ACME证书增加ZeroSSL支持
This commit is contained in:
8
internal/acme/account.go
Normal file
8
internal/acme/account.go
Normal file
@@ -0,0 +1,8 @@
|
||||
// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
|
||||
|
||||
package acme
|
||||
|
||||
type Account struct {
|
||||
EABKid string
|
||||
EABKey string
|
||||
}
|
||||
@@ -63,6 +63,7 @@ func TestGenerate(t *testing.T) {
|
||||
}
|
||||
|
||||
config := lego.NewConfig(myUser)
|
||||
config.CADirURL = "https://acme.zerossl.com/v2/DV90"
|
||||
config.Certificate.KeyType = certcrypto.RSA2048
|
||||
|
||||
client, err := lego.NewClient(config)
|
||||
@@ -91,3 +92,53 @@ func TestGenerate(t *testing.T) {
|
||||
}
|
||||
t.Log(certificates)
|
||||
}
|
||||
|
||||
func TestGenerate_EAB(t *testing.T) {
|
||||
acmelog.Logger = log.New(ioutil.Discard, "", log.LstdFlags)
|
||||
|
||||
// 生成私钥
|
||||
privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
myUser := &MyUser{
|
||||
Email: "test1@teaos.cn",
|
||||
key: privateKey,
|
||||
}
|
||||
|
||||
config := lego.NewConfig(myUser)
|
||||
config.CADirURL = "https://acme.zerossl.com/v2/DV90"
|
||||
config.Certificate.KeyType = certcrypto.RSA2048
|
||||
|
||||
client, err := lego.NewClient(config)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
err = client.Challenge.SetDNS01Provider(&MyProvider{t: t})
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
// New users will need to register
|
||||
var reg *registration.Resource
|
||||
if client.GetExternalAccountRequired() {
|
||||
reg, err = client.Registration.RegisterWithExternalAccountBinding(registration.RegisterEABOptions{
|
||||
TermsOfServiceAgreed: true,
|
||||
Kid: "KID",
|
||||
HmacEncoded: "HAMC KEY",
|
||||
})
|
||||
} else {
|
||||
reg, err = client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
|
||||
}
|
||||
myUser.Registration = reg
|
||||
|
||||
request := certificate.ObtainRequest{
|
||||
Domains: []string{"teaos.cn"},
|
||||
Bundle: true,
|
||||
}
|
||||
certificates, err := client.Certificate.Obtain(request)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
t.Log(certificates)
|
||||
}
|
||||
|
||||
43
internal/acme/providers.go
Normal file
43
internal/acme/providers.go
Normal file
@@ -0,0 +1,43 @@
|
||||
// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
|
||||
|
||||
package acme
|
||||
|
||||
const DefaultProviderCode = "letsencrypt"
|
||||
|
||||
type Provider struct {
|
||||
Name string `json:"name"`
|
||||
Code string `json:"code"`
|
||||
Description string `json:"description"`
|
||||
APIURL string `json:"apiURL"`
|
||||
RequireEAB bool `json:"requireEAB"`
|
||||
EABDescription string `json:"eabDescription"`
|
||||
}
|
||||
|
||||
func FindAllProviders() []*Provider {
|
||||
return []*Provider{
|
||||
{
|
||||
Name: "Let's Encrypt",
|
||||
Code: DefaultProviderCode,
|
||||
Description: "非盈利组织Let's Encrypt提供的免费证书。",
|
||||
APIURL: "https://acme-v02.api.letsencrypt.org/directory",
|
||||
RequireEAB: false,
|
||||
},
|
||||
{
|
||||
Name: "ZeroSSL",
|
||||
Code: "zerossl",
|
||||
Description: "相关文档 <a href=\"https://zerossl.com/documentation/acme/\" target=\"_blank\">https://zerossl.com/documentation/acme/</a>。",
|
||||
APIURL: "https://acme.zerossl.com/v2/DV90",
|
||||
RequireEAB: true,
|
||||
EABDescription: "在官网<a href=\"https://app.zerossl.com/developer\" target=\"_blank\">[Developer]</a>页面底部点击\"Generate\"按钮生成。",
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func FindProviderWithCode(code string) *Provider {
|
||||
for _, provider := range FindAllProviders() {
|
||||
if provider.Code == code {
|
||||
return provider
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
@@ -1,6 +1,7 @@
|
||||
package acme
|
||||
|
||||
import (
|
||||
teaconst "github.com/TeaOSLab/EdgeAPI/internal/const"
|
||||
"github.com/TeaOSLab/EdgeAPI/internal/errors"
|
||||
"github.com/go-acme/lego/v4/certcrypto"
|
||||
"github.com/go-acme/lego/v4/certificate"
|
||||
@@ -33,6 +34,14 @@ func (this *Request) OnAuth(onAuth AuthCallback) {
|
||||
}
|
||||
|
||||
func (this *Request) Run() (certData []byte, keyData []byte, err error) {
|
||||
if this.task.Provider == nil {
|
||||
err = errors.New("provider should not be nil")
|
||||
return
|
||||
}
|
||||
if this.task.Provider.RequireEAB && this.task.Account == nil {
|
||||
err = errors.New("account should not be nil when provider require EAB")
|
||||
}
|
||||
|
||||
switch this.task.AuthType {
|
||||
case AuthTypeDNS:
|
||||
return this.runDNS()
|
||||
@@ -68,6 +77,8 @@ func (this *Request) runDNS() (certData []byte, keyData []byte, err error) {
|
||||
|
||||
config := lego.NewConfig(this.task.User)
|
||||
config.Certificate.KeyType = certcrypto.RSA2048
|
||||
config.CADirURL = this.task.Provider.APIURL
|
||||
config.UserAgent = teaconst.ProductName + "/" + teaconst.Version
|
||||
|
||||
client, err := lego.NewClient(config)
|
||||
if err != nil {
|
||||
@@ -82,13 +93,28 @@ func (this *Request) runDNS() (certData []byte, keyData []byte, err error) {
|
||||
return nil, nil, err
|
||||
}
|
||||
} else {
|
||||
resource, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
err = this.task.User.Register(resource)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
if this.task.Provider.RequireEAB {
|
||||
resource, err := client.Registration.RegisterWithExternalAccountBinding(registration.RegisterEABOptions{
|
||||
TermsOfServiceAgreed: true,
|
||||
Kid: this.task.Account.EABKid,
|
||||
HmacEncoded: this.task.Account.EABKey,
|
||||
})
|
||||
if err != nil {
|
||||
return nil, nil, errors.New("register user failed: " + err.Error())
|
||||
}
|
||||
err = this.task.User.Register(resource)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
} else {
|
||||
resource, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
err = this.task.User.Register(resource)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -104,7 +130,7 @@ func (this *Request) runDNS() (certData []byte, keyData []byte, err error) {
|
||||
}
|
||||
certResource, err := client.Certificate.Obtain(request)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
