ouyang/dnsmgr
1
1
Fork 0
mirror of https://github.com/netcccyun/dnsmgr.git synced 2026-05-09 15:06:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: ouyang:2.0.0
Branches Tags
ouyang:main
ouyang:2.18 ouyang:2.17 ouyang:2.16 ouyang:2.15 ouyang:2.14.0 ouyang:2.13.0 ouyang:2.12.0 ouyang:2.11.0 ouyang:2.10.0 ouyang:2.9.0 ouyang:2.8.2 ouyang:2.8.1 ouyang:2.8.0 ouyang:2.7.1 ouyang:2.7.0 ouyang:2.6.0 ouyang:2.5.0 ouyang:2.4.1 ouyang:2.4.0 ouyang:2.3.1 ouyang:2.3.0 ouyang:2.2.0 ouyang:2.1.0 ouyang:2.0.1 ouyang:2.0.0 ouyang:1.7.3 ouyang:1.7.2 ouyang:1.7.1 ouyang:1.7 ouyang:1.6.1 ouyang:1.6 ouyang:1.5 ouyang:1.4 ouyang:1.3 ouyang:1.2.1 ouyang:1.2 ouyang:1.0
...
compare: ouyang:2.17
Branches Tags
ouyang:main
ouyang:2.18 ouyang:2.17 ouyang:2.16 ouyang:2.15 ouyang:2.14.0 ouyang:2.13.0 ouyang:2.12.0 ouyang:2.11.0 ouyang:2.10.0 ouyang:2.9.0 ouyang:2.8.2 ouyang:2.8.1 ouyang:2.8.0 ouyang:2.7.1 ouyang:2.7.0 ouyang:2.6.0 ouyang:2.5.0 ouyang:2.4.1 ouyang:2.4.0 ouyang:2.3.1 ouyang:2.3.0 ouyang:2.2.0 ouyang:2.1.0 ouyang:2.0.1 ouyang:2.0.0 ouyang:1.7.3 ouyang:1.7.2 ouyang:1.7.1 ouyang:1.7 ouyang:1.6.1 ouyang:1.6 ouyang:1.5 ouyang:1.4 ouyang:1.3 ouyang:1.2.1 ouyang:1.2 ouyang:1.0

235 Commits
2.0.0 ... 2.17

Author SHA1 Message Date
net909
b4825f1312 v2.17 2026-04-13 22:32:39 +08:00
net909
2dd4978fb3 新增火山VOD部署 2026-04-13 22:32:05 +08:00
dependabot[bot]
349c1d70e2 Bump symfony/polyfill-php82 from 1.33.0 to 1.34.0 (#425) 
Bumps [symfony/polyfill-php82](https://github.com/symfony/polyfill-php82) from 1.33.0 to 1.34.0.
- [Release notes](https://github.com/symfony/polyfill-php82/releases)
- [Commits](https://github.com/symfony/polyfill-php82/compare/v1.33.0...v1.34.0)

---
updated-dependencies:
- dependency-name: symfony/polyfill-php82
  dependency-version: 1.34.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-13 20:02:58 +08:00
dependabot[bot]
a112cf0ea2 Bump symfony/polyfill-intl-idn from 1.33.0 to 1.34.0 (#426) 
Bumps [symfony/polyfill-intl-idn](https://github.com/symfony/polyfill-intl-idn) from 1.33.0 to 1.34.0.
- [Release notes](https://github.com/symfony/polyfill-intl-idn/releases)
- [Commits](https://github.com/symfony/polyfill-intl-idn/compare/v1.33.0...v1.34.0)

---
updated-dependencies:
- dependency-name: symfony/polyfill-intl-idn
  dependency-version: 1.34.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-13 20:02:47 +08:00
dependabot[bot]
c1600c7b17 Bump symfony/polyfill-mbstring from 1.33.0 to 1.34.0 (#427) 
Bumps [symfony/polyfill-mbstring](https://github.com/symfony/polyfill-mbstring) from 1.33.0 to 1.34.0.
- [Release notes](https://github.com/symfony/polyfill-mbstring/releases)
- [Commits](https://github.com/symfony/polyfill-mbstring/compare/v1.33.0...v1.34.0)

---
updated-dependencies:
- dependency-name: symfony/polyfill-mbstring
  dependency-version: 1.34.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-13 20:02:40 +08:00
dependabot[bot]
b8f64db33c Bump symfony/polyfill-php81 from 1.33.0 to 1.34.0 (#428) 
Bumps [symfony/polyfill-php81](https://github.com/symfony/polyfill-php81) from 1.33.0 to 1.34.0.
- [Release notes](https://github.com/symfony/polyfill-php81/releases)
- [Commits](https://github.com/symfony/polyfill-php81/compare/v1.33.0...v1.34.0)

---
updated-dependencies:
- dependency-name: symfony/polyfill-php81
  dependency-version: 1.34.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-13 20:02:32 +08:00
net909
96e1c8a972 新增部署到S3存储 2026-04-11 21:13:52 +08:00
net909
bebd655bcc 合并增强 Cloudflare 相关能力 2026-04-11 20:04:52 +08:00
net909
36d42da491 Merge remote-tracking branch 'remotes/upstream/main' 2026-04-11 19:47:25 +08:00
net909
b0d831da56 新增单独的宝塔win极速版部署类型 2026-04-11 19:12:15 +08:00
net909
c420c81877 update docker-build workflows 2026-04-11 18:37:15 +08:00
net909
72492e9fd9 更新阿里云SSL证书接口 2026-04-11 18:16:15 +08:00
luo-bo
3075b8d8a5 ``` 
feat(dnspod): 添加域名状态修改功能并确保新域名启用

在dnspod DNS管理中添加了域名状态修改功能,在创建或查找域名后自动启用域名,
确保域名处于活动状态。新增modifyDomainStatus方法来处理域名状态变更请求,
并在createOrGetDomain方法中集成状态启用逻辑,提高域名管理的可靠性。
```
 2026-04-02 20:21:07 +08:00
luo-bo
92d8f49778 ``` 
feat(Domain): 添加域名解析日志记录功能

在域名解析添加成功后记录操作日志,包括域名名称、操作类型、记录值、线路信息和TTL值,
便于后续审计和问题排查。
```
 2026-04-02 20:12:21 +08:00
luo-bo
1084fea43b ``` 
feat(domain): 添加DNSPod子域托管自动委派功能

- 新增addDnsPodDelegatedSubdomain方法处理DNSPod子域托管流程
- 实现子域验证TXT记录自动添加和NS委派自动配置
- 增加相关辅助方法:findManagedParentDomainRow、buildRelativeRecordName等
- 在DNSPod驱动中添加createSubdomainValidateTxtValue和describeSubdomainValidateStatus接口
- 更新前端界面显示子域托管提示信息
- 优化域名添加成功后的消息返回逻辑
```
 2026-04-02 20:12:03 +08:00
luo-bo
7670d5a387 ``` 
feat(cloudflare): 添加TXT记录目标域名选择功能

- 新增hostnames_txt_targets接口用于查找TXT记录的目标域名候选列表
- 实现findTxtRecordTargetDomains方法用于匹配最合适的解析域名
- 添加matchHostnameToDomainRecordName方法用于主机名与域名匹配逻辑
- 在前端页面中集成TXT记录快速添加的域名选择弹窗功能
- 更新域名快速切换功能,增加onclick事件处理
- 升级静态资源版本号以确保缓存更新
```
 2026-04-02 03:33:10 +08:00
luo-bo
a9b773868d ``` 
feat(domain): 添加域名快速切换功能

- 在BaseController中新增getManagedDomainOptions方法,用于获取用户管理的域名选项
- 在Cloudflare和Domain控制器中集成域名选项数据传递到视图
- 更新前端模板文件以支持多域名选择下拉列表
- 扩展JavaScript中的initDomainQuickSwitch函数,增加AJAX支持选项
- 引入DnsHelper和Db门面用于域名数据查询和处理
```
 2026-04-02 03:22:42 +08:00
luo-bo
141b2ead43 ``` 
feat(cloudflare): 添加域名快速切换功能

在Cloudflare主机名页面添加域名快速切换下拉选择器,
允许用户通过搜索和选择快速切换到其他域名。
集成Select2组件提供更好的用户体验,
支持分页加载和中文本地化。

feat(record): 实现域名管理页面快速切换

在域名记录页面增加域名快速切换功能,
包含搜索下拉框和切换按钮,
优化页面布局结构以适应新功能。

chore(deps): 引入Select2依赖库

添加Select2 4.0.13版本及其中文语言包,
用于实现域名快速切换的下拉搜索功能。
```
 2026-04-02 03:18:02 +08:00
Formerly 3Kmfi6HP
b1b0655cc0 修复 Cloudflare 模块 Emoji/IDN 域名解析记录主机名显示错误 (#420) 2026-03-27 13:28:55 +08:00
luo-bo
c64a385ffc ``` 
feat(cloudflare): 添加快速添加TXT记录功能

- 在主机名验证对话框中增加快速添加TXT记录按钮
- 实现convertFullHostnameToRecordName函数用于转换完整主机名为记录名
- 添加quickAddTxtRecord函数处理TXT记录的快速添加逻辑
- 在前端页面中集成快速添加功能,支持一键添加证书验证所需的TXT记录
- 移除SSL配置中的bundle_method和certificate_authority字段

```
 2026-03-24 03:45:22 +08:00
luo-bo
7d02f15fde ``` 
feat(cloudflare): 添加自定义主机名编辑和刷新验证功能

- 新增 hostnames_update 方法用于更新自定义主机名的自定义源站配置
- 新增 hostnames_refresh 方法用于重新向 Cloudflare 发起验证请求
- 添加 extractCustomHostnameSslPayload 辅助方法处理 SSL 配置参数
- 完善 formatCustomHostnameRow 方法,增加更详细的验证状态信息展示
- 在前端界面添加编辑按钮和校验对话框,支持在线查看和刷新验证记录
- 优化自定义主机名列表页面,支持实时更新和状态显示
- 新增证书校验和所有权验证的详细信息展示界面
```
 2026-03-24 01:45:55 +08:00
luo-bo
918bd872d9 ``` 
feat(cloudflare): 更新隧道页面UI并移除域名页面的tunnel链接

- 重构隧道页面搜索工具栏,替换搜索表单为刷新按钮布局
- 添加refreshTunnelList函数用于刷新隧道列表
- 为bootstrapTable添加toolbar配置
- 从域名页面移除tunnel相关按钮链接
```
 2026-03-24 01:11:39 +08:00
luo-bo
0bc745e164 ``` 
feat(account): 添加用户级别权限控制和Cloudflare Tunnels功能

- 在account页面添加userLevel变量用于权限判断
- 修改操作列显示逻辑,仅当用户级别为2且类型为cloudflare时显示Tunnels链接
- 统一用户级别检测方式,从request()->user改为$user变量

feat(domain): 增强Cloudflare功能并优化权限控制

- 修复模板中用户级别变量引用错误,统一使用$user['level']
- 为高级用户(级别2)添加Cloudflare增强功能按钮
- 增加对Cloudflare隧道和主机名管理的支持
- 添加行类型安全检查以防止空值错误

fix(record): 修复用户类型权限检测逻辑

- 修正解析记录页面用户类型检测条件
- 统一用户权限检查变量使用标准$user语法
- 确保Cloudflare增强功能正确基于用户级别显示
```
 2026-03-24 00:43:14 +08:00
luo-bo
efed00afa3 ``` 
chore(git): 更新.gitignore文件以忽略临时目录

添加/.codex-tmp/dns-panel-ref/到.gitignore文件中,
避免临时子项目引用文件被提交到版本控制系统。
```
 2026-03-24 00:26:44 +08:00
luo-bo
1b1605400d ``` 
feat(cloudflare): 添加 Cloudflare Tunnels 和增强功能支持

- 在 .gitignore 中添加 .ace-tool/ 忽略规则
- 更新 Cloudflare 配置项,添加详细的使用说明和 API 令牌认证支持
- 新增 Account ID 配置字段用于 Cloudflare Tunnels 功能
- 在账户管理页面添加 Tunnels 功能入口按钮
- 实现智能账户名称自动生成逻辑,优先使用关键认证字段
- 添加 Cloudflare 增强功能菜单项,仅对管理员可见
- 定义完整的 Cloudflare 相关路由,包括 hostnames、tunnels 等功能模块
```
 2026-03-24 00:21:03 +08:00
kgbow
879e667d9a fix: 修复1panel面板ssl搜索接口参数报错 (#406) 2026-02-27 18:48:14 +08:00
net909
0813f2cdca update version 2026-02-27 18:43:57 +08:00
net909
780e01ce4f 增加腾讯云DNS域名别名管理、修复主域名判断 2026-02-27 18:36:56 +08:00
Ripic Zhang
3ea41c1c8b 增加 esa saas 证书部署 (#404) 
* 增加ESA SaaS配置

* 增加部署配置

* 合并

* 合并
 2026-02-24 11:09:03 +08:00
net909
e25d5d76e9 支持部署到阿里云全球加速 2026-02-17 14:30:57 +08:00
net909
c0e72908ab 阿里云ESA超过免费配额之后,自动删除最旧的证书 2026-02-17 13:45:09 +08:00
TomyJan
867785b774 fix: cf 优选增加 xingpingcn.top 接口 & perf: cf 优选 ip 数量上限 50 个 (#396) 
* fix: cf 优选增加 xingpingcn.top 接口

* perf: cf 优选 ip 数量上限 50 个

* Update app/service/OptimizeService.php

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update app/service/OptimizeService.php

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update app/controller/Optimizeip.php

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* fix: min num limit

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-02-12 22:23:21 +08:00
dependabot[bot]
d579ca07af Bump cccyun/php-whois from 1.2 to 1.3 (#398) 
Bumps [cccyun/php-whois](https://github.com/netcccyun/php-whois) from 1.2 to 1.3.
- [Release notes](https://github.com/netcccyun/php-whois/releases)
- [Commits](https://github.com/netcccyun/php-whois/compare/1.2...1.3)

---
updated-dependencies:
- dependency-name: cccyun/php-whois
  dependency-version: '1.3'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-12 22:20:54 +08:00
net909
7161caf0a5 ssh私钥自动删除 2026-02-02 19:27:31 +08:00
net909
c91b116466 Merge branch 'main' of ssh://ssh.github.com:443/netcccyun/dnsmgr 2026-01-30 23:16:28 +08:00
耗子
b2d27b18a3 feat: 支持AcePanel 3.0部署 (#394) 2026-01-30 23:13:11 +08:00
net909
ee45ddd7ec 新增amh面板部署 2026-01-28 20:53:54 +08:00
TomyJan
9b66b020c9 fix: cf暂停@解析 (#390) 2026-01-27 11:28:56 +08:00
net909
ec16c3fc8b 修复LiteSSL添加DNS失败 2026-01-25 11:12:41 +08:00
net909
d1eaaec650 修复fnOS部署失败 2026-01-24 16:45:24 +08:00
net909
224c27d796 优化青云DNS翻页 2026-01-24 12:27:38 +08:00
net909
6aea445259 新增青云DNS 2026-01-23 23:43:01 +08:00
net909
86c557face 群机器人通知支持@用户 2026-01-23 23:24:02 +08:00
net909
70d3922013 批量添加解析支持设置备注 2026-01-22 21:43:22 +08:00
net909
e56122d7d0 Merge branch 'main' of ssh://ssh.github.com:443/netcccyun/dnsmgr 2026-01-17 22:40:59 +08:00
net909
6694631a9a 域名账户新增支持阿里云ESA、腾讯云EO 
优化域名账户新增/编辑页面
 2026-01-17 22:40:38 +08:00
net909
2c03dedba0 新增LiteSSL证书类型 2026-01-17 22:39:03 +08:00
net909
095063dcad 已配置好.env的情况下安装不需要配置数据库连接 2026-01-17 22:36:34 +08:00
dependabot[bot]
b6eec27d06 Bump topthink/framework from 8.1.3 to 8.1.4 (#382) 
Bumps [topthink/framework](https://github.com/top-think/framework) from 8.1.3 to 8.1.4.
- [Release notes](https://github.com/top-think/framework/releases)
- [Commits](https://github.com/top-think/framework/compare/v8.1.3...v8.1.4)

---
updated-dependencies:
- dependency-name: topthink/framework
  dependency-version: 8.1.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-16 21:36:59 +08:00
net909
b400a62ef9 增加宝塔域名解析管理,修复spaceship解析 2026-01-13 15:54:23 +08:00
dependabot[bot]
36a731d672 Bump phpmailer/phpmailer from 7.0.1 to 7.0.2 (#377) 
Bumps [phpmailer/phpmailer](https://github.com/PHPMailer/PHPMailer) from 7.0.1 to 7.0.2.
- [Release notes](https://github.com/PHPMailer/PHPMailer/releases)
- [Changelog](https://github.com/PHPMailer/PHPMailer/blob/master/changelog.md)
- [Commits](https://github.com/PHPMailer/PHPMailer/compare/v7.0.1...v7.0.2)

---
updated-dependencies:
- dependency-name: phpmailer/phpmailer
  dependency-version: 7.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-12 23:57:50 +08:00
dependabot[bot]
dcd829586c Bump topthink/think-orm from 4.0.50 to 4.0.51 (#365) 
Bumps [topthink/think-orm](https://github.com/top-think/think-orm) from 4.0.50 to 4.0.51.
- [Release notes](https://github.com/top-think/think-orm/releases)
- [Commits](https://github.com/top-think/think-orm/compare/v4.0.50...v4.0.51)

---
updated-dependencies:
- dependency-name: topthink/think-orm
  dependency-version: 4.0.51
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-02 23:06:41 +08:00
net909
fb69ed702b 新增华为云OBS、天翼云函数计算部署,阿里云、腾讯云等新增上传到证书管理选项 2025-12-29 22:29:54 +08:00
深山大柠檬
137193d465 修复1Panel主节点部署失败,支持同时部署主节点和子节点证书,改进日志输出和配置说明 (#364) 
* 1panel支持多个子节点部署

* 1Panel子节点/主节点BUG修复,现在可以同时部署子节点和主节点的证书

- 修复主节点部署失败问题
- 支持同时部署主节点和所有指定的子节点
- 改进日志输出和配置说明
 2025-12-29 10:43:06 +08:00
net909
d0eb096873 腾讯云支持更新证书内容接口 2025-12-25 11:49:07 +08:00
net909
ebdc34cf4b fix: 又拍云SSL不兼容的特化处理 2025-12-25 10:27:28 +08:00
耗子
b19cabcbfd fix: Passing null to parameter #5 ($passphrase) of type string is deprecated (#360) 2025-12-24 22:09:48 +08:00
深山大柠檬
64b5221787 1panel支持多个子节点部署 (#356) 2025-12-18 11:23:06 +08:00
net909
41e719720c version 2025-12-16 20:16:54 +08:00
net909
16a9c03b6c 修复部署到阿里云WAF 2025-12-16 20:16:30 +08:00
net909
1beb731a6e 增加域名列表排序,批量刷新到期时间 2025-12-13 23:31:47 +08:00
dependabot[bot]
6b026ce4e4 Bump phpmailer/phpmailer from 6.11.1 to 7.0.1 (#350) 
Bumps [phpmailer/phpmailer](https://github.com/PHPMailer/PHPMailer) from 6.11.1 to 7.0.1.
- [Release notes](https://github.com/PHPMailer/PHPMailer/releases)
- [Changelog](https://github.com/PHPMailer/PHPMailer/blob/master/changelog.md)
- [Commits](https://github.com/PHPMailer/PHPMailer/compare/v6.11.1...v7.0.1)

---
updated-dependencies:
- dependency-name: phpmailer/phpmailer
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-13 23:26:47 +08:00
耗子
96ff262333 feat: ssh私钥支持设置密码 (#346) 2025-11-11 10:36:19 +08:00
net909
17ffe5704f 1panel支持子节点部署 2025-11-08 16:05:56 +08:00
mrdong916
d4c11b520f 新增Spaceship DNS (#335) 
Co-authored-by: mrdong916 <mrdong916@gmail.com>
 2025-11-08 16:03:15 +08:00
net909
ba418da84c fix: 证书私钥 EC 指示 2025-11-04 20:42:52 +08:00
TomyJan
b58db855ca fix: 证书私钥 EC 指示 2025-11-04 18:57:55 +08:00
dependabot[bot]
3bd45367b0 Bump symfony/yaml from 7.3.3 to 7.3.5 (#339) 
Bumps [symfony/yaml](https://github.com/symfony/yaml) from 7.3.3 to 7.3.5.
- [Release notes](https://github.com/symfony/yaml/releases)
- [Changelog](https://github.com/symfony/yaml/blob/7.3/CHANGELOG.md)
- [Commits](https://github.com/symfony/yaml/compare/v7.3.3...v7.3.5)

---
updated-dependencies:
- dependency-name: symfony/yaml
  dependency-version: 7.3.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-29 20:40:10 +08:00
dependabot[bot]
a22bc4fa37 Bump symfony/var-dumper from 7.3.4 to 7.3.5 (#340) 
Bumps [symfony/var-dumper](https://github.com/symfony/var-dumper) from 7.3.4 to 7.3.5.
- [Release notes](https://github.com/symfony/var-dumper/releases)
- [Changelog](https://github.com/symfony/var-dumper/blob/7.3/CHANGELOG.md)
- [Commits](https://github.com/symfony/var-dumper/compare/v7.3.4...v7.3.5)

