mirrors/nginx-ui
1
0
Fork 0
mirror of https://github.com/0xJacky/nginx-ui.git synced 2025-05-11 02:15:48 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

audit fix

Browse source
This commit is contained in:
0xJacky 2022-08-12 09:39:54 +08:00
parent e28e46db32
commit 5fd3a57a69
No known key found for this signature in database
GPG key ID: B6E4A6E4A561BAF0
8 changed files with 187 additions and 195 deletions
Download patch file Download diff file Expand all files Collapse all files

6
frontend/src/api/domain.ts
View file

@ -13,11 +13,7 @@ class Domain extends Curd {
get_template() { get_template() {
return http.get('template') return http.get('template')
} }
cert_info(path: string) {
return http.get('cert_info?ssl_certificate_path=' + path)
}
add_auto_cert(domain: string) { add_auto_cert(domain: string) {
return http.post('cert/' + domain) return http.post('cert/' + domain)
} }

26
frontend/src/views/domain/DomainEdit.vue
View file

@ -24,6 +24,8 @@ const ngx_config = reactive({
servers: [] servers: []
}) })
const cert_info_map: any = reactive({})
const auto_cert = ref(false) const auto_cert = ref(false)
const enabled = ref(false) const enabled = ref(false)
const configText = ref('') const configText = ref('')
@ -33,13 +35,23 @@ const saving = ref(false)
init() init()
function handle_response(r: any) {
Object.keys(cert_info_map).forEach(v => {
delete cert_info_map[v]
})
configText.value = r.config
enabled.value = r.enabled
auto_cert.value = r.auto_cert
Object.assign(ngx_config, r.tokenized)
Object.assign(cert_info_map, r.cert_info)
}
function init() { function init() {
if (name.value) { if (name.value) {
domain.get(name.value).then((r: any) => { domain.get(name.value).then((r: any) => {
configText.value = r.config handle_response(r)
enabled.value = r.enabled
auto_cert.value = r.auto_cert
Object.assign(ngx_config, r.tokenized)
}).catch(r => { }).catch(r => {
message.error(r.message ?? $gettext('Server error')) message.error(r.message ?? $gettext('Server error'))
}) })
@ -74,9 +86,8 @@ const save = async () => {
} }
domain.save(name.value, {content: configText.value}).then(r => { domain.save(name.value, {content: configText.value}).then(r => {
configText.value = r.config handle_response(r)
enabled.value = r.enabled
Object.assign(ngx_config, r.tokenized)
message.success($gettext('Saved successfully')) message.success($gettext('Saved successfully'))
}).catch((e: any) => { }).catch((e: any) => {
@ -151,6 +162,7 @@ function on_change_enabled(checked: boolean) {
<ngx-config-editor <ngx-config-editor
ref="ngx_config_editor" ref="ngx_config_editor"
:ngx_config="ngx_config" :ngx_config="ngx_config"
:cert_info="cert_info_map"
v-model:auto_cert="auto_cert" v-model:auto_cert="auto_cert"
:enabled="enabled" :enabled="enabled"
@callback="save()" @callback="save()"

18
frontend/src/views/domain/cert/Cert.vue
View file

@ -3,19 +3,11 @@ import CertInfo from '@/views/domain/cert/CertInfo.vue'
import IssueCert from '@/views/domain/cert/IssueCert.vue' import IssueCert from '@/views/domain/cert/IssueCert.vue'
import {computed, ref} from 'vue' import {computed, ref} from 'vue'
const props = defineProps(['directivesMap', 'current_server_directives', 'enabled']) const props = defineProps(['directivesMap', 'current_server_directives', 'enabled', 'cert_info'])
const emit = defineEmits(['callback', 'update:enabled']) const emit = defineEmits(['callback', 'update:enabled'])
const info = ref(null)
interface Info {
get(): void
}
function callback() { function callback() {
const t: Info | null = info.value
t!.get()
emit('callback') emit('callback')
} }
@ -23,11 +15,6 @@ const name = computed(() => {
return props.directivesMap['server_name'][0].params.trim() return props.directivesMap['server_name'][0].params.trim()
}) })
const ssl_certificate_path = computed(() => {
return props.directivesMap['ssl_certificate']?.[0].params.trim() ?? null
})
const enabled = computed({ const enabled = computed({
get() { get() {
return props.enabled return props.enabled
@ -41,7 +28,8 @@ const enabled = computed({
<template> <template>
<div> <div>
<cert-info ref="info" :ssl_certificate_path="ssl_certificate_path" v-if="ssl_certificate_path"/> <cert-info ref="info" :cert="props.cert_info"/>
<issue-cert <issue-cert
:current_server_directives="props.current_server_directives" :current_server_directives="props.current_server_directives"
:directives-map="props.directivesMap" :directives-map="props.directivesMap"

