ACME证书增加ZeroSSL支持

2025-12-28 13:36:37 +08:00 · 2021-10-03 13:09:49 +08:00
parent 0bc8bdd841
commit 1fb491d2e1
28 changed files with 795 additions and 33 deletions
--- a/internal/web/actions/default/servers/certs/acme/accounts/createPopup.go
+++ b/internal/web/actions/default/servers/certs/acme/accounts/createPopup.go
@@ -0,0 +1,100 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package accounts
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type CreatePopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *CreatePopupAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *CreatePopupAction) RunGet(params struct {
+	ProviderCode string
+}) {
+	this.Data["providerCode"] = params.ProviderCode
+
+	// 服务商列表
+	providersResp, err := this.RPC().ACMEProviderRPC().FindAllACMEProviders(this.AdminContext(), &pb.FindAllACMEProvidersRequest{})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	var providerMaps = []maps.Map{}
+	for _, provider := range providersResp.AcmeProviders {
+		providerMaps = append(providerMaps, maps.Map{
+			"name":           provider.Name,
+			"code":           provider.Code,
+			"description":    provider.Description,
+			"requireEAB":     provider.RequireEAB,
+			"eabDescription": provider.EabDescription,
+		})
+	}
+
+	this.Data["providers"] = providerMaps
+
+	this.Show()
+}
+
+func (this *CreatePopupAction) RunPost(params struct {
+	Name         string
+	ProviderCode string
+	EabKid       string
+	EabKey       string
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	var accountId int64
+	defer func() {
+		this.CreateLogInfo("创建ACME服务商账号 %d", accountId)
+	}()
+
+	params.Must.
+		Field("name", params.Name).
+		Require("请输入账号名称").
+		Field("providerCode", params.ProviderCode).
+		Require("请选择服务商")
+
+	providerResp, err := this.RPC().ACMEProviderRPC().FindACMEProviderWithCode(this.AdminContext(), &pb.FindACMEProviderWithCodeRequest{AcmeProviderCode: params.ProviderCode})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	var provider = providerResp.AcmeProvider
+	if provider == nil {
+		this.Fail("请选择服务商")
+	}
+
+	if provider.RequireEAB {
+		params.Must.
+			Field("eabKid", params.EabKid).
+			Require("请输入EAB Kid").
+			Field("eabKey", params.EabKey).
+			Require("请输入EAB HMAC Key")
+	}
+
+	createResp, err := this.RPC().ACMEProviderAccountRPC().CreateACMEProviderAccount(this.AdminContext(), &pb.CreateACMEProviderAccountRequest{
+		Name:         params.Name,
+		ProviderCode: params.ProviderCode,
+		EabKid:       params.EabKid,
+		EabKey:       params.EabKey,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	accountId = createResp.AcmeProviderAccountId
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/certs/acme/accounts/delete.go
+++ b/internal/web/actions/default/servers/certs/acme/accounts/delete.go
@@ -0,0 +1,26 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package accounts
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+)
+
+type DeleteAction struct {
+	actionutils.ParentAction
+}
+
+func (this *DeleteAction) RunPost(params struct {
+	AccountId int64
+}) {
+	defer this.CreateLogInfo("删除ACME服务商账号 %d", params.AccountId)
+
+	_, err := this.RPC().ACMEProviderAccountRPC().DeleteACMEProviderAccount(this.AdminContext(), &pb.DeleteACMEProviderAccountRequest{AcmeProviderAccountId: params.AccountId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/certs/acme/accounts/index.go
+++ b/internal/web/actions/default/servers/certs/acme/accounts/index.go
@@ -0,0 +1,61 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package accounts
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "", "account")
+}
+
+func (this *IndexAction) RunGet(params struct{}) {
+	countResp, err := this.RPC().ACMEProviderAccountRPC().CountAllEnabledACMEProviderAccounts(this.AdminContext(), &pb.CountAllEnabledACMEProviderAccountsRequest{})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var count = countResp.Count
+	var page = this.NewPage(count)
+	this.Data["page"] = page.AsHTML()
+
+	accountsResp, err := this.RPC().ACMEProviderAccountRPC().ListEnabledACMEProviderAccounts(this.AdminContext(), &pb.ListEnabledACMEProviderAccountsRequest{
