DNS服务支持密钥管理

internal/db/models/nameservers/ns_domain_model.go

@@ -10,6 +10,7 @@ type NSDomain struct {
 	CreatedAt uint64 `field:"createdAt"` // 创建时间
 	Version   uint64 `field:"version"`   // 版本
 	State     uint8  `field:"state"`     // 状态
+	Tsig      string `field:"tsig"`      // TSIG配置
 }
 
 type NSDomainOperator struct {
@@ -21,6 +22,7 @@ type NSDomainOperator struct {
 	CreatedAt interface{} // 创建时间
 	Version   interface{} // 版本
 	State     interface{} // 状态
+	Tsig      interface{} // TSIG配置
 }
 
 func NewNSDomainOperator() *NSDomainOperator {

internal/db/models/nameservers/ns_key_dao.go

@@ -0,0 +1,137 @@
+package nameservers
+
+import (
+	"github.com/TeaOSLab/EdgeAPI/internal/errors"
+	"github.com/TeaOSLab/EdgeCommon/pkg/dnsconfigs"
+	_ "github.com/go-sql-driver/mysql"
+	"github.com/iwind/TeaGo/Tea"
+	"github.com/iwind/TeaGo/dbs"
+)
+
+const (
+	NSKeyStateEnabled  = 1 // 已启用
+	NSKeyStateDisabled = 0 // 已禁用
+)
+
+type NSKeyDAO dbs.DAO
+
+func NewNSKeyDAO() *NSKeyDAO {
+	return dbs.NewDAO(&NSKeyDAO{
+		DAOObject: dbs.DAOObject{
+			DB:     Tea.Env,
+			Table:  "edgeNSKeys",
+			Model:  new(NSKey),
+			PkName: "id",
+		},
+	}).(*NSKeyDAO)
+}
+
+var SharedNSKeyDAO *NSKeyDAO
+
+func init() {
+	dbs.OnReady(func() {
+		SharedNSKeyDAO = NewNSKeyDAO()
+	})
+}
+
+// EnableNSKey 启用条目
+func (this *NSKeyDAO) EnableNSKey(tx *dbs.Tx, id int64) error {
+	_, err := this.Query(tx).
+		Pk(id).
+		Set("state", NSKeyStateEnabled).
+		Update()
+	return err
+}
+
+// DisableNSKey 禁用条目
+func (this *NSKeyDAO) DisableNSKey(tx *dbs.Tx, id int64) error {
+	_, err := this.Query(tx).
+		Pk(id).
+		Set("state", NSKeyStateDisabled).
+		Update()
+	return err
+}
+
+// FindEnabledNSKey 查找启用中的条目
+func (this *NSKeyDAO) FindEnabledNSKey(tx *dbs.Tx, id int64) (*NSKey, error) {
+	result, err := this.Query(tx).
+		Pk(id).
+		Attr("state", NSKeyStateEnabled).
+		Find()
+	if result == nil {
+		return nil, err
+	}
+	return result.(*NSKey), err
+}
+
+// FindNSKeyName 根据主键查找名称
+func (this *NSKeyDAO) FindNSKeyName(tx *dbs.Tx, id int64) (string, error) {
+	return this.Query(tx).
+		Pk(id).
+		Result("name").
+		FindStringCol("")
+}
+
+// CreateKey 创建Key
+func (this *NSKeyDAO) CreateKey(tx *dbs.Tx, domainId int64, zoneId int64, name string, algo dnsconfigs.KeyAlgorithmType, secret string, secretType string) (int64, error) {
+	op := NewNSKeyOperator()
+	op.DomainId = domainId
+	op.ZoneId = zoneId
+	op.Name = name
+	op.Algo = algo
+	op.Secret = secret
+	op.SecretType = secretType
+	op.State = NSKeyStateEnabled
+	return this.SaveInt64(tx, op)
+}
+
+// UpdateKey 修改Key
+func (this *NSKeyDAO) UpdateKey(tx *dbs.Tx, keyId int64, name string, algo dnsconfigs.KeyAlgorithmType, secret string, secretType string, isOn bool) error {
+	if keyId <= 0 {
+		return errors.New("invalid keyId")
+	}
+	op := NewNSKeyOperator()
+	op.Id = keyId
+	op.Name = name
+	op.Algo = algo
+	op.Secret = secret
+	op.SecretType = secretType
+	op.IsOn = isOn
+	return this.Save(tx, op)
+}
+
+// CountEnabledKeys 计算Key的数量
+func (this *NSKeyDAO) CountEnabledKeys(tx *dbs.Tx, domainId int64, zoneId int64) (int64, error) {
+	var query = this.Query(tx).
+		State(NSKeyStateEnabled)
+	if domainId > 0 {
+		query.Attr("domainId", domainId)
+	}
+	if zoneId > 0 {
+		query.Attr("zoneId", zoneId)
+	}
+	return query.Count()
+}
+
+// ListEnabledKeys 列出单页Key
+func (this *NSKeyDAO) ListEnabledKeys(tx *dbs.Tx, domainId int64, zoneId int64, offset int64, size int64) (result []*NSKey, err error) {
+	var query = this.Query(tx).
+		State(NSKeyStateEnabled)
+	if domainId > 0 {
+		query.Attr("domainId", domainId)
+	}
+	if zoneId > 0 {
+		query.Attr("zoneId", zoneId)
+	}
+	_, err = query.
+		DescPk().
+		Slice(&result).
+		FindAll()
+	return
+}
+
+// NotifyUpdate 通知更新
+func (this *NSKeyDAO) NotifyUpdate(tx *dbs.Tx, keyId int64) error {
+	// TODO 需要实现
+	return nil
+}

internal/db/models/nameservers/ns_key_dao_test.go

@@ -0,0 +1,6 @@
+package nameservers
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	_ "github.com/iwind/TeaGo/bootstrap"
+)

internal/db/models/nameservers/ns_key_model.go

@@ -0,0 +1,30 @@
+package nameservers
+
+// NSKey 密钥管理
+type NSKey struct {
+	Id         uint64 `field:"id"`         // ID
+	IsOn       uint8  `field:"isOn"`       // 状态
+	Name       string `field:"name"`       // 名称
+	DomainId   uint64 `field:"domainId"`   // 域名ID
+	ZoneId     uint64 `field:"zoneId"`     // 子域ID
+	Algo       string `field:"algo"`       // 算法
+	Secret     string `field:"secret"`     // 密码
+	SecretType string `field:"secretType"` // 密码类型
+	State      uint8  `field:"state"`      // 状态
+}
+
+type NSKeyOperator struct {
+	Id         interface{} // ID
+	IsOn       interface{} // 状态
+	Name       interface{} // 名称
+	DomainId   interface{} // 域名ID
+	ZoneId     interface{} // 子域ID
+	Algo       interface{} // 算法
+	Secret     interface{} // 密码
+	SecretType interface{} // 密码类型
+	State      interface{} // 状态
+}
+
+func NewNSKeyOperator() *NSKeyOperator {
+	return &NSKeyOperator{}
+}

