idcjp/cfmgrv4
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

cfmgrv4 init...3

Browse Source
This commit is contained in:
최준흠 2024-10-25 17:31:16 +09:00
parent f08172e272
commit 9ec54c8566
12 changed files with 489 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
app/Config/Routes.php
View File

@ -15,6 +15,8 @@ $routes->group('cli', ['namespace' => 'App\Controllers\CLI'], function ($routes)
$routes->group('cloudflare', function ($routes) {
$routes->cli('reload', 'Cloudflare::reload');
$routes->cli('reload/(:num)', 'Cloudflare::reload/$1');
$routes->cli('auditlog', 'Cloudflare::auditlog');
$routes->cli('auditlog/(:num)', 'Cloudflare::auditlog/$1');
});
});
$routes->get('/', 'Home::index');
@ -27,17 +29,6 @@ $routes->group('/user', function ($routes) {
$routes->get('google_login', 'UserController::google_login');
$routes->get('logout', 'UserController::logout');
});
$routes->group('/cloudflare', ['namespace' => 'App\Controllers\Cloudflare'], function ($routes) {
$routes->group('zone', function ($routes) {
$routes->post('webhook', 'ZoneController::webhook');
});
$routes->group('record', function ($routes) {
$routes->post('webhook', 'RecordController::webhook');
});
$routes->group('firewall', function ($routes) {
$routes->post('webhook', 'FirewallController::webhook');
});
});
$routes->group('admin', ['namespace' => 'App\Controllers\Admin', 'filter' => 'authFilter:manager'], function ($routes) {
$routes->get('/', 'Home::index');
});
@ -96,6 +87,12 @@ $routes->group('admin/cloudflare', ['namespace' => 'App\Controllers\Admin\Cloudf
$routes->get('reload/(:num)', 'AccountController::reload/$1');
$routes->get('download/(:alphanum)', 'AccountController::download/$1');
});
$routes->group('auditlog', function ($routes) {
$routes->get('/', 'AuditLogController::index');
$routes->get('view/(:alphanum)', 'AuditLogController::view/$1');
$routes->get('reload/(:num)', 'AuditLogController::reload/$1');
$routes->get('download/(:alphanum)', 'AuditLogController::download/$1');
});
$routes->group('zone', function ($routes) {
$routes->get('/', 'ZoneController::index');
$routes->get('create', 'ZoneController::create_form');

79
app/Controllers/Admin/Cloudflare/AuditLogController.php Normal file
View File

@ -0,0 +1,79 @@
<?php
namespace App\Controllers\Admin\Cloudflare;
use App\Helpers\Cloudflare\AuditLogHelper;
use App\Models\Cloudflare\AuditLogModel;
use App\Services\Cloudflare\AuditLogService;
use CodeIgniter\HTTP\DownloadResponse;
use CodeIgniter\HTTP\RedirectResponse;
use CodeIgniter\HTTP\RequestInterface;
use CodeIgniter\HTTP\ResponseInterface;
use Psr\Log\LoggerInterface;
class AuditLogController extends CloudflareController
{
private $_auth_entity = null;
public function initController(RequestInterface $request, ResponseInterface $response, LoggerInterface $logger)
{
parent::initController($request, $response, $logger);
$this->title = lang("{$this->getService()->class_path}.title");
$this->helper = new AuditLogHelper();
}
protected function getModel(): AuditLogModel
{
if ($this->_model === null) {
$this->_model = new AuditLogModel();
}
return $this->_model;
}
protected function getService(): AuditLogService
{
if ($this->service === null) {
$this->service = new AuditLogService();
}
return $this->service;
}
protected function getFormFieldOption(string $field, array $options = []): array
{
switch ($field) {
case $this->getModel()::PARENT:
// $this->getZoneModel()->where('status', 'active');
$options[$field] = $this->getZoneModel()->getFormFieldOption($field);
// echo $this->getAccountModel()->getLastQuery();
// dd($options);
break;
default:
$options = parent::getFormFieldOption($field, $options);
break;
}
return $options;
}
private function init(string $action, array $fields = []): void
{
$this->action = $action;
$this->fields = count($fields) ? $fields : [$this->getModel()::PARENT, $this->getModel()::TITLE, 'actor', 'interface', 'resource_id', 'resource_type', 'status', 'updated_at', 'created_at'];
$this->field_rules = $this->getModel()->getFieldRules($this->action, $this->fields);
$this->filter_fields = [$this->getModel()::PARENT, 'status'];
$this->field_options = $this->getFormFieldOptions($this->filter_fields);
$this->batchjob_fields = [];
}
//View
public function view(string $uid): RedirectResponse|string
{
$this->init(__FUNCTION__);
return $this->view_procedure($uid);
}
// 리스트
public function index(): string
{
$this->init(__FUNCTION__);
return $this->list_procedure();
}
// Download
public function download(string $output_type, mixed $uid = false): DownloadResponse|string
{
$this->init(__FUNCTION__);
return $this->download_procedure($output_type, $uid);
}
}