+		Offset: page.Offset,
+		Size:   page.Size,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	var accountMaps = []maps.Map{}
+	for _, account := range accountsResp.AcmeProviderAccounts {
+		var providerMap maps.Map
+		if account.AcmeProvider != nil {
+			providerMap = maps.Map{
+				"name":       account.AcmeProvider.Name,
+				"code":       account.AcmeProvider.Code,
+				"requireEAB": account.AcmeProvider.RequireEAB,
+			}
+		}
+
+		accountMaps = append(accountMaps, maps.Map{
+			"id":       account.Id,
+			"isOn":     account.IsOn,
+			"name":     account.Name,
+			"eabKid":   account.EabKid,
+			"eabKey":   account.EabKey,
+			"provider": providerMap,
+		})
+	}
+	this.Data["accounts"] = accountMaps
+
+	this.Show()
+}
--- a/internal/web/actions/default/servers/certs/acme/accounts/updatePopup.go
+++ b/internal/web/actions/default/servers/certs/acme/accounts/updatePopup.go
@@ -0,0 +1,108 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package accounts
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type UpdatePopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *UpdatePopupAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *UpdatePopupAction) RunGet(params struct {
+	AccountId int64
+}) {
+	// 账号信息
+	accountResp, err := this.RPC().ACMEProviderAccountRPC().FindEnabledACMEProviderAccount(this.AdminContext(), &pb.FindEnabledACMEProviderAccountRequest{AcmeProviderAccountId: params.AccountId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var account = accountResp.AcmeProviderAccount
+	if account == nil {
+		this.NotFound("ACMEProviderAccount", params.AccountId)
+		return
+	}
+
+	var providerMap maps.Map
+	if account.AcmeProvider != nil {
+		providerMap = maps.Map{
+			"name":           account.AcmeProvider.Name,
+			"code":           account.AcmeProvider.Code,
+			"description":    account.AcmeProvider.Description,
+			"eabDescription": account.AcmeProvider.EabDescription,
+			"requireEAB":     account.AcmeProvider.RequireEAB,
+		}
+	}
+
+	this.Data["account"] = maps.Map{
+		"id":           account.Id,
+		"name":         account.Name,
+		"isOn":         account.IsOn,
+		"providerCode": account.ProviderCode,
+		"eabKid":       account.EabKid,
+		"eabKey":       account.EabKey,
+		"provider":     providerMap,
+	}
+
+	this.Show()
+}
+
+func (this *UpdatePopupAction) RunPost(params struct {
+	AccountId    int64
+	Name         string
+	ProviderCode string
+	EabKid       string
+	EabKey       string
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	defer this.CreateLogInfo("修改ACME服务商账号 %d", params.AccountId)
+
+	params.Must.
+		Field("name", params.Name).
+		Require("请输入账号名称").
+		Field("providerCode", params.ProviderCode).
+		Require("请选择服务商")
+
+	providerResp, err := this.RPC().ACMEProviderRPC().FindACMEProviderWithCode(this.AdminContext(), &pb.FindACMEProviderWithCodeRequest{AcmeProviderCode: params.ProviderCode})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	var provider = providerResp.AcmeProvider
+	if provider == nil {
+		this.Fail("请选择服务商")
+	}
+
+	if provider.RequireEAB {
+		params.Must.
+			Field("eabKid", params.EabKid).
+			Require("请输入EAB Kid").
+			Field("eabKey", params.EabKey).
+			Require("请输入EAB HMAC Key")
+	}
+
+	_, err = this.RPC().ACMEProviderAccountRPC().UpdateACMEProviderAccount(this.AdminContext(), &pb.UpdateACMEProviderAccountRequest{
+		AcmeProviderAccountId: params.AccountId,
+		Name:                  params.Name,
+		EabKid:                params.EabKid,
+		EabKey:                params.EabKey,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/certs/acme/create.go
+++ b/internal/web/actions/default/servers/certs/acme/create.go
@@ -35,15 +35,31 @@ func (this *CreateAction) RunGet(params struct{}) {
 		}

 		userMaps = append(userMaps, maps.Map{
-			"id":          user.Id,
-			"description": description,
-			"email":       user.Email,
+			"id":           user.Id,
+			"description":  description,
+			"email":        user.Email,
+			"providerCode": user.AcmeProviderCode,
 		})
 	}
 	this.Data["users"] = userMaps

