From c00d0387f66795f3d5a9e9aa97cd1bae780758d9 Mon Sep 17 00:00:00 2001 From: pengshiyu <1940607002@qq.com> Date: Sun, 17 Sep 2023 10:52:58 +0800 Subject: [PATCH] =?UTF-8?q?=E7=A7=BB=E9=99=A4=E5=8A=A8=E6=80=81=E4=B8=BB?= =?UTF-8?q?=E6=9C=BA=E9=80=89=E9=A1=B9=EF=BC=8C=E6=96=B0=E5=A2=9ESSL?= =?UTF-8?q?=E5=8A=A0=E5=AF=86=E6=96=B9=E5=BC=8F=EF=BC=9ASTARTTLS?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- domain_admin/api/domain_api.py | 7 +++-- domain_admin/enums/ssl_type_enum.py | 18 +++++++++++ domain_admin/enums/version_enum.py | 4 +++ domain_admin/migrate/migrate_1523_to_1524.py | 31 +++++++++++++++++++ domain_admin/model/domain_model.py | 5 +++ domain_admin/service/domain_service.py | 12 ++++--- domain_admin/service/version_service.py | 17 ++++++++-- .../utils/cert_util/cert_openssl_v2.py | 19 ++++++++---- domain_admin/utils/flask_ext/flask_app.py | 7 +---- .../utils/whois_util/whois-servers.txt | 2 +- domain_admin/utils/whois_util/whois_util.py | 4 +++ tests/utils/test_whois_util.py | 3 +- 12 files changed, 107 insertions(+), 22 deletions(-) create mode 100644 domain_admin/enums/ssl_type_enum.py create mode 100644 domain_admin/migrate/migrate_1523_to_1524.py diff --git a/domain_admin/api/domain_api.py b/domain_admin/api/domain_api.py index b6c7aa14f3..c8792607c6 100644 --- a/domain_admin/api/domain_api.py +++ b/domain_admin/api/domain_api.py @@ -11,6 +11,7 @@ from domain_admin.enums.operation_enum import OperationEnum from domain_admin.enums.role_enum import RoleEnum +from domain_admin.enums.ssl_type_enum import SSLTypeEnum from domain_admin.model.address_model import AddressModel from domain_admin.model.domain_info_model import DomainInfoModel from domain_admin.model.domain_model import DomainModel @@ -40,11 +41,12 @@ def add_domain(): alias = request.json.get('alias') or '' group_id = request.json.get('group_id') or 0 - is_dynamic_host = request.json.get('is_dynamic_host', False) + # is_dynamic_host = request.json.get('is_dynamic_host', False) start_time = request.json.get('start_time') expire_time = request.json.get('expire_time') auto_update = request.json.get('auto_update', True) port = request.json.get('port') or cert_consts.SSL_DEFAULT_PORT + ssl_type = request.json.get('ssl_type', SSLTypeEnum.SSL_TLS) data = { # 基本信息 @@ -54,10 +56,11 @@ def add_domain(): 'root_domain': domain_util.get_root_domain(domain), 'alias': alias, 'group_id': group_id, - 'is_dynamic_host': is_dynamic_host, + # 'is_dynamic_host': is_dynamic_host, 'start_time': start_time, 'expire_time': expire_time, 'auto_update': auto_update, + 'ssl_type': ssl_type, } row = DomainModel.create(**data) diff --git a/domain_admin/enums/ssl_type_enum.py b/domain_admin/enums/ssl_type_enum.py new file mode 100644 index 0000000000..f086fcdf41 --- /dev/null +++ b/domain_admin/enums/ssl_type_enum.py @@ -0,0 +1,18 @@ +# -*- coding: utf-8 -*- +""" +@File : ssl_type_enum.py +@Date : 2022-10-30 +@Author : Peng Shiyu +""" +from __future__ import print_function, unicode_literals, absolute_import, division + + +class SSLTypeEnum(object): + """ + 加密方式 + """ + # SSL/TLS + SSL_TLS = 0 + + # STARTTLS + START_TLS = 1 diff --git a/domain_admin/enums/version_enum.py b/domain_admin/enums/version_enum.py index 67ee58dcaa..4364d75033 100644 --- a/domain_admin/enums/version_enum.py +++ b/domain_admin/enums/version_enum.py @@ -139,3 +139,7 @@ class VersionEnum(object): Version_1519 = '1.5.19' Version_1520 = '1.5.20' Version_1521 = '1.5.21' + + Version_1522 = '1.5.22' + Version_1523 = '1.5.23' + Version_1524 = '1.5.24' diff --git a/domain_admin/migrate/migrate_1523_to_1524.py b/domain_admin/migrate/migrate_1523_to_1524.py new file mode 100644 index 0000000000..3b6c810b90 --- /dev/null +++ b/domain_admin/migrate/migrate_1523_to_1524.py @@ -0,0 +1,31 @@ +# -*- coding: utf-8 -*- +""" +@File : migrate_1523_to_1524.py +@Date : 2023-09-17 + +cmd: +$ python domain_admin/migrate/migrate_1523_to_1524.py +""" +from __future__ import print_function, unicode_literals, absolute_import, division + +from domain_admin.migrate import migrate_common +from domain_admin.model.base_model import db +from domain_admin.model.domain_model import DomainModel + + +def execute_migrate(): + """ + 版本升级 1.5.23 => 1.5.24 + :return: + """ + migrator = migrate_common.get_migrator(db) + + migrate_rows = [ + migrator.add_column( + DomainModel._meta.table_name, + DomainModel.ssl_type.name, + DomainModel.ssl_type + ), + ] + + migrate_common.try_execute_migrate(migrate_rows) diff --git a/domain_admin/model/domain_model.py b/domain_admin/model/domain_model.py index 2207a12982..0923025543 100644 --- a/domain_admin/model/domain_model.py +++ b/domain_admin/model/domain_model.py @@ -5,6 +5,7 @@ from peewee import CharField, IntegerField, DateTimeField, BooleanField, AutoField +from domain_admin.enums.ssl_type_enum import SSLTypeEnum from domain_admin.model.base_model import BaseModel from domain_admin.utils import datetime_util, time_util @@ -50,8 +51,12 @@ class DomainModel(BaseModel): is_monitor = BooleanField(default=True) # 动态主机 @since 1.4.0 + # @since 1.5.23 移除动态主机 is_dynamic_host = BooleanField(default=False) + # SSL 加密方式 @since 1.5.23 + ssl_type = IntegerField(default=SSLTypeEnum.SSL_TLS, null=False) + # 连接状态 # @since v1.2.24 所有ip都连接成功才是成功 connect_status = BooleanField(default=None, null=True) diff --git a/domain_admin/service/domain_service.py b/domain_admin/service/domain_service.py index 1e50f81f71..f02d660b26 100644 --- a/domain_admin/service/domain_service.py +++ b/domain_admin/service/domain_service.py @@ -92,7 +92,8 @@ def update_address_row_info(address_row, domain_row): cert_info = cert_openssl_v2.get_ssl_cert_by_openssl( domain=domain_row.domain, host=address_row.host, - port=domain_row.port + port=domain_row.port, + ssl_type=domain_row.ssl_type ) except Exception as e: err = e.__str__() @@ -181,9 +182,12 @@ def update_domain_row(domain_row): # 动态主机ip,需要先删除所有主机地址 if domain_row.is_dynamic_host: - AddressModel.delete().where( - AddressModel.domain_id == domain_row.id - ).execute() + pass + + # 移除动态主机行为,都清空再获取 + AddressModel.delete().where( + AddressModel.domain_id == domain_row.id + ).execute() # 主机ip信息 update_domain_host_list(domain_row) diff --git a/domain_admin/service/version_service.py b/domain_admin/service/version_service.py index bc1c5a5454..574185a43c 100644 --- a/domain_admin/service/version_service.py +++ b/domain_admin/service/version_service.py @@ -26,8 +26,8 @@ migrate_154_to_155, migrate_158_to_159, migrate_1512_to_1513, - migrate_1520_to_1521 -) + migrate_1520_to_1521, + migrate_1523_to_1524) from domain_admin.model.version_model import VersionModel from domain_admin.version import VERSION @@ -335,3 +335,16 @@ def execute_migrate(local_version): migrate_1520_to_1521.execute_migrate() local_version = VersionEnum.Version_1521 + + # 2023-08-30 + if local_version in [ + VersionEnum.Version_1521, + VersionEnum.Version_1522, + VersionEnum.Version_1523, + ]: + # 1.5.23 => 1.5.24 + logger.info('update version: %s => %s', local_version, VersionEnum.Version_1524) + + migrate_1523_to_1524.execute_migrate() + + local_version = VersionEnum.Version_1524 diff --git a/domain_admin/utils/cert_util/cert_openssl_v2.py b/domain_admin/utils/cert_util/cert_openssl_v2.py index a2e7f2cd41..3c4548d1f7 100644 --- a/domain_admin/utils/cert_util/cert_openssl_v2.py +++ b/domain_admin/utils/cert_util/cert_openssl_v2.py @@ -10,12 +10,14 @@ import OpenSSL from OpenSSL.crypto import X509 +from domain_admin.enums.ssl_type_enum import SSLTypeEnum from domain_admin.utils import domain_util, time_util, json_util from