实现HTTPS配置

internal/rpc/rpc_client.go

@@ -130,6 +130,10 @@ func (this *RPCClient) SSLCertRPC() pb.SSLCertServiceClient {
 	return pb.NewSSLCertServiceClient(this.pickConn())
 }
 
+func (this *RPCClient) SSLPolicyRPC() pb.SSLPolicyServiceClient {
+	return pb.NewSSLPolicyServiceClient(this.pickConn())
+}
+
 // 构造上下文
 func (this *RPCClient) Context(adminId int64) context.Context {
 	ctx := context.Background()

internal/web/actions/default/servers/components/ssl/datajs.go

@@ -0,0 +1,60 @@
+package ssl
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
+)
+
+// 所有相关数据
+type DatajsAction struct {
+	actionutils.ParentAction
+}
+
+func (this *DatajsAction) Init() {
+}
+
+func (this *DatajsAction) RunGet(params struct{}) {
+	this.AddHeader("Content-Type", "text/javascript; charset=utf-8")
+
+	{
+		cipherSuitesJSON, err := json.Marshal(sslconfigs.AllTLSCipherSuites)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		this.WriteString("window.SSL_ALL_CIPHER_SUITES = " + string(cipherSuitesJSON) + ";\n")
+	}
+	{
+		modernCipherSuitesJSON, err := json.Marshal(sslconfigs.TLSModernCipherSuites)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		this.WriteString("window.SSL_MODERN_CIPHER_SUITES = " + string(modernCipherSuitesJSON) + ";\n")
+	}
+	{
+		intermediateCipherSuitesJSON, err := json.Marshal(sslconfigs.TLSIntermediateCipherSuites)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		this.WriteString("window.SSL_INTERMEDIATE_CIPHER_SUITES = " + string(intermediateCipherSuitesJSON) + ";\n")
+	}
+	{
+		sslVersionsJSON, err := json.Marshal(sslconfigs.AllTlsVersions)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		this.WriteString("window.SSL_ALL_VERSIONS = " + string(sslVersionsJSON) + ";\n")
+	}
+	{
+		clientAuthTypesJSON, err := json.Marshal(sslconfigs.AllSSLClientAuthTypes())
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		this.WriteString("window.SSL_ALL_CLIENT_AUTH_TYPES = " + string(clientAuthTypesJSON) + ";\n")
+	}
+}

internal/web/actions/default/servers/components/ssl/init.go

@@ -23,6 +23,8 @@ func init() {
 			Get("/downloadKey", new(DownloadKeyAction)).
 			Get("/downloadCert", new(DownloadCertAction)).
 			Get("/downloadZip", new(DownloadZipAction)).
+			Get("/selectPopup", new(SelectPopupAction)).
+			Get("/datajs", new(DatajsAction)).
 			EndAll()
 	})
 }

internal/web/actions/default/servers/components/ssl/selectPopup.go

@@ -0,0 +1,68 @@
+package ssl
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
+	"github.com/iwind/TeaGo/maps"
+	timeutil "github.com/iwind/TeaGo/utils/time"
+	"time"
+)
+
+// 选择证书
+type SelectPopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *SelectPopupAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *SelectPopupAction) RunGet(params struct{}) {
+	// TODO 支持关键词搜索
+	// TODO 列出常用的证书供用户选择
+
+	countResp, err := this.RPC().SSLCertRPC().CountSSLCerts(this.AdminContext(), &pb.CountSSLCertRequest{})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	page := this.NewPage(countResp.Count)
+	this.Data["page"] = page.AsHTML()
+
+	listResp, err := this.RPC().SSLCertRPC().ListSSLCerts(this.AdminContext(), &pb.ListSSLCertsRequest{
+		Offset: page.Offset,
+		Size:   page.Size,
+	})
+
+	certConfigs := []*sslconfigs.SSLCertConfig{}
+	err = json.Unmarshal(listResp.CertsJSON, &certConfigs)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["certs"] = certConfigs
+
+	certMaps := []maps.Map{}
+	nowTime := time.Now().Unix()
+	for _, certConfig := range certConfigs {
+		countServersResp, err := this.RPC().ServerRPC().CountServersWithSSLCertId(this.AdminContext(), &pb.CountServersWithSSLCertIdRequest{CertId: certConfig.Id})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+
+		certMaps = append(certMaps, maps.Map{
+			"beginDay":     timeutil.FormatTime("Y-m-d", certConfig.TimeBeginAt),
+			"endDay":       timeutil.FormatTime("Y-m-d", certConfig.TimeEndAt),
+			"isExpired":    nowTime > certConfig.TimeEndAt,
+			"isAvailable":  nowTime <= certConfig.TimeEndAt,
+			"countServers": countServersResp.Count,
+		})
+	}
+	this.Data["certInfos"] = certMaps
+
+	this.Show()
+}

internal/web/actions/default/servers/components/ssl/uploadPopup.go

@@ -1,6 +1,7 @@
 package ssl
 
 import (
+	"encoding/json"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
@@ -73,7 +74,7 @@ func (this *UploadPopupAction) RunPost(params struct {
 	}
 
 	// 保存
-	_, err = this.RPC().SSLCertRPC().CreateSSLCert(this.AdminContext(), &pb.CreateSSLCertRequest{
+	createResp, err := this.RPC().SSLCertRPC().CreateSSLCert(this.AdminContext(), &pb.CreateSSLCertRequest{
 		IsOn:        params.IsOn,
 		Name:        params.Name,
 		Description: params.Description,
@@ -91,5 +92,26 @@ func (this *UploadPopupAction) RunPost(params struct {
 		return
 	}
 