+	// 证书服务商
+	providersResp, err := this.RPC().ACMEProviderRPC().FindAllACMEProviders(this.AdminContext(), &pb.FindAllACMEProvidersRequest{})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var providerMaps = []maps.Map{}
+	for _, provider := range providersResp.AcmeProviders {
+		providerMaps = append(providerMaps, maps.Map{
+			"name": provider.Name,
+			"code": provider.Code,
+		})
+	}
+	this.Data["providers"] = providerMaps
+
 	// 域名解析服务商
-	providersResp, err := this.RPC().DNSProviderRPC().FindAllEnabledDNSProviders(this.AdminContext(), &pb.FindAllEnabledDNSProvidersRequest{
+	dnsProvidersResp, err := this.RPC().DNSProviderRPC().FindAllEnabledDNSProviders(this.AdminContext(), &pb.FindAllEnabledDNSProvidersRequest{
 		AdminId: this.AdminId(),
 		UserId:  0,
 	})
@@ -51,15 +67,15 @@ func (this *CreateAction) RunGet(params struct{}) {
 		this.ErrorPage(err)
 		return
 	}
-	providerMaps := []maps.Map{}
-	for _, provider := range providersResp.DnsProviders {
-		providerMaps = append(providerMaps, maps.Map{
+	dnsProviderMaps := []maps.Map{}
+	for _, provider := range dnsProvidersResp.DnsProviders {
+		dnsProviderMaps = append(dnsProviderMaps, maps.Map{
 			"id":       provider.Id,
 			"name":     provider.Name,
 			"typeName": provider.TypeName,
 		})
 	}
-	this.Data["providers"] = providerMaps
+	this.Data["dnsProviders"] = dnsProviderMaps

 	this.Show()
 }
--- a/internal/web/actions/default/servers/certs/acme/index.go
+++ b/internal/web/actions/default/servers/certs/acme/index.go
@@ -136,6 +136,26 @@ func (this *IndexAction) RunGet(params struct {
 		if task.AcmeUser == nil {
 			continue
 		}
+
+		// 服务商
+		var providerMap maps.Map
+		if task.AcmeUser.AcmeProvider != nil {
+			providerMap = maps.Map{
+				"name": task.AcmeUser.AcmeProvider.Name,
+				"code": task.AcmeUser.AcmeProvider.Code,
+			}
+		}
+
+		// 账号
+		var accountMap maps.Map
+		if task.AcmeUser.AcmeProviderAccount != nil {
+			accountMap = maps.Map{
+				"id":   task.AcmeUser.AcmeProviderAccount.Id,
+				"name": task.AcmeUser.AcmeProviderAccount.Name,
+			}
+		}
+
+		// DNS服务商
 		dnsProviderMap := maps.Map{}
 		if task.AuthType == "dns" && task.DnsProvider != nil {
 			dnsProviderMap = maps.Map{
@@ -170,8 +190,10 @@ func (this *IndexAction) RunGet(params struct {
 			"id":       task.Id,
 			"authType": task.AuthType,
 			"acmeUser": maps.Map{
-				"id":    task.AcmeUser.Id,
-				"email": task.AcmeUser.Email,
+				"id":       task.AcmeUser.Id,
+				"email":    task.AcmeUser.Email,
+				"provider": providerMap,
+				"account":  accountMap,
 			},
 			"dnsProvider": dnsProviderMap,
 			"dnsDomain":   task.DnsDomain,
--- a/internal/web/actions/default/servers/certs/acme/users/accountsWithCode.go
+++ b/internal/web/actions/default/servers/certs/acme/users/accountsWithCode.go
@@ -0,0 +1,33 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package users
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type AccountsWithCodeAction struct {
+	actionutils.ParentAction
+}
+
+func (this *AccountsWithCodeAction) RunPost(params struct {
+	Code string
+}) {
+	accountsResp, err := this.RPC().ACMEProviderAccountRPC().FindAllACMEProviderAccountsWithProviderCode(this.AdminContext(), &pb.FindAllACMEProviderAccountsWithProviderCodeRequest{AcmeProviderCode: params.Code})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var accountMaps = []maps.Map{}
+	for _, account := range accountsResp.AcmeProviderAccounts {
+		accountMaps = append(accountMaps, maps.Map{
+			"id":   account.Id,
+			"name": account.Name,
+		})
+	}
+	this.Data["accounts"] = accountMaps
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/certs/acme/users/createPopup.go
+++ b/internal/web/actions/default/servers/certs/acme/users/createPopup.go
@@ -16,12 +16,30 @@ func (this *CreatePopupAction) Init() {
 }

