1.4.5.2

2026-02-04 20:27:13 +08:00
commit 3b042d1dad
9410 changed files with 1488147 additions and 0 deletions
--- a/EdgeCommon/pkg/rpc/dao/base_dao.go
+++ b/EdgeCommon/pkg/rpc/dao/base_dao.go
@@ -0,0 +1,8 @@
+package dao
+
+type BaseDAO struct {
+}
+
+func (this *BaseDAO) RPC() RPCClient {
+	return sharedRPCClient
+}
--- a/EdgeCommon/pkg/rpc/dao/http_cache_policy_dao.go
+++ b/EdgeCommon/pkg/rpc/dao/http_cache_policy_dao.go
@@ -0,0 +1,69 @@
+package dao
+
+import (
+	"context"
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+)
+
+var SharedHTTPCachePolicyDAO = new(HTTPCachePolicyDAO)
+
+type HTTPCachePolicyDAO struct {
+	BaseDAO
+}
+
+// 查找缓存策略配置
+func (this *HTTPCachePolicyDAO) FindEnabledHTTPCachePolicyConfig(ctx context.Context, cachePolicyId int64) (*serverconfigs.HTTPCachePolicy, error) {
+	resp, err := this.RPC().HTTPCachePolicyRPC().FindEnabledHTTPCachePolicyConfig(ctx, &pb.FindEnabledHTTPCachePolicyConfigRequest{HttpCachePolicyId: cachePolicyId})
+	if err != nil {
+		return nil, err
+	}
+	if len(resp.HttpCachePolicyJSON) == 0 {
+		return nil, nil
+	}
+	config := &serverconfigs.HTTPCachePolicy{}
+	err = json.Unmarshal(resp.HttpCachePolicyJSON, config)
+	if err != nil {
+		return nil, err
+	}
+	return config, nil
+}
+
+// 查找缓存策略信息
+func (this *HTTPCachePolicyDAO) FindEnabledHTTPCachePolicy(ctx context.Context, cachePolicyId int64) (*pb.HTTPCachePolicy, error) {
+	resp, err := this.RPC().HTTPCachePolicyRPC().FindEnabledHTTPCachePolicy(ctx, &pb.FindEnabledHTTPCachePolicyRequest{
+		HttpCachePolicyId: cachePolicyId,
+	})
+	if err != nil {
+		return nil, err
+	}
+	return resp.HttpCachePolicy, nil
+}
+
+// 根据服务ID查找缓存策略
+func (this *HTTPCachePolicyDAO) FindEnabledHTTPCachePolicyWithServerId(ctx context.Context, serverId int64) (*pb.HTTPCachePolicy, error) {
+	serverResp, err := this.RPC().ServerRPC().FindEnabledServer(ctx, &pb.FindEnabledServerRequest{ServerId: serverId})
+	if err != nil {
+		return nil, err
+	}
+	server := serverResp.Server
+	if server == nil {
+		return nil, nil
+	}
+	if server.NodeCluster == nil {
+		return nil, nil
+	}
+	clusterId := server.NodeCluster.Id
+	cluster, err := SharedNodeClusterDAO.FindEnabledNodeCluster(ctx, clusterId)
+	if err != nil {
+		return nil, err
+	}
+	if cluster == nil {
+		return nil, nil
+	}
+	if cluster.HttpCachePolicyId == 0 {
+		return nil, nil
+	}
+	return this.FindEnabledHTTPCachePolicy(ctx, cluster.HttpCachePolicyId)
+}
--- a/EdgeCommon/pkg/rpc/dao/http_firewall_policy_dao.go
+++ b/EdgeCommon/pkg/rpc/dao/http_firewall_policy_dao.go
@@ -0,0 +1,300 @@
+package dao
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/ipconfigs"
+	"github.com/iwind/TeaGo/maps"
+)
+
+var SharedHTTPFirewallPolicyDAO = new(HTTPFirewallPolicyDAO)
+
+// HTTPFirewallPolicyDAO WAF策略相关
+type HTTPFirewallPolicyDAO struct {
+	BaseDAO
+}
+
+// FindEnabledHTTPFirewallPolicy 查找WAF策略基本信息
+func (this *HTTPFirewallPolicyDAO) FindEnabledHTTPFirewallPolicy(ctx context.Context, policyId int64) (*pb.HTTPFirewallPolicy, error) {
+	resp, err := this.RPC().HTTPFirewallPolicyRPC().FindEnabledHTTPFirewallPolicy(ctx, &pb.FindEnabledHTTPFirewallPolicyRequest{HttpFirewallPolicyId: policyId})
+	if err != nil {
+		return nil, err
+	}
+	return resp.HttpFirewallPolicy, nil
+}
+
+// FindEnabledHTTPFirewallPolicyConfig 查找WAF策略配置
+func (this *HTTPFirewallPolicyDAO) FindEnabledHTTPFirewallPolicyConfig(ctx context.Context, policyId int64) (*firewallconfigs.HTTPFirewallPolicy, error) {
+	resp, err := this.RPC().HTTPFirewallPolicyRPC().FindEnabledHTTPFirewallPolicyConfig(ctx, &pb.FindEnabledHTTPFirewallPolicyConfigRequest{HttpFirewallPolicyId: policyId})
+	if err != nil {
+		return nil, err
+	}
+	if len(resp.HttpFirewallPolicyJSON) == 0 {
+		return nil, nil
+	}
+	firewallPolicy := &firewallconfigs.HTTPFirewallPolicy{}
+	err = json.Unmarshal(resp.HttpFirewallPolicyJSON, firewallPolicy)
+	if err != nil {
+		return nil, err
+	}
+	return firewallPolicy, nil
+}
+
+// FindEnabledHTTPFirewallPolicyInboundConfig 查找WAF的Inbound
+func (this *HTTPFirewallPolicyDAO) FindEnabledHTTPFirewallPolicyInboundConfig(ctx context.Context, policyId int64) (*firewallconfigs.HTTPFirewallInboundConfig, error) {
+	config, err := this.FindEnabledHTTPFirewallPolicyConfig(ctx, policyId)
+	if err != nil {
+		return nil, err
+	}
+	if config == nil {
+		return nil, errors.New("not found")
+	}
+	return config.Inbound, nil
+}
+
+// FindEnabledPolicyIPListIdWithType 根据类型查找WAF的IP名单
+func (this *HTTPFirewallPolicyDAO) FindEnabledPolicyIPListIdWithType(ctx context.Context, policyId int64, listType ipconfigs.IPListType) (int64, error) {
+	switch listType {
+	case ipconfigs.IPListTypeWhite:
+		return this.FindEnabledPolicyWhiteIPListId(ctx, policyId)
+	case ipconfigs.IPListTypeBlack:
+		return this.FindEnabledPolicyBlackIPListId(ctx, policyId)
+	case ipconfigs.IPListTypeGrey:
+		return this.FindEnabledPolicyGreyIPListId(ctx, policyId)
+	default:
+		return 0, errors.New("invalid ip list type '" + listType + "'")
+	}
+}
+
+// FindEnabledPolicyWhiteIPListId 查找WAF的白名单
+func (this *HTTPFirewallPolicyDAO) FindEnabledPolicyWhiteIPListId(ctx context.Context, policyId int64) (int64, error) {
+	config, err := this.FindEnabledHTTPFirewallPolicyConfig(ctx, policyId)
+	if err != nil {
+		return 0, err
+	}
+	if config == nil {
+		return 0, errors.New("not found")
+	}
+	if config.Inbound == nil {
+		config.Inbound = &firewallconfigs.HTTPFirewallInboundConfig{IsOn: true}
+	}
+	if config.Inbound.AllowListRef == nil || config.Inbound.AllowListRef.ListId == 0 {
+		createResp, err := this.RPC().IPListRPC().CreateIPList(ctx, &pb.CreateIPListRequest{
+			Type:        "white",
+			Name:        "白名单",
+			Code:        "white",
+			TimeoutJSON: nil,
+		})
+		if err != nil {
+			return 0, err
+		}
+		var listId = createResp.IpListId
+		config.Inbound.AllowListRef = &ipconfigs.IPListRef{
+			IsOn:   true,
+			ListId: listId,
+		}
+		inboundJSON, err := json.Marshal(config.Inbound)
+		if err != nil {
+			return 0, err
+		}
+		_, err = this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallInboundConfig(ctx, &pb.UpdateHTTPFirewallInboundConfigRequest{
+			HttpFirewallPolicyId: policyId,
+			InboundJSON:          inboundJSON,
+		})
+		if err != nil {
+			return 0, err
+		}
+		return listId, nil
+	}
+
+	return config.Inbound.AllowListRef.ListId, nil
+}
+
+// FindEnabledPolicyBlackIPListId 查找WAF的黑名单
+func (this *HTTPFirewallPolicyDAO) FindEnabledPolicyBlackIPListId(ctx context.Context, policyId int64) (int64, error) {
+	config, err := this.FindEnabledHTTPFirewallPolicyConfig(ctx, policyId)
+	if err != nil {
+		return 0, err
+	}
+	if config == nil {
+		return 0, errors.New("not found")
+	}
+	if config.Inbound == nil {
+		config.Inbound = &firewallconfigs.HTTPFirewallInboundConfig{IsOn: true}
+	}
+	if config.Inbound.DenyListRef == nil || config.Inbound.DenyListRef.ListId == 0 {
+		createResp, err := this.RPC().IPListRPC().CreateIPList(ctx, &pb.CreateIPListRequest{
+			Type:        "black",
+			Name:        "黑名单",
+			Code:        "black",
+			TimeoutJSON: nil,
+		})
+		if err != nil {
+			return 0, err
+		}
+		var listId = createResp.IpListId
