gxthrj commented on a change in pull request #251:
URL:
https://github.com/apache/incubator-apisix-dashboard/pull/251#discussion_r438605101
##########
File path: api/route/ssl.go
##########
@@ -0,0 +1,137 @@
+package route
+
+import (
+ "net/http"
+ "strconv"
+
+ "github.com/gin-gonic/gin"
+ "github.com/satori/go.uuid"
+
+ "github.com/api7/api7-manager-api/errno"
+ "github.com/api7/api7-manager-api/service"
+)
+
+const contentType = "application/json"
+
+func AppendSsl(r *gin.Engine) *gin.Engine {
+ r.POST("/apisix/admin/check_ssl_cert", sslCheck)
+ r.GET("/apisix/admin/ssls", sslList)
+ r.POST("/apisix/admin/ssls", sslCreate)
+ r.GET("/apisix/admin/ssls/:id", sslItem)
+ r.PUT("/apisix/admin/ssls/:id", sslUpdate)
+ r.DELETE("/apisix/admin/ssls/:id", sslDelete)
+ return r
+}
+
+func sslList(c *gin.Context) {
+ size, _ := strconv.Atoi(c.DefaultQuery("size", "10"))
+ page, _ := strconv.Atoi(c.DefaultQuery("page", "1"))
+ // todo 参数校验
Review comment:
done
##########
File path: api/service/ssl.go
##########
@@ -0,0 +1,285 @@
+package service
+
+import (
+ "crypto/tls"
+ "crypto/x509"
+ "encoding/json"
+ "encoding/pem"
+ "errors"
+ "fmt"
+
+ "github.com/satori/go.uuid"
+
+ "github.com/api7/api7-manager-api/conf"
+ "github.com/api7/api7-manager-api/errno"
+ "github.com/api7/api7-manager-api/utils"
+)
+
+type Ssl struct {
+ Base
+ ValidityStart uint64 `json:"validity_start"`
+ ValidityEnd uint64 `json:"validity_end"`
+ Snis string `json:"snis"`
+ Status uint64 `json:"status"`
+ PublicKey string `json:"public_key,omitempty"`
+}
+
+type SslDto struct {
+ Base
+ ValidityStart uint64 `json:"validity_start"`
+ ValidityEnd uint64 `json:"validity_end"`
+ Snis []string `json:"snis"`
+ Status uint64 `json:"status"`
+ PublicKey string `json:"public_key,omitempty"`
+}
+
+type SslRequest struct {
+ ID string `json:"id,omitempty"`
+ PublicKey string `json:"cert"`
+ PrivateKey string `json:"key"`
+ Snis []string `json:"snis"`
+}
+
+// ApisixSslResponse is response from apisix admin api
+type ApisixSslResponse struct {
+ Action string `json:"action"`
+ Node *SslNode `json:"node"`
+}
+
+type SslNode struct {
+ Value SslRequest `json:"value"`
+ ModifiedIndex uint64 `json:"modifiedIndex"`
+}
+
+func (req *SslRequest) Parse(body interface{}) {
+ if err := json.Unmarshal(body.([]byte), req); err != nil {
+ req = nil
+ logger.Error(errno.FromMessage(errno.RouteRequestError,
err.Error()).Msg)
+ }
+}
+
+func (sslDto *SslDto) Parse(ssl *Ssl) error {
+ sslDto.ID = ssl.ID
+ sslDto.ValidityStart = ssl.ValidityStart
+ sslDto.ValidityEnd = ssl.ValidityEnd
+
+ var snis []string
+ _ = json.Unmarshal([]byte(ssl.Snis), &snis)
+ sslDto.Snis = snis
+
+ sslDto.Status = ssl.Status
+ sslDto.PublicKey = ssl.PublicKey
+ sslDto.CreateTime = ssl.CreateTime
+ sslDto.UpdateTime = ssl.UpdateTime
+
+ return nil
+}
+
+func SslList(page, size int) ([]byte, error) {
+ var count int
+ sslList := []Ssl{}
+ if err := conf.DB().Table("ssls").Offset((page - 1) *
size).Limit(size).Find(&sslList).Count(&count).Error; err != nil {
+ return nil, err
+ }
+
+ sslDtoList := []SslDto{}
+
+ for _, ssl := range sslList {
+ sslDto := SslDto{}
+ sslDto.Parse(&ssl)
+
+ sslDtoList = append(sslDtoList, sslDto)
+ }
+
+ data := errno.FromMessage(errno.SystemSuccess).ListResponse(count,
sslDtoList)
+
+ return json.Marshal(data)
+}
+
+func SslItem(id string) ([]byte, error) {
+ ssl := &Ssl{}
+ if err := conf.DB().Table("ssls").Where("id = ?", id).First(ssl).Error;
err != nil {
+ return nil, err
+ }
+
