mirror of
https://github.com/acepanel/panel.git
synced 2026-02-05 08:07:17 +08:00
194287554e
* refactor: 重构部分完成 * fix: 添加.gitkeep * fix: build * fix: lint * fix: lint * chore(deps): Update module github.com/go-playground/validator/v10 to v10.22.1 (#162) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): Update module gorm.io/gorm to v1.25.12 (#161) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): Update module golang.org/x/net to v0.29.0 (#159) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * workflow: 更新工作流 * workflow: test new download * feat: merge frontend project * workflow: fix frontend build * workflow: fix frontend build * workflow: fix frontend build * workflow: fix frontend build * workflow: fix frontend build * workflow: fix frontend build * workflow: fix frontend build * workflow: fix frontend build * workflow: fix frontend build * workflow: fix frontend build * workflow: fix frontend build * workflow: fix frontend build * workflow: fix frontend build * workflow: update to ubuntu-24.04 * workflow: rename build-* * workflow: 修改fetch-depth * chore(deps): Update dependency eslint to v9 (#164) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(frontend): update dependences * chore(frontend): fix lint * chore(frontend): fix lint * workflow: add govulncheck * workflow: disable nilaway * feat: 使用新的压缩解压库 * fix: 测试 * fix: 测试 * fix: 测试 * feat: 添加ntp包 * chore(deps): Lock file maintenance (#168) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): Update module github.com/go-resty/resty/v2 to v2.15.0 (#167) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): Update dependency @iconify/json to v2.2.249 (#169) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * feat: 添加限流器 * feat: 调整登录限流 * feat: 证书 * fix: lint * feat: 证书dns * feat: 证书acme账号 * fix: 修改UserID导致的一系列问题 * feat: 低配版任务队列 * feat: 队列完成 * fix: lint * fix: lint * fix: swagger和前端路由 * fix: 去掉ntp测试 * feat: 完成插件接口 * feat: 完成cron * feat: 完成safe * chore(deps): Update dependency vue to v3.5.6 (#170) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): Update dependency @vueuse/core to v11.1.0 (#171) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): Update dependency vite to v5.4.6 (#173) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): Update unocss monorepo to v0.62.4 (#172) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore: update renovate config * feat: 新的firewall客户端 * fix: lint * feat: firewall完成 * feat: ssh完成 * feat: 容器完成1/2 * feat: 容器完成 * feat: 文件完成 * feat: systemctl及设置 * fix: windows编译 * fix: session not work * fix: migrate not work * feat: 前端路由 * feat: 初步支持cli --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
155 lines
5.0 KiB
Go
155 lines
5.0 KiB
Go
package data
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"time"
|
|
|
|
"github.com/go-resty/resty/v2"
|
|
|
|
"github.com/TheTNB/panel/internal/app"
|
|
"github.com/TheTNB/panel/internal/biz"
|
|
"github.com/TheTNB/panel/internal/http/request"
|
|
"github.com/TheTNB/panel/pkg/acme"
|
|
"github.com/TheTNB/panel/pkg/cert"
|
|
)
|
|
|
|
type certAccountRepo struct{}
|
|
|
|
func NewCertAccountRepo() biz.CertAccountRepo {
|
|
return &certAccountRepo{}
|
|
}
|
|
|
|
func (r certAccountRepo) List(page, limit uint) ([]*biz.CertAccount, int64, error) {
|
|
var accounts []*biz.CertAccount
|
|
var total int64
|
|
err := app.Orm.Model(&biz.CertAccount{}).Order("id desc").Count(&total).Offset(int((page - 1) * limit)).Limit(int(limit)).Find(&accounts).Error
|
|
return accounts, total, err
|
|
}
|
|
|
|
func (r certAccountRepo) Get(id uint) (*biz.CertAccount, error) {
|
|
account := new(biz.CertAccount)
|
|
err := app.Orm.Model(&biz.CertAccount{}).Where("id = ?", id).First(account).Error
|
|
return account, err
|
|
}
|
|
|
|
func (r certAccountRepo) Create(req *request.CertAccountCreate) (*biz.CertAccount, error) {
|
|
account := new(biz.CertAccount)
|
|
account.CA = req.CA
|
|
account.Email = req.Email
|
|
account.Kid = req.Kid
|
|
account.HmacEncoded = req.HmacEncoded
|
|
account.KeyType = req.KeyType
|
|
|
|
var err error
|
|
var client *acme.Client
|
|
switch account.CA {
