实现HTTPS配置

internal/web/actions/default/servers/server/settings/https/index.go

@@ -2,12 +2,15 @@ package https
 
 import (
 	"encoding/json"
+	"errors"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/serverutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/maps"
+	"github.com/iwind/TeaGo/types"
 )
 
 type IndexAction struct {
@@ -37,10 +40,29 @@ func (this *IndexAction) RunGet(params struct {
 		httpsConfig.IsOn = true
 	}
 
+	var sslPolicy *sslconfigs.SSLPolicy
+	if httpsConfig.SSLPolicyRef != nil && httpsConfig.SSLPolicyRef.SSLPolicyId > 0 {
+		sslPolicyConfigResp, err := this.RPC().SSLPolicyRPC().FindEnabledSSLPolicyConfig(this.AdminContext(), &pb.FindEnabledSSLPolicyConfigRequest{SslPolicyId: httpsConfig.SSLPolicyRef.SSLPolicyId})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		sslPolicyConfigJSON := sslPolicyConfigResp.SslPolicyJSON
+		if len(sslPolicyConfigJSON) > 0 {
+			sslPolicy = &sslconfigs.SSLPolicy{}
+			err = json.Unmarshal(sslPolicyConfigJSON, sslPolicy)
+			if err != nil {
+				this.ErrorPage(err)
+				return
+			}
+		}
+	}
+
 	this.Data["serverType"] = server.Type
 	this.Data["httpsConfig"] = maps.Map{
 		"isOn":      httpsConfig.IsOn,
 		"addresses": httpsConfig.Listen,
+		"sslPolicy": sslPolicy,
 	}
 
 	this.Show()
@@ -51,6 +73,8 @@ func (this *IndexAction) RunPost(params struct {
 	IsOn      bool
 	Addresses string
 
+	SslPolicyJSON []byte
+
 	Must *actions.Must
 }) {
 	addresses := []*serverconfigs.NetworkAddressConfig{}
@@ -59,6 +83,73 @@ func (this *IndexAction) RunPost(params struct {
 		this.Fail("端口地址解析失败：" + err.Error())
 	}
 
+	// TODO 校验addresses
+
+	// 校验SSL
+	var sslPolicyId = int64(0)
+	if params.SslPolicyJSON != nil {
+		sslPolicy := &sslconfigs.SSLPolicy{}
+		err = json.Unmarshal(params.SslPolicyJSON, sslPolicy)
+		if err != nil {
+			this.ErrorPage(errors.New("解析SSL配置时发生了错误：" + err.Error()))
+			return
+		}
+
+		sslPolicyId = sslPolicy.Id
+
+		certsJSON, err := json.Marshal(sslPolicy.CertRefs)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+
+		hstsJSON, err := json.Marshal(sslPolicy.HSTS)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+
+		clientCACertsJSON, err := json.Marshal(sslPolicy.ClientCARefs)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+
+		if sslPolicyId > 0 {
+			_, err := this.RPC().SSLPolicyRPC().UpdateSSLPolicy(this.AdminContext(), &pb.UpdateSSLPolicyRequest{
+				SslPolicyId:       sslPolicyId,
+				Http2Enabled:      sslPolicy.HTTP2Enabled,
+				MinVersion:        sslPolicy.MinVersion,
+				CertsJSON:         certsJSON,
+				HstsJSON:          hstsJSON,
+				ClientAuthType:    types.Int32(sslPolicy.ClientAuthType),
+				ClientCACertsJSON: clientCACertsJSON,
+				CipherSuitesIsOn:  sslPolicy.CipherSuitesIsOn,
+				CipherSuites:      sslPolicy.CipherSuites,
+			})
+			if err != nil {
+				this.ErrorPage(err)
+				return
+			}
+		} else {
+			resp, err := this.RPC().SSLPolicyRPC().CreateSSLPolicy(this.AdminContext(), &pb.CreateSSLPolicyRequest{
+				Http2Enabled:      sslPolicy.HTTP2Enabled,
+				MinVersion:        sslPolicy.MinVersion,
+				CertsJSON:         certsJSON,
+				HstsJSON:          hstsJSON,
+				ClientAuthType:    types.Int32(sslPolicy.ClientAuthType),
+				ClientCACertsJSON: clientCACertsJSON,
+				CipherSuitesIsOn:  sslPolicy.CipherSuitesIsOn,
+				CipherSuites:      sslPolicy.CipherSuites,
+			})
+			if err != nil {
+				this.ErrorPage(err)
+				return
+			}
+			sslPolicyId = resp.SslPolicyId
+		}
+	}
+
 	server, _, isOk := serverutils.FindServer(this.Parent(), params.ServerId)
 	if !isOk {
 		return
@@ -72,6 +163,10 @@ func (this *IndexAction) RunPost(params struct {
 		}
 	}
 
+	httpsConfig.SSLPolicyRef = &sslconfigs.SSLPolicyRef{
+		IsOn:        true,
+		SSLPolicyId: sslPolicyId,
+	}
 	httpsConfig.IsOn = params.IsOn
 	httpsConfig.Listen = addresses
 	configData, err := json.Marshal(httpsConfig)