mirror of
https://github.com/usual2970/certimate.git
synced 2025-06-08 13:39:53 +00:00
feat: new ca provider: custom acme ca
This commit is contained in:
Fu Diwei
parent
980d1ee0b9
commit
122d766cab
@ -3,25 +3,26 @@ package applicant
|
|||||||
import "github.com/usual2970/certimate/internal/domain"
|
import "github.com/usual2970/certimate/internal/domain"
|
||||||
|
|
||||||
const (
|
const (
|
||||||
sslProviderLetsEncrypt = string(domain.CAProviderTypeLetsEncrypt)
|
caLetsEncrypt = string(domain.CAProviderTypeLetsEncrypt)
|
||||||
sslProviderLetsEncryptStaging = string(domain.CAProviderTypeLetsEncryptStaging)
|
caLetsEncryptStaging = string(domain.CAProviderTypeLetsEncryptStaging)
|
||||||
sslProviderBuypass = string(domain.CAProviderTypeBuypass)
|
caBuypass = string(domain.CAProviderTypeBuypass)
|
||||||
sslProviderGoogleTrustServices = string(domain.CAProviderTypeGoogleTrustServices)
|
caGoogleTrustServices = string(domain.CAProviderTypeGoogleTrustServices)
|
||||||
sslProviderSSLCom = string(domain.CAProviderTypeSSLCom)
|
caSSLCom = string(domain.CAProviderTypeSSLCom)
|
||||||
sslProviderZeroSSL = string(domain.CAProviderTypeZeroSSL)
|
caZeroSSL = string(domain.CAProviderTypeZeroSSL)
|
||||||
|
caCustom = string(domain.CAProviderTypeACMECA)
|
||||||
|
|
||||||
sslProviderDefault = sslProviderLetsEncrypt
|
caDefault = caLetsEncrypt
|
||||||
)
|
)
|
||||||
|
|
||||||
var sslProviderUrls = map[string]string{
|
var caDirUrls = map[string]string{
|
||||||
sslProviderLetsEncrypt: "https://acme-v02.api.letsencrypt.org/directory",
|
caLetsEncrypt: "https://acme-v02.api.letsencrypt.org/directory",
|
||||||
sslProviderLetsEncryptStaging: "https://acme-staging-v02.api.letsencrypt.org/directory",
|
caLetsEncryptStaging: "https://acme-staging-v02.api.letsencrypt.org/directory",
|
||||||
sslProviderBuypass: "https://api.buypass.com/acme/directory",
|
caBuypass: "https://api.buypass.com/acme/directory",
|
||||||
sslProviderGoogleTrustServices: "https://dv.acme-v02.api.pki.goog/directory",
|
caGoogleTrustServices: "https://dv.acme-v02.api.pki.goog/directory",
|
||||||
sslProviderSSLCom: "https://acme.ssl.com/sslcom-dv-rsa",
|
caSSLCom: "https://acme.ssl.com/sslcom-dv-rsa",
|
||||||
sslProviderSSLCom + "RSA": "https://acme.ssl.com/sslcom-dv-rsa",
|
caSSLCom + "RSA": "https://acme.ssl.com/sslcom-dv-rsa",
|
||||||
sslProviderSSLCom + "ECC": "https://acme.ssl.com/sslcom-dv-ecc",
|
caSSLCom + "ECC": "https://acme.ssl.com/sslcom-dv-ecc",
|
||||||
sslProviderZeroSSL: "https://acme.zerossl.com/v2/DV90",
|
caZeroSSL: "https://acme.zerossl.com/v2/DV90",
|
||||||
}
|
}
|
||||||
|
|
||||||
type acmeSSLProviderConfig struct {
|
type acmeSSLProviderConfig struct {
|
||||||
|
|||||||
@ -7,6 +7,7 @@ import (
|
|||||||
"crypto/elliptic"
|
"crypto/elliptic"
|
||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"strings"
|
||||||
|
|
||||||
"github.com/go-acme/lego/v4/lego"
|
"github.com/go-acme/lego/v4/lego"
|
||||||
"github.com/go-acme/lego/v4/registration"
|
"github.com/go-acme/lego/v4/registration"
|
||||||
@ -19,22 +20,31 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
type acmeUser struct {
|
type acmeUser struct {
|
||||||
CA string
|
// 证书颁发机构标识。
|
||||||
Email string
|
// 通常等同于 [CAProviderType] 的值。
|
||||||
|
// 对于自定义 ACME CA,值为 "custom#{access_id}"。
|
||||||
|
CA string
|
||||||
|
// 邮箱。
|
||||||
|
Email string
|
||||||
|
// 注册信息。
|
||||||
Registration *registration.Resource
|
Registration *registration.Resource
|
||||||
|
|
||||||
|
// CSR 私钥。
|
||||||
privkey string
|
privkey string
|
||||||
}
|
}
|
||||||
|
|
||||||
func newAcmeUser(ca, email string) (*acmeUser, error) {
|
func newAcmeUser(ca, caAccessId, email string) (*acmeUser, error) {
|
||||||
repo := repository.NewAcmeAccountRepository()
|
repo := repository.NewAcmeAccountRepository()
|
||||||
|
|
||||||
applyUser := &acmeUser{
|
applyUser := &acmeUser{
|
||||||
CA: ca,
|
CA: ca,
|
||||||
Email: email,
|
Email: email,
|
||||||
}
|
}
|
||||||
|
if ca == caCustom {
|
||||||
|
applyUser.CA = fmt.Sprintf("%s#%s", ca, caAccessId)
|
||||||
|
}
|
||||||
|
|
||||||
acmeAccount, err := repo.GetByCAAndEmail(ca, email)
|
acmeAccount, err := repo.GetByCAAndEmail(applyUser.CA, applyUser.Email)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -73,6 +83,10 @@ func (u *acmeUser) hasRegistration() bool {
|
|||||||
return u.Registration != nil
|
return u.Registration != nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (u *acmeUser) getCAProvider() string {
|
||||||
|
return strings.Split(u.CA, "#")[0]
|
||||||
|
}
|
||||||
|
|
||||||
func (u *acmeUser) getPrivateKeyPEM() string {
|
func (u *acmeUser) getPrivateKeyPEM() string {
|
||||||
return u.privkey
|
return u.privkey
|
||||||
}
|
}
|
||||||
@ -94,16 +108,16 @@ func registerAcmeUserWithSingleFlight(client *lego.Client, user *acmeUser, userR
|
|||||||
func registerAcmeUser(client *lego.Client, user *acmeUser, userRegisterOptions map[string]any) (*registration.Resource, error) {
|
func registerAcmeUser(client *lego.Client, user *acmeUser, userRegisterOptions map[string]any) (*registration.Resource, error) {
|
||||||
var reg *registration.Resource
|
var reg *registration.Resource
|
||||||
var err error
|
var err error
|
||||||
switch user.CA {
|
switch user.getCAProvider() {
|
||||||
case sslProviderLetsEncrypt, sslProviderLetsEncryptStaging:
|
case caLetsEncrypt, caLetsEncryptStaging:
|
||||||
reg, err = client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
|
reg, err = client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
|
||||||
|
|
||||||
case sslProviderBuypass:
|
case caBuypass:
|
||||||
{
|
{
|
||||||
reg, err = client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
|
reg, err = client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
|
||||||
}
|
}
|
||||||
|
|
||||||
case sslProviderGoogleTrustServices:
|
case caGoogleTrustServices:
|
||||||
{
|
{
|
||||||
access := domain.AccessConfigForGoogleTrustServices{}
|
access := domain.AccessConfigForGoogleTrustServices{}
|
||||||
if err := maputil.Populate(userRegisterOptions, &access); err != nil {
|
if err := maputil.Populate(userRegisterOptions, &access); err != nil {
|
||||||
@ -117,7 +131,7 @@ func registerAcmeUser(client *lego.Client, user *acmeUser, userRegisterOptions m
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
case sslProviderSSLCom:
|
case caSSLCom:
|
||||||
{
|
{
|
||||||
access := domain.AccessConfigForSSLCom{}
|
access := domain.AccessConfigForSSLCom{}
|
||||||
if err := maputil.Populate(userRegisterOptions, &access); err != nil {
|
if err := maputil.Populate(userRegisterOptions, &access); err != nil {
|
||||||
@ -131,7 +145,7 @@ func registerAcmeUser(client *lego.Client, user *acmeUser, userRegisterOptions m
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
case sslProviderZeroSSL:
|
case caZeroSSL:
|
||||||
{
|
{
|
||||||
access := domain.AccessConfigForZeroSSL{}
|
access := domain.AccessConfigForZeroSSL{}
|
||||||
if err := maputil.Populate(userRegisterOptions, &access); err != nil {
|
if err := maputil.Populate(userRegisterOptions, &access); err != nil {
|
||||||
@ -145,6 +159,26 @@ func registerAcmeUser(client *lego.Client, user *acmeUser, userRegisterOptions m
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
case caCustom:
|
||||||
|
{
|
||||||
|
access := domain.AccessConfigForACMECA{}
|
||||||
|
if err := maputil.Populate(userRegisterOptions, &access); err != nil {
|
||||||
|
return nil, fmt.Errorf("failed to populate provider access config: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if access.EabKid == "" && access.EabHmacKey == "" {
|
||||||
|
reg, err = client.Registration.Register(registration.RegisterOptions{
|
||||||
|
TermsOfServiceAgreed: true,
|
||||||
|
})
|
||||||
|
} else {
|
||||||
|
reg, err = client.Registration.RegisterWithExternalAccountBinding(registration.RegisterEABOptions{
|
||||||
|
TermsOfServiceAgreed: true,
|
||||||
|
Kid: access.EabKid,
|
||||||
|
HmacEncoded: access.EabHmacKey,
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
default:
|
default:
|
||||||
err = fmt.Errorf("unsupported ca provider '%s'", user.CA)
|
err = fmt.Errorf("unsupported ca provider '%s'", user.CA)
|
||||||
}
|
}
|
||||||
|
|||||||
@ -20,12 +20,13 @@ import (
|
|||||||
"golang.org/x/time/rate"
|
"golang.org/x/time/rate"
|
||||||
|
|
||||||
"github.com/usual2970/certimate/internal/domain"
|
"github.com/usual2970/certimate/internal/domain"
|
||||||
|
maputil "github.com/usual2970/certimate/internal/pkg/utils/map"
|
||||||
sliceutil "github.com/usual2970/certimate/internal/pkg/utils/slice"
|
sliceutil "github.com/usual2970/certimate/internal/pkg/utils/slice"
|
||||||
"github.com/usual2970/certimate/internal/repository"