---
updated-dependencies:
- dependency-name: symfony/var-dumper
  dependency-version: 7.3.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-29 20:39:46 +08:00
net909
3499583e0d version 2025-10-17 10:41:53 +08:00
耗子
63636e660d JS、CSS本地化 (#332) 2025-10-16 23:09:13 +08:00
net909
4bf87156e3 version 2025-10-10 20:47:20 +08:00
net909
475c14804a 更新composer 2025-10-10 20:11:35 +08:00
net909
531ad68847 Merge branch 'main' of ssh://ssh.github.com:443/netcccyun/dnsmgr 2025-10-10 20:10:54 +08:00
net909
f86c68fc6a 新增K8S部署 2025-10-10 20:10:12 +08:00
dependabot[bot]
460067a5e7 Bump phpmailer/phpmailer from 6.10.0 to 6.11.1 (#324) 
Bumps [phpmailer/phpmailer](https://github.com/PHPMailer/PHPMailer) from 6.10.0 to 6.11.1.
- [Release notes](https://github.com/PHPMailer/PHPMailer/releases)
- [Changelog](https://github.com/PHPMailer/PHPMailer/blob/master/changelog.md)
- [Commits](https://github.com/PHPMailer/PHPMailer/compare/v6.10.0...v6.11.1)

---
updated-dependencies:
- dependency-name: phpmailer/phpmailer
  dependency-version: 6.11.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-02 10:39:20 +08:00
net909
6ffa9e003a 新增天翼云部署 2025-09-29 10:45:38 +08:00
net909
c5ed1c6990 增加fnOS部署,堡塔云WAF支持部署本身证书 2025-09-17 20:46:11 +08:00
net909
2b51a2d015 新增南墙WAF、小皮面板部署 2025-09-03 19:48:18 +08:00
net909
2e00773c0a readme 2025-08-31 17:04:30 +08:00
net909
4bee80e06e 新增百度云BLB部署 2025-08-27 19:13:55 +08:00
net909
7cb745acdf 优化部署阿里云SLB 2025-08-26 22:32:30 +08:00
net909
79437aba60 新增支持宝塔Win极速版,lecdn支持令牌认证 2025-08-25 17:18:35 +08:00
net909
fd21a55d01 新增定时切换解析功能 2025-08-22 21:25:42 +08:00
net909
9f529e2528 新增uniCloud部署,cdnfly部署支持账号密码登录 2025-08-21 19:47:37 +08:00
net909
9a70fd7116 修复泛域名部署支持 2025-08-12 10:11:08 +08:00
dependabot[bot]
3dd55cf007 Bump topthink/think-orm from 4.0.48 to 4.0.49 (#293) 
Bumps [topthink/think-orm](https://github.com/top-think/think-orm) from 4.0.48 to 4.0.49.
- [Release notes](https://github.com/top-think/think-orm/releases)
- [Commits](https://github.com/top-think/think-orm/compare/v4.0.48...v4.0.49)

---
updated-dependencies:
- dependency-name: topthink/think-orm
  dependency-version: 4.0.49
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-12 10:09:29 +08:00
I
6ff8cb9f45 Update README.md (#294) 
将 Docker 本地持久化数据路径修改为与 docker-compose.yml 文件同目录,并移除 YAML 文件中的 version 标识(新版 Docker 已不再使用)。
 2025-08-12 10:09:04 +08:00
net909
98f185ee8e 修复腾讯云吊销证书 2025-08-08 10:13:36 +08:00
dependabot[bot]
028688df20 Bump cccyun/php-whois from 1.1 to 1.2 (#288) 2025-08-08 09:56:38 +08:00
dependabot[bot]
e8c68375a9 Bump topthink/think-orm from 4.0.47 to 4.0.48 (#284) 2025-08-03 00:06:45 +08:00
dependabot[bot]
6958530337 Bump symfony/var-dumper from 7.3.1 to 7.3.2 (#283) 2025-08-03 00:06:36 +08:00
net909
0863d02cc9 fix 2025-07-28 20:37:10 +08:00
net909
9032ea0405 整合计划任务,新增访问URL方式的计划任务 2025-07-28 20:30:09 +08:00
net909
e3749ecb6c Merge branch 'main' of ssh://ssh.github.com:443/netcccyun/dnsmgr 2025-07-18 14:47:30 +08:00
net909
e1e90c3c71 修复阿里云ESA部署失败 2025-07-18 14:47:12 +08:00
dependabot[bot]
a171a5b9b0 Bump topthink/think-trace from 1.6 to 2.0 (#276) 
---
updated-dependencies:
- dependency-name: topthink/think-trace
  dependency-version: '2.0'
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-16 17:08:08 +08:00
dependabot[bot]
f608b2fceb Bump topthink/framework from 8.1.2 to 8.1.3 (#277) 
---
updated-dependencies:
- dependency-name: topthink/framework
  dependency-version: 8.1.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-16 17:08:01 +08:00
Hanada
0837ac9be1 Merge pull request #274 from HanadaLee/multipartpostfix 
重构POST内容判断逻辑,去除X-Content-Type标头
 2025-07-12 09:44:14 +08:00
net909
c31e0eaf41 修复部署失败 2025-07-11 09:56:08 +08:00
net909
987deda95d 修复报错 2025-07-10 16:41:11 +08:00
消失的彩虹海
654151ce5b Merge pull request #270 from HanadaLee/ssldeployfix 
修复部署证书到阿里云和群晖失败的问题
 2025-07-08 23:25:03 +08:00
Hanada
2fedee1e93 修复使用guzzle库后部署证书到群晖失败的问题 2025-07-08 23:12:40 +08:00
Hanada
ba97ac3685 修复部署阿里云时证书序列号可能存在前置0的问题 2025-07-08 21:42:40 +08:00
net909
f2f1a0d01e 修复upyun部署 2025-07-07 21:47:15 +08:00
net909
933f98a909 2.8.1 2025-07-06 12:21:04 +08:00
net909
3beb0ec637 修复阿里云WAF部署 2025-07-06 12:19:02 +08:00
net909
7a92ad7094 Merge branch 'main' of ssh://ssh.github.com:443/netcccyun/dnsmgr 2025-07-06 11:17:06 +08:00
net909
5dc4dbfabd 增加Edgeone IP优选,修复EO海外版部署失败 2025-07-06 11:16:44 +08:00
DearTanker
291f715e91 优化记录值复制功能 (#266) 
1、修复无法复制包含双引号的 TXT 记录值
2、调整 MX 记录值的复制按钮到右侧,因为复制不需要复制优先级。
 2025-07-04 09:43:55 +08:00
net909
4f15d4d7a2 调整快速打开按钮位置 2025-07-03 19:48:34 +08:00
DearTanker
11e83860b7 添加 自定义样式功能、主机记录增加快速打开链接 (#263) 
* 添加支持自定义样式功能。

* 在主机记录列中增加一个新窗口打开链接的小按钮,方便快速访问。

* 记录值增加快速复制按钮,并用 padding 来调整了图标的间距避免空格
 2025-07-03 19:37:34 +08:00
net909
479af4fe5f 修复批量操作证书和部署任务 2025-06-30 12:44:31 +08:00
net909
3c00e426cc 修改字段长度 2025-06-25 14:35:28 +08:00
net909
814781c1d1 version 2025-06-25 14:24:31 +08:00
net909
af2117faf0 支持雨云SSL自动部署 2025-06-25 13:37:37 +08:00
net909
9275256e36 新增lucky部署,支持直接对接DNS服务商添加域名 2025-06-25 12:57:09 +08:00
net909
d368a0190a 修复API接口操作记录报错 2025-06-23 17:45:47 +08:00
dependabot[bot]
684a4e59ce Bump topthink/think-orm from 4.0.41 to 4.0.44 (#253) 2025-06-20 10:25:54 +08:00
Hanada
1bab48ad93 修复登录设置页面侧边栏没有自动展开的问题 (#252) 2025-06-20 10:21:55 +08:00
耗子
02718e58a9 更新PHPMailer并添加依赖机器人 (#251) 2025-06-20 10:21:40 +08:00
Hanada
8e563a89ff 阿里云ESA支持部署证书到非中国内地 (#249) 2025-06-19 12:51:02 +08:00
Hanada
7f370a095d 修复网宿API验证失败的问题 (#250) 
* 变更网宿check方法调用的API接口以避免产品未开通导致验证失败

* 兼容网宿CDN接口使用result作为失败返回值的场景
 2025-06-19 12:50:46 +08:00
Hanada
5aab54c79e 将登录验证码开关移到系统设置 (#246) 2025-06-16 19:25:28 +08:00
耗子
ce9ae51aeb 优化错误信息 (#239) 2025-06-10 11:22:52 +08:00
消失的彩虹海
8b06cc5400 Merge pull request #238 from devhaozi/main 
恢复自定义解析特性
 2025-06-10 10:40:02 +08:00
耗子
a71fd35f6f 恢复自定义解析特性 2025-06-10 10:37:04 +08:00
消失的彩虹海
0d20d8ad46 Merge pull request #236 from devhaozi/main 
更新ThinkPHP框架到8.1及curl请求重构
 2025-06-10 09:44:52 +08:00
耗子
ff676b7be1 撤销首页提示更改 2025-06-09 14:23:17 +08:00
耗子
8c7c568e5c 撤销首页提示更改 2025-06-09 14:21:42 +08:00
耗子
a4698d67c6 优化函数签名 2025-06-09 05:40:42 +08:00
耗子
5f0e973770 优化函数签名 2025-06-09 05:38:52 +08:00
耗子
a99d0320df 优化函数签名 2025-06-09 05:36:57 +08:00
耗子
bb35ee3378 优化默认Content-Type值及函数名 2025-06-09 05:17:15 +08:00
耗子
8193ade02d 修复get_curl方法header错误 2025-06-09 05:12:06 +08:00
耗子
904c3ceb5b 回滚swoole更改 2025-06-09 05:08:47 +08:00
耗子
5add791ef1 重构使用guzzlehttp发送请求 2025-06-09 05:04:06 +08:00
耗子
3587db2b53 优化代码格式 2025-06-09 01:53:04 +08:00
耗子
4a4cdd059c 优化代码格式 2025-06-09 01:47:53 +08:00
耗子
1021deb60d 优化部分代码 2025-06-09 01:43:58 +08:00
耗子
848610ffe0 优化部分代码 2025-06-09 00:51:50 +08:00
耗子
767aec5ebc 添加框架版本显示 2025-06-09 00:09:48 +08:00
耗子
30912fdf75 更新框架到8.1 2025-06-09 00:01:33 +08:00
net909
5050af2f73 修复阿里云设置权重 2025-06-06 09:49:45 +08:00
net909
6418c3a2ee 支持批量修改部署任务关联证书 2025-06-05 17:03:00 +08:00
net909
efd18676f3 界面优化 2025-06-04 22:52:38 +08:00
net909
5ba7c324af 优化添加部署账户页面 修复部分已知问题 2025-06-03 22:06:02 +08:00
net909
236610d8fb 证书订单支持设置手动续期 2025-05-31 21:34:43 +08:00
net909
0015015b7a 修复lecdn部署 2025-05-31 19:11:40 +08:00
net909
f776b9f47f 支持图形验证码关闭 2025-05-29 17:30:21 +08:00
消失的彩虹海
0860624bd5 Merge pull request #226 from FantajiNeko/main 
修复证书申请代理设置,使用反代时不使用代理
 2025-05-29 17:01:05 +08:00
Fantajī × Neko
e328dc6808 新增SOCK5H代理类型,远程解析主机名避免DNS污染 2025-05-29 16:43:51 +08:00
Fantajī × Neko
e58d8f4af1 修复证书申请代理设置,使用反代时不使用代理 2025-05-29 15:10:47 +08:00
net909
9d4260062c 修复ucloud证书 2025-05-25 20:44:04 +08:00
net909
17c50e4ba1 修复二级域名申请SSL 2025-05-25 20:35:23 +08:00
net909
55272fd51b 修复自动获取EAB 2025-05-25 12:29:54 +08:00
net909
a1e4476603 Merge branch 'main' of github.com:netcccyun/dnsmgr 2025-05-25 11:46:05 +08:00
net909
3734e98048 新增宝塔云WAF部署 支持修改域名到期时间 2025-05-25 11:45:20 +08:00
消失的彩虹海
372018c03a Merge pull request #218 from devhaozi/main 
ZeroSSL和Google EAB支持自动获取及Google反向代理
 2025-05-18 22:31:38 +08:00
耗子
9b037834ad 添加反向代理配置参考 2025-05-18 16:39:04 +08:00
耗子
bf05d51d08 修复缩进问题 2025-05-18 16:28:51 +08:00
耗子
ec89fd685b Google EAB支持自动获取及接口反向代理 2025-05-18 16:16:15 +08:00
耗子
300686aa0a ZeroSSL EAB支持自动获取 2025-05-18 14:25:08 +08:00
net909
8a158ea0a5 Merge branch 'main' of github.com:netcccyun/dnsmgr 2025-05-18 10:06:51 +08:00
消失的彩虹海
8a41c1642a Merge pull request #211 from devhaozi/main 
支持1Panel v2部署
 2025-05-18 10:03:46 +08:00
耗子
6e3350afbd 支持1Panel v2部署 2025-05-16 15:36:27 +08:00
net909
b5f74368d2 Merge branch 'main' of github.com:netcccyun/dnsmgr 2025-05-16 09:33:24 +08:00
消失的彩虹海
49047db438 Merge pull request #209 from devhaozi/main 
支持耗子面板部署
 2025-05-16 09:32:57 +08:00
耗子
7c54d8af44 修复行分隔符问题 2025-05-16 00:49:29 +08:00
耗子
9b7a7c2d60 支持耗子面板部署 2025-05-16 00:48:11 +08:00
net909
8e7adead48 Merge branch 'main' of github.com:netcccyun/dnsmgr 2025-05-13 10:44:45 +08:00
消失的彩虹海
1e747a8e9e Merge pull request #204 from HanadaLee/main 
支持部署证书到网宿CDN、AWS ACM以及修复AWS CloudFront、阿里云OSS部署
 2025-05-13 10:39:53 +08:00
Hanada
a13fb38e66 修复AWS CloudFront部署函数中错误的入参 2025-05-13 02:04:28 +08:00
Hanada
3c6944a701 Merge pull request #5 from HanadaLee/wangsudeploy 
支持网宿CDN部署
 2025-05-13 02:02:43 +08:00
Hanada
c141089c69 支持网宿CDN部署 2025-05-13 02:00:37 +08:00
Hanada
994bdc7fa3 Merge pull request #4 from HanadaLee/aliyunossdeploy 
修复部署证书到阿里云OSS失败
 2025-05-12 02:30:19 +08:00
Hanada
842b2aa2d9 修复部署证书到阿里云OSS失败 2025-05-12 02:28:13 +08:00
Hanada
4850250f3c Merge pull request #3 from HanadaLee/awsdeploy 
支持直接部署证书到AWS ACM
 2025-05-12 00:47:11 +08:00
Hanada
f8add88e3d 支持直接部署证书到AWS ACM 2025-05-12 00:43:33 +08:00
Hanada
dcc440c1f9 修复初次上传证书到ACM的逻辑 2025-05-12 00:02:16 +08:00
Hanada
a4d3cdd612 重构证书上传AWS ACM逻辑 2025-05-11 23:40:35 +08:00
Hanada
a483476e6b Merge pull request #2 from HanadaLee/awsdeploy 
修复AWS部署失败
 2025-05-11 23:18:32 +08:00
Hanada
be55d4b67d Merge pull request #1 from HanadaLee/wangsudeploy 
支持网宿CDNPro部署
 2025-05-11 23:17:58 +08:00
Hanada
fa47ffb080 修复AWS部署失败 2025-05-11 23:16:15 +08:00
Hanada
333aacaab9 网宿部署增加产品字段,方便后续扩充其他产品线 2025-05-11 21:12:38 +08:00
Hanada
0752f07f7d 支持网宿CDNPro部署 
修复spKey逻辑判断问题

支持网宿CDNPro部署
 2025-05-11 20:38:47 +08:00
Hanada
4310ccb770 修复CloudFront部署异常 2025-05-10 21:09:12 +08:00
net909
fb8fe3526b 增加证书API接口 2025-05-06 12:16:02 +08:00
net909
cf36b4bd51 部分SSL部署支持批量 2025-05-05 17:37:53 +08:00
net909
079a142b40 新增whois查询域名到期时间+到期提醒 2025-04-28 20:11:33 +08:00
net909
76e9adb405 支持添加的子级域名申请SSL 2025-04-26 20:19:28 +08:00
net909
1723761b94 修改提示 2025-04-07 21:38:47 +08:00
net909
9fb3764878 多个域名批量添加解析、修改解析 2025-04-07 21:26:38 +08:00
net909
651132967f 支持阿里云解析权重修改 2025-04-05 23:03:20 +08:00
net909
81a85fce45 修复部分DNS记录搜索 CF支持暂停解析 2025-04-01 09:47:26 +08:00
net909
4c62084bc6 readme 2025-03-23 12:11:49 +08:00
net909
33ba9a6ebd fix 2025-03-23 11:39:03 +08:00
net909
64d0585788 证书可批量删除、新增支持京东云DNS 2025-03-22 22:28:42 +08:00
net909
1354f63050 version 2025-03-08 09:32:49 +08:00
net909
646fa54bfa fix 2025-03-08 09:32:17 +08:00
net909
2023fb9808 fix 2025-03-07 18:04:34 +08:00
net909
6a45222c1f 支持又拍云部署 2025-03-07 18:04:02 +08:00
net909
44790639cd version 2025-03-05 17:28:51 +08:00
net909
5b12a368fc 新增PowerDNS对接,优化操作日志 2025-03-04 20:49:40 +08:00
net909
36622e6642 新增PVE部署 2025-03-02 14:59:02 +08:00
net909
12d8017df5 增加群辉面板部署,支持状态过滤 2025-02-28 23:04:18 +08:00
消失的彩虹海
70f2e0d487 Merge pull request #150 from devhaozi/main 
支持括彩云部署
 2025-02-24 22:37:04 +08:00
net909
521275ee33 修复申请中文域名证书,支持批量删域名 2025-02-24 22:34:54 +08:00
耗子
c06bf2d34c 优化括彩云文案 2025-02-24 19:44:40 +08:00
耗子
39dc789ac3 支持括彩云部署 2025-02-24 19:40:37 +08:00
耗子
0877674efb 支持括彩云部署 2025-02-24 19:03:06 +08:00
net909
fe9a50469d 支持宝塔邮局部署 2025-02-13 14:46:49 +08:00
net909
d9f8cc18eb 增加tgbot反代url 2025-02-05 11:48:08 +08:00
net909
48d5ad7569 修改CF优选IP添加解析 2025-02-05 11:17:26 +08:00
net909
8980910d47 增加上次运行时间显示 2025-02-01 10:54:47 +08:00
net909
2ed8a717db 修复namesilo添加解析 2025-02-01 10:46:39 +08:00
net909
b4258dbc81 修复CF解析列表 2025-01-30 10:59:41 +08:00
net909
d1eb6267a2 支持火山引擎更多产品部署 2025-01-24 14:36:29 +08:00
net909
2c81b36249 增加导入已有证书,支持天翼云CDN部署 2025-01-10 14:54:45 +08:00
net909
8d5a9bc083 version 2025-01-05 10:57:43 +08:00
net909
31300d8a7b 优化SSL订单等待耗时 2025-01-05 10:56:02 +08:00
net909
300f2a9b92 修复部分接口请求异常 2024-12-31 15:30:59 +08:00
net909
865275c065 新增西部数码虚拟主机部署 2024-12-30 18:00:47 +08:00
net909
cae9887e05 SSL订单提示优化 2024-12-28 17:17:14 +08:00
net909
6de361171e readme 2024-12-28 17:02:59 +08:00
net909
e59ff8997e 支持批量添加域名 2024-12-28 16:59:48 +08:00
net909
6ce2e006b5 修复泛域名CNAME代理 2024-12-27 22:27:38 +08:00
net909
197d816bbb 修复Goedge账号添加 2024-12-27 13:40:20 +08:00
net909
dfded1122b 云服务商接口支持代理请求 2024-12-26 14:34:55 +08:00
net909
8201318bd7 支持MW面板部署,增加群机器人webhook通知 2024-12-25 20:08:59 +08:00
net909
b31aee7166 fix 2024-12-25 11:37:43 +08:00
net909
06b43fa33f 修复华为云添加TXT解析 2024-12-24 20:41:46 +08:00
net909
fa9235562a 修复华为云部署 2024-12-23 22:31:26 +08:00
net909
92ba34833b 修复1panel 2024-12-22 16:54:34 +08:00
net909
83c1afc186 fix 2024-12-22 11:09:54 +08:00
278 changed files with 48359 additions and 24391 deletions
Expand all files Collapse all files

