TRKJ/EdgeAdmin
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeAdmin.git synced 2025-11-04 05:00:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

[SSL证书]免费证书申请增加HTTP认证方式

Browse Source
This commit is contained in:
刘祥超
2020-12-03 18:19:09 +08:00
parent 94ca1f1fe1
commit 5c8b7c6cf6
9 changed files with 107 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
internal/const/const.go
View File

@@ -1,7 +1,7 @@
package teaconst
const (
Version = "0.0.4"
Version = "0.0.5"
ProductName = "Edge Admin"
ProcessName = "edge-admin"

36
internal/web/actions/default/servers/certs/acme/create.go
View File

@@ -66,6 +66,7 @@ func (this *CreateAction) RunGet(params struct{}) {
func (this *CreateAction) RunPost(params struct {
TaskId int64
AuthType string
AcmeUserId int64
DnsProviderId int64
DnsDomain string
@@ -74,18 +75,26 @@ func (this *CreateAction) RunPost(params struct {
Must *actions.Must
}) {
if params.AuthType != "dns" && params.AuthType != "http" {
this.Fail("无法识别的认证方式'" + params.AuthType + "'")
}
if params.AcmeUserId <= 0 {
this.Fail("请选择一个申请证书的用户")
}
if params.DnsProviderId <= 0 {
this.Fail("请选择DNS服务商")
}
if len(params.DnsDomain) == 0 {
this.Fail("请输入顶级域名")
}
// 校验DNS相关信息
dnsDomain := strings.ToLower(params.DnsDomain)
if !domainutils.ValidateDomainFormat(dnsDomain) {
this.Fail("请输入正确的顶级域名")
if params.AuthType == "dns" {
if params.DnsProviderId <= 0 {
this.Fail("请选择DNS服务商")
}
if len(params.DnsDomain) == 0 {
this.Fail("请输入顶级域名")
}
if !domainutils.ValidateDomainFormat(dnsDomain) {
this.Fail("请输入正确的顶级域名")
}
}
if len(params.Domains) == 0 {
@@ -94,14 +103,21 @@ func (this *CreateAction) RunPost(params struct {
realDomains := []string{}
for _, domain := range params.Domains {
domain = strings.ToLower(domain)
if !strings.HasSuffix(domain, "."+dnsDomain) && domain != dnsDomain {
this.Fail("证书域名中的" + domain + "和顶级域名不一致")
if params.AuthType == "dns" { // DNS认证
if !strings.HasSuffix(domain, "."+dnsDomain) && domain != dnsDomain {
this.Fail("证书域名中的" + domain + "和顶级域名不一致")
}
} else if params.AuthType == "http" { // HTTP认证
if strings.Contains(domain, "*") {
this.Fail("在HTTP认证时域名" + domain + "不能包含通配符")
}
}
realDomains = append(realDomains, domain)
}
if params.TaskId == 0 {
createResp, err := this.RPC().ACMETaskRPC().CreateACMETask(this.AdminContext(), &pb.CreateACMETaskRequest{
AuthType: params.AuthType,
AcmeUserId: params.AcmeUserId,
DnsProviderId: params.DnsProviderId,
DnsDomain: dnsDomain,

27
internal/web/actions/default/servers/certs/acme/index.go
View File

@@ -42,9 +42,16 @@ func (this *IndexAction) RunGet(params struct{}) {
taskMaps := []maps.Map{}
for _, task := range tasksResp.AcmeTasks {
if task.AcmeUser == nil || task.DnsProvider == nil {
if task.AcmeUser == nil {
continue
}
dnsProviderMap := maps.Map{}
if task.AuthType == "dns" && task.DnsProvider != nil {
dnsProviderMap = maps.Map{
"id": task.DnsProvider.Id,
"name": task.DnsProvider.Name,
}
}
// 证书
var certMap maps.Map = nil
@@ -69,20 +76,18 @@ func (this *IndexAction) RunGet(params struct{}) {
}
taskMaps = append(taskMaps, maps.Map{
"id": task.Id,
"id": task.Id,
"authType": task.AuthType,
"acmeUser": maps.Map{
"id": task.AcmeUser.Id,
"email": task.AcmeUser.Email,
},
"dnsProvider": maps.Map{
"id": task.DnsProvider.Id,
"name": task.DnsProvider.Name,
},
"dnsDomain": task.DnsDomain,
"domains": task.Domains,
"autoRenew": task.AutoRenew,
"cert": certMap,
"log": logMap,
"dnsProvider": dnsProviderMap,
"dnsDomain": task.DnsDomain,
"domains": task.Domains,
"autoRenew": task.AutoRenew,
"cert": certMap,
"log": logMap,
})
}
this.Data["tasks"] = taskMaps