 func (this *CreatePopupAction) RunGet(params struct{}) {
+	// 服务商
+	providersResp, err := this.RPC().ACMEProviderRPC().FindAllACMEProviders(this.AdminContext(), &pb.FindAllACMEProvidersRequest{})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var providerMaps = []maps.Map{}
+	for _, provider := range providersResp.AcmeProviders {
+		providerMaps = append(providerMaps, maps.Map{
+			"code":       provider.Code,
+			"name":       provider.Name,
+			"requireEAB": provider.RequireEAB,
+		})
+	}
+	this.Data["providers"] = providerMaps
+
 	this.Show()
 }

 func (this *CreatePopupAction) RunPost(params struct {
-	Email       string
-	Description string
+	Email        string
+	ProviderCode string
+	AccountId    int64
+	Description  string

 	Must *actions.Must
 	CSRF *actionutils.CSRF
@@ -29,11 +47,29 @@ func (this *CreatePopupAction) RunPost(params struct {
 	params.Must.
 		Field("email", params.Email).
 		Require("请输入邮箱").
-		Email("请输入正确的邮箱格式")
+		Email("请输入正确的邮箱格式").
+		Field("providerCode", params.ProviderCode).
+		Require("请选择所属服务商")
+
+	providerResp, err := this.RPC().ACMEProviderRPC().FindACMEProviderWithCode(this.AdminContext(), &pb.FindACMEProviderWithCodeRequest{
+		AcmeProviderCode: params.ProviderCode,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if providerResp.AcmeProvider == nil {
+		this.Fail("找不到要选择的证书")
+	}
+	if providerResp.AcmeProvider.RequireEAB && params.AccountId <= 0 {
+		this.Fail("此服务商要求必须选择或创建服务商账号")
+	}

 	createResp, err := this.RPC().ACMEUserRPC().CreateACMEUser(this.AdminContext(), &pb.CreateACMEUserRequest{
-		Email:       params.Email,
-		Description: params.Description,
+		Email:                 params.Email,
+		Description:           params.Description,
+		AcmeProviderCode:      params.ProviderCode,
+		AcmeProviderAccountId: params.AccountId,
 	})
 	if err != nil {
 		this.ErrorPage(err)
@@ -42,9 +78,10 @@ func (this *CreatePopupAction) RunPost(params struct {

 	// 返回数据
 	this.Data["acmeUser"] = maps.Map{
-		"id":          createResp.AcmeUserId,
-		"description": params.Description,
-		"email":       params.Email,
+		"id":           createResp.AcmeUserId,
+		"description":  params.Description,
+		"email":        params.Email,
+		"providerCode": params.ProviderCode,
 	}

