PyPI - cancan-microstack - Versions diffs - 0.0.1__py3-none-any.whl - Mend

cancan-microstack 0.0.1__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (440) hide show

cancan_microstack/services/opsbffsrv/domain/caddy/default_routes.py ADDED Viewed

@@ -0,0 +1,53 @@
+"""
+Default Caddy routes initialization module
+"""
+from linglong_web.utils import logger
+from cancan_microstack.public.schemas.caddy import CaddyRouteCreate
+from cancan_microstack.services.opsbffsrv.infrastructure.db.operate.caddy_route import (
+    get_route_by_name,
+    create_route,
+)
+DEFAULT_ROUTES = [
+    CaddyRouteCreate(
+        route_name="opsbffsrv-internal",
+        domain="*",
+        path_pattern="/v1/opsbffsrv/*",
+        upstream_service="opsbffsrv",
+        upstream_host="opsbffsrv.service",
+        upstream_port=8080,
+        priority=1000,
+        is_enabled=True,
+        enable_https=False,
+        force_https=False,
+        enable_waf=False,
+        waf_rule_set="default",
+        load_balance_strategy="round_robin",
+        health_check_path=None,
+        health_check_interval=30,
+        strip_path_prefix=None,
+        add_path_prefix=None,
+        route_metadata=None,
+        description="Internal route for opsbffsrv"
+    ),
+]
+async def init_default_routes():
+    """
+    Initialize default Caddy routes if they don't exist
+    """
+    logger.info("Initializing default Caddy routes...")
+    for route in DEFAULT_ROUTES:
+        try:
+            existing = await get_route_by_name(route.route_name)
+            if not existing:
+                logger.info(f"Creating default route: {route.route_name}")
+                await create_route(route)
+            else:
+                logger.debug(f"Default route already exists: {route.route_name}")
+        except Exception as e:
+            logger.error(f"Failed to initialize default route {route.route_name}: {e}")
+    logger.info("Default Caddy routes initialization completed")

cancan_microstack/services/opsbffsrv/domain/caddy/rate_limit_management.py ADDED Viewed