50
internal/web/actions/default/servers/certs/acme/updateTaskPopup.go
View File

@@ -54,14 +54,14 @@ func (this *UpdateTaskPopupAction) RunGet(params struct {
}
this.Data["task"] = maps.Map{
"id": task.Id,
"acmeUser": acmeUserMap,
"dnsProviderId": task.DnsProvider.Id,
"dnsDomain": task.DnsDomain,
"domains": task.Domains,
"autoRenew": task.AutoRenew,
"isOn": task.IsOn,
"dnsProvider": dnsProviderMap,
"id": task.Id,
"authType": task.AuthType,
"acmeUser": acmeUserMap,
"dnsDomain": task.DnsDomain,
"domains": task.Domains,
"autoRenew": task.AutoRenew,
"isOn": task.IsOn,
"dnsProvider": dnsProviderMap,
}
// 域名解析服务商
@@ -88,6 +88,7 @@ func (this *UpdateTaskPopupAction) RunGet(params struct {
func (this *UpdateTaskPopupAction) RunPost(params struct {
TaskId int64
AuthType string
AcmeUserId int64
DnsProviderId int64
DnsDomain string
@@ -99,18 +100,25 @@ func (this *UpdateTaskPopupAction) RunPost(params struct {
}) {
defer this.CreateLogInfo("修改证书申请任务 %d", params.TaskId)
if params.AuthType != "dns" && params.AuthType != "http" {
this.Fail("无法识别的认证方式'" + params.AuthType + "'")
}
if params.AcmeUserId <= 0 {
this.Fail("请选择一个申请证书的用户")
}
if params.DnsProviderId <= 0 {
this.Fail("请选择DNS服务商")
}
if len(params.DnsDomain) == 0 {
this.Fail("请输入顶级域名")
}
dnsDomain := strings.ToLower(params.DnsDomain)
if !domainutils.ValidateDomainFormat(dnsDomain) {
this.Fail("请输入正确的顶级域名")
if params.AuthType == "dns" {
if params.DnsProviderId <= 0 {
this.Fail("请选择DNS服务商")
}
if len(params.DnsDomain) == 0 {
this.Fail("请输入顶级域名")
}
if !domainutils.ValidateDomainFormat(dnsDomain) {
this.Fail("请输入正确的顶级域名")
}
}
if len(params.Domains) == 0 {
@@ -119,8 +127,14 @@ func (this *UpdateTaskPopupAction) RunPost(params struct {
realDomains := []string{}
for _, domain := range params.Domains {
domain = strings.ToLower(domain)
if !strings.HasSuffix(domain, "."+dnsDomain) && domain != dnsDomain {
this.Fail("证书域名中的" + domain + "和顶级域名不一致")
if params.AuthType == "dns" {
if !strings.HasSuffix(domain, "."+dnsDomain) && domain != dnsDomain {
this.Fail("证书域名中的" + domain + "和顶级域名不一致")
}
} else if params.AuthType == "http" { // HTTP认证
if strings.Contains(domain, "*") {
this.Fail("在HTTP认证时域名" + domain + "不能包含通配符")
}
}
realDomains = append(realDomains, domain)
}

7
internal/web/helpers/utils.go
View File

@@ -52,7 +52,12 @@ func checkIPWithoutCache(config *systemconfigs.SecurityConfig, ipAddr string) bo
}
// 本地IP
ip := net.ParseIP(ipAddr).To4()
ipObj := net.ParseIP(ipAddr)
if ipObj == nil {
logs.Println("[USER_MUST_AUTH]invalid client address: " + ipAddr)
return false
}
ip := ipObj.To4()
if ip == nil {
logs.Println("[USER_MUST_AUTH]invalid client address: " + ipAddr)
return false

