2020-10-01 16:01:17 +08:00
|
|
|
|
package services
|
|
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
|
"context"
|
|
|
|
|
|
"encoding/json"
|
2022-03-10 15:59:00 +08:00
|
|
|
|
"errors"
|
2024-07-27 14:15:25 +08:00
|
|
|
|
|
2020-10-01 16:01:17 +08:00
|
|
|
|
"github.com/TeaOSLab/EdgeAPI/internal/db/models"
|
|
|
|
|
|
rpcutils "github.com/TeaOSLab/EdgeAPI/internal/rpc/utils"
|
|
|
|
|
|
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
|
2020-12-18 21:18:53 +08:00
|
|
|
|
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
|
2020-10-01 16:01:17 +08:00
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
type SSLPolicyService struct {
|
2020-11-24 15:02:44 +08:00
|
|
|
|
BaseService
|
2020-10-01 16:01:17 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-07-11 18:05:57 +08:00
|
|
|
|
// CreateSSLPolicy 创建Policy
|
2020-10-01 16:01:17 +08:00
|
|
|
|
func (this *SSLPolicyService) CreateSSLPolicy(ctx context.Context, req *pb.CreateSSLPolicyRequest) (*pb.CreateSSLPolicyResponse, error) {
|
|
|
|
|
|
// 校验请求
|
2022-09-17 16:07:37 +08:00
|
|
|
|
adminId, userId, err := this.ValidateAdminAndUser(ctx, true)
|
2020-10-01 16:01:17 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2022-07-22 15:05:30 +08:00
|
|
|
|
var tx = this.NullTx()
|
2021-01-01 23:31:30 +08:00
|
|
|
|
|
2020-12-18 21:18:53 +08:00
|
|
|
|
if userId > 0 {
|
|
|
|
|
|
// 检查证书
|
|
|
|
|
|
if len(req.SslCertsJSON) > 0 {
|
|
|
|
|
|
certRefs := []*sslconfigs.SSLCertRef{}
|
|
|
|
|
|
err = json.Unmarshal(req.SslCertsJSON, &certRefs)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
for _, certRef := range certRefs {
|
2021-01-01 23:31:30 +08:00
|
|
|
|
err = models.SharedSSLCertDAO.CheckUserCert(tx, certRef.CertId, userId)
|
2020-12-18 21:18:53 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 检查CA证书
|
|
|
|
|
|
// TODO
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-06-01 17:46:10 +08:00
|
|
|
|
policyId, err := models.SharedSSLPolicyDAO.CreatePolicy(tx, adminId, userId, req.Http2Enabled, req.Http3Enabled, req.MinVersion, req.SslCertsJSON, req.HstsJSON, req.OcspIsOn, req.ClientAuthType, req.ClientCACertsJSON, req.CipherSuitesIsOn, req.CipherSuites)
|
2020-10-01 16:01:17 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return &pb.CreateSSLPolicyResponse{SslPolicyId: policyId}, nil
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-07-11 18:05:57 +08:00
|
|
|
|
// UpdateSSLPolicy 修改Policy
|
2020-11-13 18:22:22 +08:00
|
|
|
|
func (this *SSLPolicyService) UpdateSSLPolicy(ctx context.Context, req *pb.UpdateSSLPolicyRequest) (*pb.RPCSuccess, error) {
|
2020-10-01 16:01:17 +08:00
|
|
|
|
// 校验请求
|
2022-09-17 16:07:37 +08:00
|
|
|
|
_, userId, err := this.ValidateAdminAndUser(ctx, true)
|
2020-10-01 16:01:17 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
2021-01-01 23:31:30 +08:00
|
|
|
|
|
2022-07-22 15:05:30 +08:00
|
|
|
|
var tx = this.NullTx()
|
2021-01-01 23:31:30 +08:00
|
|
|
|
|
2020-12-18 21:18:53 +08:00
|
|
|
|
if userId > 0 {
|
2023-06-01 17:46:10 +08:00
|
|
|
|
err = models.SharedSSLPolicyDAO.CheckUserPolicy(tx, userId, req.SslPolicyId)
|
2020-12-18 21:18:53 +08:00
|
|
|
|
if err != nil {
|
2022-03-10 15:59:00 +08:00
|
|
|
|
return nil, errors.New("check ssl policy failed: " + err.Error())
|
2020-12-18 21:18:53 +08:00
|
|
|
|
}
|
|
|
|
|
|
}
|
2020-10-01 16:01:17 +08:00
|
|
|
|
|
2023-06-01 17:46:10 +08:00
|
|
|
|
err = models.SharedSSLPolicyDAO.UpdatePolicy(tx, req.SslPolicyId, req.Http2Enabled, req.Http3Enabled, req.MinVersion, req.SslCertsJSON, req.HstsJSON, req.OcspIsOn, req.ClientAuthType, req.ClientCACertsJSON, req.CipherSuitesIsOn, req.CipherSuites)
|
2020-10-01 16:01:17 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-11-24 15:02:44 +08:00
|
|
|
|
return this.Success()
|
2020-10-01 16:01:17 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-07-11 18:05:57 +08:00
|
|
|
|
// FindEnabledSSLPolicyConfig 查找Policy
|
2020-10-01 16:01:17 +08:00
|
|
|
|
func (this *SSLPolicyService) FindEnabledSSLPolicyConfig(ctx context.Context, req *pb.FindEnabledSSLPolicyConfigRequest) (*pb.FindEnabledSSLPolicyConfigResponse, error) {
|
|
|
|
|
|
// 校验请求
|
2020-12-14 21:25:11 +08:00
|
|
|
|
// 这里不使用validateAdminAndUser(),是因为我们允许用户ID为0的时候也可以调用
|
2021-07-11 18:05:57 +08:00
|
|
|
|
_, _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin, rpcutils.UserTypeUser)
|
2020-10-01 16:01:17 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2022-07-22 15:05:30 +08:00
|
|
|
|
var tx = this.NullTx()
|
2021-01-01 23:31:30 +08:00
|
|
|
|
|
2023-03-18 22:18:13 +08:00
|
|
|
|
config, err := models.SharedSSLPolicyDAO.ComposePolicyConfig(tx, req.SslPolicyId, req.IgnoreData, nil, nil)
|
2020-10-01 16:01:17 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
configJSON, err := json.Marshal(config)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return &pb.FindEnabledSSLPolicyConfigResponse{SslPolicyJSON: configJSON}, nil
|
|
|
|
|
|
}
|
