feat(core): 添加内网IP更新宝塔安全功能
- 新增 checkNwIp 方法,用于查询内网IP并更新宝塔安全规则 - 实现域名解析功能,支持多个域名的IP解析- 添加白名单规则更新逻辑,可创建或更新管理后台IP白名单 - 新增王白名单规则删除功能 - 优化了与宝塔服务器的HTTP通信方法
This commit is contained in:
沐
parent
f995a020a5
commit
c8a97d8ea6
@ -105,6 +105,7 @@ class BtWafService
|
||||
'WAF_customize_rule' =>'/plugin?action=a&name=btwaf&s=update_customize_rule', //Nginx自定义规则
|
||||
'WAF_customize_rule_create' =>'/plugin?action=a&name=btwaf&s=create_customize_rule', //Nginx自定义规则
|
||||
'WAF_customize_rule_list' => '/plugin?action=a&name=btwaf&s=get_customize_list', //Nginx自定义规则列表
|
||||
'WAF_customize_rule_del' => '/plugin?action=a&name=btwaf&s=remove_customize_rule',
|
||||
|
||||
|
||||
);
|
||||
@ -154,10 +155,9 @@ class BtWafService
|
||||
* 获取系统基础统计
|
||||
*/
|
||||
public function update_waf_whiteIp($rule_id,$whiteName,$domain,$ip_white){
|
||||
# {"name":"ip白名单-6","servers":["apis.gcdat.com"],"status":1,"is_global":0,"priority":0,"root":{"logic":"or","type":"block","option":null,"children":[{"logic":"and","type":"block","option":null,"children":[{"type":"option","logic":"","children":[],"option":{"type":"ip","operator":"eq","left_factor":"","right_factor":"8.149.139.230"}}]},{"logic":"and","type":"block","option":null,"children":[{"type":"option","logic":"","children":[],"option":{"type":"ip","operator":"eq","left_factor":"","right_factor":"122.234.200.204"}}]}]},"action":{"type":"allow","response":{"type":"","response_id":0,"status":0,"headers":{},"body":""}}}
|
||||
|
||||
|
||||
#infos: {"name":"ip白名单-2","servers":["apis.gcdat.com"],"status":1,"is_global":0,"priority":0,"root":{"logic":"or","type":"block","option":null,"children":[{"logic":"and","type":"block","option":null,"children":[{"type":"option","logic":"","children":[],"option":{"type":"ip","operator":"eq","left_factor":"","right_factor":"12.12.12.12"}}]}]},"action":{"type":"allow","response":{"type":"","response_id":0,"status":0,"headers":{},"body":""}}}
|
||||
|
||||
|
||||
|
||||
$p_data = $this->GetKeyData();
|
||||
@ -176,15 +176,15 @@ class BtWafService
|
||||
$root_info = [];
|
||||
$root_info['logic'] = 'or';
|
||||
$root_info['type'] = 'block';
|
||||
$root_info['option'] = 'null';
|
||||
$root_info['option'] = null;
|
||||
// $children;
|
||||
$num = 0;
|
||||
// var_dump($ip_white);die;
|
||||
foreach ($ip_white as $k => $v){
|
||||
$children[$num]['logic'] = 'and';
|
||||
$children[$num]['type'] = 'block';
|
||||
$children[$num]['option'] = 'null';
|
||||
$children[$num]['children'][0]['type'] = 'block';
|
||||
$children[$num]['option'] = null;
|
||||
$children[$num]['children'][0]['type'] = 'option';
|
||||
$children[$num]['children'][0]['logic'] = '';
|
||||
$children[$num]['children'][0]['children'] = [];
|
||||
$children[$num]['children'][0]['option'] = [
|
||||
@ -205,7 +205,7 @@ class BtWafService
|
||||
'type'=>'',
|
||||
'response_id'=>0,
|
||||
'status'=>0,
|
||||
// 'headers'=>[],
|
||||
'headers'=>[],
|
||||
'body'=>''
|
||||
]
|
||||
];
|
||||
@ -221,11 +221,111 @@ class BtWafService
|
||||
|
||||
|
||||
$result = $this->HttpPostCookie($url,$p_data);
|
||||
// var_dump($p_data);die;
|
||||
|
||||
|
||||
$data = json_decode($result,true);
|
||||
return $data;
|
||||
}
|
||||
|
||||
public function update_waf_whiteIp_lj($rule_id,$whiteName,$domain,$ip_white){
|
||||
