From 9bac7739615ea50cfa949e5760e7aad106c020e2 Mon Sep 17 00:00:00 2001 From: wsczx Date: Fri, 31 Mar 2023 20:34:29 +0800 Subject: [PATCH 1/8] =?UTF-8?q?*=20=E6=96=B0=E5=A2=9E=E6=94=AF=E6=8C=81?= =?UTF-8?q?=E8=87=AA=E5=AE=9A=E4=B9=89=E4=B8=8A=E4=BC=A0=E8=AF=81=E4=B9=A6?= =?UTF-8?q?=E5=8A=9F=E8=83=BD=20*=20=E6=96=B0=E5=A2=9E=E6=94=AF=E6=8C=81?= =?UTF-8?q?=E7=94=B3=E8=AF=B7=E5=92=8C=E8=87=AA=E5=8A=A8=E7=BB=AD=E6=9C=9F?= =?UTF-8?q?Let's=20Encrypt=E8=AF=81=E4=B9=A6=EF=BC=88=E6=9A=82=E5=8F=AA?= =?UTF-8?q?=E6=94=AF=E6=8C=81=E9=98=BF=E9=87=8C=E4=BA=91=E5=92=8C=E8=85=BE?= =?UTF-8?q?=E8=AE=AF=E4=BA=91=EF=BC=89=E5=8A=9F=E8=83=BD=20*=20=E6=96=B0?= =?UTF-8?q?=E5=A2=9E=E6=94=AF=E6=8C=81=E5=8A=A8=E6=80=81=E5=8A=A0=E8=BD=BD?= =?UTF-8?q?=E8=AF=81=E4=B9=A6=EF=BC=88=E6=9B=B4=E6=8D=A2=E8=AF=81=E4=B9=A6?= =?UTF-8?q?=E4=B8=8D=E9=9C=80=E9=87=8D=E5=90=AF=EF=BC=89=E5=8A=9F=E8=83=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- server/admin/api_cert.go | 286 ++++++++++++++++++++++++++++++++++++ server/admin/server.go | 12 +- server/cron/start.go | 2 + server/dbdata/db.go | 12 ++ server/dbdata/setting.go | 9 ++ server/go.mod | 39 +++-- server/go.sum | 78 +++++++--- server/handler/server.go | 9 +- web/src/pages/set/Other.vue | 146 +++++++++++++++++- 9 files changed, 554 insertions(+), 39 deletions(-) create mode 100755 server/admin/api_cert.go diff --git a/server/admin/api_cert.go b/server/admin/api_cert.go new file mode 100755 index 0000000..e9c2fea --- /dev/null +++ b/server/admin/api_cert.go @@ -0,0 +1,286 @@ +package admin + +import ( + "crypto" + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "crypto/tls" + "crypto/x509" + "encoding/base64" + "encoding/json" + "fmt" + "io" + "net/http" + "os" + "time" + + "github.com/bjdgyc/anylink/base" + "github.com/bjdgyc/anylink/dbdata" + "github.com/go-acme/lego/v4/certcrypto" + "github.com/go-acme/lego/v4/certificate" + "github.com/go-acme/lego/v4/challenge/dns01" + "github.com/go-acme/lego/v4/lego" + "github.com/go-acme/lego/v4/providers/dns/alidns" + "github.com/go-acme/lego/v4/providers/dns/tencentcloud" + "github.com/go-acme/lego/v4/registration" + "github.com/xenolf/lego/challenge" + "golang.org/x/crypto/scrypt" +) + +type LegoUser struct { + Email string + Registration *registration.Resource + key crypto.PrivateKey +} +type LeGoClient struct { + Client *lego.Client +} + +func (u *LegoUser) GetEmail() string { + return u.Email +} +func (u LegoUser) GetRegistration() *registration.Resource { + return u.Registration +} +func (u *LegoUser) GetPrivateKey() crypto.PrivateKey { + return u.key +} +func CustomCert(w http.ResponseWriter, r *http.Request) { + cert, _, err := r.FormFile("cert") + if err != nil { + RespError(w, RespInternalErr, err) + return + } + key, _, err := r.FormFile("key") + if err != nil { + RespError(w, RespInternalErr, err) + return + } + certFile, err := os.OpenFile(base.Cfg.CertFile, os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0600) + if err != nil { + RespError(w, RespInternalErr, err) + return + } + defer certFile.Close() + if _, err := io.Copy(certFile, cert); err != nil { + RespError(w, RespInternalErr, err) + return + } + keyFile, err := os.OpenFile(base.Cfg.CertKey, os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0600) + if err != nil { + RespError(w, RespInternalErr, err) + return + } + defer keyFile.Close() + if _, err := io.Copy(keyFile, key); err != nil { + RespError(w, RespInternalErr, err) + return + } + RespSucess(w, "上传成功") +} +func GetCertSetting(w http.ResponseWriter, r *http.Request) { + data := &dbdata.SettingDnsProvider{} + if err := dbdata.SettingGet(data); err != nil { + RespError(w, RespInternalErr, err) + } + data.AccessKeyID = Scrypt(data.AccessKeyID) + data.AccessKeySecret = Scrypt(data.AccessKeySecret) + RespSucess(w, data) +} +func CreatCert(w http.ResponseWriter, r *http.Request) { + if err := r.ParseForm(); err != nil { + http.Error(w, err.Error(), http.StatusBadRequest) + return + } + body, err := io.ReadAll(r.Body) + if err != nil { + RespError(w, RespInternalErr, err) + return + } + defer r.Body.Close() + config := &dbdata.SettingDnsProvider{} + err = json.Unmarshal(body, config) + if err != nil { + RespError(w, RespInternalErr, err) + return + } + if err := dbdata.SettingSet(config); err != nil { + RespError(w, RespInternalErr, err) + return + } + client, err := NewLeGoClient(config) + if err != nil { + base.Error(err) + RespError(w, RespInternalErr, fmt.Sprintf("获取证书失败:%v", err)) + return + } + if err := client.GetCertificate(config.Domain); err != nil { + base.Error(err) + RespError(w, RespInternalErr, fmt.Sprintf("获取证书失败:%v", err)) + return + } + RespSucess(w, "生成证书成功") +} + +func ReNewCert() { + certtime, err := GetCerttime() + if err != nil { + base.Error(err) + return + } + if certtime.AddDate(0, 0, -7).Before(time.Now()) { + config := &dbdata.SettingDnsProvider{} + if err := dbdata.SettingGet(config); err != nil { + base.Error(err) + return + } + if config.Domain == "" { + return + } + if config.Renew { + client, err := NewLeGoClient(config) + if err != nil { + base.Error(err) + return + } + if err := client.RenewCert(base.Cfg.CertFile, base.Cfg.CertKey); err != nil { + base.Error(err) + return + } + base.Info("证书续期成功") + } + } + base.Info(fmt.Sprintf("证书过期时间:%s", certtime.Local().Format("2006-1-2 15:04:05"))) +} + +func NewLeGoClient(d *dbdata.SettingDnsProvider) (*LeGoClient, error) { + privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + if err != nil { + return nil, err + } + legoUser := LegoUser{ + Email: d.Legomail, + key: privateKey, + } + config := lego.NewConfig(&legoUser) + config.CADirURL = lego.LEDirectoryProduction + config.Certificate.KeyType = certcrypto.RSA2048 + + client, err := lego.NewClient(config) + if err != nil { + return nil, err + } + if _, err := client.Registration.ResolveAccountByKey(); err != nil { + reg, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true}) + if err != nil { + return nil, err + } + legoUser.Registration = reg + } + var Provider challenge.Provider + if d.Name == "" { + return nil, fmt.Errorf("%s", "DNS服务商名不允许为空") + } + switch d.Name { + case "aliyun": + if Provider, err = alidns.NewDNSProviderConfig(&alidns.Config{APIKey: d.AccessKeyID, SecretKey: d.AccessKeySecret, TTL: 600}); err != nil { + return nil, err + } + case "txCloud": + if Provider, err = tencentcloud.NewDNSProviderConfig(&tencentcloud.Config{SecretID: d.AccessKeyID, SecretKey: d.AccessKeySecret, TTL: 600}); err != nil { + return nil, err + } + } + if err := client.Challenge.SetDNS01Provider(Provider, dns01.AddRecursiveNameservers([]string{"114.114.114.114", "114.114.115.115"})); err != nil { + return nil, err + } + return &LeGoClient{ + Client: client, + }, nil +} +func (c *LeGoClient) GetCertificate(domain string) error { + // 申请证书 + certificates, err := c.Client.Certificate.Obtain( + certificate.ObtainRequest{ + Domains: []string{domain}, + Bundle: true, + }) + if err != nil { + return err + } + // 保存证书 + if err := SaveCertificate(certificates); err != nil { + return err + } + return nil +} + +func (c *LeGoClient) RenewCert(certFile, keyFile string) error { + cert, err := LoadCertResource(certFile, keyFile) + if err != nil { + return err + } + // 续期证书 + renewcert, err := c.Client.Certificate.Renew(certificate.Resource{ + Certificate: cert.Certificate, + PrivateKey: cert.PrivateKey, + }, true, false, "") + if err != nil { + return err + } + // 保存更新证书 + if err := SaveCertificate(renewcert); err != nil { + return err + } + return nil +} + +func SaveCertificate(cert *certificate.Resource) error { + err := os.WriteFile(base.Cfg.CertFile, cert.Certificate, 0600) + if err != nil { + return err + } + err = os.WriteFile(base.Cfg.CertKey, cert.PrivateKey, 0600) + if err != nil { + return err + } + return nil +} + +func LoadCertResource(certFile, keyFile string) (*certificate.Resource, error) { + cert, err := os.ReadFile(certFile) + if err != nil { + return nil, err + } + key, err := os.ReadFile(keyFile) + if err != nil { + return nil, err + } + return &certificate.Resource{ + Certificate: cert, + PrivateKey: key, + }, nil +} + +func GetCerttime() (*time.Time, error) { + cert, err := tls.LoadX509KeyPair(base.Cfg.CertFile, base.Cfg.CertKey) + if err != nil { + return nil, err + } + parseCert, err := x509.ParseCertificate(cert.Certificate[0]) + if err != nil { + return nil, err + } + certtime := parseCert.NotAfter + return &certtime, nil +} + +func Scrypt(passwd string) string { + salt := []byte{0xc8, 0x28, 0xf2, 0x58, 0xa7, 0x6a, 0xad, 0x7b} + hashPasswd, err := scrypt.Key([]byte(passwd), salt, 1<<15, 8, 1, 32) + if err != nil { + return err.Error() + } + return base64.StdEncoding.EncodeToString(hashPasswd) +} diff --git a/server/admin/server.go b/server/admin/server.go index 2db6d0c..ee4d31d 100644 --- a/server/admin/server.go +++ b/server/admin/server.go @@ -46,6 +46,9 @@ func StartAdmin() { r.HandleFunc("/set/audit/list", SetAuditList) r.HandleFunc("/set/audit/export", SetAuditExport) r.HandleFunc("/set/audit/act_log_list", UserActLogList) + r.HandleFunc("/set/other/createcert", CreatCert) + r.HandleFunc("/set/other/getcertset", GetCertSetting) + r.HandleFunc("/set/other/customcert", CustomCert) r.HandleFunc("/user/list", UserList) r.HandleFunc("/user/detail", UserDetail) @@ -101,13 +104,20 @@ func StartAdmin() { NextProtos: []string{"http/1.1"}, MinVersion: tls.VersionTLS12, CipherSuites: selectedCipherSuites, + GetCertificate: func(*tls.ClientHelloInfo) (*tls.Certificate, error) { + cert, err := tls.LoadX509KeyPair(base.Cfg.CertFile, base.Cfg.CertKey) + if err != nil { + return nil, err + } + return &cert, nil + }, } srv := &http.Server{ Addr: base.Cfg.AdminAddr, Handler: r, TLSConfig: tlsConfig, } - err := srv.ListenAndServeTLS(base.Cfg.CertFile, base.Cfg.CertKey) + err := srv.ListenAndServeTLS("", "") if err != nil { base.Fatal(err) } diff --git a/server/cron/start.go b/server/cron/start.go index c67405f..d39715f 100644 --- a/server/cron/start.go +++ b/server/cron/start.go @@ -3,6 +3,7 @@ package cron import ( "time" + "github.com/bjdgyc/anylink/admin" "github.com/bjdgyc/anylink/sessdata" "github.com/go-co-op/gocron" ) @@ -13,5 +14,6 @@ func Start() { s.Cron("0 * * * *").Do(ClearStatsInfo) s.Cron("0 * * * *").Do(ClearUserActLog) s.Every(1).Day().At("00:00").Do(sessdata.CloseUserLimittimeSession) + s.Every(1).Day().At("00:00").Do(admin.ReNewCert) s.StartAsync() } diff --git a/server/dbdata/db.go b/server/dbdata/db.go index 24c9fae..71e0e56 100644 --- a/server/dbdata/db.go +++ b/server/dbdata/db.go @@ -99,6 +99,18 @@ func addInitData() error { return err } + // SettingDnsProvider + provider := &SettingDnsProvider{ + Legomail: "legomail", + Name: "aliyun OR TXCloud", + AccessKeyID: "AccessKeyID", + AccessKeySecret: "AccessKeySecret", + Domain: "vpn.xxx.com", + } + err = SettingSessAdd(sess, provider) + if err != nil { + return err + } // SettingOther other := &SettingOther{ LinkAddr: "vpn.xx.com", diff --git a/server/dbdata/setting.go b/server/dbdata/setting.go index 970822a..a1b7cf9 100644 --- a/server/dbdata/setting.go +++ b/server/dbdata/setting.go @@ -33,6 +33,15 @@ type SettingOther struct { AccountMail string `json:"account_mail"` } +type SettingDnsProvider struct { + Legomail string `json:"legomail"` + Name string `json:"name"` + AccessKeyID string `json:"accessKeyId"` + AccessKeySecret string `json:"accessKeySecret"` + Domain string `json:"domain"` + Renew bool `json:"renew"` +} + func StructName(data interface{}) string { ref := reflect.ValueOf(data) s := &ref diff --git a/server/go.mod b/server/go.mod index 63051fc..a99056e 100644 --- a/server/go.mod +++ b/server/go.mod @@ -5,11 +5,12 @@ go 1.18 require ( github.com/arl/statsviz v0.5.1 github.com/deckarep/golang-set v1.8.0 + github.com/go-acme/lego/v4 v4.10.2 github.com/go-co-op/gocron v1.17.0 github.com/go-ldap/ldap v3.0.3+incompatible github.com/go-sql-driver/mysql v1.6.0 github.com/gocarina/gocsv v0.0.0-20220712153207-8b2118da4570 - github.com/golang-jwt/jwt/v4 v4.0.0 + github.com/golang-jwt/jwt/v4 v4.2.0 github.com/google/gopacket v1.1.19 github.com/gorilla/handlers v1.5.1 github.com/gorilla/mux v1.8.0 @@ -28,25 +29,39 @@ require ( github.com/spf13/cast v1.3.1 github.com/spf13/cobra v1.2.1 github.com/spf13/viper v1.8.1 - github.com/stretchr/testify v1.8.0 + github.com/stretchr/testify v1.8.1 + github.com/xenolf/lego v2.7.2+incompatible github.com/xhit/go-simple-mail/v2 v2.10.0 github.com/xlzd/gotp v0.0.0-20181030022105-c8557ba2c119 github.com/xuri/excelize/v2 v2.6.1 go.uber.org/atomic v1.10.0 - golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8 - golang.org/x/net v0.0.0-20220812174116-3211cb980234 - golang.org/x/text v0.3.7 - golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac + golang.org/x/crypto v0.5.0 + golang.org/x/net v0.5.0 + golang.org/x/text v0.6.0 + golang.org/x/time v0.3.0 layeh.com/radius v0.0.0-20210819152912-ad72663a72ab xorm.io/xorm v1.3.2 ) +require ( + github.com/aliyun/alibaba-cloud-sdk-go v1.61.1755 // indirect + github.com/cenkalti/backoff/v4 v4.2.0 // indirect + github.com/felixge/httpsnoop v1.0.1 // indirect + github.com/go-acme/lego v2.7.2+incompatible // indirect + github.com/go-jose/go-jose/v3 v3.0.0 // indirect + github.com/jmespath/go-jmespath v0.4.0 // indirect + github.com/miekg/dns v1.1.50 // indirect + github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.490 // indirect + github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.490 // indirect + golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect + golang.org/x/tools v0.1.12 // indirect +) + require ( github.com/StackExchange/wmi v1.2.1 // indirect github.com/coreos/go-iptables v0.6.0 github.com/davecgh/go-spew v1.1.1 // indirect - github.com/felixge/httpsnoop v1.0.1 // indirect - github.com/fsnotify/fsnotify v1.4.9 // indirect + github.com/fsnotify/fsnotify v1.5.4 // indirect github.com/go-ole/go-ole v1.2.5 // indirect github.com/goccy/go-json v0.8.1 // indirect github.com/golang/snappy v0.0.4 // indirect @@ -55,7 +70,7 @@ require ( github.com/inconshreveable/mousetrap v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/magiconair/properties v1.8.5 // indirect - github.com/mitchellh/mapstructure v1.4.1 // indirect + github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect @@ -75,10 +90,10 @@ require ( github.com/tklauser/numcpus v0.2.3 // indirect github.com/xuri/efp v0.0.0-20220603152613-6918739fd470 // indirect github.com/xuri/nfp v0.0.0-20220409054826-5e722a1d9e22 // indirect - golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect - golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 // indirect + golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect + golang.org/x/sys v0.4.0 // indirect gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d // indirect - gopkg.in/ini.v1 v1.62.0 // indirect + gopkg.in/ini.v1 v1.66.6 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect xorm.io/builder v0.3.11-0.20220531020008-1bd24a7dc978 // indirect diff --git a/server/go.sum b/server/go.sum index e396041..251d35a 100644 --- a/server/go.sum +++ b/server/go.sum @@ -54,6 +54,8 @@ github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuy github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/aliyun/alibaba-cloud-sdk-go v1.61.1755 h1:J45/QHgrzUdqe/Vco/Vxk0wRvdS2nKUxmf/zLgvfass= +github.com/aliyun/alibaba-cloud-sdk-go v1.61.1755/go.mod h1:RcDobYh8k5VP6TNybz9m++gL3ijVI5wueVr0EM10VsU= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= @@ -73,6 +75,8 @@ github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kB github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= +github.com/cenkalti/backoff/v4 v4.2.0 h1:HN5dHm3WBOgndBH6E8V0q2jIYIR3s9yglV8k/+MN3u4= +github.com/cenkalti/backoff/v4 v4.2.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= @@ -125,14 +129,21 @@ github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSw github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= -github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= +github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI= +github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/go-acme/lego v2.7.2+incompatible h1:ThhpPBgf6oa9X/vRd0kEmWOsX7+vmYdckmGZSb+FEp0= +github.com/go-acme/lego v2.7.2+incompatible/go.mod h1:yzMNe9CasVUhkquNvti5nAtPmG94USbYxYrZfTkIn0M= +github.com/go-acme/lego/v4 v4.10.2 h1:5eW3qmda5v/LP21v1Hj70edKY1jeFZQwO617tdkwp6Q= +github.com/go-acme/lego/v4 v4.10.2/go.mod h1:EMbf0Jmqwv94nJ5WL9qWnSXIBZnvsS9gNypansHGc6U= github.com/go-co-op/gocron v1.17.0 h1:IixLXsti+Qo0wMvmn6Kmjp2csk2ykpkcL+EmHmST18w= github.com/go-co-op/gocron v1.17.0/go.mod h1:IpDBSaJOVfFw7hXZuTag3SCSkqazXBBUkbQ1m1aesBs= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +github.com/go-jose/go-jose/v3 v3.0.0 h1:s6rrhirfEP/CGIoc6p+PZAeogN2SxKav6Wp7+dyMWVo= +github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o= @@ -159,8 +170,9 @@ github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7a github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang-jwt/jwt/v4 v4.0.0 h1:RAqyYixv1p7uEnocuy8P1nru5wprCh/MH2BIlW5z5/o= -github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= +github.com/goji/httpauth v0.0.0-20160601135302-2da839ab0f4d/go.mod h1:nnjvkQ9ptGaCkuDUx6wNykzzlUixGxvkme+H/lnzb+A= +github.com/golang-jwt/jwt/v4 v4.2.0 h1:besgBTC8w8HjP6NzQdxwKH9Z5oQMZ24ThTrHp3cZ8eU= +github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -208,6 +220,7 @@ github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8= @@ -233,7 +246,6 @@ github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4= @@ -331,7 +343,12 @@ github.com/jackc/puddle v1.1.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dv github.com/jackc/puddle v1.1.1/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= +github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= +github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= +github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= +github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= +github.com/json-iterator/go v1.1.5/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= @@ -340,7 +357,6 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= -github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs= @@ -381,13 +397,15 @@ github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hd github.com/mattn/go-isatty v0.0.7/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ= -github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= +github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng= github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-sqlite3 v1.14.9 h1:10HX2Td0ocZpYEjhilsuo6WWtUqttj2Kb0KtD86/KYA= github.com/mattn/go-sqlite3 v1.14.9/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= +github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA= +github.com/miekg/dns v1.1.50/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= @@ -395,8 +413,9 @@ github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS4 github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/mapstructure v1.4.1 h1:CpVNEelQCZBooIPDn+AR3NpivK/TIKU8bDxdASFVQag= github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= +github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -507,9 +526,7 @@ github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMB github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e h1:MRM5ITcdelLK2j1vwZ3Je0FKVCfqOLp5zO6trqMLYs0= github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e/go.mod h1:XV66xRDqSt+GTGFMVlhk3ULuV0y9ZmzeVGR4mloJI3M= -github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= -github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= github.com/songgao/packets v0.0.0-20160404182456-549a10cd4091 h1:1zN6ImoqhSJhN8hGXFaJlSC8msLmIbX8bFqOfWLKw0w= @@ -538,6 +555,7 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= @@ -545,12 +563,17 @@ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/syndtr/goleveldb v1.0.0 h1:fBdIW9lB4Iz0n9khmH8w27SJ3QEJ7+IgjPEwGSZiFdE= github.com/syndtr/goleveldb v1.0.0/go.mod h1:ZVVdQEZoIme9iO1Ch2Jdy24qqXrMMOU6lpPAyBWyWuQ= +github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.490 h1:mmz27tVi2r70JYnm5y0Zk8w0Qzsx+vfUw3oqSyrEfP8= +github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.490/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y= +github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.490 h1:g9SWTaTy/rEuhMErC2jWq9Qt5ci+jBYSvXnJsLq4adg= +github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.490/go.mod h1:l9q4vc1QiawUB1m3RU+87yLvrrxe54jc0w/kEl4DbSQ= github.com/tklauser/go-sysconf v0.3.7 h1:HT7h4+536gjqeq1ZIJPgOl1rg1XFatQGVZWp7Py53eg= github.com/tklauser/go-sysconf v0.3.7/go.mod h1:JZIdXh4RmBvZDBZ41ld2bGxRV3n4daiiqA3skYhAoQ4= github.com/tklauser/numcpus v0.2.3 h1:nQ0QYpiritP6ViFhrKYsiv6VVxOpum2Gks5GhnJbS/8= @@ -558,6 +581,8 @@ github.com/tklauser/numcpus v0.2.3/go.mod h1:vpEPS/JC+oZGGQ/My/vJnNsvMDQL6PwOqt8 github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= +github.com/xenolf/lego v2.7.2+incompatible h1:aGxxYqhnQLQ71HsvEAjJVw6ao14APwPpRk0mpFroPXk= +github.com/xenolf/lego v2.7.2+incompatible/go.mod h1:fwiGnfsIjG7OHPfOvgK7Y/Qo6+2Ox0iozjNTkZICKbY= github.com/xhit/go-simple-mail/v2 v2.10.0 h1:nib6RaJ4qVh5HD9UE9QJqnUZyWp3upv+Z6CFxaMj0V8= github.com/xhit/go-simple-mail/v2 v2.10.0/go.mod h1:kA1XbQfCI4JxQ9ccSN6VFyIEkkugOm7YiPkA5hKiQn4= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= @@ -624,8 +649,9 @@ golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c/go.mod h1:jdWPYTVW3xRLrWP golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8 