增加证书OCSP错误日志管理

2025-11-04 05:00:25 +08:00 · 2022-03-11 20:27:45 +08:00
parent 24e5f52b60
commit 373600efd3
11 changed files with 353 additions and 24 deletions
--- a/internal/web/actions/default/servers/certs/certPopup.go
+++ b/internal/web/actions/default/servers/certs/certPopup.go
@@ -26,14 +26,14 @@ func (this *CertPopupAction) RunGet(params struct {
 		return
 	}

-	certConfig := &sslconfigs.SSLCertConfig{}
+	var certConfig = &sslconfigs.SSLCertConfig{}
 	err = json.Unmarshal(certResp.SslCertJSON, certConfig)
 	if err != nil {
 		this.ErrorPage(err)
 		return
 	}

-	reverseCommonNames := []string{}
+	var reverseCommonNames = []string{}
 	for i := len(certConfig.CommonNames) - 1; i >= 0; i-- {
 		reverseCommonNames = append(reverseCommonNames, certConfig.CommonNames[i])
 	}
@@ -62,7 +62,7 @@ func (this *CertPopupAction) RunGet(params struct {
 		this.ErrorPage(err)
 		return
 	}
-	serverMaps := []maps.Map{}
+	var serverMaps = []maps.Map{}
 	for _, server := range serversResp.Servers {
 		serverMaps = append(serverMaps, maps.Map{
 			"id":   server.Id,
--- a/internal/web/actions/default/servers/certs/helper.go
+++ b/internal/web/actions/default/servers/certs/helper.go
@@ -1,8 +1,11 @@
 package certs

 import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/maps"
+	"github.com/iwind/TeaGo/types"
 	"net/http"
 )

@@ -13,14 +16,29 @@ func NewHelper() *Helper {
 	return &Helper{}
 }

-func (this *Helper) BeforeAction(action *actions.ActionObject) {
+func (this *Helper) BeforeAction(actionWrapper actions.ActionWrapper) {
+	var action = actionWrapper.Object()
 	if action.Request.Method != http.MethodGet {
 		return
 	}

 	action.Data["teaMenu"] = "servers"

-	action.Data["leftMenuItems"] = []maps.Map{
+	var countOCSP int64 = 0
+	parentAction, ok := actionWrapper.(actionutils.ActionInterface)
+	if ok {
+		countOCSPResp, err := parentAction.RPC().SSLCertRPC().CountAllSSLCertsWithOCSPError(parentAction.AdminContext(), &pb.CountAllSSLCertsWithOCSPErrorRequest{})
+		if err == nil {
+			countOCSP = countOCSPResp.Count
+		}
+	}
+
+	var ocspMenuName = "OCSP日志"
+	if countOCSP > 0 {
+		ocspMenuName += "(" + types.String(countOCSP) + ")"
+	}
+
+	var menu = []maps.Map{
 		{
 			"name":     "证书",
 			"url":      "/servers/certs",
@@ -31,5 +49,11 @@ func (this *Helper) BeforeAction(action *actions.ActionObject) {
 			"url":      "/servers/certs/acme",
 			"isActive": action.Data.GetString("leftMenuItem") == "acme",
 		},
+		{
+			"name":     ocspMenuName,
+			"url":      "/servers/certs/ocsp",
+			"isActive": action.Data.GetString("leftMenuItem") == "ocsp",
+		},
 	}
+	action.Data["leftMenuItems"] = menu
 }
--- a/internal/web/actions/default/servers/certs/index.go
+++ b/internal/web/actions/default/servers/certs/index.go
@@ -25,12 +25,12 @@ func (this *IndexAction) RunGet(params struct {
 	this.Data["type"] = params.Type
 	this.Data["keyword"] = params.Keyword

-	countAll := int64(0)
-	countCA := int64(0)
-	countAvailable := int64(0)
-	countExpired := int64(0)
-	count7Days := int64(0)
-	count30Days := int64(0)
+	var countAll = int64(0)
+	var countCA = int64(0)
+	var countAvailable = int64(0)
+	var countExpired = int64(0)
+	var count7Days = int64(0)
+	var count30Days = int64(0)

 	// 计算数量
 	{
@@ -147,7 +147,7 @@ func (this *IndexAction) RunGet(params struct {
 		return
 	}

-	certConfigs := []*sslconfigs.SSLCertConfig{}
+	var certConfigs = []*sslconfigs.SSLCertConfig{}
 	err = json.Unmarshal(listResp.SslCertsJSON, &certConfigs)
 	if err != nil {
 		this.ErrorPage(err)
@@ -155,8 +155,8 @@ func (this *IndexAction) RunGet(params struct {
 	}
 	this.Data["certs"] = certConfigs

-	certMaps := []maps.Map{}
-	nowTime := time.Now().Unix()
+	var certMaps = []maps.Map{}
+	var nowTime = time.Now().Unix()
 	for _, certConfig := range certConfigs {
 		countServersResp, err := this.RPC().ServerRPC().CountAllEnabledServersWithSSLCertId(this.AdminContext(), &pb.CountAllEnabledServersWithSSLCertIdRequest{SslCertId: certConfig.Id})
 		if err != nil {
--- a/internal/web/actions/default/servers/certs/init.go
+++ b/internal/web/actions/default/servers/certs/init.go
@@ -5,6 +5,7 @@ import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/certs/acme"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/certs/acme/accounts"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/certs/acme/users"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/certs/ocsp"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
 	"github.com/iwind/TeaGo"
 )
@@ -55,6 +56,14 @@ func init() {
 			GetPost("/updatePopup", new(accounts.UpdatePopupAction)).
 			Post("/delete", new(accounts.DeleteAction)).