43
app/Controllers/CLI/Cloudflare.php
View File

@ -6,11 +6,12 @@ use App\Controllers\BaseController;
use App\Entities\Cloudflare\AccountEntity;
use App\Entities\Cloudflare\AuthEntity;
use App\Entities\Cloudflare\ZoneEntity;
use App\Services\Cloudflare\AccountService;
use App\Services\Cloudflare\ZoneService;
use App\Services\Cloudflare\RecordService;
use App\Services\Cloudflare\FirewallService;
use App\Models\Cloudflare\AuthModel;
use App\Services\Cloudflare\AccountService;
use App\Services\Cloudflare\AuditLogService;
use App\Services\Cloudflare\FirewallService;
use App\Services\Cloudflare\RecordService;
use App\Services\Cloudflare\ZoneService;
use CodeIgniter\HTTP\RequestInterface;
use CodeIgniter\HTTP\ResponseInterface;
use Psr\Log\LoggerInterface;
@ -68,4 +69,38 @@ class Cloudflare extends BaseController
);
}
}
public function auditlog(mixed $uid = false): void
{
//Transaction Start
// $this->_db->transStart();
try {
$auth_model = model(AuthModel::class);
if (is_numeric($uid) && $uid > 0) {
$auth_model->where(AuthModel::PK, intval($uid));
} else {
$auth_model->where('status', DEFAULTS["STATUS"]);
}
$auth_entitys = $auth_model->getEntitys();
foreach ($auth_entitys as $auth_entity) {
$account = new AccountService();
$account_entitys = $account->reload($auth_entity);
$auditlog = new AuditLogService();
foreach ($account_entitys as $account_entity) {
$auditlog->auditlog($account_entity);
}
}
log_message("notice", "AuditLogs 작업을 완료하였습니다.");
// $this->_db->transCommit();
} catch (\Exception $e) {
//Transaction Rollback
// $this->_db->transRollback();
log_message(
"error",
"Reload 작업을 실패하였습니다.\n--------------\n" .
$e->getMessage() .
"\n--------------\n"
);
}
}
}

17
app/Database/update.txt
View File

@ -22,4 +22,19 @@ ALTER TABLE cloudflareaccount DROP column auth_uid;
5. id unique key 추가
ALTER TABLE cloudflareaccount ADD UNIQUE key cloudflareaccount_ibuk_1 (id);
ALTER TABLE cloudflareaccount ADD UNIQUE key cloudflareaccount_ibuk_2 (authkey);
ALTER TABLE cloudflareaccount ADD UNIQUE key cloudflareaccount_ibuk_2 (authkey);
6. auditlog용 table추가
CREATE TABLE cloudflareauditlog (
uid varchar(255) NOT NULL COMMENT 'id',
zone_uid varchar(100) NOT NULL COMMENT 'newValueJson->zone_id',
action varchar(100) NOT NULL COMMENT 'action->type',
actor varchar(100) NOT NULL COMMENT 'actor->type',
interface varchar(100) NULL COMMENT 'interface',
resource_id varchar(100) NOT NULL COMMENT 'resource->id',
resource_type varchar(50) NOT NULL COMMENT 'resource->type',
status varchar(10) NOT NULL COMMENT 'action->result',
updated_at timestamp NULL DEFAULT NULL,
created_at timestamp NOT NULL COMMENT 'when',
PRIMARY KEY (uid)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci COMMENT='cloudflare Auditlog 정보';

31
app/Entities/Cloudflare/AuditLogEntity.php Normal file
View File

@ -0,0 +1,31 @@
<?php
namespace App\Entities\Cloudflare;
use App\Models\Cloudflare\AuditLogModel;
use App\Entities\CommonEntity;
class AuditLogEntity extends CommonEntity
{
public function __toString()
{
return "{$this->getPK()}|{$this->getTitle()}|{$this->attributes['type']}|{$this->attributes['status']}";
}
public function getPK(): string
{
return $this->attributes[AuditLogModel::PK];
}
public function getTitle(): string
{
return $this->attributes[AuditLogModel::TITLE];
}
public function setTitle(string $title): void
{
$this->attributes[AuditLogModel::TITLE] = $title;
}
//Common Function
public function getParent(): string
{
return $this->attributes[AuditLogModel::PARENT];
}
}

