Merge pull request #624 from midoks/dev

0.17.3

.gitignore

@@ -180,3 +180,6 @@ plugins/frp
 plugins/file_search
 plugins/proxysql
 plugins/tidb
+plugins/goedge-admin
+plugins/goedge-node
+plugins/goedge-happy

README.md

@@ -110,11 +110,11 @@ docker run -itd --name mw-server --privileged=true -p 7200:7200 -p 80:80 -p 443:
 ```
 
 
-### 版本更新 0.17.2
+### 版本更新 0.17.3
 
-- MySQL9.0。
-- zabbix,zabbix-agent测试。
-- 正则匹配修复(兼容)。
+- 新增pgadmin插件。
+- 新增acme_pandominassl_apply插件。
+- 新增快捷指令:mw pgdb。
 - 常规更新。
 
 ### JSDelivr安装地址

class/core/cert_api.py

@@ -225,8 +225,7 @@ def getApis(self):
                     86400  # 24小时后过期
                 self.saveConfig()
             except Exception as e:
-                raise Exception(
-                    '服务因维护而关闭或发生内部错误，查看 <a href="https://letsencrypt.status.io/" target="_blank" class="btlink">https://letsencrypt.status.io/</a> 了解更多详细信息。')
+                raise Exception('服务因维护而关闭或发生内部错误，查看 <a href="https://letsencrypt.status.io/" target="_blank" class="btlink">https://letsencrypt.status.io/</a> 了解更多详细信息。')
         return self.__apis
 
     # 系列化payload
@@ -1297,9 +1296,9 @@ def getSiteNameByDomains(self, domains):
         site_sql = mw.M('sites')
         siteName = None
         for domain in domains:
-            pid = sql.where('name=?', domain).getField('pid')
+            pid = sql.where('name=?', (domain,)).getField('pid')
             if pid:
-                siteName = site_sql.where('id=?', pid).getField('name')
+                siteName = site_sql.where('id=?', (pid,)).getField('name')
                 break
         return siteName
 
@@ -1325,6 +1324,8 @@ def renewCertTo(self, domains, auth_type, auth_to, index=None):
             else:
                 site_name = self.getSiteNameByDomains(domains)
         is_rep = api.httpToHttps(site_name)
+        api.operateProxyConf(site_name,'stop')
+        mw.restartWeb()
         try:
             index = self.createOrder(
                 domains,
@@ -1376,6 +1377,9 @@ def renewCertTo(self, domains, auth_type, auth_to, index=None):
             is_rep_decode = json.loads(is_rep)
             if is_rep_decode['status']:
                 api.closeToHttps(site_name)
+
+        api.operateProxyConf(site_name,'start')
+        mw.restartWeb()
         writeLog("-" * 70)
         return cert
 
@@ -1447,8 +1451,8 @@ def renewCert(self, index):
 
                     # 是否到了最大重试次数
                     if 'retry_count' in self.__config['orders'][i]:
-                        if self.__config['orders'][i]['retry_count'] >= 5:
-                            msg = '|-本次跳过域名:{}，因连续5次续签失败，不再续签此证书(可尝试手动续签此证书，成功后错误次数将被重置)'.format(
+                        if self.__config['orders'][i]['retry_count'] >= 100:
+                            msg = '|-本次跳过域名:{}，因连续10次续签失败，不再续签此证书(可尝试手动续签此证书，成功后错误次数将被重置)'.format(
                                 self.__config['orders'][i]['domains'])
                             writeLog(msg)
                             continue

class/core/mw.py

@@ -472,6 +472,9 @@ def getJson(data):
     import json
     return json.dumps(data)
 
+def getObjectByJson(data):
+    import json
+    return json.loads(data)
 
 def returnData(status, msg, data=None):
     return {'status': status, 'msg': msg, 'data': data}
@@ -687,6 +690,15 @@ def restoreFile(file, act=None):
         file_type = "_def"
     execShell("cp -p {1} {0}".format(file, file + file_type))
 
+def base64StrEncode(content):
+    content = bytes(content,'utf-8')
+    content = base64.b64encode(content)
+    return content.decode('utf8')
+
+def base64StrDecode(content):
+    content = bytes(content,'utf-8')
+    content = base64.urlsafe_b64decode(content)
+    return content.decode('utf8')
 
 def enPunycode(domain):
     if sys.version_info[0] == 2:

class/core/site_api.py

@@ -1786,8 +1786,7 @@ def setRedirectApi(self):
         data.append({"r_from": _from, "type": _typeCode, "r_type": _rTypeCode,
                      "r_to": _to, 'keep_path': _keepPath, 'id': _id})
         mw.writeFile(data_path, json.dumps(data))
-        mw.writeFile(
-            "{}/{}.conf".format(self.getRedirectPath(_siteName), _id), file_content)
+        mw.writeFile("{}/{}.conf".format(self.getRedirectPath(_siteName), _id), file_content)
 
         self.operateRedirectConf(_siteName, 'start')
         mw.restartWeb()
@@ -1977,6 +1976,7 @@ def setProxyApi(self):
 location ^~ {from} {\n\
     proxy_pass {to};\n\
     proxy_set_header Host {host};\n\
+    proxy_ssl_server_name on;\n\
     proxy_set_header X-Real-IP $remote_addr;\n\
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n\
     proxy_set_header REMOTE-HOST $remote_addr;\n\

cmd.md

@@ -4,10 +4,11 @@
 - 面板相关命令
 