|
"github.com/usual2970/certimate/internal/repository"
|
||||||
)
|
)
|
||||||
|
|
||||||
type ApplyResult struct {
|
type ApplyResult struct {
|
||||||
CertificateFullChain string
|
FullChainCertificate string
|
||||||
IssuerCertificate string
|
IssuerCertificate string
|
||||||
PrivateKey string
|
PrivateKey string
|
||||||
ACMEAccountUrl string
|
ACMEAccountUrl string
|
||||||
@ -81,6 +82,7 @@ func NewWithWorkflowNode(config ApplicantWithWorkflowNodeConfig) (Applicant, err
|
|||||||
if access, err := accessRepo.GetById(context.Background(), nodeConfig.CAProviderAccessId); err != nil {
|
if access, err := accessRepo.GetById(context.Background(), nodeConfig.CAProviderAccessId); err != nil {
|
||||||
return nil, fmt.Errorf("failed to get access #%s record: %w", nodeConfig.CAProviderAccessId, err)
|
return nil, fmt.Errorf("failed to get access #%s record: %w", nodeConfig.CAProviderAccessId, err)
|
||||||
} else {
|
} else {
|
||||||
|
options.CAProviderAccessId = access.Id
|
||||||
options.CAProviderAccessConfig = access.Config
|
options.CAProviderAccessConfig = access.Config
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -91,13 +93,13 @@ func NewWithWorkflowNode(config ApplicantWithWorkflowNodeConfig) (Applicant, err
|
|||||||
|
|
||||||
sslProviderConfig := &acmeSSLProviderConfig{
|
sslProviderConfig := &acmeSSLProviderConfig{
|
||||||
Config: make(map[domain.CAProviderType]map[string]any),
|
Config: make(map[domain.CAProviderType]map[string]any),
|
||||||
Provider: sslProviderDefault,
|
Provider: caDefault,
|
||||||
}
|
}
|
||||||
if settings != nil {
|
if settings != nil {
|
||||||
if err := json.Unmarshal([]byte(settings.Content), sslProviderConfig); err != nil {
|
if err := json.Unmarshal([]byte(settings.Content), sslProviderConfig); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
} else if sslProviderConfig.Provider == "" {
|
} else if sslProviderConfig.Provider == "" {
|
||||||
sslProviderConfig.Provider = sslProviderDefault
|
sslProviderConfig.Provider = caDefault
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -163,7 +165,7 @@ func getLimiter(key string) *rate.Limiter {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func applyUseLego(legoProvider challenge.Provider, options *applicantProviderOptions) (*ApplyResult, error) {
|
func applyUseLego(legoProvider challenge.Provider, options *applicantProviderOptions) (*ApplyResult, error) {
|
||||||
user, err := newAcmeUser(string(options.CAProvider), options.ContactEmail)
|
user, err := newAcmeUser(string(options.CAProvider), options.CAProviderAccessId, options.ContactEmail)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@ -175,13 +177,26 @@ func applyUseLego(legoProvider challenge.Provider, options *applicantProviderOpt
|
|||||||
// Create an ACME client config
|
// Create an ACME client config
|
||||||
config := lego.NewConfig(user)
|
config := lego.NewConfig(user)
|
||||||
config.Certificate.KeyType = parseLegoKeyAlgorithm(domain.CertificateKeyAlgorithmType(options.KeyAlgorithm))
|
config.Certificate.KeyType = parseLegoKeyAlgorithm(domain.CertificateKeyAlgorithmType(options.KeyAlgorithm))
|
||||||
config.CADirURL = sslProviderUrls[user.CA]
|
switch user.getCAProvider() {
|
||||||
if user.CA == sslProviderSSLCom {
|
case caSSLCom:
|
||||||
if strings.HasPrefix(options.KeyAlgorithm, "RSA") {
|
if strings.HasPrefix(options.KeyAlgorithm, "RSA") {
|
||||||
config.CADirURL = sslProviderUrls[sslProviderSSLCom+"RSA"]
|
config.CADirURL = caDirUrls[caSSLCom+"RSA"]
|
||||||
} else if strings.HasPrefix(options.KeyAlgorithm, "EC") {
|
} else if strings.HasPrefix(options.KeyAlgorithm, "EC") {
|
||||||
config.CADirURL = sslProviderUrls[sslProviderSSLCom+"ECC"]
|
config.CADirURL = caDirUrls[caSSLCom+"ECC"]
|
||||||
|
} else {
|
||||||
|
config.CADirURL = caDirUrls[caSSLCom]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
case caCustom:
|
||||||
|
caDirURL := maputil.GetString(options.CAProviderAccessConfig, "endpoint")
|
||||||
|
if caDirURL != "" {
|
||||||
|
config.CADirURL = caDirURL
|
||||||
|
} else {
|
||||||
|
return nil, fmt.Errorf("invalid ca provider endpoint")
|
||||||
|
}
|
||||||
|
|
||||||
|
default:
|
||||||
|
config.CADirURL = caDirUrls[user.CA]
|
||||||
}
|
}
|
||||||
|
|
||||||
// Create an ACME client
|
// Create an ACME client
|
||||||
