ACME证书增加ZeroSSL支持

This commit is contained in:
刘祥超
2021-10-03 13:09:29 +08:00
parent 7b9e6fe5fb
commit eeec60c543
19 changed files with 1121 additions and 163 deletions

8
internal/acme/account.go Normal file
View File

@@ -0,0 +1,8 @@
// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
package acme
type Account struct {
EABKid string
EABKey string
}

View File

@@ -63,6 +63,7 @@ func TestGenerate(t *testing.T) {
}
config := lego.NewConfig(myUser)
config.CADirURL = "https://acme.zerossl.com/v2/DV90"
config.Certificate.KeyType = certcrypto.RSA2048
client, err := lego.NewClient(config)
@@ -91,3 +92,53 @@ func TestGenerate(t *testing.T) {
}
t.Log(certificates)
}
func TestGenerate_EAB(t *testing.T) {
acmelog.Logger = log.New(ioutil.Discard, "", log.LstdFlags)
// 生成私钥
privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {
t.Fatal(err)
}
myUser := &MyUser{
Email: "test1@teaos.cn",
key: privateKey,
}
config := lego.NewConfig(myUser)
config.CADirURL = "https://acme.zerossl.com/v2/DV90"
config.Certificate.KeyType = certcrypto.RSA2048
client, err := lego.NewClient(config)
if err != nil {
t.Fatal(err)
}
err = client.Challenge.SetDNS01Provider(&MyProvider{t: t})
if err != nil {
t.Fatal(err)
}
// New users will need to register
var reg *registration.Resource
if client.GetExternalAccountRequired() {
reg, err = client.Registration.RegisterWithExternalAccountBinding(registration.RegisterEABOptions{
TermsOfServiceAgreed: true,
Kid: "KID",
HmacEncoded: "HAMC KEY",
})
} else {
reg, err = client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
}
myUser.Registration = reg
request := certificate.ObtainRequest{
Domains: []string{"teaos.cn"},
Bundle: true,
}
certificates, err := client.Certificate.Obtain(request)
if err != nil {
t.Fatal(err)
}
t.Log(certificates)
}

View File

@@ -0,0 +1,43 @@
// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
package acme
const DefaultProviderCode = "letsencrypt"
type Provider struct {
Name string `json:"name"`
Code string `json:"code"`
Description string `json:"description"`
APIURL string `json:"apiURL"`
RequireEAB bool `json:"requireEAB"`
EABDescription string `json:"eabDescription"`
}
func FindAllProviders() []*Provider {
return []*Provider{
{
Name: "Let's Encrypt",
Code: DefaultProviderCode,
Description: "非盈利组织Let's Encrypt提供的免费证书。",
APIURL: "https://acme-v02.api.letsencrypt.org/directory",
RequireEAB: false,
},
{
Name: "ZeroSSL",
Code: "zerossl",
Description: "相关文档 <a href=\"https://zerossl.com/documentation/acme/\" target=\"_blank\">https://zerossl.com/documentation/acme/</a>。",
APIURL: "https://acme.zerossl.com/v2/DV90",
RequireEAB: true,
EABDescription: "在官网<a href=\"https://app.zerossl.com/developer\" target=\"_blank\">[Developer]</a>页面底部点击\"Generate\"按钮生成。",
},
}
}
func FindProviderWithCode(code string) *Provider {
for _, provider := range FindAllProviders() {
if provider.Code == code {
return provider
}
}
return nil
}

View File

@@ -1,6 +1,7 @@
package acme
import (
teaconst "github.com/TeaOSLab/EdgeAPI/internal/const"
"github.com/TeaOSLab/EdgeAPI/internal/errors"
"github.com/go-acme/lego/v4/certcrypto"
"github.com/go-acme/lego/v4/certificate"
@@ -33,6 +34,14 @@ func (this *Request) OnAuth(onAuth AuthCallback) {
}
func (this *Request) Run() (certData []byte, keyData []byte, err error) {
if this.task.Provider == nil {
err = errors.New("provider should not be nil")
return
}
if this.task.Provider.RequireEAB && this.task.Account == nil {
err = errors.New("account should not be nil when provider require EAB")
}
switch this.task.AuthType {
case AuthTypeDNS:
return this.runDNS()
@@ -68,6 +77,8 @@ func (this *Request) runDNS() (certData []byte, keyData []byte, err error) {
config := lego.NewConfig(this.task.User)
config.Certificate.KeyType = certcrypto.RSA2048
config.CADirURL = this.task.Provider.APIURL
config.UserAgent = teaconst.ProductName + "/" + teaconst.Version
client, err := lego.NewClient(config)
if err != nil {
@@ -82,13 +93,28 @@ func (this *Request) runDNS() (certData []byte, keyData []byte, err error) {
return nil, nil, err
}
} else {
resource, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
if err != nil {
return nil, nil, err
}
err = this.task.User.Register(resource)
if err != nil {
return nil, nil, err
if this.task.Provider.RequireEAB {
resource, err := client.Registration.RegisterWithExternalAccountBinding(registration.RegisterEABOptions{
TermsOfServiceAgreed: true,
Kid: this.task.Account.EABKid,
HmacEncoded: this.task.Account.EABKey,
})
if err != nil {
return nil, nil, errors.New("register user failed: " + err.Error())
}
err = this.task.User.Register(resource)
if err != nil {
return nil, nil, err
}
} else {
resource, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
if err != nil {
return nil, nil, err
}
err = this.task.User.Register(resource)
if err != nil {
return nil, nil, err
}
}
}
@@ -104,7 +130,7 @@ func (this *Request) runDNS() (certData []byte, keyData []byte, err error) {
}
certResource, err := client.Certificate.Obtain(request)
if err != nil {
return nil, nil, err
return nil, nil, errors.New("obtain cert failed: " + err.Error())
}
return certResource.Certificate, certResource.PrivateKey, nil
@@ -122,6 +148,8 @@ func (this *Request) runHTTP() (certData []byte, keyData []byte, err error) {
config := lego.NewConfig(this.task.User)
config.Certificate.KeyType = certcrypto.RSA2048
config.CADirURL = this.task.Provider.APIURL
config.UserAgent = teaconst.ProductName + "/" + teaconst.Version
client, err := lego.NewClient(config)
if err != nil {
@@ -136,13 +164,28 @@ func (this *Request) runHTTP() (certData []byte, keyData []byte, err error) {
return nil, nil, err
}
} else {
resource, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
if err != nil {
return nil, nil, err
}
err = this.task.User.Register(resource)
if err != nil {
return nil, nil, err
if this.task.Provider.RequireEAB {
resource, err := client.Registration.RegisterWithExternalAccountBinding(registration.RegisterEABOptions{
TermsOfServiceAgreed: true,
Kid: this.task.Account.EABKid,
HmacEncoded: this.task.Account.EABKey,
})
if err != nil {
return nil, nil, errors.New("register user failed: " + err.Error())
}
err = this.task.User.Register(resource)
if err != nil {
return nil, nil, err
}
} else {
resource, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
if err != nil {
return nil, nil, err
}
err = this.task.User.Register(resource)
if err != nil {
return nil, nil, err
}
}
}

