From 10439d7d97799e1336a467b8910243f23f383b6e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=80=97=E5=AD=90?= Date: Sun, 23 Jun 2024 02:42:01 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E4=BC=98=E5=8C=96=E8=AF=81=E4=B9=A6?= =?UTF-8?q?=E4=BF=A1=E6=81=AF=E8=8E=B7=E5=8F=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/console/commands/cert_renew.go | 22 +++++++++----------- internal/services/website.go | 32 ++++++++++++++++-------------- 2 files changed, 26 insertions(+), 28 deletions(-) diff --git a/app/console/commands/cert_renew.go b/app/console/commands/cert_renew.go index 8b36f26d..d41cb2f2 100644 --- a/app/console/commands/cert_renew.go +++ b/app/console/commands/cert_renew.go @@ -2,8 +2,6 @@ package commands import ( "context" - "crypto/x509" - "encoding/pem" "github.com/goravel/framework/contracts/console" "github.com/goravel/framework/contracts/console/command" @@ -12,6 +10,7 @@ import ( "github.com/TheTNB/panel/app/models" "github.com/TheTNB/panel/internal/services" + panelcert "github.com/TheTNB/panel/pkg/cert" "github.com/TheTNB/panel/pkg/types" ) @@ -54,18 +53,15 @@ func (receiver *CertRenew) Handle(console.Context) error { continue } - block, _ := pem.Decode([]byte(cert.Cert)) - if block != nil { - data, err := x509.ParseCertificate(block.Bytes) - if err != nil { - continue - } + decode, err := panelcert.ParseCert(cert.Cert) + if err != nil { + continue + } - // 结束时间大于 7 天的证书不续签 - endTime := carbon.FromStdTime(data.NotAfter) - if endTime.Gt(carbon.Now().AddDays(7)) { - continue - } + // 结束时间大于 7 天的证书不续签 + endTime := carbon.FromStdTime(decode.NotAfter) + if endTime.Gt(carbon.Now().AddDays(7)) { + continue } certService := services.NewCertImpl() diff --git a/internal/services/website.go b/internal/services/website.go index 1f87c598..33422501 100644 --- a/internal/services/website.go +++ b/internal/services/website.go @@ -2,8 +2,6 @@ package services import ( - "crypto/x509" - "encoding/pem" "errors" "fmt" "regexp" @@ -16,6 +14,7 @@ import ( requests "github.com/TheTNB/panel/app/http/requests/website" "github.com/TheTNB/panel/app/models" "github.com/TheTNB/panel/internal" + "github.com/TheTNB/panel/pkg/cert" "github.com/TheTNB/panel/pkg/io" "github.com/TheTNB/panel/pkg/shell" "github.com/TheTNB/panel/pkg/str" @@ -452,6 +451,14 @@ func (r *WebsiteImpl) SaveConfig(config requests.SaveConfig) error { // SSL ssl := config.Ssl website.Ssl = ssl + if ssl { + if _, err = cert.ParseCert(config.SslCertificate); err != nil { + return errors.New("TLS证书格式错误") + } + if _, err = cert.ParseKey(config.SslCertificateKey); err != nil { + return errors.New("TLS私钥格式错误") + } + } if err = io.Write("/www/server/vhost/ssl/"+website.Name+".pem", config.SslCertificate, 0644); err != nil { return err } @@ -620,25 +627,20 @@ func (r *WebsiteImpl) GetConfig(id uint) (types.WebsiteSetting, error) { setting.OpenBasedir = false } - cert, _ := io.Read("/www/server/vhost/ssl/" + website.Name + ".pem") - setting.SslCertificate = cert + crt, _ := io.Read("/www/server/vhost/ssl/" + website.Name + ".pem") + setting.SslCertificate = crt key, _ := io.Read("/www/server/vhost/ssl/" + website.Name + ".key") setting.SslCertificateKey = key if setting.Ssl { ssl := str.Cut(config, "# ssl标记位开始", "# ssl标记位结束") setting.HttpRedirect = strings.Contains(ssl, "# http重定向标记位") setting.Hsts = strings.Contains(ssl, "# hsts标记位") - - block, _ := pem.Decode([]byte(cert)) - if block != nil { - cert, err := x509.ParseCertificate(block.Bytes) - if err == nil { - setting.SslNotBefore = cert.NotBefore.Format("2006-01-02 15:04:05") - setting.SslNotAfter = cert.NotAfter.Format("2006-01-02 15:04:05") - setting.SslIssuer = cert.Issuer.CommonName - setting.SslOCSPServer = cert.OCSPServer - setting.SSlDNSNames = cert.DNSNames - } + if decode, err := cert.ParseCert(crt); err == nil { + setting.SslNotBefore = decode.NotBefore.Format("2006-01-02 15:04:05") + setting.SslNotAfter = decode.NotAfter.Format("2006-01-02 15:04:05") + setting.SslIssuer = decode.Issuer.CommonName + setting.SslOCSPServer = decode.OCSPServer + setting.SSlDNSNames = decode.DNSNames } } else { setting.HttpRedirect = false