h1:GIAS/yBem/gq2MUqgNIzUHW7cJMmx3TGZOrnyYaNQ6c= golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.5.0 h1:U/0M97KRkSFvyD/3FSmdP5W5swImpNgle/EHFhOsQPE= +golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -662,8 +688,9 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.2 h1:Gz96sIWK3OalVv/I/qNygP42zyoKp3xptRVCWRFEBvo= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -707,11 +734,13 @@ golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= +golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211201190559-0a0e4e1bb54c/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.0.0-20220812174116-3211cb980234 h1:RDqmgfe7SvlMWoqC3xwQ2blLO3fcWcxMa3eBLRdRW7E= golang.org/x/net v0.0.0-20220812174116-3211cb980234/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= +golang.org/x/net v0.5.0 h1:GyT4nK/YDHSqa1c4753ouYCDajOYKTja9Xb/OHtgvSw= +golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -734,8 +763,9 @@ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+veunVezqYl9z7DYw9xzw= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -798,8 +828,10 @@ golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210902050250-f475640dd07b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 h1:WIoqL4EROvwiPdUtaip4VcDdpZ4kha7wBWZrbVKCIZg= +golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.4.0 h1:Zr2JFtRQNX3BCZ8YtxRE9hNJYC8J6I1MVbMg6owUp18= +golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -811,14 +843,15 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.6.0 h1:3XmdazWV+ubf7QgHSTWeykHOci5oeekaGJBLkrkaw4k= +golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac h1:7zkz7BUtwNFFqcowJ+RIgu2MaV/MapERkDIy+mwPyjs= -golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= +golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -877,14 +910,15 @@ golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= -golang.org/x/tools v0.1.2 h1:kRBLX7v7Af8W7Gdbbc908OJcdgtK8bOz9Uaj8/F1ACA= golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= @@ -1008,8 +1042,10 @@ gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:aPpfJ7XW+gOuirDoZ8gHhLh3kZ1B08FtV2bbmy7Jv3s= -gopkg.in/ini.v1 v1.62.0 h1:duBzk771uxoUuOlyRLkHsygud9+5lrlGjdFBb4mSKDU= gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= +gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= +gopkg.in/ini.v1 v1.66.6 h1:LATuAqN/shcYAOkv3wl2L4rkaKqkcgTBQjOyYDvcPKI= +gopkg.in/ini.v1 v1.66.6/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= diff --git a/server/handler/server.go b/server/handler/server.go index c4c4cee..bedd7d5 100644 --- a/server/handler/server.go +++ b/server/handler/server.go @@ -48,6 +48,13 @@ func startTls() { NextProtos: []string{"http/1.1"}, MinVersion: tls.VersionTLS12, CipherSuites: selectedCipherSuites, + GetCertificate: func(*tls.ClientHelloInfo) (*tls.Certificate, error) { + cert, err := tls.LoadX509KeyPair(base.Cfg.CertFile, base.Cfg.CertKey) + if err != nil { + return nil, err + } + return &cert, nil + }, // InsecureSkipVerify: true, } srv := &http.Server{ @@ -71,7 +78,7 @@ func startTls() { } base.Info("listen server", addr) - err = srv.ServeTLS(ln, base.Cfg.CertFile, base.Cfg.CertKey) + err = srv.ServeTLS(ln, "", "") if err != nil { base.Fatal(err) } diff --git a/web/src/pages/set/Other.vue b/web/src/pages/set/Other.vue index e1f9cb7..e9520e8 100644 --- a/web/src/pages/set/Other.vue +++ b/web/src/pages/set/Other.vue @@ -61,6 +61,78 @@ 重置 + + + + + + + + 证书文件 + + + + + + + + 私钥文件 + + + + + + + 上传 + + + + + + + + + + + + + + 阿里云 + 腾讯云 + + + + + + + + + + + + + + 申请 + 重置 + + + + @@ -80,7 +152,7 @@ v-model="dataOther.banner"> - + { let rdata = resp.data @@ -188,7 +287,21 @@ export default { this.$message.error('哦,请求出错'); console.log(error); }); - }, + }, + getCert() { + axios.get('/set/other/getcertset').then(resp => { + let rdata = resp.data + console.log(rdata) + if (rdata.code !== 0) { + this.$message.error(rdata.msg); + return; + } + this.dataCert = rdata.data + }).catch(error => { + this.$message.error('哦,请求出错'); + console.log(error); + }); + }, getOther() { axios.get('/set/other').then(resp => { let rdata = resp.data @@ -233,6 +346,31 @@ export default { } }) break; + case "dataCert": + axios.post('/set/other/createcert', this.dataCert).then(resp => { + var rdata = resp.data + console.log(rdata); + if (rdata.code === 0) { + this.$message.success(rdata.msg); + } else { + this.$message.error(rdata.msg); + } + }) + break; + case "customCert": + var formData = new FormData() + formData.append('cert', this.customCert.cert) + formData.append('key', this.customCert.key) + axios.post(this.certUpload, formData).then(resp => { + var rdata = resp.data + console.log(rdata); + if (rdata.code === 0) { + this.$message.success(rdata.msg); + } else { + this.$message.error(rdata.msg); + } + }) + break; case "dataOther": axios.post('/set/other/edit', this.dataOther).then(resp => { var rdata = resp.data From 061f6f222bf9185acbef98a1c05d41abb3a1e826 Mon Sep 17 00:00:00 2001 From: wsczx Date: Sun, 2 Apr 2023 00:43:17 +0800 Subject: [PATCH 2/8] =?UTF-8?q?Let's=20Encrypt=E6=B7=BB=E5=8A=A0Cloudflare?= =?UTF-8?q?=E6=8E=A5=E5=8F=A3=EF=BC=8C=E4=BC=98=E5=8C=96DNS=E6=9C=8D?= =?UTF-8?q?=E5=8A=A1=E5=95=86=E4=BF=A1=E6=81=AF=E7=9A=84=E5=AD=98=E5=82=A8?= =?UTF-8?q?=E6=96=B9=E5=BC=8F=E5=92=8C=E5=89=8D=E7=AB=AF=E6=98=BE=E7=A4=BA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- server/admin/api_cert.go | 21 +- server/dbdata/db.go | 21 +- server/dbdata/setting.go | 23 +- server/go.mod | 5 + server/go.sum | 21 +- web/src/pages/set/Other.vue | 614 ++++++++++++++++++++++++------------ 6 files changed, 478 insertions(+), 227 deletions(-) diff --git a/server/admin/api_cert.go b/server/admin/api_cert.go index e9c2fea..7b0b162 100755 --- a/server/admin/api_cert.go +++ b/server/admin/api_cert.go @@ -22,6 +22,7 @@ import ( "github.com/go-acme/lego/v4/challenge/dns01" "github.com/go-acme/lego/v4/lego" "github.com/go-acme/lego/v4/providers/dns/alidns" + "github.com/go-acme/lego/v4/providers/dns/cloudflare" "github.com/go-acme/lego/v4/providers/dns/tencentcloud" "github.com/go-acme/lego/v4/registration" "github.com/xenolf/lego/challenge" @@ -84,8 +85,11 @@ func GetCertSetting(w http.ResponseWriter, r *http.Request) { if err := dbdata.SettingGet(data); err != nil { RespError(w, RespInternalErr, err) } - data.AccessKeyID = Scrypt(data.AccessKeyID) - data.AccessKeySecret = Scrypt(data.AccessKeySecret) + data.AliYun.APIKey = Scrypt(data.AliYun.APIKey) + data.AliYun.SecretKey = Scrypt(data.AliYun.SecretKey) + data.TXCloud.SecretID = Scrypt(data.TXCloud.SecretID) + data.TXCloud.SecretKey = Scrypt(data.TXCloud.SecretKey) + data.CfCloud.AuthKey = Scrypt(data.CfCloud.AuthKey) RespSucess(w, data) } func CreatCert(w http.ResponseWriter, r *http.Request) { @@ -179,16 +183,17 @@ func NewLeGoClient(d *dbdata.SettingDnsProvider) (*LeGoClient, error) { legoUser.Registration = reg } var Provider challenge.Provider - if d.Name == "" { - return nil, fmt.Errorf("%s", "DNS服务商名不允许为空") - } switch d.Name { case "aliyun": - if Provider, err = alidns.NewDNSProviderConfig(&alidns.Config{APIKey: d.AccessKeyID, SecretKey: d.AccessKeySecret, TTL: 600}); err != nil { + if Provider, err = alidns.NewDNSProviderConfig(&alidns.Config{APIKey: d.AliYun.APIKey, SecretKey: d.AliYun.SecretKey, TTL: 600}); err != nil { return nil, err } - case "txCloud": - if Provider, err = tencentcloud.NewDNSProviderConfig(&tencentcloud.Config{SecretID: d.AccessKeyID, SecretKey: d.AccessKeySecret, TTL: 600}); err != nil { + case "txcloud": + if Provider, err = tencentcloud.NewDNSProviderConfig(&tencentcloud.Config{SecretID: d.TXCloud.SecretID, SecretKey: d.TXCloud.SecretKey, TTL: 600}); err != nil { + return nil, err + } + case "cloudflare": + if Provider, err = cloudflare.NewDNSProviderConfig(&cloudflare.Config{AuthEmail: d.CfCloud.AuthEmail, AuthKey: d.CfCloud.AuthKey, TTL: 600}); err != nil { return nil, err } } diff --git a/server/dbdata/db.go b/server/dbdata/db.go index 71e0e56..149534d 100644 --- a/server/dbdata/db.go +++ b/server/dbdata/db.go @@ -101,11 +101,22 @@ func addInitData() error { // SettingDnsProvider provider := &SettingDnsProvider{ - Legomail: "legomail", - Name: "aliyun OR TXCloud", - AccessKeyID: "AccessKeyID", - AccessKeySecret: "AccessKeySecret", - Domain: "vpn.xxx.com", + Domain: "vpn.xxx.com", + Legomail: "legomail", + Name: "", + Renew: false, + AliYun: struct { + APIKey string `json:"apiKey"` + SecretKey string `json:"secretKey"` + }{APIKey: "", SecretKey: ""}, + TXCloud: struct { + SecretID string `json:"secretId"` + SecretKey string `json:"secretKey"` + }{SecretID: "", SecretKey: ""}, + CfCloud: struct { + AuthEmail string `json:"authEmail"` + AuthKey string `json:"authKey"` + }{AuthEmail: "", AuthKey: ""}, } err = SettingSessAdd(sess, provider) if err != nil { diff --git a/server/dbdata/setting.go b/server/dbdata/setting.go index a1b7cf9..4cba04f 100644 --- a/server/dbdata/setting.go +++ b/server/dbdata/setting.go @@ -34,12 +34,23 @@ type SettingOther struct { } type SettingDnsProvider struct { - Legomail string `json:"legomail"` - Name string `json:"name"` - AccessKeyID string `json:"accessKeyId"` - AccessKeySecret string `json:"accessKeySecret"` - Domain string `json:"domain"` - Renew bool `json:"renew"` + Domain string `json:"domain"` + Legomail string `json:"legomail"` + Name string `json:"name"` + Renew bool `json:"renew"` + AliYun struct { + APIKey string `json:"apiKey"` + SecretKey string `json:"secretKey"` + } `json:"aliyun"` + + TXCloud struct { + SecretID string `json:"secretId"` + SecretKey string `json:"secretKey"` + } `json:"txcloud"` + CfCloud struct { + AuthEmail string `json:"authEmail"` + AuthKey string `json:"authKey"` + } `json:"cfcloud"` } func StructName(data interface{}) string { diff --git a/server/go.mod b/server/go.mod index a99056e..1f024e3 100644 --- a/server/go.mod +++ b/server/go.mod @@ -46,11 +46,16 @@ require ( require ( github.com/aliyun/alibaba-cloud-sdk-go v1.61.1755 // indirect github.com/cenkalti/backoff/v4 v4.2.0 // indirect + github.com/cloudflare/cloudflare-go v0.49.0 // indirect github.com/felixge/httpsnoop v1.0.1 // indirect github.com/go-acme/lego v2.7.2+incompatible // indirect github.com/go-jose/go-jose/v3 v3.0.0 // indirect + github.com/google/go-querystring v1.1.0 // indirect + github.com/hashicorp/go-cleanhttp v0.5.2 // indirect + github.com/hashicorp/go-retryablehttp v0.7.1 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/miekg/dns v1.1.50 // indirect + github.com/pkg/errors v0.9.1 // indirect github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.490 // indirect github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.490 // indirect golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect diff --git a/server/go.sum b/server/go.sum index 251d35a..5f6c4a1 100644 --- a/server/go.sum +++ b/server/go.sum @@ -84,6 +84,8 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5P github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/cloudflare/cloudflare-go v0.49.0 h1:KqJYk/YQ5ZhmyYz1oa4kGDskfF1gVuZfqesaJ/XDLto= +github.com/cloudflare/cloudflare-go v0.49.0/go.mod h1:h0QgcIZ3qEXwFiwfBO8sQxjVdYsLX+PfD7NFEnANaKg= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= @@ -124,6 +126,7 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.m github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= +github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w= github.com/felixge/httpsnoop v1.0.1 h1:lvB5Jl89CsZtGIWuTcDM1E/vkVs49/Ml7JJe07l8SPQ= github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= @@ -220,8 +223,10 @@ github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg= +github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= +github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8= github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo= @@ -267,9 +272,15 @@ github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyN github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= +github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= +github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= +github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= +github.com/hashicorp/go-hclog v1.2.0 h1:La19f8d7WIlm4ogzNHB0JGqs5AUDAZ2UfCY4sJXcJdM= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= +github.com/hashicorp/go-retryablehttp v0.7.1 h1:sUiuQAnLlbvmExtFQs72iFW/HXeUn8Z1aJLQ4LJJbTQ= +github.com/hashicorp/go-retryablehttp v0.7.1/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= @@ -368,8 +379,8 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxv github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= -github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= @@ -391,6 +402,7 @@ github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaO github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ= github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= +github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= @@ -473,6 +485,8 @@ github.com/pires/go-proxyproto v0.6.2 h1:KAZ7UteSOt6urjme6ZldyFm4wDe/z0ZUP0Yv0Do github.com/pires/go-proxyproto v0.6.2/go.mod h1:Odh9VFOZJCf9G8cLW5o435Xf1J95Jw9Gw5rnCjcwzAY= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA= github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= @@ -507,6 +521,7 @@ github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzG github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg= github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ= github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU= github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc= @@ -1034,8 +1049,8 @@ gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLks gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d h1:TxyelI5cVkbREznMhfzycHdkp5cLA7DpE+GKjSslYhM= gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d/go.mod h1:cuepJuh7vyXfUyUwEgHQXw849cJrilpS5NeIjOWESAw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4= diff --git a/web/src/pages/set/Other.vue b/web/src/pages/set/Other.vue index e9520e8..118e864 100644 --- a/web/src/pages/set/Other.vue +++ b/web/src/pages/set/Other.vue @@ -2,7 +2,13 @@ - + @@ -13,7 +19,11 @@ - + @@ -26,166 +36,252 @@ - 保存 + 保存 重置 - + - 秒 -

请手动修改配置文件中的 audit_interval 参数后,再重启服务, -1 代表关闭审计日志

- + + 秒 +

+ 请手动修改配置文件中的 audit_interval 参数后,再重启服务, + -1 代表关闭审计日志 +

+ - 天 -

范围: 0 ~ 365天 , 0 代表永久保存

+ + 天 +

+ 范围: 0 ~ 365天 , + 0 代表永久保存 +

- - + v-model="dataAuditLog.clear_time" + :picker-options="{ + start: '00:00', + step: '01:00', + end: '23:00', + }" + editable="false," + size="small" + placeholder="请选择" + style="width: 130px" + > + + - 保存 + 保存 重置 - + - - - - - + + + + + - 证书文件 - + :limit="1" + > + 证书文件 + - - + + - 私钥文件 - + :limit="1" + > + 私钥文件 + - - - 上传 - + + + 上传 + - - + + - + - + - + 阿里云 - 腾讯云 + 腾讯云 + cloudflare - - - - - + + + inactive-text="自动续期" + > - 申请 - 重置 - + 申请 + 重置 + - + - - + - + + type="textarea" + :rows="5" + placeholder="请输入内容" + v-model="dataOther.banner" + > - + + type="textarea" + :rows="5" + placeholder="请输入内容" + v-model="dataOther.homeindex" + > + type="textarea" + :rows="10" + placeholder="请输入内容" + v-model="dataOther.account_mail" + > - 保存 + 保存 重置 - @@ -196,36 +292,133 @@ import axios from "axios"; export default { name: "Other", created() { - this.$emit('update:route_path', this.$route.path) - this.$emit('update:route_name', ['基础信息', '其他设置']) + this.$emit("update:route_path", this.$route.path); + this.$emit("update:route_name", ["基础信息", "其他设置"]); }, mounted() { - this.getSmtp() + this.getSmtp(); }, data() { return { - activeName: 'dataSmtp', + activeName: "dataSmtp", + datacertManage: "customCert", dataSmtp: {}, dataAuditLog: {}, - dataCert: { renew: true }, - customCert: {cert:'',key:''}, + letsCert: { + domain: ``, + legomail: ``, + name: "", + renew: "", + aliyun: { + apiKey: "", + secretKey: "", + }, + txcloud: { + secretId: "", + secretKey: "", + }, + cfcloud: { + authEmail: "", + authKey: "", + }, + }, + customCert: { cert: "", key: "" }, dataOther: {}, rules: { - host: {required: true, message: '请输入服务器地址', trigger: 'blur'}, + host: { required: true, message: "请输入服务器地址", trigger: "blur" }, port: [ - {required: true, message: '请输入服务器端口', trigger: 'blur'}, - {type: 'number', message: '请输入正确的服务器端口', trigger: ['blur', 'change']} + { required: true, message: "请输入服务器端口", trigger: "blur" }, + { + type: "number", + message: "请输入正确的服务器端口", + trigger: ["blur", "change"], + }, ], - issuer: { required: true, message: '请输入系统名称', trigger: 'blur' }, - domain: {required: true, message: '请输入需要申请证书的域名', trigger: 'blur'}, - legomail: { required: true, message: '请输入申请证书的邮箱地址', trigger: 'blur' }, - name: { required: true, message: '请选择域名服务商', trigger: 'blur' }, - accessKeyId: { required: true, message: '请输入正确的AccessKeyId', trigger: 'blur' }, - accessKeySecret: { required: true, message: '请输入正确的AccessKeySecret', trigger: 'blur' }, + issuer: { required: true, message: "请输入系统名称", trigger: "blur" }, + domain: { + required: true, + message: "请输入需要申请证书的域名", + trigger: "blur", + }, + legomail: { + required: true, + message: "请输入申请证书的邮箱地址", + trigger: "blur", + }, + name: { required: true, message: "请选择域名服务商", trigger: "blur" }, }, certUpload: "/set/other/customcert", certFileList: [], keyFileList: [], + dnsProvider: { + aliyun: [ + { + label: "APIKey", + prop: "apiKey", + component: "el-input", + type: "password", + rules: { + required: true, + message: "请输入正确的APIKey", + trigger: "blur", + }, + }, + { + label: "SecretKey", + prop: "secretKey", + component: "el-input", + type: "password", + rules: { + required: true, + message: "请输入正确的SecretKey", + trigger: "blur", + }, + }, + ], + txcloud: [ + { + label: "SecretID", + prop: "secretId", + component: "el-input", + type: "password", + rules: { + required: true, + message: "请输入正确的APIKey", + trigger: "blur", + }, + }, + { + label: "SecretKey", + prop: "secretKey", + component: "el-input", + type: "password", + rules: { + required: true, + message: "请输入正确的APIKey", + trigger: "blur", + }, + }, + ], + cfcloud: [ + { + label: "Email", + prop: "email", + component: "el-input", + type: "text", + }, + { + label: "AuthKey", + prop: "authKey", + component: "el-input", + type: "password", + rules: { + required: true, + message: "请输入正确的APIKey", + trigger: "blur", + }, + }, + ], + }, }; }, methods: { @@ -233,164 +426,176 @@ export default { window.console.log(tab.name, event); switch (tab.name) { case "dataSmtp": - this.getSmtp() - break + this.getSmtp(); + break; case "dataAuditLog": - this.getAuditLog() - break - case "dataCert": - this.getCert() - break + this.getAuditLog(); + break; + case "letsCert": + this.getletsCert(); + break; case "dataOther": - this.getOther() - break + this.getOther(); + break; } }, beforeCertUpload(file) { - // if (file.type !== 'application/x-pem-file') { - // this.$message.error('只能上传 .pem 格式的证书文件') - // return false - // } - this.customCert.cert = file - }, - beforeKeyUpload(file) { - // if (file.type !== 'application/x-pem-file') { - // this.$message.error('只能上传 .pem 格式的私钥文件') - // return false - // } - this.customCert.key = file - }, + // if (file.type !== 'application/x-pem-file') { + // this.$message.error('只能上传 .pem 格式的证书文件') + // return false + // } + this.customCert.cert = file; + }, + beforeKeyUpload(file) { + // if (file.type !== 'application/x-pem-file') { + // this.$message.error('只能上传 .pem 格式的私钥文件') + // return false + // } + this.customCert.key = file; + }, getSmtp() { - axios.get('/set/other/smtp').then(resp => { - let rdata = resp.data - console.log(rdata) - if (rdata.code !== 0) { - this.$message.error(rdata.msg); - return; - } - this.dataSmtp = rdata.data - }).catch(error => { - this.$message.error('哦,请求出错'); - console.log(error); - }); + axios + .get("/set/other/smtp") + .then((resp) => { + let rdata = resp.data; + console.log(rdata); + if (rdata.code !== 0) { + this.$message.error(rdata.msg); + return; + } + this.dataSmtp = rdata.data; + }) + .catch((error) => { + this.$message.error("哦,请求出错"); + console.log(error); + }); }, getAuditLog() { - axios.get('/set/other/audit_log').then(resp => { - let rdata = resp.data - console.log(rdata) - if (rdata.code !== 0) { - this.$message.error(rdata.msg); - return; - } - this.dataAuditLog = rdata.data - }).catch(error => { - this.$message.error('哦,请求出错'); - console.log(error); - }); - }, - getCert() { - axios.get('/set/other/getcertset').then(resp => { - let rdata = resp.data - console.log(rdata) - if (rdata.code !== 0) { - this.$message.error(rdata.msg); - return; - } - this.dataCert = rdata.data - }).catch(error => { - this.$message.error('哦,请求出错'); - console.log(error); - }); + axios + .get("/set/other/audit_log") + .then((resp) => { + let rdata = resp.data; + console.log(rdata); + if (rdata.code !== 0) { + this.$message.error(rdata.msg); + return; + } + this.dataAuditLog = rdata.data; + }) + .catch((error) => { + this.$message.error("哦,请求出错"); + console.log(error); + }); + }, + getletsCert() { + axios + .get("/set/other/getcertset") + .then((resp) => { + let rdata = resp.data; + console.log(rdata); + if (rdata.code !== 0) { + this.$message.error(rdata.msg); + return; + } + this.letsCert = Object.assign({}, this.letsCert, rdata.data); + }) + .catch((error) => { + this.$message.error("哦,请求出错"); + console.log(error); + }); }, getOther() { - axios.get('/set/other').then(resp => { - let rdata = resp.data - console.log(rdata) - if (rdata.code !== 0) { - this.$message.error(rdata.msg); - return; - } - this.dataOther = rdata.data - }).catch(error => { - this.$message.error('哦,请求出错'); - console.log(error); - }); + axios + .get("/set/other") + .then((resp) => { + let rdata = resp.data; + console.log(rdata); + if (rdata.code !