34
.example.env
View File

@@ -1,18 +1,18 @@
APP_DEBUG = false
[APP]
DEFAULT_TIMEZONE = Asia/Shanghai
[DATABASE]
TYPE = mysql
HOSTNAME = {dbhost}
DATABASE = {dbname}
USERNAME = {dbuser}
PASSWORD = {dbpwd}
HOSTPORT = {dbport}
CHARSET = utf8mb4
PREFIX = {dbprefix}
DEBUG = false
[LANG]
APP_DEBUG = false
[APP]
DEFAULT_TIMEZONE = Asia/Shanghai
[DATABASE]
TYPE = mysql
HOSTNAME = {dbhost}
DATABASE = {dbname}
USERNAME = {dbuser}
PASSWORD = {dbpwd}
HOSTPORT = {dbport}
CHARSET = utf8mb4
PREFIX = {dbprefix}
DEBUG = false
[LANG]
default_lang = zh-cn

1
.gitattributes vendored Normal file
View File

@@ -0,0 +1 @@
* text=auto eol=lf

15
.github/dependabot.yml vendored Normal file
View File

@@ -0,0 +1,15 @@
# Dependabot configuration.
#
# Please see the documentation for all configuration options:
# https://docs.github.com/code-security/dependabot/working-with-dependabot/dependabot-options-reference
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
- package-ecosystem: "composer"
directory: "/"
schedule:
interval: "daily"

82
.github/docker/Dockerfile vendored Normal file
View File

@@ -0,0 +1,82 @@
ARG ALPINE_VERSION=3.19
FROM alpine:${ALPINE_VERSION}
# Setup document root
WORKDIR /app/www
# Install packages and remove default server definition
RUN apk add --no-cache \
bash \
curl \
nginx \
php82 \
php82-ctype \
php82-curl \
php82-dom \
php82-fileinfo \
php82-fpm \
php82-ftp \
php82-gd \
php82-gettext \
php82-intl \
php82-iconv \
php82-mbstring \
php82-mysqli \
php82-opcache \
php82-openssl \
php82-phar \
php82-sodium \
php82-session \
php82-simplexml \
php82-tokenizer \
php82-xml \
php82-xmlreader \
php82-xmlwriter \
php82-zip \
php82-pdo \
php82-pdo_mysql \
php82-pdo_sqlite \
php82-pecl-swoole \
php82-pecl-ssh2 \
supervisor
RUN rm -rf /var/cache/apk/* /tmp/*
# Configure nginx - http
COPY config/nginx.conf /etc/nginx/nginx.conf
# Configure PHP-FPM
ENV PHP_INI_DIR /etc/php82
COPY config/fpm-pool.conf ${PHP_INI_DIR}/php-fpm.d/www.conf
COPY config/php.ini ${PHP_INI_DIR}/conf.d/custom.ini
# Configure supervisord
COPY config/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
# Add application
RUN mkdir -p /usr/src && wget --no-cache https://github.com/netcccyun/dnsmgr/archive/refs/heads/main.zip -O /usr/src/www.zip && unzip /usr/src/www.zip -d /usr/src/ && mv /usr/src/dnsmgr-main /usr/src/www && rm -f /usr/src/www.zip
# Install composer
RUN wget https://getcomposer.org/download/latest-stable/composer.phar -O /usr/local/bin/composer && chmod +x /usr/local/bin/composer
RUN composer install -d /usr/src/www --no-interaction --no-dev --optimize-autoloader
RUN adduser -D -s /sbin/nologin -g www www && chown -R www.www /usr/src/www /var/lib/nginx /var/log/nginx
# crontab
RUN echo "* * * * * cd /app/www && /usr/bin/php82 think certtask" | crontab -u www -
COPY config/run_tasks.sh /app/run_tasks.sh
RUN chmod +x /app/run_tasks.sh
# copy entrypoint script
COPY entrypoint.sh /entrypoint.sh
ENTRYPOINT ["sh", "/entrypoint.sh"]
# Expose the port nginx is reachable on
EXPOSE 80
# Let supervisord start nginx & php-fpm
CMD /usr/sbin/crond && /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf
# Configure a healthcheck to validate that everything is up&running
HEALTHCHECK --timeout=10s CMD curl --silent --fail http://127.0.0.1/fpm-ping || exit 1

21
.github/docker/config/fpm-pool.conf vendored Normal file
View File

@@ -0,0 +1,21 @@
[global]
error_log = /dev/stderr
[www]
listen = /run/php-fpm.sock
listen.backlog = 8192
listen.allowed_clients = 127.0.0.1
listen.owner = www
listen.group = www
listen.mode = 0666
user = www
group = www
pm.status_path = /fpm-status
pm = ondemand
pm.max_children = 100
pm.process_idle_timeout = 60s;
pm.max_requests = 1000
clear_env = no
catch_workers_output = yes
decorate_workers_output = no
ping.path = /fpm-ping

94
.github/docker/config/nginx.conf vendored Normal file
View File

@@ -0,0 +1,94 @@
user www;
worker_processes auto;
error_log stderr warn;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
# Threat files with a unknown filetype as binary
default_type application/octet-stream;
# Define custom log format to include reponse times
log_format main_timed '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'$request_time $upstream_response_time $pipe $upstream_cache_status';
access_log /dev/stdout main_timed;
error_log /dev/stderr crit;
keepalive_timeout 65;
server_tokens off;
# Enable gzip compression by default
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
# Include server configs
server {
listen [::]:80 default_server;
listen 80 default_server;
server_name _;
sendfile on;
tcp_nodelay on;
absolute_redirect off;
root /app/www/public;
index index.php;
# Pass the PHP scripts to PHP-FPM listening on php-fpm.sock
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
}
#rewrite rule for pretty urls
location / {
if (!-e $request_filename){
rewrite ^(.*)$ /index.php?s=$1 last; break;
}
}
# Set the cache-control headers on assets to cache for 5 days
location ~* \.(jpg|jpeg|gif|png|ico|bmp)$ {
access_log off;
expires 30d;
}
location ~* \.(css|js)$ {
access_log off;
expires 12h;
}
# Deny access to . files, for security
location ~ /\. {
log_not_found off;
deny all;
}
# Allow fpm ping and status from localhost
location ~ ^/(fpm-status|fpm-ping)$ {
access_log off;
allow 127.0.0.1;
deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_pass unix:/run/php-fpm.sock;
}
}
}

15
.github/docker/config/php.ini vendored Normal file
View File

@@ -0,0 +1,15 @@
[PHP]
short_open_tag = On
expose_php = Off
max_execution_time = 300
post_max_size = 50M
upload_max_filesize = 50M
[Date]
date.timezone = PRC
[Opcache]
opcache.enable=1
opcache.enable_cli=1
opcache.memory_consumption=128
opcache.interned_strings_buffer=32
opcache.max_accelerated_files=10000
opcache.revalidate_freq=30

7
.github/docker/config/run_tasks.sh vendored Normal file
View File

@@ -0,0 +1,7 @@
#!/bin/bash
if [ -f "/app/www/.env" ]; then
php /app/www/think dmtask
else
exit 0
fi

37
.github/docker/config/supervisord.conf vendored Normal file
View File

@@ -0,0 +1,37 @@
[supervisord]
nodaemon=true
logfile=/dev/null
logfile_maxbytes=0
pidfile=/run/supervisord.pid
[program:php-fpm]
command=php-fpm82 -F
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
autostart=true
autorestart=false
startretries=0
[program:nginx]
command=nginx -g 'daemon off;'
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
autostart=true
autorestart=false
startretries=0
[program:dmtask]
command=php think dmtask
user=www
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
autostart=true
autorestart=true
startsecs=5
startretries=99999

18
.github/docker/entrypoint.sh vendored Normal file
View File

@@ -0,0 +1,18 @@
#!/bin/bash
set -e
if [ ! -f /app/www/public/index.php ] || [ ! -f /app/firstrun ]; then
echo 'Copying new files'
\cp -a /usr/src/www /app/
if [ -d /app/www/runtime/cache ]; then
rm -rf /app/www/runtime/*
fi
chown -R www.www /app/www
touch /app/firstrun
fi
exec "$@"

56
.github/workflows/docker-build.yml vendored Normal file
View File

@@ -0,0 +1,56 @@
# 手动触发构建多架构镜像amd64 / arm64仅推送 latest 至 Docker Hub 与华为云 SWR。
# Dockerfile 与构建上下文位于 .github/docker/ 目录。
#
# 需在仓库 Settings → Secrets 中配置:
# DOCKERHUB_USERNAME / DOCKERHUB_TOKENDocker Hub 访问令牌)
# HUAWEI_SWR_USERNAME / HUAWEI_SWR_PASSWORD华为云 SWR 登录凭证,与本地 docker login swr.cn-east-3.myhuaweicloud.com 一致)
name: Docker Build
on:
workflow_dispatch:
jobs:
build-and-push:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Log in to Huawei SWR
uses: docker/login-action@v3
with:
registry: swr.cn-east-3.myhuaweicloud.com
username: ${{ secrets.HUAWEI_SWR_USERNAME }}
password: ${{ secrets.HUAWEI_SWR_PASSWORD }}
- name: Build and push (Docker Hub + Huawei SWR, latest only)
uses: docker/build-push-action@v6
with:
context: .github/docker
file: .github/docker/Dockerfile
platforms: linux/amd64,linux/arm64
push: true
# 避免向仓库推送 attestations部分镜像仓库含部分 SWR 场景)无法解析导致 “fail to parse manifest.json”
provenance: false
sbom: false
tags: |
netcccyun/dnsmgr:latest
swr.cn-east-3.myhuaweicloud.com/netcccyun/dnsmgr:latest
cache-from: type=gha
cache-to: type=gha,mode=max

3
.gitignore vendored
View File

@@ -3,4 +3,5 @@
/vendor
*.log
.env
/composer.lock
.ace-tool/
/.codex-tmp/dns-panel-ref/

391
README.md
View File

@@ -1,182 +1,209 @@
## 聚合DNS管理系统
聚合DNS管理系统可以实现在一个网站内管理多个平台的域名解析目前已支持的域名平台有
- 阿里云
- 腾讯云
- 华为云
- 西部数码
- DNSLA
- CloudFlare
### 功能特性
- 多用户管理,可为每个用户可分配不同的域名解析权限
- 提供API接口可获取域名单独的登录链接方便各种IDC系统对接
- 容灾切换功能支持ping、tcp、http(s)检测协议并自动暂停/修改域名解析,并支持邮件、微信公众号通知
- CF优选IP功能支持获取最新的Cloudflare优选IP并自动更新到解析记录
- SSL证书申请与自动部署功能支持从Let's Encrypt等渠道申请SSL证书并自动部署到各种面板、云服务商、服务器等
### 演示截图
添加域名账户
![](https://p0.meituan.net/csc/090508cdc7aaabd185ba9c76a8c099f9283946.png)
域名管理列表
![](https://p0.meituan.net/csc/60bf3f607d40f30f152ad1f6ee3be098357839.png)
域名DNS解析管理支持解析批量操作
![](https://p0.meituan.net/csc/f99c599d4febced404c88672dd50d62c212895.png)
用户管理添加用户支持为用户开启API接口
![](https://p0.meituan.net/csc/d1bd90bedca9b6cbc5da40286bdb5cd5228438.png)
CF优选IP功能添加优选IP任务
![](https://p1.meituan.net/csc/da70c76753aee4bce044d16fadd56e5f217660.png)
SSL证书申请功能
![](https://blog.cccyun.cn/content/uploadfile/202412/QQ%E6%88%AA%E5%9B%BE20241221154857.png)
![](https://blog.cccyun.cn/content/uploadfile/202412/QQ%E6%88%AA%E5%9B%BE20241221154652.png?a)
SSL证书自动部署功能
![](https://blog.cccyun.cn/content/uploadfile/202412/QQ%E6%88%AA%E5%9B%BE20241221154702.png)
![](https://blog.cccyun.cn/content/uploadfile/202412/QQ%E6%88%AA%E5%9B%BE20241221154804.png)
### 部署方法
* 从[Release](https://github.com/netcccyun/dnsmgr/releases)页面下载安装包
* 运行环境要求PHP7.4+MySQL5.6+
* 设置网站运行目录为`public`
* 设置伪静态为`ThinkPHP`
* 如果是下载的Source code包还需Composer安装依赖Release页面下载的安装包不需要
```
composer install --no-dev
```
* 访问网站,会自动跳转到安装页面,根据提示安装完成
* 访问首页登录控制面板
##### 伪静态规则
* Nginx
```
location / {
if (!-e $request_filename){
rewrite ^(.*)$ /index.php?s=$1 last; break;
}
}
```
* Apache
```
<IfModule mod_rewrite.c>
Options +FollowSymlinks -Multiviews
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php/$1 [QSA,PT,L]
</IfModule>
```
### Docker部署方法
首先需要安装Docker然后执行以下命令拉取镜像并启动启动后监听8081端口
```
docker run --name dnsmgr -dit -p 8081:80 -v /var/dnsmgr:/app/www netcccyun/dnsmgr
```
访问并安装好后如果容灾切换未自动启动,重启容器即可:
```
docker restart dnsmgr
```
### docker-compose部署方法
```
version: '3'
services:
dnsmgr-web:
container_name: dnsmgr-web
stdin_open: true
tty: true
ports:
- 8081:80
volumes:
- /volume1/docker/dnsmgr/web:/app/www
image: netcccyun/dnsmgr
depends_on:
- dnsmgr-mysql
networks:
- dnsmgr-network
dnsmgr-mysql:
container_name: dnsmgr-mysql
restart: always
ports:
- 3306:3306
volumes:
- ./mysql/conf/my.cnf:/etc/mysql/my.cnf
- ./mysql/logs:/logs
- ./mysql/data:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=123456
- TZ=Asia/Shanghai
image: mysql:5.7
networks:
- dnsmgr-network
networks:
dnsmgr-network:
driver: bridge
```
在运行之前请创建好目录
```
mkdir -p ./web
mkdir -p ./mysql/conf
mkdir -p ./mysql/logs
mkdir -p ./mysql/data
vim mysql/conf/my.cnf
[mysqld]
sql_mode=STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
```
登陆mysql容器创建数据库
```
docker exec -it dnsmgr-mysql /bin/bash
mysql -uroot -p123456
create database dnsmgr;
```
在install界面链接IP填写dnsmgr-mysql
### 作者信息
消失的彩虹海(https://blog.cccyun.cn)
### 其他推荐
- [彩虹云主机 - 免备案CDN/虚拟主机](https://www.cccyun.net/)
- [小白云高防云服务器](https://www.xiaobaiyun.cn/aff/GMLPMFOV)
# 彩虹聚合DNS管理系统
<div align="center">
[![GitHub stars](https://img.shields.io/github/stars/netcccyun/dnsmgr?style=flat)](https://github.com/netcccyun/dnsmgr/stargazers)
[![GitHub forks](https://img.shields.io/github/forks/netcccyun/dnsmgr?style=flat)](https://github.com/netcccyun/dnsmgr/forks)
[![Docker Pulls](https://img.shields.io/docker/pulls/netcccyun/dnsmgr?style=flat)](https://hub.docker.com/r/netcccyun/dnsmgr)
[![GitHub release (latest by date)](https://img.shields.io/github/v/release/netcccyun/dnsmgr)](https://github.com/netcccyun/dnsmgr/releases)
[![GitHub last commit](https://img.shields.io/github/last-commit/netcccyun/dnsmgr)](https://github.com/netcccyun/dnsmgr/commits/main)
</div>
彩虹聚合DNS管理系统 是一款基于ThinkPHP开发的网站程序可实现在单一网站内管理多个平台的域名解析目前已支持的域名解析平台有阿里云、腾讯云、华为云、百度云、西部数码、火山引擎、DNSLA、CloudFlare、Namesilo、PowerDNS
## 功能特性
- 多用户管理,可为每个用户可分配不同的域名解析权限;
- 提供API接口可获取域名单独的登录链接方便各种IDC系统对接
- 容灾切换功能支持ping、tcp、http(s)检测协议并自动暂停/修改域名解析,并支持发送通知;
- 定时切换功能,设置在指定时间/周期,自动修改/开启/暂停/删除域名解析;
- CF优选IP功能支持获取最新的Cloudflare优选IP并自动更新到解析记录
- SSL证书申请与自动部署功能支持从Let's Encrypt等渠道申请SSL证书并自动部署到各种面板、云服务商、服务器等
- 支持邮件、微信公众号、Telegram、钉钉、飞书、企业微信等多种通知渠道。
## 部署方式
### 自部署
可以使用宝塔、Kangle等任意支持PHP-MySQL的环境部署
* 从[Release](https://github.com/netcccyun/dnsmgr/releases)页面下载安装包
* 运行环境要求PHP8.0+MySQL5.6+
* 设置网站运行目录为`public`
* 设置伪静态为`ThinkPHP`
* 如果是下载的Source code包还需Composer安装依赖Release页面下载的安装包不需要
```
composer install --no-dev
```
* 访问网站,会自动跳转到安装页面,根据提示安装完成
* 访问首页登录控制面板
* 后续更新方式:重新下载安装包上传覆盖即可
##### 伪静态规则
* Nginx
```
location ~* (runtime|application)/ {
return 403;
}
location / {
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?s=$1 last; break;
}
}
```
* Apache
```
<IfModule mod_rewrite.c>
Options +FollowSymlinks -Multiviews
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php/$1 [QSA,PT,L]
</IfModule>
```
### Docker 部署
首先需要安装Docker然后执行以下命令拉取镜像并启动启动后监听8081端口
```
docker run --name dnsmgr -dit -p 8081:80 -v /var/dnsmgr:/app/www netcccyun/dnsmgr
```
访问并安装好后如果容灾切换未自动启动,重启容器即可:
```
docker restart dnsmgr
```
从国内镜像地址拉取:
```
docker pull swr.cn-east-3.myhuaweicloud.com/netcccyun/dnsmgr:latest
```
### docker-compose 部署
```
services:
dnsmgr-web:
container_name: dnsmgr-web
stdin_open: true
tty: true
ports:
- 8081:80
volumes:
- ./web:/app/www
image: netcccyun/dnsmgr
depends_on:
- dnsmgr-mysql
networks:
- dnsmgr-network
dnsmgr-mysql:
container_name: dnsmgr-mysql
restart: always
ports:
- 3306:3306
volumes:
- ./mysql/conf/my.cnf:/etc/mysql/my.cnf
- ./mysql/logs:/logs
- ./mysql/data:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=123456
- TZ=Asia/Shanghai
image: mysql:5.7
networks:
- dnsmgr-network
networks:
dnsmgr-network:
driver: bridge
```
在运行之前请创建好目录
```
mkdir -p ./web
mkdir -p ./mysql/conf
mkdir -p ./mysql/logs
mkdir -p ./mysql/data
vim mysql/conf/my.cnf
[mysqld]
sql_mode=STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
```
登陆mysql容器创建数据库
```
docker exec -it dnsmgr-mysql /bin/bash
mysql -uroot -p123456
create database dnsmgr;
```
在install界面链接IP填写dnsmgr-mysql
## 演示截图
添加域名账户
![](https://p0.meituan.net/csc/090508cdc7aaabd185ba9c76a8c099f9283946.png)
域名管理列表
![](https://p0.meituan.net/csc/60bf3f607d40f30f152ad1f6ee3be098357839.png)
域名DNS解析管理支持解析批量操作
![](https://p0.meituan.net/csc/f99c599d4febced404c88672dd50d62c212895.png)
用户管理添加用户支持为用户开启API接口
![](https://p0.meituan.net/csc/d1bd90bedca9b6cbc5da40286bdb5cd5228438.png)
CF优选IP功能添加优选IP任务
![](https://p1.meituan.net/csc/da70c76753aee4bce044d16fadd56e5f217660.png)
SSL证书申请功能
![](https://blog.cccyun.cn/content/uploadfile/202412/QQ%E6%88%AA%E5%9B%BE20241221154857.png)
![](https://blog.cccyun.cn/content/uploadfile/202412/QQ%E6%88%AA%E5%9B%BE20241221154652.png?a)
SSL证书自动部署功能
![](https://blog.cccyun.cn/content/uploadfile/202412/QQ%E6%88%AA%E5%9B%BE20241221154702.png)
![](https://blog.cccyun.cn/content/uploadfile/202412/QQ%E6%88%AA%E5%9B%BE20241221154804.png)
## 支持与反馈
🌐 作者信息:消失的彩虹海(https://blog.cccyun.cn)
⭐ 如果您觉得本项目对您有帮助,欢迎给项目点个 Star
🤝 捐赠:
<img height="240" src="https://wkphoto.bj.bcebos.com/d8f9d72a6059252db065f556249b033b5bb5b976.jpg">
### 其他推荐
- [彩虹云主机 - 免备案CDN/虚拟主机](https://www.cccyun.net/)
- [小白云高防云服务器](https://www.xiaobaiyun.cn/aff/GMLPMFOV)