+		config.Inbound.DenyListRef = &ipconfigs.IPListRef{
+			IsOn:   true,
+			ListId: listId,
+		}
+		inboundJSON, err := json.Marshal(config.Inbound)
+		if err != nil {
+			return 0, err
+		}
+		_, err = this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallInboundConfig(ctx, &pb.UpdateHTTPFirewallInboundConfigRequest{
+			HttpFirewallPolicyId: policyId,
+			InboundJSON:          inboundJSON,
+		})
+		if err != nil {
+			return 0, err
+		}
+		return listId, nil
+	}
+
+	return config.Inbound.DenyListRef.ListId, nil
+}
+
+// FindEnabledPolicyGreyIPListId 查找WAF的灰名单
+func (this *HTTPFirewallPolicyDAO) FindEnabledPolicyGreyIPListId(ctx context.Context, policyId int64) (int64, error) {
+	config, err := this.FindEnabledHTTPFirewallPolicyConfig(ctx, policyId)
+	if err != nil {
+		return 0, err
+	}
+	if config == nil {
+		return 0, errors.New("not found")
+	}
+	if config.Inbound == nil {
+		config.Inbound = &firewallconfigs.HTTPFirewallInboundConfig{IsOn: true}
+	}
+	if config.Inbound.GreyListRef == nil || config.Inbound.GreyListRef.ListId == 0 {
+		createResp, err := this.RPC().IPListRPC().CreateIPList(ctx, &pb.CreateIPListRequest{
+			Type:        "grey",
+			Name:        "灰名单",
+			Code:        "grey",
+			TimeoutJSON: nil,
+		})
+		if err != nil {
+			return 0, err
+		}
+		var listId = createResp.IpListId
+		config.Inbound.GreyListRef = &ipconfigs.IPListRef{
+			IsOn:   true,
+			ListId: listId,
+		}
+		inboundJSON, err := json.Marshal(config.Inbound)
+		if err != nil {
+			return 0, err
+		}
+		_, err = this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallInboundConfig(ctx, &pb.UpdateHTTPFirewallInboundConfigRequest{
+			HttpFirewallPolicyId: policyId,
+			InboundJSON:          inboundJSON,
+		})
+		if err != nil {
+			return 0, err
+		}
+		return listId, nil
+	}
+
+	return config.Inbound.GreyListRef.ListId, nil
+}
+
+// FindEnabledHTTPFirewallPolicyWithServerId 根据服务Id查找WAF策略
+func (this *HTTPFirewallPolicyDAO) FindEnabledHTTPFirewallPolicyWithServerId(ctx context.Context, serverId int64) (*pb.HTTPFirewallPolicy, error) {
+	serverResp, err := this.RPC().ServerRPC().FindEnabledServer(ctx, &pb.FindEnabledServerRequest{ServerId: serverId})
+	if err != nil {
+		return nil, err
+	}
+	server := serverResp.Server
+	if server == nil {
+		return nil, nil
+	}
+	if server.NodeCluster == nil {
+		return nil, nil
+	}
+	clusterId := server.NodeCluster.Id
+	cluster, err := SharedNodeClusterDAO.FindEnabledNodeCluster(ctx, clusterId)
+	if err != nil {
+		return nil, err
+	}
+	if cluster == nil {
+		return nil, nil
+	}
+	if cluster.HttpFirewallPolicyId == 0 {
+		return nil, nil
+	}
+	return SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicy(ctx, cluster.HttpFirewallPolicyId)
+}
+
+// FindHTTPFirewallActionConfigs 查找动作相关信息
+func (this *HTTPFirewallPolicyDAO) FindHTTPFirewallActionConfigs(ctx context.Context, actions []*firewallconfigs.HTTPFirewallActionConfig) ([]maps.Map, error) {
+	var actionConfigs = []maps.Map{}
+	for _, action := range actions {
+		def := firewallconfigs.FindActionDefinition(action.Code)
+		if def == nil {
+			continue
+		}
+		if action.Options == nil {
+			action.Options = maps.Map{}
+		}
+
+		switch action.Code {
+		case firewallconfigs.HTTPFirewallActionRecordIP:
+			var listId = action.Options.GetInt64("ipListId")
+			listResp, err := this.RPC().IPListRPC().FindEnabledIPList(ctx, &pb.FindEnabledIPListRequest{IpListId: listId})
+			if err != nil {
+				return nil, err
+			}
+			if listId == 0 {