View File

@@ -10,6 +10,8 @@ const (
)
type Task struct {
Provider *Provider
Account *Account
User *User
AuthType AuthType
Domains []string

View File

@@ -0,0 +1,127 @@
package acme
import (
"github.com/TeaOSLab/EdgeAPI/internal/errors"
_ "github.com/go-sql-driver/mysql"
"github.com/iwind/TeaGo/Tea"
"github.com/iwind/TeaGo/dbs"
)
const (
ACMEProviderAccountStateEnabled = 1 // 已启用
ACMEProviderAccountStateDisabled = 0 // 已禁用
)
type ACMEProviderAccountDAO dbs.DAO
func NewACMEProviderAccountDAO() *ACMEProviderAccountDAO {
return dbs.NewDAO(&ACMEProviderAccountDAO{
DAOObject: dbs.DAOObject{
DB: Tea.Env,
Table: "edgeACMEProviderAccounts",
Model: new(ACMEProviderAccount),
PkName: "id",
},
}).(*ACMEProviderAccountDAO)
}
var SharedACMEProviderAccountDAO *ACMEProviderAccountDAO
func init() {
dbs.OnReady(func() {
SharedACMEProviderAccountDAO = NewACMEProviderAccountDAO()
})
}
// EnableACMEProviderAccount 启用条目
func (this *ACMEProviderAccountDAO) EnableACMEProviderAccount(tx *dbs.Tx, id int64) error {
_, err := this.Query(tx).
Pk(id).
Set("state", ACMEProviderAccountStateEnabled).
Update()
return err
}
// DisableACMEProviderAccount 禁用条目
func (this *ACMEProviderAccountDAO) DisableACMEProviderAccount(tx *dbs.Tx, id int64) error {
_, err := this.Query(tx).
Pk(id).
Set("state", ACMEProviderAccountStateDisabled).
Update()
return err
}
// FindEnabledACMEProviderAccount 查找启用中的条目
func (this *ACMEProviderAccountDAO) FindEnabledACMEProviderAccount(tx *dbs.Tx, id int64) (*ACMEProviderAccount, error) {
result, err := this.Query(tx).
Pk(id).
Attr("state", ACMEProviderAccountStateEnabled).
Find()
if result == nil {
return nil, err
}
return result.(*ACMEProviderAccount), err
}
// FindACMEProviderAccountName 根据主键查找名称
func (this *ACMEProviderAccountDAO) FindACMEProviderAccountName(tx *dbs.Tx, id int64) (string, error) {
return this.Query(tx).
Pk(id).
Result("name").
FindStringCol("")
}
// CreateAccount 创建账号
func (this *ACMEProviderAccountDAO) CreateAccount(tx *dbs.Tx, name string, providerCode string, eabKid string, eabKey string) (int64, error) {
var op = NewACMEProviderAccountOperator()
op.Name = name
op.ProviderCode = providerCode
op.EabKid = eabKid
op.EabKey = eabKey
op.IsOn = true
op.State = ACMEProviderAccountStateEnabled
return this.SaveInt64(tx, op)
}
// UpdateAccount 修改账号
func (this *ACMEProviderAccountDAO) UpdateAccount(tx *dbs.Tx, accountId int64, name string, eabKid string, eabKey string) error {
if accountId <= 0 {
return errors.New("invalid accountId")
}
var op = NewACMEProviderAccountOperator()
op.Id = accountId
op.Name = name
op.EabKid = eabKid
op.EabKey = eabKey
return this.Save(tx, op)
}
// CountAllEnabledAccounts 计算账号数量
func (this *ACMEProviderAccountDAO) CountAllEnabledAccounts(tx *dbs.Tx) (int64, error) {
return this.Query(tx).
Count()
}
// ListEnabledAccounts 查找单页账号
func (this *ACMEProviderAccountDAO) ListEnabledAccounts(tx *dbs.Tx, offset int64, size int64) (result []*ACMEProviderAccount, err error) {
_, err = this.Query(tx).
State(ACMEProviderAccountStateEnabled).
Offset(offset).
Limit(size).
DescPk().
Slice(&result).
FindAll()
return
}
// FindAllEnabledAccountsWithProviderCode 根据服务商代号查找账号
func (this *ACMEProviderAccountDAO) FindAllEnabledAccountsWithProviderCode(tx *dbs.Tx, providerCode string) (result []*ACMEProviderAccount, err error) {
_, err = this.Query(tx).
State(ACMEProviderAccountStateEnabled).
Attr("providerCode", providerCode).
DescPk().
Slice(&result).
FindAll()
return
}

