实现证书管理

internal/web/actions/default/servers/components/componentutils/component_helper.go

@@ -18,7 +18,7 @@ func (this *ComponentHelper) BeforeAction(action *actions.ActionObject) {
 	if action.Request.Method != http.MethodGet {
 		return
 	}
-	action.Data["teaMenu"] = "server"
+	action.Data["teaMenu"] = "servers"
 	action.Data["mainTab"] = "component"
 
 	// 顶部标签栏

internal/web/actions/default/servers/components/ssl/certPopup.go

@@ -0,0 +1,77 @@
+package ssl
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
+	"github.com/iwind/TeaGo/maps"
+	timeutil "github.com/iwind/TeaGo/utils/time"
+	"time"
+)
+
+type CertPopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *CertPopupAction) Init() {
+}
+
+func (this *CertPopupAction) RunGet(params struct {
+	CertId int64
+}) {
+	certResp, err := this.RPC().SSLCertRPC().FindEnabledSSLCertConfig(this.AdminContext(), &pb.FindEnabledSSLCertConfigRequest{CertId: params.CertId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	certConfig := &sslconfigs.SSLCertConfig{}
+	err = json.Unmarshal(certResp.CertJSON, certConfig)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	reverseCommonNames := []string{}
+	for i := len(certConfig.CommonNames) - 1; i >= 0; i-- {
+		reverseCommonNames = append(reverseCommonNames, certConfig.CommonNames[i])
+	}
+
+	this.Data["info"] = maps.Map{
+		"id":          certConfig.Id,
+		"name":        certConfig.Name,
+		"description": certConfig.Description,
+		"isOn":        certConfig.IsOn,
+		"isAvailable": certConfig.TimeEndAt >= time.Now().Unix(),
+		"commonNames": reverseCommonNames,
+		"dnsNames":    certConfig.DNSNames,
+
+		// TODO 检查是否为7天或30天内过期
+		"beginTime": timeutil.FormatTime("Y-m-d H:i:s", certConfig.TimeBeginAt),
+		"endTime":   timeutil.FormatTime("Y-m-d H:i:s", certConfig.TimeEndAt),
+
+		"isCA":       certConfig.IsCA,
+		"certString": string(certConfig.CertData),
+		"keyString":  string(certConfig.KeyData),
+	}
+
+	// 引入的服务
+	serversResp, err := this.RPC().ServerRPC().FindAllServersWithSSLCertId(this.AdminContext(), &pb.FindAllServersWithSSLCertIdRequest{CertId: params.CertId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	serverMaps := []maps.Map{}
+	for _, server := range serversResp.Servers {
+		serverMaps = append(serverMaps, maps.Map{
+			"id":   server.Id,
+			"isOn": server.IsOn,
+			"name": server.Name,
+			"type": server.Type,
+		})
+	}
+	this.Data["servers"] = serverMaps
+
+	this.Show()
+}

internal/web/actions/default/servers/components/ssl/delete.go

@@ -0,0 +1,32 @@
+package ssl
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+)
+
+type DeleteAction struct {
+	actionutils.ParentAction
+}
+
+func (this *DeleteAction) RunPost(params struct {
+	CertId int64
+}) {
+	// 是否正在被使用
+	countResp, err := this.RPC().ServerRPC().CountServersWithSSLCertId(this.AdminContext(), &pb.CountServersWithSSLCertIdRequest{CertId: params.CertId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if countResp.Count > 0 {
+		this.Fail("此证书正在被某些服务引用，请先修改服务后再删除。")
+	}
+
+	_, err = this.RPC().SSLCertRPC().DeleteSSLCert(this.AdminContext(), &pb.DeleteSSLCertRequest{CertId: params.CertId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}

internal/web/actions/default/servers/components/ssl/downloadCert.go

@@ -0,0 +1,37 @@
+package ssl
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
+	"strconv"
+)
+
+type DownloadCertAction struct {
+	actionutils.ParentAction
+}
+
+func (this *DownloadCertAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *DownloadCertAction) RunGet(params struct {
+	CertId int64
+}) {
+	certResp, err := this.RPC().SSLCertRPC().FindEnabledSSLCertConfig(this.AdminContext(), &pb.FindEnabledSSLCertConfigRequest{CertId: params.CertId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	certConfig := &sslconfigs.SSLCertConfig{}
+	err = json.Unmarshal(certResp.CertJSON, certConfig)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.AddHeader("Content-Disposition", "attachment; filename=\"cert-"+strconv.FormatInt(params.CertId, 10)+".pem\";")
+	this.Write(certConfig.CertData)
+}

