TRKJ/EdgeAdmin
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeAdmin.git synced 2025-11-03 04:10:27 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
1f39947a894e76f534798524429ba9167a2fa4bf
EdgeAdmin/internal/web/actions/default/servers/server/settings/https/index.go
GoEdgeLab 1f39947a89 优化代码
2023-08-08 14:17:16 +08:00

263 lines
6.7 KiB
Go
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

package https
import (
"context"
"encoding/json"
"errors"
"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/serverutils"
"github.com/TeaOSLab/EdgeCommon/pkg/langs/codes"
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
"github.com/iwind/TeaGo/actions"
"github.com/iwind/TeaGo/lists"
"github.com/iwind/TeaGo/maps"
"github.com/iwind/TeaGo/types"
"regexp"
)
type IndexAction struct {
actionutils.ParentAction
}
func (this *IndexAction) Init() {
this.Nav("", "setting", "index")
this.SecondMenu("https")
}
func (this *IndexAction) RunGet(params struct {
ServerId int64
}) {
server, _, isOk := serverutils.FindServer(this.Parent(), params.ServerId)
if !isOk {
return
}
var httpsConfig = &serverconfigs.HTTPSProtocolConfig{}
if len(server.HttpsJSON) > 0 {
err := json.Unmarshal(server.HttpsJSON, httpsConfig)
if err != nil {
this.ErrorPage(err)
return
}
} else {
httpsConfig.IsOn = true
}
_ = httpsConfig.Init(context.TODO())
var httpsPorts = httpsConfig.AllPorts()
// 检查http和https端口冲突
var conflictingPorts = []int{}
if len(server.HttpJSON) > 0 {
var httpConfig = &serverconfigs.HTTPProtocolConfig{}
err := json.Unmarshal(server.HttpJSON, httpConfig)
if err != nil {
this.ErrorPage(err)
return
}
_ = httpConfig.Init()
for _, port := range httpConfig.AllPorts() {
if lists.ContainsInt(httpsPorts, port) {
conflictingPorts = append(conflictingPorts, port)
}
}
}
this.Data["conflictingPorts"] = conflictingPorts
var sslPolicy *sslconfigs.SSLPolicy
if httpsConfig.SSLPolicyRef != nil && httpsConfig.SSLPolicyRef.SSLPolicyId > 0 {
sslPolicyConfigResp, err := this.RPC().SSLPolicyRPC().FindEnabledSSLPolicyConfig(this.AdminContext(), &pb.FindEnabledSSLPolicyConfigRequest{
SslPolicyId: httpsConfig.SSLPolicyRef.SSLPolicyId,
IgnoreData: true,
})
if err != nil {
this.ErrorPage(err)
return
}
var sslPolicyConfigJSON = sslPolicyConfigResp.SslPolicyJSON
if len(sslPolicyConfigJSON) > 0 {
sslPolicy = &sslconfigs.SSLPolicy{}
err = json.Unmarshal(sslPolicyConfigJSON, sslPolicy)
if err != nil {
this.ErrorPage(err)
return
}
}
}
// 当前集群是否支持HTTP/3
if server.NodeCluster == nil {
this.ErrorPage(errors.New("no node cluster for the server"))
return
}
supportsHTTP3, err := this.checkSupportsHTTP3(server.NodeCluster.Id)
if err != nil {
this.ErrorPage(err)
return
}
this.Data["serverType"] = server.Type
this.Data["httpsConfig"] = maps.Map{
"isOn": httpsConfig.IsOn,
"addresses": httpsConfig.Listen,
"sslPolicy": sslPolicy,
"supportsHTTP3": supportsHTTP3,
}
this.Show()
}
func (this *IndexAction) RunPost(params struct {
ServerId int64
IsOn bool
Addresses string
SslPolicyJSON []byte
Must *actions.Must
}) {
// 记录日志
defer this.CreateLogInfo(codes.ServerHTTPS_LogUpdateHTTPSSettings, params.ServerId)
var addresses = []*serverconfigs.NetworkAddressConfig{}