@ -229,7 +244,7 @@ func applyUseLego(legoProvider challenge.Provider, options *applicantProviderOpt
|
|||||||
}
|
}
|
||||||
|
|
||||||
return &ApplyResult{
|
return &ApplyResult{
|
||||||
CertificateFullChain: strings.TrimSpace(string(certResource.Certificate)),
|
FullChainCertificate: strings.TrimSpace(string(certResource.Certificate)),
|
||||||
IssuerCertificate: strings.TrimSpace(string(certResource.IssuerCertificate)),
|
IssuerCertificate: strings.TrimSpace(string(certResource.IssuerCertificate)),
|
||||||
PrivateKey: strings.TrimSpace(string(certResource.PrivateKey)),
|
PrivateKey: strings.TrimSpace(string(certResource.PrivateKey)),
|
||||||
ACMEAccountUrl: user.Registration.URI,
|
ACMEAccountUrl: user.Registration.URI,
|
||||||
|
|||||||
@ -48,6 +48,7 @@ type applicantProviderOptions struct {
|
|||||||
ProviderAccessConfig map[string]any
|
ProviderAccessConfig map[string]any
|
||||||
ProviderExtendedConfig map[string]any
|
ProviderExtendedConfig map[string]any
|
||||||
CAProvider domain.CAProviderType
|
CAProvider domain.CAProviderType
|
||||||
|
CAProviderAccessId string
|
||||||
CAProviderAccessConfig map[string]any
|
CAProviderAccessConfig map[string]any
|
||||||
CAProviderExtendedConfig map[string]any
|
CAProviderExtendedConfig map[string]any
|
||||||
KeyAlgorithm string
|
KeyAlgorithm string
|
||||||
|
|||||||
@ -22,6 +22,12 @@ type AccessConfigFor1Panel struct {
|
|||||||
AllowInsecureConnections bool `json:"allowInsecureConnections,omitempty"`
|
AllowInsecureConnections bool `json:"allowInsecureConnections,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type AccessConfigForACMECA struct {
|
||||||
|
Endpoint string `json:"endpoint"`
|
||||||
|
EabKid string `json:"eabKid,omitempty"`
|
||||||
|
EabHmacKey string `json:"eabHmacKey,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
type AccessConfigForACMEHttpReq struct {
|
type AccessConfigForACMEHttpReq struct {
|
||||||
Endpoint string `json:"endpoint"`
|
Endpoint string `json:"endpoint"`
|
||||||
Mode string `json:"mode,omitempty"`
|
Mode string `json:"mode,omitempty"`
|
||||||
|
|||||||
@ -10,7 +10,7 @@ type AccessProviderType string
|
|||||||
*/
|
*/
|
||||||
const (
|
const (
|
||||||
AccessProviderType1Panel = AccessProviderType("1panel")
|
AccessProviderType1Panel = AccessProviderType("1panel")
|
||||||
AccessProviderTypeACMECA = AccessProviderType("acmeca") // ACME CA(预留)
|
AccessProviderTypeACMECA = AccessProviderType("acmeca")
|
||||||
AccessProviderTypeACMEHttpReq = AccessProviderType("acmehttpreq")
|
AccessProviderTypeACMEHttpReq = AccessProviderType("acmehttpreq")
|
||||||
AccessProviderTypeAkamai = AccessProviderType("akamai") // Akamai(预留)
|
AccessProviderTypeAkamai = AccessProviderType("akamai") // Akamai(预留)
|
||||||
AccessProviderTypeAliyun = AccessProviderType("aliyun")
|
AccessProviderTypeAliyun = AccessProviderType("aliyun")
|
||||||
@ -91,6 +91,7 @@ type CAProviderType string
|
|||||||
NOTICE: If you add new constant, please keep ASCII order.
|
NOTICE: If you add new constant, please keep ASCII order.
|
||||||
*/
|
*/
|
||||||
const (
|
const (
|
||||||
|
CAProviderTypeACMECA = CAProviderType(AccessProviderTypeACMECA)
|
||||||
CAProviderTypeBuypass = CAProviderType(AccessProviderTypeBuypass)
|
CAProviderTypeBuypass = CAProviderType(AccessProviderTypeBuypass)
|
||||||
CAProviderTypeGoogleTrustServices = CAProviderType(AccessProviderTypeGoogleTrustServices)
|
CAProviderTypeGoogleTrustServices = CAProviderType(AccessProviderTypeGoogleTrustServices)
|
||||||
CAProviderTypeLetsEncrypt = CAProviderType(AccessProviderTypeLetsEncrypt)
|
CAProviderTypeLetsEncrypt = CAProviderType(AccessProviderTypeLetsEncrypt)
|
||||||
|
|||||||
@ -66,14 +66,14 @@ func (n *applyNode) Process(ctx context.Context) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// 解析证书并生成实体
|
// 解析证书并生成实体
|
||||||
certX509, err := certutil.ParseCertificateFromPEM(applyResult.CertificateFullChain)
|
certX509, err := certutil.ParseCertificateFromPEM(applyResult.FullChainCertificate)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
n.logger.Warn("failed to parse certificate, may be the CA responded error")
|
n.logger.Warn("failed to parse certificate, may be the CA responded error")
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
certificate := &domain.Certificate{
|
certificate := &domain.Certificate{
|
||||||
Source: domain.CertificateSourceTypeWorkflow,
|
Source: domain.CertificateSourceTypeWorkflow,
|
||||||
Certificate: applyResult.CertificateFullChain,
|
Certificate: applyResult.FullChainCertificate,
|
||||||
PrivateKey: applyResult.PrivateKey,
|
PrivateKey: applyResult.PrivateKey,
|
||||||
IssuerCertificate: applyResult.IssuerCertificate,
|
IssuerCertificate: applyResult.IssuerCertificate,
|
||||||
ACMEAccountUrl: applyResult.ACMEAccountUrl,
|
ACMEAccountUrl: applyResult.ACMEAccountUrl,
|
||||||
|
|||||||
1
ui/public/imgs/providers/acmeca.svg
Normal file
1
ui/public/imgs/providers/acmeca.svg
Normal file
@ -0,0 +1 @@
|
|||||||
|
<svg viewBox="0 0 1024 1024" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="200" height="200"><path d="M642.56 946.176h-261.12c-167.936 0-303.616-136.192-303.616-303.616v-261.12c0-167.936 136.192-303.616 303.616-303.616h261.12c167.936 0 303.616 136.192 303.616 303.616v261.12c0 167.424-136.192 303.616-303.616 303.616z" fill="#F2F9FF"></path><path d="M512 808.448l-6.144-2.56c-201.728-78.336-224.768-180.736-224.768-250.88V287.232l17.92 0.512c140.288 4.608 199.68-58.88 200.192-59.392l12.8-14.336 12.8 14.336c0.512 0.512 56.832 59.392 185.344 59.392 5.12 0 9.728 0 14.848-0.512l17.92-0.512v267.776c0 70.144-23.552 172.544-224.768 250.88l-6.144 3.072zM315.904 323.072v232.448c0 37.888 0 137.216 196.096 215.552 196.096-78.336 196.096-178.176 196.096-215.552V323.072c-108.544-0.512-171.008-39.424-196.096-59.392-25.088 19.968-87.552 58.88-196.096 59.392z m0 0" fill="#04AE7F"></path><path d="M674.304 566.272h-78.336v-133.12h28.16v110.08h49.664v23.04z m-114.176-7.68c-9.216 6.656-22.016 10.24-38.4 10.24-15.36 0-27.648-2.56-37.376-7.168v-28.672c10.24 8.704 23.04 13.312 36.352 13.312 7.68 0 13.312-1.536 17.408-4.096 4.096-2.56 5.632-6.144 5.632-10.24 0-3.584-1.536-7.168-4.608-10.24-3.072-3.072-11.264-7.68-24.576-13.312-20.992-8.704-31.232-21.504-31.232-38.4 0-12.288 4.608-22.016 14.336-28.672 9.216-6.656 22.016-10.24 37.376-10.24 12.8 0 24.064 1.536 32.768 5.12v26.624c-8.704-6.144-19.456-9.216-31.232-9.216-7.168 0-12.8 1.024-16.896 3.584-4.096 2.56-6.144 6.144-6.144 10.24 0 3.584 1.536 6.656 4.096 9.728 3.072 3.072 9.728 6.656 20.992 11.776 13.312 5.632 22.528 11.776 27.136 17.92 5.12 6.144 7.68 13.824 7.68 22.528 0.512 12.8-4.096 22.528-13.312 29.184z m-105.472 0c-9.216 6.656-22.016 10.24-38.4 10.24-15.36 0-27.648-2.56-37.376-7.168v-28.672c10.752 8.704 23.04 13.312 36.352 13.312 7.68 0 13.312-1.536 17.408-4.096 4.096-2.56 5.632-6.144 5.632-10.24 0-3.584-1.536-7.168-4.608-10.24-3.072-3.072-11.264-7.68-24.576-13.312-20.992-8.704-31.232-21.504-31.232-38.4 0-12.288 4.608-22.016 14.336-28.672 9.216-6.656 22.016-10.24 37.376-10.24 12.8 0 24.064 1.536 32.768 5.12v26.624c-8.704-6.144-19.456-9.216-31.232-9.216-7.168 0-12.8 1.024-16.896 3.584-4.096 2.56-6.144 6.144-6.144 10.24 0 3.584 1.536 6.656 4.096 9.728 3.072 3.072 9.728 6.656 20.992 11.776 13.312 5.632 22.528 11.776 27.136 17.92 5.12 6.656 7.68 14.336 7.68 22.528 0 12.8-4.608 22.528-13.312 29.184z m332.288-190.464C696.32 386.56 604.16 395.776 512 395.776s-184.32-9.216-274.944-27.648c22.528 61.44 33.792 109.056 33.792 142.848 0 33.792-11.264 81.92-33.792 142.848 121.344-20.992 213.504-31.744 274.944-31.744s153.6 10.752 274.944 31.744c-29.696-61.952-44.544-109.568-44.544-142.848s15.36-80.896 44.544-142.848z m0 0" fill="#04AE7F"></path></svg>
|
||||||
|
After Width: | Height: | Size: 2.7 KiB |
@ -12,6 +12,7 @@ import { ACCESS_PROVIDERS, ACCESS_USAGES, type AccessProvider } from "@/domain/p
|
|||||||
import { useAntdForm, useAntdFormName } from "@/hooks";
|
import { useAntdForm, useAntdFormName } from "@/hooks";
|
||||||
|
|
||||||
import AccessForm1PanelConfig from "./AccessForm1PanelConfig";
|
import AccessForm1PanelConfig from "./AccessForm1PanelConfig";
|
||||||
|
import AccessFormACMECAConfig from "./AccessFormACMECAConfig";
|
||||||
import AccessFormACMEHttpReqConfig from "./AccessFormACMEHttpReqConfig";
|
import AccessFormACMEHttpReqConfig from "./AccessFormACMEHttpReqConfig";
|
||||||
import AccessFormAliyunConfig from "./AccessFormAliyunConfig";
|
import AccessFormAliyunConfig from "./AccessFormAliyunConfig";
|
||||||
import AccessFormAWSConfig from "./AccessFormAWSConfig";
|
import AccessFormAWSConfig from "./AccessFormAWSConfig";
|
||||||
@ -177,6 +178,8 @@ const AccessForm = forwardRef<AccessFormInstance, AccessFormProps>(({ className,
