github
/
1Panel
mirror of https://github.com/1Panel-dev/1Panel
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix: 证书创建校验修改 (#884)

pull/887/head
ssongliu 2023-05-05 18:31:30 +08:00 committed by GitHub
parent 0b50a10fb8
commit a184cb9bc4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 20 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
backend/app/service/setting.go
View File

@ -18,9 +18,9 @@ import (
"github.com/1Panel-dev/1Panel/backend/utils/cmd" "github.com/1Panel-dev/1Panel/backend/utils/cmd"
"github.com/1Panel-dev/1Panel/backend/utils/common" "github.com/1Panel-dev/1Panel/backend/utils/common"
"github.com/1Panel-dev/1Panel/backend/utils/encrypt" "github.com/1Panel-dev/1Panel/backend/utils/encrypt"
"github.com/1Panel-dev/1Panel/backend/utils/files"
"github.com/1Panel-dev/1Panel/backend/utils/ssl" "github.com/1Panel-dev/1Panel/backend/utils/ssl"
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
"github.com/pkg/errors"
) )
type SettingService struct{} type SettingService struct{}
@ -101,6 +101,7 @@ func (u *SettingService) UpdatePort(port uint) error {
} }
func (u *SettingService) UpdateSSL(c *gin.Context, req dto.SSLUpdate) error { func (u *SettingService) UpdateSSL(c *gin.Context, req dto.SSLUpdate) error {
secretDir := global.CONF.System.BaseDir + "/1panel/secret/"
if req.SSL == "disable" { if req.SSL == "disable" {
if err := settingRepo.Update("SSL", "disable"); err != nil { if err := settingRepo.Update("SSL", "disable"); err != nil {
return err return err
@ -108,8 +109,8 @@ func (u *SettingService) UpdateSSL(c *gin.Context, req dto.SSLUpdate) error {
if err := settingRepo.Update("SSLType", "self"); err != nil { if err := settingRepo.Update("SSLType", "self"); err != nil {
return err return err
} }
_ = os.Remove(global.CONF.System.BaseDir + "/1panel/secret/server.crt") _ = os.Remove(secretDir + "server.crt")
_ = os.Remove(global.CONF.System.BaseDir + "/1panel/secret/server.key") _ = os.Remove(secretDir + "server.key")
go func() { go func() {
_, err := cmd.Exec("systemctl restart 1panel.service") _, err := cmd.Exec("systemctl restart 1panel.service")
if err != nil { if err != nil {
@ -119,8 +120,8 @@ func (u *SettingService) UpdateSSL(c *gin.Context, req dto.SSLUpdate) error {
return nil return nil
} }
if _, err := os.Stat(global.CONF.System.BaseDir + "/1panel/secret"); err != nil && os.IsNotExist(err) { if _, err := os.Stat(secretDir); err != nil && os.IsNotExist(err) {
if err = os.MkdirAll(global.CONF.System.BaseDir+"/1panel/secret", os.ModePerm); err != nil { if err = os.MkdirAll(secretDir, os.ModePerm); err != nil {
return err return err
} }
} }
@ -148,7 +149,7 @@ func (u *SettingService) UpdateSSL(c *gin.Context, req dto.SSLUpdate) error {
} }
} }
if req.SSLType == "import" { if req.SSLType == "import" {
cert, err := os.OpenFile("/opt/1panel/secret/server.crt", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) cert, err := os.OpenFile(secretDir+"server.crt.tmp", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
if err != nil { if err != nil {
return err return err
} }
@ -156,7 +157,7 @@ func (u *SettingService) UpdateSSL(c *gin.Context, req dto.SSLUpdate) error {
if _, err := cert.WriteString(req.Cert); err != nil { if _, err := cert.WriteString(req.Cert); err != nil {
return err return err
} }
key, err := os.OpenFile("/opt/1panel/secret/server.key", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) key, err := os.OpenFile(secretDir+"server.key.tmp", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
if err != nil { if err != nil {
return err return err
} }
@ -168,6 +169,14 @@ func (u *SettingService) UpdateSSL(c *gin.Context, req dto.SSLUpdate) error {
if err := checkCertValid(req.Domain); err != nil { if err := checkCertValid(req.Domain); err != nil {
return err return err
} }
fileOp := files.NewFileOp()
if err := fileOp.Rename(secretDir+"server.crt.tmp", secretDir+"server.crt"); err != nil {
return err
}
if err := fileOp.Rename(secretDir+"server.key.tmp", secretDir+"server.key"); err != nil {
return err
}
if err := settingRepo.Update("SSL", req.SSL); err != nil { if err := settingRepo.Update("SSL", req.SSL); err != nil {
return err return err
} }
@ -294,11 +303,11 @@ func loadInfoFromCert() (*dto.SSLInfo, error) {
} }
func checkCertValid(domain string) error { func checkCertValid(domain string) error {
certificate, err := os.ReadFile(global.CONF.System.BaseDir + "/1panel/secret/server.crt") certificate, err := os.ReadFile(global.CONF.System.BaseDir + "/1panel/secret/server.crt.tmp")
if err != nil { if err != nil {
return err return err
} }
key, err := os.ReadFile(global.CONF.System.BaseDir + "/1panel/secret/server.key") key, err := os.ReadFile(global.CONF.System.BaseDir + "/1panel/secret/server.key.tmp")
if err != nil { if err != nil {
return err return err
} }
@ -309,24 +318,9 @@ func checkCertValid(domain string) error {
if certBlock == nil { if certBlock == nil {
return err return err
} }
certObj, err := x509.ParseCertificate(certBlock.Bytes) if _, err := x509.ParseCertificate(certBlock.Bytes); err != nil {
if err != nil {
return err return err
} }
if len(certObj.IPAddresses) != 0 {
for _, ip := range certObj.IPAddresses {
if ip.String() == domain {
return nil return nil
}
}
}
if len(certObj.DNSNames) != 0 {
for _, ip := range certObj.DNSNames {
if ip == domain {
return nil
}
}
}
return errors.New("The domain name or ip address does not match")
} }