源站支持客户端证书

Author: iwind

internal/web/actions/default/servers/groups/group/settings/httpReverseProxy/index.go

@@ -63,6 +63,7 @@ func (this *IndexAction) RunGet(params struct {
 			"name":    originConfig.Name,
 			"isOn":    originConfig.IsOn,
 			"domains": originConfig.Domains,
+			"hasCert": originConfig.Cert != nil,
 		}
 		primaryOriginMaps = append(primaryOriginMaps, m)
 	}
@@ -77,6 +78,7 @@ func (this *IndexAction) RunGet(params struct {
 			"name":    originConfig.Name,
 			"isOn":    originConfig.IsOn,
 			"domains": originConfig.Domains,
+			"hasCert": originConfig.Cert != nil,
 		}
 		backupOriginMaps = append(backupOriginMaps, m)
 	}

internal/web/actions/default/servers/groups/group/settings/tcpReverseProxy/index.go

@@ -63,6 +63,7 @@ func (this *IndexAction) RunGet(params struct {
 			"name":    originConfig.Name,
 			"isOn":    originConfig.IsOn,
 			"domains": originConfig.Domains,
+			"hasCert": originConfig.Cert != nil,
 		}
 		primaryOriginMaps = append(primaryOriginMaps, m)
 	}
@@ -77,6 +78,7 @@ func (this *IndexAction) RunGet(params struct {
 			"name":    originConfig.Name,
 			"isOn":    originConfig.IsOn,
 			"domains": originConfig.Domains,
+			"hasCert": originConfig.Cert != nil,
 		}
 		backupOriginMaps = append(backupOriginMaps, m)
 	}

internal/web/actions/default/servers/groups/group/settings/udpReverseProxy/index.go

@@ -63,6 +63,7 @@ func (this *IndexAction) RunGet(params struct {
 			"name":    originConfig.Name,
 			"isOn":    originConfig.IsOn,
 			"domains": originConfig.Domains,
+			"hasCert": originConfig.Cert != nil,
 		}
 		primaryOriginMaps = append(primaryOriginMaps, m)
 	}
@@ -77,6 +78,7 @@ func (this *IndexAction) RunGet(params struct {
 			"name":    originConfig.Name,
 			"isOn":    originConfig.IsOn,
 			"domains": originConfig.Domains,
+			"hasCert": originConfig.Cert != nil,
 		}
 		backupOriginMaps = append(backupOriginMaps, m)
 	}

internal/web/actions/default/servers/server/settings/locations/reverseProxy/index.go

@@ -64,6 +64,7 @@ func (this *IndexAction) RunGet(params struct {
 			"name":    originConfig.Name,
 			"isOn":    originConfig.IsOn,
 			"domains": originConfig.Domains,
+			"hasCert": originConfig.Cert != nil,
 		}
 		primaryOriginMaps = append(primaryOriginMaps, m)
 	}
@@ -78,6 +79,7 @@ func (this *IndexAction) RunGet(params struct {
 			"name":    originConfig.Name,
 			"isOn":    originConfig.IsOn,
 			"domains": originConfig.Domains,
+			"hasCert": originConfig.Cert != nil,
 		}
 		backupOriginMaps = append(backupOriginMaps, m)
 	}

internal/web/actions/default/servers/server/settings/origins/addPopup.go

@@ -8,6 +8,7 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
 	"github.com/iwind/TeaGo/actions"
 	"net/url"
 	"regexp"
@@ -62,6 +63,8 @@ func (this *AddPopupAction) RunPost(params struct {
 	MaxIdleConns int32
 	IdleTimeout  int
 
+	CertIdsJSON []byte
+
 	DomainsJSON []byte
 
 	Description string
@@ -129,6 +132,31 @@ func (this *AddPopupAction) RunPost(params struct {
 		return
 	}
 
+	// 证书
+	var certIds = []int64{}
+	if len(params.CertIdsJSON) > 0 {
+		err = json.Unmarshal(params.CertIdsJSON, &certIds)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+	}
+	var certRefJSON []byte
+	if len(certIds) > 0 {
+		var certId = certIds[0]
+		if certId > 0 {
+			var certRef = &sslconfigs.SSLCertRef{
+				IsOn:   true,
+				CertId: certId,
+			}
+			certRefJSON, err = json.Marshal(certRef)
+			if err != nil {
+				this.ErrorPage(err)
+				return
+			}
+		}
+	}
+
 	var domains = []string{}
 	if len(params.DomainsJSON) > 0 {
 		err = json.Unmarshal(params.DomainsJSON, &domains)
@@ -158,6 +186,7 @@ func (this *AddPopupAction) RunPost(params struct {
 		IdleTimeoutJSON: idleTimeoutJSON,
 		MaxConns:        params.MaxConns,
 		MaxIdleConns:    params.MaxIdleConns,
+		CertRefJSON:     certRefJSON,
 		Domains:         domains,
 	})
 	if err != nil {

internal/web/actions/default/servers/server/settings/origins/updatePopup.go

@@ -7,6 +7,7 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/maps"
 	"github.com/iwind/TeaGo/types"
@@ -86,6 +87,12 @@ func (this *UpdatePopupAction) RunGet(params struct {
 		config.Domains = []string{}
 	}
 
+	// 重置数据
+	if config.Cert != nil {
+		config.Cert.CertData = nil
+		config.Cert.KeyData = nil
+	}
+
 	this.Data["origin"] = maps.Map{
 		"id":           config.Id,
 		"protocol":     config.Addr.Protocol,
@@ -99,6 +106,7 @@ func (this *UpdatePopupAction) RunGet(params struct {
 		"idleTimeout":  idleTimeout,
 		"maxConns":     config.MaxConns,
 		"maxIdleConns": config.MaxIdleConns,
+		"cert":         config.Cert,
 		"domains":      config.Domains,
 	}
 
@@ -121,6 +129,7 @@ func (this *UpdatePopupAction) RunPost(params struct {
 	MaxIdleConns int32
 	IdleTimeout  int
 
+	CertIdsJSON []byte
 	DomainsJSON []byte
 
 	Description string
@@ -188,6 +197,31 @@ func (this *UpdatePopupAction) RunPost(params struct {
 		return
 	}
 
+	// 证书
+	var certIds = []int64{}
+	if len(params.CertIdsJSON) > 0 {
+		err = json.Unmarshal(params.CertIdsJSON, &certIds)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+	}
+	var certRefJSON []byte
+	if len(certIds) > 0 {
+		var certId = certIds[0]
+		if certId > 0 {
+			var certRef = &sslconfigs.SSLCertRef{
+				IsOn:   true,
+				CertId: certId,
+			}
+			certRefJSON, err = json.Marshal(certRef)
+			if err != nil {
+				this.ErrorPage(err)
+				return
+			}
+		}
+	}
+
 	var domains = []string{}
 	if len(params.DomainsJSON) > 0 {
 		err = json.Unmarshal(params.DomainsJSON, &domains)
@@ -218,6 +252,7 @@ func (this *UpdatePopupAction) RunPost(params struct {
 		IdleTimeoutJSON: idleTimeoutJSON,
 		MaxConns:        params.MaxConns,
 		MaxIdleConns:    params.MaxIdleConns,
+		CertRefJSON:     certRefJSON,
 		Domains:         domains,
 	})
 	if err != nil {

internal/web/actions/default/servers/server/settings/reverseProxy/index.go

@@ -91,6 +91,7 @@ func (this *IndexAction) RunGet(params struct {
 			"name":    originConfig.Name,
 			"isOn":    originConfig.IsOn,
 			"domains": originConfig.Domains,
+			"hasCert": originConfig.Cert != nil,
 		}
 		primaryOriginMaps = append(primaryOriginMaps, m)
 	}
@@ -105,6 +106,7 @@ func (this *IndexAction) RunGet(params struct {
 			"name":    originConfig.Name,
 			"isOn":    originConfig.IsOn,
 			"domains": originConfig.Domains,
+			"hasCert": originConfig.Cert != nil,
 		}
 		backupOriginMaps = append(backupOriginMaps, m)
 	}