 ```
-/etc/init.d/mw default		| 显示登录信息
-/etc/init.d/mw db 		| 快捷连接MySQL
-/etc/init.d/mw redis 	| 快捷连接Redis
-/etc/init.d/mw mongodb 	| 快捷连接MongoDB
+mw default	| 显示登录信息
+mw db 		| 快捷连接MySQL
+mw redis 	| 快捷连接Redis
+mw mongodb 	| 快捷连接MongoDB
+mw pgdb 	| 快捷连接PostgreSQL
 ----------------------------------------
 mw open				| 开启面板
 mw close			| 关闭面板
@@ -17,7 +18,7 @@ mw venv				| 进入虚拟环境
 mw mirror			| 切换镜像
 mw install_app			| 快捷安装常用软件
 mw update 			| 更新到正式
-mw update_dev			| 更新到开发
+mw dev/update_dev		| 更新到开发
 
 service mw [start|stop|reload|restart|status]
 ```

data/sql/default.sql

@@ -71,9 +71,14 @@ CREATE TABLE IF NOT EXISTS `sites` (
   `type_id` INTEGER,
   `ps` TEXT,
   `edate` TEXT,
+  `ssl_effective_date` TEXT,
+  `ssl_expiration_date` TEXT,
   `addtime` TEXT
 );
 
+ALTER TABLE `sites` ADD COLUMN `ssl_effective_date` TEXT DEFAULT '';
+ALTER TABLE `sites` ADD COLUMN `ssl_expiration_date` TEXT DEFAULT '';
+
 CREATE TABLE IF NOT EXISTS `site_types` (
   `id` INTEGER PRIMARY KEY AUTOINCREMENT,
   `name` TEXT

plugins/acme_pandominassl_apply/conf/acme.sql

@@ -0,0 +1,34 @@
+CREATE TABLE IF NOT EXISTS `dnsapi` (
+  `id` INTEGER PRIMARY KEY AUTOINCREMENT,
+  `name` TEXT,
+  `type` TEXT,
+  `val` TEXT,
+  `remark` TEXT,
+  `addtime` TEXT
+);
+
+CREATE TABLE IF NOT EXISTS `email` (
+  `id` INTEGER PRIMARY KEY AUTOINCREMENT,
+  `addr` TEXT,
+  `remark` TEXT,
+  `addtime` TEXT
+);
+
+
+CREATE TABLE IF NOT EXISTS `domain` (
+  `id` INTEGER PRIMARY KEY AUTOINCREMENT,
+  `domain` TEXT,
+  `dnsapi_id` TEXT,
+  `email` TEXT,
+  `remark` TEXT,
+  `effective_date` TEXT,
+  `expiration_date` TEXT,
+  `error` TEXT,
+  `status` INTEGER default '0',
+  `addtime` TEXT
+);
+
+-- ALTER TABLE `domain` ADD COLUMN `effective_date` TEXT DEFAULT '';
+-- ALTER TABLE `domain` ADD COLUMN `expiration_date` TEXT DEFAULT '';
+-- ALTER TABLE `domain` ADD COLUMN `error` TEXT DEFAULT '';
+-- ALTER TABLE `domain` ADD COLUMN `status` INTEGER DEFAULT '0';

plugins/acme_pandominassl_apply/hooks/goedge.py

@@ -0,0 +1,128 @@
+# coding:utf-8
+
+import sys
+import io
+import os
+import time
+import re
+import requests
+import base64
+
+
+# 8001 / 7788
+goedge_addr = 'http://127.0.0.2:8009'
+access_keyid = "xxx"
+access_key = "xxx"
+
+# 指定用户
+userId = 1
+
+sys.path.append(os.getcwd() + "/class/core")
+import mw
+
+domain = sys.argv[1]
+ssl_path = sys.argv[2]
+
+
+def getToken():
+    api_url = goedge_addr+'/APIAccessTokenService/getAPIAccessToken'
+    post_data = {
+        "type": "admin",
+        "accessKeyId": access_keyid,
+        "accessKey": access_key
+    }
+    data = requests.post(api_url,json=post_data)
+    data_obj = data.json()
+
+    return data_obj['data']['token']
+
+token = getToken()
+
+def commonReq(url, data):
+    headers = {
+        'X-Edge-Access-Token': token
+    }
+    api_url = goedge_addr+url
+    resp_data = requests.post(api_url,json=data, headers=headers)
+    return resp_data.json()
+
+def listSSLCerts(domain):
+    request_data = {
+        "userId":userId,
+        "isCA":False,
+        "keyword": "ACME泛域名自动上传",
+        "domains":[domain,"*."+domain],
+        "size":1
+    }
+    response_data = commonReq('/SSLCertService/listSSLCerts', request_data)
+
+    data = response_data['data']['sslCertsJSON']
+    data = mw.base64StrDecode(data)