return nil, nil, errors.New("obtain cert failed: " + err.Error())
|
||||
}
|
||||
|
||||
return certResource.Certificate, certResource.PrivateKey, nil
|
||||
@@ -122,6 +148,8 @@ func (this *Request) runHTTP() (certData []byte, keyData []byte, err error) {
|
||||
|
||||
config := lego.NewConfig(this.task.User)
|
||||
config.Certificate.KeyType = certcrypto.RSA2048
|
||||
config.CADirURL = this.task.Provider.APIURL
|
||||
config.UserAgent = teaconst.ProductName + "/" + teaconst.Version
|
||||
|
||||
client, err := lego.NewClient(config)
|
||||
if err != nil {
|
||||
@@ -136,13 +164,28 @@ func (this *Request) runHTTP() (certData []byte, keyData []byte, err error) {
|
||||
return nil, nil, err
|
||||
}
|
||||
} else {
|
||||
resource, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
err = this.task.User.Register(resource)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
if this.task.Provider.RequireEAB {
|
||||
resource, err := client.Registration.RegisterWithExternalAccountBinding(registration.RegisterEABOptions{
|
||||
TermsOfServiceAgreed: true,
|
||||
Kid: this.task.Account.EABKid,
|
||||
HmacEncoded: this.task.Account.EABKey,
|
||||
})
|
||||
if err != nil {
|
||||
return nil, nil, errors.New("register user failed: " + err.Error())
|
||||
}
|
||||
err = this.task.User.Register(resource)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
} else {
|
||||
resource, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
err = this.task.User.Register(resource)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -10,6 +10,8 @@ const (
|
||||
)
|
||||
|
||||
type Task struct {
|
||||
Provider *Provider
|
||||
Account *Account
|
||||
User *User
|
||||
AuthType AuthType
|
||||
Domains []string
|
||||
|
||||
127
internal/db/models/acme/acme_provider_account_dao.go
Normal file
127
internal/db/models/acme/acme_provider_account_dao.go
Normal file
@@ -0,0 +1,127 @@
|
||||
package acme
|
||||
|
||||
import (
|
||||
"github.com/TeaOSLab/EdgeAPI/internal/errors"
|
||||
_ "github.com/go-sql-driver/mysql"
|
||||
"github.com/iwind/TeaGo/Tea"
|
||||
"github.com/iwind/TeaGo/dbs"
|
||||
)
|
||||
|
||||
const (
|
||||
ACMEProviderAccountStateEnabled = 1 // 已启用
|
||||
ACMEProviderAccountStateDisabled = 0 // 已禁用
|
||||
)
|
||||
|
||||
type ACMEProviderAccountDAO dbs.DAO
|
||||
|
||||
func NewACMEProviderAccountDAO() *ACMEProviderAccountDAO {
|
||||
return dbs.NewDAO(&ACMEProviderAccountDAO{
|
||||
DAOObject: dbs.DAOObject{
|
||||
DB: Tea.Env,
|
||||
Table: "edgeACMEProviderAccounts",
|
||||
Model: new(ACMEProviderAccount),
|
||||
PkName: "id",
|
||||
},
|
||||
}).(*ACMEProviderAccountDAO)
|
||||
}
|
||||
|
||||
var SharedACMEProviderAccountDAO *ACMEProviderAccountDAO
|
||||
|
||||
func init() {
|
||||
dbs.OnReady(func() {
|
||||
SharedACMEProviderAccountDAO = NewACMEProviderAccountDAO()
|
||||
})
|
||||
}
|
||||
|
||||
// EnableACMEProviderAccount 启用条目
|
||||
func (this *ACMEProviderAccountDAO) EnableACMEProviderAccount(tx *dbs.Tx, id int64) error {
|
||||
_, err := this.Query(tx).
|
||||
Pk(id).
|
||||
Set("state", ACMEProviderAccountStateEnabled).
|
||||
Update()
|
||||
return err
|
||||
}
|
||||
|
||||
// DisableACMEProviderAccount 禁用条目
|
||||
func (this *ACMEProviderAccountDAO) DisableACMEProviderAccount(tx *dbs.Tx, id int64) error {
|
||||
_, err := this.Query(tx).
|
||||
Pk(id).
|
||||
Set("state", ACMEProviderAccountStateDisabled).
|
||||
Update()
|
||||
return err
|
||||
}
|
||||
|
||||
// FindEnabledACMEProviderAccount 查找启用中的条目
|
||||
func (this *ACMEProviderAccountDAO) FindEnabledACMEProviderAccount(tx *dbs.Tx, id int64) (*ACMEProviderAccount, error) {
|
||||
result, err := this.Query(tx).
|
||||
Pk(id).
|
||||
Attr("state", ACMEProviderAccountStateEnabled).
|
||||
Find()
|
||||
if result == nil {
|
||||
return nil, err
|
||||
}
|
||||
return result.(*ACMEProviderAccount), err
|
||||
}
|
||||
|
||||
// FindACMEProviderAccountName 根据主键查找名称
|
||||
func (this *ACMEProviderAccountDAO) FindACMEProviderAccountName(tx *dbs.Tx, id int64) (string, error) {
|
||||
return this.Query(tx).
|
||||
Pk(id).
|
||||
Result("name").
|
||||
FindStringCol("")
|
||||
}
|
||||
|
||||
// CreateAccount 创建账号
|
||||
func (this *ACMEProviderAccountDAO) CreateAccount(tx *dbs.Tx, name string, providerCode string, eabKid string, eabKey string) (int64, error) {
|
||||
var op = NewACMEProviderAccountOperator()
|
||||
op.Name = name
|
||||
op.ProviderCode = providerCode
|
||||
op.EabKid = eabKid
|
||||
op.EabKey = eabKey
|
||||
|
||||
op.IsOn = true
|
||||
op.State = ACMEProviderAccountStateEnabled
|
||||
return this.SaveInt64(tx, op)
|
||||
}
|
||||
|
||||
// UpdateAccount 修改账号
|
||||
func (this *ACMEProviderAccountDAO) UpdateAccount(tx *dbs.Tx, accountId int64, name string, eabKid string, eabKey string) error {
|
||||
if accountId <= 0 {
|
||||
return errors.New("invalid accountId")
|
||||
}
|
||||
var op = NewACMEProviderAccountOperator()
|
||||
op.Id = accountId
|
||||
op.Name = name
|
||||
op.EabKid = eabKid
|
||||
op.EabKey = eabKey
|
||||
return this.Save(tx, op)
|
||||
}
|
||||
|
||||
// CountAllEnabledAccounts 计算账号数量
|
||||
func (this *ACMEProviderAccountDAO) CountAllEnabledAccounts(tx *dbs.Tx) (int64, error) {
|
||||
return this.Query(tx).
|
||||
Count()
|
||||
}
|
||||
|
||||
// ListEnabledAccounts 查找单页账号
|
||||
func (this *ACMEProviderAccountDAO) ListEnabledAccounts(tx *dbs.Tx, offset int64, size int64) (result []*ACMEProviderAccount, err error) {
|
||||
_, err = this.Query(tx).
|
||||
State(ACMEProviderAccountStateEnabled).
|
||||
Offset(offset).
|
||||
Limit(size).
|
||||
DescPk().
|
||||
Slice(&result).
|
||||
FindAll()
|
||||
return
|
||||
}
|
||||
|
||||
// FindAllEnabledAccountsWithProviderCode 根据服务商代号查找账号
|
||||
func (this *ACMEProviderAccountDAO) FindAllEnabledAccountsWithProviderCode(tx *dbs.Tx, providerCode string) (result []*ACMEProviderAccount, err error) {
|
||||
_, err = this.Query(tx).
|
||||
State(ACMEProviderAccountStateEnabled).
|
||||
Attr("providerCode", providerCode).
|
||||
DescPk().
|
||||
Slice(&result).
|
||||
FindAll()
|
||||
return
|
||||
}
|
||||
@@ -0,0 +1,6 @@
|
||||
package acme
|
||||
|
||||
import (
|
||||
_ "github.com/go-sql-driver/mysql"
|
||||
_ "github.com/iwind/TeaGo/bootstrap"
|
||||
)
|
||||
28
internal/db/models/acme/acme_provider_account_model.go
Normal file
28
internal/db/models/acme/acme_provider_account_model.go
Normal file
@@ -0,0 +1,28 @@
|
||||
package acme
|
||||
|
||||
// ACMEProviderAccount ACME提供商
|
||||
type ACMEProviderAccount struct {
|
||||
Id uint64 `field:"id"` // ID
|
||||
IsOn uint8 `field:"isOn"` // 是否启用
|
||||
Name string `field:"name"` // 名称
|
||||
ProviderCode string `field:"providerCode"` // 代号
|
||||
Error string `field:"error"` // 最后一条错误信息
|
||||
EabKid string `field:"eabKid"` // KID
|
||||
EabKey string `field:"eabKey"` // Key
|
||||
State uint8 `field:"state"` // 状态
|
||||
}
|
||||
|
||||
type ACMEProviderAccountOperator struct {
|
||||
Id interface{} // ID
|
||||
IsOn interface{} // 是否启用
|
||||
Name interface{} // 名称
|
||||
ProviderCode interface{} // 代号
|
||||
Error interface{} // 最后一条错误信息
|
||||
EabKid interface{} // KID
|
||||
EabKey interface{} // Key
|
||||
State interface{} // 状态
|
||||
}
|
||||
|
||||
func NewACMEProviderAccountOperator() *ACMEProviderAccountOperator {
|
||||
return &ACMEProviderAccountOperator{}
|
||||
}
|
||||
@@ -0,0 +1 @@
|
||||
package acme
|
||||
@@ -3,7 +3,7 @@ package acme
|
||||
import (
|
||||
"bytes"
|
||||
"encoding/json"
|
||||
"github.com/TeaOSLab/EdgeAPI/internal/acme"
|
||||
acmeutils "github.com/TeaOSLab/EdgeAPI/internal/acme"
|
||||
"github.com/TeaOSLab/EdgeAPI/internal/db/models"
|
||||
"github.com/TeaOSLab/EdgeAPI/internal/db/models/dns"
|
||||
dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils"
|
||||
@@ -167,7 +167,7 @@ func (this *ACMETaskDAO) ListEnabledACMETasks(tx *dbs.Tx, adminId int64, userId
|
||||
}
|
||||
|
||||
// CreateACMETask 创建任务
|
||||
func (this *ACMETaskDAO) CreateACMETask(tx *dbs.Tx, adminId int64, userId int64, authType acme.AuthType, acmeUserId int64, dnsProviderId int64, dnsDomain string, domains []string, autoRenew bool, authURL string) (int64, error) {
|
||||
func (this *ACMETaskDAO) CreateACMETask(tx *dbs.Tx, adminId int64, userId int64, authType acmeutils.AuthType, acmeUserId int64, dnsProviderId int64, dnsDomain string, domains []string, autoRenew bool, authURL string) (int64, error) {
|
||||
op := NewACMETaskOperator()
|
||||
op.AdminId = adminId
|
||||
op.UserId = userId
|
||||
@@ -286,13 +286,39 @@ func (this *ACMETaskDAO) runTaskWithoutLog(tx *dbs.Tx, taskId int64) (isOk bool,
|
||||
return
|
||||
}
|
||||
|
||||
privateKey, err := acme.ParsePrivateKeyFromBase64(user.PrivateKey)
|
||||
// 服务商
|
||||
if len(user.ProviderCode) == 0 {
|
||||
user.ProviderCode = acmeutils.DefaultProviderCode
|
||||
}
|
||||
var acmeProvider = acmeutils.FindProviderWithCode(user.ProviderCode)
|
||||
if acmeProvider == nil {
|
||||
errMsg = "服务商已不可用"
|
||||
return
|
||||
}
|
||||
|
||||
// 账号
|
||||
var acmeAccount *acmeutils.Account
|
||||
if user.AccountId > 0 {
|
||||
account, err := SharedACMEProviderAccountDAO.FindEnabledACMEProviderAccount(tx, int64(user.AccountId))
|
||||
if err != nil {
|
||||
errMsg = "查询ACME账号时出错:" + err.Error()
|
||||
return
|
||||
}
|
||||
if account != nil {
|
||||
acmeAccount = &acmeutils.Account{
|
||||
EABKid: account.EabKid,
|
||||
EABKey: account.EabKey,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
privateKey, err := acmeutils.ParsePrivateKeyFromBase64(user.PrivateKey)
|
||||
if err != nil {
|
||||
errMsg = "解析私钥时出错:" + err.Error()
|
||||
return
|
||||
}
|
||||
|
||||
remoteUser := acme.NewUser(user.Email, privateKey, func(resource *registration.Resource) error {
|
||||
remoteUser := acmeutils.NewUser(user.Email, privateKey, func(resource *registration.Resource) error {
|
||||
resourceJSON, err := json.Marshal(resource)
|
||||
if err != nil {
|
||||
return err
|
||||
@@ -310,8 +336,8 @@ func (this *ACMETaskDAO) runTaskWithoutLog(tx *dbs.Tx, taskId int64) (isOk bool,
|
||||
}
|
||||
}
|
||||
|
||||
var acmeTask *acme.Task = nil
|
||||
if task.AuthType == acme.AuthTypeDNS {
|
||||
var acmeTask *acmeutils.Task = nil
|
||||
if task.AuthType == acmeutils.AuthTypeDNS {
|
||||
// DNS服务商
|
||||
dnsProvider, err := dns.SharedDNSProviderDAO.FindEnabledDNSProvider(tx, int64(task.DnsProviderId))
|
||||
if err != nil {
|
||||
@@ -338,22 +364,24 @@ func (this *ACMETaskDAO) runTaskWithoutLog(tx *dbs.Tx, taskId int64) (isOk bool,
|
||||
return
|
||||
}
|
||||
|
||||
acmeTask = &acme.Task{
|
||||
acmeTask = &acmeutils.Task{
|
||||
User: remoteUser,
|
||||
AuthType: acme.AuthTypeDNS,
|
||||
AuthType: acmeutils.AuthTypeDNS,
|
||||
DNSProvider: providerInterface,
|
||||
DNSDomain: task.DnsDomain,
|
||||
Domains: task.DecodeDomains(),
|
||||
}
|
||||
} else if task.AuthType == acme.AuthTypeHTTP {
|
||||
acmeTask = &acme.Task{
|
||||
} else if task.AuthType == acmeutils.AuthTypeHTTP {
|
||||
acmeTask = &acmeutils.Task{
|
||||
User: remoteUser,
|
||||
AuthType: acme.AuthTypeHTTP,
|
||||
AuthType: acmeutils.AuthTypeHTTP,
|
||||
Domains: task.DecodeDomains(),
|
||||
}
|
||||
}
|
||||
acmeTask.Provider = acmeProvider
|
||||
acmeTask.Account = acmeAccount
|
||||
|
||||
acmeRequest := acme.NewRequest(acmeTask)
|
||||
acmeRequest := acmeutils.NewRequest(acmeTask)
|
||||
acmeRequest.OnAuth(func(domain, token, keyAuth string) {
|
||||
err := SharedACMEAuthenticationDAO.CreateAuth(tx, taskId, domain, token, keyAuth)
|
||||
if err != nil {
|
||||
|
||||
@@ -39,7 +39,7 @@ func init() {
|
||||
})
|
||||
}
|
||||
|
||||
// 启用条目
|
||||
// EnableACMEUser 启用条目
|
||||
func (this *ACMEUserDAO) EnableACMEUser(tx *dbs.Tx, id int64) error {
|
||||
_, err := this.Query(tx).