internal/db/models/nameservers/ns_key_model_ext.go

@@ -0,0 +1 @@
+package nameservers

internal/db/models/nameservers/ns_zone_dao.go

@@ -0,0 +1,63 @@
+package nameservers
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	"github.com/iwind/TeaGo/Tea"
+	"github.com/iwind/TeaGo/dbs"
+)
+
+const (
+	NSZoneStateEnabled  = 1 // 已启用
+	NSZoneStateDisabled = 0 // 已禁用
+)
+
+type NSZoneDAO dbs.DAO
+
+func NewNSZoneDAO() *NSZoneDAO {
+	return dbs.NewDAO(&NSZoneDAO{
+		DAOObject: dbs.DAOObject{
+			DB:     Tea.Env,
+			Table:  "edgeNSZones",
+			Model:  new(NSZone),
+			PkName: "id",
+		},
+	}).(*NSZoneDAO)
+}
+
+var SharedNSZoneDAO *NSZoneDAO
+
+func init() {
+	dbs.OnReady(func() {
+		SharedNSZoneDAO = NewNSZoneDAO()
+	})
+}
+
+// EnableNSZone 启用条目
+func (this *NSZoneDAO) EnableNSZone(tx *dbs.Tx, id uint64) error {
+	_, err := this.Query(tx).
+		Pk(id).
+		Set("state", NSZoneStateEnabled).
+		Update()
+	return err
+}
+
+// DisableNSZone 禁用条目
+func (this *NSZoneDAO) DisableNSZone(tx *dbs.Tx, id uint64) error {
+	_, err := this.Query(tx).
+		Pk(id).
+		Set("state", NSZoneStateDisabled).
+		Update()
+	return err
+}
+
+// FindEnabledNSZone 查找启用中的条目
+func (this *NSZoneDAO) FindEnabledNSZone(tx *dbs.Tx, id uint64) (*NSZone, error) {
+	result, err := this.Query(tx).
+		Pk(id).
+		Attr("state", NSZoneStateEnabled).
+		Find()
+	if result == nil {
+		return nil, err
+	}
+	return result.(*NSZone), err
+}

internal/db/models/nameservers/ns_zone_dao_test.go

@@ -0,0 +1,6 @@
+package nameservers
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	_ "github.com/iwind/TeaGo/bootstrap"
+)

internal/db/models/nameservers/ns_zone_model.go

@@ -0,0 +1,26 @@
+package nameservers
+
+// NSZone 域名子域
+type NSZone struct {
+	Id       uint64 `field:"id"`       // ID
+	DomainId uint64 `field:"domainId"` // 域名ID
+	IsOn     uint8  `field:"isOn"`     // 是否启用
+	Order    uint32 `field:"order"`    // 排序
+	Version  uint64 `field:"version"`  // 版本
+	Tsig     string `field:"tsig"`     // TSIG配置
+	State    uint8  `field:"state"`    // 状态
+}
+
+type NSZoneOperator struct {
+	Id       interface{} // ID
+	DomainId interface{} // 域名ID
+	IsOn     interface{} // 是否启用
+	Order    interface{} // 排序
+	Version  interface{} // 版本
+	Tsig     interface{} // TSIG配置
+	State    interface{} // 状态
+}
+
+func NewNSZoneOperator() *NSZoneOperator {
+	return &NSZoneOperator{}
+}

internal/db/models/nameservers/ns_zone_model_ext.go

@@ -0,0 +1 @@
+package nameservers

internal/nodes/api_node_services.go

@@ -443,6 +443,11 @@ func (this *APINode) registerServices(server *grpc.Server) {
 		pb.RegisterNSRouteServiceServer(server, instance)
 		this.rest(instance)
 	}
+	{
+		instance := this.serviceInstance(&nameservers.NSKeyService{}).(*nameservers.NSKeyService)
+		pb.RegisterNSKeyServiceServer(server, instance)
+		this.rest(instance)
+	}
 	{
 		instance := this.serviceInstance(&nameservers.NSAccessLogService{}).(*nameservers.NSAccessLogService)
 		pb.RegisterNSAccessLogServiceServer(server, instance)