+				action.Options["ipListName"] = firewallconfigs.FindGlobalListNameWithType(action.Options.GetString("type"))
+			} else if listResp.IpList != nil {
+				action.Options["ipListName"] = listResp.IpList.Name
+			} else {
+				action.Options["ipListName"] = action.Options.GetString("ipListName") + "(已删除)"
+			}
+		case firewallconfigs.HTTPFirewallActionGoGroup:
+			groupId := action.Options.GetInt64("groupId")
+			groupResp, err := this.RPC().HTTPFirewallRuleGroupRPC().FindEnabledHTTPFirewallRuleGroup(ctx, &pb.FindEnabledHTTPFirewallRuleGroupRequest{FirewallRuleGroupId: groupId})
+			if err != nil {
+				return nil, err
+			}
+			if groupResp.FirewallRuleGroup != nil {
+				action.Options["groupName"] = groupResp.FirewallRuleGroup.Name
+			} else {
+				action.Options["groupName"] = action.Options.GetString("groupName") + "(已删除)"
+			}
+		case firewallconfigs.HTTPFirewallActionGoSet:
+			groupId := action.Options.GetInt64("groupId")
+			groupResp, err := this.RPC().HTTPFirewallRuleGroupRPC().FindEnabledHTTPFirewallRuleGroup(ctx, &pb.FindEnabledHTTPFirewallRuleGroupRequest{FirewallRuleGroupId: groupId})
+			if err != nil {
+				return nil, err
+			}
+			if groupResp.FirewallRuleGroup != nil {
+				action.Options["groupName"] = groupResp.FirewallRuleGroup.Name
+			} else {
+				action.Options["groupName"] = action.Options.GetString("groupName") + "(已删除)"
+			}
+
+			setId := action.Options.GetInt64("setId")
+			setResp, err := this.RPC().HTTPFirewallRuleSetRPC().FindEnabledHTTPFirewallRuleSet(ctx, &pb.FindEnabledHTTPFirewallRuleSetRequest{FirewallRuleSetId: setId})
+			if err != nil {
+				return nil, err
+			}
+			if setResp.FirewallRuleSet != nil {
+				action.Options["setName"] = setResp.FirewallRuleSet.Name
+			} else {
+				action.Options["setName"] = action.Options.GetString("setName") + "(已删除)"
+			}
+		}
+
+		actionConfigs = append(actionConfigs, maps.Map{
+			"name":     def.Name,
+			"code":     def.Code,
+			"category": def.Category,
+			"options":  action.Options,
+		})
+	}
+	return actionConfigs, nil
+}
--- a/EdgeCommon/pkg/rpc/dao/http_firewall_rule_group_dao.go
+++ b/EdgeCommon/pkg/rpc/dao/http_firewall_rule_group_dao.go
@@ -0,0 +1,34 @@
+package dao
+
+import (
+	"context"
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+)
+
+var SharedHTTPFirewallRuleGroupDAO = new(HTTPFirewallRuleGroupDAO)
+
+type HTTPFirewallRuleGroupDAO struct {
+	BaseDAO
+}
+
+// 查找分组配置
+func (this *HTTPFirewallRuleGroupDAO) FindRuleGroupConfig(ctx context.Context, groupId int64) (*firewallconfigs.HTTPFirewallRuleGroup, error) {
+	groupResp, err := this.RPC().HTTPFirewallRuleGroupRPC().FindEnabledHTTPFirewallRuleGroupConfig(ctx, &pb.FindEnabledHTTPFirewallRuleGroupConfigRequest{FirewallRuleGroupId: groupId})
+	if err != nil {
+		return nil, err
+	}
+
+	if len(groupResp.FirewallRuleGroupJSON) == 0 {
+		return nil, nil
+	}
+
+	groupConfig := &firewallconfigs.HTTPFirewallRuleGroup{}
+	err = json.Unmarshal(groupResp.FirewallRuleGroupJSON, groupConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	return groupConfig, nil
+}
--- a/EdgeCommon/pkg/rpc/dao/http_firewall_rule_set_dao.go
+++ b/EdgeCommon/pkg/rpc/dao/http_firewall_rule_set_dao.go
@@ -0,0 +1,31 @@
+package dao
+
+import (
+	"context"
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+)
+
+var SharedHTTPFirewallRuleSetDAO = new(HTTPFirewallRuleSetDAO)
+
+type HTTPFirewallRuleSetDAO struct {
+	BaseDAO
+}
+
+// 查找规则集配置
+func (this *HTTPFirewallRuleSetDAO) FindRuleSetConfig(ctx context.Context, setId int64) (*firewallconfigs.HTTPFirewallRuleSet, error) {