View File

@@ -0,0 +1,6 @@
package acme
import (
_ "github.com/go-sql-driver/mysql"
_ "github.com/iwind/TeaGo/bootstrap"
)

View File

@@ -0,0 +1,28 @@
package acme
// ACMEProviderAccount ACME提供商
type ACMEProviderAccount struct {
Id uint64 `field:"id"` // ID
IsOn uint8 `field:"isOn"` // 是否启用
Name string `field:"name"` // 名称
ProviderCode string `field:"providerCode"` // 代号
Error string `field:"error"` // 最后一条错误信息
EabKid string `field:"eabKid"` // KID
EabKey string `field:"eabKey"` // Key
State uint8 `field:"state"` // 状态
}
type ACMEProviderAccountOperator struct {
Id interface{} // ID
IsOn interface{} // 是否启用
Name interface{} // 名称
ProviderCode interface{} // 代号
Error interface{} // 最后一条错误信息
EabKid interface{} // KID
EabKey interface{} // Key
State interface{} // 状态
}
func NewACMEProviderAccountOperator() *ACMEProviderAccountOperator {
return &ACMEProviderAccountOperator{}
}

View File

@@ -0,0 +1 @@
package acme

View File

@@ -3,7 +3,7 @@ package acme
import (
"bytes"
"encoding/json"
"github.com/TeaOSLab/EdgeAPI/internal/acme"
acmeutils "github.com/TeaOSLab/EdgeAPI/internal/acme"
"github.com/TeaOSLab/EdgeAPI/internal/db/models"
"github.com/TeaOSLab/EdgeAPI/internal/db/models/dns"
dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils"
@@ -167,7 +167,7 @@ func (this *ACMETaskDAO) ListEnabledACMETasks(tx *dbs.Tx, adminId int64, userId
}
// CreateACMETask 创建任务
func (this *ACMETaskDAO) CreateACMETask(tx *dbs.Tx, adminId int64, userId int64, authType acme.AuthType, acmeUserId int64, dnsProviderId int64, dnsDomain string, domains []string, autoRenew bool, authURL string) (int64, error) {
func (this *ACMETaskDAO) CreateACMETask(tx *dbs.Tx, adminId int64, userId int64, authType acmeutils.AuthType, acmeUserId int64, dnsProviderId int64, dnsDomain string, domains []string, autoRenew bool, authURL string) (int64, error) {
op := NewACMETaskOperator()
op.AdminId = adminId
op.UserId = userId
@@ -286,13 +286,39 @@ func (this *ACMETaskDAO) runTaskWithoutLog(tx *dbs.Tx, taskId int64) (isOk bool,
return
}
privateKey, err := acme.ParsePrivateKeyFromBase64(user.PrivateKey)
// 服务商
if len(user.ProviderCode) == 0 {
user.ProviderCode = acmeutils.DefaultProviderCode
}
var acmeProvider = acmeutils.FindProviderWithCode(user.ProviderCode)
if acmeProvider == nil {
errMsg = "服务商已不可用"
return
}
// 账号
var acmeAccount *acmeutils.Account
if user.AccountId > 0 {
account, err := SharedACMEProviderAccountDAO.FindEnabledACMEProviderAccount(tx, int64(user.AccountId))
if err != nil {
errMsg = "查询ACME账号时出错" + err.Error()
return
}
if account != nil {
acmeAccount = &acmeutils.Account{
EABKid: account.EabKid,
EABKey: account.EabKey,
}
}
}
privateKey, err := acmeutils.ParsePrivateKeyFromBase64(user.PrivateKey)
if err != nil {
errMsg = "解析私钥时出错:" + err.Error()
return
}
remoteUser := acme.NewUser(user.Email, privateKey, func(resource *registration.Resource) error {
remoteUser := acmeutils.NewUser(user.Email, privateKey, func(resource *registration.Resource) error {
resourceJSON, err := json.Marshal(resource)
if err != nil {
return err
@@ -310,8 +336,8 @@ func (this *ACMETaskDAO) runTaskWithoutLog(tx *dbs.Tx, taskId int64) (isOk bool,
}
}
var acmeTask *acme.Task = nil
if task.AuthType == acme.AuthTypeDNS {
var acmeTask *acmeutils.Task = nil
if task.AuthType == acmeutils.AuthTypeDNS {
// DNS服务商
dnsProvider, err := dns.SharedDNSProviderDAO.FindEnabledDNSProvider(tx, int64(task.DnsProviderId))
if err != nil {
@@ -338,22 +364,24 @@ func (this *ACMETaskDAO) runTaskWithoutLog(tx *dbs.Tx, taskId int64) (isOk bool,
return
}
acmeTask = &acme.Task{
acmeTask = &acmeutils.Task{
User: remoteUser,
AuthType: acme.AuthTypeDNS,
AuthType: acmeutils.AuthTypeDNS,
DNSProvider: providerInterface,
DNSDomain: task.DnsDomain,
Domains: task.DecodeDomains(),
}
} else if task.AuthType == acme.AuthTypeHTTP {
acmeTask = &acme.Task{
} else if task.AuthType == acmeutils.AuthTypeHTTP {
acmeTask = &acmeutils.Task{
User: remoteUser,
AuthType: acme.AuthTypeHTTP,
AuthType: acmeutils.AuthTypeHTTP,
Domains: task.DecodeDomains(),
}
}
acmeTask.Provider = acmeProvider
acmeTask.Account = acmeAccount
acmeRequest := acme.NewRequest(acmeTask)
acmeRequest := acmeutils.NewRequest(acmeTask)
acmeRequest.OnAuth(func(domain, token, keyAuth string) {
err := SharedACMEAuthenticationDAO.CreateAuth(tx, taskId, domain, token, keyAuth)
if err != nil {

