支持 dns验证和api部署的自动续期

dromara · Jun 24, 2024 · ae44d82 · ae44d82
1 parent 9762ac3
commit ae44d82
Show file tree

Hide file tree

Showing 9 changed files with 414 additions and 148 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,12 +1,6 @@
 - v1.6.33(2024-06-23)
     - 支持DNS账号部署
-    - 新增 添加dns记录接口
-    - fix
-    - fix doc
     - 新增DNS账户管理
-    - 更新文档
-    - 新增 dns账号表
-    - 完善文档
 
 - v1.6.32(2024-06-07)
     - 增加电报通知

diff --git a/domain_admin/api/dns_api.py b/domain_admin/api/dns_api.py
@@ -5,15 +5,8 @@
 """
 from flask import request, g
 
-from domain_admin.config import DEFAULT_SSH_PORT
 from domain_admin.enums.dns_type_enum import DnsTypeEnum
-from domain_admin.log import logger
 from domain_admin.model.dns_model import DnsModel
-from domain_admin.model.issue_certificate_model import IssueCertificateModel
-from domain_admin.service import issue_certificate_service
-from domain_admin.utils.acme_util.challenge_type import ChallengeType
-from domain_admin.utils.open_api import aliyun_domain_api
-from domain_admin.utils.open_api.aliyun_domain_api import RecordTypeEnum
 
 
 def add_dns():

diff --git a/domain_admin/api/issue_certificate_api.py b/domain_admin/api/issue_certificate_api.py
@@ -3,14 +3,17 @@
 @File    : issue_certificate_api.py
 @Date    : 2023-07-23
 """
+import json
+
 import requests
 from flask import g, request
 from playhouse.shortcuts import model_to_dict, chunked
 
 from domain_admin.model.dns_model import DnsModel
 from domain_admin.model.domain_model import DomainModel
 from domain_admin.model.host_model import HostModel
-from domain_admin.model.issue_certificate_model import IssueCertificateModel
+from domain_admin.model.issue_certificate_model import IssueCertificateModel, ChallengeDeployTypeEnum, \
+    SSLDeployTypeEnum, DeployStatusEnum
 from domain_admin.service import issue_certificate_service
 from domain_admin.utils import ip_util, domain_util, fabric_util, datetime_util, validate_util
 from domain_admin.utils.acme_util.challenge_type import ChallengeType
@@ -32,10 +35,7 @@ def issue_certificate():
 
     issue_certificate_row = IssueCertificateModel.get_by_id(issue_certificate_id)
 
-    return model_to_dict(
-        issue_certificate_row,
-        extra_attrs=['domains', 'create_time_label']
-    )
+    return issue_certificate_row.to_dict()
 
 
 def verify_certificate():
@@ -52,6 +52,11 @@ def verify_certificate():
 
     issue_certificate_service.renew_certificate(issue_certificate_id)
 
+    # 验证成功后, check_auto_renew
+    issue_certificate_service.check_auto_renew(
+        issue_certificate_id=issue_certificate_id
+    )
+
     # 验证成功后，自动添加到证书监控列表
     issue_certificate_row = IssueCertificateModel.get_by_id(issue_certificate_id)
 
@@ -69,7 +74,7 @@ def verify_certificate():
         if validate_util.is_domain(domain)
     ]
 
-    for batch in chunked(lst, 500):
+    for batch in chunked(lst, 10):
         DomainModel.insert_many(batch).on_conflict_ignore().execute()
 
 
@@ -117,14 +122,20 @@ def deploy_verify_file():
     )
 
     IssueCertificateModel.update(
-        deploy_host_id=host_id,
+        challenge_deploy_type_id=ChallengeDeployTypeEnum.SSH,
+        challenge_deploy_id=host_id,
         deploy_verify_path=verify_deploy_path,
+        challenge_deploy_status=DeployStatusEnum.SUCCESS
     ).where(
         IssueCertificateModel.id == issue_certificate_id
     ).execute()
 
 
 def deploy_certificate_file():
+    """
+    ssh方式部署证书文件
+    :return:
+    """
     current_user_id = g.user_id
 
     issue_certificate_id = request.json['issue_certificate_id']
@@ -160,17 +171,18 @@ def deploy_certificate_file():
     )
 
     # update only support file verify
-    if issue_certificate_row.challenge_type == ChallengeType.HTTP01:
-        is_auto_renew = True
-    else:
-        is_auto_renew = False
+    # if issue_certificate_row.challenge_type == ChallengeType.HTTP01:
+    #     is_auto_renew = True
+    # else:
+    #     is_auto_renew = False
 
     IssueCertificateModel.update(
+        deploy_type_id=SSLDeployTypeEnum.SSH,
         deploy_host_id=host_id,
         deploy_key_file=key_deploy_path,
         deploy_fullchain_file=pem_deploy_path,
         deploy_reloadcmd=reload_cmd,
-        is_auto_renew=is_auto_renew
+        ssl_deploy_status=DeployStatusEnum.SUCCESS,
     ).where(
         IssueCertificateModel.id == issue_certificate_id
     ).execute()
@@ -189,10 +201,10 @@ def renew_certificate():
 
     issue_certificate_row = IssueCertificateModel.get_by_id(issue_certificate_id)
 
-    return model_to_dict(
-        issue_certificate_row,
-        extra_attrs=['domains', 'create_time_label', 'domain_validation_urls']
-    )
+    if not issue_certificate_row:
+        raise AppException('数据不存在')
+
+    return issue_certificate_row.to_dict()
 
 
 def get_issue_certificate_list():
@@ -253,20 +265,15 @@ def get_issue_certificate_by_id():
 
     issue_certificate_row = IssueCertificateModel.get_by_id(issue_certificate_id)
 
-    data = model_to_dict(
-        issue_certificate_row,
-        extra_attrs=[
-            'domains',
-            'create_time_label',
-            'update_time_label',
-            'domain_validation_urls'
-        ]
-    )
+    data = issue_certificate_row.to_dict()
+    data['deploy_dns'] = None
+    data['deploy_host'] = None
+
+    if issue_certificate_row.challenge_deploy_type_id == ChallengeDeployTypeEnum.SSH:
+        data['deploy_host'] = HostModel.get_by_id(issue_certificate_row.challenge_deploy_id)
 
-    if data['deploy_host_id']:
-        data['deploy_host'] = HostModel.get_by_id(data['deploy_host_id'])
-    else:
-        data['deploy_host'] = None
+    elif issue_certificate_row.challenge_deploy_type_id == ChallengeDeployTypeEnum.DNS:
+        data['deploy_dns'] = DnsModel.get_by_id(issue_certificate_row.challenge_deploy_id)
 
     return data
 
@@ -330,28 +337,23 @@ def notify_web_hook():
     url = request.json['url']
     headers = request.json.get('headers')
 
-    issue_certificate_row = IssueCertificateModel.get_by_id(issue_certificate_id)
-
-    if not issue_certificate_row:
-        raise AppException('数据不存在')
-
-    res = requests.request(
-        method='POST',
+    ret = issue_certificate_service.deploy_ssl_by_web_hook(
+        issue_certificate_id=issue_certificate_id,
         url=url,
         headers=headers,
-        json={
-            'domains': issue_certificate_row.domains,
-            'ssl_certificate': issue_certificate_row.ssl_certificate,
-            'ssl_certificate_key': issue_certificate_row.ssl_certificate_key,
-            'start_time': datetime_util.format_datetime(issue_certificate_row.start_time),
-            'expire_time': datetime_util.format_datetime(issue_certificate_row.expire_time),
-        }
     )
 
-    if not res.ok:
-        raise res.raise_for_status()
+    # 更新验证信息
+    IssueCertificateModel.update(
+        deploy_type_id=SSLDeployTypeEnum.WEB_HOOK,
+        deploy_url=url,
+        deploy_header_raw=json.dumps(headers or {}),
+        ssl_deploy_status=DeployStatusEnum.SUCCESS
+    ).where(
+        IssueCertificateModel.id == issue_certificate_id
+    ).execute()
 
-    return res.text
+    return ret
 
 
 def add_dns_domain_record():
@@ -363,25 +365,16 @@ def add_dns_domain_record():
     issue_certificate_id = request.json['issue_certificate_id']
     print(dns_id, ' ', issue_certificate_id)
 
-    dns_row = DnsModel.get_by_id(dns_id)
-
-    # 获取验证方式
-    challenge_list = issue_certificate_service.get_certificate_challenges(issue_certificate_id)
-
-    for challenge_row in challenge_list:
-        challenge_json = challenge_row['challenge'].to_json()
-        if challenge_json['type'] == ChallengeType.DNS01:
-
-            if challenge_row['sub_domain']:
-                record_key = '_acme-challenge.' + challenge_row['sub_domain']
-            else:
-                record_key = '_acme-challenge'
+    # 添加txt记录
+    issue_certificate_service.add_dns_domain_record(
+        dns_id=dns_id,
+        issue_certificate_id=issue_certificate_id
+    )
 
-            aliyun_domain_api.add_domain_record(
-                access_key_id=dns_row.access_key,
-                access_key_secret=dns_row.secret_key,
-                domain_name=challenge_row['root_domain'],
-                record_type=RecordTypeEnum.TXT,
-                record_key=record_key,
-                record_value=challenge_row['validation']
-            )
+    # 更新验证信息
+    IssueCertificateModel.update(
+        challenge_deploy_type_id=ChallengeDeployTypeEnum.DNS,
+        challenge_deploy_id=dns_id
+    ).where(
+        IssueCertificateModel.id == issue_certificate_id
+    ).execute()
diff --git a/domain_admin/config/default_config.py b/domain_admin/config/default_config.py
@@ -24,6 +24,9 @@
 # 默认的过期提醒时间 单位：天
 DEFAULT_BEFORE_EXPIRE_DAYS = 3
 
+# 默认续期时间 单位：天
+DEFAULT_RENEW_DAYS = 30
+
 # secret_key
 DEFAULT_SECRET_KEY = secret_util.get_random_secret()
 

diff --git a/domain_admin/enums/version_enum.py b/domain_admin/enums/version_enum.py
@@ -194,3 +194,6 @@ class VersionEnum(object):
     Version_1629 = '1.6.29'
     Version_1630 = '1.6.30'
     Version_1631 = '1.6.31'
+    Version_1632 = '1.6.32'
+    Version_1633 = '1.6.33'
+    Version_1634 = '1.6.34'
diff --git a/domain_admin/migrate/history/migrate_1633_to_1634.py b/domain_admin/migrate/history/migrate_1633_to_1634.py
@@ -0,0 +1,75 @@
+# -*- coding: utf-8 -*-
+"""
+@File    : migrate_1633_to_1634.py
+@Date    : 2024-06-24
+
+cmd:
+$ python domain_admin/migrate/migrate_1633_to_1634.py
+"""
+from __future__ import print_function, unicode_literals, absolute_import, division
+
+from domain_admin.migrate import migrate_common
+from domain_admin.model.base_model import db
+from domain_admin.model.issue_certificate_model import IssueCertificateModel
+
+
+def execute_migrate():
+    """
+    版本升级 1.6.33 => 1.6.34
+    :return:
+    """
+    migrator = migrate_common.get_migrator(db)
+
+    migrate_rows = [
+        # challenge_deploy_type_id
+        migrator.add_column(
+            table=IssueCertificateModel._meta.table_name,
+            column_name=IssueCertificateModel.challenge_deploy_type_id.name,
+            field=IssueCertificateModel.challenge_deploy_type_id
+        ),
+
+        # challenge_deploy_id
+        migrator.add_column(
+            table=IssueCertificateModel._meta.table_name,
+            column_name=IssueCertificateModel.challenge_deploy_id.name,
+            field=IssueCertificateModel.challenge_deploy_id
+        ),
+
+        # challenge_deploy_status
+        migrator.add_column(
+            table=IssueCertificateModel._meta.table_name,
+            column_name=IssueCertificateModel.challenge_deploy_status.name,
+            field=IssueCertificateModel.challenge_deploy_status
+        ),
+
+        # deploy_url
+        migrator.add_column(
+            table=IssueCertificateModel._meta.table_name,
+            column_name=IssueCertificateModel.deploy_url.name,
+            field=IssueCertificateModel.deploy_url
+        ),
+
+        # deploy_header
+        migrator.add_column(
+            table=IssueCertificateModel._meta.table_name,
+            column_name=IssueCertificateModel.deploy_header.name,
+            field=IssueCertificateModel.deploy_header
+        ),
+
+        # ssl_deploy_status
+        migrator.add_column(
+            table=IssueCertificateModel._meta.table_name,
+            column_name=IssueCertificateModel.ssl_deploy_status.name,
+            field=IssueCertificateModel.ssl_deploy_status
+        ),
+
+        # version
+        migrator.add_column(
+            table=IssueCertificateModel._meta.table_name,
+            column_name=IssueCertificateModel.version.name,
+            field=IssueCertificateModel.version
+        ),
+
+    ]
+
+    migrate_common.try_execute_migrate(migrate_rows)