+	resp, err := this.RPC().HTTPFirewallRuleSetRPC().FindEnabledHTTPFirewallRuleSetConfig(ctx, &pb.FindEnabledHTTPFirewallRuleSetConfigRequest{FirewallRuleSetId: setId})
+	if err != nil {
+		return nil, err
+	}
+	if len(resp.FirewallRuleSetJSON) == 0 {
+		return nil, err
+	}
+	config := &firewallconfigs.HTTPFirewallRuleSet{}
+	err = json.Unmarshal(resp.FirewallRuleSetJSON, config)
+	if err != nil {
+		return nil, err
+	}
+	return config, nil
+}
--- a/EdgeCommon/pkg/rpc/dao/http_web_dao.go
+++ b/EdgeCommon/pkg/rpc/dao/http_web_dao.go
@@ -0,0 +1,109 @@
+package dao
+
+import (
+	"context"
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeCommon/pkg/errors"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+)
+
+var SharedHTTPWebDAO = new(HTTPWebDAO)
+
+type HTTPWebDAO struct {
+	BaseDAO
+}
+
+// FindWebConfigWithServerId 根据ServerId查找Web配置
+func (this *HTTPWebDAO) FindWebConfigWithServerId(ctx context.Context, serverId int64) (*serverconfigs.HTTPWebConfig, error) {
+	resp, err := this.RPC().ServerRPC().FindAndInitServerWebConfig(ctx, &pb.FindAndInitServerWebConfigRequest{ServerId: serverId})
+	if err != nil {
+		return nil, err
+	}
+	config := &serverconfigs.HTTPWebConfig{}
+	err = json.Unmarshal(resp.WebJSON, config)
+	if err != nil {
+		return nil, err
+	}
+	return config, nil
+}
+
+// FindWebConfigWithLocationId 根据LocationId查找Web配置
+func (this *HTTPWebDAO) FindWebConfigWithLocationId(ctx context.Context, locationId int64) (*serverconfigs.HTTPWebConfig, error) {
+	resp, err := this.RPC().HTTPLocationRPC().FindAndInitHTTPLocationWebConfig(ctx, &pb.FindAndInitHTTPLocationWebConfigRequest{LocationId: locationId})
+	if err != nil {
+		return nil, err
+	}
+	config := &serverconfigs.HTTPWebConfig{}
+	err = json.Unmarshal(resp.WebJSON, config)
+	if err != nil {
+		return nil, err
+	}
+	return config, nil
+}
+
+// FindWebConfigWithServerGroupId 根据ServerGroupId查找Web配置
+func (this *HTTPWebDAO) FindWebConfigWithServerGroupId(ctx context.Context, serverGroupId int64) (*serverconfigs.HTTPWebConfig, error) {
+	resp, err := this.RPC().ServerGroupRPC().FindAndInitServerGroupWebConfig(ctx, &pb.FindAndInitServerGroupWebConfigRequest{ServerGroupId: serverGroupId})
+	if err != nil {
+		return nil, err
+	}
+	config := &serverconfigs.HTTPWebConfig{}
+	err = json.Unmarshal(resp.WebJSON, config)
+	if err != nil {
+		return nil, err
+	}
+	return config, nil
+}
+
+// FindWebConfigWithId 根据WebId查找Web配置
+func (this *HTTPWebDAO) FindWebConfigWithId(ctx context.Context, webId int64) (*serverconfigs.HTTPWebConfig, error) {
+	resp, err := this.RPC().HTTPWebRPC().FindEnabledHTTPWebConfig(ctx, &pb.FindEnabledHTTPWebConfigRequest{HttpWebId: webId})
+	if err != nil {
+		return nil, err
+	}
+	config := &serverconfigs.HTTPWebConfig{}
+	err = json.Unmarshal(resp.HttpWebJSON, config)
+	if err != nil {
+		return nil, err
+	}
+	return config, nil
+}
+
+// InitEmptyHTTPFirewallPolicy 初始化防火墙设置
+func (this *HTTPWebDAO) InitEmptyHTTPFirewallPolicy(ctx context.Context, serverGroupId int64, serverId int64, webId int64, isOn bool) (int64, error) {
+	// 创建FirewallPolicy
+	firewallPolicyIdResp, err := this.RPC().HTTPFirewallPolicyRPC().CreateEmptyHTTPFirewallPolicy(ctx, &pb.CreateEmptyHTTPFirewallPolicyRequest{
+		ServerGroupId: serverGroupId,
+		ServerId:      serverId,
+		IsOn:          true,
+		Name:          "用户自定义",
+		Description:   "",
+	})
+	if err != nil {
+		return 0, errors.Wrap(err)
+	}
+
+	policyId := firewallPolicyIdResp.HttpFirewallPolicyId
+
+	firewallRef := &firewallconfigs.HTTPFirewallRef{
+		IsPrior:          false,
+		IsOn:             isOn,