@@ -0,0 +1,308 @@
+"""
+Caddy 限流规则管理领域服务
+包含限流规则的核心业务逻辑和业务规则
+"""
+from typing import (
+    Any,
+    Dict,
+    List,
+    Optional,
+)
+from linglong_web.utils import logger
+from cancan_microstack.public.schemas.caddy import CaddyRateLimit, CaddyRateLimitCreate
+from cancan_microstack.services.opsbffsrv.infrastructure.db.operate.caddy_rate_limit import (
+    get_rate_limit_by_id,
+    get_rate_limit_by_name,
+    get_enabled_rate_limits,
+    get_rate_limits_by_match_type,
+    get_all_rate_limits,
+    create_rate_limit,
+    update_rate_limit,
+    update_rate_limit_by_name,
+    enable_rate_limit,
+    disable_rate_limit,
+    delete_rate_limit,
+    delete_rate_limit_by_name,
+    add_whitelist_ip,
+    remove_whitelist_ip,
+    add_blacklist_ip,
+    remove_blacklist_ip,
+    count_rate_limits,
+)
+class RateLimitManagementDomain:
+    """限流规则管理领域服务"""
+    async def create_new_rate_limit(self, rate_limit: CaddyRateLimitCreate) -> CaddyRateLimit:
+        """
+        创建新限流规则
+        业务规则：
+        1. 规则名称必须唯一
+        2. 限流值必须大于 0
+        3. 时间窗口至少 1 秒
+        4. 优先级范围：0-1000
+        Args:
+            rate_limit: 限流规则创建对象
+        Returns:
+            创建后的限流规则对象
+        Raises:
+            ValueError: 业务规则违反
+        """
+        logger.info(f"Creating new rate limit rule: {rate_limit.rule_name}")
+        # 业务规则验证
+        await self._validate_rate_limit_create(rate_limit)
+        # 创建数据库记录
+        db_rate_limit = await create_rate_limit(rate_limit)
+        logger.info(f"Rate limit rule created in database: {db_rate_limit.id}")
+        return db_rate_limit
+    async def update_existing_rate_limit(self, rule_id: int, data: Dict[str, Any]) -> Optional[CaddyRateLimit]:
+        """
+        更新现有限流规则
+        Args:
+            rule_id: 规则 ID
+            data: 更新数据
+        Returns:
+            更新后的限流规则对象或 None
+        """
+        logger.info(f"Updating rate limit rule: {rule_id}")
+        # 验证规则存在
+        existing_rule = await get_rate_limit_by_id(rule_id)
+        if not existing_rule:
+            logger.warning(f"Rate limit rule not found: {rule_id}")
+            return None
+        # 验证更新数据
+        if 'limit_value' in data and data['limit_value'] <= 0:
+            raise ValueError("Limit value must be greater than 0")
+        if 'limit_window' in data and data['limit_window'] < 1:
+            raise ValueError("Limit window must be at least 1 second")
+        # 更新数据库记录
+        updated_rule = await update_rate_limit(rule_id, data)
+        if updated_rule:
+            logger.info(f"Rate limit rule updated: {rule_id}")
+        return updated_rule
+    async def toggle_rate_limit_status(self, rule_id: int, enabled: bool) -> Optional[CaddyRateLimit]:
+        """
+        切换限流规则启用状态
+        Args:
+            rule_id: 规则 ID
+            enabled: 是否启用
+        Returns:
+            更新后的限流规则对象或 None
+        """
+        logger.info(f"Toggling rate limit rule {rule_id} status to: {enabled}")
+        if enabled:
+            updated_rule = await enable_rate_limit(rule_id)
+        else:
+            updated_rule = await disable_rate_limit(rule_id)
+        return updated_rule
+    async def remove_rate_limit(self, rule_id: int) -> bool:
+        """
+        删除限流规则
+        Args:
+            rule_id: 规则 ID
+        Returns:
+            是否删除成功
+        """
+        logger.info(f"Removing rate limit rule: {rule_id}")
+        # 验证规则存在
+        existing_rule = await get_rate_limit_by_id(rule_id)
+        if not existing_rule:
+            logger.warning(f"Rate limit rule not found: {rule_id}")
+            return False
+        # 删除数据库记录
+        success = await delete_rate_limit(rule_id)
+        if success:
+            logger.info(f"Rate limit rule removed: {rule_id}")
+        return success
+    async def get_rate_limit_details(self, rule_id: int) -> Optional[CaddyRateLimit]:
+        """
+        获取限流规则详情
+        Args:
+            rule_id: 规则 ID
+        Returns:
+            限流规则对象或 None
+        """
+        return await get_rate_limit_by_id(rule_id)
+    async def list_rate_limits(self, filters: Optional[Dict[str, Any]] = None) -> List[CaddyRateLimit]:
+        """
+        列出限流规则
+        Args:
+            filters: 过滤条件
+        Returns:
+            限流规则列表