+ sslDto := &SslDto{}
+ sslDto.Parse(ssl)
+
+ data := errno.FromMessage(errno.SystemSuccess).ItemResponse(sslDto)
+
+ return json.Marshal(data)
+}
+
+func SslCheck(param interface{}) ([]byte, error) {
+ sslReq := &SslRequest{}
+ sslReq.Parse(param)
+
+ ssl, err := ParseCert(sslReq.PublicKey, sslReq.PrivateKey)
+
+ if err != nil {
+ return nil, err
+ }
+
+ ssl.PublicKey = ""
+
+ sslDto := &SslDto{}
+ sslDto.Parse(ssl)
+
+ data := errno.FromMessage(errno.SystemSuccess).ItemResponse(sslDto)
+
+ return json.Marshal(data)
+}
+
+func SslCreate(param interface{}, id string) error {
+ sslReq := &SslRequest{}
+ sslReq.Parse(param)
+
+ ssl, err := ParseCert(sslReq.PublicKey, sslReq.PrivateKey)
+
+ if err != nil {
+ return err
+ }
+
+ //先请求admin api
+ var snis []string
+ _ = json.Unmarshal([]byte(ssl.Snis), &snis)
+ sslReq.Snis = snis
+
+ if _, err := sslReq.PutToApisix(id); err != nil {
+ return err
+ }
+ // 更新 mysql
+ ssl.ID = uuid.FromStringOrNil(id)
+ if err := conf.DB().Create(ssl).Error; err != nil {
+ return err
+ }
+
+ return nil
+}
+
+func SslUpdate(param interface{}, id string) error {
+ sslReq := &SslRequest{}
+ sslReq.Parse(param)
+
+ ssl, err := ParseCert(sslReq.PublicKey, sslReq.PrivateKey)
+
+ if err != nil {
+ return err
+ }
+
+ //先请求admin api
+ var snis []string
+ _ = json.Unmarshal([]byte(ssl.Snis), &snis)
+ sslReq.Snis = snis
+
+ if _, err := sslReq.PutToApisix(id); err != nil {
+ return err
+ }
+
+ // 更新 mysql
+ ssl.ID = uuid.FromStringOrNil(id)
+ data := Ssl{PublicKey: ssl.PublicKey, Snis: ssl.Snis, ValidityStart:
ssl.ValidityStart, ValidityEnd: ssl.ValidityEnd}
+ if err := conf.DB().Model(&ssl).Updates(data).Error; err != nil {
+ return err
+ }
+
+ return nil
+}
+
+func SslDelete(id string) error {
+ // delete from apisix
+ request := &SslRequest{}
+ request.ID = id
+ if _, err := request.DeleteFromApisix(); err != nil {
+ return err
+ }
+ // delete from mysql
+ ssl := &Ssl{}
+ ssl.ID = uuid.FromStringOrNil(id)
+ if err := conf.DB().Delete(ssl).Error; err != nil {
+ return err
+ }
+
+ return nil
+}
+
+func (req *SslRequest) PutToApisix(rid string) (*ApisixSslResponse, error) {
+ url := fmt.Sprintf("%s/ssl/%s", conf.BaseUrl, rid)
+ if data, err := json.Marshal(req); err != nil {
+ return nil, err
+ } else {
+ if resp, err := utils.Put(url, data); err != nil {
+ logger.Error(url)
+ logger.Error(string(data))
+ logger.Error(err.Error())
+ return nil, err
+ } else {
+ var arresp ApisixSslResponse
+ if err := json.Unmarshal(resp, &arresp); err != nil {
+ logger.Error(err.Error())
+ return nil, err
+ } else {
+ return &arresp, nil
+ }
+ }
+ }
+}
+
+func (req *SslRequest) DeleteFromApisix() (*ApisixSslResponse, error) {
+ id := req.ID
+ url := fmt.Sprintf("%s/ssl/%s", conf.BaseUrl, id)
+
+ if resp, err := utils.Delete(url); err != nil {
+ logger.Error(err.Error())
+ return nil, err
+ } else {
+ var arresp ApisixSslResponse
+ if err := json.Unmarshal(resp, &arresp); err != nil {
+ logger.Error(err.Error())
+ return nil, err
+ } else {
+ return &arresp, nil
+ }
+ }
+}
+
+func ParseCert(crt, key string) (*Ssl, error) {
+ //打印出私钥类型
+ certDERBlock, _ := pem.Decode([]byte(crt))
+ if certDERBlock == nil {
+ return nil, errors.New("证书解析失败")
+ }
+
+ //校验配对
+ _, err := tls.X509KeyPair([]byte(crt), []byte(key))
+ if err != nil {
+ return nil, err
+ }
+
+ x509Cert, err := x509.ParseCertificate(certDERBlock.Bytes)
+
+ if err != nil {
+ return nil, errors.New("证书解析失败")
Review comment:
done
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