21
web/views/@default/servers/certs/acme/create.html
View File

@@ -9,13 +9,13 @@
<form class="ui form">
<div class="ui steps fluid small">
<div class="ui step" :class="{active:step == 'prepare'}">
准备工作
选择申请方式
</div>
<div class="ui step" :class="{active:step == 'user'}">
选择用户
</div>
<div class="ui step" :class="{active:step == 'dns'}">
设置域名解析
填写域名信息
</div>
<div class="ui step" :class="{active:step == 'finish'}">
完成
@@ -24,9 +24,14 @@
<!-- 准备工作 -->
<div v-show="step == 'prepare'">
<div>此流程用于免费申请一个新的证书。</div>
<div class="margin"></div>
<div>
<div style="margin-bottom: 1em">
<radio name="authType" :v-value="'http'" v-model="authType">使用HTTP认证</radio> &nbsp;
<radio name="authType" :v-value="'dns'" v-model="authType">使用DNS认证</radio>
</div>
<div v-if="authType == 'http'">
使用HTTP的方式请求网址<code-label>/.well-known/acme-challenge/令牌</code-label>校验,该方式要求需要实现将域名解析到集群上,之后系统会自动生成网址信息。
</div>
<div v-if="authType == 'dns'">
我们在申请免费证书的过程中需要自动增加或修改相关域名的TXT记录请先确保你已经在"域名解析" -- <a href="/dns/providers" target="_blank">"DNS服务商"</a> 中已经添加了对应的DNS服务商账号。
</div>
@@ -69,7 +74,7 @@
<!-- 设置域名解析 -->
<div v-show="step == 'dns'">
<table class="ui table definition selectable">
<tr>
<tr v-show="authType == 'dns'">
<td class="title">选择DNS服务商 *</td>
<td>
<div v-if="providers.length > 0">
@@ -81,7 +86,7 @@
<p class="comment">用于自动创建域名解析记录。</p>
</td>
</tr>
<tr>
<tr v-show="authType == 'dns'">
<td>顶级域名 *</td>
<td>
<input type="text" maxlength="100" v-model="dnsDomain"/>
@@ -92,7 +97,7 @@
<td>证书域名列表 *</td>
<td>
<values-box name="" placeholder="域名" size="30" @change="changeDomains"></values-box>
<p class="comment">需要申请的证书中包含的域名列表,所有域名必须是同一个顶级域名</p>
<p class="comment">需要申请的证书中包含的域名列表<span v-if="authType == 'dns'">,所有域名必须是同一个顶级域名</span><span v-if="authType == 'http'">使用HTTP认证方式时域名中不能含有通配符</span></p>
</td>
</tr>
<tr>

3
web/views/@default/servers/certs/acme/create.js
View File

@@ -4,6 +4,8 @@ Tea.context(function () {
/**
* 准备工作
*/
this.authType = "http"
this.doPrepare = function () {
this.step = "user"
}
@@ -70,6 +72,7 @@ Tea.context(function () {
this.$post("$")
.params({
authType: this.authType,
acmeUserId: this.userId,
dnsProviderId: this.dnsProviderId,
dnsDomain: this.dnsDomain,

7
web/views/@default/servers/certs/acme/index.html
View File

@@ -21,7 +21,12 @@
</tr>
</thead>
<tr v-for="(task, index) in tasks" :class="{warning: runningIndex == index}">
<td>{{task.acmeUser.email}}</td>
<td>{{task.acmeUser.email}}
<div style="margin-top: 1em">
<tiny-basic-label class="olive" v-if="task.authType == 'dns'">DNS</tiny-basic-label>
<tiny-basic-label class="olive" v-if="task.authType == 'http'">HTTP</tiny-basic-label>
</div>
</td>
<td nowrap="">
<div v-for="domain in task.domains">
<span class="ui label small basic">{{domain}}</span>

7
web/views/@default/servers/certs/acme/updateTaskPopup.html
View File

@@ -5,9 +5,10 @@
<csrf-token></csrf-token>
<input type="hidden" name="taskId" :value="task.id"/>
<input type="hidden" name="acmeUserId" :value="task.acmeUser.id"/>
<input type="hidden" name="authType" :value="task.authType"/>
<table class="ui table definition selectable">
<tr>
<tr v-if="task.authType == 'dns'">
<td class="title">选择DNS服务商 *</td>
<td>
<div v-if="providers.length > 0">
@@ -19,7 +20,7 @@
<p class="comment">用于自动创建域名解析记录。</p>
</td>
</tr>
<tr>
<tr v-if="task.authType == 'dns'">
<td>顶级域名 *</td>
<td>
<input type="text" maxlength="100" name="dnsDomain" v-model="task.dnsDomain"/>
@@ -30,7 +31,7 @@
<td>证书域名列表 *</td>
<td>
<values-box name="domains" :values="task.domains" placeholder="域名" size="30"></values-box>
<p class="comment">需要申请的证书中包含的域名列表,所有域名必须是同一个顶级域名</p>
<p class="comment">需要申请的证书中包含的域名列表<span v-if="task.authType == 'dns'">,所有域名必须是同一个顶级域名</span><span v-if="task.authType == 'http'">使用HTTP认证方式时域名中不能含有通配符</span></p>
</td>
</tr>
<tr>