internal/web/actions/default/servers/components/ssl/downloadKey.go

@@ -0,0 +1,37 @@
+package ssl
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
+	"strconv"
+)
+
+type DownloadKeyAction struct {
+	actionutils.ParentAction
+}
+
+func (this *DownloadKeyAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *DownloadKeyAction) RunGet(params struct {
+	CertId int64
+}) {
+	certResp, err := this.RPC().SSLCertRPC().FindEnabledSSLCertConfig(this.AdminContext(), &pb.FindEnabledSSLCertConfigRequest{CertId: params.CertId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	certConfig := &sslconfigs.SSLCertConfig{}
+	err = json.Unmarshal(certResp.CertJSON, certConfig)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.AddHeader("Content-Disposition", "attachment; filename=\"key-"+strconv.FormatInt(params.CertId, 10)+".pem\";")
+	this.Write(certConfig.KeyData)
+}

internal/web/actions/default/servers/components/ssl/downloadZip.go

@@ -0,0 +1,80 @@
+package ssl
+
+import (
+	"archive/zip"
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
+	"strconv"
+)
+
+type DownloadZipAction struct {
+	actionutils.ParentAction
+}
+
+func (this *DownloadZipAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *DownloadZipAction) RunGet(params struct {
+	CertId int64
+}) {
+	certResp, err := this.RPC().SSLCertRPC().FindEnabledSSLCertConfig(this.AdminContext(), &pb.FindEnabledSSLCertConfigRequest{CertId: params.CertId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	certConfig := &sslconfigs.SSLCertConfig{}
+	err = json.Unmarshal(certResp.CertJSON, certConfig)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	z := zip.NewWriter(this.ResponseWriter)
+	defer func() {
+		_ = z.Close()
+	}()
+
+	this.AddHeader("Content-Disposition", "attachment; filename=\"cert-"+strconv.FormatInt(params.CertId, 10)+".zip\";")
+
+	// cert
+	{
+		w, err := z.Create("cert.pem")
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		_, err = w.Write(certConfig.CertData)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		err = z.Flush()
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+	}
+
+	// key
+	if !certConfig.IsCA {
+		w, err := z.Create("key.pem")
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		_, err = w.Write(certConfig.KeyData)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		err = z.Flush()
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+	}
+}

internal/web/actions/default/servers/components/ssl/index.go

@@ -1,7 +1,13 @@
 package ssl
 
 import (
+	"encoding/json"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
+	"github.com/iwind/TeaGo/maps"
+	timeutil "github.com/iwind/TeaGo/utils/time"
+	"time"
 )
 
 type IndexAction struct {
@@ -12,7 +18,146 @@ func (this *IndexAction) Init() {
 	this.FirstMenu("index")
 }
 