|
||||
Pk(id).
|
||||
@@ -48,7 +48,7 @@ func (this *ACMEUserDAO) EnableACMEUser(tx *dbs.Tx, id int64) error {
|
||||
return err
|
||||
}
|
||||
|
||||
// 禁用条目
|
||||
// DisableACMEUser 禁用条目
|
||||
func (this *ACMEUserDAO) DisableACMEUser(tx *dbs.Tx, id int64) error {
|
||||
_, err := this.Query(tx).
|
||||
Pk(id).
|
||||
@@ -69,8 +69,8 @@ func (this *ACMEUserDAO) FindEnabledACMEUser(tx *dbs.Tx, id int64) (*ACMEUser, e
|
||||
return result.(*ACMEUser), err
|
||||
}
|
||||
|
||||
// 创建用户
|
||||
func (this *ACMEUserDAO) CreateACMEUser(tx *dbs.Tx, adminId int64, userId int64, email string, description string) (int64, error) {
|
||||
// CreateACMEUser 创建用户
|
||||
func (this *ACMEUserDAO) CreateACMEUser(tx *dbs.Tx, adminId int64, userId int64, providerCode string, accountId int64, email string, description string) (int64, error) {
|
||||
// 生成私钥
|
||||
privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
||||
if err != nil {
|
||||
@@ -86,6 +86,8 @@ func (this *ACMEUserDAO) CreateACMEUser(tx *dbs.Tx, adminId int64, userId int64,
|
||||
op := NewACMEUserOperator()
|
||||
op.AdminId = adminId
|
||||
op.UserId = userId
|
||||
op.ProviderCode = providerCode
|
||||
op.AccountId = accountId
|
||||
op.Email = email
|
||||
op.Description = description
|
||||
op.PrivateKey = privateKeyText
|
||||
@@ -97,7 +99,7 @@ func (this *ACMEUserDAO) CreateACMEUser(tx *dbs.Tx, adminId int64, userId int64,
|
||||
return types.Int64(op.Id), nil
|
||||
}
|
||||
|
||||
// 修改用户信息
|
||||
// UpdateACMEUser 修改用户信息
|
||||
func (this *ACMEUserDAO) UpdateACMEUser(tx *dbs.Tx, acmeUserId int64, description string) error {
|
||||
if acmeUserId <= 0 {
|
||||
return errors.New("invalid acmeUserId")
|
||||
@@ -109,7 +111,7 @@ func (this *ACMEUserDAO) UpdateACMEUser(tx *dbs.Tx, acmeUserId int64, descriptio
|
||||
return err
|
||||
}
|
||||
|
||||
// 修改用户ACME注册信息
|
||||
// UpdateACMEUserRegistration 修改用户ACME注册信息
|
||||
func (this *ACMEUserDAO) UpdateACMEUserRegistration(tx *dbs.Tx, acmeUserId int64, registrationJSON []byte) error {
|
||||
if acmeUserId <= 0 {
|
||||
return errors.New("invalid acmeUserId")
|
||||
@@ -121,7 +123,7 @@ func (this *ACMEUserDAO) UpdateACMEUserRegistration(tx *dbs.Tx, acmeUserId int64
|
||||
return err
|
||||
}
|
||||
|
||||
// 计算用户数量
|
||||
// CountACMEUsersWithAdminId 计算用户数量
|
||||
func (this *ACMEUserDAO) CountACMEUsersWithAdminId(tx *dbs.Tx, adminId int64, userId int64) (int64, error) {
|
||||
query := this.Query(tx)
|
||||
if adminId > 0 {
|
||||
@@ -136,7 +138,7 @@ func (this *ACMEUserDAO) CountACMEUsersWithAdminId(tx *dbs.Tx, adminId int64, us
|
||||
Count()
|
||||
}
|
||||
|
||||
// 列出当前管理员的用户
|
||||
// ListACMEUsers 列出当前管理员的用户
|
||||
func (this *ACMEUserDAO) ListACMEUsers(tx *dbs.Tx, adminId int64, userId int64, offset int64, size int64) (result []*ACMEUser, err error) {
|
||||
query := this.Query(tx)
|
||||
if adminId > 0 {
|
||||
@@ -156,8 +158,8 @@ func (this *ACMEUserDAO) ListACMEUsers(tx *dbs.Tx, adminId int64, userId int64,
|
||||
return
|
||||
}
|
||||
|
||||
// 查找所有用户
|
||||
func (this *ACMEUserDAO) FindAllACMEUsers(tx *dbs.Tx, adminId int64, userId int64) (result []*ACMEUser, err error) {
|
||||
// FindAllACMEUsers 查找所有用户
|
||||
func (this *ACMEUserDAO) FindAllACMEUsers(tx *dbs.Tx, adminId int64, userId int64, providerCode string) (result []*ACMEUser, err error) {
|
||||
// 防止没有传入条件导致返回的数据过多
|
||||
if adminId <= 0 && userId <= 0 {
|
||||
return nil, errors.New("'adminId' or 'userId' should not be empty")
|
||||
@@ -170,6 +172,9 @@ func (this *ACMEUserDAO) FindAllACMEUsers(tx *dbs.Tx, adminId int64, userId int6
|
||||
if userId > 0 {
|
||||
query.Attr("userId", userId)
|
||||
}
|
||||
if len(providerCode) > 0 {
|
||||
query.Attr("providerCode", providerCode)
|
||||
}
|
||||
_, err = query.
|
||||
State(ACMEUserStateEnabled).
|
||||
Slice(&result).