|
|||||||
switch (fieldProvider) {
|
switch (fieldProvider) {
|
||||||
case ACCESS_PROVIDERS["1PANEL"]:
|
case ACCESS_PROVIDERS["1PANEL"]:
|
||||||
return <AccessForm1PanelConfig {...nestedFormProps} />;
|
return <AccessForm1PanelConfig {...nestedFormProps} />;
|
||||||
|
case ACCESS_PROVIDERS.ACMECA:
|
||||||
|
return <AccessFormACMECAConfig {...nestedFormProps} />;
|
||||||
case ACCESS_PROVIDERS.ACMEHTTPREQ:
|
case ACCESS_PROVIDERS.ACMEHTTPREQ:
|
||||||
return <AccessFormACMEHttpReqConfig {...nestedFormProps} />;
|
return <AccessFormACMEHttpReqConfig {...nestedFormProps} />;
|
||||||
case ACCESS_PROVIDERS.ALIYUN:
|
case ACCESS_PROVIDERS.ALIYUN:
|
||||||
|
|||||||
77
ui/src/components/access/AccessFormACMECAConfig.tsx
Normal file
77
ui/src/components/access/AccessFormACMECAConfig.tsx
Normal file
@ -0,0 +1,77 @@
|
|||||||
|
import { useTranslation } from "react-i18next";
|
||||||
|
import { Form, type FormInstance, Input, Select } from "antd";
|
||||||
|
import { createSchemaFieldRule } from "antd-zod";
|
||||||
|
import { z } from "zod";
|
||||||
|
|
||||||
|
import { type AccessConfigForACMECA } from "@/domain/access";
|
||||||
|
|
||||||
|
type AccessFormACMECAConfigFieldValues = Nullish<AccessConfigForACMECA>;
|
||||||
|
|
||||||
|
export type AccessFormACMECAConfigProps = {
|
||||||
|
form: FormInstance;
|
||||||
|
formName: string;
|
||||||
|
disabled?: boolean;
|
||||||
|
initialValues?: AccessFormACMECAConfigFieldValues;
|
||||||
|
onValuesChange?: (values: AccessFormACMECAConfigFieldValues) => void;
|
||||||
|
};
|
||||||
|
|
||||||
|
const initFormModel = (): AccessFormACMECAConfigFieldValues => {
|
||||||
|
return {
|
||||||
|
endpoint: "https://example.com/acme/directory",
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
const AccessFormACMECAConfig = ({ form: formInst, formName, disabled, initialValues, onValuesChange }: AccessFormACMECAConfigProps) => {
|
||||||
|
const { t } = useTranslation();
|
||||||
|
|
||||||
|
const formSchema = z.object({
|
||||||
|
endpoint: z.string().url(t("common.errmsg.url_invalid")),
|
||||||
|
eabKid: z.string().trim().nullish(),
|
||||||
|
eabHmacKey: z.string().trim().nullish(),
|
||||||
|
});
|
||||||
|
const formRule = createSchemaFieldRule(formSchema);
|
||||||
|
|
||||||
|
const handleFormChange = (_: unknown, values: z.infer<typeof formSchema>) => {
|
||||||
|
onValuesChange?.(values);
|
||||||
|
};
|
||||||
|
|
||||||
|
return (
|
||||||
|
<Form
|
||||||
|
form={formInst}
|
||||||
|
disabled={disabled}
|
||||||
|
initialValues={initialValues ?? initFormModel()}
|
||||||
|
layout="vertical"
|
||||||
|
name={formName}
|
||||||
|
onValuesChange={handleFormChange}
|
||||||
|
>
|
||||||
|
<Form.Item
|
||||||
|
name="endpoint"
|
||||||
|
label={t("access.form.acmeca_endpoint.label")}
|
||||||
|
rules={[formRule]}
|
||||||
|
tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.acmeca_endpoint.tooltip") }}></span>}
|
||||||
|
>
|
||||||
|
<Input placeholder={t("access.form.acmeca_endpoint.placeholder")} />
|
||||||
|
</Form.Item>
|
||||||
|
|
||||||
|
<Form.Item
|
||||||
|
name="eabKid"
|
||||||
|
label={t("access.form.acmeca_eab_kid.label")}
|
||||||
|
rules={[formRule]}
|
||||||
|
tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.acmeca_eab_kid.tooltip") }}></span>}
|
||||||
|
>
|
||||||
|
<Input autoComplete="new-password" placeholder={t("access.form.acmeca_eab_kid.placeholder")} />
|
||||||
|
</Form.Item>
|
||||||
|
|
||||||
|
<Form.Item
|
||||||
|
name="eabHmacKey"
|
||||||
|
label={t("access.form.acmeca_eab_hmac_key.label")}
|
||||||
|
rules={[formRule]}
|
||||||
|
tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.acmeca_eab_hmac_key.tooltip") }}></span>}
|
||||||
|
>
|
||||||
|
<Input.Password autoComplete="new-password" placeholder={t("access.form.acmeca_eab_hmac_key.placeholder")} />
|
||||||
|
</Form.Item>
|
||||||
|
</Form>
|
||||||
|
);
|
||||||
|
};
|
||||||
|
|
||||||
|
export default AccessFormACMECAConfig;
|
||||||
@ -7,6 +7,7 @@ export interface AccessModel extends BaseModel {
|
|||||||
*/ Record<string, unknown> &
|
*/ Record<string, unknown> &
|
||||||
(
|
(
|
||||||
| AccessConfigFor1Panel
|
| AccessConfigFor1Panel
|
||||||
|
| AccessConfigForACMECA
|
||||||
| AccessConfigForACMEHttpReq
|
| AccessConfigForACMEHttpReq
|
||||||
| AccessConfigForAliyun
|
| AccessConfigForAliyun
|