View File

@@ -39,7 +39,7 @@ func init() {
})
}
// 启用条目
// EnableACMEUser 启用条目
func (this *ACMEUserDAO) EnableACMEUser(tx *dbs.Tx, id int64) error {
_, err := this.Query(tx).
Pk(id).
@@ -48,7 +48,7 @@ func (this *ACMEUserDAO) EnableACMEUser(tx *dbs.Tx, id int64) error {
return err
}
// 禁用条目
// DisableACMEUser 禁用条目
func (this *ACMEUserDAO) DisableACMEUser(tx *dbs.Tx, id int64) error {
_, err := this.Query(tx).
Pk(id).
@@ -69,8 +69,8 @@ func (this *ACMEUserDAO) FindEnabledACMEUser(tx *dbs.Tx, id int64) (*ACMEUser, e
return result.(*ACMEUser), err
}
// 创建用户
func (this *ACMEUserDAO) CreateACMEUser(tx *dbs.Tx, adminId int64, userId int64, email string, description string) (int64, error) {
// CreateACMEUser 创建用户
func (this *ACMEUserDAO) CreateACMEUser(tx *dbs.Tx, adminId int64, userId int64, providerCode string, accountId int64, email string, description string) (int64, error) {
// 生成私钥
privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {
@@ -86,6 +86,8 @@ func (this *ACMEUserDAO) CreateACMEUser(tx *dbs.Tx, adminId int64, userId int64,
op := NewACMEUserOperator()
op.AdminId = adminId
op.UserId = userId
op.ProviderCode = providerCode
op.AccountId = accountId
op.Email = email
op.Description = description
op.PrivateKey = privateKeyText
@@ -97,7 +99,7 @@ func (this *ACMEUserDAO) CreateACMEUser(tx *dbs.Tx, adminId int64, userId int64,
return types.Int64(op.Id), nil
}
// 修改用户信息
// UpdateACMEUser 修改用户信息
func (this *ACMEUserDAO) UpdateACMEUser(tx *dbs.Tx, acmeUserId int64, description string) error {
if acmeUserId <= 0 {
return errors.New("invalid acmeUserId")
@@ -109,7 +111,7 @@ func (this *ACMEUserDAO) UpdateACMEUser(tx *dbs.Tx, acmeUserId int64, descriptio
return err
}
// 修改用户ACME注册信息
// UpdateACMEUserRegistration 修改用户ACME注册信息
func (this *ACMEUserDAO) UpdateACMEUserRegistration(tx *dbs.Tx, acmeUserId int64, registrationJSON []byte) error {
if acmeUserId <= 0 {
return errors.New("invalid acmeUserId")
@@ -121,7 +123,7 @@ func (this *ACMEUserDAO) UpdateACMEUserRegistration(tx *dbs.Tx, acmeUserId int64
return err
}
// 计算用户数量
// CountACMEUsersWithAdminId 计算用户数量
func (this *ACMEUserDAO) CountACMEUsersWithAdminId(tx *dbs.Tx, adminId int64, userId int64) (int64, error) {
query := this.Query(tx)
if adminId > 0 {
@@ -136,7 +138,7 @@ func (this *ACMEUserDAO) CountACMEUsersWithAdminId(tx *dbs.Tx, adminId int64, us
Count()
}
// 列出当前管理员的用户
// ListACMEUsers 列出当前管理员的用户
func (this *ACMEUserDAO) ListACMEUsers(tx *dbs.Tx, adminId int64, userId int64, offset int64, size int64) (result []*ACMEUser, err error) {
query := this.Query(tx)
if adminId > 0 {
@@ -156,8 +158,8 @@ func (this *ACMEUserDAO) ListACMEUsers(tx *dbs.Tx, adminId int64, userId int64,
return
}
// 查找所有用户
func (this *ACMEUserDAO) FindAllACMEUsers(tx *dbs.Tx, adminId int64, userId int64) (result []*ACMEUser, err error) {
// FindAllACMEUsers 查找所有用户
func (this *ACMEUserDAO) FindAllACMEUsers(tx *dbs.Tx, adminId int64, userId int64, providerCode string) (result []*ACMEUser, err error) {
// 防止没有传入条件导致返回的数据过多
if adminId <= 0 && userId <= 0 {
return nil, errors.New("'adminId' or 'userId' should not be empty")
@@ -170,6 +172,9 @@ func (this *ACMEUserDAO) FindAllACMEUsers(tx *dbs.Tx, adminId int64, userId int6
if userId > 0 {
query.Attr("userId", userId)
}
if len(providerCode) > 0 {
query.Attr("providerCode", providerCode)
}
_, err = query.
State(ACMEUserStateEnabled).
Slice(&result).
@@ -178,7 +183,7 @@ func (this *ACMEUserDAO) FindAllACMEUsers(tx *dbs.Tx, adminId int64, userId int6
return
}
// 检查用户权限
// CheckACMEUser 检查用户权限
func (this *ACMEUserDAO) CheckACMEUser(tx *dbs.Tx, acmeUserId int64, adminId int64, userId int64) (bool, error) {
if acmeUserId <= 0 {
return false, nil

View File

@@ -1,6 +1,6 @@
package acme
//
// ACMEUser ACME用户
type ACMEUser struct {
Id uint64 `field:"id"` // ID
AdminId uint32 `field:"adminId"` // 管理员ID
@@ -11,6 +11,8 @@ type ACMEUser struct {
State uint8 `field:"state"` // 状态
Description string `field:"description"` // 备注介绍
Registration string `field:"registration"` // 注册信息
ProviderCode string `field:"providerCode"` // 服务商代号
AccountId uint64 `field:"accountId"` // 提供商ID
}
type ACMEUserOperator struct {
@@ -23,6 +25,8 @@ type ACMEUserOperator struct {
State interface{} // 状态
Description interface{} // 备注介绍
Registration interface{} // 注册信息
ProviderCode interface{} // 服务商代号
AccountId interface{} // 提供商ID
}
func NewACMEUserOperator() *ACMEUserOperator {

