TRKJ/EdgeAPI
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeAPI.git synced 2025-11-07 02:20:24 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
3c14310e3a477ab4477a1cb15ee86529e38c8f88
EdgeAPI/internal/rpc/services/service_ssl_policy.go
刘祥超 f49c26cdab 所有数据库相关的操作支持事务
2021-01-01 23:31:30 +08:00

101 lines
2.7 KiB
Go
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

package services
import (
"context"
"encoding/json"
"github.com/TeaOSLab/EdgeAPI/internal/db/models"
rpcutils "github.com/TeaOSLab/EdgeAPI/internal/rpc/utils"
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
)
type SSLPolicyService struct {
BaseService
}
// 创建Policy
func (this *SSLPolicyService) CreateSSLPolicy(ctx context.Context, req *pb.CreateSSLPolicyRequest) (*pb.CreateSSLPolicyResponse, error) {
// 校验请求
adminId, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
if err != nil {
return nil, err
}
tx := this.NullTx()
if userId > 0 {
// 检查证书
if len(req.SslCertsJSON) > 0 {
certRefs := []*sslconfigs.SSLCertRef{}
err = json.Unmarshal(req.SslCertsJSON, &certRefs)
if err != nil {
return nil, err
}
for _, certRef := range certRefs {
err = models.SharedSSLCertDAO.CheckUserCert(tx, certRef.CertId, userId)
if err != nil {
return nil, err
}
}
}
// 检查CA证书
// TODO
}
policyId, err := models.SharedSSLPolicyDAO.CreatePolicy(tx, adminId, userId, req.Http2Enabled, req.MinVersion, req.SslCertsJSON, req.HstsJSON, req.ClientAuthType, req.ClientCACertsJSON, req.CipherSuitesIsOn, req.CipherSuites)
if err != nil {
return nil, err
}
return &pb.CreateSSLPolicyResponse{SslPolicyId: policyId}, nil
}
// 修改Policy
func (this *SSLPolicyService) UpdateSSLPolicy(ctx context.Context, req *pb.UpdateSSLPolicyRequest) (*pb.RPCSuccess, error) {
// 校验请求
_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
if err != nil {
return nil, err
}
tx := this.NullTx()
if userId > 0 {
err := models.SharedSSLPolicyDAO.CheckUserPolicy(tx, req.SslPolicyId, userId)
if err != nil {
return nil, err
}
}
err = models.SharedSSLPolicyDAO.UpdatePolicy(tx, req.SslPolicyId, req.Http2Enabled, req.MinVersion, req.SslCertsJSON, req.HstsJSON, req.ClientAuthType, req.ClientCACertsJSON, req.CipherSuitesIsOn, req.CipherSuites)
if err != nil {
return nil, err
}
return this.Success()
}
// 查找Policy
func (this *SSLPolicyService) FindEnabledSSLPolicyConfig(ctx context.Context, req *pb.FindEnabledSSLPolicyConfigRequest) (*pb.FindEnabledSSLPolicyConfigResponse, error) {
// 校验请求
// 这里不使用validateAdminAndUser()是因为我们允许用户ID为0的时候也可以调用
_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin, rpcutils.UserTypeUser)
if err != nil {
return nil, err
}
tx := this.NullTx()
config, err := models.SharedSSLPolicyDAO.ComposePolicyConfig(tx, req.SslPolicyId)
if err != nil {
return nil, err
}
configJSON, err := json.Marshal(config)
if err != nil {
return nil, err
}
return &pb.FindEnabledSSLPolicyConfigResponse{SslPolicyJSON: configJSON}, nil
}
Reference in New Issue View Git Blame Copy Permalink