+		FirewallPolicyId: policyId,
+	}
+	firewallRefJSON, err := json.Marshal(firewallRef)
+	if err != nil {
+		return 0, errors.Wrap(err)
+	}
+
+	_, err = this.RPC().HTTPWebRPC().UpdateHTTPWebFirewall(ctx, &pb.UpdateHTTPWebFirewallRequest{
+		HttpWebId:    webId,
+		FirewallJSON: firewallRefJSON,
+	})
+	if err != nil {
+		return 0, errors.Wrap(err)
+	}
+
+	return policyId, nil
+}
--- a/EdgeCommon/pkg/rpc/dao/ip_list_dao.go
+++ b/EdgeCommon/pkg/rpc/dao/ip_list_dao.go
@@ -0,0 +1,156 @@
+package dao
+
+import (
+	"context"
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeCommon/pkg/errors"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/ipconfigs"
+)
+
+var SharedIPListDAO = new(IPListDAO)
+
+type IPListDAO struct {
+	BaseDAO
+}
+
+// FindAllowIPListIdWithServerId 查找网站的允许IP列表
+func (this *IPListDAO) FindAllowIPListIdWithServerId(ctx context.Context, serverId int64) (int64, error) {
+	webConfig, err := SharedHTTPWebDAO.FindWebConfigWithServerId(ctx, serverId)
+	if err != nil {
+		return 0, err
+	}
+	if webConfig == nil {
+		return 0, nil
+	}
+	if webConfig.FirewallPolicy == nil || webConfig.FirewallPolicy.Inbound == nil || webConfig.FirewallPolicy.Inbound.AllowListRef == nil {
+		return 0, nil
+	}
+	return webConfig.FirewallPolicy.Inbound.AllowListRef.ListId, nil
+}
+
+// FindDenyIPListIdWithServerId 查找网站的禁止IP列表
+func (this *IPListDAO) FindDenyIPListIdWithServerId(ctx context.Context, serverId int64) (int64, error) {
+	webConfig, err := SharedHTTPWebDAO.FindWebConfigWithServerId(ctx, serverId)
+	if err != nil {
+		return 0, err
+	}
+	if webConfig == nil {
+		return 0, nil
+	}
+	if webConfig.FirewallPolicy == nil || webConfig.FirewallPolicy.Inbound == nil || webConfig.FirewallPolicy.Inbound.DenyListRef == nil {
+		return 0, nil
+	}
+	return webConfig.FirewallPolicy.Inbound.DenyListRef.ListId, nil
+}
+
+// FindGreyIPListIdWithServerId 查找网站的IP灰名单
+func (this *IPListDAO) FindGreyIPListIdWithServerId(ctx context.Context, serverId int64) (int64, error) {
+	webConfig, err := SharedHTTPWebDAO.FindWebConfigWithServerId(ctx, serverId)
+	if err != nil {
+		return 0, err
+	}
+	if webConfig == nil {
+		return 0, nil
+	}
+	if webConfig.FirewallPolicy == nil || webConfig.FirewallPolicy.Inbound == nil || webConfig.FirewallPolicy.Inbound.GreyListRef == nil {
+		return 0, nil
+	}
+	return webConfig.FirewallPolicy.Inbound.GreyListRef.ListId, nil
+}
+
+// CreateIPListForServerId 为服务创建IP名单
+func (this *IPListDAO) CreateIPListForServerId(ctx context.Context, serverId int64, listType string) (int64, error) {
+	webConfig, err := SharedHTTPWebDAO.FindWebConfigWithServerId(ctx, serverId)
+	if err != nil {
+		return 0, err
+	}
+	if webConfig == nil {
+		return 0, nil
+	}
+	if webConfig.FirewallPolicy == nil || webConfig.FirewallPolicy.Id == 0 {
+		isOn := webConfig.FirewallRef != nil && webConfig.FirewallRef.IsOn
+		_, err = SharedHTTPWebDAO.InitEmptyHTTPFirewallPolicy(ctx, 0, serverId, webConfig.Id, isOn)
+		if err != nil {
+			return 0, errors.Wrap(err)
+		}
+		webConfig, err = SharedHTTPWebDAO.FindWebConfigWithServerId(ctx, serverId)
+		if err != nil {
+			return 0, err
+		}
+		if webConfig == nil {
+			return 0, nil
+		}
+		if webConfig.FirewallPolicy == nil {
+			return 0, nil
+		}
+	}
+
+	var inbound = webConfig.FirewallPolicy.Inbound
+	if inbound == nil {
+		inbound = &firewallconfigs.HTTPFirewallInboundConfig{
+			IsOn: true,
+		}
+	}
+	if listType == ipconfigs.IPListTypeWhite {
+		if inbound.AllowListRef == nil {
+			inbound.AllowListRef = &ipconfigs.IPListRef{
+				IsOn: true,
+			}
+		}
