增加SSL证书DNS验证，远程部署，自动续期

dromara · Jul 30, 2023 · 4c5aa14 · 4c5aa14
1 parent e8a9d72
commit 4c5aa14
Show file tree

Hide file tree

Showing 19 changed files with 910 additions and 95 deletions.
diff --git a/domain_admin/api/host_api.py b/domain_admin/api/host_api.py
@@ -0,0 +1,78 @@
+# -*- coding: utf-8 -*-
+"""
+@File    : host_api.py
+@Date    : 2023-07-29
+"""
+from flask import request, g
+
+from domain_admin.model.host_model import HostModel
+
+
+def add_host():
+    current_user_id = g.user_id
+
+    host = request.json['host']
+    user = request.json['user']
+    password = request.json['password']
+
+    row = HostModel.create(
+        user_id=current_user_id,
+        host=host,
+        user=user,
+        password=password,
+    )
+
+    return row
+
+
+def update_host_by_id():
+    current_user_id = g.user_id
+
+    host_id = request.json['host_id']
+    host = request.json['host']
+    user = request.json['user']
+    password = request.json['password']
+
+    HostModel.update(
+        host=host,
+        user=user,
+        password=password,
+    ).where(
+        HostModel.id == host_id
+    ).execute()
+
+def get_host_by_id():
+    host_id = request.json['host_id']
+
+    return HostModel.get_by_id(host_id)
+
+def get_host_list():
+    """
+    主机列表
+    :return:
+    """
+
+    current_user_id = g.user_id
+
+    page = request.json.get('page', 1)
+    size = request.json.get('size', 10)
+    keyword = request.json.get('keyword')
+
+    query = HostModel.select().where(
+        HostModel.user_id == current_user_id
+    )
+
+    if keyword:
+        query.where(HostModel.host.contains(keyword))
+
+    total = query.count()
+
+    rows = query.order_by(
+        HostModel.create_time.desc(),
+        HostModel.id.desc()
+    ).paginate(page, size)
+
+    return {
+        'list': rows,
+        'total': total,
+    }
diff --git a/domain_admin/api/issue_certificate_api.py b/domain_admin/api/issue_certificate_api.py
@@ -6,8 +6,12 @@
 from flask import g, request
 from playhouse.shortcuts import model_to_dict
 
+from domain_admin.model.host_model import HostModel
 from domain_admin.model.issue_certificate_model import IssueCertificateModel
 from domain_admin.service import issue_certificate_service
+from domain_admin.utils import ip_util
+from domain_admin.utils.acme_util.challenge_type import ChallengeType
+from domain_admin.utils.flask_ext.app_exception import AppException
 
 
 def issue_certificate():
@@ -25,7 +29,7 @@ def issue_certificate():
 
     return model_to_dict(
         issue_certificate_row,
-        extra_attrs=['domains', 'create_time_label', 'domain_validation_urls']
+        extra_attrs=['domains', 'create_time_label']
     )
 
 
@@ -37,8 +41,111 @@ def verify_certificate():
     current_user_id = g.user_id
 
     issue_certificate_id = request.json['issue_certificate_id']
+    challenge_type = request.json['challenge_type']
+
+    issue_certificate_service.verify_certificate(issue_certificate_id, challenge_type)
+
+    issue_certificate_service.renew_certificate(issue_certificate_id)
+
+
+
+def get_certificate_challenges():
+    issue_certificate_id = request.json['issue_certificate_id']
+
+    lst = issue_certificate_service.get_certificate_challenges(issue_certificate_id)
+
+    return {
+        'total': len(lst),
+        'list': lst
+    }
+
+
+def get_domain_host():
+    domain = request.json['domain']
+    host = ip_util.get_domain_ip(domain)
+
+    return {
+        'domain': domain,
+        'host': host
+    }
+
+
+def deploy_verify_file():
+    """
+    部署验证文件
+    :return:
+    """
+    current_user_id = g.user_id
+
+    issue_certificate_id = request.json['issue_certificate_id']
+    verify_deploy_path = request.json['verify_deploy_path']
+    challenges = request.json['challenges']
+    host_id = request.json['host_id']
+
+    if not verify_deploy_path.endswith("/"):
+        raise AppException("verify_deploy_path must endswith '/'")
+
+    # deploy
+    issue_certificate_service.deploy_verify_file(
+        host_id=host_id,
+        verify_deploy_path=verify_deploy_path,
+        challenges=challenges
+    )
+
+    IssueCertificateModel.update(
+        deploy_host_id=host_id,
+        deploy_verify_path=verify_deploy_path,
+    ).where(
+        IssueCertificateModel.id == issue_certificate_id
+    ).execute()
+
+
+def deploy_certificate_file():
+    current_user_id = g.user_id
+
+    issue_certificate_id = request.json['issue_certificate_id']
+    host_id = request.json['host_id']
+
+    key_deploy_path = request.json['key_deploy_path']
+    pem_deploy_path = request.json['pem_deploy_path']
+    reload_cmd = request.json['reloadcmd']
+
+    host_row = HostModel.get_by_id(host_id)
+
+    host = host_row.host
+    user = host_row.user
+    password = host_row.password
+
+    issue_certificate_row = IssueCertificateModel.get_by_id(issue_certificate_id)
+
+    if not issue_certificate_row.ssl_certificate:
+        issue_certificate_service.renew_certificate(issue_certificate_id)
+        issue_certificate_row = IssueCertificateModel.get_by_id(issue_certificate_id)
+
+    # deploy key
+    issue_certificate_service.deploy_certificate_file(
+        host_id=host_id,
+        issue_certificate_id=issue_certificate_id,
+        key_deploy_path=key_deploy_path,
+        pem_deploy_path=pem_deploy_path,
+        reload_cmd=reload_cmd
+    )
 
-    issue_certificate_service.verify_certificate(issue_certificate_id)
+    # update only support file verify
+    if issue_certificate_row.challenge_type == ChallengeType.HTTP01:
+        is_auto_renew = True
+    else:
+        is_auto_renew = False
+
+    IssueCertificateModel.update(
+        deploy_host_id=host_id,
+        deploy_key_file=key_deploy_path,
+        deploy_fullchain_file=pem_deploy_path,
+        deploy_reloadcmd=reload_cmd,
+        is_auto_renew=is_auto_renew
+    ).where(
+        IssueCertificateModel.id == issue_certificate_id
+    ).execute()
 
 
 def renew_certificate():
@@ -68,11 +175,15 @@ def get_certificate_list():
     current_user_id = g.user_id
     page = request.json.get('page', 1)
     size = request.json.get('size', 10)
+    keyword = request.json.get('keyword')
 
     query = IssueCertificateModel.select().where(
         IssueCertificateModel.user_id == current_user_id
     )
 
+    if keyword:
+        query.where(IssueCertificateModel.domain_raw.contains(keyword))
+
     total = query.count()
 
     rows = query.order_by(
@@ -106,8 +217,43 @@ def get_issue_certificate_by_id():
 
     issue_certificate_row = IssueCertificateModel.get_by_id(issue_certificate_id)
 
