feat:增加日志排序字段

2025-12-06 14:59:18 +08:00 · 2024-01-12 16:03:26 +08:00
parent b3fcc4ab2f
commit e9ecd073c1
9 changed files with 135 additions and 43 deletions
--- a/api/waf_host.go
+++ b/api/waf_host.go
@@ -132,7 +132,7 @@ func (w *WafHostAPi) ModifyHostApi(c *gin.Context) {
 }
 func (w *WafHostAPi) ModifyGuardStatusApi(c *gin.Context) {
 	var req request.WafHostGuardStatusReq
-	err := c.ShouldBindJSON(&req)
+	err := c.ShouldBind(&req)
 	if err == nil {
 		err = wafHostService.ModifyGuardStatusApi(req)
 		if err != nil {
--- a/global/global.go
+++ b/global/global.go
@@ -32,7 +32,7 @@ var (

 	GWAF_RUNTIME_DNS_SERVER string = "119.29.29.29" //反向查询DNS的IP

-	GWAF_RUNTIME_RECORD_LOG_TYPE string = "全部" // 记录日志形式： 全部(all),非正常(abnormal)
+	GWAF_RUNTIME_RECORD_LOG_TYPE string = "all" // 记录日志形式： 全部(all),非正常(abnormal)
 	/**
 	遥测数据
 	*/
--- a/innerbean/web_log.go
+++ b/innerbean/web_log.go
@@ -33,6 +33,7 @@ type WebLog struct {
 	UNIX_ADD_TIME        int64  `json:"unix_add_time"`               //添加日期unix
 	RISK_LEVEL           int    `json:"risk_level"`                  //危险等级 0:正常 1: 轻微  2: 有害 3: 严重 4: 特别严重
 	GUEST_IDENTIFICATION string `json:"guest_identification"`        //访客身份识别
+	TimeSpent            int64  `json:"time_spent"`                  //用时
 }
 type WAFLog struct {
 	REQ_UUID    string `json:"req_uuid"`
--- a/localwaf/src/pages/waf/attack/index.vue
+++ b/localwaf/src/pages/waf/attack/index.vue
@@ -82,10 +82,13 @@
            <t-checkbox v-model="customText" style="margin-left: 16px">自定义列配置按钮</t-checkbox>
          </t-space>
        </t-space> -->
-        <t-table :columns="columns" :data="data" size="small" :rowKey="rowKey" :verticalAlign="verticalAlign"
+        <t-table :columns="columns" :data="data"  size="small" :rowKey="rowKey" :verticalAlign="verticalAlign"
          :column-controller="columnControllerConfig" :displayColumns.sync="displayColumns" :pagination="pagination"
          :selected-row-keys="selectedRowKeys" :loading="dataLoading" @page-change="rehandlePageChange"
-          @change="rehandleChange" @select-change="rehandleSelectChange"
+          :sort="sorts"
+          @change="rehandleChange"
+                 @select-change="rehandleSelectChange"
+                 @sort-change="onSortChange"
          :headerAffixProps="{ offsetTop: offsetTop, container: getContainer }">

          <template #action="{ row }">
@@ -221,8 +224,27 @@
        selectedRowKeys: [],
        value: 'first',
        customText: false,
-        displayColumns: staticColumn.concat(['create_time', 'host', 'method', 'url', 'src_ip', 'country']),
+        displayColumns: staticColumn.concat(['guest_identification','time_spent','create_time', 'host', 'method', 'url', 'src_ip', 'country']),
        columns: [
+          {
+            title: '访客身份',
+            width: 100,
+            ellipsis: true,
+            colKey: 'guest_identification',
+          },
+          {
+            title: '耗时(ms)',
+            width: 100,
+            ellipsis: true,
+            colKey: 'time_spent',
+            sorter: true
+          },
+          {
+            title: '危害程度',
+            width: 60,
+            ellipsis: true,
+            colKey: 'risk_level',
+          },
          {
            title: '状态',
            width: 60,
@@ -241,6 +263,7 @@
            width: 170,
            ellipsis: true,
            colKey: 'create_time',
+            sorter: true
          },
          {
            title: '域名',
@@ -330,6 +353,15 @@
          unix_add_time_end: "",
          current_db_name:"local_log.db",
        },
+        //table 字段
+        table:{
+          multipleSort:true
+        },
+        //排序字段
+        sorts: {
+          sortBy:"create_time",
+          descending:true,
+        },
        //主机字典
        host_dic: {},
        //日志存档字典
@@ -350,7 +382,7 @@
      columnControllerConfig() {
        return {
          placement: this.placement,
-          fields: ['action', 'rule', 'create_time', 'host', 'method', 'url', 'header', 'country', 'province', 'city', 'status'],
+          fields: ['action', 'rule', 'create_time', 'host', 'method', 'url', 'header', 'country', 'province', 'city', 'status','risk_level','guest_identification','time_spent'],
          // 弹框组件属性透传
          dialogProps: { preventScrollThrough: true },
          // 列配置按钮属性头像
@@ -453,10 +485,14 @@
        that.searchformData.unix_add_time_begin = ConvertStringToUnix(this.dateControl.range1[0]).toString()
        that.searchformData.unix_add_time_end = ConvertStringToUnix(this.dateControl.range1[1]).toString()

