mirror of
https://github.com/TeaOSLab/EdgeAPI.git
synced 2025-11-04 16:00:24 +08:00
183 lines
4.7 KiB
Go
183 lines
4.7 KiB
Go
package services
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"github.com/TeaOSLab/EdgeAPI/internal/db/models"
|
|
"github.com/TeaOSLab/EdgeAPI/internal/db/models/acme"
|
|
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
|
|
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
|
|
)
|
|
|
|
// SSLCertService SSL证书相关服务
|
|
type SSLCertService struct {
|
|
BaseService
|
|
}
|
|
|
|
// CreateSSLCert 创建Cert
|
|
func (this *SSLCertService) CreateSSLCert(ctx context.Context, req *pb.CreateSSLCertRequest) (*pb.CreateSSLCertResponse, error) {
|
|
// 校验请求
|
|
adminId, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
tx := this.NullTx()
|
|
|
|
certId, err := models.SharedSSLCertDAO.CreateCert(tx, adminId, userId, req.IsOn, req.Name, req.Description, req.ServerName, req.IsCA, req.CertData, req.KeyData, req.TimeBeginAt, req.TimeEndAt, req.DnsNames, req.CommonNames)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return &pb.CreateSSLCertResponse{SslCertId: certId}, nil
|
|
}
|
|
|
|
// UpdateSSLCert 修改Cert
|
|
func (this *SSLCertService) UpdateSSLCert(ctx context.Context, req *pb.UpdateSSLCertRequest) (*pb.RPCSuccess, error) {
|
|
// 校验请求
|
|
_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
tx := this.NullTx()
|
|
|
|
// 检查权限
|
|
if userId > 0 {
|
|
err := models.SharedSSLCertDAO.CheckUserCert(tx, req.SslCertId, userId)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
|
|
err = models.SharedSSLCertDAO.UpdateCert(tx, req.SslCertId, req.IsOn, req.Name, req.Description, req.ServerName, req.IsCA, req.CertData, req.KeyData, req.TimeBeginAt, req.TimeEndAt, req.DnsNames, req.CommonNames)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return this.Success()
|
|
}
|
|
|
|
// FindEnabledSSLCertConfig 查找证书配置
|
|
func (this *SSLCertService) FindEnabledSSLCertConfig(ctx context.Context, req *pb.FindEnabledSSLCertConfigRequest) (*pb.FindEnabledSSLCertConfigResponse, error) {
|
|
// 校验请求
|
|
_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
tx := this.NullTx()
|
|
|
|
// 检查权限
|
|
if userId > 0 {
|
|
err := models.SharedSSLCertDAO.CheckUserCert(tx, req.SslCertId, userId)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
|
|
config, err := models.SharedSSLCertDAO.ComposeCertConfig(tx, req.SslCertId, nil)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
configJSON, err := json.Marshal(config)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return &pb.FindEnabledSSLCertConfigResponse{SslCertJSON: configJSON}, nil
|
|
}
|
|
|
|
// DeleteSSLCert 删除证书
|
|
func (this *SSLCertService) DeleteSSLCert(ctx context.Context, req *pb.DeleteSSLCertRequest) (*pb.RPCSuccess, error) {
|
|
// 校验请求
|
|
_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
tx := this.NullTx()
|
|
|
|
// 检查权限
|
|
if userId > 0 {
|
|
err := models.SharedSSLCertDAO.CheckUserCert(tx, req.SslCertId, userId)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
|
|
err = models.SharedSSLCertDAO.DisableSSLCert(tx, req.SslCertId)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// 停止相关ACME任务
|
|
err = acme.SharedACMETaskDAO.DisableAllTasksWithCertId(tx, req.SslCertId)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return this.Success()
|
|
}
|
|
|
|
// CountSSLCerts 计算匹配的Cert数量
|
|
func (this *SSLCertService) CountSSLCerts(ctx context.Context, req *pb.CountSSLCertRequest) (*pb.RPCCountResponse, error) {
|
|
// 校验请求
|
|
adminId, userId, err := this.ValidateAdminAndUser(ctx, 0, req.UserId)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
tx := this.NullTx()
|
|
|
|
if adminId > 0 {
|
|
userId = req.UserId
|
|
}
|
|
|
|
count, err := models.SharedSSLCertDAO.CountCerts(tx, req.IsCA, req.IsAvailable, req.IsExpired, int64(req.ExpiringDays), req.Keyword, userId)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return this.SuccessCount(count)
|
|
}
|
|
|
|
// ListSSLCerts 列出单页匹配的Cert
|
|
func (this *SSLCertService) ListSSLCerts(ctx context.Context, req *pb.ListSSLCertsRequest) (*pb.ListSSLCertsResponse, error) {
|
|
// 校验请求
|
|
adminId, userId, err := this.ValidateAdminAndUser(ctx, 0, req.UserId)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if adminId > 0 {
|
|
userId = req.UserId
|
|
}
|
|
|
|
tx := this.NullTx()
|
|
|
|
certIds, err := models.SharedSSLCertDAO.ListCertIds(tx, req.IsCA, req.IsAvailable, req.IsExpired, int64(req.ExpiringDays), req.Keyword, userId, req.Offset, req.Size)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
certConfigs := []*sslconfigs.SSLCertConfig{}
|
|
for _, certId := range certIds {
|
|
certConfig, err := models.SharedSSLCertDAO.ComposeCertConfig(tx, certId, nil)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// 这里不需要数据内容
|
|
certConfig.CertData = nil
|
|
certConfig.KeyData = nil
|
|
|
|
certConfigs = append(certConfigs, certConfig)
|
|
}
|
|
certConfigsJSON, err := json.Marshal(certConfigs)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return &pb.ListSSLCertsResponse{SslCertsJSON: certConfigsJSON}, nil
|
|
}
|