22
frontend/src/views/domain/cert/CertInfo.vue
View file

@ -4,29 +4,13 @@ import dayjs from 'dayjs'
import {reactive, ref} from 'vue' import {reactive, ref} from 'vue'
import domain from '@/api/domain' import domain from '@/api/domain'
const props = defineProps(['ssl_certificate_path']) const props = defineProps(['cert'])
const ok = ref(false) const cert = props.cert
const cert = reactive({issuer_name: '', subject_name: '', not_after: '', not_before: ''})
get()
function get() {
domain.cert_info(props.ssl_certificate_path).then((r: any) => {
Object.assign(cert, r)
ok.value = true
}).catch(() => {
ok.value = false
})
}
defineExpose({
get
})
</script> </script>
<template> <template>
<div class="cert-info" v-if="ok"> <div class="cert-info" v-if="cert">
<h2 v-translate>Certificate Status</h2> <h2 v-translate>Certificate Status</h2>
<p v-translate="{issuer: cert.issuer_name}">Intermediate Certification Authorities: %{issuer}</p> <p v-translate="{issuer: cert.issuer_name}">Intermediate Certification Authorities: %{issuer}</p>
<p v-translate="{name: cert.subject_name}">Subject Name: %{name}</p> <p v-translate="{name: cert.subject_name}">Subject Name: %{name}</p>

3
frontend/src/views/domain/ngx_conf/NgxConfigEditor.vue
View file

@ -8,7 +8,7 @@ import Cert from '@/views/domain/cert/Cert.vue'
const {$gettext} = useGettext() const {$gettext} = useGettext()
const props = defineProps(['ngx_config', 'auto_cert', 'enabled']) const props = defineProps(['ngx_config', 'auto_cert', 'enabled', 'cert_info'])
const emit = defineEmits(['callback', 'update:auto_cert']) const emit = defineEmits(['callback', 'update:auto_cert'])
@ -143,6 +143,7 @@ const autoCertRef = computed({
<template v-if="current_support_ssl&&enabled"> <template v-if="current_support_ssl&&enabled">
<cert <cert
v-if="current_support_ssl" v-if="current_support_ssl"
:cert_info="props.cert_info[k]"
:current_server_directives="current_server_directives" :current_server_directives="current_server_directives"
:directives-map="directivesMap" :directives-map="directivesMap"
v-model:enabled="autoCertRef" v-model:enabled="autoCertRef"