+		if inbound.AllowListRef.ListId > 0 {
+			return inbound.AllowListRef.ListId, nil
+		}
+	} else if listType == ipconfigs.IPListTypeBlack {
+		if inbound.DenyListRef == nil {
+			inbound.DenyListRef = &ipconfigs.IPListRef{
+				IsOn: true,
+			}
+		}
+		if inbound.DenyListRef.ListId > 0 {
+			return inbound.DenyListRef.ListId, nil
+		}
+	} else if listType == ipconfigs.IPListTypeGrey {
+		if inbound.GreyListRef == nil {
+			inbound.GreyListRef = &ipconfigs.IPListRef{
+				IsOn: true,
+			}
+		}
+		if inbound.GreyListRef.ListId > 0 {
+			return inbound.DenyListRef.ListId, nil
+		}
+	}
+
+	ipListResp, err := this.RPC().IPListRPC().CreateIPList(ctx, &pb.CreateIPListRequest{
+		Type:        listType,
+		Name:        "IP名单",
+		Code:        listType,
+		ServerId:    serverId,
+		TimeoutJSON: nil,
+	})
+	if err != nil {
+		return 0, errors.Wrap(err)
+	}
+
+	if listType == ipconfigs.IPListTypeWhite {
+		inbound.AllowListRef.ListId = ipListResp.IpListId
+	} else if listType == ipconfigs.IPListTypeBlack {
+		inbound.DenyListRef.ListId = ipListResp.IpListId
+	} else if listType == ipconfigs.IPListTypeGrey {
+		inbound.GreyListRef.ListId = ipListResp.IpListId
+	}
+	inboundJSON, err := json.Marshal(inbound)
+	if err != nil {
+		return 0, errors.Wrap(err)
+	}
+	_, err = this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallInboundConfig(ctx, &pb.UpdateHTTPFirewallInboundConfigRequest{
+		HttpFirewallPolicyId: webConfig.FirewallPolicy.Id,
+		InboundJSON:          inboundJSON,
+	})
+	if err != nil {
+		return 0, errors.Wrap(err)
+	}
+
+	return ipListResp.IpListId, nil
+}
--- a/EdgeCommon/pkg/rpc/dao/log_dao.go
+++ b/EdgeCommon/pkg/rpc/dao/log_dao.go
@@ -0,0 +1,49 @@
+package dao
+
+import (
+	"context"
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeCommon/pkg/langs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+)
+
+var SharedLogDAO = NewLogDAO()
+
+type LogDAO struct {
+	BaseDAO
+}
+
+func NewLogDAO() *LogDAO {
+	return &LogDAO{}
+}
+
+func (this *LogDAO) CreateUserLog(ctx context.Context, level string, action string, description string, ip string) error {
+	_, err := this.RPC().LogRPC().CreateLog(ctx, &pb.CreateLogRequest{
+		Level:       level,
+		Description: description,
+		Action:      action,
+		Ip:          ip,
+	})
+	return err
+}
+
+func (this *LogDAO) CreateAdminLog(ctx context.Context, level string, action string, description string, ip string, langMessageCode langs.MessageCode, langMessageArgs []any) error {
+	var langMessageArgsJSON []byte
+	var err error
+	if len(langMessageArgs) > 0 {
+		langMessageArgsJSON, err = json.Marshal(langMessageArgs)
+		if err != nil {
+			return err
+		}
+	}
+
+	_, err = this.RPC().LogRPC().CreateLog(ctx, &pb.CreateLogRequest{
+		Level:               level,
+		Description:         description,
+		Action:              action,
+		Ip:                  ip,
+		LangMessageCode:     langMessageCode.String(),
+		LangMessageArgsJSON: langMessageArgsJSON,
+	})
+	return err
+}
--- a/EdgeCommon/pkg/rpc/dao/node_cluster_dao.go
+++ b/EdgeCommon/pkg/rpc/dao/node_cluster_dao.go
@@ -0,0 +1,27 @@
+package dao
+
+import (
+	"context"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+)
+
+var SharedNodeClusterDAO = new(NodeClusterDAO)
+
+// NodeClusterDAO 集群相关操作
+type NodeClusterDAO struct {
+	BaseDAO
+}
+
+// FindEnabledNodeCluster 查找集群
+func (this *NodeClusterDAO) FindEnabledNodeCluster(ctx context.Context, clusterId int64) (*pb.NodeCluster, error) {
+	clusterResp, err := this.RPC().NodeClusterRPC().FindEnabledNodeCluster(ctx, &pb.FindEnabledNodeClusterRequest{NodeClusterId: clusterId})
+	if err != nil {
+		return nil, err
+	}
+	return clusterResp.NodeCluster, nil
+}
+
+// FindEnabledNodeClusterConfigInfo 查找集群概要信息
+func (this *NodeClusterDAO) FindEnabledNodeClusterConfigInfo(ctx context.Context, clusterId int64) (*pb.FindEnabledNodeClusterConfigInfoResponse, error) {
+	return this.RPC().NodeClusterRPC().FindEnabledNodeClusterConfigInfo(ctx, &pb.FindEnabledNodeClusterConfigInfoRequest{NodeClusterId: clusterId})
+}
--- a/EdgeCommon/pkg/rpc/dao/rpc_client.go
+++ b/EdgeCommon/pkg/rpc/dao/rpc_client.go
@@ -0,0 +1,48 @@
+package dao
+
+import "github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+
+var sharedRPCClient RPCClient
+
+func SetRPC(client RPCClient) {
+	sharedRPCClient = client
+}
+
+type RPCClient interface {
+	SysSettingRPC() pb.SysSettingServiceClient
+	NodeClusterRPC() pb.NodeClusterServiceClient
+	NodeRegionRPC() pb.NodeRegionServiceClient
+	ServerRPC() pb.ServerServiceClient
+	ServerGroupRPC() pb.ServerGroupServiceClient
+	OriginRPC() pb.OriginServiceClient
+	HTTPWebRPC() pb.HTTPWebServiceClient
+	ReverseProxyRPC() pb.ReverseProxyServiceClient
+	HTTPGzipRPC() pb.HTTPGzipServiceClient
+	HTTPHeaderRPC() pb.HTTPHeaderServiceClient
+	HTTPHeaderPolicyRPC() pb.HTTPHeaderPolicyServiceClient
+	HTTPPageRPC() pb.HTTPPageServiceClient
+	HTTPAccessLogPolicyRPC() pb.HTTPAccessLogPolicyServiceClient
+	HTTPCachePolicyRPC() pb.HTTPCachePolicyServiceClient
+	HTTPFirewallPolicyRPC() pb.HTTPFirewallPolicyServiceClient
+	HTTPFirewallRuleGroupRPC() pb.HTTPFirewallRuleGroupServiceClient
+	HTTPFirewallRuleSetRPC() pb.HTTPFirewallRuleSetServiceClient
+	HTTPLocationRPC() pb.HTTPLocationServiceClient
+	HTTPWebsocketRPC() pb.HTTPWebsocketServiceClient
+	HTTPRewriteRuleRPC() pb.HTTPRewriteRuleServiceClient
+	HTTPAccessLogRPC() pb.HTTPAccessLogServiceClient
+	SSLCertRPC() pb.SSLCertServiceClient
+	SSLPolicyRPC() pb.SSLPolicyServiceClient
+	MessageRPC() pb.MessageServiceClient
+	IPListRPC() pb.IPListServiceClient
+	IPItemRPC() pb.IPItemServiceClient
+	FileRPC() pb.FileServiceClient
+	FileChunkRPC() pb.FileChunkServiceClient
+	RegionCountryRPC() pb.RegionCountryServiceClient
+	RegionProvinceRPC() pb.RegionProvinceServiceClient
+	LogRPC() pb.LogServiceClient
+	DNSDomainRPC() pb.DNSDomainServiceClient
+	DNSRPC() pb.DNSServiceClient
+	ACMEUserRPC() pb.ACMEUserServiceClient
+	ACMETaskRPC() pb.ACMETaskServiceClient
+	UserRPC() pb.UserServiceClient
+}
--- a/EdgeCommon/pkg/rpc/dao/server_dao.go
+++ b/EdgeCommon/pkg/rpc/dao/server_dao.go
@@ -0,0 +1,40 @@
+package dao
+
+import (
+	"context"
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+)
+
+var SharedServerDAO = new(ServerDAO)
+
+type ServerDAO struct {
+	BaseDAO
+}
+
+// FindEnabledServerConfig 查找服务配置
+func (this *ServerDAO) FindEnabledServerConfig(ctx context.Context, serverId int64) (*serverconfigs.ServerConfig, error) {
+	resp, err := this.RPC().ServerRPC().FindEnabledServerConfig(ctx, &pb.FindEnabledServerConfigRequest{ServerId: serverId})
+	if err != nil {
+		return nil, err
+	}
+	if len(resp.ServerJSON) == 0 {
+		return nil, nil
+	}
+	config := &serverconfigs.ServerConfig{}
+	err = json.Unmarshal(resp.ServerJSON, config)
+	if err != nil {
+		return nil, err
+	}
+	return config, nil
+}
+
+// FindEnabledServer 查找服务
+func (this *ServerDAO) FindEnabledServer(ctx context.Context, serverId int64) (*pb.Server, error) {
+	resp, err := this.RPC().ServerRPC().FindEnabledServer(ctx, &pb.FindEnabledServerRequest{ServerId: serverId})
+	if err != nil {
+		return nil, err
+	}
+	return resp.Server, nil
+}