75
app/command/Certtask.php
View File

@@ -1,33 +1,42 @@
<?php
declare(strict_types=1);
namespace app\command;
use Exception;
use think\console\Command;
use think\console\Input;
use think\console\input\Argument;
use think\console\input\Option;
use think\console\Output;
use think\facade\Db;
use think\facade\Config;
use app\service\CertTaskService;
class Certtask extends Command
{
protected function configure()
{
// 指令配置
$this->setName('certtask')
->setDescription('证书申请与部署任务');
}
protected function execute(Input $input, Output $output)
{
$res = Db::name('config')->cache('configs', 0)->column('value', 'key');
Config::set($res, 'sys');
(new CertTaskService())->execute();
}
}
<?php
declare(strict_types=1);
namespace app\command;
use Exception;
use think\console\Command;
use think\console\Input;
use think\console\input\Argument;
use think\console\input\Option;
use think\console\Output;
use think\facade\Db;
use think\facade\Config;
use app\service\OptimizeService;
use app\service\CertTaskService;
use app\service\ExpireNoticeService;
use app\service\ScheduleService;
class Certtask extends Command
{
protected function configure()
{
// 指令配置
$this->setName('certtask')
->setDescription('SSL证书续签与部署、域名到期提醒、定时切换解析、CF优选IP更新');
}
protected function execute(Input $input, Output $output)
{
$res = Db::name('config')->cache('configs', 0)->column('value', 'key');
Config::set($res, 'sys');
(new ScheduleService())->execute();
$res = (new OptimizeService())->execute();
if (!$res) {
(new CertTaskService())->execute();
(new ExpireNoticeService())->task();
}
echo 'done'.PHP_EOL;
}
}

164
app/command/Dmtask.php
View File

@@ -1,82 +1,82 @@
<?php
declare(strict_types=1);
namespace app\command;
use Exception;
use think\console\Command;
use think\console\Input;
use think\console\input\Argument;
use think\console\input\Option;
use think\console\Output;
use think\facade\Db;
use think\facade\Config;
use app\service\TaskRunner;
class Dmtask extends Command
{
protected function configure()
{
// 指令配置
$this->setName('dmtask')
->setDescription('容灾切换任务');
}
protected function execute(Input $input, Output $output)
{
$res = Db::name('config')->cache('configs', 0)->column('value', 'key');
Config::set($res, 'sys');
config_set('run_error', '');
if (!extension_loaded('swoole')) {
$output->writeln('[Error] 未安装Swoole扩展');
config_set('run_error', '未安装Swoole扩展');
return;
}
try {
$output->writeln('进程启动成功.');
$this->runtask();
} catch (Exception $e) {
$output->writeln('[Error] ' . $e->getMessage());
config_set('run_error', $e->getMessage());
}
}
private function runtask()
{
\Co::set(['hook_flags' => SWOOLE_HOOK_ALL]);
\Co\run(function () {
$date = date("Ymd");
$count = config_get('run_count', null, true) ?? 0;
while (true) {
sleep(1);
if ($date != date("Ymd")) {
$count = 0;
$date = date("Ymd");
}
$rows = Db::name('dmtask')->where('checknexttime', '<=', time())->where('active', 1)->order('id', 'ASC')->select();
foreach ($rows as $row) {
\go(function () use ($row) {
try {
(new TaskRunner())->execute($row);
} catch (\Swoole\ExitException $e) {
echo $e->getStatus() . "\n";
} catch (Exception $e) {
echo $e->__toString() . "\n";
}
});
Db::name('dmtask')->where('id', $row['id'])->update([
'checktime' => time(),
'checknexttime' => time() + $row['frequency']
]);
$count++;
}
config_set('run_time', date("Y-m-d H:i:s"));
config_set('run_count', $count);
}
});
}
}
<?php
declare(strict_types=1);
namespace app\command;
use Exception;
use think\console\Command;
use think\console\Input;
use think\console\input\Argument;
use think\console\input\Option;
use think\console\Output;
use think\facade\Db;
use think\facade\Config;
use app\service\TaskRunner;
class Dmtask extends Command
{
protected function configure()
{
// 指令配置
$this->setName('dmtask')
->setDescription('容灾切换任务');
}
protected function execute(Input $input, Output $output)
{
$res = Db::name('config')->cache('configs', 0)->column('value', 'key');
Config::set($res, 'sys');
config_set('run_error', '');
if (!extension_loaded('swoole')) {
$output->writeln('[Error] 未安装Swoole扩展');
config_set('run_error', '未安装Swoole扩展');
return;
}
try {
$output->writeln('进程启动成功.');
$this->runtask();
} catch (Exception $e) {
$output->writeln('[Error] ' . $e->getMessage());
config_set('run_error', $e->getMessage());
}
}
private function runtask()
{
\Co::set(['hook_flags' => SWOOLE_HOOK_ALL]);
\Co\run(function () {
$date = date("Ymd");
$count = config_get('run_count', null, true) ?? 0;
while (true) {
sleep(1);
if ($date != date("Ymd")) {
$count = 0;
$date = date("Ymd");
}
$rows = Db::name('dmtask')->where('checknexttime', '<=', time())->where('active', 1)->order('id', 'ASC')->select();
foreach ($rows as $row) {
\go(function () use ($row) {
try {
(new TaskRunner())->execute($row);
} catch (\Swoole\ExitException $e) {
echo $e->getStatus() . "\n";
} catch (Exception $e) {
echo $e->__toString() . "\n";
}
});
Db::name('dmtask')->where('id', $row['id'])->update([
'checktime' => time(),
'checknexttime' => time() + $row['frequency']
]);
$count++;
}
config_set('run_time', date("Y-m-d H:i:s"));
config_set('run_count', $count);
}
});
}
}

33
app/command/Opiptask.php
View File

@@ -1,33 +0,0 @@
<?php
declare(strict_types=1);
namespace app\command;
use Exception;
use think\console\Command;
use think\console\Input;
use think\console\input\Argument;
use think\console\input\Option;
use think\console\Output;
use think\facade\Db;
use think\facade\Config;
use app\service\OptimizeService;
class Opiptask extends Command
{
protected function configure()
{
// 指令配置
$this->setName('opiptask')
->setDescription('CF优选IP任务');
}
protected function execute(Input $input, Output $output)
{
$res = Db::name('config')->cache('configs', 0)->column('value', 'key');
Config::set($res, 'sys');
(new OptimizeService())->execute();
}
}

94
app/command/Reset.php
View File

@@ -1,47 +1,47 @@
<?php
declare(strict_types=1);
namespace app\command;
use Exception;
use think\console\Command;
use think\console\Input;
use think\console\input\Argument;
use think\console\input\Option;
use think\console\Output;
use think\facade\Db;
use think\facade\Config;
class Reset extends Command
{
protected function configure()
{
// 指令配置
$this->setName('reset')
->addArgument('type', Argument::REQUIRED, '操作类型,pwd:重置密码,totp:关闭TOTP')
->addArgument('username', Argument::REQUIRED, '用户名')
->addArgument('password', Argument::OPTIONAL, '密码')
->setDescription('重置密码');
}
protected function execute(Input $input, Output $output)
{
$type = trim($input->getArgument('type'));
$username = trim($input->getArgument('username'));
$user = Db::name('user')->where('username', $username)->find();
if (!$user) {
$output->writeln('用户 ' . $username . ' 不存在');
return;
}
if ($type == 'pwd') {
$password = $input->getArgument('password');
if (empty($password)) $password = '123456';
Db::name('user')->where('id', $user['id'])->update(['password' => password_hash($password, PASSWORD_DEFAULT)]);
$output->writeln('用户 ' . $username . ' 密码重置成功');
} elseif ($type == 'totp') {
Db::name('user')->where('id', $user['id'])->update(['totp_open' => 0, 'totp_secret' => null]);
$output->writeln('用户 ' . $username . ' TOTP关闭成功');
}
}
}
<?php
declare(strict_types=1);
namespace app\command;
use Exception;
use think\console\Command;
use think\console\Input;
use think\console\input\Argument;
use think\console\input\Option;
use think\console\Output;
use think\facade\Db;
use think\facade\Config;
class Reset extends Command
{
protected function configure()
{
// 指令配置
$this->setName('reset')
->addArgument('type', Argument::REQUIRED, '操作类型,pwd:重置密码,totp:关闭TOTP')
->addArgument('username', Argument::REQUIRED, '用户名')
->addArgument('password', Argument::OPTIONAL, '密码')
->setDescription('重置密码');
}
protected function execute(Input $input, Output $output)
{
$type = trim($input->getArgument('type'));
$username = trim($input->getArgument('username'));
$user = Db::name('user')->where('username', $username)->find();
if (!$user) {
$output->writeln('用户 ' . $username . ' 不存在');
return;
}
if ($type == 'pwd') {
$password = $input->getArgument('password');
if (empty($password)) $password = '123456';
Db::name('user')->where('id', $user['id'])->update(['password' => password_hash($password, PASSWORD_DEFAULT)]);
$output->writeln('用户 ' . $username . ' 密码重置成功');
} elseif ($type == 'totp') {
Db::name('user')->where('id', $user['id'])->update(['totp_open' => 0, 'totp_secret' => null]);
$output->writeln('用户 ' . $username . ' TOTP关闭成功');
}
}
}

423
app/common.php
View File

@@ -2,47 +2,53 @@
// 应用公共文件
use think\facade\Db;
use think\facade\Request;
use GuzzleHttp\Client;
use GuzzleHttp\Exception\GuzzleException;
function get_curl($url, $post = 0, $referer = 0, $cookie = 0, $header = 0, $ua = 0, $nobody = 0, $addheader = 0)
function get_curl($url, $post = 0, $referer = 0, $cookie = 0, $ua = 0, $nobody = 0, $addheader = [])
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
$httpheader[] = "Accept: */*";
$httpheader[] = "Accept-Encoding: gzip,deflate,sdch";
$httpheader[] = "Accept-Language: zh-CN,zh;q=0.8";
$httpheader[] = "Connection: close";
if ($addheader) {
$httpheader = array_merge($httpheader, $addheader);
}
curl_setopt($ch, CURLOPT_HTTPHEADER, $httpheader);
if ($post) {
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
}
if ($header) {
curl_setopt($ch, CURLOPT_HEADER, true);
$options = [
'timeout' => 10,
'verify' => false,
'headers' => [
'User-Agent' => $ua ?: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36'
],
'http_errors' => false // 不抛出异常
];
$options['headers'] = array_merge($options['headers'], $addheader);
if ($referer) {
$options['headers']['Referer'] = $referer;
}
if ($cookie) {
curl_setopt($ch, CURLOPT_COOKIE, $cookie);
$options['headers']['Cookie'] = $cookie;
}
if ($referer) {
curl_setopt($ch, CURLOPT_REFERER, $referer);
$method = 'GET';
if ($post) {
$method = 'POST';
if (!isset($options['headers']['Content-Type'])) {
$options['headers']['Content-Type'] = 'application/x-www-form-urlencoded';
}
if (is_array($post)) {
$options['form_params'] = $post;
} else {
$options['body'] = $post;
}
}
if ($ua) {
curl_setopt($ch, CURLOPT_USERAGENT, $ua);
} else {
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Linux; U; Android 4.0.4; es-mx; HTC_One_X Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0");
try {
$client = new Client();
$response = $client->request($method, $url, $options);
if ($nobody) {
return '';
}
return $response->getBody()->getContents();
} catch (GuzzleException $e) {
return '';
}
if ($nobody) {
curl_setopt($ch, CURLOPT_NOBODY, 1);
}
curl_setopt($ch, CURLOPT_ENCODING, "gzip");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$ret = curl_exec($ch);
curl_close($ch);
return $ret;
}
function real_ip($type = 0)
@@ -165,6 +171,11 @@ function getSubstr($str, $leftStr, $rightStr)
}
}
function arrays_are_equal($array1, $array2)
{
return empty(array_diff($array1, $array2)) && empty(array_diff($array2, $array1));
}
function checkRefererHost()
{
if (!Request::header('referer')) {
@@ -288,6 +299,18 @@ function convert_second($s)
function getMainDomain($host)
{
if (filter_var($host, FILTER_VALIDATE_IP)) return $host;
$domains = config('temp.domains');
if (!$domains) {
$domains = Db::name('domain')->column('name');
$domains_alias = Db::name('domain_alias')->column('name');
$domains = array_merge($domains, $domains_alias);
config(['domains'=>$domains], 'temp');
}
foreach ($domains as $domain) {
if ($host === $domain || str_ends_with($host, '.' . $domain)) {
return $domain;
}
}
$domain_root = file_get_contents(app()->getBasePath() . 'data' . DIRECTORY_SEPARATOR . 'domain_root.txt');
$domain_root = explode("\r\n", $domain_root);
$data = explode('.', $host);
@@ -302,45 +325,41 @@ function getMainDomain($host)
function check_proxy($url, $proxy_server, $proxy_port, $type, $proxy_user, $proxy_pwd)
{
$ch = curl_init($url);
if ($type == 'https') {
$proxy_type = CURLPROXY_HTTPS;
} elseif ($type == 'sock4') {
$proxy_type = CURLPROXY_SOCKS4;
} elseif ($type == 'sock5') {
$proxy_type = CURLPROXY_SOCKS5;
} else {
$proxy_type = CURLPROXY_HTTP;
}
curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_PROXY, $proxy_server);
curl_setopt($ch, CURLOPT_PROXYPORT, intval($proxy_port));
match ($type) {
'https' => $proxy_string = 'https://',
'sock4' => $proxy_string = 'socks4://',
'sock5' => $proxy_string = 'socks5://',
'sock5h' => $proxy_string = 'socks5h://',
default => $proxy_string = 'http://',
};
if (!empty($proxy_user) && !empty($proxy_pwd)) {
curl_setopt($ch, CURLOPT_PROXYUSERPWD, $proxy_user . ':' . $proxy_pwd);
$proxy_string .= $proxy_user . ':' . $proxy_pwd . '@';
}
curl_setopt($ch, CURLOPT_PROXYTYPE, $proxy_type);
$httpheader[] = "Accept: */*";
$httpheader[] = "Accept-Language: zh-CN,zh;q=0.8";
$httpheader[] = "Connection: close";
curl_setopt($ch, CURLOPT_HTTPHEADER, $httpheader);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36');
curl_setopt($ch, CURLOPT_TIMEOUT, 3);
curl_exec($ch);
$errno = curl_errno($ch);
if ($errno) {
$errmsg = curl_error($ch);
curl_close($ch);
throw new Exception($errmsg);
}
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
if ($httpCode >= 200 && $httpCode < 400) {
return true;
} else {
throw new Exception('HTTP状态码异常' . $httpCode);
$proxy_string .= $proxy_server . ':' . intval($proxy_port);
$options = [
'proxy' => $proxy_string,
'timeout' => 3,
'connect_timeout' => 3,
'verify' => false,
'headers' => [
'User-Agent' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36'
]
];
try {
$client = new Client();
$response = $client->request('GET', $url, $options);
$httpCode = $response->getStatusCode();
if ($httpCode >= 200 && $httpCode < 400) {
return true;
} else {
throw new Exception('HTTP状态码异常' . $httpCode);
}
} catch (GuzzleException $e) {
throw new Exception(guzzle_error($e));
}
}
@@ -375,71 +394,223 @@ function clearDirectory($dir): bool
return true;
}
function curl_client($url, $data = null, $referer = null, $cookie = null, $headers = null, $proxy = false, $method = null, $timeout = 5)
/**
* 发送 HTTP 请求
*
* @param string $url 请求URL
* @param mixed $data 请求数据,可以是字符串或数组,数组将自动根据请求方法及传入的 Content-Type 头序列化
* @param string|null $referer 请求的 Referer 头
* @param array|null $cookie 请求的 Cookie 头
* @param array|null $headers 其他自定义请求头
* @param bool $proxy 是否使用代理
* @param string|null $method 请求方法,默认为 GET 或 POST如果存在请求数据
* @param int $timeout 请求超时时间,默认为 10 秒
* @return array 包含 HTTP 状态码、重定向 URL、响应头和响应体的数组
* @throws Exception
*/
function http_request($url, $data = null, $referer = null, $cookie = null, $headers = null, $proxy = false, $method = null, $timeout = 10): array
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$httpheader[] = "Accept: */*";
$httpheader[] = "Accept-Language: zh-CN,zh;q=0.8";
$httpheader[] = "Connection: close";
if ($headers) {
$httpheader = array_merge($httpheader, $headers);
}
curl_setopt($ch, CURLOPT_HTTPHEADER, $httpheader);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.95 Safari/537.36");
curl_setopt($ch, CURLOPT_HEADER, true);
if ($data) {
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
}
if ($cookie) {
curl_setopt($ch, CURLOPT_COOKIE, $cookie);
}
if ($referer) {
curl_setopt($ch, CURLOPT_REFERER, $referer);
}
if ($method) {
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
}
$options = [
'timeout' => $timeout,
'connect_timeout' => $timeout,
'allow_redirects' => false,
'verify' => false,
'headers' => [
'User-Agent' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36',
],
'http_errors' => false // 不抛出异常
];
// 默认请求方法
if (!$method) {
$method = $data ? 'POST' : 'GET';
}
// 处理头部
if (is_array($headers)) {
$options['headers'] = array_merge($options['headers'], $headers);
}
// 处理Cookie
if ($cookie) {
$options['headers']['Cookie'] = $cookie;
}
// 处理Referer
if ($referer) {
$options['headers']['Referer'] = $referer;
}
// 处理数据
if ($data) {
if ($method !== 'GET') {
if (is_string($data)) {
$options['body'] = $data;
if (!isset($options['headers']['Content-Type'])) {
if (json_validate($data)) {
// json
$options['headers']['Content-Type'] = 'application/json';
} elseif (str_contains($data, '=') || str_contains($data, '&')) {
// 表单
$options['headers']['Content-Type'] = 'application/x-www-form-urlencoded';
}
}
} else if (is_array($data) || is_object($data)) {
if (!isset($options['headers']['Content-Type'])) {
// 默认为表单
$options['headers']['Content-Type'] = 'application/x-www-form-urlencoded';
}
if ($options['headers']['Content-Type'] == 'application/x-www-form-urlencoded') {
// 表单
$options['form_params'] = $data;
} else if ($options['headers']['Content-Type'] == 'multipart/form-data') {
// 表单文件
$options['multipart'] = $data;
unset($options['headers']['Content-Type']); // 由GuzzleHttp重新生成Content-Type头部
} else if ($options['headers']['Content-Type'] == 'application/json') {
// json
$options['json'] = $data;
} else {
// 其他
$options['body'] = http_build_query($data);
}
} else {
$options['body'] = $data;
}
} else {
// 兼容已经存在查询字符串的情况
if (!str_contains($url, '?')) {
$options['query'] = $data;
}
}
}
// 处理代理
if ($proxy) {
$proxy_server = config_get('proxy_server');
$proxy_port = intval(config_get('proxy_port'));
$proxy_userpwd = config_get('proxy_user') . ':' . config_get('proxy_pwd');
$proxy_userpwd = config_get('proxy_user').':'.config_get('proxy_pwd');
$proxy_type = config_get('proxy_type');
if ($proxy_type == 'https') {
$proxy_type = CURLPROXY_HTTPS;
} elseif ($proxy_type == 'sock4') {
$proxy_type = CURLPROXY_SOCKS4;
} elseif ($proxy_type == 'sock5') {
$proxy_type = CURLPROXY_SOCKS5;
} else {
$proxy_type = CURLPROXY_HTTP;
if (empty($proxy_server) || empty($proxy_port)) {
throw new Exception('代理服务器或端口未配置');
}
curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_PROXY, $proxy_server);
curl_setopt($ch, CURLOPT_PROXYPORT, $proxy_port);
match ($proxy_type) {
'https' => $proxy_string = 'https://',
'sock4' => $proxy_string = 'socks4://',
'sock5' => $proxy_string = 'socks5://',
'sock5h' => $proxy_string = 'socks5h://',
default => $proxy_string = 'http://',
};
if ($proxy_userpwd != ':') {
curl_setopt($ch, CURLOPT_PROXYUSERPWD, $proxy_userpwd);
$proxy_string .= $proxy_userpwd . '@';
}
curl_setopt($ch, CURLOPT_PROXYTYPE, $proxy_type);
$proxy_string .= $proxy_server . ':' . $proxy_port;
$options['proxy'] = $proxy_string;
}
$ret = curl_exec($ch);
$errno = curl_errno($ch);
if ($errno) {
curl_close($ch);
throw new Exception('Curl error: ' . curl_error($ch));
try {
$client = new Client();
$response = $client->request($method, $url, $options);
$code = $response->getStatusCode();
// 取重定向URL
$redirect_url = '';
if ($code >= 300 && $code < 400) {
$redirect_url = $response->getHeaderLine('Location');
}
return [
'code' => $code,
'redirect_url' => $redirect_url,
'headers' => $response->getHeaders(),
'body' => $response->getBody()->getContents()
];
} catch (GuzzleException $e) {
throw new Exception('请求失败: ' . guzzle_error($e));
}
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$headerSize = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
$redirect_url = curl_getinfo($ch, CURLINFO_REDIRECT_URL);
curl_close($ch);
$header = substr($ret, 0, $headerSize);
$body = substr($ret, $headerSize);
return ['code' => $httpCode, 'redirect_url' => $redirect_url, 'header' => $header, 'body' => $body];
}
function guzzle_error($e)
{
$errmsg = $e->getMessage();
if (preg_match('/^cURL error \d+: /', $errmsg)) {
$errmsg = preg_replace('/^cURL error \d+: /', '', $errmsg);
}
$pos = strpos($errmsg, ' (see https://curl.haxx.se/libcurl/c/libcurl-errors.html)');
if ($pos !== false) {
$errmsg = substr($errmsg, 0, $pos);
}
if (strlen($errmsg) > 100) {
$errmsg = substr($errmsg, 0, 97) . '...';
}
return $errmsg;
}
function curl_set_proxy(&$ch)
{
$proxy_server = config_get('proxy_server');
$proxy_port = intval(config_get('proxy_port'));
$proxy_userpwd = config_get('proxy_user') . ':' . config_get('proxy_pwd');
$proxy_type = config_get('proxy_type');
if (empty($proxy_server) || empty($proxy_port)) {
return;
}
if ($proxy_type == 'https') {
$proxy_type = CURLPROXY_HTTPS;
} elseif ($proxy_type == 'sock4') {
$proxy_type = CURLPROXY_SOCKS4;
} elseif ($proxy_type == 'sock5') {
$proxy_type = CURLPROXY_SOCKS5;
} elseif ($proxy_type == 'sock5h') {
$proxy_type = CURLPROXY_SOCKS5_HOSTNAME;
} else {
$proxy_type = CURLPROXY_HTTP;
}
curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_PROXY, $proxy_server);
curl_setopt($ch, CURLOPT_PROXYPORT, $proxy_port);
if ($proxy_userpwd != ':') {
curl_setopt($ch, CURLOPT_PROXYUSERPWD, $proxy_userpwd);
}
curl_setopt($ch, CURLOPT_PROXYTYPE, $proxy_type);
}
function convertDomainToAscii($domain) {
if (preg_match('/[\x{4e00}-\x{9fa5}]/u', $domain)) {
return idn_to_ascii($domain);
} else {
return $domain;
}
}
function convertDomainToUtf8($domain) {
if (preg_match('/^xn--/', $domain)) {
return idn_to_utf8($domain);
} else {
return $domain;
}
}
function getDomainDate($domain)
{
try {
$whois = \Iodev\Whois\Factory::get()->createWhois();
$info = $whois->loadDomainInfo($domain);
if ($info) {
if ($info->expirationDate > 0) {
return [$info->creationDate > 0 ? date('Y-m-d H:i:s', $info->creationDate) : null, date('Y-m-d H:i:s', $info->expirationDate)];
} else {
throw new Exception('域名到期时间未知');
}
} else {
throw new Exception('域名信息未找到');
}
} catch (Exception $e) {
throw new Exception('查询域名whois失败: ' . $e->getMessage());
}
}
function checkTableExists($table)
{
$prefix = env('database.prefix', 'dnsmgr_');
$res = Db::query("SHOW TABLES LIKE '" . $prefix . $table . "'");
return !empty($res);
}

8
app/controller/Auth.php
View File

@@ -26,7 +26,7 @@ class Auth extends BaseController
if (empty($username) || empty($password)) {
return json(['code' => -1, 'msg' => '用户名或密码不能为空']);
}
if (!captcha_check($code)) {
if (config_get('vcode', '1') == '1' && !captcha_check($code)) {
return json(['code' => -1, 'msg' => '验证码错误', 'vcode' => 1]);
}
if (file_exists($login_limit_file)) {
@@ -38,7 +38,7 @@ class Auth extends BaseController
$user = Db::name('user')->where('username', $username)->find();
if ($user && password_verify($password, $user['password'])) {
if ($user['status'] == 0) return json(['code' => -1, 'msg' => '此用户已被封禁', 'vcode' => 1]);
if ($user['totp_open'] == 1 && !empty($user['totp_secret'])) {
if (isset($user['totp_open']) && $user['totp_open'] == 1 && !empty($user['totp_secret'])) {
session('pre_login_user', $user['id']);
if (file_exists($login_limit_file)) {
unlink($login_limit_file);
@@ -53,7 +53,9 @@ class Auth extends BaseController
} else {
if ($user) {
Db::name('log')->insert(['uid' => $user['id'], 'action' => '登录失败', 'data' => 'IP:' . $this->clientip, 'addtime' => date("Y-m-d H:i:s")]);
if ($user['totp_open'] == 1 && !empty($user['totp_secret'])) $login_limit_count = 10;
if (isset($user['totp_open']) && $user['totp_open'] == 1 && !empty($user['totp_secret'])) {
return json(['code' => -1, 'msg' => '用户名或密码错误', 'vcode' => 1]);
}
}
if (!file_exists($login_limit_file)) {
$login_limit = ['count' => 0, 'time' => 0];

1701
app/controller/Cert.php
View File

File diff suppressed because it is too large Load Diff

1070
app/controller/Cloudflare.php Normal file
View File

File diff suppressed because it is too large Load Diff

516
app/controller/Dmonitor.php
View File

@@ -1,250 +1,266 @@
<?php
namespace app\controller;
use app\BaseController;
use think\facade\Db;
use think\facade\View;
use think\facade\Cache;
class Dmonitor extends BaseController
{
public function overview()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
$switch_count = Db::name('dmlog')->where('date', '>=', date("Y-m-d H:i:s", strtotime("-1 days")))->count();
$fail_count = Db::name('dmlog')->where('date', '>=', date("Y-m-d H:i:s", strtotime("-1 days")))->where('action', 1)->count();
$run_time = config_get('run_time', null, true);
$run_state = $run_time ? (time() - strtotime($run_time) > 10 ? 0 : 1) : 0;
View::assign('info', [
'run_count' => config_get('run_count', null, true) ?? 0,
'run_time' => $run_time ?? '无',
'run_state' => $run_state,
'run_error' => config_get('run_error', null, true),
'switch_count' => $switch_count,
'fail_count' => $fail_count,
'swoole' => extension_loaded('swoole') ? '<font color="green">已安装</font>' : '<font color="red">未安装</font>',
]);
return View::fetch();
}
public function task()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
return View::fetch();
}
public function task_data()
{
if (!checkPermission(2)) return json(['total' => 0, 'rows' => []]);
$type = input('post.type/d', 1);
$kw = input('post.kw', null, 'trim');
$offset = input('post.offset/d');
$limit = input('post.limit/d');
$select = Db::name('dmtask')->alias('A')->join('domain B', 'A.did = B.id');
if (!empty($kw)) {
if ($type == 1) {
$select->whereLike('rr|B.name', '%' . $kw . '%');
} elseif ($type == 2) {
$select->where('recordid', $kw);
} elseif ($type == 3) {
$select->where('main_value', $kw);
} elseif ($type == 4) {
$select->where('backup_value', $kw);
} elseif ($type == 5) {
$select->whereLike('remark', '%' . $kw . '%');
}
}
$total = $select->count();
$list = $select->order('A.id', 'desc')->limit($offset, $limit)->field('A.*,B.name domain')->select()->toArray();
foreach ($list as &$row) {
$row['checktimestr'] = date('Y-m-d H:i:s', $row['checktime']);
}
return json(['total' => $total, 'rows' => $list]);
}
public function taskform()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
$action = input('param.action');
if ($this->request->isPost()) {
if ($action == 'add') {
$task = [
'did' => input('post.did/d'),
'rr' => input('post.rr', null, 'trim'),
'recordid' => input('post.recordid', null, 'trim'),
'type' => input('post.type/d'),
'main_value' => input('post.main_value', null, 'trim'),
'backup_value' => input('post.backup_value', null, 'trim'),
'checktype' => input('post.checktype/d'),
'checkurl' => input('post.checkurl', null, 'trim'),
'tcpport' => !empty(input('post.tcpport')) ? input('post.tcpport/d') : null,
'frequency' => input('post.frequency/d'),
'cycle' => input('post.cycle/d'),
'timeout' => input('post.timeout/d'),
'proxy' => input('post.proxy/d'),
'remark' => input('post.remark', null, 'trim'),
'recordinfo' => input('post.recordinfo', null, 'trim'),
'addtime' => time(),
'active' => 1
];
if (empty($task['did']) || empty($task['rr']) || empty($task['recordid']) || empty($task['main_value']) || empty($task['frequency']) || empty($task['cycle'])) {
return json(['code' => -1, 'msg' => '必填项不能为空']);
}
if ($task['checktype'] > 0 && $task['timeout'] > $task['frequency']) {
return json(['code' => -1, 'msg' => '为保障容灾切换任务正常运行,最大超时时间不能大于检测间隔']);
}
if ($task['type'] == 2 && $task['backup_value'] == $task['main_value']) {
return json(['code' => -1, 'msg' => '主备地址不能相同']);
}
if (Db::name('dmtask')->where('recordid', $task['recordid'])->find()) {
return json(['code' => -1, 'msg' => '当前容灾切换策略已存在']);
}
Db::name('dmtask')->insert($task);
return json(['code' => 0, 'msg' => '添加成功']);
} elseif ($action == 'edit') {
$id = input('post.id/d');
$task = [
'did' => input('post.did/d'),
'rr' => input('post.rr', null, 'trim'),
'recordid' => input('post.recordid', null, 'trim'),
'type' => input('post.type/d'),
'main_value' => input('post.main_value', null, 'trim'),
'backup_value' => input('post.backup_value', null, 'trim'),
'checktype' => input('post.checktype/d'),
'checkurl' => input('post.checkurl', null, 'trim'),
'tcpport' => !empty(input('post.tcpport')) ? input('post.tcpport/d') : null,
'frequency' => input('post.frequency/d'),
'cycle' => input('post.cycle/d'),
'timeout' => input('post.timeout/d'),
'proxy' => input('post.proxy/d'),
'remark' => input('post.remark', null, 'trim'),
'recordinfo' => input('post.recordinfo', null, 'trim'),
];
if (empty($task['did']) || empty($task['rr']) || empty($task['recordid']) || empty($task['main_value']) || empty($task['frequency']) || empty($task['cycle'])) {
return json(['code' => -1, 'msg' => '必填项不能为空']);
}
if ($task['checktype'] > 0 && $task['timeout'] > $task['frequency']) {
return json(['code' => -1, 'msg' => '为保障容灾切换任务正常运行,最大超时时间不能大于检测间隔']);
}
if ($task['type'] == 2 && $task['backup_value'] == $task['main_value']) {
return json(['code' => -1, 'msg' => '主备地址不能相同']);
}
if (Db::name('dmtask')->where('recordid', $task['recordid'])->where('id', '<>', $id)->find()) {
return json(['code' => -1, 'msg' => '当前容灾切换策略已存在']);
}
Db::name('dmtask')->where('id', $id)->update($task);
return json(['code' => 0, 'msg' => '修改成功']);
} elseif ($action == 'setactive') {
$id = input('post.id/d');
$active = input('post.active/d');
Db::name('dmtask')->where('id', $id)->update(['active' => $active]);
return json(['code' => 0, 'msg' => '设置成功']);
} elseif ($action == 'del') {
$id = input('post.id/d');
Db::name('dmtask')->where('id', $id)->delete();
Db::name('dmlog')->where('taskid', $id)->delete();
return json(['code' => 0, 'msg' => '删除成功']);
} else {
return json(['code' => -1, 'msg' => '参数错误']);
}
}
$task = null;
if ($action == 'edit') {
$id = input('get.id/d');
$task = Db::name('dmtask')->where('id', $id)->find();
if (empty($task)) return $this->alert('error', '切换策略不存在');
}
$domains = [];
foreach (Db::name('domain')->select() as $row) {
$domains[$row['id']] = $row['name'];
}
View::assign('domains', $domains);
View::assign('info', $task);
View::assign('action', $action);
View::assign('support_ping', function_exists('exec') ? '1' : '0');
return View::fetch();
}
public function taskinfo()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
$id = input('param.id/d');
$task = Db::name('dmtask')->where('id', $id)->find();
if (empty($task)) return $this->alert('error', '切换策略不存在');
$switch_count = Db::name('dmlog')->where('taskid', $id)->where('date', '>=', date("Y-m-d H:i:s", strtotime("-1 days")))->count();
$fail_count = Db::name('dmlog')->where('taskid', $id)->where('date', '>=', date("Y-m-d H:i:s", strtotime("-1 days")))->where('action', 1)->count();
$task['switch_count'] = $switch_count;
$task['fail_count'] = $fail_count;
if ($task['type'] == 3) {
$task['action_name'] = ['未知', '<font color="red">开启解析</font>', '<font color="green">暂停解析</font>'];
} elseif ($task['type'] == 2) {
$task['action_name'] = ['未知', '<font color="red">切换备用解析记录</font>', '<font color="green">恢复主解析记录</font>'];
} else {
$task['action_name'] = ['未知', '<font color="red">暂停解析</font>', '<font color="green">启用解析</font>'];
}
View::assign('info', $task);
return View::fetch();
}
public function tasklog_data()
{
if (!checkPermission(2)) return json(['total' => 0, 'rows' => []]);
$taskid = input('param.id/d');
$offset = input('post.offset/d');
$limit = input('post.limit/d');
$action = input('post.action/d', 0);
$select = Db::name('dmlog')->where('taskid', $taskid);
if ($action > 0) {
$select->where('action', $action);
}
$total = $select->count();
$list = $select->order('id', 'desc')->limit($offset, $limit)->select();
return json(['total' => $total, 'rows' => $list]);
}
public function noticeset()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
$params = input('post.');
foreach ($params as $key => $value) {
if (empty($key)) {
continue;
}
config_set($key, $value);
Cache::delete('configs');
}
return json(['code' => 0, 'msg' => 'succ']);
}
public function clean()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
if ($this->request->isPost()) {
$days = input('post.days/d');
if (!$days || $days < 0) return json(['code' => -1, 'msg' => '参数错误']);
Db::execute("DELETE FROM `" . config('database.connections.mysql.prefix') . "dmlog` WHERE `date`<'" . date("Y-m-d H:i:s", strtotime("-" . $days . " days")) . "'");
Db::execute("OPTIMIZE TABLE `" . config('database.connections.mysql.prefix') . "dmlog`");
return json(['code' => 0, 'msg' => '清理成功']);
}
}
public function status()
{
$run_time = config_get('run_time', null, true);
$run_state = $run_time ? (time() - strtotime($run_time) > 10 ? 0 : 1) : 0;
return $run_state == 1 ? 'ok' : 'error';
}
}
<?php
namespace app\controller;
use app\BaseController;
use think\facade\Db;
use think\facade\View;
use think\facade\Cache;
class Dmonitor extends BaseController
{
public function overview()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
$switch_count = Db::name('dmlog')->where('date', '>=', date("Y-m-d H:i:s", strtotime("-1 days")))->count();
$fail_count = Db::name('dmlog')->where('date', '>=', date("Y-m-d H:i:s", strtotime("-1 days")))->where('action', 1)->count();
$run_time = config_get('run_time', null, true);
$run_state = $run_time ? (time() - strtotime($run_time) > 10 ? 0 : 1) : 0;
View::assign('info', [
'run_count' => config_get('run_count', null, true) ?? 0,
'run_time' => $run_time ?? '无',
'run_state' => $run_state,
'run_error' => config_get('run_error', null, true),
'switch_count' => $switch_count,
'fail_count' => $fail_count,
'swoole' => extension_loaded('swoole') ? '<font color="green">已安装</font>' : '<font color="red">未安装</font>',
]);
return View::fetch();
}
public function task()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
return View::fetch();
}
public function task_data()
{
if (!checkPermission(2)) return json(['total' => 0, 'rows' => []]);
$type = input('post.type/d', 1);
$status = input('post.status', null);
$kw = input('post.kw', null, 'trim');
$offset = input('post.offset/d');
$limit = input('post.limit/d');
$select = Db::name('dmtask')->alias('A')->join('domain B', 'A.did = B.id');
if (!empty($kw)) {
if ($type == 1) {
$select->whereLike('rr|B.name', '%' . $kw . '%');
} elseif ($type == 2) {
$select->where('recordid', $kw);
} elseif ($type == 3) {
$select->where('main_value', $kw);
} elseif ($type == 4) {
$select->where('backup_value', $kw);
} elseif ($type == 5) {
$select->whereLike('remark', '%' . $kw . '%');
}
}
if (!isNullOrEmpty($status)) {
$select->where('status', intval($status));
}
$total = $select->count();
$list = $select->order('A.id', 'desc')->limit($offset, $limit)->field('A.*,B.name domain')->select()->toArray();
foreach ($list as &$row) {
$row['addtimestr'] = date('Y-m-d H:i:s', $row['addtime']);
$row['checktimestr'] = $row['checktime'] > 0 ? date('Y-m-d H:i:s', $row['checktime']) : '未运行';
}
return json(['total' => $total, 'rows' => $list]);
}
public function task_op()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
$action = input('param.action');
if ($action == 'add') {
$task = [
'did' => input('post.did/d'),
'rr' => input('post.rr', null, 'trim'),
'recordid' => input('post.recordid', null, 'trim'),
'type' => input('post.type/d'),
'main_value' => input('post.main_value', null, 'trim'),
'backup_value' => input('post.backup_value', null, 'trim'),
'checktype' => input('post.checktype/d'),
'checkurl' => input('post.checkurl', null, 'trim'),
'tcpport' => !empty(input('post.tcpport')) ? input('post.tcpport/d') : null,
'frequency' => input('post.frequency/d'),
'cycle' => input('post.cycle/d'),
'timeout' => input('post.timeout/d'),
'proxy' => input('post.proxy/d'),
'cdn' => input('post.cdn') == 'true' || input('post.cdn') == '1' ? 1 : 0,
'remark' => input('post.remark', null, 'trim'),
'recordinfo' => input('post.recordinfo', null, 'trim'),
'addtime' => time(),
'active' => 1
];
if (empty($task['did']) || empty($task['rr']) || empty($task['recordid']) || empty($task['main_value']) || empty($task['frequency']) || empty($task['cycle'])) {
return json(['code' => -1, 'msg' => '必填项不能为空']);
}
if ($task['checktype'] > 0 && $task['timeout'] > $task['frequency']) {
return json(['code' => -1, 'msg' => '为保障容灾切换任务正常运行,最大超时时间不能大于检测间隔']);
}
if ($task['type'] == 2 && $task['backup_value'] == $task['main_value']) {
return json(['code' => -1, 'msg' => '主备地址不能相同']);
}
if (Db::name('dmtask')->where('recordid', $task['recordid'])->find()) {
return json(['code' => -1, 'msg' => '当前容灾切换策略已存在']);
}
Db::name('dmtask')->insert($task);
return json(['code' => 0, 'msg' => '添加成功']);
} elseif ($action == 'edit') {
$id = input('post.id/d');
$task = [
'did' => input('post.did/d'),
'rr' => input('post.rr', null, 'trim'),
'recordid' => input('post.recordid', null, 'trim'),
'type' => input('post.type/d'),
'main_value' => input('post.main_value', null, 'trim'),
'backup_value' => input('post.backup_value', null, 'trim'),
'checktype' => input('post.checktype/d'),
'checkurl' => input('post.checkurl', null, 'trim'),
'tcpport' => !empty(input('post.tcpport')) ? input('post.tcpport/d') : null,
'frequency' => input('post.frequency/d'),
'cycle' => input('post.cycle/d'),
'timeout' => input('post.timeout/d'),
'proxy' => input('post.proxy/d'),
'cdn' => input('post.cdn') == 'true' || input('post.cdn') == '1' ? 1 : 0,
'remark' => input('post.remark', null, 'trim'),
'recordinfo' => input('post.recordinfo', null, 'trim'),
];
if (empty($task['did']) || empty($task['rr']) || empty($task['recordid']) || empty($task['main_value']) || empty($task['frequency']) || empty($task['cycle'])) {
return json(['code' => -1, 'msg' => '必填项不能为空']);
}
if ($task['checktype'] > 0 && $task['timeout'] > $task['frequency']) {
return json(['code' => -1, 'msg' => '为保障容灾切换任务正常运行,最大超时时间不能大于检测间隔']);
}
if ($task['type'] == 2 && $task['backup_value'] == $task['main_value']) {
return json(['code' => -1, 'msg' => '主备地址不能相同']);
}
if (Db::name('dmtask')->where('recordid', $task['recordid'])->where('id', '<>', $id)->find()) {
return json(['code' => -1, 'msg' => '当前容灾切换策略已存在']);
}
Db::name('dmtask')->where('id', $id)->update($task);
return json(['code' => 0, 'msg' => '修改成功']);
} elseif ($action == 'setactive') {
$id = input('post.id/d');
$active = input('post.active/d');
Db::name('dmtask')->where('id', $id)->update(['active' => $active]);
return json(['code' => 0, 'msg' => '设置成功']);
} elseif ($action == 'del') {
$id = input('post.id/d');
Db::name('dmtask')->where('id', $id)->delete();
Db::name('dmlog')->where('taskid', $id)->delete();
return json(['code' => 0, 'msg' => '删除成功']);
} elseif ($action == 'operation') {
$ids = input('post.ids');
$success = 0;
foreach ($ids as $id) {
if (input('post.act') == 'delete') {
Db::name('dmtask')->where('id', $id)->delete();
Db::name('dmlog')->where('taskid', $id)->delete();
$success++;
} elseif (input('post.act') == 'retry') {
Db::name('dmtask')->where('id', $id)->update(['checknexttime' => time()]);
$success++;
} elseif (input('post.act') == 'open' || input('post.act') == 'close') {
$isauto = input('post.act') == 'open' ? 1 : 0;
Db::name('dmtask')->where('id', $id)->update(['active' => $isauto]);
$success++;
}
}
return json(['code' => 0, 'msg' => '成功操作' . $success . '个容灾切换策略']);
} else {
return json(['code' => -1, 'msg' => '参数错误']);
}
}
public function taskform()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
$action = input('param.action');
$task = null;
if ($action == 'edit') {
$id = input('get.id/d');
$task = Db::name('dmtask')->where('id', $id)->find();
if (empty($task)) return $this->alert('error', '切换策略不存在');
}
$domains = [];
$domainList = Db::name('domain')->alias('A')->join('account B', 'A.aid = B.id')->field('A.id,A.name,B.type')->select();
foreach ($domainList as $row) {
$domains[] = ['id'=>$row['id'], 'name'=>$row['name'], 'type'=>$row['type']];
}
View::assign('domains', $domains);
View::assign('info', $task);
View::assign('action', $action);
View::assign('support_ping', function_exists('exec') ? '1' : '0');
return View::fetch();
}
public function taskinfo()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
$id = input('param.id/d');
$task = Db::name('dmtask')->where('id', $id)->find();
if (empty($task)) return $this->alert('error', '切换策略不存在');
$switch_count = Db::name('dmlog')->where('taskid', $id)->where('date', '>=', date("Y-m-d H:i:s", strtotime("-1 days")))->count();
$fail_count = Db::name('dmlog')->where('taskid', $id)->where('date', '>=', date("Y-m-d H:i:s", strtotime("-1 days")))->where('action', 1)->count();
$task['switch_count'] = $switch_count;
$task['fail_count'] = $fail_count;
if ($task['type'] == 3) {
$task['action_name'] = ['未知', '<font color="red">开启解析</font>', '<font color="green">暂停解析</font>'];
} elseif ($task['type'] == 2) {
$task['action_name'] = ['未知', '<font color="red">切换备用解析记录</font>', '<font color="green">恢复主解析记录</font>'];
} else {
$task['action_name'] = ['未知', '<font color="red">暂停解析</font>', '<font color="green">启用解析</font>'];
}
View::assign('info', $task);
return View::fetch();
}
public function tasklog_data()
{
if (!checkPermission(2)) return json(['total' => 0, 'rows' => []]);
$taskid = input('param.id/d');
$offset = input('post.offset/d');
$limit = input('post.limit/d');
$action = input('post.action/d', 0);
$select = Db::name('dmlog')->where('taskid', $taskid);
if ($action > 0) {
$select->where('action', $action);
}
$total = $select->count();
$list = $select->order('id', 'desc')->limit($offset, $limit)->select();
return json(['total' => $total, 'rows' => $list]);
}
public function clean()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
if ($this->request->isPost()) {
$days = input('post.days/d');
if (!$days || $days < 0) return json(['code' => -1, 'msg' => '参数错误']);
Db::execute("DELETE FROM `" . config('database.connections.mysql.prefix') . "dmlog` WHERE `date`<'" . date("Y-m-d H:i:s", strtotime("-" . $days . " days")) . "'");
Db::execute("OPTIMIZE TABLE `" . config('database.connections.mysql.prefix') . "dmlog`");
return json(['code' => 0, 'msg' => '清理成功']);
}
}
public function status()
{
$run_time = config_get('run_time', null, true);
$run_state = $run_time ? (time() - strtotime($run_time) > 10 ? 0 : 1) : 0;
return $run_state == 1 ? 'ok' : 'error';
}
}