221
server/api/cert.go
View file

@ -1,155 +1,132 @@
package api package api
import ( import (
"github.com/0xJacky/Nginx-UI/server/model" "github.com/0xJacky/Nginx-UI/server/model"
"github.com/0xJacky/Nginx-UI/server/pkg/cert" "github.com/0xJacky/Nginx-UI/server/pkg/cert"
"github.com/0xJacky/Nginx-UI/server/pkg/nginx" "github.com/0xJacky/Nginx-UI/server/pkg/nginx"
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
"github.com/gorilla/websocket" "github.com/gorilla/websocket"
"log" "log"
"net/http" "net/http"
"os" "os"
) )
func CertInfo(c *gin.Context) {
path := c.Query("ssl_certificate_path")
log.Println(path)
key, err := cert.GetCertInfo(path)
if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{
"message": "Failed to get certificate information",
"error": err.Error(),
})
return
}
c.JSON(http.StatusOK, gin.H{
"subject_name": key.Subject.CommonName,
"issuer_name": key.Issuer.CommonName,
"not_after": key.NotAfter,
"not_before": key.NotBefore,
})
}
func IssueCert(c *gin.Context) { func IssueCert(c *gin.Context) {
domain := c.Param("domain") domain := c.Param("domain")
var upGrader = websocket.Upgrader{ var upGrader = websocket.Upgrader{
CheckOrigin: func(r *http.Request) bool { CheckOrigin: func(r *http.Request) bool {
return true return true
}, },
} }
// upgrade http to websocket // upgrade http to websocket
ws, err := upGrader.Upgrade(c.Writer, c.Request, nil) ws, err := upGrader.Upgrade(c.Writer, c.Request, nil)
if err != nil { if err != nil {
log.Println(err) log.Println(err)
return return
} }
defer func(ws *websocket.Conn) { defer func(ws *websocket.Conn) {
err := ws.Close() err := ws.Close()
if err != nil { if err != nil {
log.Println("defer websocket close err", err) log.Println("defer websocket close err", err)
} }
}(ws) }(ws)
// read // read
mt, message, err := ws.ReadMessage() mt, message, err := ws.ReadMessage()
if err != nil { if err != nil {
log.Println(err) log.Println(err)
return return
} }
if mt == websocket.TextMessage && string(message) == "go" { if mt == websocket.TextMessage && string(message) == "go" {
err = cert.IssueCert(domain) err = cert.IssueCert(domain)
if err != nil { if err != nil {
log.Println(err) log.Println(err)
err = ws.WriteJSON(gin.H{ err = ws.WriteJSON(gin.H{
"status": "error", "status": "error",
"message": err.Error(), "message": err.Error(),
}) })
if err != nil { if err != nil {
log.Println(err) log.Println(err)
return return
} }
return return
} }
sslCertificatePath := nginx.GetNginxConfPath("ssl/" + domain + "/fullchain.cer") sslCertificatePath := nginx.GetNginxConfPath("ssl/" + domain + "/fullchain.cer")
_, err = os.Stat(sslCertificatePath) _, err = os.Stat(sslCertificatePath)
if err != nil { if err != nil {
log.Println(err) log.Println(err)
return return
} }
log.Println("[found]", "fullchain.cer") log.Println("[found]", "fullchain.cer")
err = ws.WriteJSON(gin.H{ err = ws.WriteJSON(gin.H{
"status": "success", "status": "success",
"message": "[found] fullchain.cer", "message": "[found] fullchain.cer",
}) })
if err != nil { if err != nil {
log.Println(err) log.Println(err)
return return
} }
sslCertificateKeyPath := nginx.GetNginxConfPath("ssl/" + domain + "/" + domain + ".key") sslCertificateKeyPath := nginx.GetNginxConfPath("ssl/" + domain + "/" + domain + ".key")
_, err = os.Stat(sslCertificateKeyPath) _, err = os.Stat(sslCertificateKeyPath)
if err != nil { if err != nil {
log.Println(err) log.Println(err)
return return
} }
log.Println("[found]", "cert key") log.Println("[found]", "cert key")
err = ws.WriteJSON(gin.H{ err = ws.WriteJSON(gin.H{
"status": "success", "status": "success",
"message": "[found] Certificate Key", "message": "[found] Certificate Key",
}) })
if err != nil { if err != nil {
log.Println(err) log.Println(err)
return return
} }
certModel, err := model.FirstCert(domain) certModel, err := model.FirstCert(domain)
if err != nil { if err != nil {
log.Println(err) log.Println(err)
return return
} }
err = certModel.Updates(&model.Cert{ err = certModel.Updates(&model.Cert{
SSLCertificatePath: sslCertificatePath, SSLCertificatePath: sslCertificatePath,
}) })
if err != nil { if err != nil {
log.Println(err) log.Println(err)
return return
} }
err = ws.WriteJSON(gin.H{ err = ws.WriteJSON(gin.H{
"status": "success", "status": "success",
"message": "Issued certificate successfully", "message": "Issued certificate successfully",
"ssl_certificate": sslCertificatePath, "ssl_certificate": sslCertificatePath,
"ssl_certificate_key": sslCertificateKeyPath, "ssl_certificate_key": sslCertificateKeyPath,
}) })
if err != nil { if err != nil {
log.Println(err) log.Println(err)
return return
} }
} }
} }

