实现HTTPS配置

internal/db/models/ssl_policy_dao.go

@@ -2,10 +2,12 @@ package models
 
 import (
 	"encoding/json"
+	"errors"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/dbs"
+	"github.com/iwind/TeaGo/types"
 	"strconv"
 )
 
@@ -29,6 +31,20 @@ func NewSSLPolicyDAO() *SSLPolicyDAO {
 
 var SharedSSLPolicyDAO = NewSSLPolicyDAO()
 
+// 初始化
+func (this *SSLPolicyDAO) Init() {
+	this.DAOObject.Init()
+	this.DAOObject.OnUpdate(func() error {
+		return SharedSysEventDAO.CreateEvent(NewServerChangeEvent())
+	})
+	this.DAOObject.OnInsert(func() error {
+		return SharedSysEventDAO.CreateEvent(NewServerChangeEvent())
+	})
+	this.DAOObject.OnDelete(func() error {
+		return SharedSysEventDAO.CreateEvent(NewServerChangeEvent())
+	})
+}
+
 // 启用条目
 func (this *SSLPolicyDAO) EnableSSLPolicy(id int64) error {
 	_, err := this.Query().
@@ -97,7 +113,30 @@ func (this *SSLPolicyDAO) ComposePolicyConfig(policyId int64) (*sslconfigs.SSLPo
 		}
 	}
 
+	// client CA certs
+	if IsNotNull(policy.ClientCACerts) {
+		refs := []*sslconfigs.SSLCertRef{}
+		err = json.Unmarshal([]byte(policy.ClientCACerts), &refs)
+		if err != nil {
+			return nil, err
+		}
+		if len(refs) > 0 {
+			for _, ref := range refs {
+				certConfig, err := SharedSSLCertDAO.ComposeCertConfig(ref.CertId)
+				if err != nil {
+					return nil, err
+				}
+				if certConfig == nil {
+					continue
+				}
+				config.ClientCARefs = append(config.ClientCARefs, ref)
+				config.ClientCACerts = append(config.ClientCACerts, certConfig)
+			}
+		}
+	}
+
 	// cipher suites
+	config.CipherSuitesIsOn = policy.CipherSuitesIsOn == 1
 	if IsNotNull(policy.CipherSuites) {
 		cipherSuites := []string{}
 		err = json.Unmarshal([]byte(policy.CipherSuites), &cipherSuites)
@@ -140,3 +179,76 @@ func (this *SSLPolicyDAO) FindAllEnabledPolicyIdsWithCertId(certId int64) (polic
 	}
 	return policyIds, nil
 }
+
+// 创建Policy
+func (this *SSLPolicyDAO) CreatePolicy(http2Enabled bool, minVersion string, certsJSON []byte, hstsJSON []byte, clientAuthType int32, clientCACertsJSON []byte, cipherSuitesIsOn bool, cipherSuites []string) (int64, error) {
+	op := NewSSLPolicyOperator()
+	op.State = SSLPolicyStateEnabled
+	op.IsOn = true
+	op.Http2Enabled = http2Enabled
+	op.MinVersion = minVersion
+
+	if len(certsJSON) > 0 {
+		op.Certs = certsJSON
+	}
+	if len(hstsJSON) > 0 {
+		op.Hsts = hstsJSON
+	}
+
+	op.ClientAuthType = clientAuthType
+	if len(clientCACertsJSON) > 0 {
+		op.ClientCACerts = clientCACertsJSON
+	}
+
+	op.CipherSuitesIsOn = cipherSuitesIsOn
+	if len(cipherSuites) > 0 {
+		cipherSuitesJSON, err := json.Marshal(cipherSuites)
+		if err != nil {
+			return 0, err
+		}
+		op.CipherSuites = cipherSuitesJSON
+	}
+	_, err := this.Save(op)
+	if err != nil {
+		return 0, err
+	}
+	return types.Int64(op.Id), nil
+}
+
+// 修改Policy
+// 创建Policy
+func (this *SSLPolicyDAO) UpdatePolicy(policyId int64, http2Enabled bool, minVersion string, certsJSON []byte, hstsJSON []byte, clientAuthType int32, clientCACertsJSON []byte, cipherSuitesIsOn bool, cipherSuites []string) error {
+	if policyId <= 0 {
+		return errors.New("invalid policyId")
+	}
+
+	op := NewSSLPolicyOperator()
+	op.Id = policyId
+	op.Http2Enabled = http2Enabled
+	op.MinVersion = minVersion
+
+	if len(certsJSON) > 0 {
+		op.Certs = certsJSON
+	}
+	if len(hstsJSON) > 0 {
+		op.Hsts = hstsJSON
+	}
+
+	op.ClientAuthType = clientAuthType
+	if len(clientCACertsJSON) > 0 {
+		op.ClientCACerts = clientCACertsJSON
+	}
+
+	op.CipherSuitesIsOn = cipherSuitesIsOn
+	if len(cipherSuites) > 0 {
+		cipherSuitesJSON, err := json.Marshal(cipherSuites)
+		if err != nil {
+			return err
+		}
+		op.CipherSuites = cipherSuitesJSON
+	} else {
+		op.CipherSuites = "[]"
+	}
+	_, err := this.Save(op)
+	return err
+}