1974
app/controller/Domain.php
View File

File diff suppressed because it is too large Load Diff

59
app/controller/Index.php
View File

@@ -7,8 +7,6 @@ use Exception;
use think\facade\Db;
use think\facade\View;
use think\facade\Cache;
use app\lib\DnsHelper;
use app\utils\MsgNotice;
class Index extends BaseController
{
@@ -19,16 +17,36 @@ class Index extends BaseController
}
if ($this->request->isAjax()) {
if (input('post.do') == 'stat') {
$stat = ['domains' => 0, 'users' => 0, 'records' => 0, 'types' => count(DnsHelper::$dns_config)];
$stat = [];
if ($this->request->user['level'] == 2) {
$stat['domains'] = Db::name('domain')->count();
$stat['users'] = Db::name('user')->count();
$stat['records'] = Db::name('domain')->sum('recordcount');
} else {
$stat['domains'] = Db::name('domain')->where('name', 'in', $this->request->user['permission'])->count();
$stat['users'] = 1;
$stat['records'] = Db::name('domain')->where('name', 'in', $this->request->user['permission'])->sum('recordcount');
}
$stat['tasks'] = Db::name('dmtask')->count();
$stat['certs'] = Db::name('cert_order')->count();
$stat['deploys'] = Db::name('cert_deploy')->count();
$run_time = config_get('run_time', null, true);
$run_state = $run_time ? (time() - strtotime($run_time) > 10 ? 0 : 1) : 0;
$stat['dmonitor_state'] = $run_state;
$stat['dmonitor_active'] = Db::name('dmtask')->where('active', 1)->count();
$stat['dmonitor_status_0'] = Db::name('dmtask')->where('status', 0)->count();
$stat['dmonitor_status_1'] = Db::name('dmtask')->where('status', 1)->count();
$stat['optimizeip_active'] = Db::name('optimizeip')->where('active', 1)->count();
$stat['optimizeip_status_1'] = Db::name('optimizeip')->where('status', 1)->count();
$stat['optimizeip_status_2'] = Db::name('optimizeip')->where('status', 2)->count();
$stat['certorder_status_3'] = Db::name('cert_order')->where('status', 3)->count();
$stat['certorder_status_5'] = Db::name('cert_order')->where('status', '<', 0)->count();
$stat['certorder_status_6'] = Db::name('cert_order')->where('expiretime', '<', date('Y-m-d H:i:s', time() + 86400 * 7))->where('expiretime', '>=', date('Y-m-d H:i:s'))->count();
$stat['certorder_status_7'] = Db::name('cert_order')->where('expiretime', '<', date('Y-m-d H:i:s'))->count();
$stat['certdeploy_status_0'] = Db::name('cert_deploy')->where('status', 0)->count();
$stat['certdeploy_status_1'] = Db::name('cert_deploy')->where('status', 1)->count();
$stat['certdeploy_status_2'] = Db::name('cert_deploy')->where('status', -1)->count();
return json($stat);
}
return json(['code' => -3]);
@@ -36,17 +54,15 @@ class Index extends BaseController
if (config('app.dbversion') && config_get('version') != config('app.dbversion')) {
$this->db_update();
config_set('version', config('app.dbversion'));
Cache::clear();
}
$tmp = 'version()';
$mysqlVersion = Db::query("select version()")[0][$tmp];
$info = [
'framework_version' => app()::VERSION,
'framework_version' => app()->version(),
'php_version' => PHP_VERSION,
'mysql_version' => $mysqlVersion,
'software' => $_SERVER['SERVER_SOFTWARE'],
'software' => $_SERVER['SERVER_SOFTWARE'] ?? '未知',
'os' => php_uname(),
'date' => date("Y-m-d H:i:s"),
];
@@ -69,6 +85,27 @@ class Index extends BaseController
} catch (Exception $e) {
}
}
config_set('version', config('app.dbversion'));
Cache::clear();
if(Db::name('account')->count() > 0 && Db::name('account')->whereNotNull('config')->count() == 0) {
$accounts = Db::name('account')->select();
foreach ($accounts as $account) {
if (!empty($account['config']) || !isset(\app\lib\DnsHelper::$dns_config[$account['type']])) continue;
$config = [];
$account_fields = ['name', 'sk', 'ext'];
$i = 0;
foreach(\app\lib\DnsHelper::$dns_config[$account['type']]['config'] as $field => $item) {
if ($field == 'proxy') {
$config[$field] = $account['proxy'];
break;
}
if ($i >= 3) break;
$account_field = $account_fields[$i++];
$config[$field] = isset($account[$account_field]) ? $account[$account_field] : '';
}
Db::name('account')->where('id', $account['id'])->update(['config' => json_encode($config)]);
}
}
}
public function changeskin()

166
app/controller/Install.php
View File

@@ -7,82 +7,128 @@ use Exception;
use app\BaseController;
use think\facade\Cache;
use think\facade\Request;
use think\facade\View;
use think\facade\Db;
class Install extends BaseController
{
public function index()
{
$dbconfig = '0';
if (file_exists(app()->getRootPath() . '.env')) {
return '当前已经安装成功,如果需要重新安装,请手动删除根目录.env文件';
if (checkTableExists('config') || checkTableExists('user') || checkTableExists('domain')) {
return '当前已经安装成功,如果需要重新安装,请手动删除根目录.env文件';
} else {
$dbconfig = '1';
}
}
if (Request::isPost()) {
$mysql_host = input('post.mysql_host', null, 'trim');
$mysql_port = intval(input('post.mysql_port', '3306'));
$mysql_user = input('post.mysql_user', null, 'trim');
$mysql_pwd = input('post.mysql_pwd', null, 'trim');
$mysql_name = input('post.mysql_name', null, 'trim');
$mysql_prefix = input('post.mysql_prefix', 'cloud_', 'trim');
$admin_username = input('post.admin_username', null, 'trim');
$admin_password = input('post.admin_password', null, 'trim');
if ($dbconfig == '1') {
$admin_username = input('post.admin_username', null, 'trim');
$admin_password = input('post.admin_password', null, 'trim');
if (!$mysql_host || !$mysql_user || !$mysql_pwd || !$mysql_name || !$admin_username || !$admin_password) {
return json(['code' => 0, 'msg' => '必填项不能为空']);
}
if (!$admin_username || !$admin_password) {
return json(['code' => 0, 'msg' => '必填项不能为空']);
}
$configData = file_get_contents(app()->getRootPath() . '.example.env');
$configData = str_replace(['{dbhost}', '{dbname}', '{dbuser}', '{dbpwd}', '{dbport}', '{dbprefix}'], [$mysql_host, $mysql_name, $mysql_user, $mysql_pwd, $mysql_port, $mysql_prefix], $configData);
$sqls = file_get_contents(app()->getAppPath() . 'sql/install.sql');
$sqls = explode(';', $sqls);
$mysql_prefix = env('database.prefix', 'dnsmgr_');
try {
$DB = new PDO("mysql:host=" . $mysql_host . ";dbname=" . $mysql_name . ";port=" . $mysql_port, $mysql_user, $mysql_pwd);
} catch (Exception $e) {
if ($e->getCode() == 2002) {
$errorMsg = '连接数据库失败:数据库地址填写错误!';
} elseif ($e->getCode() == 1045) {
$errorMsg = '连接数据库失败:数据库用户名或密码填写错误!';
} elseif ($e->getCode() == 1049) {
$errorMsg = '连接数据库失败:数据库名不存在!';
$password = password_hash($admin_password, PASSWORD_DEFAULT);
$sqls[] = "REPLACE INTO `" . $mysql_prefix . "config` VALUES ('sys_key', '" . random(16) . "')";
$sqls[] = "INSERT INTO `" . $mysql_prefix . "user` (`username`,`password`,`level`,`regtime`,`lasttime`,`status`) VALUES ('" . addslashes($admin_username) . "', '$password', 2, NOW(), NOW(), 1)";
$success = 0;
$error = 0;
$errorMsg = null;
foreach ($sqls as $value) {
$value = trim($value);
if (empty($value)) continue;
$value = str_replace('dnsmgr_', $mysql_prefix, $value);
if (Db::execute($value) === false) {
$error++;
$dberror = Db::getErrorInfo();
$errorMsg .= $dberror . "\n";
} else {
$success++;
}
}
if (empty($errorMsg)) {
Cache::clear();
return json(['code' => 1, 'msg' => '安装完成成功执行SQL语句' . $success . '条']);
} else {
$errorMsg = '连接数据库失败:' . $e->getMessage();
return json(['code' => 0, 'msg' => $errorMsg]);
}
return json(['code' => 0, 'msg' => $errorMsg]);
}
$DB->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_SILENT);
$DB->exec("set sql_mode = ''");
$DB->exec("set names utf8");
$sqls = file_get_contents(app()->getAppPath() . 'sql/install.sql');
$sqls = explode(';', $sqls);
$password = password_hash($admin_password, PASSWORD_DEFAULT);
$sqls[] = "REPLACE INTO `" . $mysql_prefix . "config` VALUES ('sys_key', '" . random(16) . "')";
$sqls[] = "INSERT INTO `" . $mysql_prefix . "user` (`username`,`password`,`level`,`regtime`,`lasttime`,`status`) VALUES ('" . addslashes($admin_username) . "', '$password', 2, NOW(), NOW(), 1)";
$success = 0;
$error = 0;
$errorMsg = null;
foreach ($sqls as $value) {
$value = trim($value);
if (empty($value)) continue;
$value = str_replace('dnsmgr_', $mysql_prefix, $value);
if ($DB->exec($value) === false) {
$error++;
$dberror = $DB->errorInfo();
$errorMsg .= $dberror[2] . "\n";
} else {
$success++;
}
}
if (empty($errorMsg)) {
if (!file_put_contents(app()->getRootPath() . '.env', $configData)) {
return json(['code' => 0, 'msg' => '保存失败,请确保网站根目录有写入权限']);
}
Cache::clear();
return json(['code' => 1, 'msg' => '安装完成成功执行SQL语句' . $success . '条']);
} else {
return json(['code' => 0, 'msg' => $errorMsg]);
$mysql_host = input('post.mysql_host', null, 'trim');
$mysql_port = intval(input('post.mysql_port', '3306'));
$mysql_user = input('post.mysql_user', null, 'trim');
$mysql_pwd = input('post.mysql_pwd', null, 'trim');
$mysql_name = input('post.mysql_name', null, 'trim');
$mysql_prefix = input('post.mysql_prefix', 'cloud_', 'trim');
$admin_username = input('post.admin_username', null, 'trim');
$admin_password = input('post.admin_password', null, 'trim');
if (!$mysql_host || !$mysql_user || !$mysql_pwd || !$mysql_name || !$admin_username || !$admin_password) {
return json(['code' => 0, 'msg' => '必填项不能为空']);
}
$configData = file_get_contents(app()->getRootPath() . '.example.env');
$configData = str_replace(['{dbhost}', '{dbname}', '{dbuser}', '{dbpwd}', '{dbport}', '{dbprefix}'], [$mysql_host, $mysql_name, $mysql_user, $mysql_pwd, $mysql_port, $mysql_prefix], $configData);
try {
$DB = new PDO("mysql:host=" . $mysql_host . ";dbname=" . $mysql_name . ";port=" . $mysql_port, $mysql_user, $mysql_pwd);
} catch (Exception $e) {
if ($e->getCode() == 2002) {
$errorMsg = '连接数据库失败:数据库地址填写错误!';
} elseif ($e->getCode() == 1045) {
$errorMsg = '连接数据库失败:数据库用户名或密码填写错误!';
} elseif ($e->getCode() == 1049) {
$errorMsg = '连接数据库失败:数据库名不存在!';
} else {
$errorMsg = '连接数据库失败:' . $e->getMessage();
}
return json(['code' => 0, 'msg' => $errorMsg]);
}
$DB->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_SILENT);
$DB->exec("set sql_mode = ''");
$DB->exec("set names utf8");
$sqls = file_get_contents(app()->getAppPath() . 'sql/install.sql');
$sqls = explode(';', $sqls);
$password = password_hash($admin_password, PASSWORD_DEFAULT);
$sqls[] = "REPLACE INTO `" . $mysql_prefix . "config` VALUES ('sys_key', '" . random(16) . "')";
$sqls[] = "INSERT INTO `" . $mysql_prefix . "user` (`username`,`password`,`level`,`regtime`,`lasttime`,`status`) VALUES ('" . addslashes($admin_username) . "', '$password', 2, NOW(), NOW(), 1)";
$success = 0;
$error = 0;
$errorMsg = null;
foreach ($sqls as $value) {
$value = trim($value);
if (empty($value)) continue;
$value = str_replace('dnsmgr_', $mysql_prefix, $value);
if ($DB->exec($value) === false) {
$error++;
$dberror = $DB->errorInfo();
$errorMsg .= $dberror[2] . "\n";
} else {
$success++;
}
}
if (empty($errorMsg)) {
if (!file_put_contents(app()->getRootPath() . '.env', $configData)) {
return json(['code' => 0, 'msg' => '保存失败,请确保网站根目录有写入权限']);
}
Cache::clear();
return json(['code' => 1, 'msg' => '安装完成成功执行SQL语句' . $success . '条']);
} else {
return json(['code' => 0, 'msg' => $errorMsg]);
}
}
}
View::assign('dbconfig', $dbconfig);
return view();
}
}