View File

@@ -308,6 +308,16 @@ func (this *APINode) registerServices(server *grpc.Server) {
pb.RegisterACMEAuthenticationServiceServer(server, instance)
this.rest(instance)
}
{
instance := this.serviceInstance(&services.ACMEProviderService{}).(*services.ACMEProviderService)
pb.RegisterACMEProviderServiceServer(server, instance)
this.rest(instance)
}
{
instance := this.serviceInstance(&services.ACMEProviderAccountService{}).(*services.ACMEProviderAccountService)
pb.RegisterACMEProviderAccountServiceServer(server, instance)
this.rest(instance)
}
{
instance := this.serviceInstance(&services.UserService{}).(*services.UserService)
pb.RegisterUserServiceServer(server, instance)

View File

@@ -0,0 +1,62 @@
// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
package services
import (
"context"
"github.com/TeaOSLab/EdgeAPI/internal/acme"
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
)
// ACMEProviderService ACME服务商
type ACMEProviderService struct {
BaseService
}
// FindAllACMEProviders 查找所有的服务商
func (this *ACMEProviderService) FindAllACMEProviders(ctx context.Context, req *pb.FindAllACMEProvidersRequest) (*pb.FindAllACMEProvidersResponse, error) {
_, err := this.ValidateAdmin(ctx, 0)
if err != nil {
return nil, err
}
var pbProviders = []*pb.ACMEProvider{}
for _, provider := range acme.FindAllProviders() {
pbProviders = append(pbProviders, &pb.ACMEProvider{
Name: provider.Name,
Code: provider.Code,
Description: provider.Description,
ApiURL: provider.APIURL,
RequireEAB: provider.RequireEAB,
EabDescription: provider.EABDescription,
})
}
return &pb.FindAllACMEProvidersResponse{AcmeProviders: pbProviders}, nil
}
// FindACMEProviderWithCode 根据代号查找服务商
func (this *ACMEProviderService) FindACMEProviderWithCode(ctx context.Context, req *pb.FindACMEProviderWithCodeRequest) (*pb.FindACMEProviderWithCodeResponse, error) {
_, err := this.ValidateAdmin(ctx, 0)
if err != nil {
return nil, err
}
var provider = acme.FindProviderWithCode(req.AcmeProviderCode)
if provider == nil {
return &pb.FindACMEProviderWithCodeResponse{
AcmeProvider: nil,
}, nil
}
return &pb.FindACMEProviderWithCodeResponse{
AcmeProvider: &pb.ACMEProvider{
Name: provider.Name,
Code: provider.Code,
Description: provider.Description,
ApiURL: provider.APIURL,
RequireEAB: provider.RequireEAB,
EabDescription: provider.EABDescription,
},
}, nil
}

View File

@@ -0,0 +1,203 @@
// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
package services
import (
"context"
acmeutils "github.com/TeaOSLab/EdgeAPI/internal/acme"
"github.com/TeaOSLab/EdgeAPI/internal/db/models/acme"
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
)
// ACMEProviderAccountService ACME服务商账号服务
type ACMEProviderAccountService struct {
BaseService
}
// CreateACMEProviderAccount 创建服务商账号
func (this *ACMEProviderAccountService) CreateACMEProviderAccount(ctx context.Context, req *pb.CreateACMEProviderAccountRequest) (*pb.CreateACMEProviderAccountResponse, error) {
_, err := this.ValidateAdmin(ctx, 0)
if err != nil {
return nil, err
}
var tx = this.NullTx()
accountId, err := acme.SharedACMEProviderAccountDAO.CreateAccount(tx, req.Name, req.ProviderCode, req.EabKid, req.EabKey)
if err != nil {
return nil, err
}
return &pb.CreateACMEProviderAccountResponse{
AcmeProviderAccountId: accountId,
}, nil
}
// FindAllACMEProviderAccountsWithProviderCode 使用代号查找服务商账号
func (this *ACMEProviderAccountService) FindAllACMEProviderAccountsWithProviderCode(ctx context.Context, req *pb.FindAllACMEProviderAccountsWithProviderCodeRequest) (*pb.FindAllACMEProviderAccountsWithProviderCodeResponse, error) {
_, err := this.ValidateAdmin(ctx, 0)
if err != nil {
return nil, err
}
var tx = this.NullTx()
accounts, err := acme.SharedACMEProviderAccountDAO.FindAllEnabledAccountsWithProviderCode(tx, req.AcmeProviderCode)
if err != nil {
return nil, err
}
var pbAccounts = []*pb.ACMEProviderAccount{}
for _, account := range accounts {
var pbProvider *pb.ACMEProvider
provider := acmeutils.FindProviderWithCode(account.ProviderCode)
if provider != nil {
pbProvider = &pb.ACMEProvider{
Name: provider.Name,
Code: provider.Code,
Description: provider.Description,
ApiURL: provider.APIURL,
RequireEAB: provider.RequireEAB,
}
}
pbAccounts = append(pbAccounts, &pb.ACMEProviderAccount{
Id: int64(account.Id),
Name: account.Name,
ProviderCode: account.ProviderCode,
IsOn: account.IsOn == 1,
EabKid: account.EabKid,
EabKey: account.EabKey,
Error: account.Error,
AcmeProvider: pbProvider,
})
}
return &pb.FindAllACMEProviderAccountsWithProviderCodeResponse{
AcmeProviderAccounts: pbAccounts,
}, nil
}
// UpdateACMEProviderAccount 修改服务商账号
func (this *ACMEProviderAccountService) UpdateACMEProviderAccount(ctx context.Context, req *pb.UpdateACMEProviderAccountRequest) (*pb.RPCSuccess, error) {
_, err := this.ValidateAdmin(ctx, 0)
if err != nil {
return nil, err
}
var tx = this.NullTx()
err = acme.SharedACMEProviderAccountDAO.UpdateAccount(tx, req.AcmeProviderAccountId, req.Name, req.EabKid, req.EabKey)
if err != nil {
return nil, err
}
return this.Success()
}
// DeleteACMEProviderAccount 删除服务商账号
func (this *ACMEProviderAccountService) DeleteACMEProviderAccount(ctx context.Context, req *pb.DeleteACMEProviderAccountRequest) (*pb.RPCSuccess, error) {
_, err := this.ValidateAdmin(ctx, 0)
if err != nil {
return nil, err
}
var tx = this.NullTx()
err = acme.SharedACMEProviderAccountDAO.DisableACMEProviderAccount(tx, req.AcmeProviderAccountId)
if err != nil {
return nil, err
}
return this.Success()
}
// FindEnabledACMEProviderAccount 查找单个服务商账号
func (this *ACMEProviderAccountService) FindEnabledACMEProviderAccount(ctx context.Context, req *pb.FindEnabledACMEProviderAccountRequest) (*pb.FindEnabledACMEProviderAccountResponse, error) {
_, err := this.ValidateAdmin(ctx, 0)
if err != nil {
return nil, err
}
var tx = this.NullTx()
account, err := acme.SharedACMEProviderAccountDAO.FindEnabledACMEProviderAccount(tx, req.AcmeProviderAccountId)
if err != nil {
return nil, err
}
if account == nil {
return &pb.FindEnabledACMEProviderAccountResponse{AcmeProviderAccount: nil}, nil
}
var pbProvider *pb.ACMEProvider
provider := acmeutils.FindProviderWithCode(account.ProviderCode)
if provider != nil {
pbProvider = &pb.ACMEProvider{
Name: provider.Name,
Code: provider.Code,
Description: provider.Description,
ApiURL: provider.APIURL,
RequireEAB: provider.RequireEAB,
EabDescription: provider.EABDescription,
}
}
return &pb.FindEnabledACMEProviderAccountResponse{AcmeProviderAccount: &pb.ACMEProviderAccount{
Id: int64(account.Id),
Name: account.Name,
ProviderCode: account.ProviderCode,
IsOn: account.IsOn == 1,
EabKid: account.EabKid,
EabKey: account.EabKey,
Error: account.Error,
AcmeProvider: pbProvider,
}}, nil
}
// CountAllEnabledACMEProviderAccounts 计算所有服务商账号数量
func (this *ACMEProviderAccountService) CountAllEnabledACMEProviderAccounts(ctx context.Context, req *pb.CountAllEnabledACMEProviderAccountsRequest) (*pb.RPCCountResponse, error) {
_, err := this.ValidateAdmin(ctx, 0)
if err != nil {
return nil, err
}
var tx = this.NullTx()
count, err := acme.SharedACMEProviderAccountDAO.CountAllEnabledAccounts(tx)
if err != nil {
return nil, err
}
return this.SuccessCount(count)
}
// ListEnabledACMEProviderAccounts 列出单页服务商账号
func (this *ACMEProviderAccountService) ListEnabledACMEProviderAccounts(ctx context.Context, req *pb.ListEnabledACMEProviderAccountsRequest) (*pb.ListEnabledACMEProviderAccountsResponse, error) {
_, err := this.ValidateAdmin(ctx, 0)
if err != nil {
return nil, err
}
var tx = this.NullTx()
accounts, err := acme.SharedACMEProviderAccountDAO.ListEnabledAccounts(tx, req.Offset, req.Size)
if err != nil {
return nil, err
}
var pbAccounts = []*pb.ACMEProviderAccount{}
for _, account := range accounts {
var pbProvider *pb.ACMEProvider
provider := acmeutils.FindProviderWithCode(account.ProviderCode)
if provider != nil {
pbProvider = &pb.ACMEProvider{
Name: provider.Name,
Code: provider.Code,
Description: provider.Description,
ApiURL: provider.APIURL,
RequireEAB: provider.RequireEAB,
EabDescription: provider.EABDescription,
}
}
pbAccounts = append(pbAccounts, &pb.ACMEProviderAccount{
Id: int64(account.Id),
Name: account.Name,
ProviderCode: account.ProviderCode,
IsOn: account.IsOn == 1,
EabKid: account.EabKid,
EabKey: account.EabKey,
Error: account.Error,
AcmeProvider: pbProvider,
})
}
return &pb.ListEnabledACMEProviderAccountsResponse{AcmeProviderAccounts: pbAccounts}, nil
}

View File

@@ -98,7 +98,50 @@ func (this *ACMETaskService) ListEnabledACMETasks(ctx context.Context, req *pb.L
CreatedAt: int64(acmeUser.CreatedAt),
}
var pbProvider *pb.DNSProvider
// 服务商
if len(acmeUser.ProviderCode) == 0 {
acmeUser.ProviderCode = acme.DefaultProviderCode
}
var provider = acme.FindProviderWithCode(acmeUser.ProviderCode)
if provider != nil {
pbACMEUser.AcmeProvider = &pb.ACMEProvider{
Name: provider.Name,
Code: provider.Code,
Description: provider.Description,
RequireEAB: provider.RequireEAB,
EabDescription: provider.EABDescription,
}
}
// 账号
if acmeUser.AccountId > 0 {
account, err := acmemodels.SharedACMEProviderAccountDAO.FindEnabledACMEProviderAccount(tx, int64(acmeUser.AccountId))
if err != nil {
return nil, err
}
if account != nil {
pbACMEUser.AcmeProviderAccount = &pb.ACMEProviderAccount{
Id: int64(account.Id),
Name: account.Name,
IsOn: account.IsOn == 1,
ProviderCode: account.ProviderCode,
AcmeProvider: nil,
}
var provider = acme.FindProviderWithCode(account.ProviderCode)
if provider != nil {
pbACMEUser.AcmeProviderAccount.AcmeProvider = &pb.ACMEProvider{
Name: provider.Name,
Code: provider.Code,
Description: provider.Description,
RequireEAB: provider.RequireEAB,
EabDescription: provider.EABDescription,
}
}
}
}
var pbDNSProvider *pb.DNSProvider
if task.AuthType == acme.AuthTypeDNS {
// DNS
provider, err := dns.SharedDNSProviderDAO.FindEnabledDNSProvider(tx, int64(task.DnsProviderId))
@@ -108,7 +151,7 @@ func (this *ACMETaskService) ListEnabledACMETasks(ctx context.Context, req *pb.L
if provider == nil {
continue
}
pbProvider = &pb.DNSProvider{
pbDNSProvider = &pb.DNSProvider{
Id: int64(provider.Id),
Name: provider.Name,
Type: provider.Type,
@@ -158,7 +201,7 @@ func (this *ACMETaskService) ListEnabledACMETasks(ctx context.Context, req *pb.L
CreatedAt: int64(task.CreatedAt),
AutoRenew: task.AutoRenew == 1,
AcmeUser: pbACMEUser,
DnsProvider: pbProvider,
DnsProvider: pbDNSProvider,
SslCert: pbCert,
LatestACMETaskLog: pbTaskLog,
AuthType: task.AuthType,
@@ -301,6 +344,49 @@ func (this *ACMETaskService) FindEnabledACMETask(ctx context.Context, req *pb.Fi
Description: acmeUser.Description,
CreatedAt: int64(acmeUser.CreatedAt),
}
// 服务商
if len(acmeUser.ProviderCode) == 0 {
acmeUser.ProviderCode = acme.DefaultProviderCode
}
var provider = acme.FindProviderWithCode(acmeUser.ProviderCode)
if provider != nil {
pbACMEUser.AcmeProvider = &pb.ACMEProvider{
Name: provider.Name,
Code: provider.Code,
Description: provider.Description,
RequireEAB: provider.RequireEAB,
EabDescription: provider.EABDescription,
}
}
// 账号
if acmeUser.AccountId > 0 {
account, err := acmemodels.SharedACMEProviderAccountDAO.FindEnabledACMEProviderAccount(tx, int64(acmeUser.AccountId))
if err != nil {
return nil, err
}
if account != nil {
pbACMEUser.AcmeProviderAccount = &pb.ACMEProviderAccount{
Id: int64(account.Id),
Name: account.Name,
IsOn: account.IsOn == 1,
ProviderCode: account.ProviderCode,
AcmeProvider: nil,
}
var provider = acme.FindProviderWithCode(account.ProviderCode)
if provider != nil {
pbACMEUser.AcmeProviderAccount.AcmeProvider = &pb.ACMEProvider{
Name: provider.Name,
Code: provider.Code,
Description: provider.Description,
RequireEAB: provider.RequireEAB,
EabDescription: provider.EABDescription,
}
}
}
}
}
}

View File

@@ -2,16 +2,17 @@ package services
import (
"context"
"github.com/TeaOSLab/EdgeAPI/internal/acme"
acmemodels "github.com/TeaOSLab/EdgeAPI/internal/db/models/acme"
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
)
// 用户服务
// ACMEUserService 用户服务
type ACMEUserService struct {
BaseService
}
// 创建用户
// CreateACMEUser 创建用户
func (this *ACMEUserService) CreateACMEUser(ctx context.Context, req *pb.CreateACMEUserRequest) (*pb.CreateACMEUserResponse, error) {
// 校验请求
adminId, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
@@ -21,14 +22,14 @@ func (this *ACMEUserService) CreateACMEUser(ctx context.Context, req *pb.CreateA
tx := this.NullTx()
acmeUserId, err := acmemodels.SharedACMEUserDAO.CreateACMEUser(tx, adminId, userId, req.Email, req.Description)
acmeUserId, err := acmemodels.SharedACMEUserDAO.CreateACMEUser(tx, adminId, userId, req.AcmeProviderCode, req.AcmeProviderAccountId, req.Email, req.Description)
if err != nil {
return nil, err
}
return &pb.CreateACMEUserResponse{AcmeUserId: acmeUserId}, nil
}
// 修改用户
// UpdateACMEUser 修改用户
func (this *ACMEUserService) UpdateACMEUser(ctx context.Context, req *pb.UpdateACMEUserRequest) (*pb.RPCSuccess, error) {
// 校验请求
adminId, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
@@ -54,7 +55,7 @@ func (this *ACMEUserService) UpdateACMEUser(ctx context.Context, req *pb.UpdateA
return this.Success()
}
// 删除用户
// DeleteACMEUser 删除用户
func (this *ACMEUserService) DeleteACMEUser(ctx context.Context, req *pb.DeleteACMEUserRequest) (*pb.RPCSuccess, error) {
// 校验请求
adminId, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
@@ -80,7 +81,7 @@ func (this *ACMEUserService) DeleteACMEUser(ctx context.Context, req *pb.DeleteA
return this.Success()
}
// 计算用户数量
// CountACMEUsers 计算用户数量
func (this *ACMEUserService) CountACMEUsers(ctx context.Context, req *pb.CountAcmeUsersRequest) (*pb.RPCCountResponse, error) {
// 校验请求
adminId, userId, err := this.ValidateAdminAndUser(ctx, 0, req.UserId)
@@ -97,7 +98,7 @@ func (this *ACMEUserService) CountACMEUsers(ctx context.Context, req *pb.CountAc
return this.SuccessCount(count)
}
// 列出单页用户
// ListACMEUsers 列出单页用户
func (this *ACMEUserService) ListACMEUsers(ctx context.Context, req *pb.ListACMEUsersRequest) (*pb.ListACMEUsersResponse, error) {
// 校验请求
adminId, userId, err := this.ValidateAdminAndUser(ctx, 0, req.UserId)
@@ -113,17 +114,63 @@ func (this *ACMEUserService) ListACMEUsers(ctx context.Context, req *pb.ListACME
}
result := []*pb.ACMEUser{}
for _, user := range acmeUsers {
result = append(result, &pb.ACMEUser{
Id: int64(user.Id),
Email: user.Email,
Description: user.Description,
CreatedAt: int64(user.CreatedAt),
})
var pbUser = &pb.ACMEUser{
Id: int64(user.Id),
Email: user.Email,
Description: user.Description,
CreatedAt: int64(user.CreatedAt),
AcmeProviderCode: user.ProviderCode,
}
// 服务商
if len(user.ProviderCode) == 0 {
user.ProviderCode = acme.DefaultProviderCode
}
var provider = acme.FindProviderWithCode(user.ProviderCode)
if provider != nil {
pbUser.AcmeProvider = &pb.ACMEProvider{
Name: provider.Name,
Code: provider.Code,
Description: provider.Description,
RequireEAB: provider.RequireEAB,
EabDescription: provider.EABDescription,
}
}
// 账号
if user.AccountId > 0 {
account, err := acmemodels.SharedACMEProviderAccountDAO.FindEnabledACMEProviderAccount(tx, int64(user.AccountId))
if err != nil {
return nil, err
}
if account != nil {
pbUser.AcmeProviderAccount = &pb.ACMEProviderAccount{
Id: int64(account.Id),
Name: account.Name,
IsOn: account.IsOn == 1,
ProviderCode: account.ProviderCode,
AcmeProvider: nil,
}
var provider = acme.FindProviderWithCode(account.ProviderCode)
if provider != nil {
pbUser.AcmeProviderAccount.AcmeProvider = &pb.ACMEProvider{
Name: provider.Name,
Code: provider.Code,
Description: provider.Description,
RequireEAB: provider.RequireEAB,
EabDescription: provider.EABDescription,
}
}
}
}
result = append(result, pbUser)
}
return &pb.ListACMEUsersResponse{AcmeUsers: result}, nil
}
// 查找单个用户
// FindEnabledACMEUser 查找单个用户
func (this *ACMEUserService) FindEnabledACMEUser(ctx context.Context, req *pb.FindEnabledACMEUserRequest) (*pb.FindEnabledACMEUserResponse, error) {
// 校验请求
adminId, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
@@ -149,15 +196,61 @@ func (this *ACMEUserService) FindEnabledACMEUser(ctx context.Context, req *pb.Fi
if acmeUser == nil {
return &pb.FindEnabledACMEUserResponse{AcmeUser: nil}, nil
}
return &pb.FindEnabledACMEUserResponse{AcmeUser: &pb.ACMEUser{
Id: int64(acmeUser.Id),
Email: acmeUser.Email,
Description: acmeUser.Description,
CreatedAt: int64(acmeUser.CreatedAt),
}}, nil
// 服务商
var pbACMEUser = &pb.ACMEUser{
Id: int64(acmeUser.Id),
Email: acmeUser.Email,
Description: acmeUser.Description,
CreatedAt: int64(acmeUser.CreatedAt),
AcmeProviderCode: acmeUser.ProviderCode,
}
if len(acmeUser.ProviderCode) == 0 {
acmeUser.ProviderCode = acme.DefaultProviderCode
}
var provider = acme.FindProviderWithCode(acmeUser.ProviderCode)
if provider != nil {
pbACMEUser.AcmeProvider = &pb.ACMEProvider{
Name: provider.Name,
Code: provider.Code,
Description: provider.Description,
RequireEAB: provider.RequireEAB,
EabDescription: provider.EABDescription,
}
}
// 账号
if acmeUser.AccountId > 0 {
account, err := acmemodels.SharedACMEProviderAccountDAO.FindEnabledACMEProviderAccount(tx, int64(acmeUser.AccountId))
if err != nil {
return nil, err
}
if account != nil {
pbACMEUser.AcmeProviderAccount = &pb.ACMEProviderAccount{
Id: int64(account.Id),
Name: account.Name,
IsOn: account.IsOn == 1,
ProviderCode: account.ProviderCode,
AcmeProvider: nil,
}
var provider = acme.FindProviderWithCode(account.ProviderCode)
if provider != nil {
pbACMEUser.AcmeProviderAccount.AcmeProvider = &pb.ACMEProvider{
Name: provider.Name,
Code: provider.Code,
Description: provider.Description,
RequireEAB: provider.RequireEAB,
EabDescription: provider.EABDescription,
}
}
}
}
return &pb.FindEnabledACMEUserResponse{AcmeUser: pbACMEUser}, nil
}
// 查找所有用户
// FindAllACMEUsers 查找所有用户
func (this *ACMEUserService) FindAllACMEUsers(ctx context.Context, req *pb.FindAllACMEUsersRequest) (*pb.FindAllACMEUsersResponse, error) {
// 校验请求
adminId, userId, err := this.ValidateAdminAndUser(ctx, 0, req.UserId)
@@ -167,17 +260,18 @@ func (this *ACMEUserService) FindAllACMEUsers(ctx context.Context, req *pb.FindA
tx := this.NullTx()
acmeUsers, err := acmemodels.SharedACMEUserDAO.FindAllACMEUsers(tx, adminId, userId)
acmeUsers, err := acmemodels.SharedACMEUserDAO.FindAllACMEUsers(tx, adminId, userId, req.AcmeProviderCode)
if err != nil {
return nil, err
}
result := []*pb.ACMEUser{}
for _, user := range acmeUsers {
result = append(result, &pb.ACMEUser{
Id: int64(user.Id),
Email: user.Email,
Description: user.Description,
CreatedAt: int64(user.CreatedAt),
Id: int64(user.Id),
Email: user.Email,
Description: user.Description,
CreatedAt: int64(user.CreatedAt),
AcmeProviderCode: user.ProviderCode,
})
}
return &pb.FindAllACMEUsersResponse{AcmeUsers: result}, nil