#{"name":"后台管理白名单","servers":["htadmin.gcdat.com"],"status":1,"is_global":0,"priority":0,"root":{"logic":"or","type":"block","option":null,"children":[{"logic":"and","type":"block","option":null,"children":[{"type":"option","logic":"","children":[],"option":{"type":"ip","operator":"neq","left_factor":"","right_factor":"36.20.116.48"}},{"type":"option","logic":"","children":[],"option":{"type":"ip","operator":"neq","left_factor":"","right_factor":"60.176.85.193"}}]}]},"action":{"type":"deny","response":{"type":"no_response","response_id":0,"status":0,"headers":{},"body":""}}}
|
||||
|
||||
// {"name":"管理后台IP白名单","servers":["htadmin.gcdat.com"],"status":1,"is_global":0,"priority":0,"root":{"logic":"or","type":"block","option":null,"children":[{"logic":"and","type":"block","option":null,"children":[{"type":"option","logic":"","children":[],"option":{"type":"ip","operator":"neq","left_factor":"","right_factor":"10.0.0.1"}},{"type":"option","logic":"","children":[],"option":{"type":"ip","operator":"neq","left_factor":"","right_factor":"192.168.0.1"}}]}]},"action":{"type":"deny","response":{"type":"black_page","response_id":0,"status":0,"headers":{},"body":""}}}
|
||||
|
||||
// {"name":"管理后台IP白名单","servers":["htadmin.gcdat.com"],"status":1,"is_global":0,"priority":0,"root":{"logic":"or","type":"block","option":null,"children":[{"type":"option","logic":"","children":[],"option":{"option":{"type":"ip","operator":"neq","left_factor":"","right_factor":"36.20.116.48"}}},{"type":"option","logic":"","children":[],"option":{"option":{"type":"ip","operator":"neq","left_factor":"","right_factor":"36.20.116.48"}}}]},"action":{"type":"deny","response":{"type":"no_response","response_id":0,"status":0,"headers":[],"body":""}}}
|
||||
|
||||
|
||||
|
||||
|
||||
$p_data = $this->GetKeyData();
|
||||
if(isset($rule_id)&& $rule_id){
|
||||
$url = $this->BT_PANEL.$this->config["WAF_customize_rule"];
|
||||
$p_data['id'] = $rule_id;
|
||||
}else{
|
||||
$url = $this->BT_PANEL.$this->config["WAF_customize_rule_create"];
|
||||
}
|
||||
$info = array();
|
||||
$info['name'] = $whiteName;
|
||||
$info['servers'] = [$domain];
|
||||
$info['status'] = 1;
|
||||
$info['is_global'] = 0;
|
||||
$info['priority'] = 0;
|
||||
$root_info = [];
|
||||
$root_info['logic'] = 'or';
|
||||
$root_info['type'] = 'block';
|
||||
$root_info['option'] = null;
|
||||
$children = [
|
||||
'logic'=>'and',
|
||||
'type'=>'block',
|
||||
'option'=>null,
|
||||
];
|
||||
// $children;
|
||||
$num = 0;
|
||||
// var_dump($ip_white);die;
|
||||
foreach ($ip_white as $k => $v){
|
||||
//
|
||||
$children['children'][$num]['type'] = 'option';
|
||||
$children['children'][$num]['logic'] = '';
|
||||
$children['children'][$num]['children'] = [];
|
||||
$children['children'][$num]['option'] = [
|
||||
'type' => 'ip',
|
||||
'operator' => 'neq',
|
||||
'left_factor' => '',
|
||||
'right_factor' => $v,
|
||||
];
|
||||
$num++;
|
||||
}
|
||||
|
||||
|
||||
$root_info['children'][] = $children;
|
||||
$info['root'] = $root_info;
|
||||
$info['action'] = [
|
||||
'type'=>'deny',
|
||||
'response'=>[
|
||||
'type'=>'no_response',
|
||||
'response_id'=>0,
|
||||
'status'=>0,
|
||||
'headers'=>[],
|
||||
'body'=>''
|
||||
]
|
||||
];
|
||||
// var_dump($info);die;
|
||||
$json = json_encode($info,JSON_UNESCAPED_UNICODE);
|
||||
// var_dump($json);die;
|
||||
|
||||
|
||||
//
|
||||
$p_data['infos'] = $json;
|
||||
|
||||
// var_dump($p_data);
|
||||
|
||||
|
||||
$result = $this->HttpPostCookie($url,$p_data);
|
||||
// var_dump($p_data);die;
|
||||
|
||||
|
||||
return json_decode($result,true);
|
||||
}
|
||||
|
||||
public function remove_waf_whiteIp($rule_id){
|
||||
|
||||
|
||||
|
||||
$p_data = $this->GetKeyData();
|
||||
if(isset($rule_id)&& $rule_id){
|
||||
$url = $this->BT_PANEL.$this->config["WAF_customize_rule_del"];