 	// 日志
--- a/internal/web/actions/default/servers/certs/acme/users/index.go
+++ b/internal/web/actions/default/servers/certs/acme/users/index.go
@@ -40,11 +40,31 @@ func (this *IndexAction) RunGet(params struct{}) {
 	}
 	userMaps := []maps.Map{}
 	for _, user := range usersResp.AcmeUsers {
+		// 服务商
+		var providerMap maps.Map
+		if user.AcmeProvider != nil {
+			providerMap = maps.Map{
+				"name": user.AcmeProvider.Name,
+				"code": user.AcmeProvider.Code,
+			}
+		}
+
+		// 账号
+		var accountMap maps.Map
+		if user.AcmeProviderAccount != nil {
+			accountMap = maps.Map{
+				"id":   user.AcmeProviderAccount.Id,
+				"name": user.AcmeProviderAccount.Name,
+			}
+		}
+
 		userMaps = append(userMaps, maps.Map{
 			"id":          user.Id,
 			"email":       user.Email,
 			"description": user.Description,
 			"createdTime": timeutil.FormatTime("Y-m-d H:i:s", user.CreatedAt),
+			"provider":    providerMap,
+			"account":     accountMap,
 		})
 	}
 	this.Data["users"] = userMaps
--- a/internal/web/actions/default/servers/certs/acme/users/updatePopup.go
+++ b/internal/web/actions/default/servers/certs/acme/users/updatePopup.go
@@ -29,10 +29,30 @@ func (this *UpdatePopupAction) RunGet(params struct {
 		return
 	}

+	// 服务商
+	var providerMap maps.Map
+	if user.AcmeProvider != nil {
+		providerMap = maps.Map{
+			"name": user.AcmeProvider.Name,
+			"code": user.AcmeProvider.Code,
+		}
+	}
+
+	// 账号
+	var accountMap maps.Map
+	if user.AcmeProviderAccount != nil {
+		accountMap = maps.Map{
+			"id":   user.AcmeProviderAccount.Id,
+			"name": user.AcmeProviderAccount.Name,
+		}
+	}
+
 	this.Data["user"] = maps.Map{
 		"id":          user.Id,
 		"email":       user.Email,
 		"description": user.Description,
+		"provider":    providerMap,
+		"account":     accountMap,
 	}

 	this.Show()
--- a/internal/web/actions/default/servers/certs/init.go
+++ b/internal/web/actions/default/servers/certs/init.go
@@ -3,6 +3,7 @@ package certs
 import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/certs/acme"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/certs/acme/accounts"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/certs/acme/users"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
 	"github.com/iwind/TeaGo"
@@ -13,9 +14,7 @@ func init() {
 		server.
 			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeServer)).
 			Helper(NewHelper()).
-
 			Data("teaSubMenu", "cert").
-
 			Prefix("/servers/certs").
 			Data("leftMenuItem", "cert").
 			Get("", new(IndexAction)).
@@ -31,7 +30,7 @@ func init() {
 			Get("/selectPopup", new(SelectPopupAction)).
 			Get("/datajs", new(DatajsAction)).

-			// ACME
+			// ACME任务
 			Prefix("/servers/certs/acme").
 			Data("leftMenuItem", "acme").
 			Get("", new(acme.IndexAction)).
@@ -40,13 +39,23 @@ func init() {
 			GetPost("/updateTaskPopup", new(acme.UpdateTaskPopupAction)).
 			Post("/deleteTask", new(acme.DeleteTaskAction)).

+			// ACME用户
 			Prefix("/servers/certs/acme/users").
 			Get("", new(users.IndexAction)).
 			GetPost("/createPopup", new(users.CreatePopupAction)).
 			GetPost("/updatePopup", new(users.UpdatePopupAction)).
 			Post("/delete", new(users.DeleteAction)).
 			GetPost("/selectPopup", new(users.SelectPopupAction)).
+			Post("/accountsWithCode", new(users.AccountsWithCodeAction)).

+			// ACME账号
+			Prefix("/servers/certs/acme/accounts").
+			Get("", new(accounts.IndexAction)).
+			GetPost("/createPopup", new(accounts.CreatePopupAction)).
+			GetPost("/updatePopup", new(accounts.UpdatePopupAction)).
+			Post("/delete", new(accounts.DeleteAction)).
+
+			//
 			EndAll()
 	})
 }