+        let sort_descending =that.sorts.descending?"desc":"asc"
+
        this.$request
          .post('/waflog/attack/list', {
            pageSize: that.pagination.pageSize,
            pageIndex: that.pagination.current,
+            sort_by: that.sorts.sortBy,
+            sort_descending: sort_descending,
            unix_add_time_begin: ConvertStringToUnix(this.dateControl.range1[0]).toString(),
            unix_add_time_end: ConvertStringToUnix(this.dateControl.range1[1]).toString(),
            ...that.searchformData
@@ -548,6 +584,24 @@
      handleJumpOnlineUrl(){
        window.open(this.samwafglobalconfig.getOnlineUrl()+"/guide/attacklog.html");
      },
+      /**
+       * table 排序
+       */
+      onSortChange(sorter){
+        console.log('排序',sorter)
+        let that = this
+
+        if (sorter != undefined){
+          this.sorts.sortBy= sorter.sortBy
+          that.sorts.descending= sorter.descending
+
+        }else{
+          that.sorts.sortBy="create_time"
+          that.sorts.descending= true
+        }
+        this.getList("")
+      }
+      //end meathod
    },
  });
 </script>
--- a/model/request/waf_attack_log_search.go
+++ b/model/request/waf_attack_log_search.go
@@ -12,5 +12,8 @@ type WafAttackLogSearch struct {
 	UnixAddTimeBegin string `json:"unix_add_time_begin" form:"unix_add_time_begin"` //开始时间
 	UnixAddTimeEnd   string `json:"unix_add_time_end" form:"unix_add_time_end"`     //结束时间
 	Method           string `json:"method" form:"method"`                           //访问方法
+
+	SortBy         string `json:"sort_by" form:"sort_by"`                 //排序字段
+	SortDescending string `json:"sort_descending" form:"sort_descending"` //排序方式
 	request.PageInfo
 }
--- a/service/waf_service/waf_log.go
+++ b/service/waf_service/waf_log.go
@@ -5,6 +5,7 @@ import (
 	"SamWaf/innerbean"
 	"SamWaf/model/request"
 	"SamWaf/wafdb"
+	"errors"
 )

 type WafLogService struct{}
@@ -41,13 +42,27 @@ func (receiver *WafLogService) GetListApi(req request.WafAttackLogSearch) ([]inn
 		StatusCode: req.StatusCode,
 		Method:     req.Method,
 	}
+	orderInfo := ""
+
+	/**
+	排序
+	*/
+	if receiver.isValidSortField(req.SortBy) {
+		if req.SortDescending == "desc" {
+			orderInfo = req.SortBy + " desc"
+		} else {
+			orderInfo = req.SortBy + " asc"
+		}
+	} else {
+		return nil, 0, errors.New("输入排序字段不合法")
+	}
 	if len(req.CurrrentDbName) == 0 || req.CurrrentDbName == "local_log.db" {
-		global.GWAF_LOCAL_LOG_DB.Limit(req.PageSize).Where(whereCondition).Where("unix_add_time>=? and unix_add_time<=?", req.UnixAddTimeBegin, req.UnixAddTimeEnd).Offset(req.PageSize * (req.PageIndex - 1)).Order("create_time desc").Find(&weblogs)
+		global.GWAF_LOCAL_LOG_DB.Debug().Limit(req.PageSize).Where(whereCondition).Where("unix_add_time>=? and unix_add_time<=?", req.UnixAddTimeBegin, req.UnixAddTimeEnd).Offset(req.PageSize * (req.PageIndex - 1)).Order(orderInfo).Find(&weblogs)
 		global.GWAF_LOCAL_LOG_DB.Model(&innerbean.WebLog{}).Where(whereCondition).Where("unix_add_time>=? and unix_add_time<=?", req.UnixAddTimeBegin, req.UnixAddTimeEnd).Count(&total)

