From aa45c4354ac63f02325a1bbe7a642918245c3be3 Mon Sep 17 00:00:00 2001
From: GrayFox Zou <zsq1750819212@gmail.com>
Date: Sat, 11 May 2024 17:18:49 +0800
Subject: [PATCH] docs: add waf docs (#16)

* docs: add Waf feature

* Fix: typo

* Fix: replace demo link

* Update overview.mdx

---------

Co-authored-by: Gucheng <85475922+nomeguy@users.noreply.github.com>
---
 docs/core-concepts.mdx | 30 +++++++++++++++++++-----------
 docs/installation.mdx  |  4 ++++
 docs/overview.mdx      |  4 +++-
 docs/site.mdx          |  1 +
 4 files changed, 27 insertions(+), 12 deletions(-)

diff --git a/docs/core-concepts.mdx b/docs/core-concepts.mdx
index 7f25492..7ea7843 100644
--- a/docs/core-concepts.mdx
+++ b/docs/core-concepts.mdx
@@ -18,20 +18,28 @@ type Site struct {
     Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
     Name        string `xorm:"varchar(100) notnull pk" json:"name"`
     CreatedTime string `xorm:"varchar(100)" json:"createdTime"`
+    UpdatedTime string `xorm:"varchar(100)" json:"updatedTime"`
     DisplayName string `xorm:"varchar(100)" json:"displayName"`
 
-    Domain   string `xorm:"varchar(100)" json:"domain"`
-    Host     string `xorm:"varchar(100)" json:"host"`
-    SslMode  string `xorm:"varchar(100)" json:"sslMode"`
-    SslCert  string `xorm:"varchar(100)" json:"sslCert"`
-    PublicIp string `xorm:"varchar(100)" json:"publicIp"`
-    Node     string `xorm:"varchar(100)" json:"node"`
-    IsSelf   bool   `json:"isSelf"`
+    Tag          string     `xorm:"varchar(100)" json:"tag"`
+    Domain       string     `xorm:"varchar(100)" json:"domain"`
+    OtherDomains []string   `xorm:"varchar(500)" json:"otherDomains"`
+    NeedRedirect bool       `json:"needRedirect"`
+    EnableWaf    bool       `json:"enableWaf"`
+    Waf          coraza.WAF `xorm:"-" json:"-"`
+    Challenges   []string   `xorm:"mediumtext" json:"challenges"`
+    Host         string     `xorm:"varchar(100)" json:"host"`
+    Port         int        `json:"port"`
+    SslMode      string     `xorm:"varchar(100)" json:"sslMode"`
+    SslCert      string     `xorm:"-" json:"sslCert"`
+    PublicIp     string     `xorm:"varchar(100)" json:"publicIp"`
+    Node         string     `xorm:"varchar(100)" json:"node"`
+    IsSelf       bool       `json:"isSelf"`
+    Status       string     `xorm:"varchar(100)" json:"status"`
+    Nodes        []*Node    `xorm:"mediumtext" json:"nodes"`
 
-    CasdoorApplication string `xorm:"varchar(100)" json:"casdoorApplication"`
-
-    SslCertObj     *Cert                `xorm:"-" json:"sslCertObj"`
-    ApplicationObj *casdoor.Application `xorm:"-" json:"applicationObj"`
+    CasdoorApplication string                  `xorm:"varchar(100)" json:"casdoorApplication"`
+    ApplicationObj     *casdoorsdk.Application `xorm:"-" json:"applicationObj"`
 }
 ```
 
diff --git a/docs/installation.mdx b/docs/installation.mdx
index e4a1d32..0d7561c 100644
--- a/docs/installation.mdx
+++ b/docs/installation.mdx
@@ -64,6 +64,10 @@ CasWAF uses XORM to connect to DB, so all DBs supported by XORM can also be used
 
 ### Configure Casdoor
 
+:::info
+In order not to affect Docker users, we temporarily chose to embed the WAF rules into the binary, if you need to change the default rules (`conf/waf.conf`), please do so before compiling.
+:::
+
 After creating an organization and an application for CasWAF in a Casdoor, you need to update `clientID`, `clientSecret`, `casdoorOrganization` and `casdoorApplication` in app.conf and Conf.js to change the configuration.
 
 - Backend (conf/app.conf)
diff --git a/docs/overview.mdx b/docs/overview.mdx
index 19d80f0..435f1bd 100644
--- a/docs/overview.mdx
+++ b/docs/overview.mdx
@@ -19,6 +19,8 @@ CasWAF is an open-source Web Application Firewall (WAF) software developed by Go
 
 5. OAuth proxy. CasWAF supports OAuth login, which can be integrated with the existing OAuth system such as [Casdoor](https://casdoor.org/).
 
+6. Firewall. CasWAF uses [Coraza](https://github.com/corazawaf/coraza) as the firewall engine, which can protect the website from many common attack categories. Supports customized WAF rules.
+
 ## How it works
 
 CasWAF has both reverse proxy and OAuth proxy functionalities. If you haven't configured OAuth for your website, it will function solely as a reverse proxy server.
@@ -43,7 +45,7 @@ In CasWAF, we use [Casdoor](https://casdoor.org/) as the Identity Provider (IdP)
 
 Here is an online demo:
 
-- Deployed site: [https://waf.casbin.com/](https://waf.casbin.com/)
+- Deployed site: [https://door.caswaf.com](https://door.caswaf.com)
 
 Global admin login:
 
diff --git a/docs/site.mdx b/docs/site.mdx
index 79ee5b3..010fcab 100644
--- a/docs/site.mdx
+++ b/docs/site.mdx
@@ -19,6 +19,7 @@ This section will provide a detailed explanation of the properties and usage of
   - e.g. `localhost:8080`
 - `Public IP (Optional)`: The public IP of the site (if available).
 - `Node (Optional)`: The name of the host on which the site is deployed.
+- `Enable WAF`: Whether this site uses a built-in firewall.
 - `SSL mode`: The SSL mode of the site. It can be `HTTP` or `HTTPS and HTTP` or `HTTPS Only`.
   - `HTTP`: The site is not using SSL. Users can access the site **only** via HTTP.
   - `HTTPS and HTTP`: The site is using SSL and HTTP. Users can access the site via **both** HTTP and HTTPS.