102
app/Helpers/Cloudflare/AuditLogHelper.php Normal file
View File

@ -0,0 +1,102 @@
<?php
namespace App\Helpers\Cloudflare;
use App\Helpers\MVCHelper;
use App\Models\Cloudflare\AuditLogModel;
class AuditLogHelper extends MVCHelper
{
public $old_parent = "";
public function __construct()
{
parent::__construct();
}
public function getFieldForm(string $field, mixed $value, array $viewDatas, array $extras = []): string
{
if (in_array($viewDatas['action'], ['create', 'modify'])) {
$extras = (strpos($viewDatas['field_rules'][$field], 'required') !== false) ? ["class" => "form-control", "required" => "", ...$extras] : ["class" => "form-control", ...$extras];
}
$value = $value ?: DEFAULTS['EMPTY'];
switch ($field) {
case AuditLogModel::PARENT:
//기존 작성하던값old($field)가 있으면 그값을 넣고 없으면 부모값이 있으면 넣고 없으면 entiy가 있으면 그값을 넣고 없으면 디폴트값을 넣는다.
$value = $value ?: (isset($viewDatas[$field]) ? $viewDatas[$field] : (isset($viewDatas['entity']) ? $viewDatas['entity']->getParent() : DEFAULTS['EMPTY']));
$extra_class = isset($extras['class']) ? 'select-field ' . $extras['class'] : 'select-field';
$form = form_dropdown($field, [
"" => lang($viewDatas['class_path'] . '.label.' . $field) . ' 선택',
] + $viewDatas['field_options'][$field], $value, [
'class' => $extra_class,
...array_diff_key($extras, ['class' => ''])
]);
break;
case AuditLogModel::TITLE:
$form = form_input($field, $value, ["placeholder" => "예)test@exmaple.com", ...$extras]);
break;
default:
$form = parent::getFieldForm($field, $value, $viewDatas, $extras);
break;
}
return $form;
} //
public function getFieldView(string $field, array $viewDatas, array $extras = []): string
{
$value = $viewDatas['entity']->$field ?: DEFAULTS['EMPTY'];
switch ($field) {
case AuditLogModel::PARENT:
$value = " <span class=\"label_auth\">" .
preg_replace("/(\w+)@(.+)/", "$1", $viewDatas['field_options'][$field][$value])
. "</span>";
break;
case AuditLogModel::TITLE:
$value = form_label(
$value,
'view',
[
"data-src" => current_url() . '/view/' . $viewDatas['entity']->getPK(),
"data-bs-toggle" => "modal",
"data-bs-target" => "#index_action_form",
"style" => "color: blue; cursor: pointer; font-weight:bold;",
...$extras,
]
);
break;
case 'status':
$value = $viewDatas['field_options'][$field][$value];
break;
default:
$value = parent::getFieldView($field, $viewDatas, $extras);
break;
}
return $value;
} //
public function getListRowColor($entity): string
{
return $entity->status != 'true' ? 'class="table-danger"' : "";
}
public function getListButton(string $action, array $viewDatas, array $extras = []): string
{
switch ($action) {
case 'create':
$action = "";
break;
case 'modify':
$action = $viewDatas['cnt'];
break;
case 'delete':
$action = "";
break;
case 'batchjob':
$action = "";
break;
case 'batchjob_delete':
$action = "";
break;
default:
$action = parent::getListButton($action, $viewDatas, $extras);
break;
}
return $action;
}
}

20
app/Language/en/Cloudflare/AuditLog.php Normal file
View File

@ -0,0 +1,20 @@
<?php
return [
'title' => "AuditLog정보",
'label' => [
'uid' => "번호",
'zone_uid' => "도메인",
'action' => "Action",
'actor' => "작업자",
'interface' => "작업형식",
'resource_id' => "자원ID",
'resource_type' => "자원형식",
'status' => "상태",
'updated_at' => "수정일",
'created_at' => "작성일",
],
"STATUS" => [
"true" => "완료",
"false" => "실패",
],
];