+    data = mw.getObjectByJson(data)
+    # print(data)
+    return data
+
+
+
+# createSSLCert(domain)
+def createSSLCert(domain, did=0):
+
+    ssl_cer_file = ssl_path + '/'+domain+'.cer'
+
+    if not os.path.exists(ssl_cer_file):
+        print("没有有效证书!")
+        return ''
+    # print(ssl_cer_file)
+    ssl_info = mw.getCertName(ssl_cer_file)
+    cer_data = mw.readFile(ssl_cer_file)
+    cer_data = mw.base64StrEncode(cer_data)
+    # print('cer',cer_data)
+
+    ssl_key_file = ssl_path + '/'+domain+'.key'
+    key_data = mw.readFile(ssl_key_file)
+    key_data = mw.base64StrEncode(key_data)
+    # print('ssl_info',ssl_info)
+
+    timeBeginAt = int(time.mktime(time.strptime(ssl_info['notBefore'], "%Y-%m-%d")))
+    timeEndAt = int(time.mktime(time.strptime(ssl_info['notAfter'], "%Y-%m-%d")))
+
+    request_data = {
+        "isOn":True,
+        "userId":userId,
+        "name": "ACME泛域名自动上传",
+        "isCA":False,
+        "description":domain,
+        "serverName":domain,
+        "certData":cer_data,
+        "keyData":key_data,
+        "timeBeginAt":timeBeginAt,
+        "timeEndAt": timeEndAt,
+        "dnsNames":[domain,"*."+domain],
+        "commonNames":[ssl_info['issuer']]
+    }
+
+    if did>0:
+        request_data['sslCertId'] = did
+        # print(request_data)
+        response_data = commonReq('/SSLCertService/updateSSLCert', request_data)
+        print('更新成功',domain,response_data)
+        return response_data
+    else:
+        # print(request_data)
+        response_data = commonReq('/SSLCertService/createSSLCert', request_data)
+        print('创建成功',domain,response_data)
+        return response_data
+    return response_data
+
+def autoSyncDomain(domain):
+    data = listSSLCerts(domain)
+    if len(data) > 0 :
+        did = data[0]['id']
+        createSSLCert(domain,did)
+    else:
+        createSSLCert(domain)
+    print(data)
+
+
+autoSyncDomain(domain)
+print(domain,ssl_path)

plugins/acme_pandominassl_apply/hooks/init.py

@@ -0,0 +1,12 @@
+# coding:utf-8
+
+import sys
+import io
+import os
+import time
+import re
+
+domain = sys.argv[1]
+path = sys.argv[2]
+
+print(domain,path)

plugins/acme_pandominassl_apply/index.html

@@ -0,0 +1,34 @@
+<style>
+.overflow_hide {
+    overflow: hidden;
+    text-overflow: ellipsis;
+    white-space: nowrap;
+    vertical-align: middle;
+}
+</style>
+
+<div class="bt-form">
+	<div class='plugin_version'></div>
+	<div class="bt-w-main">
+		<div class="bt-w-menu">
+			<p class="bgw" onclick="pluginService('acme_pandominassl_apply');">服务</p>
+			<p onclick="dnsapiList();">DNSAPI *</p>
+			<p onclick="emailList();">邮件地址 </p>
+			<p onclick="domainList()">域名SSL *</p>
+			<p onclick="pluginConfigTpl('acme_pandominassl_apply',$('.plugin_version').attr('version'));">HOOK</p>
+			<p onclick="pluginLogs('acme_pandominassl_apply','','run_log');">日志</p>
+			<p onclick="apaReadme();">相关说明</p>
+
+		</div>
+		<div class="bt-w-con pd15">
+			<div class="soft-man-con"></div>
+		</div>
+	</div>
+</div>
+<script type="text/javascript">
+resetPluginWinWidth(1000);
+resetPluginWinHeight(550);
+$.getScript( "/plugins/file?name=acme_pandominassl_apply&f=js/common.js", function(){
+	pluginService('acme_pandominassl_apply', $('.plugin_version').attr('version'));
+});
+</script>