internal/rpc/services/nameservers/service_ns_key.go

@@ -0,0 +1,127 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package nameservers
+
+import (
+	"context"
+	"github.com/TeaOSLab/EdgeAPI/internal/db/models/nameservers"
+	"github.com/TeaOSLab/EdgeAPI/internal/rpc/services"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+)
+
+// NSKeyService NS密钥相关服务
+type NSKeyService struct {
+	services.BaseService
+}
+
+// CreateNSKey 创建密钥
+func (this *NSKeyService) CreateNSKey(ctx context.Context, req *pb.CreateNSKeyRequest) (*pb.CreateNSKeyResponse, error) {
+	_, err := this.ValidateAdmin(ctx, 0)
+	if err != nil {
+		return nil, err
+	}
+
+	var tx = this.NullTx()
+	keyId, err := nameservers.SharedNSKeyDAO.CreateKey(tx, req.NsDomainId, req.NsZoneId, req.Name, req.Algo, req.Secret, req.SecretType)
+	if err != nil {
+		return nil, err
+	}
+	return &pb.CreateNSKeyResponse{NsKeyId: keyId}, nil
+}
+
+// UpdateNSKey 修改密钥
+func (this *NSKeyService) UpdateNSKey(ctx context.Context, req *pb.UpdateNSKeyRequest) (*pb.RPCSuccess, error) {
+	_, err := this.ValidateAdmin(ctx, 0)
+	if err != nil {
+		return nil, err
+	}
+	var tx = this.NullTx()
+	err = nameservers.SharedNSKeyDAO.UpdateKey(tx, req.NsKeyId, req.Name, req.Algo, req.Secret, req.SecretType, req.IsOn)
+	if err != nil {
+		return nil, err
+	}
+	return this.Success()
+}
+
+// DeleteNSKey 删除密钥
+func (this *NSKeyService) DeleteNSKey(ctx context.Context, req *pb.DeleteNSKeyRequest) (*pb.RPCSuccess, error) {
+	_, err := this.ValidateAdmin(ctx, 0)
+	if err != nil {
+		return nil, err
+	}
+
+	var tx = this.NullTx()
+	err = nameservers.SharedNSKeyDAO.DisableNSKey(tx, req.NsKeyId)
+	if err != nil {
+		return nil, err
+	}
+	return this.Success()
+}
+
+// FindEnabledNSKey 查找单个密钥
+func (this *NSKeyService) FindEnabledNSKey(ctx context.Context, req *pb.FindEnabledNSKeyRequest) (*pb.FindEnabledNSKeyResponse, error) {
+	_, err := this.ValidateAdmin(ctx, 0)
+	if err != nil {
+		return nil, err
+	}
+
+	var tx = this.NullTx()
+	key, err := nameservers.SharedNSKeyDAO.FindEnabledNSKey(tx, req.NsKeyId)
+	if err != nil {
+		return nil, err
+	}
+	if key == nil {
+		return &pb.FindEnabledNSKeyResponse{NsKey: nil}, nil
+	}
+	return &pb.FindEnabledNSKeyResponse{
+		NsKey: &pb.NSKey{
+			Id:         int64(key.Id),
+			IsOn:       key.IsOn == 1,
+			Name:       key.Name,
+			Algo:       key.Algo,
+			Secret:     key.Secret,
+			SecretType: key.SecretType,
+		},
+	}, nil
+}
+
+// CountAllEnabledNSKeys 计算密钥数量
+func (this *NSKeyService) CountAllEnabledNSKeys(ctx context.Context, req *pb.CountAllEnabledNSKeysRequest) (*pb.RPCCountResponse, error) {
+	_, err := this.ValidateAdmin(ctx, 0)
+	if err != nil {
+		return nil, err
+	}
+
+	var tx = this.NullTx()
+	count, err := nameservers.SharedNSKeyDAO.CountEnabledKeys(tx, req.NsDomainId, req.NsZoneId)
+	if err != nil {
+		return nil, err
+	}
+	return this.SuccessCount(count)
+}
+
+// ListEnabledNSKeys 列出单页密钥
+func (this *NSKeyService) ListEnabledNSKeys(ctx context.Context, req *pb.ListEnabledNSKeysRequest) (*pb.ListEnabledNSKeysResponse, error) {
+	_, err := this.ValidateAdmin(ctx, 0)
+	if err != nil {
+		return nil, err
+	}
+
+	var tx = this.NullTx()
+	keys, err := nameservers.SharedNSKeyDAO.ListEnabledKeys(tx, req.NsDomainId, req.NsZoneId, req.Offset, req.Size)
+	if err != nil {
+		return nil, err
+	}
+	var pbKeys = []*pb.NSKey{}
+	for _, key := range keys {
+		pbKeys = append(pbKeys, &pb.NSKey{
+			Id:         int64(key.Id),
+			IsOn:       key.IsOn == 1,
+			Name:       key.Name,
+			Algo:       key.Algo,
+			Secret:     key.Secret,
+			SecretType: key.SecretType,
+		})
+	}
+	return &pb.ListEnabledNSKeysResponse{NsKeys: pbKeys}, nil
+}