From c1e3e2ee1f923ee5806479dd5f178c3286a01ae0 Mon Sep 17 00:00:00 2001 From: xiaojunnuo Date: Sun, 20 Oct 2024 11:47:35 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8Dcname=E6=9C=8D?= =?UTF-8?q?=E5=8A=A1=E6=99=AE=E9=80=9A=E7=94=A8=E6=88=B7access=E8=AE=BF?= =?UTF-8?q?=E9=97=AE=E6=9D=83=E9=99=90=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- packages/core/pipeline/src/access/api.ts | 1 + packages/core/pipeline/src/service/cname.ts | 4 +++ .../src/plugin/cert-plugin/index.ts | 18 +++++----- .../src/views/sys/cname/provider/crud.tsx | 1 - .../v10011__cname_provider_user_id.sql | 4 +++ .../sys/cname/cname-provider-controller.ts | 2 ++ .../modules/cname/entity/cname_provider.ts | 2 ++ .../cname/service/cname-record-service.ts | 35 ++++++++++++------- .../modules/pipeline/service/access-getter.ts | 4 +++ .../pipeline/service/access-service.ts | 16 +++++++-- .../pipeline/service/cname-proxy-service.ts | 4 +-- .../pipeline/service/pipeline-service.ts | 2 +- 12 files changed, 65 insertions(+), 28 deletions(-) create mode 100644 packages/ui/certd-server/db/migration/v10011__cname_provider_user_id.sql diff --git a/packages/core/pipeline/src/access/api.ts b/packages/core/pipeline/src/access/api.ts index b33460ce..b9ada9f5 100644 --- a/packages/core/pipeline/src/access/api.ts +++ b/packages/core/pipeline/src/access/api.ts @@ -16,6 +16,7 @@ export type AccessDefine = Registrable & { }; export interface IAccessService { getById(id: any): Promise; + getCommonById(id: any): Promise; } export interface IAccess { diff --git a/packages/core/pipeline/src/service/cname.ts b/packages/core/pipeline/src/service/cname.ts index 3ad75f72..5f1fbee3 100644 --- a/packages/core/pipeline/src/service/cname.ts +++ b/packages/core/pipeline/src/service/cname.ts @@ -1,9 +1,13 @@ +import { IAccess } from "../access"; + export type CnameProvider = { id: any; domain: string; dnsProviderType: string; + access?: IAccess; accessId: any; }; + export type CnameRecord = { id: any; domain: string; diff --git a/packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts b/packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts index 32161a2a..34037a17 100644 --- a/packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts +++ b/packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts @@ -266,7 +266,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin { eab = await this.ctx.accessService.getById(this.eabAccessId); } else if (this.googleCommonEabAccessId) { this.logger.info("当前正在使用 google公共EAB授权"); - eab = await this.ctx.accessService.getById(this.googleCommonEabAccessId); + eab = await this.ctx.accessService.getCommonById(this.googleCommonEabAccessId); } else { this.logger.error("google需要配置EAB授权或服务账号授权"); return; @@ -277,7 +277,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin { eab = await this.ctx.accessService.getById(this.eabAccessId); } else if (this.zerosslCommonEabAccessId) { this.logger.info("当前正在使用 zerossl 公共EAB授权"); - eab = await this.ctx.accessService.getById(this.zerosslCommonEabAccessId); + eab = await this.ctx.accessService.getCommonById(this.zerosslCommonEabAccessId); } else { this.logger.error("zerossl需要配置EAB授权"); return; @@ -324,8 +324,8 @@ export class CertApplyPlugin extends CertApplyBasePlugin { domainsVerifyPlan = await this.createDomainsVerifyPlan(); } else { const dnsProviderType = this.dnsProviderType; - const dnsProviderAccessId = this.dnsProviderAccess; - dnsProvider = await this.createDnsProvider(dnsProviderType, dnsProviderAccessId); + const access = await this.ctx.accessService.getById(this.dnsProviderAccess); + dnsProvider = await this.createDnsProvider(dnsProviderType, access); } try { @@ -351,9 +351,8 @@ export class CertApplyPlugin extends CertApplyBasePlugin { } } - async createDnsProvider(dnsProviderType: string, dnsProviderAccessId: number): Promise { - const access = await this.accessService.getById(dnsProviderAccessId); - const context: DnsProviderContext = { access, logger: this.logger, http: this.ctx.http, utils }; + async createDnsProvider(dnsProviderType: string, dnsProviderAccess: any): Promise { + const context: DnsProviderContext = { access: dnsProviderAccess, logger: this.logger, http: this.ctx.http, utils }; return await createDnsProvider({ dnsProviderType, context, @@ -367,14 +366,15 @@ export class CertApplyPlugin extends CertApplyBasePlugin { let dnsProvider = null; const cnameVerifyPlan: Record = {}; if (domainVerifyPlan.type === "dns") { - dnsProvider = await this.createDnsProvider(domainVerifyPlan.dnsProviderType, domainVerifyPlan.dnsProviderAccessId); + const access = await