feat: 优化防火墙错误返回 (#2791)

2025-02-24 14:54:43 +08:00 · 2023-11-03 14:38:13 +08:00 · 2023-11-03 14:38:13 +08:00 · 0d9fc1ccee
commit 0d9fc1ccee
parent 6a989482a9
3 changed files with 32 additions and 19 deletions
--- a/backend/app/service/firewall.go
+++ b/backend/app/service/firewall.go
@ -223,11 +223,11 @@ func (u *FirewallService) OperatePortRule(req dto.PortRuleOperate, reload bool)
 					req.Port = strings.ReplaceAll(req.Port, "-", ":")
 					req.Protocol = proto
 					if err := u.operatePort(client, req); err != nil {
-						global.LOG.Errorf("%s port %s/%s failed (strategy: %s, address: %s), err: %v", req.Operation, req.Port, req.Protocol, req.Strategy, req.Address, err)
+						return err
 					}
 					req.Port = strings.ReplaceAll(req.Port, ":", "-")
 					if err := u.addPortRecord(req); err != nil {
-						global.LOG.Errorf("add record %s/%s failed (strategy: %s, address: %s), err: %v", req.Port, req.Protocol, req.Strategy, req.Address, err)
+						return err
 					}
 				}
 			}
@ -242,13 +242,13 @@ func (u *FirewallService) OperatePortRule(req dto.PortRuleOperate, reload bool)
 			}
 			req.Address = addr
 			if err := u.operatePort(client, req); err != nil {
-				global.LOG.Errorf("%s port %s/%s failed (strategy: %s, address: %s), err: %v", req.Operation, req.Port, req.Protocol, req.Strategy, req.Address, err)
+				return err
 			}
 			if len(req.Protocol) == 0 {
 				req.Protocol = "tcp/udp"
 			}
 			if err := u.addPortRecord(req); err != nil {
-				global.LOG.Errorf("add record %s/%s failed (strategy: %s, address: %s), err: %v", req.Port, req.Protocol, req.Strategy, req.Address, err)
+				return err
 			}
 		}
 		return nil
@ -261,9 +261,11 @@ func (u *FirewallService) OperatePortRule(req dto.PortRuleOperate, reload bool)
 				req.Protocol = proto
 				req.Address = addr
 				if err := u.operatePort(client, req); err != nil {
-					global.LOG.Errorf("%s port %s/%s failed (strategy: %s, address: %s), err: %v", req.Operation, req.Port, req.Protocol, req.Strategy, req.Address, err)
+					return err
+				}
+				if err := u.addPortRecord(req); err != nil {
+					return err
 				}
-				_ = u.addPortRecord(req)
 			}
 		} else {
 			ports := strings.Split(itemPorts, ",")
@ -276,9 +278,11 @@ func (u *FirewallService) OperatePortRule(req dto.PortRuleOperate, reload bool)
 					req.Port = port
 					req.Protocol = proto
 					if err := u.operatePort(client, req); err != nil {
-						global.LOG.Errorf("%s port %s/%s failed (strategy: %s, address: %s), err: %v", req.Operation, req.Port, req.Protocol, req.Strategy, req.Address, err)
+						return err
+					}
+					if err := u.addPortRecord(req); err != nil {
+						return err
 					}
-					_ = u.addPortRecord(req)
 				}
 			}
 		}
@ -308,10 +312,12 @@ func (u *FirewallService) OperateAddressRule(req dto.AddrRuleOperate, reload boo
 		}
 		fireInfo.Address = addressList[i]
 		if err := client.RichRules(fireInfo, req.Operation); err != nil {
-			global.LOG.Errorf("%s address %s failed (strategy: %s), err: %v", req.Operation, addressList[i], req.Strategy, err)
+			return err
 		}
 		req.Address = addressList[i]
-		_ = u.addAddressRecord(req)
+		if err := u.addAddressRecord(req); err != nil {
+			return err
+		}
 	}
 	if reload {
 		return client.Reload()
@ -545,26 +551,33 @@ func (u *FirewallService) addPortRecord(req dto.PortRuleOperate) error {
 		return hostRepo.DeleteFirewallRecord("port", req.Port, req.Protocol, req.Address, req.Strategy)
 	}