web/public/js/components/server/origin-list-box.js

@@ -92,6 +92,9 @@ Vue.component("origin-list-table", {
 			<div v-if="origin.domains != null && origin.domains.length > 0">
 				<grey-label v-for="domain in origin.domains">{{domain}}</grey-label>
 			</div>
+			<div v-if="origin.hasCert">
+				<tiny-basic-label>证书</tiny-basic-label>
+			</div>
 		</td>
 		<td :class="{disabled:!origin.isOn}">{{origin.weight}}</td>
 		<td>

web/public/js/components/server/ssl-certs-box.js

@@ -1,18 +1,29 @@
 Vue.component("ssl-certs-box", {
 	props: [
 		"v-certs", // 证书列表
+		"v-cert", // 单个证书
 		"v-protocol", // 协议：https|tls
-		"v-view-size", // 弹窗尺寸
-		"v-single-mode" // 单证书模式
+		"v-view-size", // 弹窗尺寸：normal, mini
+		"v-single-mode", // 单证书模式
+		"v-description" // 描述文字
 	],
 	data: function () {
 		let certs = this.vCerts
 		if (certs == null) {
 			certs = []
 		}
+		if (this.vCert != null) {
+			certs.push(this.vCert)
+		}
+
+		let description = this.vDescription
+		if (description == null || typeof (description) != "string") {
+			description = ""
+		}
 
 		return {
-			certs: certs
+			certs: certs,
+			description: description
 		}
 	},
 	methods: {
@@ -77,13 +88,14 @@ Vue.component("ssl-certs-box", {
 	template: `<div>
 	<input type="hidden" name="certIdsJSON" :value="JSON.stringify(certIds())"/>
 	<div v-if="certs != null && certs.length > 0">
-		<div class="ui label small" v-for="(cert, index) in certs">
+		<div class="ui label small basic" v-for="(cert, index) in certs">
 			{{cert.name}} / {{cert.dnsNames}} / 有效至{{formatTime(cert.timeEndAt)}} &nbsp; <a href="" title="删除" @click.prevent="removeCert(index)"><i class="icon remove"></i></a>
 		</div>
 		<div class="ui divider" v-if="buttonsVisible()"></div>
 	</div>
 	<div v-else>
-		<span class="red">选择或上传证书后<span v-if="vProtocol == 'https'">HTTPS</span><span v-if="vProtocol == 'tls'">TLS</span>服务才能生效。</span>
+		<span class="red" v-if="description.length == 0">选择或上传证书后<span v-if="vProtocol == 'https'">HTTPS</span><span v-if="vProtocol == 'tls'">TLS</span>服务才能生效。</span>
+		<span class="grey" v-if="description.length > 0">{{description}}</span>
 		<div class="ui divider" v-if="buttonsVisible()"></div>
 	</div>
 	<div v-if="buttonsVisible()">

web/views/@default/servers/server/settings/origins/addPopup.html

@@ -39,6 +39,12 @@ <h3>添加源站</h3>
 			<td colspan="2"><more-options-indicator></more-options-indicator></td>
 		</tr>
 		<tbody v-show="moreOptionsVisible">
+            <tr v-if="protocol == 'https' || protocol == 'tls'">
+                <td>{{protocol.toUpperCase()}}证书</td>
+                <td>
+                    <ssl-certs-box :v-single-mode="true" :v-view-size="'mini'" :v-description="'可以选择连接源站使用的证书。'"></ssl-certs-box>
+                </td>
+            </tr>
             <tr v-if="isHTTP">
                 <td>专属域名</td>
                 <td>