365
app/controller/Optimizeip.php
View File

@@ -1,176 +1,189 @@
<?php
namespace app\controller;
use app\BaseController;
use Exception;
use think\facade\Db;
use think\facade\View;
use think\facade\Cache;
use app\service\OptimizeService;
class Optimizeip extends BaseController
{
public function opipset()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
if ($this->request->isPost()) {
$params = input('post.');
foreach ($params as $key => $value) {
if (empty($key)) {
continue;
}
config_set($key, $value);
Cache::delete('configs');
}
return json(['code' => 0, 'msg' => 'succ']);
}
return View::fetch();
}
public function opiplist()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
return View::fetch();
}
public function opiplist_data()
{
if (!checkPermission(2)) return json(['total' => 0, 'rows' => []]);
$type = input('post.type/d', 1);
$kw = input('post.kw', null, 'trim');
$offset = input('post.offset/d');
$limit = input('post.limit/d');
$select = Db::name('optimizeip')->alias('A')->join('domain B', 'A.did = B.id');
if (!empty($kw)) {
if ($type == 1) {
$select->whereLike('rr|B.name', '%' . $kw . '%');
} elseif ($type == 2) {
$select->whereLike('remark', '%' . $kw . '%');
}
}
$total = $select->count();
$list = $select->order('A.id', 'desc')->limit($offset, $limit)->field('A.*,B.name domain')->select();
return json(['total' => $total, 'rows' => $list]);
}
public function opipform()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
$action = input('param.action');
if ($this->request->isPost()) {
if ($action == 'add') {
$task = [
'did' => input('post.did/d'),
'rr' => input('post.rr', null, 'trim'),
'type' => input('post.type/d'),
'ip_type' => input('post.ip_type', null, 'trim'),
'cdn_type' => input('post.cdn_type/d'),
'recordnum' => input('post.recordnum/d'),
'ttl' => input('post.ttl/d'),
'remark' => input('post.remark', null, 'trim'),
'addtime' => date('Y-m-d H:i:s'),
'active' => 1
];
if (empty($task['did']) || empty($task['rr']) || empty($task['ip_type']) || empty($task['recordnum']) || empty($task['ttl'])) {
return json(['code' => -1, 'msg' => '必填项不能为空']);
}
if ($task['recordnum'] > 5) {
return json(['code' => -1, 'msg' => '解析数量不能超过5个']);
}
if (Db::name('optimizeip')->where('did', $task['did'])->where('rr', $task['rr'])->find()) {
return json(['code' => -1, 'msg' => '当前域名的优选IP任务已存在']);
}
Db::name('optimizeip')->insert($task);
return json(['code' => 0, 'msg' => '添加成功']);
} elseif ($action == 'edit') {
$id = input('post.id/d');
$task = [
'did' => input('post.did/d'),
'rr' => input('post.rr', null, 'trim'),
'type' => input('post.type/d'),
'ip_type' => input('post.ip_type', null, 'trim'),
'cdn_type' => input('post.cdn_type/d'),
'recordnum' => input('post.recordnum/d'),
'ttl' => input('post.ttl/d'),
'remark' => input('post.remark', null, 'trim'),
];
if (empty($task['did']) || empty($task['rr']) || empty($task['ip_type']) || empty($task['recordnum']) || empty($task['ttl'])) {
return json(['code' => -1, 'msg' => '必填项不能为空']);
}
if ($task['recordnum'] > 5) {
return json(['code' => -1, 'msg' => '解析数量不能超过5个']);
}
if (Db::name('optimizeip')->where('did', $task['did'])->where('rr', $task['rr'])->where('id', '<>', $id)->find()) {
return json(['code' => -1, 'msg' => '当前域名的优选IP任务已存在']);
}
Db::name('optimizeip')->where('id', $id)->update($task);
return json(['code' => 0, 'msg' => '修改成功']);
} elseif ($action == 'setactive') {
$id = input('post.id/d');
$active = input('post.active/d');
Db::name('optimizeip')->where('id', $id)->update(['active' => $active]);
return json(['code' => 0, 'msg' => '设置成功']);
} elseif ($action == 'del') {
$id = input('post.id/d');
Db::name('optimizeip')->where('id', $id)->delete();
return json(['code' => 0, 'msg' => '删除成功']);
} elseif ($action == 'run') {
$id = input('post.id/d');
$task = Db::name('optimizeip')->where('id', $id)->find();
if (empty($task)) return json(['code' => -1, 'msg' => '任务不存在']);
try {
$result = (new OptimizeService())->execute_one($task);
Db::name('optimizeip')->where('id', $id)->update(['status' => 1, 'errmsg' => null, 'updatetime' => date('Y-m-d H:i:s')]);
return json(['code' => 0, 'msg' => '优选任务执行成功:' . $result]);
} catch (Exception $e) {
Db::name('optimizeip')->where('id', $id)->update(['status' => 2, 'errmsg' => $e->getMessage(), 'updatetime' => date('Y-m-d H:i:s')]);
return json(['code' => -1, 'msg' => '优选任务执行失败:' . $e->getMessage(), 'stack' => $e->__toString()]);
}
} else {
return json(['code' => -1, 'msg' => '参数错误']);
}
}
$task = null;
if ($action == 'edit') {
$id = input('get.id/d');
$task = Db::name('optimizeip')->where('id', $id)->find();
if (empty($task)) return $this->alert('error', '任务不存在');
}
$domains = [];
foreach (Db::name('domain')->alias('A')->join('account B', 'A.aid = B.id')->field('A.*')->where('B.type', '<>', 'cloudflare')->select() as $row) {
$domains[$row['id']] = $row['name'];
}
View::assign('domains', $domains);
View::assign('info', $task);
View::assign('action', $action);
return View::fetch();
}
public function queryapi()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
$optimize_ip_api = input('post.optimize_ip_api/d');
$optimize_ip_key = input('post.optimize_ip_key', null, 'trim');
if (empty($optimize_ip_key)) return json(['code' => -1, 'msg' => '参数不能为空']);
try {
$result = (new OptimizeService())->get_license($optimize_ip_api, $optimize_ip_key);
return json(['code' => 0, 'msg' => '当前积分余额:' . $result]);
} catch (Exception $e) {
return json(['code' => -1, 'msg' => $e->getMessage()]);
}
}
public function status()
{
$run_time = Db::name('optimizeip')->where('active', 1)->order('updatetime', 'desc')->value('updatetime');
$run_state = $run_time ? (time() - strtotime($run_time) > 3600 ? 0 : 1) : 0;
return $run_state == 1 ? 'ok' : 'error';
}
}
<?php
namespace app\controller;
use app\BaseController;
use Exception;
use think\facade\Db;
use think\facade\View;
use think\facade\Cache;
use app\service\OptimizeService;
class Optimizeip extends BaseController
{
public function opipset()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
if ($this->request->isPost()) {
$params = input('post.');
foreach ($params as $key => $value) {
if (empty($key)) {
continue;
}
if ($key == 'optimize_ip_min' && intval($value) < 10) {
return json(['code' => -1, 'msg' => '自动更新时间间隔不能小于10分钟']);
}
config_set($key, $value);
Cache::delete('configs');
}
return json(['code' => 0, 'msg' => 'succ']);
}
return View::fetch();
}
public function opiplist()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
return View::fetch();
}
public function opiplist_data()
{
if (!checkPermission(2)) return json(['total' => 0, 'rows' => []]);
$type = input('post.type/d', 1);
$kw = input('post.kw', null, 'trim');
$status = input('post.status', null);
$offset = input('post.offset/d');
$limit = input('post.limit/d');
$select = Db::name('optimizeip')->alias('A')->join('domain B', 'A.did = B.id');
if (!empty($kw)) {
if ($type == 1) {
$select->whereLike('rr|B.name', '%' . $kw . '%');
} elseif ($type == 2) {
$select->whereLike('remark', '%' . $kw . '%');
}
}
if (!isNullOrEmpty($status)) {
$select->where('status', intval($status));
}
$total = $select->count();
$list = $select->order('A.id', 'desc')->limit($offset, $limit)->field('A.*,B.name domain')->select();
return json(['total' => $total, 'rows' => $list]);
}
public function opipform()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
$action = input('param.action');
if ($this->request->isPost()) {
if ($action == 'add') {
$task = [
'did' => input('post.did/d'),
'rr' => input('post.rr', null, 'trim'),
'type' => input('post.type/d'),
'ip_type' => input('post.ip_type', null, 'trim'),
'cdn_type' => input('post.cdn_type/d'),
'recordnum' => input('post.recordnum/d'),
'ttl' => input('post.ttl/d'),
'remark' => input('post.remark', null, 'trim'),
'addtime' => date('Y-m-d H:i:s'),
'active' => 1
];
if (empty($task['did']) || empty($task['rr']) || empty($task['ip_type']) || empty($task['recordnum']) || empty($task['ttl'])) {
return json(['code' => -1, 'msg' => '必填项不能为空']);
}
if ($task['recordnum'] < 1) {
return json(['code' => -1, 'msg' => '解析数量不能少于1个']);
}
if ($task['recordnum'] > 50) {
return json(['code' => -1, 'msg' => '解析数量不能超过50个']);
}
if (Db::name('optimizeip')->where('did', $task['did'])->where('rr', $task['rr'])->find()) {
return json(['code' => -1, 'msg' => '当前域名的优选IP任务已存在']);
}
Db::name('optimizeip')->insert($task);
return json(['code' => 0, 'msg' => '添加成功']);
} elseif ($action == 'edit') {
$id = input('post.id/d');
$task = [
'did' => input('post.did/d'),
'rr' => input('post.rr', null, 'trim'),
'type' => input('post.type/d'),
'ip_type' => input('post.ip_type', null, 'trim'),
'cdn_type' => input('post.cdn_type/d'),
'recordnum' => input('post.recordnum/d'),
'ttl' => input('post.ttl/d'),
'remark' => input('post.remark', null, 'trim'),
];
if (empty($task['did']) || empty($task['rr']) || empty($task['ip_type']) || empty($task['recordnum']) || empty($task['ttl'])) {
return json(['code' => -1, 'msg' => '必填项不能为空']);
}
if ($task['recordnum'] < 1) {
return json(['code' => -1, 'msg' => '解析数量不能少于1个']);
}
if ($task['recordnum'] > 50) {
return json(['code' => -1, 'msg' => '解析数量不能超过50个']);
}
if (Db::name('optimizeip')->where('did', $task['did'])->where('rr', $task['rr'])->where('id', '<>', $id)->find()) {
return json(['code' => -1, 'msg' => '当前域名的优选IP任务已存在']);
}
Db::name('optimizeip')->where('id', $id)->update($task);
return json(['code' => 0, 'msg' => '修改成功']);
} elseif ($action == 'setactive') {
$id = input('post.id/d');
$active = input('post.active/d');
Db::name('optimizeip')->where('id', $id)->update(['active' => $active]);
return json(['code' => 0, 'msg' => '设置成功']);
} elseif ($action == 'del') {
$id = input('post.id/d');
Db::name('optimizeip')->where('id', $id)->delete();
return json(['code' => 0, 'msg' => '删除成功']);
} elseif ($action == 'run') {
$id = input('post.id/d');
$task = Db::name('optimizeip')->where('id', $id)->find();
if (empty($task)) return json(['code' => -1, 'msg' => '任务不存在']);
try {
$result = (new OptimizeService())->execute_one($task);
Db::name('optimizeip')->where('id', $id)->update(['status' => 1, 'errmsg' => null, 'updatetime' => date('Y-m-d H:i:s')]);
return json(['code' => 0, 'msg' => '优选任务执行成功:' . $result]);
} catch (Exception $e) {
Db::name('optimizeip')->where('id', $id)->update(['status' => 2, 'errmsg' => $e->getMessage(), 'updatetime' => date('Y-m-d H:i:s')]);
return json(['code' => -1, 'msg' => '优选任务执行失败:' . $e->getMessage(), 'stack' => $e->__toString()]);
}
} else {
return json(['code' => -1, 'msg' => '参数错误']);
}
}
$task = null;
if ($action == 'edit') {
$id = input('get.id/d');
$task = Db::name('optimizeip')->where('id', $id)->find();
if (empty($task)) return $this->alert('error', '任务不存在');
}
$domains = [];
foreach (Db::name('domain')->alias('A')->join('account B', 'A.aid = B.id')->field('A.*')->where('B.type', '<>', 'cloudflare')->select() as $row) {
$domains[$row['id']] = $row['name'];
}
View::assign('domains', $domains);
View::assign('info', $task);
View::assign('action', $action);
return View::fetch();
}
public function queryapi()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
$optimize_ip_api = input('post.optimize_ip_api/d');
$optimize_ip_key = input('post.optimize_ip_key', null, 'trim');
if (empty($optimize_ip_key)) return json(['code' => -1, 'msg' => '参数不能为空']);
try {
$result = (new OptimizeService())->get_license($optimize_ip_api, $optimize_ip_key);
return json(['code' => 0, 'msg' => '当前积分余额:' . $result]);
} catch (Exception $e) {
return json(['code' => -1, 'msg' => $e->getMessage()]);
}
}
public function status()
{
$run_time = Db::name('optimizeip')->where('active', 1)->order('updatetime', 'desc')->value('updatetime');
$run_state = $run_time ? (time() - strtotime($run_time) > 3600 ? 0 : 1) : 0;
return $run_state == 1 ? 'ok' : 'error';
}
}

165
app/controller/Schedule.php Normal file
View File

@@ -0,0 +1,165 @@
<?php
namespace app\controller;
use app\BaseController;
use think\facade\Db;
use think\facade\View;
use think\facade\Cache;
use app\service\ScheduleService;
class Schedule extends BaseController
{
public function stask()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
return View::fetch();
}
public function stask_data()
{
if (!checkPermission(2)) return json(['total' => 0, 'rows' => []]);
$type = input('post.type/d', 1);
$kw = input('post.kw', null, 'trim');
$stype = input('post.stype', null);
$offset = input('post.offset/d');
$limit = input('post.limit/d');
$select = Db::name('sctask')->alias('A')->join('domain B', 'A.did = B.id');
if (!empty($kw)) {
if ($type == 1) {
$select->whereLike('rr|B.name', '%' . $kw . '%');
} elseif ($type == 2) {
$select->where('recordid', $kw);
} elseif ($type == 3) {
$select->where('value', $kw);
} elseif ($type == 4) {
$select->whereLike('remark', '%' . $kw . '%');
}
}
if (!isNullOrEmpty($stype)) {
$select->where('type', $stype);
}
$total = $select->count();
$list = $select->order('A.id', 'desc')->limit($offset, $limit)->field('A.*,B.name domain')->select()->toArray();
foreach ($list as &$row) {
$row['addtimestr'] = date('Y-m-d H:i:s', $row['addtime']);
$row['updatetimestr'] = $row['updatetime'] > 0 ? date('Y-m-d H:i:s', $row['updatetime']) : '未运行';
$row['nexttimestr'] = $row['nexttime'] > 0 ? date('Y-m-d H:i:s', $row['nexttime']) : '无';
}
return json(['total' => $total, 'rows' => $list]);
}
public function stask_op()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
$action = input('param.action');
if ($action == 'add') {
$task = [
'did' => input('post.did/d'),
'rr' => input('post.rr', null, 'trim'),
'recordid' => input('post.recordid', null, 'trim'),
'type' => input('post.type/d'),
'cycle' => input('post.cycle/d'),
'switchtype' => input('post.switchtype/d'),
'switchdate' => input('post.switchdate', null, 'trim'),
'switchtime' => input('post.switchtime', null, 'trim'),
'value' => input('post.value', null, 'trim'),
'line' => input('post.line', null, 'trim'),
'remark' => input('post.remark', null, 'trim'),
'recordinfo' => input('post.recordinfo', null, 'trim'),
'addtime' => time(),
'active' => 1
];
if (empty($task['did']) || empty($task['rr']) || empty($task['recordid'])) {
return json(['code' => -1, 'msg' => '必填项不能为空']);
}
if (Db::name('sctask')->where('recordid', $task['recordid'])->where('switchtype', $task['switchtype'])->where('switchtime', $task['switchtime'])->find()) {
return json(['code' => -1, 'msg' => '当前定时切换策略已存在']);
}
$id = Db::name('sctask')->insertGetId($task);
$row = Db::name('sctask')->where('id', $id)->find();
(new ScheduleService())->update_nexttime($row);
return json(['code' => 0, 'msg' => '添加成功']);
} elseif ($action == 'edit') {
$id = input('post.id/d');
$task = [
'did' => input('post.did/d'),
'rr' => input('post.rr', null, 'trim'),
'recordid' => input('post.recordid', null, 'trim'),
'type' => input('post.type/d'),
'cycle' => input('post.cycle/d'),
'switchtype' => input('post.switchtype/d'),
'switchdate' => input('post.switchdate', null, 'trim'),
'switchtime' => input('post.switchtime', null, 'trim'),
'value' => input('post.value', null, 'trim'),
'line' => input('post.line', null, 'trim'),
'remark' => input('post.remark', null, 'trim'),
'recordinfo' => input('post.recordinfo', null, 'trim'),
];
if (empty($task['did']) || empty($task['rr']) || empty($task['recordid'])) {
return json(['code' => -1, 'msg' => '必填项不能为空']);
}
if (Db::name('sctask')->where('recordid', $task['recordid'])->where('switchtype', $task['switchtype'])->where('switchtime', $task['switchtime'])->where('id', '<>', $id)->find()) {
return json(['code' => -1, 'msg' => '当前定时切换策略已存在']);
}
Db::name('sctask')->where('id', $id)->update($task);
$row = Db::name('sctask')->where('id', $id)->find();
(new ScheduleService())->update_nexttime($row);
return json(['code' => 0, 'msg' => '修改成功']);
} elseif ($action == 'setactive') {
$id = input('post.id/d');
$active = input('post.active/d');
Db::name('sctask')->where('id', $id)->update(['active' => $active]);
return json(['code' => 0, 'msg' => '设置成功']);
} elseif ($action == 'del') {
$id = input('post.id/d');
Db::name('sctask')->where('id', $id)->delete();
return json(['code' => 0, 'msg' => '删除成功']);
} elseif ($action == 'operation') {
$ids = input('post.ids');
$success = 0;
foreach ($ids as $id) {
if (input('post.act') == 'delete') {
Db::name('sctask')->where('id', $id)->delete();
$success++;
} elseif (input('post.act') == 'open' || input('post.act') == 'close') {
$isauto = input('post.act') == 'open' ? 1 : 0;
Db::name('sctask')->where('id', $id)->update(['active' => $isauto]);
$success++;
}
}
return json(['code' => 0, 'msg' => '成功操作' . $success . '个定时切换策略']);
} else {
return json(['code' => -1, 'msg' => '参数错误']);
}
}
public function staskform()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
$action = input('param.action');
$task = null;
if ($action == 'edit') {
$id = input('get.id/d');
$task = Db::name('sctask')->where('id', $id)->find();
if (empty($task)) return $this->alert('error', '切换策略不存在');
}
$domains = [];
$domainList = Db::name('domain')->alias('A')->join('account B', 'A.aid = B.id')->field('A.id,A.name,B.type')->select();
foreach ($domainList as $row) {
$domains[] = ['id'=>$row['id'], 'name'=>$row['name'], 'type'=>$row['type']];
}
View::assign('domains', $domains);
View::assign('info', $task);
View::assign('action', $action);
return View::fetch();
}
}

246
app/controller/System.php
View File

@@ -1,98 +1,150 @@
<?php
namespace app\controller;
use app\BaseController;
use Exception;
use think\facade\Db;
use think\facade\View;
use think\facade\Cache;
class System extends BaseController
{
public function noticeset()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
if ($this->request->isPost()) {
$params = input('post.');
if (isset($params['mail_type']) && isset($params['mail_name2']) && $params['mail_type'] > 0) {
$params['mail_name'] = $params['mail_name2'];
unset($params['mail_name2']);
}
foreach ($params as $key => $value) {
if (empty($key)) {
continue;
}
config_set($key, $value);
Cache::delete('configs');
}
return json(['code' => 0, 'msg' => 'succ']);
}
return View::fetch();
}
public function proxyset()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
if ($this->request->isPost()) {
$params = input('post.');
foreach ($params as $key => $value) {
if (empty($key)) {
continue;
}
config_set($key, $value);
Cache::delete('configs');
}
return json(['code' => 0, 'msg' => 'succ']);
}
return View::fetch();
}
public function mailtest()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
$mail_name = config_get('mail_recv') ? config_get('mail_recv') : config_get('mail_name');
if (empty($mail_name)) return json(['code' => -1, 'msg' => '您还未设置邮箱!']);
$result = \app\utils\MsgNotice::send_mail($mail_name, '邮件发送测试。', '这是一封测试邮件!<br/><br/>来自:' . $this->request->root(true));
if ($result === true) {
return json(['code' => 0, 'msg' => '邮件发送成功!']);
} else {
return json(['code' => -1, 'msg' => '邮件发送失败!' . $result]);
}
}
public function tgbottest()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
$tgbot_token = config_get('tgbot_token');
$tgbot_chatid = config_get('tgbot_chatid');
if (empty($tgbot_token) || empty($tgbot_chatid)) return json(['code' => -1, 'msg' => '请先保存设置']);
$content = "<strong>消息发送测试</strong>\n\n这是一封测试消息!\n\n来自:" . $this->request->root(true);
$result = \app\utils\MsgNotice::send_telegram_bot($content);
if ($result === true) {
return json(['code' => 0, 'msg' => '消息发送成功!']);
} else {
return json(['code' => -1, 'msg' => '消息发送失败!' . $result]);
}
}
public function proxytest()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
$proxy_server = trim($_POST['proxy_server']);
$proxy_port = $_POST['proxy_port'];
$proxy_user = trim($_POST['proxy_user']);
$proxy_pwd = trim($_POST['proxy_pwd']);
$proxy_type = $_POST['proxy_type'];
try {
check_proxy('https://dl.amh.sh/ip.htm', $proxy_server, $proxy_port, $proxy_type, $proxy_user, $proxy_pwd);
} catch (Exception $e) {
try {
check_proxy('https://myip.ipip.net/', $proxy_server, $proxy_port, $proxy_type, $proxy_user, $proxy_pwd);
} catch (Exception $e) {
return json(['code' => -1, 'msg' => $e->getMessage()]);
}
}
return json(['code' => 0]);
}
<?php
namespace app\controller;
use app\BaseController;
use Exception;
use think\facade\Db;
use think\facade\View;
use think\facade\Cache;
use app\service\OptimizeService;
use app\service\CertTaskService;
use app\service\ExpireNoticeService;
use app\service\ScheduleService;
class System extends BaseController
{
public function set()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
$params = input('post.');
if (isset($params['mail_type']) && isset($params['mail_name2']) && $params['mail_type'] > 0) {
$params['mail_name'] = $params['mail_name2'];
unset($params['mail_name2']);
}
foreach ($params as $key => $value) {
if (empty($key)) {
continue;
}
config_set($key, $value);
}
Cache::delete('configs');
return json(['code' => 0, 'msg' => 'succ']);
}
public function loginset()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
return View::fetch();
}
public function noticeset()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
return View::fetch();
}
public function proxyset()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
return View::fetch();
}
public function mailtest()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
$mail_name = config_get('mail_recv') ? config_get('mail_recv') : config_get('mail_name');
if (empty($mail_name)) return json(['code' => -1, 'msg' => '您还未设置邮箱!']);
$result = \app\utils\MsgNotice::send_mail($mail_name, '邮件发送测试。', '这是一封测试邮件!<br/><br/>来自:' . $this->request->root(true));
if ($result === true) {
return json(['code' => 0, 'msg' => '邮件发送成功!']);
} else {
return json(['code' => -1, 'msg' => '邮件发送失败!' . $result]);
}
}
public function tgbottest()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
$tgbot_token = config_get('tgbot_token');
$tgbot_chatid = config_get('tgbot_chatid');
if (empty($tgbot_token) || empty($tgbot_chatid)) return json(['code' => -1, 'msg' => '请先保存设置']);
$content = "<strong>消息发送测试</strong>\n\n这是一封测试消息!\n\n来自:" . $this->request->root(true);
$result = \app\utils\MsgNotice::send_telegram_bot($content);
if ($result === true) {
return json(['code' => 0, 'msg' => '消息发送成功!']);
} else {
return json(['code' => -1, 'msg' => '消息发送失败!' . $result]);
}
}
public function webhooktest()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
$webhook_url = config_get('webhook_url');
if (empty($webhook_url)) return json(['code' => -1, 'msg' => '请先保存设置']);
$content = "这是一封测试消息!\n来自:" . $this->request->root(true);
$result = \app\utils\MsgNotice::send_webhook('消息发送测试', $content);
if ($result === true) {
return json(['code' => 0, 'msg' => '消息发送成功!']);
} else {
return json(['code' => -1, 'msg' => '消息发送失败!' . $result]);
}
}
public function proxytest()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
$proxy_server = input('post.proxy_server', '', 'trim');
$proxy_port = input('post.proxy_port/d', 0);
$proxy_user = input('post.proxy_user', '', 'trim');
$proxy_pwd = input('post.proxy_pwd', '', 'trim');
$proxy_type = input('post.proxy_type', 'http', 'trim');
try {
check_proxy('https://dl.amh.sh/ip.htm', $proxy_server, $proxy_port, $proxy_type, $proxy_user, $proxy_pwd);
} catch (Exception $e) {
try {
check_proxy('https://myip.ipip.net/', $proxy_server, $proxy_port, $proxy_type, $proxy_user, $proxy_pwd);
} catch (Exception $e) {
return json(['code' => -1, 'msg' => $e->getMessage()]);
}
}
return json(['code' => 0]);
}
public function cronset()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
if (config_get('cron_key') === null) {
config_set('cron_key', random(10));
Cache::delete('configs');
}
View::assign('is_user_www', isset($_SERVER['USER']) && $_SERVER['USER'] == 'www');
View::assign('siteurl', request()->root(true));
return View::fetch();
}
public function cron()
{
if (function_exists("set_time_limit")) {
@set_time_limit(0);
}
if (function_exists("ignore_user_abort")) {
@ignore_user_abort(true);
}
if (isset($_SERVER['HTTP_USER_AGENT']) && str_contains($_SERVER['HTTP_USER_AGENT'], 'Baiduspider')) exit;
$key = input('get.key', '');
$cron_key = config_get('cron_key');
if (config_get('cron_type', '0') != '1' || empty($cron_key)) exit('未开启当前方式');
if ($key != $cron_key) exit('访问密钥错误');
(new ScheduleService())->execute();
$res = (new OptimizeService())->execute();
if (!$res) {
(new CertTaskService())->execute();
(new ExpireNoticeService())->task();
}
echo 'success!';
}
}