|
||||
$p_data['id'] = $rule_id;
|
||||
}else{
|
||||
return false;
|
||||
}
|
||||
|
||||
$result = $this->HttpPostCookie($url,$p_data);
|
||||
|
||||
|
||||
return json_decode($result,true);
|
||||
}
|
||||
|
||||
private function HttpPostCookie($url, $data,$timeout = 60)
|
||||
{
|
||||
//定义cookie保存位置
|
||||
|
||||
@ -99,6 +99,28 @@ class Test extends Core
|
||||
|
||||
}
|
||||
|
||||
# 对回调再次处理,如果渠道回调失败,同时商户回调失败,将使用该方法进行再次发起回调,5分钟执行一次
|
||||
public function Tcall()
|
||||
{
|
||||
$orderService = OrderService::instance();
|
||||
$cur = time();
|
||||
$time = 300;
|
||||
$whereRaw = $cur . '-unix_timestamp(create_at) >=' . $time;
|
||||
$data = $orderService->db()->whereRaw('merchant_callback_error = 2 and merchant_callback_num < 5 and status in(2,3) and ' . $whereRaw )->order('id asc')->select();
|
||||
// var_dump($data);die;
|
||||
|
||||
if ($data) {
|
||||
foreach ($data as $k => $v) {
|
||||
$this->callSend($v, 1);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private function callSend($v, $type = 1)
|
||||
{
|
||||
OrderService::instance()->callSend($v, $type);
|
||||
}
|
||||
|
||||
public function dy_msd_message()
|
||||
{
|
||||
$maSuDa = \app\openapi\controller\maSuDaApi\Order::class;
|
||||
|
||||
@ -5,6 +5,7 @@ set_time_limit(0);
|
||||
ini_set('memory_limit','512M');
|
||||
ini_set('default_socket_timeout', -1); //不超时
|
||||
use app\channel\service\ProductService;
|
||||
use app\core\BtWafService;
|
||||
use app\gateway\service\RedisService;
|
||||
use app\merchant\service\MerchantLogHistoryService;
|
||||
use app\merchant\service\OrderHistoryService;
|
||||
@ -478,7 +479,80 @@ class Task extends Core
|
||||
|
||||
}
|
||||
|
||||
#
|
||||
#查询内网ip地址更新宝塔安全,建议10分钟异常
|
||||
public function checkNwIp()
|
||||
{
|
||||
// 定义需要解析的域名
|
||||
$domains = ['nw.gcdat.com', 'nw2.gcdat.com'];
|
||||
$api_domain = 'htadmin.gcdat.com';
|
||||
$ipAddresses = [];
|
||||
|
||||
foreach ($domains as $domain) {
|
||||
|
||||
// 调用域名解析函数,并处理结果
|
||||
$ips = $this->resolveDomain($domain);
|
||||
// var_dump($ips);die;
|
||||
|
||||
if (!empty($ips)) {
|
||||
$ipAddresses[] = $ips[0];
|
||||
}else{
|
||||
echo "解析失败: " . $domain . "\n";
|
||||
}
|
||||
|
||||
}
|
||||
#更新宝塔安全
|
||||
// var_dump($ipAddresses);die;
|
||||
$bt = new BtWafService();
|
||||
// $bt->remove_waf_whiteIp(
|
||||
// 272596425
|
||||
// );die;
|
||||
$list = $bt->get_customize_list();
|
||||
$ip_white_id = '';
|
||||
if($list){
|
||||
$rule_list = $list['msg']['rules'];
|
||||
$name = '管理后台IP白名单';
|
||||
foreach ($rule_list as $k=>$v){
|
||||
if($v['name'] == $name){
|
||||
$ip_white_id = $k;
|
||||
break;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
if($ip_white_id){
|
||||
$data = $bt->update_waf_whiteIp_lj($ip_white_id,$name,$api_domain,$ipAddresses);
|
||||
|
||||
} else{
|
||||
$data = $bt->update_waf_whiteIp_lj('', $name, $api_domain, $ipAddresses);
|
||||
}
|
||||
|
||||
if($data && isset($data['status']) && !$data['status']){
|
||||
return '添加防火墙错误';
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* 域名解析函数
|
||||
*
|
||||
* @param string $domain 待解析的域名
|
||||
* @return array 返回解析到的IP地址列表
|
||||
*/
|
||||
private function resolveDomain(string $domain): array
|
||||
{
|
||||
// 使用 PHP 的 gethostbynamel 函数进行域名解析
|
||||
$ips = @gethostbynamel($domain);
|
||||
|
||||
// 检查解析结果是否有效
|
||||
if ($ips === false || empty($ips)) {
|
||||
return [];
|
||||
}
|
||||
|
||||
// 确保返回的是唯一的 IP 地址
|
||||
return array_unique($ips);
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user