== 0) { + this.$message.error(rdata.msg); + return; + } + this.dataOther = rdata.data; + }) + .catch((error) => { + this.$message.error("哦,请求出错"); + console.log(error); + }); }, submitForm(formName) { this.$refs[formName].validate((valid) => { if (!valid) { - alert('error submit!'); + alert("error submit!"); } switch (formName) { case "dataSmtp": - axios.post('/set/other/smtp/edit', this.dataSmtp).then(resp => { - var rdata = resp.data + axios.post("/set/other/smtp/edit", this.dataSmtp).then((resp) => { + var rdata = resp.data; console.log(rdata); if (rdata.code === 0) { this.$message.success(rdata.msg); } else { this.$message.error(rdata.msg); } - - }) + }); break; case "dataAuditLog": - axios.post('/set/other/audit_log/edit', this.dataAuditLog).then(resp => { - var rdata = resp.data - console.log(rdata); - if (rdata.code === 0) { - this.$message.success(rdata.msg); - } else { - this.$message.error(rdata.msg); - } - }) + axios + .post("/set/other/audit_log/edit", this.dataAuditLog) + .then((resp) => { + var rdata = resp.data; + console.log(rdata); + if (rdata.code === 0) { + this.$message.success(rdata.msg); + } else { + this.$message.error(rdata.msg); + } + }); break; - case "dataCert": - axios.post('/set/other/createcert', this.dataCert).then(resp => { - var rdata = resp.data + case "letsCert": + axios.post("/set/other/createcert", this.letsCert).then((resp) => { + var rdata = resp.data; console.log(rdata); if (rdata.code === 0) { this.$message.success(rdata.msg); } else { this.$message.error(rdata.msg); } - }) + }); break; case "customCert": - var formData = new FormData() - formData.append('cert', this.customCert.cert) - formData.append('key', this.customCert.key) - axios.post(this.certUpload, formData).then(resp => { - var rdata = resp.data + var formData = new FormData(); + formData.append("cert", this.customCert.cert); + formData.append("key", this.customCert.key); + axios.post(this.certUpload, formData).then((resp) => { + var rdata = resp.data; console.log(rdata); if (rdata.code === 0) { this.$message.success(rdata.msg); } else { this.$message.error(rdata.msg); } - }) - break; + }); + break; case "dataOther": - axios.post('/set/other/edit', this.dataOther).then(resp => { - var rdata = resp.data + axios.post("/set/other/edit", this.dataOther).then((resp) => { + var rdata = resp.data; console.log(rdata); if (rdata.code === 0) { this.$message.success(rdata.msg); } else { this.$message.error(rdata.msg); } - }) + }); break; } - }); }, resetForm(formName) { this.$refs[formName].resetFields(); - } + }, }, -} +}; From 748adadd1ec40353223ea55c7942161cdee92cc3 Mon Sep 17 00:00:00 2001 From: wsczx Date: Tue, 4 Apr 2023 22:35:40 +0800 Subject: [PATCH 3/8] =?UTF-8?q?=E4=BF=9D=E5=AD=98Lego=E6=B3=A8=E5=86=8C?= =?UTF-8?q?=E4=BF=A1=E6=81=AF=EF=BC=8C=E9=81=BF=E5=85=8D=E9=87=8D=E5=A4=8D?= =?UTF-8?q?=E6=B3=A8=E5=86=8C=E5=AF=BC=E8=87=B4=E5=A4=B1=E8=B4=A5=20?= =?UTF-8?q?=E4=BC=98=E5=8C=96=E5=8A=A8=E6=80=81=E5=8A=A0=E8=BD=BDTLS?= =?UTF-8?q?=E8=AF=81=E4=B9=A6=E6=80=A7=E8=83=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- server/admin/api_cert.go | 137 +++++++++++++++------------------------ server/admin/server.go | 19 ++++-- server/dbdata/cert.go | 119 ++++++++++++++++++++++++++++++++++ server/dbdata/db.go | 35 ++++++---- server/dbdata/setting.go | 21 ------ server/handler/server.go | 11 ++-- 6 files changed, 214 insertions(+), 128 deletions(-) create mode 100755 server/dbdata/cert.go diff --git a/server/admin/api_cert.go b/server/admin/api_cert.go index 7b0b162..677e36c 100755 --- a/server/admin/api_cert.go +++ b/server/admin/api_cert.go @@ -1,18 +1,14 @@ package admin import ( - "crypto" - "crypto/ecdsa" - "crypto/elliptic" - "crypto/rand" "crypto/tls" "crypto/x509" - "encoding/base64" "encoding/json" "fmt" "io" "net/http" "os" + "sync" "time" "github.com/bjdgyc/anylink/base" @@ -21,32 +17,15 @@ import ( "github.com/go-acme/lego/v4/certificate" "github.com/go-acme/lego/v4/challenge/dns01" "github.com/go-acme/lego/v4/lego" - "github.com/go-acme/lego/v4/providers/dns/alidns" - "github.com/go-acme/lego/v4/providers/dns/cloudflare" - "github.com/go-acme/lego/v4/providers/dns/tencentcloud" "github.com/go-acme/lego/v4/registration" - "github.com/xenolf/lego/challenge" - "golang.org/x/crypto/scrypt" ) -type LegoUser struct { - Email string - Registration *registration.Resource - key crypto.PrivateKey -} type LeGoClient struct { + mutex sync.Mutex Client *lego.Client + dbdata.LegoUserData } -func (u *LegoUser) GetEmail() string { - return u.Email -} -func (u LegoUser) GetRegistration() *registration.Resource { - return u.Registration -} -func (u *LegoUser) GetPrivateKey() crypto.PrivateKey { - return u.key -} func CustomCert(w http.ResponseWriter, r *http.Request) { cert, _, err := r.FormFile("cert") if err != nil { @@ -78,18 +57,18 @@ func CustomCert(w http.ResponseWriter, r *http.Request) { RespError(w, RespInternalErr, err) return } + if tlscert, _, err := ParseCert(); err != nil { + return + } else { + dbdata.TLSCert = tlscert + } RespSucess(w, "上传成功") } func GetCertSetting(w http.ResponseWriter, r *http.Request) { - data := &dbdata.SettingDnsProvider{} + data := &dbdata.SettingLetsEncrypt{} if err := dbdata.SettingGet(data); err != nil { RespError(w, RespInternalErr, err) } - data.AliYun.APIKey = Scrypt(data.AliYun.APIKey) - data.AliYun.SecretKey = Scrypt(data.AliYun.SecretKey) - data.TXCloud.SecretID = Scrypt(data.TXCloud.SecretID) - data.TXCloud.SecretKey = Scrypt(data.TXCloud.SecretKey) - data.CfCloud.AuthKey = Scrypt(data.CfCloud.AuthKey) RespSucess(w, data) } func CreatCert(w http.ResponseWriter, r *http.Request) { @@ -103,7 +82,7 @@ func CreatCert(w http.ResponseWriter, r *http.Request) { return } defer r.Body.Close() - config := &dbdata.SettingDnsProvider{} + config := &dbdata.SettingLetsEncrypt{} err = json.Unmarshal(body, config) if err != nil { RespError(w, RespInternalErr, err) @@ -113,8 +92,8 @@ func CreatCert(w http.ResponseWriter, r *http.Request) { RespError(w, RespInternalErr, err) return } - client, err := NewLeGoClient(config) - if err != nil { + client := LeGoClient{} + if err := client.NewClient(config); err != nil { base.Error(err) RespError(w, RespInternalErr, fmt.Sprintf("获取证书失败:%v", err)) return @@ -128,13 +107,13 @@ func CreatCert(w http.ResponseWriter, r *http.Request) { } func ReNewCert() { - certtime, err := GetCerttime() + _, certtime, err := ParseCert() if err != nil { base.Error(err) return } if certtime.AddDate(0, 0, -7).Before(time.Now()) { - config := &dbdata.SettingDnsProvider{} + config := &dbdata.SettingLetsEncrypt{} if err := dbdata.SettingGet(config); err != nil { base.Error(err) return @@ -143,8 +122,8 @@ func ReNewCert() { return } if config.Renew { - client, err := NewLeGoClient(config) - if err != nil { + client := &LeGoClient{} + if err := client.NewClient(config); err != nil { base.Error(err) return } @@ -158,51 +137,38 @@ func ReNewCert() { base.Info(fmt.Sprintf("证书过期时间:%s", certtime.Local().Format("2006-1-2 15:04:05"))) } -func NewLeGoClient(d *dbdata.SettingDnsProvider) (*LeGoClient, error) { - privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) +func (c *LeGoClient) NewClient(l *dbdata.SettingLetsEncrypt) error { + c.mutex.Lock() + defer c.mutex.Unlock() + legouser, err := c.GetUserData(l) if err != nil { - return nil, err + return err } - legoUser := LegoUser{ - Email: d.Legomail, - key: privateKey, - } - config := lego.NewConfig(&legoUser) + config := lego.NewConfig(legouser) config.CADirURL = lego.LEDirectoryProduction config.Certificate.KeyType = certcrypto.RSA2048 client, err := lego.NewClient(config) if err != nil { - return nil, err + return err } - if _, err := client.Registration.ResolveAccountByKey(); err != nil { - reg, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true}) - if err != nil { - return nil, err - } - legoUser.Registration = reg - } - var Provider challenge.Provider - switch d.Name { - case "aliyun": - if Provider, err = alidns.NewDNSProviderConfig(&alidns.Config{APIKey: d.AliYun.APIKey, SecretKey: d.AliYun.SecretKey, TTL: 600}); err != nil { - return nil, err - } - case "txcloud": - if Provider, err = tencentcloud.NewDNSProviderConfig(&tencentcloud.Config{SecretID: d.TXCloud.SecretID, SecretKey: d.TXCloud.SecretKey, TTL: 600}); err != nil { - return nil, err - } - case "cloudflare": - if Provider, err = cloudflare.NewDNSProviderConfig(&cloudflare.Config{AuthEmail: d.CfCloud.AuthEmail, AuthKey: d.CfCloud.AuthKey, TTL: 600}); err != nil { - return nil, err - } + Provider, err := dbdata.GetDNSProvider(l) + if err != nil { + return err } if err := client.Challenge.SetDNS01Provider(Provider, dns01.AddRecursiveNameservers([]string{"114.114.114.114", "114.114.115.115"})); err != nil { - return nil, err + return err } - return &LeGoClient{ - Client: client, - }, nil + if legouser.Registration == nil { + reg, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true}) + if err != nil { + return err + } + legouser.Registration = reg + c.SaveUserData(legouser) + } + c.Client = client + return nil } func (c *LeGoClient) GetCertificate(domain string) error { // 申请证书 @@ -250,6 +216,11 @@ func SaveCertificate(cert *certificate.Resource) error { if err != nil { return err } + if tlscert, _, err := ParseCert(); err != nil { + return err + } else { + dbdata.TLSCert = tlscert + } return nil } @@ -268,24 +239,24 @@ func LoadCertResource(certFile, keyFile string) (*certificate.Resource, error) { }, nil } -func GetCerttime() (*time.Time, error) { +func ParseCert() (*tls.Certificate, *time.Time, error) { cert, err := tls.LoadX509KeyPair(base.Cfg.CertFile, base.Cfg.CertKey) if err != nil { - return nil, err + return nil, nil, err } parseCert, err := x509.ParseCertificate(cert.Certificate[0]) if err != nil { - return nil, err + return nil, nil, err } certtime := parseCert.NotAfter - return &certtime, nil + return &cert, &certtime, nil } -func Scrypt(passwd string) string { - salt := []byte{0xc8, 0x28, 0xf2, 0x58, 0xa7, 0x6a, 0xad, 0x7b} - hashPasswd, err := scrypt.Key([]byte(passwd), salt, 1<<15, 8, 1, 32) - if err != nil { - return err.Error() - } - return base64.StdEncoding.EncodeToString(hashPasswd) -} +// func Scrypt(passwd string) string { +// salt := []byte{0xc8, 0x28, 0xf2, 0x58, 0xa7, 0x6a, 0xad, 0x7b} +// hashPasswd, err := scrypt.Key([]byte(passwd), salt, 1<<15, 8, 1, 32) +// if err != nil { +// return err.Error() +// } +// return base64.StdEncoding.EncodeToString(hashPasswd) +// } diff --git a/server/admin/server.go b/server/admin/server.go index ee4d31d..283d2e9 100644 --- a/server/admin/server.go +++ b/server/admin/server.go @@ -9,6 +9,7 @@ import ( "github.com/arl/statsviz" "github.com/bjdgyc/anylink/base" + "github.com/bjdgyc/anylink/dbdata" "github.com/gorilla/handlers" "github.com/gorilla/mux" ) @@ -99,17 +100,25 @@ func StartAdmin() { for _, s := range cipherSuites { selectedCipherSuites = append(selectedCipherSuites, s.ID) } + + if tlscert, _, err := ParseCert(); err != nil { + base.Error(err) + return + } else { + dbdata.TLSCert = tlscert + } + // 设置tls信息 tlsConfig := &tls.Config{ NextProtos: []string{"http/1.1"}, MinVersion: tls.VersionTLS12, CipherSuites: selectedCipherSuites, GetCertificate: func(*tls.ClientHelloInfo) (*tls.Certificate, error) { - cert, err := tls.LoadX509KeyPair(base.Cfg.CertFile, base.Cfg.CertKey) - if err != nil { - return nil, err - } - return &cert, nil + // cert, err := tls.LoadX509KeyPair(base.Cfg.CertFile, base.Cfg.CertKey) + // if err != nil { + // return nil, err + // } + return dbdata.TLSCert, nil }, } srv := &http.Server{ diff --git a/server/dbdata/cert.go b/server/dbdata/cert.go new file mode 100755 index 0000000..63f311b --- /dev/null +++ b/server/dbdata/cert.go @@ -0,0 +1,119 @@ +package dbdata + +import ( + "crypto" + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "crypto/tls" + "crypto/x509" + + "github.com/go-acme/lego/v4/providers/dns/alidns" + "github.com/go-acme/lego/v4/providers/dns/cloudflare" + "github.com/go-acme/lego/v4/providers/dns/tencentcloud" + "github.com/go-acme/lego/v4/registration" + "github.com/xenolf/lego/challenge" +) + +var TLSCert *tls.Certificate + +type SettingLetsEncrypt struct { + // LegoUser LegoUser + Domain string `json:"domain"` + Legomail string `json:"legomail"` + Name string `json:"name"` + Renew bool `json:"renew"` + DNSProvider +} + +type DNSProvider struct { + AliYun struct { + APIKey string `json:"apiKey"` + SecretKey string `json:"secretKey"` + } `json:"aliyun"` + + TXCloud struct { + SecretID string `json:"secretId"` + SecretKey string `json:"secretKey"` + } `json:"txcloud"` + CfCloud struct { + AuthEmail string `json:"authEmail"` + AuthKey string `json:"authKey"` + } `json:"cfcloud"` +} +type LegoUserData struct { + Email string `json:"email"` + Registration *registration.Resource `json:"registration"` + Key []byte `json:"key"` +} +type LegoUser struct { + Email string + Registration *registration.Resource + Key *ecdsa.PrivateKey +} + +func GetDNSProvider(l *SettingLetsEncrypt) (Provider challenge.Provider, err error) { + switch l.Name { + case "aliyun": + if Provider, err = alidns.NewDNSProviderConfig(&alidns.Config{APIKey: l.DNSProvider.AliYun.APIKey, SecretKey: l.DNSProvider.AliYun.SecretKey, TTL: 600}); err != nil { + return + } + case "txcloud": + if Provider, err = tencentcloud.NewDNSProviderConfig(&tencentcloud.Config{SecretID: l.DNSProvider.TXCloud.SecretID, SecretKey: l.DNSProvider.TXCloud.SecretKey, TTL: 600}); err != nil { + return + } + case "cloudflare": + if Provider, err = cloudflare.NewDNSProviderConfig(&cloudflare.Config{AuthEmail: l.DNSProvider.CfCloud.AuthEmail, AuthKey: l.DNSProvider.CfCloud.AuthKey, TTL: 600}); err != nil { + return + } + } + return +} +func (u *LegoUser) GetEmail() string { + return u.Email +} +func (u LegoUser) GetRegistration() *registration.Resource { + return u.Registration +} +func (u *LegoUser) GetPrivateKey() crypto.PrivateKey { + return u.Key +} + +func (l *LegoUserData) SaveUserData(u *LegoUser) error { + key, err := x509.MarshalECPrivateKey(u.Key) + if err != nil { + return err + } + l.Email = u.Email + l.Registration = u.Registration + l.Key = key + if err := SettingSet(l); err != nil { + return err + } + return nil +} + +func (l *LegoUserData) GetUserData(d *SettingLetsEncrypt) (*LegoUser, error) { + if err := SettingGet(l); err != nil { + return nil, err + } + if l.Email != "" { + key, err := x509.ParseECPrivateKey(l.Key) + if err != nil { + return nil, err + } + return &LegoUser{ + Email: l.Email, + Registration: l.Registration, + Key: key, + }, nil + } + privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + if err != nil { + return nil, err + } + return &LegoUser{ + Email: d.Legomail, + Key: privateKey, + }, nil +} diff --git a/server/dbdata/db.go b/server/dbdata/db.go index 149534d..293e9b8 100644 --- a/server/dbdata/db.go +++ b/server/dbdata/db.go @@ -100,28 +100,35 @@ func addInitData() error { } // SettingDnsProvider - provider := &SettingDnsProvider{ + provider := &SettingLetsEncrypt{ Domain: "vpn.xxx.com", Legomail: "legomail", - Name: "", + Name: "aliyun", Renew: false, - AliYun: struct { - APIKey string `json:"apiKey"` - SecretKey string `json:"secretKey"` - }{APIKey: "", SecretKey: ""}, - TXCloud: struct { - SecretID string `json:"secretId"` - SecretKey string `json:"secretKey"` - }{SecretID: "", SecretKey: ""}, - CfCloud: struct { - AuthEmail string `json:"authEmail"` - AuthKey string `json:"authKey"` - }{AuthEmail: "", AuthKey: ""}, + DNSProvider: DNSProvider{ + AliYun: struct { + APIKey string `json:"apiKey"` + SecretKey string `json:"secretKey"` + }{APIKey: "", SecretKey: ""}, + TXCloud: struct { + SecretID string `json:"secretId"` + SecretKey string `json:"secretKey"` + }{SecretID: "", SecretKey: ""}, + CfCloud: struct { + AuthEmail string `json:"authEmail"` + AuthKey string `json:"authKey"` + }{AuthEmail: "", AuthKey: ""}}, } err = SettingSessAdd(sess, provider) if err != nil { return err } + // LegoUser + legouser := &LegoUserData{} + err = SettingSessAdd(sess, legouser) + if err != nil { + return err + } // SettingOther other := &SettingOther{ LinkAddr: "vpn.xx.com", diff --git a/server/dbdata/setting.go b/server/dbdata/setting.go index 4cba04f..c7e0a36 100644 --- a/server/dbdata/setting.go +++ b/server/dbdata/setting.go @@ -33,26 +33,6 @@ type SettingOther struct { AccountMail string `json:"account_mail"` } -type SettingDnsProvider struct { - Domain string `json:"domain"` - Legomail string `json:"legomail"` - Name string `json:"name"` - Renew bool `json:"renew"` - AliYun struct { - APIKey string `json:"apiKey"` - SecretKey string `json:"secretKey"` - } `json:"aliyun"` - - TXCloud struct { - SecretID string `json:"secretId"` - SecretKey string `json:"secretKey"` - } `json:"txcloud"` - CfCloud struct { - AuthEmail string `json:"authEmail"` - AuthKey string `json:"authKey"` - } `json:"cfcloud"` -} - func StructName(data interface{}) string { ref := reflect.ValueOf(data) s := &ref @@ -69,7 +49,6 @@ func SettingSessAdd(sess *xorm.Session, data interface{}) error { v, _ := json.Marshal(data) s := &Setting{Name: name, Data: v} _, err := sess.InsertOne(s) - return err } diff --git a/server/handler/server.go b/server/handler/server.go index bedd7d5..f6b4e65 100644 --- a/server/handler/server.go +++ b/server/handler/server.go @@ -11,6 +11,7 @@ import ( "time" "github.com/bjdgyc/anylink/base" + "github.com/bjdgyc/anylink/dbdata" "github.com/gorilla/mux" "github.com/pires/go-proxyproto" ) @@ -49,11 +50,11 @@ func startTls() { MinVersion: tls.VersionTLS12, CipherSuites: selectedCipherSuites, GetCertificate: func(*tls.ClientHelloInfo) (*tls.Certificate, error) { - cert, err := tls.LoadX509KeyPair(base.Cfg.CertFile, base.Cfg.CertKey) - if err != nil { - return nil, err - } - return &cert, nil + // cert, err := tls.LoadX509KeyPair(base.Cfg.CertFile, base.Cfg.CertKey) + // if err != nil { + // return nil, err + // } + return dbdata.TLSCert, nil }, // InsecureSkipVerify: true, } From b3e7212b03af5fa6c1e02ed249324043300acfef Mon Sep 17 00:00:00 2001 From: wsczx Date: Wed, 5 Apr 2023 02:00:57 +0800 Subject: [PATCH 4/8] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E6=A0=A1=E9=AA=8C?= =?UTF-8?q?=E8=AF=81=E4=B9=A6=E5=90=88=E6=B3=95=E6=80=A7=EF=BC=8C=E4=B8=8D?= =?UTF-8?q?=E5=90=88=E6=B3=95=E6=88=96=E4=B8=8D=E5=AD=98=E5=9C=A8=E5=88=99?= =?UTF-8?q?=E5=88=9B=E5=BB=BA=E4=B8=80=E4=B8=AA=E8=87=AA=E7=AD=BE=E5=90=8D?= =?UTF-8?q?=E8=AF=81=E4=B9=A6=EF=BC=8C=E4=BF=9D=E8=AF=81=E6=9C=8D=E5=8A=A1?= =?UTF-8?q?=E6=AD=A3=E5=B8=B8=E5=90=AF=E5=8A=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- server/admin/api_cert.go | 53 +++++++++++++++++++++++++++++++++++++ web/src/pages/set/Other.vue | 2 -- 2 files changed, 53 insertions(+), 2 deletions(-) diff --git a/server/admin/api_cert.go b/server/admin/api_cert.go index 677e36c..8e4a83a 100755 --- a/server/admin/api_cert.go +++ b/server/admin/api_cert.go @@ -1,11 +1,17 @@ package admin import ( + "crypto/rand" + "crypto/rsa" "crypto/tls" "crypto/x509" + "crypto/x509/pkix" "encoding/json" + "encoding/pem" "fmt" "io" + "math/big" + "net" "net/http" "os" "sync" @@ -58,6 +64,10 @@ func CustomCert(w http.ResponseWriter, r *http.Request) { return } if tlscert, _, err := ParseCert(); err != nil { + if err := PrivateCert(); err != nil { + base.Error(err) + } + RespError(w, RespInternalErr, fmt.Sprintf("证书不合法,请重新上传:%v", err)) return } else { dbdata.TLSCert = tlscert @@ -240,6 +250,11 @@ func LoadCertResource(certFile, keyFile string) (*certificate.Resource, error) { } func ParseCert() (*tls.Certificate, *time.Time, error) { + _, certErr := os.Stat(base.Cfg.CertFile) + _, keyErr := os.Stat(base.Cfg.CertKey) + if os.IsNotExist(certErr) || os.IsNotExist(keyErr) { + PrivateCert() + } cert, err := tls.LoadX509KeyPair(base.Cfg.CertFile, base.Cfg.CertKey) if err != nil { return nil, nil, err @@ -251,6 +266,44 @@ func ParseCert() (*tls.Certificate, *time.Time, error) { certtime := parseCert.NotAfter return &cert, &certtime, nil } +func PrivateCert() error { + // 创建一个RSA密钥对 + priv, _ := rsa.GenerateKey(rand.Reader, 2048) + pub := &priv.PublicKey + + // 生成一个自签名证书 + template := x509.Certificate{ + SerialNumber: big.NewInt(1658), + Subject: pkix.Name{CommonName: "localhost"}, + NotBefore: time.Now(), + NotAfter: time.Now().Add(time.Hour * 24 * 365), + KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, + BasicConstraintsValid: true, + IPAddresses: []net.IP{}, + } + + derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, pub, priv) + if err != nil { + return err + } + + // 将证书编码为PEM格式并将其写入文件 + certOut, _ := os.OpenFile(base.Cfg.CertFile, os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0600) + pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}) + certOut.Close() + + // 将私钥编码为PEM格式并将其写入文件 + keyOut, _ := os.OpenFile(base.Cfg.CertKey, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) + pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)}) + keyOut.Close() + cert, err := tls.LoadX509KeyPair(base.Cfg.CertFile, base.Cfg.CertKey) + if err != nil { + return err + } + dbdata.TLSCert = &cert + return nil +} // func Scrypt(passwd string) string { // salt := []byte{0xc8, 0x28, 0xf2, 0x58, 0xa7, 0x6a, 0xad, 0x7b} diff --git a/web/src/pages/set/Other.vue b/web/src/pages/set/Other.vue index 118e864..04a0e9b 100644 --- a/web/src/pages/set/Other.vue +++ b/web/src/pages/set/Other.vue @@ -348,8 +348,6 @@ export default { name: { required: true, message: "请选择域名服务商", trigger: "blur" }, }, certUpload: "/set/other/customcert", - certFileList: [], - keyFileList: [], dnsProvider: { aliyun: [ { From bc7c61c33732ccc3678b8dfd07a7c6da54da4f18 Mon Sep 17 00:00:00 2001 From: wsczx Date: Thu, 6 Apr 2023 12:29:21 +0800 Subject: [PATCH 5/8] =?UTF-8?q?