移除动态主机选项，新增SSL加密方式：STARTTLS

dromara · Sep 17, 2023 · c00d038 · c00d038
1 parent 873cfcc
commit c00d038
Show file tree

Hide file tree

Showing 12 changed files with 107 additions and 22 deletions.
diff --git a/domain_admin/api/domain_api.py b/domain_admin/api/domain_api.py
@@ -11,6 +11,7 @@
 
 from domain_admin.enums.operation_enum import OperationEnum
 from domain_admin.enums.role_enum import RoleEnum
+from domain_admin.enums.ssl_type_enum import SSLTypeEnum
 from domain_admin.model.address_model import AddressModel
 from domain_admin.model.domain_info_model import DomainInfoModel
 from domain_admin.model.domain_model import DomainModel
@@ -40,11 +41,12 @@ def add_domain():
 
     alias = request.json.get('alias') or ''
     group_id = request.json.get('group_id') or 0
-    is_dynamic_host = request.json.get('is_dynamic_host', False)
+    # is_dynamic_host = request.json.get('is_dynamic_host', False)
     start_time = request.json.get('start_time')
     expire_time = request.json.get('expire_time')
     auto_update = request.json.get('auto_update', True)
     port = request.json.get('port') or cert_consts.SSL_DEFAULT_PORT
+    ssl_type = request.json.get('ssl_type', SSLTypeEnum.SSL_TLS)
 
     data = {
         # 基本信息
@@ -54,10 +56,11 @@ def add_domain():
         'root_domain': domain_util.get_root_domain(domain),
         'alias': alias,
         'group_id': group_id,
-        'is_dynamic_host': is_dynamic_host,
+        # 'is_dynamic_host': is_dynamic_host,
         'start_time': start_time,
         'expire_time': expire_time,
         'auto_update': auto_update,
+        'ssl_type': ssl_type,
     }
 
     row = DomainModel.create(**data)

diff --git a/domain_admin/enums/ssl_type_enum.py b/domain_admin/enums/ssl_type_enum.py
@@ -0,0 +1,18 @@
+# -*- coding: utf-8 -*-
+"""
+@File    : ssl_type_enum.py
+@Date    : 2022-10-30
+@Author  : Peng Shiyu
+"""
+from __future__ import print_function, unicode_literals, absolute_import, division
+
+
+class SSLTypeEnum(object):
+    """
+    加密方式
+    """
+    # SSL/TLS
+    SSL_TLS = 0
+
+    # STARTTLS
+    START_TLS = 1
diff --git a/domain_admin/enums/version_enum.py b/domain_admin/enums/version_enum.py
@@ -139,3 +139,7 @@ class VersionEnum(object):
     Version_1519 = '1.5.19'
     Version_1520 = '1.5.20'
     Version_1521 = '1.5.21'
+
+    Version_1522 = '1.5.22'
+    Version_1523 = '1.5.23'
+    Version_1524 = '1.5.24'
diff --git a/domain_admin/migrate/migrate_1523_to_1524.py b/domain_admin/migrate/migrate_1523_to_1524.py
@@ -0,0 +1,31 @@
+# -*- coding: utf-8 -*-
+"""
+@File    : migrate_1523_to_1524.py
+@Date    : 2023-09-17
+
+cmd:
+$ python domain_admin/migrate/migrate_1523_to_1524.py
+"""
+from __future__ import print_function, unicode_literals, absolute_import, division
+
+from domain_admin.migrate import migrate_common
+from domain_admin.model.base_model import db
+from domain_admin.model.domain_model import DomainModel
+
+
+def execute_migrate():
+    """
+    版本升级 1.5.23 => 1.5.24
+    :return:
+    """
+    migrator = migrate_common.get_migrator(db)
+
+    migrate_rows = [
+        migrator.add_column(
+            DomainModel._meta.table_name,
+            DomainModel.ssl_type.name,
+            DomainModel.ssl_type
+        ),
+    ]
+
+    migrate_common.try_execute_migrate(migrate_rows)
diff --git a/domain_admin/model/domain_model.py b/domain_admin/model/domain_model.py
@@ -5,6 +5,7 @@
 
 from peewee import CharField, IntegerField, DateTimeField, BooleanField, AutoField
 