71
server/api/domain.go
View file

@ -2,13 +2,16 @@ package api
import ( import (
"github.com/0xJacky/Nginx-UI/server/model" "github.com/0xJacky/Nginx-UI/server/model"
"github.com/0xJacky/Nginx-UI/server/pkg/cert"
"github.com/0xJacky/Nginx-UI/server/pkg/config_list" "github.com/0xJacky/Nginx-UI/server/pkg/config_list"
nginx2 "github.com/0xJacky/Nginx-UI/server/pkg/nginx" "github.com/0xJacky/Nginx-UI/server/pkg/nginx"
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
"log"
"net/http" "net/http"
"os" "os"
"path/filepath" "path/filepath"
"strings" "strings"
"time"
) )
func GetDomains(c *gin.Context) { func GetDomains(c *gin.Context) {
@ -21,14 +24,14 @@ func GetDomains(c *gin.Context) {
"modify": "time", "modify": "time",
} }
configFiles, err := os.ReadDir(nginx2.GetNginxConfPath("sites-available")) configFiles, err := os.ReadDir(nginx.GetNginxConfPath("sites-available"))
if err != nil { if err != nil {
ErrHandler(c, err) ErrHandler(c, err)
return return
} }
enabledConfig, err := os.ReadDir(filepath.Join(nginx2.GetNginxConfPath("sites-enabled"))) enabledConfig, err := os.ReadDir(filepath.Join(nginx.GetNginxConfPath("sites-enabled")))
if err != nil { if err != nil {
ErrHandler(c, err) ErrHandler(c, err)
@ -62,22 +65,53 @@ func GetDomains(c *gin.Context) {
}) })
} }
type CertificateInfo struct {
SubjectName string `json:"subject_name"`
IssuerName string `json:"issuer_name"`
NotAfter time.Time `json:"not_after"`
NotBefore time.Time `json:"not_before"`
}
func GetDomain(c *gin.Context) { func GetDomain(c *gin.Context) {
name := c.Param("name") name := c.Param("name")
path := filepath.Join(nginx2.GetNginxConfPath("sites-available"), name) path := filepath.Join(nginx.GetNginxConfPath("sites-available"), name)
enabled := true enabled := true
if _, err := os.Stat(filepath.Join(nginx2.GetNginxConfPath("sites-enabled"), name)); os.IsNotExist(err) { if _, err := os.Stat(filepath.Join(nginx.GetNginxConfPath("sites-enabled"), name)); os.IsNotExist(err) {
enabled = false enabled = false
} }
config, err := nginx2.ParseNgxConfig(path) config, err := nginx.ParseNgxConfig(path)
if err != nil { if err != nil {
ErrHandler(c, err) ErrHandler(c, err)
return return
} }
certInfoMap := make(map[int]CertificateInfo)
for serverIdx, server := range config.Servers {
for _, directive := range server.Directives {
if directive.Directive == "ssl_certificate" {
pubKey, err := cert.GetCertInfo(directive.Params)
if err != nil {
log.Println("Failed to get certificate information", err)
break
}
certInfoMap[serverIdx] = CertificateInfo{
SubjectName: pubKey.Subject.CommonName,
IssuerName: pubKey.Issuer.CommonName,
NotAfter: pubKey.NotAfter,
NotBefore: pubKey.NotBefore,
}
break
}
}
}
_, err = model.FirstCert(name) _, err = model.FirstCert(name)
c.JSON(http.StatusOK, gin.H{ c.JSON(http.StatusOK, gin.H{
@ -86,6 +120,7 @@ func GetDomain(c *gin.Context) {
"config": config.BuildConfig(), "config": config.BuildConfig(),
"tokenized": config, "tokenized": config,
"auto_cert": err == nil, "auto_cert": err == nil,
"cert_info": certInfoMap,
}) })
} }
@ -95,7 +130,7 @@ func EditDomain(c *gin.Context) {
name := c.Param("name") name := c.Param("name")
request := make(gin.H) request := make(gin.H)
err = c.BindJSON(&request) err = c.BindJSON(&request)
path := filepath.Join(nginx2.GetNginxConfPath("sites-available"), name) path := filepath.Join(nginx.GetNginxConfPath("sites-available"), name)
err = os.WriteFile(path, []byte(request["content"].(string)), 0644) err = os.WriteFile(path, []byte(request["content"].(string)), 0644)
if err != nil { if err != nil {
@ -103,10 +138,10 @@ func EditDomain(c *gin.Context) {
return return
} }
enabledConfigFilePath := filepath.Join(nginx2.GetNginxConfPath("sites-enabled"), name) enabledConfigFilePath := filepath.Join(nginx.GetNginxConfPath("sites-enabled"), name)
if _, err = os.Stat(enabledConfigFilePath); err == nil { if _, err = os.Stat(enabledConfigFilePath); err == nil {
// Test nginx configuration // Test nginx configuration
err = nginx2.TestNginxConf() err = nginx.TestNginxConf()
if err != nil { if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{ c.JSON(http.StatusInternalServerError, gin.H{
"message": err.Error(), "message": err.Error(),
@ -114,7 +149,7 @@ func EditDomain(c *gin.Context) {
return return
} }
output := nginx2.ReloadNginx() output := nginx.ReloadNginx()
if output != "" && strings.Contains(output, "error") { if output != "" && strings.Contains(output, "error") {
c.JSON(http.StatusInternalServerError, gin.H{ c.JSON(http.StatusInternalServerError, gin.H{
@ -128,8 +163,8 @@ func EditDomain(c *gin.Context) {
} }
func EnableDomain(c *gin.Context) { func EnableDomain(c *gin.Context) {
configFilePath := filepath.Join(nginx2.GetNginxConfPath("sites-available"), c.Param("name")) configFilePath := filepath.Join(nginx.GetNginxConfPath("sites-available"), c.Param("name"))
enabledConfigFilePath := filepath.Join(nginx2.GetNginxConfPath("sites-enabled"), c.Param("name")) enabledConfigFilePath := filepath.Join(nginx.GetNginxConfPath("sites-enabled"), c.Param("name"))
_, err := os.Stat(configFilePath) _, err := os.Stat(configFilePath)
@ -148,7 +183,7 @@ func EnableDomain(c *gin.Context) {
} }
// Test nginx config, if not pass then rollback. // Test nginx config, if not pass then rollback.
err = nginx2.TestNginxConf() err = nginx.TestNginxConf()
if err != nil { if err != nil {
_ = os.Remove(enabledConfigFilePath) _ = os.Remove(enabledConfigFilePath)
c.JSON(http.StatusInternalServerError, gin.H{ c.JSON(http.StatusInternalServerError, gin.H{
@ -157,7 +192,7 @@ func EnableDomain(c *gin.Context) {
return return
} }
output := nginx2.ReloadNginx() output := nginx.ReloadNginx()
if output != "" && strings.Contains(output, "error") { if output != "" && strings.Contains(output, "error") {
c.JSON(http.StatusInternalServerError, gin.H{ c.JSON(http.StatusInternalServerError, gin.H{
@ -172,7 +207,7 @@ func EnableDomain(c *gin.Context) {
} }
func DisableDomain(c *gin.Context) { func DisableDomain(c *gin.Context) {
enabledConfigFilePath := filepath.Join(nginx2.GetNginxConfPath("sites-enabled"), c.Param("name")) enabledConfigFilePath := filepath.Join(nginx.GetNginxConfPath("sites-enabled"), c.Param("name"))
_, err := os.Stat(enabledConfigFilePath) _, err := os.Stat(enabledConfigFilePath)
@ -196,7 +231,7 @@ func DisableDomain(c *gin.Context) {
return return
} }
output := nginx2.ReloadNginx() output := nginx.ReloadNginx()
if output != "" { if output != "" {
c.JSON(http.StatusInternalServerError, gin.H{ c.JSON(http.StatusInternalServerError, gin.H{
@ -213,8 +248,8 @@ func DisableDomain(c *gin.Context) {
func DeleteDomain(c *gin.Context) { func DeleteDomain(c *gin.Context) {
var err error var err error
name := c.Param("name") name := c.Param("name")
availablePath := filepath.Join(nginx2.GetNginxConfPath("sites-available"), name) availablePath := filepath.Join(nginx.GetNginxConfPath("sites-available"), name)
enabledPath := filepath.Join(nginx2.GetNginxConfPath("sites-enabled"), name) enabledPath := filepath.Join(nginx.GetNginxConfPath("sites-enabled"), name)
if _, err = os.Stat(availablePath); os.IsNotExist(err) { if _, err = os.Stat(availablePath); os.IsNotExist(err) {
c.JSON(http.StatusNotFound, gin.H{ c.JSON(http.StatusNotFound, gin.H{

15
server/router/routers.go
View file

@ -32,22 +32,22 @@ func InitRouter() *gin.Engine {
} }
}) })
g := r.Group("/api") root := r.Group("/api")
{ {
g.GET("settings", func(c *gin.Context) { root.GET("settings", func(c *gin.Context) {
c.JSON(http.StatusOK, gin.H{ c.JSON(http.StatusOK, gin.H{
"demo": settings.ServerSettings.Demo, "demo": settings.ServerSettings.Demo,
}) })
}) })
g.GET("install", api.InstallLockCheck) root.GET("install", api.InstallLockCheck)
g.POST("install", api.InstallNginxUI) root.POST("install", api.InstallNginxUI)
g.POST("/login", api.Login) root.POST("/login", api.Login)
g.DELETE("/logout", api.Logout) root.DELETE("/logout", api.Logout)
g := g.Group("/", authRequired()) g := root.Group("/", authRequired())
{ {
g.GET("analytic", api.Analytic) g.GET("analytic", api.Analytic)
g.GET("analytic/init", api.GetAnalyticInit) g.GET("analytic/init", api.GetAnalyticInit)
@ -84,7 +84,6 @@ func InitRouter() *gin.Engine {
g.GET("template", api.GetTemplate) g.GET("template", api.GetTemplate)
g.GET("cert/issue/:domain", api.IssueCert) g.GET("cert/issue/:domain", api.IssueCert)
g.GET("cert_info", api.CertInfo)
// Add domain to auto-renew cert list // Add domain to auto-renew cert list
g.POST("cert/:domain", api.AddDomainToAutoCert) g.POST("cert/:domain", api.AddDomainToAutoCert)