+	// 查询已创建的证书并返回，方便调用者进行后续处理
+	certId := createResp.CertId
+	configResp, err := this.RPC().SSLCertRPC().FindEnabledSSLCertConfig(this.AdminContext(), &pb.FindEnabledSSLCertConfigRequest{CertId: certId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	certConfig := &sslconfigs.SSLCertConfig{}
+	err = json.Unmarshal(configResp.CertJSON, certConfig)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	certConfig.CertData = nil // 去掉不必要的数据
+	certConfig.KeyData = nil  // 去掉不必要的数据
+	this.Data["cert"] = certConfig
+	this.Data["certRef"] = &sslconfigs.SSLCertRef{
+		IsOn:   true,
+		CertId: certId,
+	}
+
 	this.Success()
 }

internal/web/actions/default/servers/server/settings/https/index.go

@@ -2,12 +2,15 @@ package https
 
 import (
 	"encoding/json"
+	"errors"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/serverutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/maps"
+	"github.com/iwind/TeaGo/types"
 )
 
 type IndexAction struct {
@@ -37,10 +40,29 @@ func (this *IndexAction) RunGet(params struct {
 		httpsConfig.IsOn = true
 	}
 
+	var sslPolicy *sslconfigs.SSLPolicy
+	if httpsConfig.SSLPolicyRef != nil && httpsConfig.SSLPolicyRef.SSLPolicyId > 0 {
+		sslPolicyConfigResp, err := this.RPC().SSLPolicyRPC().FindEnabledSSLPolicyConfig(this.AdminContext(), &pb.FindEnabledSSLPolicyConfigRequest{SslPolicyId: httpsConfig.SSLPolicyRef.SSLPolicyId})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		sslPolicyConfigJSON := sslPolicyConfigResp.SslPolicyJSON
+		if len(sslPolicyConfigJSON) > 0 {
+			sslPolicy = &sslconfigs.SSLPolicy{}
+			err = json.Unmarshal(sslPolicyConfigJSON, sslPolicy)
+			if err != nil {
+				this.ErrorPage(err)
+				return
+			}
+		}
+	}
+
 	this.Data["serverType"] = server.Type
 	this.Data["httpsConfig"] = maps.Map{
 		"isOn":      httpsConfig.IsOn,
 		"addresses": httpsConfig.Listen,
+		"sslPolicy": sslPolicy,
 	}
 
 	this.Show()
@@ -51,6 +73,8 @@ func (this *IndexAction) RunPost(params struct {
 	IsOn      bool
 	Addresses string
 
+	SslPolicyJSON []byte
+
 	Must *actions.Must
 }) {
 	addresses := []*serverconfigs.NetworkAddressConfig{}
@@ -59,6 +83,73 @@ func (this *IndexAction) RunPost(params struct {
 		this.Fail("端口地址解析失败：" + err.Error())
 	}
 
+	// TODO 校验addresses
+
+	// 校验SSL
+	var sslPolicyId = int64(0)
+	if params.SslPolicyJSON != nil {
+		sslPolicy := &sslconfigs.SSLPolicy{}
+		err = json.Unmarshal(params.SslPolicyJSON, sslPolicy)
+		if err != nil {
+			this.ErrorPage(errors.New("解析SSL配置时发生了错误：" + err.Error()))
+			return
+		}
+
+		sslPolicyId = sslPolicy.Id
+
+		certsJSON, err := json.Marshal(sslPolicy.CertRefs)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+
+		hstsJSON, err := json.Marshal(sslPolicy.HSTS)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+
+		clientCACertsJSON, err := json.Marshal(sslPolicy.ClientCARefs)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+
+		if sslPolicyId > 0 {
+			_, err := this.RPC().SSLPolicyRPC().UpdateSSLPolicy(this.AdminContext(), &pb.UpdateSSLPolicyRequest{
+				SslPolicyId:       sslPolicyId,
+				Http2Enabled:      sslPolicy.HTTP2Enabled,
+				MinVersion:        sslPolicy.MinVersion,
+				CertsJSON:         certsJSON,
+				HstsJSON:          hstsJSON,
+				ClientAuthType:    types.Int32(sslPolicy.ClientAuthType),
+				ClientCACertsJSON: clientCACertsJSON,
+				CipherSuitesIsOn:  sslPolicy.CipherSuitesIsOn,
+				CipherSuites:      sslPolicy.CipherSuites,
+			})
+			if err != nil {
+				this.ErrorPage(err)
+				return
+			}
+		} else {
+			resp, err := this.RPC().SSLPolicyRPC().CreateSSLPolicy(this.AdminContext(), &pb.CreateSSLPolicyRequest{
+				Http2Enabled:      sslPolicy.HTTP2Enabled,
+				MinVersion:        sslPolicy.MinVersion,
+				CertsJSON:         certsJSON,
+				HstsJSON:          hstsJSON,
+				ClientAuthType:    types.Int32(sslPolicy.ClientAuthType),
+				ClientCACertsJSON: clientCACertsJSON,
+				CipherSuitesIsOn:  sslPolicy.CipherSuitesIsOn,
+				CipherSuites:      sslPolicy.CipherSuites,
+			})
+			if err != nil {
+				this.ErrorPage(err)
+				return
+			}
+			sslPolicyId = resp.SslPolicyId
+		}
+	}
+
 	server, _, isOk := serverutils.FindServer(this.Parent(), params.ServerId)
 	if !isOk {
 		return
@@ -72,6 +163,10 @@ func (this *IndexAction) RunPost(params struct {
 		}
 	}
 
+	httpsConfig.SSLPolicyRef = &sslconfigs.SSLPolicyRef{
+		IsOn:        true,
+		SSLPolicyId: sslPolicyId,
+	}
 	httpsConfig.IsOn = params.IsOn
 	httpsConfig.Listen = addresses
 	configData, err := json.Marshal(httpsConfig)