实现HTTPS配置

2025-12-25 19:56:35 +08:00 · 2020-10-01 16:01:04 +08:00
parent 10666cf56b
commit 7e83c656a9
13 changed files with 1129 additions and 3 deletions
--- a/internal/web/actions/default/servers/components/ssl/datajs.go
+++ b/internal/web/actions/default/servers/components/ssl/datajs.go
@@ -0,0 +1,60 @@
+package ssl
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
+)
+
+// 所有相关数据
+type DatajsAction struct {
+	actionutils.ParentAction
+}
+
+func (this *DatajsAction) Init() {
+}
+
+func (this *DatajsAction) RunGet(params struct{}) {
+	this.AddHeader("Content-Type", "text/javascript; charset=utf-8")
+
+	{
+		cipherSuitesJSON, err := json.Marshal(sslconfigs.AllTLSCipherSuites)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		this.WriteString("window.SSL_ALL_CIPHER_SUITES = " + string(cipherSuitesJSON) + ";\n")
+	}
+	{
+		modernCipherSuitesJSON, err := json.Marshal(sslconfigs.TLSModernCipherSuites)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		this.WriteString("window.SSL_MODERN_CIPHER_SUITES = " + string(modernCipherSuitesJSON) + ";\n")
+	}
+	{
+		intermediateCipherSuitesJSON, err := json.Marshal(sslconfigs.TLSIntermediateCipherSuites)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		this.WriteString("window.SSL_INTERMEDIATE_CIPHER_SUITES = " + string(intermediateCipherSuitesJSON) + ";\n")
+	}
+	{
+		sslVersionsJSON, err := json.Marshal(sslconfigs.AllTlsVersions)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		this.WriteString("window.SSL_ALL_VERSIONS = " + string(sslVersionsJSON) + ";\n")
+	}
+	{
+		clientAuthTypesJSON, err := json.Marshal(sslconfigs.AllSSLClientAuthTypes())
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		this.WriteString("window.SSL_ALL_CLIENT_AUTH_TYPES = " + string(clientAuthTypesJSON) + ";\n")
+	}
+}
--- a/internal/web/actions/default/servers/components/ssl/init.go
+++ b/internal/web/actions/default/servers/components/ssl/init.go
@@ -23,6 +23,8 @@ func init() {
 			Get("/downloadKey", new(DownloadKeyAction)).
 			Get("/downloadCert", new(DownloadCertAction)).
 			Get("/downloadZip", new(DownloadZipAction)).
+			Get("/selectPopup", new(SelectPopupAction)).
+			Get("/datajs", new(DatajsAction)).
 			EndAll()
 	})
 }
--- a/internal/web/actions/default/servers/components/ssl/selectPopup.go
+++ b/internal/web/actions/default/servers/components/ssl/selectPopup.go
@@ -0,0 +1,68 @@
+package ssl
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
+	"github.com/iwind/TeaGo/maps"
+	timeutil "github.com/iwind/TeaGo/utils/time"
+	"time"
+)
+
+// 选择证书
+type SelectPopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *SelectPopupAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *SelectPopupAction) RunGet(params struct{}) {
+	// TODO 支持关键词搜索
+	// TODO 列出常用的证书供用户选择
+
+	countResp, err := this.RPC().SSLCertRPC().CountSSLCerts(this.AdminContext(), &pb.CountSSLCertRequest{})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	page := this.NewPage(countResp.Count)
+	this.Data["page"] = page.AsHTML()
+
+	listResp, err := this.RPC().SSLCertRPC().ListSSLCerts(this.AdminContext(), &pb.ListSSLCertsRequest{
+		Offset: page.Offset,
+		Size:   page.Size,
+	})
+
+	certConfigs := []*sslconfigs.SSLCertConfig{}
+	err = json.Unmarshal(listResp.CertsJSON, &certConfigs)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["certs"] = certConfigs
+
+	certMaps := []maps.Map{}
+	nowTime := time.Now().Unix()
+	for _, certConfig := range certConfigs {
+		countServersResp, err := this.RPC().ServerRPC().CountServersWithSSLCertId(this.AdminContext(), &pb.CountServersWithSSLCertIdRequest{CertId: certConfig.Id})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+
+		certMaps = append(certMaps, maps.Map{
+			"beginDay":     timeutil.FormatTime("Y-m-d", certConfig.TimeBeginAt),
+			"endDay":       timeutil.FormatTime("Y-m-d", certConfig.TimeEndAt),
+			"isExpired":    nowTime > certConfig.TimeEndAt,
+			"isAvailable":  nowTime <= certConfig.TimeEndAt,
+			"countServers": countServersResp.Count,
+		})
+	}
+	this.Data["certInfos"] = certMaps
+
+	this.Show()
+}
--- a/internal/web/actions/default/servers/components/ssl/uploadPopup.go
+++ b/internal/web/actions/default/servers/components/ssl/uploadPopup.go
@@ -1,6 +1,7 @@
 package ssl

 import (
+	"encoding/json"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
@@ -73,7 +74,7 @@ func (this *UploadPopupAction) RunPost(params struct {
 	}

 	// 保存
-	_, err = this.RPC().SSLCertRPC().CreateSSLCert(this.AdminContext(), &pb.CreateSSLCertRequest{
+	createResp, err := this.RPC().SSLCertRPC().CreateSSLCert(this.AdminContext(), &pb.CreateSSLCertRequest{
 		IsOn:        params.IsOn,
 		Name:        params.Name,
 		Description: params.Description,
@@ -91,5 +92,26 @@ func (this *UploadPopupAction) RunPost(params struct {
 		return
 	}

+	// 查询已创建的证书并返回，方便调用者进行后续处理
+	certId := createResp.CertId
+	configResp, err := this.RPC().SSLCertRPC().FindEnabledSSLCertConfig(this.AdminContext(), &pb.FindEnabledSSLCertConfigRequest{CertId: certId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	certConfig := &sslconfigs.SSLCertConfig{}
+	err = json.Unmarshal(configResp.CertJSON, certConfig)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	certConfig.CertData = nil // 去掉不必要的数据
+	certConfig.KeyData = nil  // 去掉不必要的数据
+	this.Data["cert"] = certConfig
+	this.Data["certRef"] = &sslconfigs.SSLCertRef{
+		IsOn:   true,
+		CertId: certId,
+	}
+
 	this.Success()
 }