|
|
case "letsencrypt":
|
|
client, err = acme.NewRegisterAccount(context.Background(), account.Email, acme.CALetsEncrypt, nil, acme.KeyType(account.KeyType))
|
|
case "buypass":
|
|
client, err = acme.NewRegisterAccount(context.Background(), account.Email, acme.CABuypass, nil, acme.KeyType(account.KeyType))
|
|
case "zerossl":
|
|
eab, eabErr := r.getZeroSSLEAB(account.Email)
|
|
if eabErr != nil {
|
|
return nil, eabErr
|
|
}
|
|
client, err = acme.NewRegisterAccount(context.Background(), account.Email, acme.CAZeroSSL, eab, acme.KeyType(account.KeyType))
|
|
case "sslcom":
|
|
client, err = acme.NewRegisterAccount(context.Background(), account.Email, acme.CASSLcom, &acme.EAB{KeyID: account.Kid, MACKey: account.HmacEncoded}, acme.KeyType(account.KeyType))
|
|
case "google":
|
|
client, err = acme.NewRegisterAccount(context.Background(), account.Email, acme.CAGoogle, &acme.EAB{KeyID: account.Kid, MACKey: account.HmacEncoded}, acme.KeyType(account.KeyType))
|
|
default:
|
|
return nil, errors.New("CA 提供商不支持")
|
|
}
|
|
|
|
if err != nil {
|
|
return nil, errors.New("向 CA 注册账号失败,请检查参数是否正确")
|
|
}
|
|
|
|
privateKey, err := cert.EncodeKey(client.Account.PrivateKey)
|
|
if err != nil {
|
|
return nil, errors.New("获取私钥失败")
|
|
}
|
|
account.PrivateKey = string(privateKey)
|
|
|
|
if err = app.Orm.Create(account).Error; err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return account, nil
|
|
}
|
|
|
|
func (r certAccountRepo) Update(req *request.CertAccountUpdate) error {
|
|
account, err := r.Get(req.ID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
account.CA = req.CA
|
|
account.Email = req.Email
|
|
account.Kid = req.Kid
|
|
account.HmacEncoded = req.HmacEncoded
|
|
account.KeyType = req.KeyType
|
|
|
|
var client *acme.Client
|
|
switch account.CA {
|
|
case "letsencrypt":
|
|
client, err = acme.NewRegisterAccount(context.Background(), account.Email, acme.CALetsEncrypt, nil, acme.KeyType(account.KeyType))
|
|
case "buypass":
|
|
client, err = acme.NewRegisterAccount(context.Background(), account.Email, acme.CABuypass, nil, acme.KeyType(account.KeyType))
|
|
case "zerossl":
|
|
eab, eabErr := r.getZeroSSLEAB(account.Email)
|
|
if eabErr != nil {
|
|
return eabErr
|
|
}
|
|
client, err = acme.NewRegisterAccount(context.Background(), account.Email, acme.CAZeroSSL, eab, acme.KeyType(account.KeyType))
|
|
case "sslcom":
|
|
client, err = acme.NewRegisterAccount(context.Background(), account.Email, acme.CASSLcom, &acme.EAB{KeyID: account.Kid, MACKey: account.HmacEncoded}, acme.KeyType(account.KeyType))
|
|
case "google":
|
|
client, err = acme.NewRegisterAccount(context.Background(), account.Email, acme.CAGoogle, &acme.EAB{KeyID: account.Kid, MACKey: account.HmacEncoded}, acme.KeyType(account.KeyType))
|
|
default:
|
|
return errors.New("CA 提供商不支持")
|
|
}
|
|
|
|
if err != nil {
|
|
return errors.New("向 CA 注册账号失败,请检查参数是否正确")
|
|
}
|
|
|
|
privateKey, err := cert.EncodeKey(client.Account.PrivateKey)
|
|
if err != nil {
|
|
return errors.New("获取私钥失败")
|
|
}
|
|
account.PrivateKey = string(privateKey)
|
|
|
|
return app.Orm.Save(account).Error
|
|
}
|
|
|
|
func (r certAccountRepo) Delete(id uint) error {
|
|
return app.Orm.Model(&biz.CertAccount{}).Where("id = ?", id).Delete(&biz.CertAccount{}).Error
|
|
}
|
|
|
|
// getZeroSSLEAB 获取 ZeroSSL EAB
|
|
func (r certAccountRepo) getZeroSSLEAB(email string) (*acme.EAB, error) {
|
|
type data struct {
|
|
Success bool `json:"success"`
|
|
EabKid string `json:"eab_kid"`
|
|
EabHmacKey string `json:"eab_hmac_key"`
|
|
}
|
|
client := resty.New()
|
|
client.SetTimeout(5 * time.Second)
|
|
client.SetRetryCount(2)
|
|
|
|
resp, err := client.R().SetFormData(map[string]string{
|
|
"email": email,
|
|
}).SetResult(&data{}).Post("https://api.zerossl.com/acme/eab-credentials-email")
|
|
if err != nil || !resp.IsSuccess() {
|
|
return &acme.EAB{}, errors.New("获取ZeroSSL EAB失败")
|
|
}
|
|
eab := resp.Result().(*data)
|
|
if !eab.Success {
|
|
return &acme.EAB{}, errors.New("获取ZeroSSL EAB失败")
|
|
}
|
|
|
|
return &acme.EAB{KeyID: eab.EabKid, MACKey: eab.EabHmacKey}, nil
|
|
}
|