err := json.Unmarshal([]byte(params.Addresses), &addresses)
if err != nil {
this.Fail("端口地址解析失败:" + err.Error())
}
// 如果启用HTTPS时没有填写端口则默认为443
if params.IsOn && len(addresses) == 0 {
addresses = []*serverconfigs.NetworkAddressConfig{
{
Protocol: serverconfigs.ProtocolHTTPS,
PortRange: "443",
},
}
}
// 检查端口地址是否正确
for _, addr := range addresses {
err = addr.Init()
if err != nil {
this.Fail("绑定端口校验失败:" + err.Error())
}
if regexp.MustCompile(`^\d+$`).MatchString(addr.PortRange) {
port := types.Int(addr.PortRange)
if port > 65535 {
this.Fail("绑定的端口地址不能大于65535")
}
if port == 80 {
this.Fail("端口80通常是HTTP的端口不能用在HTTPS上")
}
}
}
// 校验SSL
var sslPolicyId = int64(0)
if params.SslPolicyJSON != nil {
sslPolicy := &sslconfigs.SSLPolicy{}
err = json.Unmarshal(params.SslPolicyJSON, sslPolicy)
if err != nil {
this.ErrorPage(errors.New("解析SSL配置时发生了错误" + err.Error()))
return
}
sslPolicyId = sslPolicy.Id
certsJSON, err := json.Marshal(sslPolicy.CertRefs)
if err != nil {
this.ErrorPage(err)
return
}
hstsJSON, err := json.Marshal(sslPolicy.HSTS)
if err != nil {
this.ErrorPage(err)
return
}
clientCACertsJSON, err := json.Marshal(sslPolicy.ClientCARefs)
if err != nil {
this.ErrorPage(err)
return
}
if sslPolicyId > 0 {
_, err := this.RPC().SSLPolicyRPC().UpdateSSLPolicy(this.AdminContext(), &pb.UpdateSSLPolicyRequest{
SslPolicyId: sslPolicyId,
Http2Enabled: sslPolicy.HTTP2Enabled,
Http3Enabled: sslPolicy.HTTP3Enabled,
MinVersion: sslPolicy.MinVersion,
SslCertsJSON: certsJSON,
HstsJSON: hstsJSON,
OcspIsOn: sslPolicy.OCSPIsOn,
ClientAuthType: types.Int32(sslPolicy.ClientAuthType),
ClientCACertsJSON: clientCACertsJSON,
CipherSuitesIsOn: sslPolicy.CipherSuitesIsOn,
CipherSuites: sslPolicy.CipherSuites,
})
if err != nil {
this.ErrorPage(err)
return
}
} else {
resp, err := this.RPC().SSLPolicyRPC().CreateSSLPolicy(this.AdminContext(), &pb.CreateSSLPolicyRequest{
Http2Enabled: sslPolicy.HTTP2Enabled,
Http3Enabled: sslPolicy.HTTP3Enabled,
MinVersion: sslPolicy.MinVersion,
SslCertsJSON: certsJSON,
HstsJSON: hstsJSON,
OcspIsOn: sslPolicy.OCSPIsOn,
ClientAuthType: types.Int32(sslPolicy.ClientAuthType),
ClientCACertsJSON: clientCACertsJSON,
CipherSuitesIsOn: sslPolicy.CipherSuitesIsOn,
CipherSuites: sslPolicy.CipherSuites,
})
if err != nil {
this.ErrorPage(err)
return
}
sslPolicyId = resp.SslPolicyId
}
}
server, _, isOk := serverutils.FindServer(this.Parent(), params.ServerId)
if !isOk {
return
}
var httpsConfig = &serverconfigs.HTTPSProtocolConfig{}
if len(server.HttpsJSON) > 0 {
err = json.Unmarshal(server.HttpsJSON, httpsConfig)
if err != nil {
this.ErrorPage(err)
return
}
}
httpsConfig.SSLPolicy = nil
httpsConfig.SSLPolicyRef = &sslconfigs.SSLPolicyRef{
IsOn: true,
SSLPolicyId: sslPolicyId,
}
httpsConfig.IsOn = params.IsOn
httpsConfig.Listen = addresses
configData, err := json.Marshal(httpsConfig)
if err != nil {
this.ErrorPage(err)
return
}
_, err = this.RPC().ServerRPC().UpdateServerHTTPS(this.AdminContext(), &pb.UpdateServerHTTPSRequest{
ServerId: params.ServerId,
HttpsJSON: configData,
})
if err != nil {
this.ErrorPage(err)
return
}
this.Success()
}
Reference in New Issue View Git Blame Copy Permalink