|
||||
@@ -178,7 +183,7 @@ func (this *ACMEUserDAO) FindAllACMEUsers(tx *dbs.Tx, adminId int64, userId int6
|
||||
return
|
||||
}
|
||||
|
||||
// 检查用户权限
|
||||
// CheckACMEUser 检查用户权限
|
||||
func (this *ACMEUserDAO) CheckACMEUser(tx *dbs.Tx, acmeUserId int64, adminId int64, userId int64) (bool, error) {
|
||||
if acmeUserId <= 0 {
|
||||
return false, nil
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
package acme
|
||||
|
||||
//
|
||||
// ACMEUser ACME用户
|
||||
type ACMEUser struct {
|
||||
Id uint64 `field:"id"` // ID
|
||||
AdminId uint32 `field:"adminId"` // 管理员ID
|
||||
@@ -11,6 +11,8 @@ type ACMEUser struct {
|
||||
State uint8 `field:"state"` // 状态
|
||||
Description string `field:"description"` // 备注介绍
|
||||
Registration string `field:"registration"` // 注册信息
|
||||
ProviderCode string `field:"providerCode"` // 服务商代号
|
||||
AccountId uint64 `field:"accountId"` // 提供商ID
|
||||
}
|
||||
|
||||
type ACMEUserOperator struct {
|
||||
@@ -23,6 +25,8 @@ type ACMEUserOperator struct {
|
||||
State interface{} // 状态
|
||||
Description interface{} // 备注介绍
|
||||
Registration interface{} // 注册信息
|
||||
ProviderCode interface{} // 服务商代号
|
||||
AccountId interface{} // 提供商ID
|
||||
}
|
||||
|
||||
func NewACMEUserOperator() *ACMEUserOperator {
|
||||
|
||||
@@ -308,6 +308,16 @@ func (this *APINode) registerServices(server *grpc.Server) {
|
||||
pb.RegisterACMEAuthenticationServiceServer(server, instance)
|
||||
this.rest(instance)
|
||||
}
|
||||
{
|
||||
instance := this.serviceInstance(&services.ACMEProviderService{}).(*services.ACMEProviderService)
|
||||
pb.RegisterACMEProviderServiceServer(server, instance)
|
||||
this.rest(instance)
|
||||
}
|
||||
{
|
||||
instance := this.serviceInstance(&services.ACMEProviderAccountService{}).(*services.ACMEProviderAccountService)
|
||||
pb.RegisterACMEProviderAccountServiceServer(server, instance)
|
||||
this.rest(instance)
|
||||
}
|
||||
{
|
||||
instance := this.serviceInstance(&services.UserService{}).(*services.UserService)
|
||||
pb.RegisterUserServiceServer(server, instance)
|
||||
|
||||
62
internal/rpc/services/service_acme_provider.go
Normal file
62
internal/rpc/services/service_acme_provider.go
Normal file
@@ -0,0 +1,62 @@
|
||||
// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
|
||||
|
||||
package services
|
||||
|
||||
import (
|
||||
"context"
|
||||
"github.com/TeaOSLab/EdgeAPI/internal/acme"
|
||||
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
|
||||
)
|
||||
|
||||
// ACMEProviderService ACME服务商
|
||||
type ACMEProviderService struct {
|
||||
BaseService
|
||||
}
|
||||
|
||||
// FindAllACMEProviders 查找所有的服务商
|
||||
func (this *ACMEProviderService) FindAllACMEProviders(ctx context.Context, req *pb.FindAllACMEProvidersRequest) (*pb.FindAllACMEProvidersResponse, error) {
|
||||
_, err := this.ValidateAdmin(ctx, 0)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
var pbProviders = []*pb.ACMEProvider{}
|
||||
for _, provider := range acme.FindAllProviders() {
|
||||
pbProviders = append(pbProviders, &pb.ACMEProvider{
|
||||
Name: provider.Name,
|
||||
Code: provider.Code,
|
||||
Description: provider.Description,
|
||||
ApiURL: provider.APIURL,
|
||||
RequireEAB: provider.RequireEAB,
|
||||
EabDescription: provider.EABDescription,
|
||||
})
|
||||
}
|
||||
|
||||
return &pb.FindAllACMEProvidersResponse{AcmeProviders: pbProviders}, nil
|
||||
}
|
||||
|
||||
// FindACMEProviderWithCode 根据代号查找服务商
|
||||
func (this *ACMEProviderService) FindACMEProviderWithCode(ctx context.Context, req *pb.FindACMEProviderWithCodeRequest) (*pb.FindACMEProviderWithCodeResponse, error) {
|
||||
_, err := this.ValidateAdmin(ctx, 0)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
var provider = acme.FindProviderWithCode(req.AcmeProviderCode)
|
||||
if provider == nil {
|
||||
return &pb.FindACMEProviderWithCodeResponse{
|
||||
AcmeProvider: nil,
|
||||
}, nil
|
||||
}
|
||||
|
||||
return &pb.FindACMEProviderWithCodeResponse{
|
||||
AcmeProvider: &pb.ACMEProvider{
|
||||
Name: provider.Name,
|
||||
Code: provider.Code,
|
||||
Description: provider.Description,
|
||||
ApiURL: provider.APIURL,
|
||||
RequireEAB: provider.RequireEAB,
|
||||
EabDescription: provider.EABDescription,
|
||||
},
|
||||
}, nil
|
||||
}
|
||||
203
internal/rpc/services/service_acme_provider_account.go
Normal file
203
internal/rpc/services/service_acme_provider_account.go
Normal file
@@ -0,0 +1,203 @@
|
||||
// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
|
||||
|
||||
package services
|
||||
|
||||
import (
|
||||
"context"
|
||||
acmeutils "github.com/TeaOSLab/EdgeAPI/internal/acme"
|
||||
"github.com/TeaOSLab/EdgeAPI/internal/db/models/acme"
|
||||
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
|
||||
)
|
||||
|
||||
// ACMEProviderAccountService ACME服务商账号服务
|
||||
type ACMEProviderAccountService struct {
|
||||
BaseService
|
||||
}
|
||||
|
||||
// CreateACMEProviderAccount 创建服务商账号
|
||||
func (this *ACMEProviderAccountService) CreateACMEProviderAccount(ctx context.Context, req *pb.CreateACMEProviderAccountRequest) (*pb.CreateACMEProviderAccountResponse, error) {
|
||||
_, err := this.ValidateAdmin(ctx, 0)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
var tx = this.NullTx()
|
||||
accountId, err := acme.SharedACMEProviderAccountDAO.CreateAccount(tx, req.Name, req.ProviderCode, req.EabKid, req.EabKey)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &pb.CreateACMEProviderAccountResponse{
|
||||
AcmeProviderAccountId: accountId,
|
||||
}, nil
|
||||
}
|
||||
|
||||
// FindAllACMEProviderAccountsWithProviderCode 使用代号查找服务商账号
|
||||
func (this *ACMEProviderAccountService) FindAllACMEProviderAccountsWithProviderCode(ctx context.Context, req *pb.FindAllACMEProviderAccountsWithProviderCodeRequest) (*pb.FindAllACMEProviderAccountsWithProviderCodeResponse, error) {
|
||||
_, err := this.ValidateAdmin(ctx, 0)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
var tx = this.NullTx()
|
||||
accounts, err := acme.SharedACMEProviderAccountDAO.FindAllEnabledAccountsWithProviderCode(tx, req.AcmeProviderCode)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
