[SSL证书]免费证书申请增加HTTP认证方式

2025-12-25 14:36:35 +08:00 · 2020-12-03 18:19:22 +08:00
parent ee296ad1c9
commit 5f0e7833a0
20 changed files with 369 additions and 57 deletions
--- a/internal/rpc/services/service_acme_authentication.go
+++ b/internal/rpc/services/service_acme_authentication.go
@@ -0,0 +1,33 @@
+package services
+
+import (
+	"context"
+	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
+	"github.com/TeaOSLab/EdgeAPI/internal/errors"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+)
+
+// ACME认证相关
+type ACMEAuthenticationService struct {
+	BaseService
+}
+
+// 获取Key
+func (this *ACMEAuthenticationService) FindACMEAuthenticationKeyWithToken(ctx context.Context, req *pb.FindACMEAuthenticationKeyWithTokenRequest) (*pb.FindACMEAuthenticationKeyWithTokenResponse, error) {
+	_, err := this.ValidateNode(ctx)
+	if err != nil {
+		return nil, err
+	}
+	if len(req.Token) == 0 {
+		return nil, errors.New("'token' should not be empty")
+	}
+
+	auth, err := models.SharedACMEAuthenticationDAO.FindAuthWithToken(req.Token)
+	if err != nil {
+		return nil, err
+	}
+	if auth == nil {
+		return &pb.FindACMEAuthenticationKeyWithTokenResponse{Key: ""}, nil
+	}
+	return &pb.FindACMEAuthenticationKeyWithTokenResponse{Key: auth.Key}, nil
+}
--- a/internal/rpc/services/service_acme_task.go
+++ b/internal/rpc/services/service_acme_task.go
@@ -2,6 +2,7 @@ package services

 import (
 	"context"
+	"github.com/TeaOSLab/EdgeAPI/internal/acme"
 	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
 	"github.com/TeaOSLab/EdgeAPI/internal/dnsclients"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
@@ -87,19 +88,22 @@ func (this *ACMETaskService) ListEnabledACMETasks(ctx context.Context, req *pb.L
 			CreatedAt:   int64(acmeUser.CreatedAt),
 		}

-		// DNS
-		provider, err := models.SharedDNSProviderDAO.FindEnabledDNSProvider(int64(task.DnsProviderId))
-		if err != nil {
-			return nil, err
-		}
-		if provider == nil {
-			continue
-		}
-		pbProvider := &pb.DNSProvider{
-			Id:       int64(provider.Id),
-			Name:     provider.Name,
-			Type:     provider.Type,
-			TypeName: dnsclients.FindProviderTypeName(provider.Type),
+		var pbProvider *pb.DNSProvider
+		if task.AuthType == acme.AuthTypeDNS {
+			// DNS
+			provider, err := models.SharedDNSProviderDAO.FindEnabledDNSProvider(int64(task.DnsProviderId))
+			if err != nil {
+				return nil, err
+			}
+			if provider == nil {
+				continue
+			}
+			pbProvider = &pb.DNSProvider{
+				Id:       int64(provider.Id),
+				Name:     provider.Name,
+				Type:     provider.Type,
+				TypeName: dnsclients.FindProviderTypeName(provider.Type),
+			}
 		}

 		// 证书
@@ -147,6 +151,7 @@ func (this *ACMETaskService) ListEnabledACMETasks(ctx context.Context, req *pb.L
 			DnsProvider:       pbProvider,
 			SslCert:           pbCert,
 			LatestACMETaskLog: pbTaskLog,
+			AuthType:          task.AuthType,
 		})
 	}

@@ -159,7 +164,12 @@ func (this *ACMETaskService) CreateACMETask(ctx context.Context, req *pb.CreateA
 	if err != nil {
 		return nil, err
 	}
-	taskId, err := models.SharedACMETaskDAO.CreateACMETask(adminId, userId, req.AcmeUserId, req.DnsProviderId, req.DnsDomain, req.Domains, req.AutoRenew)
+
+	if len(req.AuthType) == 0 {
+		req.AuthType = acme.AuthTypeDNS
+	}
+
+	taskId, err := models.SharedACMETaskDAO.CreateACMETask(adminId, userId, req.AuthType, req.AcmeUserId, req.DnsProviderId, req.DnsDomain, req.Domains, req.AutoRenew)
 	if err != nil {
 		return nil, err
 	}
@@ -298,5 +308,6 @@ func (this *ACMETaskService) FindEnabledACMETask(ctx context.Context, req *pb.Fi
 		AutoRenew:   task.AutoRenew == 1,
 		DnsProvider: pbProvider,
 		AcmeUser:    pbACMEUser,
+		AuthType:    task.AuthType,
 	}}, nil
 }
--- a/internal/rpc/services/service_base.go
+++ b/internal/rpc/services/service_base.go
@@ -57,6 +57,12 @@ func (this *BaseService) ValidateAdminAndUser(ctx context.Context, reqUserId int
 	return
 }

+// 校验节点
+func (this *BaseService) ValidateNode(ctx context.Context) (nodeId int64, err error) {
+	_, nodeId, err = rpcutils.ValidateRequest(ctx, rpcutils.UserTypeNode)
+	return
+}
+
 // 返回成功
 func (this *BaseService) Success() (*pb.RPCSuccess, error) {
 	return &pb.RPCSuccess{}, nil
--- a/internal/rpc/services/service_node.go
+++ b/internal/rpc/services/service_node.go
@@ -1067,6 +1067,11 @@ func (this *NodeService) FindEnabledNodeDNS(ctx context.Context, req *pb.FindEna
 		return &pb.FindEnabledNodeDNSResponse{Node: nil}, nil
 	}

+	ipAddr, err := models.SharedNodeIPAddressDAO.FindFirstNodeIPAddress(int64(node.Id))
+	if err != nil {
+		return nil, err
+	}
+
 	clusterId := int64(node.ClusterId)
 	clusterDNS, err := models.SharedNodeClusterDAO.FindClusterDNSInfo(clusterId)
 	if err != nil {
@@ -1101,11 +1106,6 @@ func (this *NodeService) FindEnabledNodeDNS(ctx context.Context, req *pb.FindEna
 		}
 	}

-	ipAddr, err := models.SharedNodeIPAddressDAO.FindFirstNodeIPAddress(int64(node.Id))
-	if err != nil {
-		return nil, err
-	}
-
 	return &pb.FindEnabledNodeDNSResponse{
 		Node: &pb.NodeDNSInfo{
 			Id:            int64(node.Id),