93
app/Models/Cloudflare/AuditLogModel.php Normal file
View File

@ -0,0 +1,93 @@
<?php
namespace App\Models\Cloudflare;
use App\Entities\Cloudflare\ZoneEntity;
use App\Entities\Cloudflare\AuditLogEntity;
use App\Models\CommonModel;
class AuditLogModel extends CommonModel
{
const TABLE = "cloudflareauditlog";
const PK = "uid";
const TITLE = "action";
const PARENT = "zone_uid";
protected $table = self::TABLE;
protected $primaryKey = self::PK;
protected $useAutoIncrement = false;
protected $returnType = AuditLogEntity::class; //object,array,entity명::class
protected $allowedFields = [self::PK, self::PARENT, self::TITLE, 'actor', 'interface', 'resource_id', 'resource_type', 'status', 'updated_at', 'created_at'];
protected $useTimestamps = true;
public function __construct()
{
parent::__construct();
}
public function getTitleField(): string
{
return self::TITLE;
}
public function getFieldRule(string $action, string $field): string
{
switch ($field) {
case self::PK:
$rule = "required|trim|string";
$rule .= $action == "create" ? "|is_unique[{$this->table}.{$field}]" : "";
break;
case self::PARENT:
$rule = "required|trim|alpha_numeric";
break;
case self::TITLE:
case 'actor':
case 'resource_id':
case 'resource_type':
$rule = "required|trim|string";
break;
case 'interface':
$rule = "if_exist|trim|string";
break;
case "status":
$rule = "if_exist|in_list[true,false]";
break;
default:
$rule = parent::getFieldRule($action, $field);
break;
}
return $rule;
}
public function getFormFieldInputOption(string $field, array $options = []): array
{
switch ($field) {
default:
$this->orderBy(self::TITLE, 'asc');
$options = parent::getFormFieldInputOption($field, $options);
break;
}
return $options;
}
public function getEntityByPK(string $uid): null|AuditLogEntity
{
$this->where(self::PK, $uid);
return $this->getEntity();
}
public function getEntityByID(string $id): null|AuditLogEntity
{
$this->where(self::TITLE, $id);
return $this->getEntity();
}
public function getEntitysByParent(ZoneEntity $zone_entity)
{
$this->where(self::PARENT, $zone_entity->getPK());
return $this->getEntitys();
}
//create용
public function create(array $formDatas = []): AuditLogEntity
{
return $this->create_process(new AuditLogEntity(), $formDatas);
}
//modify용
public function modify(AuditLogEntity $entity, array $formDatas): AuditLogEntity
{
return $this->modify_process($entity, $formDatas);
}
}

32
app/Services/Cloudflare/AccountService.php
View File

@ -5,6 +5,7 @@ namespace App\Services\Cloudflare;
use App\Entities\Cloudflare\AccountEntity;
use App\Entities\Cloudflare\AuthEntity;
use App\Models\Cloudflare\AccountModel;
use stdClass;
class AccountService extends CloudflareService
{
@ -114,35 +115,4 @@ class AccountService extends CloudflareService
log_message("notice", message: "\n-----------Auth {$this->getParentEntity()->getTitle()}의 Account 처리[" . count($entitys) . "개] 완료-----------");
return $entitys;
}
public function audit(AuthEntity $parent_entity, AccountEntity $entity): array
{
//부모데이터정의
$this->setParentEntity($parent_entity);
log_message("notice", "\n----------Auth {$this->getParentEntity()->getTitle()}의 Account 처리 시작-----------");
$entitys = [];
try {
$results = $this->reload_procedure("accounts/{$entity->getPK()}/audit_logs?since=" . date("Y-m-d") . "T00:00:00");
foreach ($results as $result) {
if (isset($result->action->result) && $result->action->result && isset($result->metadata->newValueJson->zone_id)) {
//해당 Zone을 Sync작업한다
$zone_service = new ZoneService();
$zone_entity = $zone_service->getEntityByPK($result->metadata->newValueJson->zone_id);
$zone_entity = $zone_service->sync($entity, $zone_entity);
//해당 Zone의 Record reload작업한다
$record_service = new RecordService();
$record_service->reload($zone_entity);
//해당 Zone의 Firewall reload작업한다
$firewall_service = new FirewallService();
$firewall_service->reload($zone_entity);
log_message("debug", "{$entity->getTitle()} Account 의 {$zone_entity->getTitle()} Sync및 Record,Firewall Reload 처리작업");
}
}
} catch (\Exception $e) {
log_message("error", $e->getMessage());
throw new \Exception($e->getMessage());
}
log_message("notice", message: "\n-----------Auth {$this->getParentEntity()->getTitle()}의 Account 처리[" . count($entitys) . "개] 완료-----------");
return $entitys;
}
}