var pbAccounts = []*pb.ACMEProviderAccount{}
|
||||
for _, account := range accounts {
|
||||
var pbProvider *pb.ACMEProvider
|
||||
provider := acmeutils.FindProviderWithCode(account.ProviderCode)
|
||||
if provider != nil {
|
||||
pbProvider = &pb.ACMEProvider{
|
||||
Name: provider.Name,
|
||||
Code: provider.Code,
|
||||
Description: provider.Description,
|
||||
ApiURL: provider.APIURL,
|
||||
RequireEAB: provider.RequireEAB,
|
||||
}
|
||||
}
|
||||
|
||||
pbAccounts = append(pbAccounts, &pb.ACMEProviderAccount{
|
||||
Id: int64(account.Id),
|
||||
Name: account.Name,
|
||||
ProviderCode: account.ProviderCode,
|
||||
IsOn: account.IsOn == 1,
|
||||
EabKid: account.EabKid,
|
||||
EabKey: account.EabKey,
|
||||
Error: account.Error,
|
||||
AcmeProvider: pbProvider,
|
||||
})
|
||||
}
|
||||
|
||||
return &pb.FindAllACMEProviderAccountsWithProviderCodeResponse{
|
||||
AcmeProviderAccounts: pbAccounts,
|
||||
}, nil
|
||||
}
|
||||
|
||||
// UpdateACMEProviderAccount 修改服务商账号
|
||||
func (this *ACMEProviderAccountService) UpdateACMEProviderAccount(ctx context.Context, req *pb.UpdateACMEProviderAccountRequest) (*pb.RPCSuccess, error) {
|
||||
_, err := this.ValidateAdmin(ctx, 0)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
var tx = this.NullTx()
|
||||
err = acme.SharedACMEProviderAccountDAO.UpdateAccount(tx, req.AcmeProviderAccountId, req.Name, req.EabKid, req.EabKey)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return this.Success()
|
||||
}
|
||||
|
||||
// DeleteACMEProviderAccount 删除服务商账号
|
||||
func (this *ACMEProviderAccountService) DeleteACMEProviderAccount(ctx context.Context, req *pb.DeleteACMEProviderAccountRequest) (*pb.RPCSuccess, error) {
|
||||
_, err := this.ValidateAdmin(ctx, 0)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
var tx = this.NullTx()
|
||||
err = acme.SharedACMEProviderAccountDAO.DisableACMEProviderAccount(tx, req.AcmeProviderAccountId)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return this.Success()
|
||||
}
|
||||
|
||||
// FindEnabledACMEProviderAccount 查找单个服务商账号
|
||||
func (this *ACMEProviderAccountService) FindEnabledACMEProviderAccount(ctx context.Context, req *pb.FindEnabledACMEProviderAccountRequest) (*pb.FindEnabledACMEProviderAccountResponse, error) {
|
||||
_, err := this.ValidateAdmin(ctx, 0)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
var tx = this.NullTx()
|
||||
account, err := acme.SharedACMEProviderAccountDAO.FindEnabledACMEProviderAccount(tx, req.AcmeProviderAccountId)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if account == nil {
|
||||
return &pb.FindEnabledACMEProviderAccountResponse{AcmeProviderAccount: nil}, nil
|
||||
}
|
||||
|
||||
var pbProvider *pb.ACMEProvider
|
||||
provider := acmeutils.FindProviderWithCode(account.ProviderCode)
|
||||
if provider != nil {
|
||||
pbProvider = &pb.ACMEProvider{
|
||||
Name: provider.Name,
|
||||
Code: provider.Code,
|
||||
Description: provider.Description,
|
||||
ApiURL: provider.APIURL,
|
||||
RequireEAB: provider.RequireEAB,
|
||||
EabDescription: provider.EABDescription,
|
||||
}
|
||||
}
|
||||
|
||||
return &pb.FindEnabledACMEProviderAccountResponse{AcmeProviderAccount: &pb.ACMEProviderAccount{
|
||||
Id: int64(account.Id),
|
||||
Name: account.Name,
|
||||
ProviderCode: account.ProviderCode,
|
||||
IsOn: account.IsOn == 1,
|
||||
EabKid: account.EabKid,
|
||||
EabKey: account.EabKey,
|
||||
Error: account.Error,
|
||||
AcmeProvider: pbProvider,
|
||||
}}, nil
|
||||
}
|
||||
|
||||
// CountAllEnabledACMEProviderAccounts 计算所有服务商账号数量
|
||||
func (this *ACMEProviderAccountService) CountAllEnabledACMEProviderAccounts(ctx context.Context, req *pb.CountAllEnabledACMEProviderAccountsRequest) (*pb.RPCCountResponse, error) {
|
||||
_, err := this.ValidateAdmin(ctx, 0)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
var tx = this.NullTx()
|
||||
count, err := acme.SharedACMEProviderAccountDAO.CountAllEnabledAccounts(tx)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return this.SuccessCount(count)
|
||||
}
|
||||
|
||||
// ListEnabledACMEProviderAccounts 列出单页服务商账号
|
||||
func (this *ACMEProviderAccountService) ListEnabledACMEProviderAccounts(ctx context.Context, req *pb.ListEnabledACMEProviderAccountsRequest) (*pb.ListEnabledACMEProviderAccountsResponse, error) {
|
||||
_, err := this.ValidateAdmin(ctx, 0)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
var tx = this.NullTx()
|
||||
accounts, err := acme.SharedACMEProviderAccountDAO.ListEnabledAccounts(tx, req.Offset, req.Size)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
var pbAccounts = []*pb.ACMEProviderAccount{}
|
||||
for _, account := range accounts {
|
||||
var pbProvider *pb.ACMEProvider
|
||||
provider := acmeutils.FindProviderWithCode(account.ProviderCode)
|
||||
if provider != nil {
|
||||
pbProvider = &pb.ACMEProvider{
|
||||
Name: provider.Name,
|
||||
Code: provider.Code,
|
||||
Description: provider.Description,
|
||||
ApiURL: provider.APIURL,
|
||||
RequireEAB: provider.RequireEAB,
|
||||
EabDescription: provider.EABDescription,
|
||||
}
|
||||
}
|
||||
|
||||
pbAccounts = append(pbAccounts, &pb.ACMEProviderAccount{
|
||||
Id: int64(account.Id),
|
||||
Name: account.Name,
|
||||
ProviderCode: account.ProviderCode,
|
||||
IsOn: account.IsOn == 1,
|
||||
EabKid: account.EabKid,
|
||||
EabKey: account.EabKey,
|
||||
Error: account.Error,
|
||||
AcmeProvider: pbProvider,
|
||||
})
|
||||
}
|
||||
|
||||
return &pb.ListEnabledACMEProviderAccountsResponse{AcmeProviderAccounts: pbAccounts}, nil
|
||||
}
|
||||
@@ -98,7 +98,50 @@ func (this *ACMETaskService) ListEnabledACMETasks(ctx context.Context, req *pb.L
|
||||
CreatedAt: int64(acmeUser.CreatedAt),
|
||||
}
|
||||
|
||||
var pbProvider *pb.DNSProvider
|
||||
// 服务商
|
||||
if len(acmeUser.ProviderCode) == 0 {
|
||||
acmeUser.ProviderCode = acme.DefaultProviderCode
|
||||
}
|
||||
var provider = acme.FindProviderWithCode(acmeUser.ProviderCode)
|
||||
if provider != nil {
|
||||
pbACMEUser.AcmeProvider = &pb.ACMEProvider{