-    return model_to_dict(
+    data = model_to_dict(
         issue_certificate_row,
         extra_attrs=[
             'domains', 'create_time_label', 'domain_validation_urls']
     )
+
+    if data['deploy_host_id']:
+        data['deploy_host'] = HostModel.get_by_id(data['deploy_host_id'])
+    else:
+        data['deploy_host'] = None
+
+    return data
+
+
+def delete_certificate_by_id():
+    """
+    获取
+    :return:
+    """
+    current_user_id = g.user_id
+
+    issue_certificate_id = request.json['issue_certificate_id']
+
+    IssueCertificateModel.delete_by_id(issue_certificate_id)
+
+
+def delete_certificate_by_batch():
+    """
+    批量删除
+    @since v1.2.16
+    :return:
+    """
+    current_user_id = g.user_id
+
+    ids = request.json['ids']
+
+    IssueCertificateModel.delete().where(
+        IssueCertificateModel.id.in_(ids),
+        IssueCertificateModel.user_id == current_user_id
+    ).execute()
diff --git a/domain_admin/enums/version_enum.py b/domain_admin/enums/version_enum.py
@@ -121,3 +121,7 @@ class VersionEnum(object):
     Version_153 = '1.5.3'
     Version_154 = '1.5.4'
     Version_155 = '1.5.5'
+    Version_156 = '1.5.6'
+    Version_157 = '1.5.7'
+    Version_158 = '1.5.8'
+    Version_159 = '1.5.9'
diff --git a/domain_admin/migrate/migrate_158_to_159.py b/domain_admin/migrate/migrate_158_to_159.py
@@ -0,0 +1,70 @@
+# -*- coding: utf-8 -*-
+"""
+@File    : migrate_158_to_159.py
+@Date    : 2023-06-30
+
+cmd:
+$ python domain_admin/migrate/migrate_158_to_159.py
+"""
+from __future__ import print_function, unicode_literals, absolute_import, division
+
+from domain_admin.migrate import migrate_common
+from domain_admin.model.base_model import db
+from domain_admin.model.domain_info_model import DomainInfoModel
+from domain_admin.model.issue_certificate_model import IssueCertificateModel
+from domain_admin.model.user_model import UserModel
+
+
+def execute_migrate():
+    """
+    版本升级 1.5.8 => 1.5.9
+    :return:
+    """
+    migrator = migrate_common.get_migrator(db)
+
+    migrate_rows = [
+        # add column
+        migrator.add_column(
+            IssueCertificateModel._meta.table_name,
+            IssueCertificateModel.challenge_type.name,
+            IssueCertificateModel.challenge_type),
+
+        # add column
+        migrator.add_column(
+            IssueCertificateModel._meta.table_name,
+            IssueCertificateModel.deploy_host_id.name,
+            IssueCertificateModel.deploy_host_id
+        ),
+
+        migrator.add_column(
+            IssueCertificateModel._meta.table_name,
+            IssueCertificateModel.deploy_verify_path.name,
+            IssueCertificateModel.deploy_verify_path
+        ),
+
+        migrator.add_column(
+            IssueCertificateModel._meta.table_name,
+            IssueCertificateModel.deploy_key_file.name,
+            IssueCertificateModel.deploy_key_file
+        ),
+
+        migrator.add_column(
+            IssueCertificateModel._meta.table_name,
+            IssueCertificateModel.deploy_fullchain_file.name,
+            IssueCertificateModel.deploy_fullchain_file
+        ),
+
+        migrator.add_column(
+            IssueCertificateModel._meta.table_name,
+            IssueCertificateModel.deploy_reloadcmd.name,
+            IssueCertificateModel.deploy_reloadcmd
+        ),
+
+        migrator.add_column(
+            IssueCertificateModel._meta.table_name,
+            IssueCertificateModel.is_auto_renew.name,
+            IssueCertificateModel.is_auto_renew
+        ),
+    ]
+
+    migrate_common.try_execute_migrate(migrate_rows)
diff --git a/domain_admin/model/database.py b/domain_admin/model/database.py
@@ -3,9 +3,10 @@
 database.py
 """
 from __future__ import print_function, unicode_literals, absolute_import, division
+
 from domain_admin.log import logger
 from domain_admin.model import address_model, log_operation_model, group_user_model, log_async_task_model, \
-    issue_certificate_model
+    issue_certificate_model, host_model
 from domain_admin.model import domain_info_model
 from domain_admin.model import domain_model
 from domain_admin.model import group_model
@@ -31,6 +32,7 @@
     (group_user_model.GroupUserModel, None),
     (log_async_task_model.AsyncTaskModel, None),
     (issue_certificate_model.IssueCertificateModel, None),
+    (host_model.HostModel, None),
 ]