=E4=BC=98=E5=8C=96=E4=BB=A3=E7=A0=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- server/admin/api_cert.go | 228 +-------------------------------------- server/admin/server.go | 7 +- server/cron/start.go | 4 +- server/dbdata/cert.go | 206 ++++++++++++++++++++++++++++++++++- server/handler/server.go | 4 - 5 files changed, 211 insertions(+), 238 deletions(-) diff --git a/server/admin/api_cert.go b/server/admin/api_cert.go index 8e4a83a..15018e5 100755 --- a/server/admin/api_cert.go +++ b/server/admin/api_cert.go @@ -1,37 +1,16 @@ package admin import ( - "crypto/rand" - "crypto/rsa" - "crypto/tls" - "crypto/x509" - "crypto/x509/pkix" "encoding/json" - "encoding/pem" "fmt" "io" - "math/big" - "net" "net/http" "os" - "sync" - "time" "github.com/bjdgyc/anylink/base" "github.com/bjdgyc/anylink/dbdata" - "github.com/go-acme/lego/v4/certcrypto" - "github.com/go-acme/lego/v4/certificate" - "github.com/go-acme/lego/v4/challenge/dns01" - "github.com/go-acme/lego/v4/lego" - "github.com/go-acme/lego/v4/registration" ) -type LeGoClient struct { - mutex sync.Mutex - Client *lego.Client - dbdata.LegoUserData -} - func CustomCert(w http.ResponseWriter, r *http.Request) { cert, _, err := r.FormFile("cert") if err != nil { @@ -63,10 +42,7 @@ func CustomCert(w http.ResponseWriter, r *http.Request) { RespError(w, RespInternalErr, err) return } - if tlscert, _, err := ParseCert(); err != nil { - if err := PrivateCert(); err != nil { - base.Error(err) - } + if tlscert, _, err := dbdata.ParseCert(); err != nil { RespError(w, RespInternalErr, fmt.Sprintf("证书不合法,请重新上传:%v", err)) return } else { @@ -102,214 +78,16 @@ func CreatCert(w http.ResponseWriter, r *http.Request) { RespError(w, RespInternalErr, err) return } - client := LeGoClient{} + client := dbdata.LeGoClient{} if err := client.NewClient(config); err != nil { base.Error(err) RespError(w, RespInternalErr, fmt.Sprintf("获取证书失败:%v", err)) return } - if err := client.GetCertificate(config.Domain); err != nil { + if err := client.GetCert(config.Domain); err != nil { base.Error(err) RespError(w, RespInternalErr, fmt.Sprintf("获取证书失败:%v", err)) return } RespSucess(w, "生成证书成功") } - -func ReNewCert() { - _, certtime, err := ParseCert() - if err != nil { - base.Error(err) - return - } - if certtime.AddDate(0, 0, -7).Before(time.Now()) { - config := &dbdata.SettingLetsEncrypt{} - if err := dbdata.SettingGet(config); err != nil { - base.Error(err) - return - } - if config.Domain == "" { - return - } - if config.Renew { - client := &LeGoClient{} - if err := client.NewClient(config); err != nil { - base.Error(err) - return - } - if err := client.RenewCert(base.Cfg.CertFile, base.Cfg.CertKey); err != nil { - base.Error(err) - return - } - base.Info("证书续期成功") - } - } - base.Info(fmt.Sprintf("证书过期时间:%s", certtime.Local().Format("2006-1-2 15:04:05"))) -} - -func (c *LeGoClient) NewClient(l *dbdata.SettingLetsEncrypt) error { - c.mutex.Lock() - defer c.mutex.Unlock() - legouser, err := c.GetUserData(l) - if err != nil { - return err - } - config := lego.NewConfig(legouser) - config.CADirURL = lego.LEDirectoryProduction - config.Certificate.KeyType = certcrypto.RSA2048 - - client, err := lego.NewClient(config) - if err != nil { - return err - } - Provider, err := dbdata.GetDNSProvider(l) - if err != nil { - return err - } - if err := client.Challenge.SetDNS01Provider(Provider, dns01.AddRecursiveNameservers([]string{"114.114.114.114", "114.114.115.115"})); err != nil { - return err - } - if legouser.Registration == nil { - reg, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true}) - if err != nil { - return err - } - legouser.Registration = reg - c.SaveUserData(legouser) - } - c.Client = client - return nil -} -func (c *LeGoClient) GetCertificate(domain string) error { - // 申请证书 - certificates, err := c.Client.Certificate.Obtain( - certificate.ObtainRequest{ - Domains: []string{domain}, - Bundle: true, - }) - if err != nil { - return err - } - // 保存证书 - if err := SaveCertificate(certificates); err != nil { - return err - } - return nil -} - -func (c *LeGoClient) RenewCert(certFile, keyFile string) error { - cert, err := LoadCertResource(certFile, keyFile) - if err != nil { - return err - } - // 续期证书 - renewcert, err := c.Client.Certificate.Renew(certificate.Resource{ - Certificate: cert.Certificate, - PrivateKey: cert.PrivateKey, - }, true, false, "") - if err != nil { - return err - } - // 保存更新证书 - if err := SaveCertificate(renewcert); err != nil { - return err - } - return nil -} - -func SaveCertificate(cert *certificate.Resource) error { - err := os.WriteFile(base.Cfg.CertFile, cert.Certificate, 0600) - if err != nil { - return err - } - err = os.WriteFile(base.Cfg.CertKey, cert.PrivateKey, 0600) - if err != nil { - return err - } - if tlscert, _, err := ParseCert(); err != nil { - return err - } else { - dbdata.TLSCert = tlscert - } - return nil -} - -func LoadCertResource(certFile, keyFile string) (*certificate.Resource, error) { - cert, err := os.ReadFile(certFile) - if err != nil { - return nil, err - } - key, err := os.ReadFile(keyFile) - if err != nil { - return nil, err - } - return &certificate.Resource{ - Certificate: cert, - PrivateKey: key, - }, nil -} - -func ParseCert() (*tls.Certificate, *time.Time, error) { - _, certErr := os.Stat(base.Cfg.CertFile) - _, keyErr := os.Stat(base.Cfg.CertKey) - if os.IsNotExist(certErr) || os.IsNotExist(keyErr) { - PrivateCert() - } - cert, err := tls.LoadX509KeyPair(base.Cfg.CertFile, base.Cfg.CertKey) - if err != nil { - return nil, nil, err - } - parseCert, err := x509.ParseCertificate(cert.Certificate[0]) - if err != nil { - return nil, nil, err - } - certtime := parseCert.NotAfter - return &cert, &certtime, nil -} -func PrivateCert() error { - // 创建一个RSA密钥对 - priv, _ := rsa.GenerateKey(rand.Reader, 2048) - pub := &priv.PublicKey - - // 生成一个自签名证书 - template := x509.Certificate{ - SerialNumber: big.NewInt(1658), - Subject: pkix.Name{CommonName: "localhost"}, - NotBefore: time.Now(), - NotAfter: time.Now().Add(time.Hour * 24 * 365), - KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, - ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, - BasicConstraintsValid: true, - IPAddresses: []net.IP{}, - } - - derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, pub, priv) - if err != nil { - return err - } - - // 将证书编码为PEM格式并将其写入文件 - certOut, _ := os.OpenFile(base.Cfg.CertFile, os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0600) - pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}) - certOut.Close() - - // 将私钥编码为PEM格式并将其写入文件 - keyOut, _ := os.OpenFile(base.Cfg.CertKey, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) - pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)}) - keyOut.Close() - cert, err := tls.LoadX509KeyPair(base.Cfg.CertFile, base.Cfg.CertKey) - if err != nil { - return err - } - dbdata.TLSCert = &cert - return nil -} - -// func Scrypt(passwd string) string { -// salt := []byte{0xc8, 0x28, 0xf2, 0x58, 0xa7, 0x6a, 0xad, 0x7b} -// hashPasswd, err := scrypt.Key([]byte(passwd), salt, 1<<15, 8, 1, 32) -// if err != nil { -// return err.Error() -// } -// return base64.StdEncoding.EncodeToString(hashPasswd) -// } diff --git a/server/admin/server.go b/server/admin/server.go index 283d2e9..e7171af 100644 --- a/server/admin/server.go +++ b/server/admin/server.go @@ -100,8 +100,7 @@ func StartAdmin() { for _, s := range cipherSuites { selectedCipherSuites = append(selectedCipherSuites, s.ID) } - - if tlscert, _, err := ParseCert(); err != nil { + if tlscert, _, err := dbdata.ParseCert(); err != nil { base.Error(err) return } else { @@ -114,10 +113,6 @@ func StartAdmin() { MinVersion: tls.VersionTLS12, CipherSuites: selectedCipherSuites, GetCertificate: func(*tls.ClientHelloInfo) (*tls.Certificate, error) { - // cert, err := tls.LoadX509KeyPair(base.Cfg.CertFile, base.Cfg.CertKey) - // if err != nil { - // return nil, err - // } return dbdata.TLSCert, nil }, } diff --git a/server/cron/start.go b/server/cron/start.go index d39715f..a2ff4c2 100644 --- a/server/cron/start.go +++ b/server/cron/start.go @@ -3,7 +3,7 @@ package cron import ( "time" - "github.com/bjdgyc/anylink/admin" + "github.com/bjdgyc/anylink/dbdata" "github.com/bjdgyc/anylink/sessdata" "github.com/go-co-op/gocron" ) @@ -14,6 +14,6 @@ func Start() { s.Cron("0 * * * *").Do(ClearStatsInfo) s.Cron("0 * * * *").Do(ClearUserActLog) s.Every(1).Day().At("00:00").Do(sessdata.CloseUserLimittimeSession) - s.Every(1).Day().At("00:00").Do(admin.ReNewCert) + s.Every(1).Day().At("00:00").Do(dbdata.ReNewCert) s.StartAsync() } diff --git a/server/dbdata/cert.go b/server/dbdata/cert.go index 63f311b..a6e8221 100755 --- a/server/dbdata/cert.go +++ b/server/dbdata/cert.go @@ -5,9 +5,24 @@ import ( "crypto/ecdsa" "crypto/elliptic" "crypto/rand" + "crypto/rsa" "crypto/tls" "crypto/x509" + "crypto/x509/pkix" + "encoding/pem" + "errors" + "fmt" + "math/big" + "net" + "os" + "sync" + "time" + "github.com/bjdgyc/anylink/base" + "github.com/go-acme/lego/v4/certcrypto" + "github.com/go-acme/lego/v4/certificate" + "github.com/go-acme/lego/v4/challenge/dns01" + "github.com/go-acme/lego/v4/lego" "github.com/go-acme/lego/v4/providers/dns/alidns" "github.com/go-acme/lego/v4/providers/dns/cloudflare" "github.com/go-acme/lego/v4/providers/dns/tencentcloud" @@ -18,7 +33,6 @@ import ( var TLSCert *tls.Certificate type SettingLetsEncrypt struct { - // LegoUser LegoUser Domain string `json:"domain"` Legomail string `json:"legomail"` Name string `json:"name"` @@ -52,6 +66,13 @@ type LegoUser struct { Key *ecdsa.PrivateKey } +type LeGoClient struct { + mutex sync.Mutex + Client *lego.Client + Cert *certificate.Resource + LegoUserData +} + func GetDNSProvider(l *SettingLetsEncrypt) (Provider challenge.Provider, err error) { switch l.Name { case "aliyun": @@ -117,3 +138,186 @@ func (l *LegoUserData) GetUserData(d *SettingLetsEncrypt) (*LegoUser, error) { Key: privateKey, }, nil } +func ReNewCert() { + _, certtime, err := ParseCert() + if err != nil { + base.Error(err) + return + } + if certtime.AddDate(0, 0, -7).Before(time.Now()) { + config := &SettingLetsEncrypt{} + if err := SettingGet(config); err != nil { + base.Error(err) + return + } + if config.Renew { + client := &LeGoClient{} + if err := client.NewClient(config); err != nil { + base.Error(err) + return + } + if err := client.RenewCert(base.Cfg.CertFile, base.Cfg.CertKey); err != nil { + base.Error(err) + return + } + base.Info("证书续期成功") + } + } else { + base.Info(fmt.Sprintf("证书过期时间:%s", certtime.Local().Format("2006-1-2 15:04:05"))) + } +} + +func (c *LeGoClient) NewClient(l *SettingLetsEncrypt) error { + c.mutex.Lock() + defer c.mutex.Unlock() + legouser, err := c.GetUserData(l) + if err != nil { + return err + } + config := lego.NewConfig(legouser) + config.CADirURL = lego.LEDirectoryStaging + config.Certificate.KeyType = certcrypto.RSA2048 + + client, err := lego.NewClient(config) + if err != nil { + return err + } + Provider, err := GetDNSProvider(l) + if err != nil { + return err + } + if err := client.Challenge.SetDNS01Provider(Provider, dns01.AddRecursiveNameservers([]string{"114.114.114.114", "114.114.115.115"})); err != nil { + return err + } + if legouser.Registration == nil { + reg, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true}) + if err != nil { + return err + } + legouser.Registration = reg + c.SaveUserData(legouser) + } + c.Client = client + return nil +} +func (c *LeGoClient) GetCert(domain string) error { + // 申请证书 + certificates, err := c.Client.Certificate.Obtain( + certificate.ObtainRequest{ + Domains: []string{domain}, + Bundle: true, + }) + if err != nil { + return err + } + c.Cert = certificates + // 保存证书 + if err := c.SaveCert(); err != nil { + return err + } + return nil +} + +func (c *LeGoClient) RenewCert(certFile, keyFile string) error { + cert, err := os.ReadFile(certFile) + if err != nil { + return err + } + key, err := os.ReadFile(keyFile) + if err != nil { + return err + } + // 续期证书 + renewcert, err := c.Client.Certificate.Renew(certificate.Resource{ + Certificate: cert, + PrivateKey: key, + }, true, false, "") + if err != nil { + return err + } + c.Cert = renewcert + // 保存更新证书 + if err := c.SaveCert(); err != nil { + return err + } + return nil +} + +func (c *LeGoClient) SaveCert() error { + err := os.WriteFile(base.Cfg.CertFile, c.Cert.Certificate, 0600) + if err != nil { + return err + } + err = os.WriteFile(base.Cfg.CertKey, c.Cert.PrivateKey, 0600) + if err != nil { + return err + } + if tlscert, _, err := ParseCert(); err != nil { + return err + } else { + TLSCert = tlscert + } + return nil +} + +func ParseCert() (*tls.Certificate, *time.Time, error) { + os.Stat(base.Cfg.CertFile) + os.Stat(base.Cfg.CertKey) + cert, err := tls.LoadX509KeyPair(base.Cfg.CertFile, base.Cfg.CertKey) + if err != nil || errors.Is(err, os.ErrNotExist) { + PrivateCert() + return nil, nil, err + } + parseCert, err := x509.ParseCertificate(cert.Certificate[0]) + if err != nil { + return nil, nil, err + } + return &cert, &parseCert.NotAfter, nil +} +func PrivateCert() error { + // 创建一个RSA密钥对 + priv, _ := rsa.GenerateKey(rand.Reader, 2048) + pub := &priv.PublicKey + + // 生成一个自签名证书 + template := x509.Certificate{ + SerialNumber: big.NewInt(1658), + Subject: pkix.Name{CommonName: "localhost"}, + NotBefore: time.Now(), + NotAfter: time.Now().Add(time.Hour * 24 * 365), + KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, + BasicConstraintsValid: true, + IPAddresses: []net.IP{}, + } + + derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, pub, priv) + if err != nil { + return err + } + + // 将证书编码为PEM格式并将其写入文件 + certOut, _ := os.OpenFile(base.Cfg.CertFile, os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0600) + pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}) + certOut.Close() + + // 将私钥编码为PEM格式并将其写入文件 + keyOut, _ := os.OpenFile(base.Cfg.CertKey, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) + pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)}) + keyOut.Close() + cert, err := tls.LoadX509KeyPair(base.Cfg.CertFile, base.Cfg.CertKey) + if err != nil { + return err + } + TLSCert = &cert + return nil +} + +// func Scrypt(passwd string) string { +// salt := []byte{0xc8, 0x28, 0xf2, 0x58, 0xa7, 0x6a, 0xad, 0x7b} +// hashPasswd, err := scrypt.Key([]byte(passwd), salt, 1<<15, 8, 1, 32) +// if err != nil { +// return err.Error() +// } +// return base64.StdEncoding.EncodeToString(hashPasswd) +// } diff --git a/server/handler/server.go b/server/handler/server.go index f6b4e65..1197316 100644 --- a/server/handler/server.go +++ b/server/handler/server.go @@ -50,10 +50,6 @@ func startTls() { MinVersion: tls.VersionTLS12, CipherSuites: selectedCipherSuites, GetCertificate: func(*tls.ClientHelloInfo) (*tls.Certificate, error) { - // cert, err := tls.LoadX509KeyPair(base.Cfg.CertFile, base.Cfg.CertKey) - // if err != nil { - // return nil, err - // } return dbdata.TLSCert, nil }, // InsecureSkipVerify: true, From 4b83bd7ccf02f2059e2a3b9a5d11eb97306d91f2 Mon Sep 17 00:00:00 2001 From: wsczx Date: Thu, 6 Apr 2023 14:16:36 +0800 Subject: [PATCH 6/8] =?UTF-8?q?=E4=BF=AE=E6=94=B9Let's=20Encrypt=E6=B3=A8?= =?UTF-8?q?=E5=86=8C=E5=9C=B0=E5=9D=80=E4=B8=BA=E7=94=9F=E4=BA=A7=E6=A8=A1?= =?UTF-8?q?=E5=BC=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- server/dbdata/cert.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/dbdata/cert.go b/server/dbdata/cert.go index a6e8221..4edac53 100755 --- a/server/dbdata/cert.go +++ b/server/dbdata/cert.go @@ -175,7 +175,7 @@ func (c *LeGoClient) NewClient(l *SettingLetsEncrypt) error { return err } config := lego.NewConfig(legouser) - config.CADirURL = lego.LEDirectoryStaging + config.CADirURL = lego.LEDirectoryProduction config.Certificate.KeyType = certcrypto.RSA2048 client, err := lego.NewClient(config) From 5dc811416784ffc428c05eafb938135f1d1e9ff7 Mon Sep 17 00:00:00 2001 From: wsczx Date: Thu, 6 Apr 2023 14:51:25 +0800 Subject: [PATCH 7/8] =?UTF-8?q?=E6=9B=B4=E6=96=B0go=20mod=E6=96=87?= =?UTF-8?q?=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- server/dbdata/cert.go | 2 +- server/go.mod | 3 +-- server/go.sum | 8 +++----- 3 files changed, 5 insertions(+), 8 deletions(-) diff --git a/server/dbdata/cert.go b/server/dbdata/cert.go index 4edac53..3c284bc 100755 --- a/server/dbdata/cert.go +++ b/server/dbdata/cert.go @@ -21,13 +21,13 @@ import ( "github.com/bjdgyc/anylink/base" "github.com/go-acme/lego/v4/certcrypto" "github.com/go-acme/lego/v4/certificate" + "github.com/go-acme/lego/v4/challenge" "github.com/go-acme/lego/v4/challenge/dns01" "github.com/go-acme/lego/v4/lego" "github.com/go-acme/lego/v4/providers/dns/alidns" "github.com/go-acme/lego/v4/providers/dns/cloudflare" "github.com/go-acme/lego/v4/providers/dns/tencentcloud" "github.com/go-acme/lego/v4/registration" - "github.com/xenolf/lego/challenge" ) var TLSCert *tls.Certificate diff --git a/server/go.mod b/server/go.mod index 1f024e3..decf00f 100644 --- a/server/go.mod +++ b/server/go.mod @@ -30,7 +30,6 @@ require ( github.com/spf13/cobra v1.2.1 github.com/spf13/viper v1.8.1 github.com/stretchr/testify v1.8.1 - github.com/xenolf/lego v2.7.2+incompatible github.com/xhit/go-simple-mail/v2 v2.10.0 github.com/xlzd/gotp v0.0.0-20181030022105-c8557ba2c119 github.com/xuri/excelize/v2 v2.6.1 @@ -48,12 +47,12 @@ require ( github.com/cenkalti/backoff/v4 v4.2.0 // indirect github.com/cloudflare/cloudflare-go v0.49.0 // indirect github.com/felixge/httpsnoop v1.0.1 // indirect - github.com/go-acme/lego v2.7.2+incompatible // indirect github.com/go-jose/go-jose/v3 v3.0.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-retryablehttp v0.7.1 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect + github.com/kr/text v0.2.0 // indirect github.com/miekg/dns v1.1.50 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.490 // indirect diff --git a/server/go.sum b/server/go.sum index 5f6c4a1..b0e1088 100644 --- a/server/go.sum +++ b/server/go.sum @@ -104,6 +104,7 @@ github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfc github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -136,8 +137,6 @@ github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4 github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI= github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/go-acme/lego v2.7.2+incompatible h1:ThhpPBgf6oa9X/vRd0kEmWOsX7+vmYdckmGZSb+FEp0= -github.com/go-acme/lego v2.7.2+incompatible/go.mod h1:yzMNe9CasVUhkquNvti5nAtPmG94USbYxYrZfTkIn0M= github.com/go-acme/lego/v4 v4.10.2 h1:5eW3qmda5v/LP21v1Hj70edKY1jeFZQwO617tdkwp6Q= github.com/go-acme/lego/v4 v4.10.2/go.mod h1:EMbf0Jmqwv94nJ5WL9qWnSXIBZnvsS9gNypansHGc6U= github.com/go-co-op/gocron v1.17.0 h1:IixLXsti+Qo0wMvmn6Kmjp2csk2ykpkcL+EmHmST18w= @@ -383,8 +382,9 @@ github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORN github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= -github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/lanrenwo/lzsgo v0.0.2 h1:FA30LAaJFYLoaM17b+H32gA+5H+abjoomNLSA9HCbrI= github.com/lanrenwo/lzsgo v0.0.2/go.mod h1:oxDZy2vgi6VBGIdvL80ayRMtIyXV+TbjavVuINXZY2k= github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= @@ -596,8 +596,6 @@ github.com/tklauser/numcpus v0.2.3/go.mod h1:vpEPS/JC+oZGGQ/My/vJnNsvMDQL6PwOqt8 github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= -github.com/xenolf/lego v2.7.2+incompatible h1:aGxxYqhnQLQ71HsvEAjJVw6ao14APwPpRk0mpFroPXk= -github.com/xenolf/lego v2.7.2+incompatible/go.mod h1:fwiGnfsIjG7OHPfOvgK7Y/Qo6+2Ox0iozjNTkZICKbY= github.com/xhit/go-simple-mail/v2 v2.10.0 h1:nib6RaJ4qVh5HD9UE9QJqnUZyWp3upv+Z6CFxaMj0V8= github.com/xhit/go-simple-mail/v2 v2.10.0/go.mod h1:kA1XbQfCI4JxQ9ccSN6VFyIEkkugOm7YiPkA5hKiQn4= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= From 19e99b76481702ef9eecca7d0c9bc837bf6207ac Mon Sep 17 00:00:00 2001 From: wsczx Date: Fri, 7 Apr 2023 23:59:44 +0800 Subject: [PATCH 8/8] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E6=A3=80=E6=9F=A5?= =?UTF-8?q?=E8=AF=81=E4=B9=A6=E6=96=87=E4=BB=B6=E6=98=AF=E5=90=A6=E5=AD=98?= =?UTF-8?q?=E5=9C=A8=E5=A4=B1=E8=B4=A5=E7=9A=84bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- server/admin/api_cert.go | 3 +-- server/dbdata/cert.go | 8 ++++++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/server/admin/api_cert.go b/server/admin/api_cert.go index 15018e5..5731c3a 100755 --- a/server/admin/api_cert.go +++ b/server/admin/api_cert.go @@ -69,8 +69,7 @@ func CreatCert(w http.ResponseWriter, r *http.Request) { } defer r.Body.Close() config := &dbdata.SettingLetsEncrypt{} - err = json.Unmarshal(body, config) - if err != nil { + if err := json.Unmarshal(body, config); err != nil { RespError(w, RespInternalErr, err) return } diff --git a/server/dbdata/cert.go b/server/dbdata/cert.go index 3c284bc..e1a9412 100755 --- a/server/dbdata/cert.go +++ b/server/dbdata/cert.go @@ -261,8 +261,12 @@ func (c *LeGoClient) SaveCert() error { } func ParseCert() (*tls.Certificate, *time.Time, error) { - os.Stat(base.Cfg.CertFile) - os.Stat(base.Cfg.CertKey) + _, errCert := os.Stat(base.Cfg.CertFile) + _, errKey := os.Stat(base.Cfg.CertKey) + if os.IsNotExist(errCert) || os.IsNotExist(errKey) { + PrivateCert() + + } cert, err := tls.LoadX509KeyPair(base.Cfg.CertFile, base.Cfg.CertKey) if err != nil || errors.Is(err, os.ErrNotExist) { PrivateCert()