certificate.go 4.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186
  1. package nginx_controller
  2. import (
  3. "encoding/json"
  4. "errors"
  5. "fmt"
  6. "github.com/astaxie/beego/logs"
  7. "github.com/astaxie/beego/orm"
  8. "nginx-ui/server/models"
  9. nginx2 "nginx-ui/server/nginx"
  10. "nginx-ui/server/utils"
  11. "strings"
  12. "time"
  13. )
  14. type CertController struct {
  15. BaseController
  16. }
  17. // 这个是根据域名的名称来的,自定义命令,即文件名称
  18. func saveOrUpdate(cert *models.NginxCerts) error {
  19. o := orm.NewOrm()
  20. find := models.NginxCerts{ServiceName: cert.ServiceName, NginxId: cert.NginxId}
  21. err := o.Read(&find, "service_name", "nginx_id")
  22. if err != nil && err != orm.ErrNoRows {
  23. return err
  24. }
  25. if err == orm.ErrNoRows {
  26. _, err := o.Insert(cert)
  27. return err
  28. }
  29. _, err = o.Update(cert)
  30. return err
  31. }
  32. // Get getAll
  33. // get /nginx/:id/certs
  34. func (c *CertController) Get() {
  35. nginx, err := c.CheckNginxPermission()
  36. if err != nil {
  37. return
  38. }
  39. if nginx.DataDir == "" {
  40. c.SetCode(-1).SetMsg("请先配置数据目录位置!").Json()
  41. return
  42. }
  43. o := orm.NewOrm()
  44. var list []models.NginxCerts
  45. _, err = o.QueryTable((*models.NginxCerts)(nil)).Filter("NginxId", nginx.Id).All(&list)
  46. if err != nil {
  47. c.ErrorJson(err)
  48. return
  49. }
  50. c.SetData(list).Json()
  51. }
  52. // Sync 从配置的证书路径同步证书到数据库
  53. // post /nginx/:id/certs/sync
  54. func (c *CertController) Sync() {
  55. nginx, err := c.CheckNginxPermission()
  56. if err != nil {
  57. return
  58. }
  59. ins := nginx2.GetInstance(nginx)
  60. names := strings.Split(ins.GetCerts(), "\n")
  61. var certs []models.NginxCerts
  62. for i := range names {
  63. name := names[i]
  64. if strings.HasSuffix(name, ".key") {
  65. serviceName := name[0 : len(name)-4]
  66. cert, err := ins.GetCertData(serviceName)
  67. cert.NginxId = nginx.Id
  68. cert.CreatedAt = time.Now().Format("2006-02-01 15:04")
  69. if err != nil {
  70. logs.Warn("getCertData fail", err, serviceName)
  71. } else {
  72. err = saveOrUpdate(cert)
  73. if err != nil {
  74. logs.Warn("save certs fail", err, serviceName)
  75. } else {
  76. certs = append(certs, *cert)
  77. }
  78. }
  79. }
  80. }
  81. c.SetData(true).Json()
  82. }
  83. // Post save certs
  84. // post /nginx/:id/certs
  85. func (c *CertController) Post() {
  86. nginx, err := c.CheckNginxPermission()
  87. if err != nil {
  88. return
  89. }
  90. var cert models.NginxCerts
  91. err = json.Unmarshal(c.Ctx.Input.RequestBody, &cert)
  92. if err != nil {
  93. logs.Error(err, string(c.Ctx.Input.RequestBody))
  94. c.ErrorJson(err)
  95. return
  96. }
  97. if cert.Pem == "" || cert.Key == "" {
  98. c.SetCode(-1).SetMsg("请输入证书私钥和公钥内容!").Json()
  99. return
  100. }
  101. parse, err := utils.CheckHttps(cert.Pem)
  102. if err != nil {
  103. cert.HintMsg = fmt.Sprintf("证书公钥解析异常:%s", err.Error())
  104. } else {
  105. cert.ExpiresAt = parse.NotAfter.Format("2006-01-02 15:04")
  106. cert.SubjectName = parse.Subject.CommonName
  107. }
  108. logs.Info("parse", cert.SubjectName)
  109. o := orm.NewOrm()
  110. cert.NginxId = nginx.Id
  111. if cert.Id > 0 {
  112. _, err = o.Update(&cert)
  113. } else {
  114. cert.CreatedAt = time.Now().Format("2006-01-02 15:04")
  115. _, err = o.Insert(&cert)
  116. }
  117. if err != nil {
  118. c.ErrorJson(err)
  119. return
  120. }
  121. ins := nginx2.GetInstance(nginx)
  122. err = ins.SaveCerts(&cert)
  123. if err != nil {
  124. c.ErrorJson(err)
  125. return
  126. }
  127. c.Json()
  128. }
  129. // Delete del certs
  130. // delete /nginx/:id/certs
  131. func (c *CertController) Delete() {
  132. nginx, err := c.CheckNginxPermission()
  133. if err != nil {
  134. return
  135. }
  136. ins := nginx2.GetInstance(nginx)
  137. certId, err := c.GetInt("id", -1)
  138. if err != nil {
  139. c.ErrorJson(err)
  140. return
  141. }
  142. if certId < 0 {
  143. c.ErrorJson(errors.New("参数错误"))
  144. return
  145. }
  146. dirs := ins.CheckDirs()
  147. if dirs.CertsDir == "" || dirs.CertsDir == "/" {
  148. c.SetCode(-1).SetMsg("请先配置证书路径,不能为根路径。")
  149. c.Json()
  150. return
  151. }
  152. o := orm.NewOrm()
  153. cert := models.NginxCerts{Id: certId, NginxId: nginx.Id}
  154. err = o.Read(&cert, "id", "nginx_id")
  155. if err != nil && err != orm.ErrNoRows {
  156. c.ErrorJson(err)
  157. return
  158. } else if err != nil && err == orm.ErrNoRows {
  159. c.Json()
  160. return
  161. }
  162. _, err = o.Delete(&cert)
  163. if err != nil && err != orm.ErrNoRows {
  164. c.ErrorJson(err)
  165. return
  166. }
  167. certName := cert.ServiceName
  168. cmd1 := fmt.Sprintf("cd %s && if [ -f %s.key ];then mv -f %s.key %s;fi", dirs.CertsDir, certName, certName, dirs.BackupDir)
  169. cmd2 := fmt.Sprintf("cd %s && if [ -f %s.pem ];then mv -f %s.pem %s;fi", dirs.CertsDir, certName, certName, dirs.BackupDir)
  170. resp, err := ins.Run(fmt.Sprintf("%s;%s", cmd1, cmd2))
  171. if err != nil {
  172. c.ErrorJson(err)
  173. return
  174. }
  175. c.SetData(resp).Json()
  176. }