||||||
| AccessConfigForAWS
|
| AccessConfigForAWS
|
||||||
@ -75,6 +76,12 @@ export type AccessConfigFor1Panel = {
|
|||||||
allowInsecureConnections?: boolean;
|
allowInsecureConnections?: boolean;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
export type AccessConfigForACMECA = {
|
||||||
|
endpoint: string;
|
||||||
|
eabKid?: string;
|
||||||
|
eabHmacKey?: string;
|
||||||
|
};
|
||||||
|
|
||||||
export type AccessConfigForACMEHttpReq = {
|
export type AccessConfigForACMEHttpReq = {
|
||||||
endpoint: string;
|
endpoint: string;
|
||||||
mode?: string;
|
mode?: string;
|
||||||
|
|||||||
@ -5,6 +5,7 @@
|
|||||||
*/
|
*/
|
||||||
export const ACCESS_PROVIDERS = Object.freeze({
|
export const ACCESS_PROVIDERS = Object.freeze({
|
||||||
["1PANEL"]: "1panel",
|
["1PANEL"]: "1panel",
|
||||||
|
ACMECA: "acmeca",
|
||||||
ACMEHTTPREQ: "acmehttpreq",
|
ACMEHTTPREQ: "acmehttpreq",
|
||||||
ALIYUN: "aliyun",
|
ALIYUN: "aliyun",
|
||||||
AWS: "aws",
|
AWS: "aws",
|
||||||
@ -153,6 +154,7 @@ export const accessProvidersMap: Map<AccessProvider["type"] | string, AccessProv
|
|||||||
[ACCESS_PROVIDERS.GOOGLETRUSTSERVICES, "provider.googletrustservices", "/imgs/providers/google.svg", [ACCESS_USAGES.CA]],
|
[ACCESS_PROVIDERS.GOOGLETRUSTSERVICES, "provider.googletrustservices", "/imgs/providers/google.svg", [ACCESS_USAGES.CA]],
|
||||||
[ACCESS_PROVIDERS.SSLCOM, "provider.sslcom", "/imgs/providers/sslcom.svg", [ACCESS_USAGES.CA]],
|
[ACCESS_PROVIDERS.SSLCOM, "provider.sslcom", "/imgs/providers/sslcom.svg", [ACCESS_USAGES.CA]],
|
||||||
[ACCESS_PROVIDERS.ZEROSSL, "provider.zerossl", "/imgs/providers/zerossl.svg", [ACCESS_USAGES.CA]],
|
[ACCESS_PROVIDERS.ZEROSSL, "provider.zerossl", "/imgs/providers/zerossl.svg", [ACCESS_USAGES.CA]],
|
||||||
|
[ACCESS_PROVIDERS.ACMECA, "provider.acmeca", "/imgs/providers/acmeca.svg", [ACCESS_USAGES.CA]],
|
||||||
|
|
||||||
[ACCESS_PROVIDERS.EMAIL, "provider.email", "/imgs/providers/email.svg", [ACCESS_USAGES.NOTIFICATION]],
|
[ACCESS_PROVIDERS.EMAIL, "provider.email", "/imgs/providers/email.svg", [ACCESS_USAGES.NOTIFICATION]],
|
||||||
[ACCESS_PROVIDERS.DINGTALKBOT, "provider.dingtalkbot", "/imgs/providers/dingtalk.svg", [ACCESS_USAGES.NOTIFICATION]],
|
[ACCESS_PROVIDERS.DINGTALKBOT, "provider.dingtalkbot", "/imgs/providers/dingtalk.svg", [ACCESS_USAGES.NOTIFICATION]],
|
||||||
@ -179,6 +181,7 @@ export const accessProvidersMap: Map<AccessProvider["type"] | string, AccessProv
|
|||||||
NOTICE: If you add new constant, please keep ASCII order.
|
NOTICE: If you add new constant, please keep ASCII order.
|
||||||
*/
|
*/
|
||||||
export const CA_PROVIDERS = Object.freeze({
|
export const CA_PROVIDERS = Object.freeze({
|
||||||
|
ACMECA: `${ACCESS_PROVIDERS.ACMECA}`,
|
||||||
BUYPASS: `${ACCESS_PROVIDERS.BUYPASS}`,
|
BUYPASS: `${ACCESS_PROVIDERS.BUYPASS}`,
|
||||||
GOOGLETRUSTSERVICES: `${ACCESS_PROVIDERS.GOOGLETRUSTSERVICES}`,
|
GOOGLETRUSTSERVICES: `${ACCESS_PROVIDERS.GOOGLETRUSTSERVICES}`,
|
||||||
LETSENCRYPT: `${ACCESS_PROVIDERS.LETSENCRYPT}`,
|
LETSENCRYPT: `${ACCESS_PROVIDERS.LETSENCRYPT}`,
|
||||||
@ -209,6 +212,7 @@ export const caProvidersMap: Map<CAProvider["type"] | string, CAProvider> = new
|
|||||||
[CA_PROVIDERS.GOOGLETRUSTSERVICES],
|
[CA_PROVIDERS.GOOGLETRUSTSERVICES],
|
||||||
[CA_PROVIDERS.SSLCOM],
|
[CA_PROVIDERS.SSLCOM],
|
||||||
[CA_PROVIDERS.ZEROSSL],
|
[CA_PROVIDERS.ZEROSSL],
|
||||||
|
[CA_PROVIDERS.ACMECA],
|
||||||
].map(([type, builtin]) => [
|
].map(([type, builtin]) => [
|
||||||
type,
|
type,
|
||||||
{
|
{
|
||||||
|
|||||||
@ -44,6 +44,13 @@
|
|||||||
"access.form.1panel_allow_insecure_conns.label": "Insecure SSL/TLS connections",
|
"access.form.1panel_allow_insecure_conns.label": "Insecure SSL/TLS connections",
|
||||||
"access.form.1panel_allow_insecure_conns.switch.on": "Allow",
|
"access.form.1panel_allow_insecure_conns.switch.on": "Allow",
|
||||||
"access.form.1panel_allow_insecure_conns.switch.off": "Disallow",
|
"access.form.1panel_allow_insecure_conns.switch.off": "Disallow",
|
||||||
|
"access.form.acmeca_endpoint.label": "Endpoint",
|
||||||
|
"access.form.acmeca_endpoint.placeholder": "Please enter endpoint",
|
||||||
|
"access.form.acmeca_endpoint.tooltip": "For more information, see <a href=\"https://datatracker.ietf.org/doc/html/rfc8555#section-7.1.1\" target=\"_blank\">https://datatracker.ietf.org/doc/html/rfc8555#section-7.1.1</a>",