+			// OCSP
+			Prefix("/servers/certs/ocsp").
+			Data("leftMenuItem", "ocsp").
+			Get("", new(ocsp.IndexAction)).
+			Post("/reset", new(ocsp.ResetAction)).
+			Post("/resetAll", new(ocsp.ResetAllAction)).
+			Post("/ignore", new(ocsp.IgnoreAction)).
+
 			//
 			EndAll()
 	})
--- a/internal/web/actions/default/servers/certs/ocsp/ignore.go
+++ b/internal/web/actions/default/servers/certs/ocsp/ignore.go
@@ -0,0 +1,26 @@
+// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package ocsp
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+)
+
+type IgnoreAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IgnoreAction) RunPost(params struct {
+	CertIds []int64
+}) {
+	defer this.CreateLogInfo("忽略一组证书的OCSP状态")
+
+	_, err := this.RPC().SSLCertRPC().IgnoreSSLCertsWithOCSPError(this.AdminContext(), &pb.IgnoreSSLCertsWithOCSPErrorRequest{SslCertIds: params.CertIds})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/certs/ocsp/index.go
+++ b/internal/web/actions/default/servers/certs/ocsp/index.go
@@ -0,0 +1,65 @@
+// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package ocsp
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/maps"
+	timeutil "github.com/iwind/TeaGo/utils/time"
+	"time"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.SecondMenu("ocsp")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	Keyword string
+}) {
+	this.Data["keyword"] = params.Keyword
+
+	countResp, err := this.RPC().SSLCertRPC().CountAllSSLCertsWithOCSPError(this.AdminContext(), &pb.CountAllSSLCertsWithOCSPErrorRequest{Keyword: params.Keyword})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var count = countResp.Count
+	var page = this.NewPage(count)
+	this.Data["page"] = page.AsHTML()
+
+	certsResp, err := this.RPC().SSLCertRPC().ListSSLCertsWithOCSPError(this.AdminContext(), &pb.ListSSLCertsWithOCSPErrorRequest{
+		Keyword: params.Keyword,
+		Offset:  page.Offset,
+		Size:    page.Size,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var certMaps = []maps.Map{}
+	for _, cert := range certsResp.SslCerts {
+		certMaps = append(certMaps, maps.Map{
+			"id":            cert.Id,
+			"isOn":          cert.IsOn,
+			"dnsNames":      cert.DnsNames,
+			"commonNames":   cert.CommonNames,
+			"hasOCSP":       len(cert.Ocsp) > 0,
+			"ocspIsUpdated": cert.OcspIsUpdated,
+			"ocspError":     cert.OcspError,
+			"isCA":          cert.IsCA,
+			"isACME":        cert.IsACME,
+			"name":          cert.Name,
+			"isExpired":     cert.TimeEndAt < time.Now().Unix(),
+			"beginDay":      timeutil.FormatTime("Y-m-d", cert.TimeBeginAt),
+			"endDay":        timeutil.FormatTime("Y-m-d", cert.TimeEndAt),
+		})
+	}
+	this.Data["certs"] = certMaps
+
+	this.Show()
+}
--- a/internal/web/actions/default/servers/certs/ocsp/reset.go
+++ b/internal/web/actions/default/servers/certs/ocsp/reset.go
@@ -0,0 +1,26 @@
+// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package ocsp
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+)
+
+type ResetAction struct {
+	actionutils.ParentAction
+}
+
+func (this *ResetAction) RunPost(params struct {
+	CertIds []int64
+}) {
+	defer this.CreateLogInfo("重置一组证书的OCSP状态")
+
+	_, err := this.RPC().SSLCertRPC().ResetSSLCertsWithOCSPError(this.AdminContext(), &pb.ResetSSLCertsWithOCSPErrorRequest{SslCertIds: params.CertIds})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/certs/ocsp/resetAll.go
+++ b/internal/web/actions/default/servers/certs/ocsp/resetAll.go
@@ -0,0 +1,24 @@
+// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package ocsp
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+)
+
+type ResetAllAction struct {
+	actionutils.ParentAction
+}
+
+func (this *ResetAllAction) RunPost(params struct{}) {
+	defer this.CreateLogInfo("忽略所有证书的OCSP状态")
+
+	_, err := this.RPC().SSLCertRPC().ResetAllSSLCertsWithOCSPError(this.AdminContext(), &pb.ResetAllSSLCertsWithOCSPErrorRequest{})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}