this.ctx.accessService.getById(domainVerifyPlan.dnsProviderAccessId); + dnsProvider = await this.createDnsProvider(domainVerifyPlan.dnsProviderType, access); } else { for (const key in domainVerifyPlan.cnameVerifyPlan) { const cnameRecord = await this.ctx.cnameProxyService.getByDomain(key); cnameVerifyPlan[key] = { domain: cnameRecord.cnameProvider.domain, fullRecord: cnameRecord.recordValue, - dnsProvider: await this.createDnsProvider(cnameRecord.cnameProvider.dnsProviderType, cnameRecord.cnameProvider.accessId), + dnsProvider: await this.createDnsProvider(cnameRecord.cnameProvider.dnsProviderType, cnameRecord.cnameProvider.access), }; } } diff --git a/packages/ui/certd-client/src/views/sys/cname/provider/crud.tsx b/packages/ui/certd-client/src/views/sys/cname/provider/crud.tsx index 4e80e34e..daa8c2db 100644 --- a/packages/ui/certd-client/src/views/sys/cname/provider/crud.tsx +++ b/packages/ui/certd-client/src/views/sys/cname/provider/crud.tsx @@ -130,7 +130,6 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat component: { name: "access-selector", vModel: "modelValue", - from: "sys", type: compute(({ form }) => { return form.dnsProviderType; }) diff --git a/packages/ui/certd-server/db/migration/v10011__cname_provider_user_id.sql b/packages/ui/certd-server/db/migration/v10011__cname_provider_user_id.sql new file mode 100644 index 00000000..f1fef212 --- /dev/null +++ b/packages/ui/certd-server/db/migration/v10011__cname_provider_user_id.sql @@ -0,0 +1,4 @@ +ALTER TABLE cd_cname_provider ADD COLUMN user_id integer; + +update cd_cname_provider set user_id = 1; + diff --git a/packages/ui/certd-server/src/controller/sys/cname/cname-provider-controller.ts b/packages/ui/certd-server/src/controller/sys/cname/cname-provider-controller.ts index 6e9614d5..e4778616 100644 --- a/packages/ui/certd-server/src/controller/sys/cname/cname-provider-controller.ts +++ b/packages/ui/certd-server/src/controller/sys/cname/cname-provider-controller.ts @@ -34,11 +34,13 @@ export class CnameRecordController extends CrudController disabled: false, }; merge(bean, def); + bean.userId = this.getUserId(); return super.add(bean); } @Post('/update', { summary: 'sys:settings:edit' }) async update(@Body(ALL) bean: any) { + bean.userId = this.getUserId(); return super.update(bean); } diff --git a/packages/ui/certd-server/src/modules/cname/entity/cname_provider.ts b/packages/ui/certd-server/src/modules/cname/entity/cname_provider.ts index b439bfc6..b64d1c5c 100644 --- a/packages/ui/certd-server/src/modules/cname/entity/cname_provider.ts +++ b/packages/ui/certd-server/src/modules/cname/entity/cname_provider.ts @@ -7,6 +7,8 @@ import { Column, Entity, PrimaryGeneratedColumn } from 'typeorm'; export class CnameProviderEntity { @PrimaryGeneratedColumn() id: number; + @Column({ comment: 'userId', name: 'user_id' }) + userId: number; @Column({ comment: '域名', length: 100 }) domain: string; @Column({ comment: 'DNS提供商类型', name: 'dns_provider_type', length: 20 }) diff --git a/packages/ui/certd-server/src/modules/cname/service/cname-record-service.ts b/packages/ui/certd-server/src/modules/cname/service/cname-record-service.ts index 0f40d13a..e7210784 100644 --- a/packages/ui/certd-server/src/modules/cname/service/cname-record-service.ts +++ b/packages/ui/certd-server/src/modules/cname/service/cname-record-service.ts @@ -5,7 +5,7 @@ import { BaseService, ValidateException } from '@certd/lib-server'; import { CnameRecordEntity, CnameRecordStatusType } from '../entity/cname-record.js'; import { v4 as uuidv4 } from 'uuid'; import { createDnsProvider, IDnsProvider, parseDomain } from '@certd/plugin-cert'; -import { cache, http, logger, utils } from '@certd/pipeline'; +import { cache, CnameProvider, http, logger, utils } from '@certd/pipeline'; import { AccessService } from '../../pipeline/service/access-service.js'; import { isDev } from '../../../utils/env.js'; import { walkTxtRecord } from '@certd/acme-client'; @@ -109,16 +109,22 @@ export class CnameRecordService extends BaseService { return await super.update(param); } - async validate(id: number) { - const info = await this.info(id); - if (info.status === 'success') { - return true; - } + // async validate(id: number) { + // const info = await this.info(id); + // if (info.status === 'success') { + // return true; + // } + // + // //开始校验 + // // 1. dnsProvider + // // 2. 添加txt记录 + // // 3. 检查原域名是否有cname记录 + // } - //开始校验 - // 1. dnsProvider - // 2. 添加txt记录 - // 3. 