+        """
+        return await get_all_rate_limits(filters)
+    async def list_rate_limits_by_match_type(self, match_type: str) -> List[CaddyRateLimit]:
+        """
+        按匹配类型列出限流规则
+        Args:
+            match_type: 匹配类型（path/domain/ip/header/all）
+        Returns:
+            限流规则列表
+        """
+        return await get_rate_limits_by_match_type(match_type)
+    async def manage_whitelist_ip(self, rule_id: int, ip: str, action: str) -> Optional[CaddyRateLimit]:
+        """
+        管理白名单 IP
+        Args:
+            rule_id: 规则 ID
+            ip: IP 地址
+            action: 操作（add/remove）
+        Returns:
+            更新后的限流规则对象或 None
+        Raises:
+            ValueError: 操作无效
+        """
+        logger.info(f"Managing whitelist IP for rule {rule_id}: {action} {ip}")
+        # 验证 IP 格式
+        if not self._is_valid_ip(ip):
+            raise ValueError(f"Invalid IP address: {ip}")
+        if action == "add":
+            return await add_whitelist_ip(rule_id, ip)
+        elif action == "remove":
+            return await remove_whitelist_ip(rule_id, ip)
+        else:
+            raise ValueError(f"Invalid action: {action}. Must be 'add' or 'remove'")
+    async def manage_blacklist_ip(self, rule_id: int, ip: str, action: str) -> Optional[CaddyRateLimit]:
+        """
+        管理黑名单 IP
+        Args:
+            rule_id: 规则 ID
+            ip: IP 地址
+            action: 操作（add/remove）
+        Returns:
+            更新后的限流规则对象或 None
+        Raises:
+            ValueError: 操作无效
+        """
+        logger.info(f"Managing blacklist IP for rule {rule_id}: {action} {ip}")
+        # 验证 IP 格式
+        if not self._is_valid_ip(ip):
+            raise ValueError(f"Invalid IP address: {ip}")
+        if action == "add":
+            return await add_blacklist_ip(rule_id, ip)
+        elif action == "remove":
+            return await remove_blacklist_ip(rule_id, ip)
+        else:
+            raise ValueError(f"Invalid action: {action}. Must be 'add' or 'remove'")
+    async def get_rate_limit_count(self, filters: Optional[Dict[str, Any]] = None) -> int:
+        """
+        获取限流规则数量
+        Args:
+            filters: 过滤条件
+        Returns:
+            规则数量
+        """
+        return await count_rate_limits(filters)
+    async def _validate_rate_limit_create(self, rate_limit: CaddyRateLimitCreate):
+        """
+        验证限流规则创建的业务规则
+        Args:
+            rate_limit: 限流规则创建对象
+        Raises:
+            ValueError: 业务规则违反
+        """
+        # 验证规则名称唯一性
+        existing_rule = await get_rate_limit_by_name(rate_limit.rule_name)
+        if existing_rule:
+            raise ValueError(f"Rate limit rule name already exists: {rate_limit.rule_name}")
+        # 验证限流值
+        if rate_limit.limit_value <= 0:
+            raise ValueError("Limit value must be greater than 0")
+        # 验证时间窗口
+        if rate_limit.limit_window < 1:
+            raise ValueError("Limit window must be at least 1 second")
+        # 验证优先级范围
+        if rate_limit.priority < 0 or rate_limit.priority > 1000:
+            raise ValueError(f"Priority must be between 0 and 1000: {rate_limit.priority}")
+        # 验证匹配类型
+        valid_match_types = ['path', 'domain', 'ip', 'header', 'all']
+        if rate_limit.match_type not in valid_match_types:
+            raise ValueError(f"Invalid match type: {rate_limit.match_type}. Must be one of {valid_match_types}")
+        # 验证限流类型
+        valid_limit_types = ['request', 'bandwidth']
+        if rate_limit.limit_type not in valid_limit_types:
+            raise ValueError(f"Invalid limit type: {rate_limit.limit_type}. Must be one of {valid_limit_types}")
+        # 验证限流键
+        valid_limit_keys = ['ip', 'header', 'cookie', 'path']
+        if rate_limit.limit_key not in valid_limit_keys:
+            raise ValueError(f"Invalid limit key: {rate_limit.limit_key}. Must be one of {valid_limit_keys}")
+    def _is_valid_ip(self, ip: str) -> bool:
+        """
+        验证 IP 地址格式
+        Args:
+            ip: IP 地址字符串
+        Returns:
+            是否为有效 IP
+        """
+        try:
+            import ipaddress
+            ipaddress.ip_address(ip)
+            return True
+        except ValueError:
+            return False