96
app/Services/Cloudflare/AuditLogService.php Normal file
View File

@ -0,0 +1,96 @@
<?php
namespace App\Services\Cloudflare;
use App\Entities\Cloudflare\AccountEntity;
use App\Entities\Cloudflare\AuditLogEntity;
use App\Entities\Cloudflare\AuthEntity;
use App\Entities\Cloudflare\ZoneEntity;
use App\Models\Cloudflare\AccountModel;
use App\Models\Cloudflare\AuditLogModel;
use stdClass;
class AuditLogService extends CloudflareService
{
private ?AuditLogModel $_model = null;
private ?AccountModel $_accountModel = null;
public function __construct()
{
$this->class_name = "AuditLog";
parent::__construct();
$this->class_path .= $this->class_name;
}
protected function getModel(): AuditLogModel
{
if ($this->_model === null) {
$this->_model = new AuditLogModel();
}
return $this->_model;
}
protected function getAccountModel(): AccountModel
{
if ($this->_accountModel === null) {
$this->_accountModel = new AccountModel();
}
return $this->_accountModel;
}
protected function getArrayByResult(\stdClass $result, array $formDatas = []): array
{
$formDatas[AuditLogModel::PK] = $result->id;
$formDatas[AuditLogModel::PARENT] = $result->newValueJson->zone_id;
$formDatas[AuditLogModel::TITLE] = $result->action->type;
$formDatas['actor'] = $result->actor->type;
$formDatas['interface'] = $result->interface;
$formDatas['resource_id'] = $result->resource->id;
$formDatas['resource_type'] = $result->resource->type;
$formDatas['status'] = $result->action->result ? "true" : "false";
$formDatas['updated_at'] = date("Y-m-d H:i:s");
$formDatas['created_at'] = $result->when;
return $formDatas;
}
private function auditlog_process(AuditLogEntity $entity): void
{
//해당 Zone을 Sync작업한다
$zone_service = new ZoneService();
$zone_entity = $zone_service->getEntityByPK($entity->getParent());
// $zone_entity = $zone_service->sync($entity, $zone_entity);
// //해당 Zone의 Record reload작업한다
// $record_service = new RecordService();
// $record_service->reload($zone_entity);
// //해당 Zone의 Firewall reload작업한다
// $firewall_service = new FirewallService();
// $firewall_service->reload($zone_entity);
log_message("debug", "AuditLog Process의 {$zone_entity->getTitle()} Sync및 Record,Firewall Reload 처리작업");
}
public function auditlog(AccountEntity $account_entity): void
{
//Socket인증정보 정의
$auth_entity = $this->getAuthModel()->getEntityByPK($account_entity->getParent());
if ($auth_entity === null) {
throw new \Exception("해당 계정정보를 찾을수 없습니다.");
}
$this->setAuthEntity($auth_entity);
log_message("notice", "\n----------Account {$account_entity->getTitle()}의 AuditLog 처리 시작-----------");
try {
$response = $this->getMySocket()->get("accounts/{$account_entity->getPK()}/audit_logs?since=" . date("Y-m-d") . "T00:00:00");
$body = json_decode($response->getBody());
foreach ($body->result as $result) {
if (isset($result->action->result) && $result->action->result && isset($result->newValueJson->zone_id)) {
log_message("debug", var_export($result->newValueJson, true));
$entity = $this->getModel()->getEntityByPK($result->id);
if ($entity === null) {
$entity = $this->getModel()->create($this->getArrayByResult($result));
$this->auditlog_process($entity);
}
}
}
} catch (\Exception $e) {
log_message("error", $e->getMessage());
throw new \Exception($e->getMessage());
}
log_message("notice", message: "\n-----------Account {$account_entity->getTitle()}의 AuditLog 처리 완료-----------");
}
}

2
app/Services/Cloudflare/ZoneService.php
View File

@ -46,7 +46,7 @@ class ZoneService extends CloudflareService
}
return $this->_model;
}
public function getEntityByPK(string $uid): ZoneEntity
public function getEntityByPK(string $uid): null|ZoneEntity
{
return $this->getModel()->getEntityByPK($uid);
}

3
app/Views/layouts/admin/left_menu/cloudflare.php
View File

@ -11,6 +11,9 @@
<div class="accordion-item">
<a href="/admin/cloudflare/account"><?= ICONS['SIGNPOST'] ?> Account</a>
</div>
<div class="accordion-item">
<a href="/admin/cloudflare/auditlog"><?= ICONS['SIGNPOST'] ?> AuditLog</a>
</div>
<div class="accordion-item">
<a href="/admin/cloudflare/zone"><?= ICONS['BOXS'] ?> Zone</a>
</div>