定义cookie保存位置 diff --git a/app/openapi/controller/Test.php b/app/openapi/controller/Test.php index 5fdb487..c43211b 100644 --- a/app/openapi/controller/Test.php +++ b/app/openapi/controller/Test.php @@ -99,6 +99,28 @@ class Test extends Core } + # 对回调再次处理,如果渠道回调失败,同时商户回调失败,将使用该方法进行再次发起回调,5分钟执行一次 + public function Tcall() + { + $orderService = OrderService::instance(); + $cur = time(); + $time = 300; + $whereRaw = $cur . '-unix_timestamp(create_at) >=' . $time; + $data = $orderService->db()->whereRaw('merchant_callback_error = 2 and merchant_callback_num < 5 and status in(2,3) and ' . $whereRaw )->order('id asc')->select(); +// var_dump($data);die; + + if ($data) { + foreach ($data as $k => $v) { + $this->callSend($v, 1); + } + } + } + + private function callSend($v, $type = 1) + { + OrderService::instance()->callSend($v, $type); + } + public function dy_msd_message() { $maSuDa = \app\openapi\controller\maSuDaApi\Order::class; diff --git a/app/task/controller/Task.php b/app/task/controller/Task.php index 31af66e..26db2de 100644 --- a/app/task/controller/Task.php +++ b/app/task/controller/Task.php @@ -5,6 +5,7 @@ set_time_limit(0); ini_set('memory_limit','512M'); ini_set('default_socket_timeout', -1); //不超时 use app\channel\service\ProductService; +use app\core\BtWafService; use app\gateway\service\RedisService; use app\merchant\service\MerchantLogHistoryService; use app\merchant\service\OrderHistoryService; @@ -478,7 +479,80 @@ class Task extends Core } - # + #查询内网ip地址更新宝塔安全,建议10分钟异常 + public function checkNwIp() +{ + // 定义需要解析的域名 + $domains = ['nw.gcdat.com', 'nw2.gcdat.com']; + $api_domain = 'htadmin.gcdat.com'; + $ipAddresses = []; + + foreach ($domains as $domain) { + + // 调用域名解析函数,并处理结果 + $ips = $this->resolveDomain($domain); +// var_dump($ips);die; + + if (!empty($ips)) { + $ipAddresses[] = $ips[0]; + }else{ + echo "解析失败: " . $domain . "\n"; + } + + } + #更新宝塔安全 +// var_dump($ipAddresses);die; + $bt = new BtWafService(); +// $bt->remove_waf_whiteIp( +// 272596425 +// );die; + $list = $bt->get_customize_list(); + $ip_white_id = ''; + if($list){ + $rule_list = $list['msg']['rules']; + $name = '管理后台IP白名单'; + foreach ($rule_list as $k=>$v){ + if($v['name'] == $name){ + $ip_white_id = $k; + break; + } + + } + + } + + if($ip_white_id){ + $data = $bt->update_waf_whiteIp_lj($ip_white_id,$name,$api_domain,$ipAddresses); + + } else{ + $data = $bt->update_waf_whiteIp_lj('', $name, $api_domain, $ipAddresses); + } + + if($data && isset($data['status']) && !$data['status']){ + return '添加防火墙错误'; + } +} + +/** + * 域名解析函数 + * + * @param string $domain 待解析的域名 + * @return array 返回解析到的IP地址列表 + */ +private function resolveDomain(string $domain): array +{ + // 使用 PHP 的 gethostbynamel 函数进行域名解析 + $ips = @gethostbynamel($domain); + + // 检查解析结果是否有效 + if ($ips === false || empty($ips)) { + return []; + } + + // 确保返回的是唯一的 IP 地址 + return array_unique($ips); +} + } \ No newline at end of file