|
||||||
|
"access.form.acmeca_eab_kid.label": "ACME EAB KID (Optional)",
|
||||||
|
"access.form.acmeca_eab_kid.placeholder": "Please enter ACME EAB KID",
|
||||||
|
"access.form.acmeca_eab_hmac_key.label": "ACME EAB HMAC key (Optional)",
|
||||||
|
"access.form.acmeca_eab_hmac_key.placeholder": "Please enter ACME EAB HMAC key",
|
||||||
"access.form.acmehttpreq_endpoint.label": "Endpoint",
|
"access.form.acmehttpreq_endpoint.label": "Endpoint",
|
||||||
"access.form.acmehttpreq_endpoint.placeholder": "Please enter endpoint",
|
"access.form.acmehttpreq_endpoint.placeholder": "Please enter endpoint",
|
||||||
"access.form.acmehttpreq_endpoint.tooltip": "For more information, see <a href=\"https://go-acme.github.io/lego/dns/httpreq/\" target=\"_blank\">https://go-acme.github.io/lego/dns/httpreq/</a>",
|
"access.form.acmehttpreq_endpoint.tooltip": "For more information, see <a href=\"https://go-acme.github.io/lego/dns/httpreq/\" target=\"_blank\">https://go-acme.github.io/lego/dns/httpreq/</a>",
|
||||||
|
|||||||
@ -2,7 +2,8 @@
|
|||||||
"provider.1panel": "1Panel",
|
"provider.1panel": "1Panel",
|
||||||
"provider.1panel.console": "1Panel - Console",
|
"provider.1panel.console": "1Panel - Console",
|
||||||
"provider.1panel.site": "1Panel - Website",
|
"provider.1panel.site": "1Panel - Website",
|
||||||
"provider.acmehttpreq": "Http Request (ACME Proxy)",
|
"provider.acmeca": "ACME Custom CA Endpoint",
|
||||||
|
"provider.acmehttpreq": "ACME Custom HTTP Endpoint",
|
||||||
"provider.aliyun": "Alibaba Cloud",
|
"provider.aliyun": "Alibaba Cloud",
|
||||||
"provider.aliyun.alb": "Alibaba Cloud - ALB (Application Load Balancer)",
|
"provider.aliyun.alb": "Alibaba Cloud - ALB (Application Load Balancer)",
|
||||||
"provider.aliyun.apigw": "Alibaba Cloud - API Gateway",
|
"provider.aliyun.apigw": "Alibaba Cloud - API Gateway",
|
||||||
|
|||||||
@ -44,6 +44,13 @@
|
|||||||
"access.form.1panel_allow_insecure_conns.label": "忽略 SSL/TLS 证书错误",
|
"access.form.1panel_allow_insecure_conns.label": "忽略 SSL/TLS 证书错误",
|
||||||
"access.form.1panel_allow_insecure_conns.switch.on": "允许",
|
"access.form.1panel_allow_insecure_conns.switch.on": "允许",
|
||||||
"access.form.1panel_allow_insecure_conns.switch.off": "不允许",
|
"access.form.1panel_allow_insecure_conns.switch.off": "不允许",
|
||||||
|
"access.form.acmeca_endpoint.label": "服务端点",
|
||||||
|
"access.form.acmeca_endpoint.placeholder": "请输入服务端点",
|
||||||
|
"access.form.acmeca_endpoint.tooltip": "这是什么?请参阅 <a href=\"https://datatracker.ietf.org/doc/html/rfc8555#section-7.1.1\" target=\"_blank\">https://datatracker.ietf.org/doc/html/rfc8555#section-7.1.1</a>",
|
||||||
|
"access.form.acmeca_eab_kid.label": "ACME EAB KID(可选)",
|
||||||
|
"access.form.acmeca_eab_kid.placeholder": "请输入 ACME EAB KID",
|
||||||
|
"access.form.acmeca_eab_hmac_key.label": "ACME EAB HMAC Key(可选)",
|
||||||
|
"access.form.acmeca_eab_hmac_key.placeholder": "请输入 ACME EAB HMAC Key",
|
||||||
"access.form.acmehttpreq_endpoint.label": "服务端点",
|
"access.form.acmehttpreq_endpoint.label": "服务端点",
|
||||||
"access.form.acmehttpreq_endpoint.placeholder": "请输入服务端点",
|
"access.form.acmehttpreq_endpoint.placeholder": "请输入服务端点",
|
||||||
"access.form.acmehttpreq_endpoint.tooltip": "这是什么?请参阅 <a href=\"https://go-acme.github.io/lego/dns/httpreq/\" target=\"_blank\">https://go-acme.github.io/lego/dns/httpreq/</a>",
|
"access.form.acmehttpreq_endpoint.tooltip": "这是什么?请参阅 <a href=\"https://go-acme.github.io/lego/dns/httpreq/\" target=\"_blank\">https://go-acme.github.io/lego/dns/httpreq/</a>",
|
||||||
|
|||||||
@ -2,7 +2,8 @@
|
|||||||
"provider.1panel": "1Panel",
|
"provider.1panel": "1Panel",
|
||||||
"provider.1panel.console": "1Panel - 面板",
|
"provider.1panel.console": "1Panel - 面板",
|
||||||
"provider.1panel.site": "1Panel - 网站",
|
"provider.1panel.site": "1Panel - 网站",
|
||||||
"provider.acmehttpreq": "Http Request (ACME Proxy)",
|
"provider.acmeca": "ACME 自定义 CA 端点",
|
||||||
|
"provider.acmehttpreq": "ACME 自定义 HTTP 端点",
|
||||||
"provider.aliyun": "阿里云",
|
"provider.aliyun": "阿里云",
|
||||||
"provider.aliyun.alb": "阿里云 - 应用型负载均衡 ALB",
|
"provider.aliyun.alb": "阿里云 - 应用型负载均衡 ALB",
|
||||||
"provider.aliyun.apigw": "阿里云 - API 网关",
|
"provider.aliyun.apigw": "阿里云 - API 网关",
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user