+from domain_admin.enums.ssl_type_enum import SSLTypeEnum
 from domain_admin.model.base_model import BaseModel
 from domain_admin.utils import datetime_util, time_util
 
@@ -50,8 +51,12 @@ class DomainModel(BaseModel):
     is_monitor = BooleanField(default=True)
 
     # 动态主机 @since 1.4.0
+    # @since 1.5.23 移除动态主机
     is_dynamic_host = BooleanField(default=False)
 
+    # SSL 加密方式 @since 1.5.23
+    ssl_type = IntegerField(default=SSLTypeEnum.SSL_TLS, null=False)
+
     # 连接状态
     # @since v1.2.24 所有ip都连接成功才是成功
     connect_status = BooleanField(default=None, null=True)

diff --git a/domain_admin/service/domain_service.py b/domain_admin/service/domain_service.py
@@ -92,7 +92,8 @@ def update_address_row_info(address_row, domain_row):
         cert_info = cert_openssl_v2.get_ssl_cert_by_openssl(
             domain=domain_row.domain,
             host=address_row.host,
-            port=domain_row.port
+            port=domain_row.port,
+            ssl_type=domain_row.ssl_type
         )
     except Exception as e:
         err = e.__str__()
@@ -181,9 +182,12 @@ def update_domain_row(domain_row):
 
     # 动态主机ip，需要先删除所有主机地址
     if domain_row.is_dynamic_host:
-        AddressModel.delete().where(
-            AddressModel.domain_id == domain_row.id
-        ).execute()
+        pass
+
+    # 移除动态主机行为，都清空再获取
+    AddressModel.delete().where(
+        AddressModel.domain_id == domain_row.id
+    ).execute()
 
     # 主机ip信息
     update_domain_host_list(domain_row)

diff --git a/domain_admin/service/version_service.py b/domain_admin/service/version_service.py
@@ -26,8 +26,8 @@
     migrate_154_to_155,
     migrate_158_to_159,
     migrate_1512_to_1513,
-    migrate_1520_to_1521
-)
+    migrate_1520_to_1521,
+    migrate_1523_to_1524)
 from domain_admin.model.version_model import VersionModel
 from domain_admin.version import VERSION
 
@@ -335,3 +335,16 @@ def execute_migrate(local_version):
         migrate_1520_to_1521.execute_migrate()
 
         local_version = VersionEnum.Version_1521
+
+    # 2023-08-30
+    if local_version in [
+        VersionEnum.Version_1521,
+        VersionEnum.Version_1522,
+        VersionEnum.Version_1523,
+    ]:
+        # 1.5.23 => 1.5.24
+        logger.info('update version: %s => %s', local_version, VersionEnum.Version_1524)
+
+        migrate_1523_to_1524.execute_migrate()
+
+        local_version = VersionEnum.Version_1524
diff --git a/domain_admin/utils/cert_util/cert_openssl_v2.py b/domain_admin/utils/cert_util/cert_openssl_v2.py
@@ -10,12 +10,14 @@
 import OpenSSL
 from OpenSSL.crypto import X509
 
+from domain_admin.enums.ssl_type_enum import SSLTypeEnum
 from domain_admin.utils import domain_util, time_util, json_util
 from domain_admin.utils.cert_util import cert_common
 
 # 默认的ssl端口
 DEFAULT_SSL_PORT = 443
 
+
 def verify_cert(cert, domain):
     """
     验证证书和域名是否匹配
@@ -43,10 +45,13 @@ def get_ssl_cert(
         domain,
         host=None,
         port=443,
-        timeout=3):
+        timeout=3,
+        ssl_type=SSLTypeEnum.SSL_TLS
+):
     """
     不验证证书，仅验证域名
     支持通配符
+    :param ssl_type:
     :param domain: str
     :param host: str
     :param port: int
@@ -61,12 +66,11 @@ def get_ssl_cert(
     sock.settimeout(timeout)
     sock.connect((host, port))
 