 	} else {
 		wafdb.InitManaulLogDb("", req.CurrrentDbName)
-		global.GDATA_CURRENT_LOG_DB_MAP[req.CurrrentDbName].Debug().Limit(req.PageSize).Where(whereCondition).Where("unix_add_time>=? and unix_add_time<=?", req.UnixAddTimeBegin, req.UnixAddTimeEnd).Offset(req.PageSize * (req.PageIndex - 1)).Order("create_time desc").Find(&weblogs)
+		global.GDATA_CURRENT_LOG_DB_MAP[req.CurrrentDbName].Debug().Limit(req.PageSize).Where(whereCondition).Where("unix_add_time>=? and unix_add_time<=?", req.UnixAddTimeBegin, req.UnixAddTimeEnd).Offset(req.PageSize * (req.PageIndex - 1)).Order(orderInfo).Find(&weblogs)
 		global.GDATA_CURRENT_LOG_DB_MAP[req.CurrrentDbName].Model(&innerbean.WebLog{}).Where(whereCondition).Where("unix_add_time>=? and unix_add_time<=?", req.UnixAddTimeBegin, req.UnixAddTimeEnd).Count(&total)

 	}
@@ -63,3 +78,18 @@ func (receiver *WafLogService) GetListByHostCodeApi(log request.WafAttackLogSear
 func (receiver *WafLogService) DeleteHistory(day string) {
 	global.GWAF_LOCAL_LOG_DB.Where("create_time < ?", day).Delete(&innerbean.WebLog{})
 }
+
+/*
+*
+判断是否合法
+*/
+func (receiver *WafLogService) isValidSortField(field string) bool {
+	var allowedSortFields = []string{"time_spent", "create_time"}
+
+	for _, allowedField := range allowedSortFields {
+		if field == allowedField {
+			return true
+		}
+	}
+	return false
+}
--- a/service/waf_service/waf_system_config.go
+++ b/service/waf_service/waf_system_config.go
@@ -30,11 +30,6 @@ func (receiver *WafSystemConfigService) AddApi(wafSystemConfigAddReq request.Waf
 		Remarks:  wafSystemConfigAddReq.Remarks,
 		HashInfo: "",
 	}
-	if wafSystemConfigAddReq.ItemType == nil {
-		if wafSystemConfigAddReq.ItemType == "" {
-			bean.ItemType = "string"
-		}
-	}
 	global.GWAF_LOCAL_DB.Create(bean)
 	return nil
 }
--- a/wafbot/dns_search.go
+++ b/wafbot/dns_search.go
@@ -2,6 +2,7 @@ package wafbot

 import (
 	"SamWaf/global"
+	"SamWaf/utils/zlog"
 	"context"
 	"fmt"
 	"net"
@@ -24,7 +25,7 @@ func ReverseDNSLookup(ipAddress string) ([]string, error) {

 	elapsed := time.Since(startTime)

-	fmt.Println(elapsed)
+	zlog.Debug("搜索引擎查询耗时", elapsed.String())
 	if err != nil {
 		return nil, fmt.Errorf("逆向 DNS 查询失败: %s", err)
 	}
--- a/wafenginecore/wafengine.go
+++ b/wafenginecore/wafengine.go
@@ -145,6 +145,7 @@ func (waf *WafEngine) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 			TASK_FLAG:            -1,
 			RISK_LEVEL:           0,      //危险等级
 			GUEST_IDENTIFICATION: "正常访客", //访客身份识别
+			TimeSpent:            0,
 		}

 		formValues := url.Values{}
@@ -458,32 +459,35 @@ func (waf *WafEngine) ServeHTTP(w http.ResponseWriter, r *http.Request) {