cancan_microstack/services/opsbffsrv/domain/caddy/route_management.py ADDED Viewed

@@ -0,0 +1,279 @@
+"""
+Caddy 路由管理领域服务
+包含路由配置的核心业务逻辑和业务规则
+"""
+from typing import (
+    Any,
+    Dict,
+    List,
+    Optional,
+)
+from linglong_web.utils import logger
+from cancan_microstack.public.schemas.caddy import CaddyRoute, CaddyRouteCreate
+from cancan_microstack.services.opsbffsrv.infrastructure.db.operate.caddy_route import (
+    get_route_by_id,
+    get_route_by_name,
+    get_routes_by_domain,
+    get_routes_by_service,
+    get_enabled_routes,
+    get_all_routes,
+    create_route,
+    update_route,
+    update_route_by_name,
+    enable_route,
+    disable_route,
+    delete_route,
+    delete_route_by_name,
+    count_routes,
+)
+from cancan_microstack.services.opsbffsrv.infrastructure.caddy.admin_api_client import caddy_admin_client
+class RouteManagementDomain:
+    """路由管理领域服务"""
+    async def create_new_route(self, route: CaddyRouteCreate) -> CaddyRoute:
+        """
+        创建新路由
+        业务规则：
+        1. 路由名称必须唯一
+        2. 优先级范围：0-1000
+        3. 创建后自动同步到 Caddy
+        Args:
+            route: 路由创建对象
+        Returns:
+            创建后的路由对象
+        Raises:
+            ValueError: 业务规则违反
+        """
+        logger.info(f"Creating new route: {route.route_name}")
+        # 业务规则验证
+        await self._validate_route_create(route)
+        # 创建数据库记录
+        db_route = await create_route(route)
+        logger.info(f"Route created in database: {db_route.id}")
+        return db_route
+    async def update_existing_route(self, route_id: int, data: Dict[str, Any]) -> Optional[CaddyRoute]:
+        """
+        更新现有路由
+        Args:
+            route_id: 路由 ID
+            data: 更新数据
+        Returns:
+            更新后的路由对象或 None
+        """
+        logger.info(f"Updating route: {route_id}")
+        # 验证路由存在
+        existing_route = await get_route_by_id(route_id)
+        if not existing_route:
+            logger.warning(f"Route not found: {route_id}")
+            return None
+        # 更新数据库记录
+        updated_route = await update_route(route_id, data)
+        if updated_route:
+            logger.info(f"Route updated: {route_id}")
+        return updated_route
+    async def toggle_route_status(self, route_id: int, enabled: bool) -> Optional[CaddyRoute]:
+        """
+        切换路由启用状态
+        Args:
+            route_id: 路由 ID
+            enabled: 是否启用
+        Returns:
+            更新后的路由对象或 None
+        """
+        logger.info(f"Toggling route {route_id} status to: {enabled}")
+        if enabled:
+            updated_route = await enable_route(route_id)
+        else:
+            updated_route = await disable_route(route_id)
+        return updated_route
+    async def remove_route(self, route_id: int) -> bool:
+        """
+        删除路由
+        Args:
+            route_id: 路由 ID
+        Returns:
+            是否删除成功
+        """
+        logger.info(f"Removing route: {route_id}")
+        # 验证路由存在
+        existing_route = await get_route_by_id(route_id)
+        if not existing_route:
+            logger.warning(f"Route not found: {route_id}")
+            return False
+        # 删除数据库记录
+        success = await delete_route(route_id)
+        if success:
+            logger.info(f"Route removed: {route_id}")
+        return success
+    async def get_route_details(self, route_id: int) -> Optional[CaddyRoute]:
+        """
+        获取路由详情
+        Args:
+            route_id: 路由 ID
+        Returns:
+            路由对象或 None
+        """
+        return await get_route_by_id(route_id)
+    async def list_routes(self, filters: Optional[Dict[str, Any]] = None) -> List[CaddyRoute]:
+        """
+        列出路由
+        Args:
+            filters: 过滤条件
+        Returns:
+            路由列表
+        """
+        return await get_all_routes(filters)
+    async def list_routes_by_domain(self, domain: str) -> List[CaddyRoute]:
+        """
+        按域名列出路由
+        Args:
+            domain: 域名
+        Returns:
+            路由列表
+        """
+        return await get_routes_by_domain(domain)
+    async def list_routes_by_service(self, service: str) -> List[CaddyRoute]:
+        """
+        按服务列出路由
+        Args:
+            service: 服务名称
+        Returns:
+            路由列表
+        """
+        return await get_routes_by_service(service)
+    async def sync_routes_to_caddy(self) -> bool:
+        """
+        将所有启用的路由同步到 Caddy
+        Returns:
+            是否同步成功
+        """
+        logger.info("Syncing routes to Caddy")
+        # 获取所有启用的路由
+        enabled_routes_list = await get_enabled_routes()
+        if not enabled_routes_list:
+            logger.warning("No enabled routes found, clearing all routes in Caddy")
+            # Continue to sync empty list to clear routes
+            # return False
+        # 构建 Caddy 路由配置
+        caddy_routes = []
+        for route in enabled_routes_list:
+            route_config = await caddy_admin_client.build_route_config(
+                domain=route.domain,
+                path_pattern=route.path_pattern,
+                upstream_host=route.upstream_host,
+                upstream_port=route.upstream_port,
+                enable_https=route.enable_https,
+                force_https=route.force_https,
+                enable_waf=route.enable_waf,
+                waf_rule_set=route.waf_rule_set,
+                strip_path_prefix=route.strip_path_prefix,
+                add_path_prefix=route.add_path_prefix,
+            )
+            caddy_routes.append(route_config)
+        # 批量应用到 Caddy
+        success = await caddy_admin_client.apply_routes_batch(caddy_routes)
+        if success:
+            logger.info(f"Successfully synced {len(caddy_routes)} routes to Caddy")
+        else:
+            logger.warning("Failed to sync routes to Caddy (Caddy may be unavailable)")
+        return success
+    async def _validate_route_create(self, route: CaddyRouteCreate):
+        """
+        验证路由创建的业务规则
+        Args:
+            route: 路由创建对象
+        Raises:
+            ValueError: 业务规则违反
+        """
+        # 验证路由名称唯一性
+        existing_route = await get_route_by_name(route.route_name)
+        if existing_route:
+            raise ValueError(f"Route name already exists: {route.route_name}")
+        # 验证优先级范围
+        if route.priority < 0 or route.priority > 1000:
+            raise ValueError(f"Priority must be between 0 and 1000: {route.priority}")
+        # 验证上游端口范围
+        if route.upstream_port < 1 or route.upstream_port > 65535:
+            raise ValueError(f"Invalid upstream port: {route.upstream_port}")
+        # 验证健康检查间隔
+        if route.health_check_interval < 5:
+            raise ValueError(f"Health check interval must be at least 5 seconds: {route.health_check_interval}")
+    async def _validate_route_priority(self, priority: int):
+        """
+        验证路由优先级
+        Args:
+            priority: 优先级
+        Raises:
+            ValueError: 优先级无效
+        """
+        if priority < 0 or priority > 1000:
+            raise ValueError(f"Priority must be between 0 and 1000: {priority}")
+    async def get_route_count(self, filters: Optional[Dict[str, Any]] = None) -> int:
+        """
+        获取路由数量
+        Args:
+            filters: 过滤条件
+        Returns:
+            路由数量
+        """
+        return await count_routes(filters)