-    # 临时处理 smtp
-    # TODO: 用户可以设置使用协议：STARTTLS、SSL/TLS
+    # 用户可以设置使用协议：STARTTLS、SSL/TLS
     # issues: https://github.com/mouday/domain-admin/issues/57
     # ref: https://stackoverflow.com/questions/5108681/use-python-to-get-an-smtp-server-certificate/62695088#62695088
     # ref: https://serverfault.com/questions/131627/how-to-inspect-remote-smtp-servers-tls-certificate#:~:text=If%20you%20don%27t%20have%20OpenSSL%2C%20you%20can%20also,ssl.DER_cert_to_PEM_cert%20%28connection.sock.getpeercert%20%28binary_form%3DTrue%29%29%20where%20%5Bhostname%5D%20is%20the%20server.
-    if port == 25:
+    if ssl_type == SSLTypeEnum.START_TLS:
         try:
             sock.recv(1000)
             sock.send('EHLO\nSTARTTLS\n'.encode('utf-8'))
@@ -93,18 +97,21 @@ def get_ssl_cert_by_openssl(
         domain,
         host=None,
         port=443,
-        timeout=3):
+        timeout=3,
+        ssl_type=SSLTypeEnum.SSL_TLS
+):
     """
     不验证证书，仅验证域名
     支持通配符
+    :param ssl_type:
     :param domain: str
     :param host: str
     :param port: int
     :param timeout: int
     :return:
     """
 
-    cert = get_ssl_cert(domain, host, port, timeout)
+    cert = get_ssl_cert(domain, host, port, timeout, ssl_type=ssl_type)
 
     # verify
     domain_checked = verify_cert(cert, domain)

diff --git a/domain_admin/utils/flask_ext/flask_app.py b/domain_admin/utils/flask_ext/flask_app.py
@@ -1,17 +1,12 @@
 # -*- coding: utf-8 -*-
 from __future__ import print_function, unicode_literals, absolute_import, division
 
-from domain_admin.compat import Iterator
-
 import six
-
 from flask import Flask, Response
 from peewee import ModelSelect, Model
-from playhouse.shortcuts import model_to_dict
 
+from domain_admin.compat import Iterator
 from domain_admin.utils.flask_ext.api_result import ApiResult
-from domain_admin.utils.flask_ext.json.json_encoder import JSONEncoder
-from domain_admin.utils.flask_ext.json.json_provider import JSONProvider
 from domain_admin.utils.flask_ext.request import Request
 
 

diff --git a/domain_admin/utils/whois_util/whois-servers.txt b/domain_admin/utils/whois_util/whois-servers.txt
@@ -66,7 +66,7 @@ asia whois.nic.asia
 associates whois.nic.associates
 at whois.nic.at
 attorney whois.nic.attorney
-au whois.ausregistry.net
+au whois.auda.org.au
 auction whois.nic.auction
 audi whois.afilias-srs.net
 audible whois.nic.audible

diff --git a/domain_admin/utils/whois_util/whois_util.py b/domain_admin/utils/whois_util/whois_util.py
@@ -2,7 +2,11 @@
 """
 @File    : whois_util.py
 @Date    : 2023-03-24
+
+https://www.whois.com/whois/
+https://www.iana.org/domains/root/db
 """
+
 from __future__ import print_function, unicode_literals, absolute_import, division
 import json
 import re

diff --git a/tests/utils/test_whois_util.py b/tests/utils/test_whois_util.py
@@ -39,7 +39,8 @@ def test_get_domain_info():
         # 'kingbus.com.tw',
         # 'pcits.com.sg',
         # 'token.im',
-        'airdry.com.my'
+        # 'airdry.com.my'
+        'karinasharpe.com.au'
     ]
 
     for domain in domain_list: