package services import ( "context" "github.com/TeaOSLab/EdgeAPI/internal/acme" "github.com/TeaOSLab/EdgeAPI/internal/db/models" "github.com/TeaOSLab/EdgeAPI/internal/dnsclients" "github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb" ) // ACME任务相关服务 type ACMETaskService struct { BaseService } // 计算某个ACME用户相关的任务数量 func (this *ACMETaskService) CountAllEnabledACMETasksWithACMEUserId(ctx context.Context, req *pb.CountAllEnabledACMETasksWithACMEUserIdRequest) (*pb.RPCCountResponse, error) { _, _, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } // TODO 校验权限 tx := this.NullTx() count, err := models.SharedACMETaskDAO.CountACMETasksWithACMEUserId(tx, req.AcmeUserId) if err != nil { return nil, err } return this.SuccessCount(count) } // 计算跟某个DNS服务商相关的任务数量 func (this *ACMETaskService) CountEnabledACMETasksWithDNSProviderId(ctx context.Context, req *pb.CountEnabledACMETasksWithDNSProviderIdRequest) (*pb.RPCCountResponse, error) { _, _, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } // TODO 校验权限 tx := this.NullTx() count, err := models.SharedACMETaskDAO.CountACMETasksWithDNSProviderId(tx, req.DnsProviderId) if err != nil { return nil, err } return this.SuccessCount(count) } // 计算所有任务数量 func (this *ACMETaskService) CountAllEnabledACMETasks(ctx context.Context, req *pb.CountAllEnabledACMETasksRequest) (*pb.RPCCountResponse, error) { _, _, err := this.ValidateAdminAndUser(ctx, 0, req.UserId) if err != nil { return nil, err } tx := this.NullTx() count, err := models.SharedACMETaskDAO.CountAllEnabledACMETasks(tx, req.AdminId, req.UserId) if err != nil { return nil, err } return this.SuccessCount(count) } // 列出单页任务 func (this *ACMETaskService) ListEnabledACMETasks(ctx context.Context, req *pb.ListEnabledACMETasksRequest) (*pb.ListEnabledACMETasksResponse, error) { _, _, err := this.ValidateAdminAndUser(ctx, 0, req.UserId) if err != nil { return nil, err } tx := this.NullTx() tasks, err := models.SharedACMETaskDAO.ListEnabledACMETasks(tx, req.AdminId, req.UserId, req.Offset, req.Size) if err != nil { return nil, err } result := []*pb.ACMETask{} for _, task := range tasks { // ACME用户 acmeUser, err := models.SharedACMEUserDAO.FindEnabledACMEUser(tx, int64(task.AcmeUserId)) if err != nil { return nil, err } if acmeUser == nil { continue } pbACMEUser := &pb.ACMEUser{ Id: int64(acmeUser.Id), Email: acmeUser.Email, Description: acmeUser.Description, CreatedAt: int64(acmeUser.CreatedAt), } var pbProvider *pb.DNSProvider if task.AuthType == acme.AuthTypeDNS { // DNS provider, err := models.SharedDNSProviderDAO.FindEnabledDNSProvider(tx, int64(task.DnsProviderId)) if err != nil { return nil, err } if provider == nil { continue } pbProvider = &pb.DNSProvider{ Id: int64(provider.Id), Name: provider.Name, Type: provider.Type, TypeName: dnsclients.FindProviderTypeName(provider.Type), } } // 证书 var pbCert *pb.SSLCert = nil if task.CertId > 0 { cert, err := models.SharedSSLCertDAO.FindEnabledSSLCert(tx, int64(task.CertId)) if err != nil { return nil, err } if cert == nil { continue } pbCert = &pb.SSLCert{ Id: int64(cert.Id), IsOn: cert.IsOn == 1, Name: cert.Name, TimeBeginAt: int64(cert.TimeBeginAt), TimeEndAt: int64(cert.TimeEndAt), } } // 最近一条日志 var pbTaskLog *pb.ACMETaskLog = nil taskLog, err := models.SharedACMETaskLogDAO.FindLatestACMETasKLog(tx, int64(task.Id)) if err != nil { return nil, err } if taskLog != nil { pbTaskLog = &pb.ACMETaskLog{ Id: int64(taskLog.Id), IsOk: taskLog.IsOk == 1, Error: taskLog.Error, CreatedAt: int64(taskLog.CreatedAt), } } result = append(result, &pb.ACMETask{ Id: int64(task.Id), IsOn: task.IsOn == 1, DnsDomain: task.DnsDomain, Domains: task.DecodeDomains(), CreatedAt: int64(task.CreatedAt), AutoRenew: task.AutoRenew == 1, AcmeUser: pbACMEUser, DnsProvider: pbProvider, SslCert: pbCert, LatestACMETaskLog: pbTaskLog, AuthType: task.AuthType, }) } return &pb.ListEnabledACMETasksResponse{AcmeTasks: result}, nil } // 创建任务 func (this *ACMETaskService) CreateACMETask(ctx context.Context, req *pb.CreateACMETaskRequest) (*pb.CreateACMETaskResponse, error) { adminId, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } if len(req.AuthType) == 0 { req.AuthType = acme.AuthTypeDNS } tx := this.NullTx() taskId, err := models.SharedACMETaskDAO.CreateACMETask(tx, adminId, userId, req.AuthType, req.AcmeUserId, req.DnsProviderId, req.DnsDomain, req.Domains, req.AutoRenew) if err != nil { return nil, err } return &pb.CreateACMETaskResponse{AcmeTaskId: taskId}, nil } // 修改任务 func (this *ACMETaskService) UpdateACMETask(ctx context.Context, req *pb.UpdateACMETaskRequest) (*pb.RPCSuccess, error) { adminId, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } tx := this.NullTx() canAccess, err := models.SharedACMETaskDAO.CheckACMETask(tx, adminId, userId, req.AcmeTaskId) if err != nil { return nil, err } if !canAccess { return nil, this.PermissionError() } err = models.SharedACMETaskDAO.UpdateACMETask(tx, req.AcmeTaskId, req.AcmeUserId, req.DnsProviderId, req.DnsDomain, req.Domains, req.AutoRenew) if err != nil { return nil, err } return this.Success() } // 删除任务 func (this *ACMETaskService) DeleteACMETask(ctx context.Context, req *pb.DeleteACMETaskRequest) (*pb.RPCSuccess, error) { adminId, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } tx := this.NullTx() canAccess, err := models.SharedACMETaskDAO.CheckACMETask(tx, adminId, userId, req.AcmeTaskId) if err != nil { return nil, err } if !canAccess { return nil, this.PermissionError() } err = models.SharedACMETaskDAO.DisableACMETask(tx, req.AcmeTaskId) if err != nil { return nil, err } return this.Success() } // 运行某个任务 func (this *ACMETaskService) RunACMETask(ctx context.Context, req *pb.RunACMETaskRequest) (*pb.RunACMETaskResponse, error) { adminId, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } tx := this.NullTx() canAccess, err := models.SharedACMETaskDAO.CheckACMETask(tx, adminId, userId, req.AcmeTaskId) if err != nil { return nil, err } if !canAccess { return nil, this.PermissionError() } isOk, msg, certId := models.SharedACMETaskDAO.RunTask(tx, req.AcmeTaskId) return &pb.RunACMETaskResponse{ IsOk: isOk, Error: msg, SslCertId: certId, }, nil } // 查找单个任务信息 func (this *ACMETaskService) FindEnabledACMETask(ctx context.Context, req *pb.FindEnabledACMETaskRequest) (*pb.FindEnabledACMETaskResponse, error) { adminId, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } tx := this.NullTx() canAccess, err := models.SharedACMETaskDAO.CheckACMETask(tx, adminId, userId, req.AcmeTaskId) if err != nil { return nil, err } if !canAccess { return nil, this.PermissionError() } task, err := models.SharedACMETaskDAO.FindEnabledACMETask(tx, req.AcmeTaskId) if err != nil { return nil, err } if task == nil { return &pb.FindEnabledACMETaskResponse{AcmeTask: nil}, nil } // 用户 var pbACMEUser *pb.ACMEUser = nil if task.AcmeUserId > 0 { acmeUser, err := models.SharedACMEUserDAO.FindEnabledACMEUser(tx, int64(task.AcmeUserId)) if err != nil { return nil, err } if acmeUser != nil { pbACMEUser = &pb.ACMEUser{ Id: int64(acmeUser.Id), Email: acmeUser.Email, Description: acmeUser.Description, CreatedAt: int64(acmeUser.CreatedAt), } } } // DNS var pbProvider *pb.DNSProvider provider, err := models.SharedDNSProviderDAO.FindEnabledDNSProvider(tx, int64(task.DnsProviderId)) if err != nil { return nil, err } if provider != nil { pbProvider = &pb.DNSProvider{ Id: int64(provider.Id), Name: provider.Name, Type: provider.Type, TypeName: dnsclients.FindProviderTypeName(provider.Type), } } return &pb.FindEnabledACMETaskResponse{AcmeTask: &pb.ACMETask{ Id: int64(task.Id), IsOn: task.IsOn == 1, DnsDomain: task.DnsDomain, Domains: task.DecodeDomains(), CreatedAt: int64(task.CreatedAt), AutoRenew: task.AutoRenew == 1, DnsProvider: pbProvider, AcmeUser: pbACMEUser, AuthType: task.AuthType, }}, nil }