-	return hostRepo.SaveFirewallRecord(&model.Firewall{
+	if err := hostRepo.SaveFirewallRecord(&model.Firewall{
 		Type:        "port",
 		Port:        req.Port,
 		Protocol:    req.Protocol,
 		Address:     req.Address,
 		Strategy:    req.Strategy,
 		Description: req.Description,
-	})
+	}); err != nil {
+		return fmt.Errorf("add record %s/%s failed (strategy: %s, address: %s), err: %v", req.Port, req.Protocol, req.Strategy, req.Address, err)
+	}
+
+	return nil
 }

 func (u *FirewallService) addAddressRecord(req dto.AddrRuleOperate) error {
 	if req.Operation == "remove" {
 		return hostRepo.DeleteFirewallRecord("address", "", "", req.Address, req.Strategy)
 	}
-	return hostRepo.SaveFirewallRecord(&model.Firewall{
+	if err := hostRepo.SaveFirewallRecord(&model.Firewall{
 		Type:        "address",
 		Address:     req.Address,
 		Strategy:    req.Strategy,
 		Description: req.Description,
-	})
+	}); err != nil {
+		return fmt.Errorf("add record failed (strategy: %s, address: %s), err: %v", req.Strategy, req.Address, err)
+	}
+	return nil
 }

 func listIpRules(strategy string) ([]string, error) {
--- a/backend/utils/firewall/client/firewalld.go
+++ b/backend/utils/firewall/client/firewalld.go
@ -132,7 +132,7 @@ func (f *Firewall) Port(port FireInfo, operation string) error {

 	stdout, err := cmd.Execf("firewall-cmd --zone=public --%s-port=%s/%s --permanent", operation, port.Port, port.Protocol)
 	if err != nil {
-		return fmt.Errorf("%s port failed, err: %s", operation, stdout)
+		return fmt.Errorf("%s (port: %s/%s strategy: %s) failed, err: %s", operation, port.Port, port.Protocol, port.Strategy, stdout)
 	}
 	return nil
 }
@ -154,12 +154,12 @@ func (f *Firewall) RichRules(rule FireInfo, operation string) error {
 	ruleStr += rule.Strategy
 	stdout, err := cmd.Execf("firewall-cmd --zone=public --%s-rich-rule '%s' --permanent", operation, ruleStr)
 	if err != nil {
-		return fmt.Errorf("%s rich rules failed, err: %s", operation, stdout)
+		return fmt.Errorf("%s rich rules (%s) failed, err: %s", operation, ruleStr, stdout)
 	}
 	if len(rule.Address) == 0 {
 		stdout1, err := cmd.Execf("firewall-cmd --zone=public --%s-rich-rule '%s' --permanent", operation, strings.ReplaceAll(ruleStr, "family=ipv4 ", "family=ipv6 "))
 		if err != nil {
-			return fmt.Errorf("%s rich rules failed, err: %s", operation, stdout1)
+			return fmt.Errorf("%s rich rules (%s) failed, err: %s", operation, strings.ReplaceAll(ruleStr, "family=ipv4 ", "family=ipv6 "), stdout1)
 		}
 	}
 	return nil
--- a/backend/utils/firewall/client/ufw.go
+++ b/backend/utils/firewall/client/ufw.go
@ -146,7 +146,7 @@ func (f *Ufw) Port(port FireInfo, operation string) error {
 	}
 	stdout, err := cmd.Exec(command)
 	if err != nil {
-		return fmt.Errorf("%s port failed, err: %s", operation, stdout)
+		return fmt.Errorf("%s (%s) failed, err: %s", operation, command, stdout)
 	}
 	return nil
 }
@ -183,7 +183,7 @@ func (f *Ufw) RichRules(rule FireInfo, operation string) error {

 	stdout, err := cmd.Exec(ruleStr)
 	if err != nil {
-		return fmt.Errorf("%s rich rules failed, err: %s", operation, stdout)
+		return fmt.Errorf("%s rich rules (%s), failed, err: %s", operation, ruleStr, stdout)
 	}
 	return nil
 }