-func (this *IndexAction) RunGet(params struct{}) {
+func (this *IndexAction) RunGet(params struct {
+	Type string
+}) {
+	this.Data["type"] = params.Type
+
+	countAll := int64(0)
+	countCA := int64(0)
+	countAvailable := int64(0)
+	countExpired := int64(0)
+	count7Days := int64(0)
+	count30Days := int64(0)
+
+	// 计算数量
+	{
+		// all
+		resp, err := this.RPC().SSLCertRPC().CountSSLCerts(this.AdminContext(), &pb.CountSSLCertRequest{})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		countAll = resp.Count
+
+		// CA
+		resp, err = this.RPC().SSLCertRPC().CountSSLCerts(this.AdminContext(), &pb.CountSSLCertRequest{
+			IsCA: true,
+		})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		countCA = resp.Count
+
+		// available
+		resp, err = this.RPC().SSLCertRPC().CountSSLCerts(this.AdminContext(), &pb.CountSSLCertRequest{
+			IsAvailable: true,
+		})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		countAvailable = resp.Count
+
+		// expired
+		resp, err = this.RPC().SSLCertRPC().CountSSLCerts(this.AdminContext(), &pb.CountSSLCertRequest{
+			IsExpired: true,
+		})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		countExpired = resp.Count
+
+		// expire in 7 days
+		resp, err = this.RPC().SSLCertRPC().CountSSLCerts(this.AdminContext(), &pb.CountSSLCertRequest{
+			ExpiringDays: 7,
+		})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		count7Days = resp.Count
+
+		// expire in 30 days
+		resp, err = this.RPC().SSLCertRPC().CountSSLCerts(this.AdminContext(), &pb.CountSSLCertRequest{
+			ExpiringDays: 30,
+		})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		count30Days = resp.Count
+	}
+
+	this.Data["countAll"] = countAll
+	this.Data["countCA"] = countCA
+	this.Data["countAvailable"] = countAvailable
+	this.Data["countExpired"] = countExpired
+	this.Data["count7Days"] = count7Days
+	this.Data["count30Days"] = count30Days
+
+	// 分页
+	var page *actionutils.Page
+	var listResp *pb.ListSSLCertsResponse
+	var err error
+	switch params.Type {
+	case "":
+		page = this.NewPage(countAll)
+		listResp, err = this.RPC().SSLCertRPC().ListSSLCerts(this.AdminContext(), &pb.ListSSLCertsRequest{Offset: page.Offset, Size: page.Size})
+	case "ca":
+		page = this.NewPage(countCA)
+		listResp, err = this.RPC().SSLCertRPC().ListSSLCerts(this.AdminContext(), &pb.ListSSLCertsRequest{IsCA: true, Offset: page.Offset, Size: page.Size})
+	case "available":
+		page = this.NewPage(countAvailable)
+		listResp, err = this.RPC().SSLCertRPC().ListSSLCerts(this.AdminContext(), &pb.ListSSLCertsRequest{IsAvailable: true, Offset: page.Offset, Size: page.Size})
+	case "expired":
+		page = this.NewPage(countExpired)
+		listResp, err = this.RPC().SSLCertRPC().ListSSLCerts(this.AdminContext(), &pb.ListSSLCertsRequest{IsExpired: true, Offset: page.Offset, Size: page.Size})
+	case "7days":
+		page = this.NewPage(count7Days)
+		listResp, err = this.RPC().SSLCertRPC().ListSSLCerts(this.AdminContext(), &pb.ListSSLCertsRequest{ExpiringDays: 7, Offset: page.Offset, Size: page.Size})
+	case "30days":
+		page = this.NewPage(count30Days)
+		listResp, err = this.RPC().SSLCertRPC().ListSSLCerts(this.AdminContext(), &pb.ListSSLCertsRequest{ExpiringDays: 30, Offset: page.Offset, Size: page.Size})
+	default:
+		page = this.NewPage(countAll)
+		listResp, err = this.RPC().SSLCertRPC().ListSSLCerts(this.AdminContext(), &pb.ListSSLCertsRequest{})
+	}
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	certConfigs := []*sslconfigs.SSLCertConfig{}
+	err = json.Unmarshal(listResp.CertsJSON, &certConfigs)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["certs"] = certConfigs
+
+	certMaps := []maps.Map{}
+	nowTime := time.Now().Unix()
+	for _, certConfig := range certConfigs {
+		countServersResp, err := this.RPC().ServerRPC().CountServersWithSSLCertId(this.AdminContext(), &pb.CountServersWithSSLCertIdRequest{CertId: certConfig.Id})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+
+		certMaps = append(certMaps, maps.Map{
+			"beginDay":     timeutil.FormatTime("Y-m-d", certConfig.TimeBeginAt),
+			"endDay":       timeutil.FormatTime("Y-m-d", certConfig.TimeEndAt),
+			"isExpired":    nowTime > certConfig.TimeEndAt,
+			"isAvailable":  nowTime <= certConfig.TimeEndAt,
+			"countServers": countServersResp.Count,
+		})
+	}
+	this.Data["certInfos"] = certMaps
+
+	this.Data["page"] = page.AsHTML()
 
 	this.Show()
 }

internal/web/actions/default/servers/components/ssl/init.go

@@ -14,6 +14,15 @@ func init() {
 			Helper(componentutils.NewComponentHelper()).
 			Prefix("/servers/components/ssl").
 			Get("", new(IndexAction)).
+			GetPost("/uploadPopup", new(UploadPopupAction)).
+			Post("/delete", new(DeleteAction)).
+			GetPost("/updatePopup", new(UpdatePopupAction)).
+			Get("/certPopup", new(CertPopupAction)).
+			Get("/viewKey", new(ViewKeyAction)).
+			Get("/viewCert", new(ViewCertAction)).
+			Get("/downloadKey", new(DownloadKeyAction)).
+			Get("/downloadCert", new(DownloadCertAction)).
+			Get("/downloadZip", new(DownloadZipAction)).
 			EndAll()
 	})
 }