|
||||
Name: provider.Name,
|
||||
Code: provider.Code,
|
||||
Description: provider.Description,
|
||||
RequireEAB: provider.RequireEAB,
|
||||
EabDescription: provider.EABDescription,
|
||||
}
|
||||
}
|
||||
|
||||
// 账号
|
||||
if acmeUser.AccountId > 0 {
|
||||
account, err := acmemodels.SharedACMEProviderAccountDAO.FindEnabledACMEProviderAccount(tx, int64(acmeUser.AccountId))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if account != nil {
|
||||
pbACMEUser.AcmeProviderAccount = &pb.ACMEProviderAccount{
|
||||
Id: int64(account.Id),
|
||||
Name: account.Name,
|
||||
IsOn: account.IsOn == 1,
|
||||
ProviderCode: account.ProviderCode,
|
||||
AcmeProvider: nil,
|
||||
}
|
||||
|
||||
var provider = acme.FindProviderWithCode(account.ProviderCode)
|
||||
if provider != nil {
|
||||
pbACMEUser.AcmeProviderAccount.AcmeProvider = &pb.ACMEProvider{
|
||||
Name: provider.Name,
|
||||
Code: provider.Code,
|
||||
Description: provider.Description,
|
||||
RequireEAB: provider.RequireEAB,
|
||||
EabDescription: provider.EABDescription,
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
var pbDNSProvider *pb.DNSProvider
|
||||
if task.AuthType == acme.AuthTypeDNS {
|
||||
// DNS
|
||||
provider, err := dns.SharedDNSProviderDAO.FindEnabledDNSProvider(tx, int64(task.DnsProviderId))
|
||||
@@ -108,7 +151,7 @@ func (this *ACMETaskService) ListEnabledACMETasks(ctx context.Context, req *pb.L
|
||||
if provider == nil {
|
||||
continue
|
||||
}
|
||||
pbProvider = &pb.DNSProvider{
|
||||
pbDNSProvider = &pb.DNSProvider{
|
||||
Id: int64(provider.Id),
|
||||
Name: provider.Name,
|
||||
Type: provider.Type,
|
||||
@@ -158,7 +201,7 @@ func (this *ACMETaskService) ListEnabledACMETasks(ctx context.Context, req *pb.L
|
||||
CreatedAt: int64(task.CreatedAt),
|
||||
AutoRenew: task.AutoRenew == 1,
|
||||
AcmeUser: pbACMEUser,
|
||||
DnsProvider: pbProvider,
|
||||
DnsProvider: pbDNSProvider,
|
||||
SslCert: pbCert,
|
||||
LatestACMETaskLog: pbTaskLog,
|
||||
AuthType: task.AuthType,
|
||||
@@ -301,6 +344,49 @@ func (this *ACMETaskService) FindEnabledACMETask(ctx context.Context, req *pb.Fi
|
||||
Description: acmeUser.Description,
|
||||
CreatedAt: int64(acmeUser.CreatedAt),
|
||||
}
|
||||
|
||||
// 服务商
|
||||
if len(acmeUser.ProviderCode) == 0 {
|
||||
acmeUser.ProviderCode = acme.DefaultProviderCode
|
||||
}
|
||||
var provider = acme.FindProviderWithCode(acmeUser.ProviderCode)
|
||||
if provider != nil {
|
||||
pbACMEUser.AcmeProvider = &pb.ACMEProvider{
|
||||
Name: provider.Name,
|
||||
Code: provider.Code,
|
||||
Description: provider.Description,
|
||||
RequireEAB: provider.RequireEAB,
|
||||
EabDescription: provider.EABDescription,
|
||||
}
|
||||
}
|
||||
|
||||
// 账号
|
||||
if acmeUser.AccountId > 0 {
|
||||
account, err := acmemodels.SharedACMEProviderAccountDAO.FindEnabledACMEProviderAccount(tx, int64(acmeUser.AccountId))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if account != nil {
|
||||
pbACMEUser.AcmeProviderAccount = &pb.ACMEProviderAccount{
|
||||
Id: int64(account.Id),
|
||||
Name: account.Name,
|
||||
IsOn: account.IsOn == 1,
|
||||
ProviderCode: account.ProviderCode,
|
||||
AcmeProvider: nil,
|
||||
}
|
||||
|
||||
var provider = acme.FindProviderWithCode(account.ProviderCode)
|
||||
if provider != nil {
|
||||
pbACMEUser.AcmeProviderAccount.AcmeProvider = &pb.ACMEProvider{
|
||||
Name: provider.Name,
|
||||
Code: provider.Code,
|
||||
Description: provider.Description,
|
||||
RequireEAB: provider.RequireEAB,
|
||||
EabDescription: provider.EABDescription,
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -2,16 +2,17 @@ package services
|
||||
|
||||
import (
|
||||
"context"
|
||||
"github.com/TeaOSLab/EdgeAPI/internal/acme"
|
||||
acmemodels "github.com/TeaOSLab/EdgeAPI/internal/db/models/acme"
|
||||
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
|
||||
)
|
||||
|
||||
// 用户服务
|
||||
// ACMEUserService 用户服务
|
||||
type ACMEUserService struct {
|
||||
BaseService
|
||||
}
|
||||
|
||||
// 创建用户
|
||||
// CreateACMEUser 创建用户
|
||||
func (this *ACMEUserService) CreateACMEUser(ctx context.Context, req *pb.CreateACMEUserRequest) (*pb.CreateACMEUserResponse, error) {
|
||||
// 校验请求
|
||||
adminId, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
|
||||
@@ -21,14 +22,14 @@ func (this *ACMEUserService) CreateACMEUser(ctx context.Context, req *pb.CreateA
|
||||
|
||||
tx := this.NullTx()
|
||||
|
||||
acmeUserId, err := acmemodels.SharedACMEUserDAO.CreateACMEUser(tx, adminId, userId, req.Email, req.Description)
|
||||
acmeUserId, err := acmemodels.SharedACMEUserDAO.CreateACMEUser(tx, adminId, userId, req.AcmeProviderCode, req.AcmeProviderAccountId, req.Email, req.Description)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &pb.CreateACMEUserResponse{AcmeUserId: acmeUserId}, nil
|
||||
}
|
||||
|
||||
// 修改用户
|
||||
// UpdateACMEUser 修改用户
|
||||
func (this *ACMEUserService) UpdateACMEUser(ctx context.Context, req *pb.UpdateACMEUserRequest) (*pb.RPCSuccess, error) {
|
||||
// 校验请求
|
||||
adminId, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
|
||||
@@ -54,7 +55,7 @@ func (this *ACMEUserService) UpdateACMEUser(ctx context.Context, req *pb.UpdateA
|
||||
return this.Success()
|
||||
}
|
||||
|
||||
// 删除用户
|
||||
// DeleteACMEUser 删除用户
|
||||
func (this *ACMEUserService) DeleteACMEUser(ctx context.Context, req *pb.DeleteACMEUserRequest) (*pb.RPCSuccess, error) {
|
||||
// 校验请求
|
||||
adminId, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
|
||||
@@ -80,7 +81,7 @@ func (this *ACMEUserService) DeleteACMEUser(ctx context.Context, req *pb.DeleteA
|
||||
return this.Success()
|
||||
}
|
||||
|
||||
// 计算用户数量
|
||||
// CountACMEUsers 计算用户数量
|
||||
func (this *ACMEUserService) CountACMEUsers(ctx context.Context, req *pb.CountAcmeUsersRequest) (*pb.RPCCountResponse, error) {
|
||||
// 校验请求
|
||||
adminId, userId, err := this.ValidateAdminAndUser(ctx, 0, req.UserId)
|
||||
@@ -97,7 +98,7 @@ func (this *ACMEUserService) CountACMEUsers(ctx context.Context, req *pb.CountAc
|
||||
return this.SuccessCount(count)
|
||||