检查原域名是否有cname记录 + async getWithAccessByDomain(domain: string, userId: number) { + const record = await this.getByDomain(domain, userId); + record.cnameProvider.access = await this.accessService.getAccessById(record.cnameProvider.accessId, false); + return record; } async getByDomain(domain: string, userId: number, createOnNotFound = true) { @@ -143,7 +149,9 @@ export class CnameRecordService extends BaseService { return { ...record, - cnameProvider: provider, + cnameProvider: { + ...provider, + } as CnameProvider, }; } @@ -178,7 +186,10 @@ export class CnameRecordService extends BaseService { const buildDnsProvider = async () => { const cnameProvider = await this.cnameProviderService.info(bean.cnameProviderId); - const access = await this.accessService.getById(cnameProvider.accessId, bean.userId); + if (cnameProvider == null) { + throw new ValidateException(`CNAME服务:${bean.cnameProviderId} 已被删除,请修改CNAME记录,重新选择CNAME服务`); + } + const access = await this.accessService.getById(cnameProvider.accessId, cnameProvider.userId); const context = { access, logger, http, utils }; const dnsProvider: IDnsProvider = await createDnsProvider({ dnsProviderType: cnameProvider.dnsProviderType, diff --git a/packages/ui/certd-server/src/modules/pipeline/service/access-getter.ts b/packages/ui/certd-server/src/modules/pipeline/service/access-getter.ts index 0292f4ba..0fd2d3f1 100644 --- a/packages/ui/certd-server/src/modules/pipeline/service/access-getter.ts +++ b/packages/ui/certd-server/src/modules/pipeline/service/access-getter.ts @@ -11,4 +11,8 @@ export class AccessGetter implements IAccessService { async getById(id: any) { return await this.getter(id, this.userId); } + + async getCommonById(id: any) { + return await this.getter(id, 0); + } } diff --git a/packages/ui/certd-server/src/modules/pipeline/service/access-service.ts b/packages/ui/certd-server/src/modules/pipeline/service/access-service.ts index efd80900..01caae37 100644 --- a/packages/ui/certd-server/src/modules/pipeline/service/access-service.ts +++ b/packages/ui/certd-server/src/modules/pipeline/service/access-service.ts @@ -107,14 +107,20 @@ export class AccessService extends BaseService { return await super.update(param); } - async getById(id: any, userId: number): Promise { + async getAccessById(id: any, checkUserId: boolean, userId?: number): Promise { const entity = await this.info(id); if (entity == null) { throw new Error(`该授权配置不存在,请确认是否已被删除:id=${id}`); } - if (userId !== entity.userId && entity.userId !== 0) { - throw new PermissionException('您对该Access授权无访问权限'); + if (checkUserId) { + if (userId == null) { + throw new ValidateException('userId不能为空'); + } + if (userId !== entity.userId) { + throw new PermissionException('您对该Access授权无访问权限'); + } } + // const access = accessRegistry.get(entity.type); const setting = this.decryptAccessEntity(entity); const input = { @@ -124,6 +130,10 @@ export class AccessService extends BaseService { return newAccess(entity.type, input); } + async getById(id: any, userId: number): Promise { + return await this.getAccessById(id, true, userId); + } + decryptAccessEntity(entity: AccessEntity): any { let setting = {}; if (entity.encryptSetting && entity.encryptSetting !== '{}') { diff --git a/packages/ui/certd-server/src/modules/pipeline/service/cname-proxy-service.ts b/packages/ui/certd-server/src/modules/pipeline/service/cname-proxy-service.ts index 1e39d5c2..4f4a7113 100644 --- a/packages/ui/certd-server/src/modules/pipeline/service/cname-proxy-service.ts +++ b/packages/ui/certd-server/src/modules/pipeline/service/cname-proxy-service.ts @@ -8,7 +8,7 @@ export class CnameProxyService implements ICnameProxyService { this.getter = getter; } - getByDomain(domain: string): Promise { - return this.getter(domain, this.userId); + async getByDomain(domain: string): Promise { + return await this.getter(domain, this.userId); } } diff --git a/packages/ui/certd-server/src/modules/pipeline/service/pipeline-service.ts b/packages/ui/certd-server/src/modules/pipeline/service/pipeline-service.ts index 4f4a9086..5bdeb355 100644 --- a/packages/ui/certd-server/src/modules/pipeline/service/pipeline-service.ts +++ b/packages/ui/certd-server/src/modules/pipeline/service/pipeline-service.ts @@ -354,7 +354,7 @@ export class PipelineService extends BaseService { role: userIsAdmin ? 'admin' : 'user', }; const accessGetter = new AccessGetter(userId, this.accessService.getById.bind(this.accessService)); - const cnameProxyService = new CnameProxyService(userId, this.cnameRecordService.getByDomain.bind(this.cnameRecordService)); + const cnameProxyService = new CnameProxyService(userId, this.cnameRecordService.getWithAccessByDomain.bind(this.cnameRecordService)); const executor = new Executor({ user, pipeline,