internal/web/actions/default/servers/components/ssl/updatePopup.go

@@ -0,0 +1,15 @@
+package ssl
+
+import "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+
+type UpdatePopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *UpdatePopupAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *UpdatePopupAction) RunGet(params struct{}) {
+	this.Show()
+}

internal/web/actions/default/servers/components/ssl/uploadPopup.go

@@ -0,0 +1,95 @@
+package ssl
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
+	"github.com/iwind/TeaGo/actions"
+)
+
+type UploadPopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *UploadPopupAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *UploadPopupAction) RunGet(params struct{}) {
+	this.Show()
+}
+
+func (this *UploadPopupAction) RunPost(params struct {
+	Name        string
+	IsCA        bool
+	Description string
+	IsOn        bool
+
+	CertFile *actions.File
+	KeyFile  *actions.File
+
+	Must *actions.Must
+}) {
+	params.Must.
+		Field("name", params.Name).
+		Require("请输入证书说明")
+
+	certData := []byte{}
+	keyData := []byte{}
+
+	if params.CertFile == nil {
+		this.Fail("请选择要上传的证书文件")
+	}
+	var err error
+	certData, err = params.CertFile.Read()
+	if err != nil {
+		this.Fail("读取证书文件内容错误，请重新上传")
+	}
+
+	if !params.IsCA {
+		if params.KeyFile == nil {
+			this.Fail("请选择要上传的私钥文件")
+		} else {
+			keyData, err = params.KeyFile.Read()
+			if err != nil {
+				this.Fail("读取密钥文件内容错误，请重新上传")
+			}
+		}
+	}
+
+	// 校验
+	sslConfig := &sslconfigs.SSLCertConfig{
+		IsCA:     params.IsCA,
+		CertData: certData,
+		KeyData:  keyData,
+	}
+	err = sslConfig.Init()
+	if err != nil {
+		if params.IsCA {
+			this.Fail("证书校验错误：" + err.Error())
+		} else {
+			this.Fail("证书或密钥校验错误：" + err.Error())
+		}
+	}
+
+	// 保存
+	_, err = this.RPC().SSLCertRPC().CreateSSLCert(this.AdminContext(), &pb.CreateSSLCertRequest{
+		IsOn:        params.IsOn,
+		Name:        params.Name,
+		Description: params.Description,
+		ServerName:  "",
+		IsCA:        params.IsCA,
+		CertData:    certData,
+		KeyData:     keyData,
+		TimeBeginAt: sslConfig.TimeBeginAt,
+		TimeEndAt:   sslConfig.TimeEndAt,
+		DnsNames:    sslConfig.DNSNames,
+		CommonNames: sslConfig.CommonNames,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}

internal/web/actions/default/servers/components/ssl/viewCert.go

@@ -0,0 +1,34 @@
+package ssl
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
+)
+
+type ViewCertAction struct {
+	actionutils.ParentAction
+}
+
+func (this *ViewCertAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *ViewCertAction) RunGet(params struct {
+	CertId int64
+}) {
+	certResp, err := this.RPC().SSLCertRPC().FindEnabledSSLCertConfig(this.AdminContext(), &pb.FindEnabledSSLCertConfigRequest{CertId: params.CertId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	certConfig := &sslconfigs.SSLCertConfig{}
+	err = json.Unmarshal(certResp.CertJSON, certConfig)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Write(certConfig.CertData)
+}

internal/web/actions/default/servers/components/ssl/viewKey.go

@@ -0,0 +1,34 @@
+package ssl
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
+)
+
+type ViewKeyAction struct {
+	actionutils.ParentAction
+}
+
+func (this *ViewKeyAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *ViewKeyAction) RunGet(params struct {
+	CertId int64
+}) {
+	certResp, err := this.RPC().SSLCertRPC().FindEnabledSSLCertConfig(this.AdminContext(), &pb.FindEnabledSSLCertConfigRequest{CertId: params.CertId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	certConfig := &sslconfigs.SSLCertConfig{}
+	err = json.Unmarshal(certResp.CertJSON, certConfig)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Write(certConfig.KeyData)
+}