domain_admin.utils.cert_util import cert_common # 默认的ssl端口 DEFAULT_SSL_PORT = 443 + def verify_cert(cert, domain): """ 验证证书和域名是否匹配 @@ -43,10 +45,13 @@ def get_ssl_cert( domain, host=None, port=443, - timeout=3): + timeout=3, + ssl_type=SSLTypeEnum.SSL_TLS +): """ 不验证证书,仅验证域名 支持通配符 + :param ssl_type: :param domain: str :param host: str :param port: int @@ -61,12 +66,11 @@ def get_ssl_cert( sock.settimeout(timeout) sock.connect((host, port)) - # 临时处理 smtp - # TODO: 用户可以设置使用协议:STARTTLS、SSL/TLS + # 用户可以设置使用协议:STARTTLS、SSL/TLS # issues: https://github.com/mouday/domain-admin/issues/57 # ref: https://stackoverflow.com/questions/5108681/use-python-to-get-an-smtp-server-certificate/62695088#62695088 # ref: https://serverfault.com/questions/131627/how-to-inspect-remote-smtp-servers-tls-certificate#:~:text=If%20you%20don%27t%20have%20OpenSSL%2C%20you%20can%20also,ssl.DER_cert_to_PEM_cert%20%28connection.sock.getpeercert%20%28binary_form%3DTrue%29%29%20where%20%5Bhostname%5D%20is%20the%20server. - if port == 25: + if ssl_type == SSLTypeEnum.START_TLS: try: sock.recv(1000) sock.send('EHLO\nSTARTTLS\n'.encode('utf-8')) @@ -93,10 +97,13 @@ def get_ssl_cert_by_openssl( domain, host=None, port=443, - timeout=3): + timeout=3, + ssl_type=SSLTypeEnum.SSL_TLS +): """ 不验证证书,仅验证域名 支持通配符 + :param ssl_type: :param domain: str :param host: str :param port: int @@ -104,7 +111,7 @@ def get_ssl_cert_by_openssl( :return: """ - cert = get_ssl_cert(domain, host, port, timeout) + cert = get_ssl_cert(domain, host, port, timeout, ssl_type=ssl_type) # verify domain_checked = verify_cert(cert, domain) diff --git a/domain_admin/utils/flask_ext/flask_app.py b/domain_admin/utils/flask_ext/flask_app.py index 4ca2d15ade..3c16e39ea4 100644 --- a/domain_admin/utils/flask_ext/flask_app.py +++ b/domain_admin/utils/flask_ext/flask_app.py @@ -1,17 +1,12 @@ # -*- coding: utf-8 -*- from __future__ import print_function, unicode_literals, absolute_import, division -from domain_admin.compat import Iterator - import six - from flask import Flask, Response from peewee import ModelSelect, Model -from playhouse.shortcuts import model_to_dict +from domain_admin.compat import Iterator from domain_admin.utils.flask_ext.api_result import ApiResult -from domain_admin.utils.flask_ext.json.json_encoder import JSONEncoder -from domain_admin.utils.flask_ext.json.json_provider import JSONProvider from domain_admin.utils.flask_ext.request import Request diff --git a/domain_admin/utils/whois_util/whois-servers.txt b/domain_admin/utils/whois_util/whois-servers.txt index ded1674a39..3679366b34 100644 --- a/domain_admin/utils/whois_util/whois-servers.txt +++ b/domain_admin/utils/whois_util/whois-servers.txt @@ -66,7 +66,7 @@ asia whois.nic.asia associates whois.nic.associates at whois.nic.at attorney whois.nic.attorney -au whois.ausregistry.net +au whois.auda.org.au auction whois.nic.auction audi whois.afilias-srs.net audible whois.nic.audible diff --git a/domain_admin/utils/whois_util/whois_util.py b/domain_admin/utils/whois_util/whois_util.py index b104d1dd67..a8063306d7 100644 --- a/domain_admin/utils/whois_util/whois_util.py +++ b/domain_admin/utils/whois_util/whois_util.py @@ -2,7 +2,11 @@ """ @File : whois_util.py @Date : 2023-03-24 + +https://www.whois.com/whois/ +https://www.iana.org/domains/root/db """ + from __future__ import print_function, unicode_literals, absolute_import, division import json import re diff --git a/tests/utils/test_whois_util.py b/tests/utils/test_whois_util.py index 5c8e8a0526..851d070bbe 100644 --- a/tests/utils/test_whois_util.py +++ b/tests/utils/test_whois_util.py @@ -39,7 +39,8 @@ def test_get_domain_info(): # 'kingbus.com.tw', # 'pcits.com.sg', # 'token.im', - 'airdry.com.my' + # 'airdry.com.my' + 'karinasharpe.com.au' ] for domain in domain_list: