mirror of
https://github.com/acepanel/panel.git
synced 2026-02-04 23:27:17 +08:00
194287554e
* refactor: 重构部分完成 * fix: 添加.gitkeep * fix: build * fix: lint * fix: lint * chore(deps): Update module github.com/go-playground/validator/v10 to v10.22.1 (#162) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): Update module gorm.io/gorm to v1.25.12 (#161) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): Update module golang.org/x/net to v0.29.0 (#159) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * workflow: 更新工作流 * workflow: test new download * feat: merge frontend project * workflow: fix frontend build * workflow: fix frontend build * workflow: fix frontend build * workflow: fix frontend build * workflow: fix frontend build * workflow: fix frontend build * workflow: fix frontend build * workflow: fix frontend build * workflow: fix frontend build * workflow: fix frontend build * workflow: fix frontend build * workflow: fix frontend build * workflow: fix frontend build * workflow: update to ubuntu-24.04 * workflow: rename build-* * workflow: 修改fetch-depth * chore(deps): Update dependency eslint to v9 (#164) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(frontend): update dependences * chore(frontend): fix lint * chore(frontend): fix lint * workflow: add govulncheck * workflow: disable nilaway * feat: 使用新的压缩解压库 * fix: 测试 * fix: 测试 * fix: 测试 * feat: 添加ntp包 * chore(deps): Lock file maintenance (#168) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): Update module github.com/go-resty/resty/v2 to v2.15.0 (#167) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): Update dependency @iconify/json to v2.2.249 (#169) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * feat: 添加限流器 * feat: 调整登录限流 * feat: 证书 * fix: lint * feat: 证书dns * feat: 证书acme账号 * fix: 修改UserID导致的一系列问题 * feat: 低配版任务队列 * feat: 队列完成 * fix: lint * fix: lint * fix: swagger和前端路由 * fix: 去掉ntp测试 * feat: 完成插件接口 * feat: 完成cron * feat: 完成safe * chore(deps): Update dependency vue to v3.5.6 (#170) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): Update dependency @vueuse/core to v11.1.0 (#171) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): Update dependency vite to v5.4.6 (#173) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): Update unocss monorepo to v0.62.4 (#172) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore: update renovate config * feat: 新的firewall客户端 * fix: lint * feat: firewall完成 * feat: ssh完成 * feat: 容器完成1/2 * feat: 容器完成 * feat: 文件完成 * feat: systemctl及设置 * fix: windows编译 * fix: session not work * fix: migrate not work * feat: 前端路由 * feat: 初步支持cli --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
274 lines
6.4 KiB
Go
274 lines
6.4 KiB
Go
package data
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"fmt"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/TheTNB/panel/internal/app"
|
|
"github.com/TheTNB/panel/internal/biz"
|
|
"github.com/TheTNB/panel/internal/http/request"
|
|
"github.com/TheTNB/panel/pkg/acme"
|
|
"github.com/TheTNB/panel/pkg/io"
|
|
"github.com/TheTNB/panel/pkg/shell"
|
|
"github.com/TheTNB/panel/pkg/systemctl"
|
|
)
|
|
|
|
type certRepo struct {
|
|
client *acme.Client
|
|
websiteRepo biz.WebsiteRepo
|
|
}
|
|
|
|
func NewCertRepo() biz.CertRepo {
|
|
return &certRepo{
|
|
websiteRepo: NewWebsiteRepo(),
|
|
}
|
|
}
|
|
|
|
func (r *certRepo) List(page, limit uint) ([]*biz.Cert, int64, error) {
|
|
var certs []*biz.Cert
|
|
var total int64
|
|
err := app.Orm.Model(&biz.Cert{}).Order("id desc").Count(&total).Offset(int((page - 1) * limit)).Limit(int(limit)).Find(&certs).Error
|
|
return certs, total, err
|
|
}
|
|
|
|
func (r *certRepo) Get(id uint) (*biz.Cert, error) {
|
|
cert := new(biz.Cert)
|
|
err := app.Orm.Model(&biz.Cert{}).Where("id = ?", id).First(cert).Error
|
|
return cert, err
|
|
}
|
|
|
|
func (r *certRepo) Create(req *request.CertCreate) (*biz.Cert, error) {
|
|
cert := &biz.Cert{
|
|
AccountID: req.AccountID,
|
|
WebsiteID: req.WebsiteID,
|
|
DNSID: req.DNSID,
|
|
Type: req.Type,
|
|
Domains: req.Domains,
|
|
AutoRenew: req.AutoRenew,
|
|
}
|
|
if err := app.Orm.Create(cert).Error; err != nil {
|
|
return nil, err
|
|
}
|
|
return cert, nil
|
|
}
|
|
|
|
func (r *certRepo) Update(req *request.CertUpdate) error {
|
|
return app.Orm.Model(&biz.Cert{}).Where("id = ?", req.ID).Updates(&biz.Cert{
|
|
AccountID: req.AccountID,
|
|
WebsiteID: req.WebsiteID,
|
|
DNSID: req.DNSID,
|
|
Type: req.Type,
|
|
Domains: req.Domains,
|
|
AutoRenew: req.AutoRenew,
|
|
}).Error
|
|
}
|
|
|
|
func (r *certRepo) Delete(id uint) error {
|
|
return app.Orm.Model(&biz.Cert{}).Where("id = ?", id).Delete(&biz.Cert{}).Error
|
|
}
|
|
|
|
func (r *certRepo) ObtainAuto(id uint) (*acme.Certificate, error) {
|
|
cert, err := r.Get(id)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
client, err := r.getClient(cert)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if cert.DNS != nil {
|
|
client.UseDns(acme.DnsType(cert.DNS.Type), cert.DNS.Data)
|
|
} else {
|
|
if cert.Website == nil {
|
|
return nil, errors.New("该证书没有关联网站,无法自动签发")
|
|
} else {
|
|
for _, domain := range cert.Domains {
|
|
if strings.Contains(domain, "*") {
|
|
return nil, errors.New("通配符域名无法使用 HTTP 验证")
|
|
}
|
|
}
|
|
conf := fmt.Sprintf("%s/server/vhost/acme/%s.conf", app.Root, cert.Website.Name)
|
|
client.UseHTTP(conf, cert.Website.Path)
|
|
}
|
|
}
|
|
|
|
ssl, err := client.ObtainSSL(context.Background(), cert.Domains, acme.KeyType(cert.Type))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
cert.CertURL = ssl.URL
|
|
cert.Cert = string(ssl.ChainPEM)
|
|
cert.Key = string(ssl.PrivateKey)
|
|
if err = app.Orm.Save(cert).Error; err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if cert.Website != nil {
|
|
return &ssl, r.Deploy(cert.ID, cert.WebsiteID)
|
|
}
|
|
|
|
return &ssl, nil
|
|
}
|
|
|
|
func (r *certRepo) ObtainManual(id uint) (*acme.Certificate, error) {
|
|
cert, err := r.Get(id)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if r.client == nil {
|
|
return nil, errors.New("请重新获取 DNS 解析记录")
|
|
}
|
|
|
|
ssl, err := r.client.ObtainSSLManual()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
cert.CertURL = ssl.URL
|
|
cert.Cert = string(ssl.ChainPEM)
|
|
cert.Key = string(ssl.PrivateKey)
|
|
if err = app.Orm.Save(cert).Error; err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if cert.Website != nil {
|
|
return &ssl, r.Deploy(cert.ID, cert.WebsiteID)
|
|
}
|
|
|
|
return &ssl, nil
|
|
}
|
|
|
|
func (r *certRepo) Renew(id uint) (*acme.Certificate, error) {
|
|
cert, err := r.Get(id)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
client, err := r.getClient(cert)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if cert.CertURL == "" {
|
|
return nil, errors.New("该证书没有签发成功,无法续签")
|
|
}
|
|
|
|
if cert.DNS != nil {
|
|
client.UseDns(acme.DnsType(cert.DNS.Type), cert.DNS.Data)
|
|
} else {
|
|
if cert.Website == nil {
|
|
return nil, errors.New("该证书没有关联网站,无法续签,可以尝试手动签发")
|
|
} else {
|
|
for _, domain := range cert.Domains {
|
|
if strings.Contains(domain, "*") {
|
|
return nil, errors.New("通配符域名无法使用 HTTP 验证")
|
|
}
|
|
}
|
|
conf := fmt.Sprintf("/www/server/vhost/acme/%s.conf", cert.Website.Name)
|
|
client.UseHTTP(conf, cert.Website.Path)
|
|
}
|
|
}
|
|
|
|
ssl, err := client.RenewSSL(context.Background(), cert.CertURL, cert.Domains, acme.KeyType(cert.Type))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
cert.CertURL = ssl.URL
|
|
cert.Cert = string(ssl.ChainPEM)
|
|
cert.Key = string(ssl.PrivateKey)
|
|
if err = app.Orm.Save(cert).Error; err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if cert.Website != nil {
|
|
return &ssl, r.Deploy(cert.ID, cert.WebsiteID)
|
|
}
|
|
|
|
return &ssl, nil
|
|
}
|
|
|
|
func (r *certRepo) ManualDNS(id uint) ([]acme.DNSRecord, error) {
|
|
cert, err := r.Get(id)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
client, err := r.getClient(cert)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
client.UseManualDns(len(cert.Domains))
|
|
records, err := client.GetDNSRecords(context.Background(), cert.Domains, acme.KeyType(cert.Type))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// 15 分钟后清理客户端
|
|
r.client = client
|
|
time.AfterFunc(15*time.Minute, func() {
|
|
r.client = nil
|
|
})
|
|
|
|
return records, nil
|
|
}
|
|
|
|
func (r *certRepo) Deploy(ID, WebsiteID uint) error {
|
|
cert, err := r.Get(ID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if cert.Cert == "" || cert.Key == "" {
|
|
return errors.New("该证书没有签发成功,无法部署")
|
|
}
|
|
|
|
website, err := r.websiteRepo.Get(WebsiteID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if err = io.Write(fmt.Sprintf("%s/server/vhost/ssl/%s.pem", app.Root, website.Name), cert.Cert, 0644); err != nil {
|
|
return err
|
|
}
|
|
if err = io.Write(fmt.Sprintf("%s/server/vhost/ssl/%s.key", app.Root, website.Name), cert.Key, 0644); err != nil {
|
|
return err
|
|
}
|
|
if err = systemctl.Reload("openresty"); err != nil {
|
|
_, err = shell.Execf("openresty -t")
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (r *certRepo) getClient(cert *biz.Cert) (*acme.Client, error) {
|
|
var ca string
|
|
var eab *acme.EAB
|
|
switch cert.Account.CA {
|
|
case "letsencrypt":
|
|
ca = acme.CALetsEncrypt
|
|
case "buypass":
|
|
ca = acme.CABuypass
|
|
case "zerossl":
|
|
ca = acme.CAZeroSSL
|
|
eab = &acme.EAB{KeyID: cert.Account.Kid, MACKey: cert.Account.HmacEncoded}
|
|
case "sslcom":
|
|
ca = acme.CASSLcom
|
|
eab = &acme.EAB{KeyID: cert.Account.Kid, MACKey: cert.Account.HmacEncoded}
|
|
case "google":
|
|
ca = acme.CAGoogle
|
|
eab = &acme.EAB{KeyID: cert.Account.Kid, MACKey: cert.Account.HmacEncoded}
|
|
}
|
|
|
|
return acme.NewPrivateKeyAccount(cert.Account.Email, cert.Account.PrivateKey, ca, eab)
|
|
}
|