}
|
||||
|
||||
// 列出单页用户
|
||||
// ListACMEUsers 列出单页用户
|
||||
func (this *ACMEUserService) ListACMEUsers(ctx context.Context, req *pb.ListACMEUsersRequest) (*pb.ListACMEUsersResponse, error) {
|
||||
// 校验请求
|
||||
adminId, userId, err := this.ValidateAdminAndUser(ctx, 0, req.UserId)
|
||||
@@ -113,17 +114,63 @@ func (this *ACMEUserService) ListACMEUsers(ctx context.Context, req *pb.ListACME
|
||||
}
|
||||
result := []*pb.ACMEUser{}
|
||||
for _, user := range acmeUsers {
|
||||
result = append(result, &pb.ACMEUser{
|
||||
Id: int64(user.Id),
|
||||
Email: user.Email,
|
||||
Description: user.Description,
|
||||
CreatedAt: int64(user.CreatedAt),
|
||||
})
|
||||
var pbUser = &pb.ACMEUser{
|
||||
Id: int64(user.Id),
|
||||
Email: user.Email,
|
||||
Description: user.Description,
|
||||
CreatedAt: int64(user.CreatedAt),
|
||||
AcmeProviderCode: user.ProviderCode,
|
||||
}
|
||||
|
||||
// 服务商
|
||||
if len(user.ProviderCode) == 0 {
|
||||
user.ProviderCode = acme.DefaultProviderCode
|
||||
}
|
||||
var provider = acme.FindProviderWithCode(user.ProviderCode)
|
||||
if provider != nil {
|
||||
pbUser.AcmeProvider = &pb.ACMEProvider{
|
||||
Name: provider.Name,
|
||||
Code: provider.Code,
|
||||
Description: provider.Description,
|
||||
RequireEAB: provider.RequireEAB,
|
||||
EabDescription: provider.EABDescription,
|
||||
}
|
||||
}
|
||||
|
||||
// 账号
|
||||
if user.AccountId > 0 {
|
||||
account, err := acmemodels.SharedACMEProviderAccountDAO.FindEnabledACMEProviderAccount(tx, int64(user.AccountId))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if account != nil {
|
||||
pbUser.AcmeProviderAccount = &pb.ACMEProviderAccount{
|
||||
Id: int64(account.Id),
|
||||
Name: account.Name,
|
||||
IsOn: account.IsOn == 1,
|
||||
ProviderCode: account.ProviderCode,
|
||||
AcmeProvider: nil,
|
||||
}
|
||||
|
||||
var provider = acme.FindProviderWithCode(account.ProviderCode)
|
||||
if provider != nil {
|
||||
pbUser.AcmeProviderAccount.AcmeProvider = &pb.ACMEProvider{
|
||||
Name: provider.Name,
|
||||
Code: provider.Code,
|
||||
Description: provider.Description,
|
||||
RequireEAB: provider.RequireEAB,
|
||||
EabDescription: provider.EABDescription,
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
result = append(result, pbUser)
|
||||
}
|
||||
return &pb.ListACMEUsersResponse{AcmeUsers: result}, nil
|
||||
}
|
||||
|
||||
// 查找单个用户
|
||||
// FindEnabledACMEUser 查找单个用户
|
||||
func (this *ACMEUserService) FindEnabledACMEUser(ctx context.Context, req *pb.FindEnabledACMEUserRequest) (*pb.FindEnabledACMEUserResponse, error) {
|
||||
// 校验请求
|
||||
adminId, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
|
||||
@@ -149,15 +196,61 @@ func (this *ACMEUserService) FindEnabledACMEUser(ctx context.Context, req *pb.Fi
|
||||
if acmeUser == nil {
|
||||
return &pb.FindEnabledACMEUserResponse{AcmeUser: nil}, nil
|
||||
}
|
||||
return &pb.FindEnabledACMEUserResponse{AcmeUser: &pb.ACMEUser{
|
||||
Id: int64(acmeUser.Id),
|
||||
Email: acmeUser.Email,
|
||||
Description: acmeUser.Description,
|
||||
CreatedAt: int64(acmeUser.CreatedAt),
|
||||
}}, nil
|
||||
|
||||
// 服务商
|
||||
var pbACMEUser = &pb.ACMEUser{
|
||||
Id: int64(acmeUser.Id),
|
||||
Email: acmeUser.Email,
|
||||
Description: acmeUser.Description,
|
||||
CreatedAt: int64(acmeUser.CreatedAt),
|
||||
AcmeProviderCode: acmeUser.ProviderCode,
|
||||
}
|
||||
if len(acmeUser.ProviderCode) == 0 {
|
||||
acmeUser.ProviderCode = acme.DefaultProviderCode
|
||||
}
|
||||
var provider = acme.FindProviderWithCode(acmeUser.ProviderCode)
|
||||
if provider != nil {
|
||||
pbACMEUser.AcmeProvider = &pb.ACMEProvider{
|
||||
Name: provider.Name,
|
||||
Code: provider.Code,
|
||||
Description: provider.Description,
|
||||
RequireEAB: provider.RequireEAB,
|
||||
EabDescription: provider.EABDescription,
|
||||
}
|
||||
}
|
||||
|
||||
// 账号
|
||||
if acmeUser.AccountId > 0 {
|
||||
account, err := acmemodels.SharedACMEProviderAccountDAO.FindEnabledACMEProviderAccount(tx, int64(acmeUser.AccountId))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if account != nil {
|
||||
pbACMEUser.AcmeProviderAccount = &pb.ACMEProviderAccount{
|
||||
Id: int64(account.Id),
|
||||
Name: account.Name,
|
||||
IsOn: account.IsOn == 1,
|
||||
ProviderCode: account.ProviderCode,
|
||||
AcmeProvider: nil,
|
||||
}
|
||||
|
||||
var provider = acme.FindProviderWithCode(account.ProviderCode)
|
||||
if provider != nil {
|
||||
pbACMEUser.AcmeProviderAccount.AcmeProvider = &pb.ACMEProvider{
|
||||
Name: provider.Name,
|
||||
Code: provider.Code,
|
||||
Description: provider.Description,
|
||||
RequireEAB: provider.RequireEAB,
|
||||
EabDescription: provider.EABDescription,
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return &pb.FindEnabledACMEUserResponse{AcmeUser: pbACMEUser}, nil
|
||||
}
|
||||
|
||||
// 查找所有用户
|
||||
// FindAllACMEUsers 查找所有用户
|
||||
func (this *ACMEUserService) FindAllACMEUsers(ctx context.Context, req *pb.FindAllACMEUsersRequest) (*pb.FindAllACMEUsersResponse, error) {
|
||||
// 校验请求
|
||||
adminId, userId, err := this.ValidateAdminAndUser(ctx, 0, req.UserId)
|
||||
@@ -167,17 +260,18 @@ func (this *ACMEUserService) FindAllACMEUsers(ctx context.Context, req *pb.FindA
|
||||
|
||||
tx := this.NullTx()
|
||||
|
||||
acmeUsers, err := acmemodels.SharedACMEUserDAO.FindAllACMEUsers(tx, adminId, userId)
|
||||
acmeUsers, err := acmemodels.SharedACMEUserDAO.FindAllACMEUsers(tx, adminId, userId, req.AcmeProviderCode)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
result := []*pb.ACMEUser{}
|
||||
for _, user := range acmeUsers {
|
||||
result = append(result, &pb.ACMEUser{
|
||||
Id: int64(user.Id),
|
||||
Email: user.Email,
|
||||
Description: user.Description,
|
||||
CreatedAt: int64(user.CreatedAt),
|
||||
Id: int64(user.Id),
|
||||
Email: user.Email,
|
||||
Description: user.Description,
|
||||
CreatedAt: int64(user.CreatedAt),
|
||||
AcmeProviderCode: user.ProviderCode,
|
||||
})
|
||||
}
|
||||
return &pb.FindAllACMEUsersResponse{AcmeUsers: result}, nil
|
||||
|
||||
Reference in New Issue
Block a user