 		currentDay, _ := strconv.Atoi(datetimeNow.Format("20060102"))
 		weblogbean := innerbean.WebLog{
-			HOST:           r.Host,
-			URL:            r.RequestURI,
-			REFERER:        r.Referer(),
-			USER_AGENT:     r.UserAgent(),
-			METHOD:         r.Method,
-			HEADER:         string(header),
-			COUNTRY:        region[0],
-			PROVINCE:       region[2],
-			CITY:           region[3],
-			SRC_IP:         ipAndPort[0],
-			SRC_PORT:       ipAndPort[1],
-			CREATE_TIME:    datetimeNow.Format("2006-01-02 15:04:05"),
-			UNIX_ADD_TIME:  datetimeNow.UnixNano() / 1e6,
-			CONTENT_LENGTH: contentLength,
-			COOKIES:        string(cookies),
-			BODY:           string(bodyByte),
-			REQ_UUID:       uuid.NewV4().String(),
-			USER_CODE:      global.GWAF_USER_CODE,
-			HOST_CODE:      "",
-			TenantId:       global.GWAF_TENANT_ID,
-			RULE:           "",
-			ACTION:         "通过",
-			Day:            currentDay,
-			STATUS:         "禁止访问",
-			STATUS_CODE:    403,
-			TASK_FLAG:      1,
+			HOST:                 r.Host,
+			URL:                  r.RequestURI,
+			REFERER:              r.Referer(),
+			USER_AGENT:           r.UserAgent(),
+			METHOD:               r.Method,
+			HEADER:               string(header),
+			COUNTRY:              region[0],
+			PROVINCE:             region[2],
+			CITY:                 region[3],
+			SRC_IP:               ipAndPort[0],
+			SRC_PORT:             ipAndPort[1],
+			CREATE_TIME:          datetimeNow.Format("2006-01-02 15:04:05"),
+			UNIX_ADD_TIME:        datetimeNow.UnixNano() / 1e6,
+			CONTENT_LENGTH:       contentLength,
+			COOKIES:              string(cookies),
+			BODY:                 string(bodyByte),
+			REQ_UUID:             uuid.NewV4().String(),
+			USER_CODE:            global.GWAF_USER_CODE,
+			HOST_CODE:            "",
+			TenantId:             global.GWAF_TENANT_ID,
+			RULE:                 "",
+			ACTION:               "通过",
+			Day:                  currentDay,
+			STATUS:               "禁止访问",
+			STATUS_CODE:          403,
+			TASK_FLAG:            1,
+			RISK_LEVEL:           1,       //危险等级
+			GUEST_IDENTIFICATION: "未解析域名", //访客身份识别
+			TimeSpent:            0,
 		}

 		//记录响应body
@@ -507,7 +511,8 @@ func EchoErrorInfo(w http.ResponseWriter, r *http.Request, weblogbean innerbean.

 	resBytes := []byte("<html><head><title>您的访问被阻止</title></head><body><center><h1>" + blockInfo + "</h1> <br> 访问识别码：<h3>" + weblogbean.REQ_UUID + "</h3></center></body> </html>")
 	w.Write(resBytes)
-
+	datetimeNow := time.Now()
+	weblogbean.TimeSpent = datetimeNow.UnixNano()/1e6 - weblogbean.UNIX_ADD_TIME
 	//记录响应body
 	weblogbean.RES_BODY = string(resBytes)
 	weblogbean.RULE = ruleName
@@ -646,12 +651,15 @@ func (waf *WafEngine) modifyResponse() func(*http.Response) error {

 			//TODO 如果是指定URL 或者 IP 不记录日志
 			if !isStaticAssist && !strings.Contains(weblogfrist.URL, "index.php/lttshop/task_scheduling/") {
+				datetimeNow := time.Now()
+				weblogfrist.TimeSpent = datetimeNow.UnixNano()/1e6 - weblogfrist.UNIX_ADD_TIME
 				weblogfrist.ACTION = "放行"
 				weblogfrist.STATUS = resp.Status
 				weblogfrist.STATUS_CODE = resp.StatusCode
 				weblogfrist.TASK_FLAG = 1
-				if global.GWAF_RUNTIME_RECORD_LOG_TYPE == "abnormal" {
-					//只记录非正常
+				if global.GWAF_RUNTIME_RECORD_LOG_TYPE == "all" {
+					global.GQEQUE_LOG_DB.PushBack(weblogfrist)
+				} else if global.GWAF_RUNTIME_RECORD_LOG_TYPE == "abnormal" && weblogfrist.ACTION != "放行" {
 					global.GQEQUE_LOG_DB.PushBack(weblogfrist)
 				}