376
app/controller/User.php
View File

@@ -1,188 +1,188 @@
<?php
namespace app\controller;
use app\BaseController;
use think\facade\Db;
use think\facade\View;
use think\facade\Request;
class User extends BaseController
{
public function user()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
$list = Db::name('domain')->select();
$domains = [];
foreach ($list as $row) {
$domains[] = $row['name'];
}
View::assign('domains', $domains);
return view();
}
public function user_data()
{
if (!checkPermission(2)) return json(['total' => 0, 'rows' => []]);
$kw = input('post.kw', null, 'trim');
$offset = input('post.offset/d');
$limit = input('post.limit/d');
$select = Db::name('user');
if (!empty($kw)) {
$select->whereLike('id|username', $kw);
}
$total = $select->count();
$rows = $select->order('id', 'desc')->limit($offset, $limit)->select();
return json(['total' => $total, 'rows' => $rows]);
}
public function user_op()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
$act = input('param.act');
if ($act == 'get') {
$id = input('post.id/d');
$row = Db::name('user')->where('id', $id)->find();
if (!$row) {
return json(['code' => -1, 'msg' => '用户不存在']);
}
$row['permission'] = Db::name('permission')->where('uid', $id)->column('domain');
return json(['code' => 0, 'data' => $row]);
} elseif ($act == 'add') {
$username = input('post.username', null, 'trim');
$password = input('post.password', null, 'trim');
$is_api = input('post.is_api/d');
$apikey = input('post.apikey', null, 'trim');
$level = input('post.level/d');
if (empty($username) || empty($password)) {
return json(['code' => -1, 'msg' => '用户名或密码不能为空']);
}
if ($is_api == 1 && empty($apikey)) {
return json(['code' => -1, 'msg' => 'API密钥不能为空']);
}
if (Db::name('user')->where('username', $username)->find()) {
return json(['code' => -1, 'msg' => '用户名已存在']);
}
$uid = Db::name('user')->insertGetId([
'username' => $username,
'password' => password_hash($password, PASSWORD_DEFAULT),
'is_api' => $is_api,
'apikey' => $apikey,
'level' => $level,
'regtime' => date('Y-m-d H:i:s'),
'status' => 1,
]);
if ($level == 1) {
$permission = input('post.permission/a');
if (!empty($permission)) {
$data = [];
foreach ($permission as $domain) {
$data[] = ['uid' => $uid, 'domain' => $domain];
}
Db::name('permission')->insertAll($data);
}
}
return json(['code' => 0, 'msg' => '添加用户成功!']);
} elseif ($act == 'edit') {
$id = input('post.id/d');
$row = Db::name('user')->where('id', $id)->find();
if (!$row) return json(['code' => -1, 'msg' => '用户不存在']);
$username = input('post.username', null, 'trim');
$is_api = input('post.is_api/d');
$apikey = input('post.apikey', null, 'trim');
$level = input('post.level/d');
$repwd = input('post.repwd', null, 'trim');
if (empty($username)) {
return json(['code' => -1, 'msg' => '用户名不能为空']);
}
if ($is_api == 1 && empty($apikey)) {
return json(['code' => -1, 'msg' => 'API密钥不能为空']);
}
if (Db::name('user')->where('username', $username)->where('id', '<>', $id)->find()) {
return json(['code' => -1, 'msg' => '用户名已存在']);
}
if ($level == 1 && ($id == 1000 || $id == $this->request->user['id'])) {
$level = 2;
}
Db::name('user')->where('id', $id)->update([
'username' => $username,
'is_api' => $is_api,
'apikey' => $apikey,
'level' => $level,
]);
Db::name('permission')->where(['uid' => $id])->delete();
if ($level == 1) {
$permission = input('post.permission/a');
if (!empty($permission)) {
$data = [];
foreach ($permission as $domain) {
$data[] = ['uid' => $id, 'domain' => $domain];
}
Db::name('permission')->insertAll($data);
}
}
if (!empty($repwd)) {
Db::name('user')->where('id', $id)->update(['password' => password_hash($repwd, PASSWORD_DEFAULT)]);
}
return json(['code' => 0, 'msg' => '修改用户成功!']);
} elseif ($act == 'set') {
$id = input('post.id/d');
$status = input('post.status/d');
if ($id == 1000) {
return json(['code' => -1, 'msg' => '此用户无法修改状态']);
}
if ($id == $this->request->user['id']) {
return json(['code' => -1, 'msg' => '当前登录用户无法修改状态']);
}
Db::name('user')->where('id', $id)->update(['status' => $status]);
return json(['code' => 0]);
} elseif ($act == 'del') {
$id = input('post.id/d');
if ($id == 1000) {
return json(['code' => -1, 'msg' => '此用户无法删除']);
}
if ($id == $this->request->user['id']) {
return json(['code' => -1, 'msg' => '当前登录用户无法删除']);
}
Db::name('user')->where('id', $id)->delete();
return json(['code' => 0]);
}
return json(['code' => -3]);
}
public function log()
{
return view();
}
public function log_data()
{
$uid = input('post.uid', null, 'trim');
$kw = input('post.kw', null, 'trim');
$domain = input('post.domain', null, 'trim');
$offset = input('post.offset/d');
$limit = input('post.limit/d');
$select = Db::name('log');
if ($this->request->user['type'] == 'domain') {
$select->where('domain', $this->request->user['name']);
} elseif ($this->request->user['level'] == 1) {
$select->where('uid', $this->request->user['id']);
} elseif (!empty($uid)) {
$select->where('uid', $uid);
}
if (!empty($kw)) {
$select->whereLike('action|data', '%' . $kw . '%');
}
if (!empty($domain)) {
$select->where('domain', $domain);
}
$total = $select->count();
$rows = $select->order('id', 'desc')->limit($offset, $limit)->select();
return json(['total' => $total, 'rows' => $rows]);
}
}
<?php
namespace app\controller;
use app\BaseController;
use think\facade\Db;
use think\facade\View;
use think\facade\Request;
class User extends BaseController
{
public function user()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
$list = Db::name('domain')->select();
$domains = [];
foreach ($list as $row) {
$domains[] = $row['name'];
}
View::assign('domains', $domains);
return view();
}
public function user_data()
{
if (!checkPermission(2)) return json(['total' => 0, 'rows' => []]);
$kw = input('post.kw', null, 'trim');
$offset = input('post.offset/d');
$limit = input('post.limit/d');
$select = Db::name('user');
if (!empty($kw)) {
$select->whereLike('id|username', $kw);
}
$total = $select->count();
$rows = $select->order('id', 'desc')->limit($offset, $limit)->select();
return json(['total' => $total, 'rows' => $rows]);
}
public function user_op()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
$act = input('param.act');
if ($act == 'get') {
$id = input('post.id/d');
$row = Db::name('user')->where('id', $id)->find();
if (!$row) {
return json(['code' => -1, 'msg' => '用户不存在']);
}
$row['permission'] = Db::name('permission')->where('uid', $id)->column('domain');
return json(['code' => 0, 'data' => $row]);
} elseif ($act == 'add') {
$username = input('post.username', null, 'trim');
$password = input('post.password', null, 'trim');
$is_api = input('post.is_api/d');
$apikey = input('post.apikey', null, 'trim');
$level = input('post.level/d');
if (empty($username) || empty($password)) {
return json(['code' => -1, 'msg' => '用户名或密码不能为空']);
}
if ($is_api == 1 && empty($apikey)) {
return json(['code' => -1, 'msg' => 'API密钥不能为空']);
}
if (Db::name('user')->where('username', $username)->find()) {
return json(['code' => -1, 'msg' => '用户名已存在']);
}
$uid = Db::name('user')->insertGetId([
'username' => $username,
'password' => password_hash($password, PASSWORD_DEFAULT),
'is_api' => $is_api,
'apikey' => $apikey,
'level' => $level,
'regtime' => date('Y-m-d H:i:s'),
'status' => 1,
]);
if ($level == 1) {
$permission = input('post.permission/a');
if (!empty($permission)) {
$data = [];
foreach ($permission as $domain) {
$data[] = ['uid' => $uid, 'domain' => $domain];
}
Db::name('permission')->insertAll($data);
}
}
return json(['code' => 0, 'msg' => '添加用户成功!']);
} elseif ($act == 'edit') {
$id = input('post.id/d');
$row = Db::name('user')->where('id', $id)->find();
if (!$row) return json(['code' => -1, 'msg' => '用户不存在']);
$username = input('post.username', null, 'trim');
$is_api = input('post.is_api/d');
$apikey = input('post.apikey', null, 'trim');
$level = input('post.level/d');
$repwd = input('post.repwd', null, 'trim');
if (empty($username)) {
return json(['code' => -1, 'msg' => '用户名不能为空']);
}
if ($is_api == 1 && empty($apikey)) {
return json(['code' => -1, 'msg' => 'API密钥不能为空']);
}
if (Db::name('user')->where('username', $username)->where('id', '<>', $id)->find()) {
return json(['code' => -1, 'msg' => '用户名已存在']);
}
if ($level == 1 && ($id == 1000 || $id == $this->request->user['id'])) {
$level = 2;
}
Db::name('user')->where('id', $id)->update([
'username' => $username,
'is_api' => $is_api,
'apikey' => $apikey,
'level' => $level,
]);
Db::name('permission')->where(['uid' => $id])->delete();
if ($level == 1) {
$permission = input('post.permission/a');
if (!empty($permission)) {
$data = [];
foreach ($permission as $domain) {
$data[] = ['uid' => $id, 'domain' => $domain];
}
Db::name('permission')->insertAll($data);
}
}
if (!empty($repwd)) {
Db::name('user')->where('id', $id)->update(['password' => password_hash($repwd, PASSWORD_DEFAULT)]);
}
return json(['code' => 0, 'msg' => '修改用户成功!']);
} elseif ($act == 'set') {
$id = input('post.id/d');
$status = input('post.status/d');
if ($id == 1000) {
return json(['code' => -1, 'msg' => '此用户无法修改状态']);
}
if ($id == $this->request->user['id']) {
return json(['code' => -1, 'msg' => '当前登录用户无法修改状态']);
}
Db::name('user')->where('id', $id)->update(['status' => $status]);
return json(['code' => 0]);
} elseif ($act == 'del') {
$id = input('post.id/d');
if ($id == 1000) {
return json(['code' => -1, 'msg' => '此用户无法删除']);
}
if ($id == $this->request->user['id']) {
return json(['code' => -1, 'msg' => '当前登录用户无法删除']);
}
Db::name('user')->where('id', $id)->delete();
return json(['code' => 0]);
}
return json(['code' => -3]);
}
public function log()
{
return view();
}
public function log_data()
{
$uid = input('post.uid', null, 'trim');
$kw = input('post.kw', null, 'trim');
$domain = input('post.domain', null, 'trim');
$offset = input('post.offset/d');
$limit = input('post.limit/d');
$select = Db::name('log');
if ($this->request->user['type'] == 'domain') {
$select->where('domain', $this->request->user['name']);
} elseif ($this->request->user['level'] == 1) {
$select->where('uid', $this->request->user['id']);
} elseif (!isNullOrEmpty($uid)) {
$select->where('uid', $uid);
}
if (!empty($kw)) {
$select->whereLike('action|data', '%' . $kw . '%');
}
if (!empty($domain)) {
$select->where('domain', $domain);
}
$total = $select->count();
$rows = $select->order('id', 'desc')->limit($offset, $limit)->select();
return json(['total' => $total, 'rows' => $rows]);
}
}

3869
app/data/domain_root.txt
View File

File diff suppressed because it is too large Load Diff

784
app/lib/CertHelper.php
View File

@@ -1,349 +1,435 @@
<?php
namespace app\lib;
use think\facade\Db;
class CertHelper
{
public static $cert_config = [
'letsencrypt' => [
'name' => 'Let\'s Encrypt',
'class' => 1,
'icon' => 'letsencrypt.ico',
'wildcard' => true,
'max_domains' => 100,
'cname' => true,
'note' => null,
'inputs' => [
'email' => [
'name' => '邮箱地址',
'type' => 'input',
'placeholder' => '用于注册Let\'s Encrypt账号',
'required' => true,
],
'mode' => [
'name' => '环境选择',
'type' => 'radio',
'options' => [
'live' => '正式环境',
'staging' => '测试环境',
],
'value' => 'live'
],
'proxy' => [
'name' => '使用代理服务器',
'type' => 'radio',
'options' => [
'0' => '否',
'1' => '是',
],
'value' => '0'
],
]
],
'zerossl' => [
'name' => 'ZeroSSL',
'class' => 1,
'icon' => 'zerossl.ico',
'wildcard' => true,
'max_domains' => 100,
'cname' => true,
'note' => '<a href="https://app.zerossl.com/developer" target="_blank" rel="noreferrer">ZeroSSL密钥生成地址</a>',
'inputs' => [
'email' => [
'name' => '邮箱地址',
'type' => 'input',
'placeholder' => 'EAB申请邮箱',
'required' => true,
],
'kid' => [
'name' => 'EAB KID',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'key' => [
'name' => 'EAB HMAC Key',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'proxy' => [
'name' => '使用代理服务器',
'type' => 'radio',
'options' => [
'0' => '否',
'1' => '',
],
'value' => '0'
],
]
],
'google' => [
'name' => 'Google SSL',
'class' => 1,
'icon' => 'google.ico',
'wildcard' => true,
'max_domains' => 100,
'cname' => true,
'note' => '<a href="https://cloud.google.com/certificate-manager/docs/public-ca-tutorial" target="_blank" rel="noreferrer">查看Google SSL账户配置说明</a>',
'inputs' => [
'email' => [
'name' => '邮箱地址',
'type' => 'input',
'placeholder' => 'EAB申请邮箱',
'required' => true,
],
'kid' => [
'name' => 'keyId',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'key' => [
'name' => 'b64MacKey',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'mode' => [
'name' => '环境选择',
'type' => 'radio',
'options' => [
'live' => '正式环境',
'staging' => '测试环境',
],
'value' => 'live'
],
'proxy' => [
'name' => '使用代理服务器',
'type' => 'radio',
'options' => [
'0' => '',
'1' => '是',
],
'value' => '0'
],
]
],
'tencent' => [
'name' => '腾讯云免费SSL',
'class' => 2,
'icon' => 'tencent.ico',
'wildcard' => false,
'max_domains' => 1,
'cname' => false,
'note' => '一个账号有50张免费证书额度证书到期或吊销可释放额度。<a href="https://cloud.tencent.com/document/product/400/89868" target="_blank" rel="noreferrer">腾讯云免费SSL简介与额度说明</a>',
'inputs' => [
'SecretId' => [
'name' => 'SecretId',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'SecretKey' => [
'name' => 'SecretKey',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'email' => [
'name' => '邮箱地址',
'type' => 'input',
'placeholder' => '申请证书时填写的邮箱',
'required' => true,
],
]
],
'aliyun' => [
'name' => '阿里云免费SSL',
'class' => 2,
'icon' => 'aliyun.ico',
'wildcard' => false,
'max_domains' => 1,
'cname' => false,
'note' => '每个自然年有20张免费证书额度证书到期或吊销不释放额度。需要先进入阿里云控制台-<a href="https://yundun.console.aliyun.com/?p=cas#/certExtend/free/cn-hangzhou" target="_blank" rel="noreferrer">数字证书管理服务</a>,购买个人测试证书资源包。',
'inputs' => [
'AccessKeyId' => [
'name' => 'AccessKeyId',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'AccessKeySecret' => [
'name' => 'AccessKeySecret',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'username' => [
'name' => '姓名',
'type' => 'input',
'placeholder' => '申请联系人的姓名',
'required' => true,
],
'phone' => [
'name' => '手机号码',
'type' => 'input',
'placeholder' => '申请联系人的手机号码',
'required' => true,
],
'email' => [
'name' => '邮箱地址',
'type' => 'input',
'placeholder' => '申请联系人的邮箱地址',
'required' => true,
],
]
],
'ucloud' => [
'name' => 'UCloud免费SSL',
'class' => 2,
'icon' => 'ucloud.ico',
'wildcard' => false,
'max_domains' => 1,
'cname' => false,
'note' => '一个账号有40张免费证书额度证书到期或吊销可释放额度。',
'inputs' => [
'PublicKey' => [
'name' => '公钥',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'PrivateKey' => [
'name' => '私钥',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'username' => [
'name' => '姓名',
'type' => 'input',
'placeholder' => '申请联系人的姓名',
'required' => true,
],
'phone' => [
'name' => '手机号码',
'type' => 'input',
'placeholder' => '申请联系人的手机号码',
'required' => true,
],
'email' => [
'name' => '邮箱地址',
'type' => 'input',
'placeholder' => '申请联系人的邮箱地址',
'required' => true,
],
]
],
'customacme' => [
'name' => '自定义ACME',
'class' => 1,
'icon' => 'ssl.ico',
'wildcard' => true,
'max_domains' => 100,
'cname' => true,
'note' => null,
'inputs' => [
'directory' => [
'name' => 'ACME地址',
'type' => 'input',
'placeholder' => 'ACME Directory 地址',
'required' => true,
],
'email' => [
'name' => '邮箱地址',
'type' => 'input',
'placeholder' => '证书申请邮箱',
'required' => true,
],
'kid' => [
'name' => 'EAB KID',
'type' => 'input',
'placeholder' => '留空则不使用EAB认证',
],
'key' => [
'name' => 'EAB HMAC Key',
'type' => 'input',
'placeholder' => '留空则不使用EAB认证',
],
'proxy' => [
'name' => '使用代理服务器',
'type' => 'radio',
'options' => [
'0' => '',
'1' => '是',
],
'value' => '0'
],
]
],
];
public static $class_config = [
1 => '基于ACME的SSL证书',
2 => '云服务商的SSL证书',
];
public static function getList()
{
return self::$cert_config;
}
private static function getConfig($aid)
{
$account = Db::name('cert_account')->where('id', $aid)->find();
if (!$account) return false;
return $account;
}
public static function getInputs($type, $config = null)
{
$config = $config ? json_decode($config, true) : [];
$inputs = self::$cert_config[$type]['inputs'];
foreach ($inputs as &$input) {
if (isset($config[$input['name']])) {
$input['value'] = $config[$input['name']];
}
}
return $inputs;
}
/**
* @return CertInterface|bool
*/
public static function getModel($aid)
{
$account = self::getConfig($aid);
if (!$account) return false;
$type = $account['type'];
$class = "\\app\\lib\\cert\\{$type}";
if (class_exists($class)) {
$config = json_decode($account['config'], true);
$ext = $account['ext'] ? json_decode($account['ext'], true) : null;
$model = new $class($config, $ext);
return $model;
}
return false;
}
/**
* @return CertInterface|bool
*/
public static function getModel2($type, $config, $ext = null)
{
$class = "\\app\\lib\\cert\\{$type}";
if (class_exists($class)) {
$model = new $class($config, $ext);
return $model;
}
return false;
}
public static function getPfx($fullchain, $privatekey, $pwd = '123456'){
openssl_pkcs12_export($fullchain, $pfx, $privatekey, $pwd);
return $pfx;
}
}
<?php
namespace app\lib;
use think\facade\Db;
class CertHelper
{
public static $cert_config = [
'letsencrypt' => [
'name' => 'Let\'s Encrypt',
'class' => 1,
'icon' => 'letsencrypt.ico',
'wildcard' => true,
'max_domains' => 100,
'cname' => true,
'note' => null,
'inputs' => [
'email' => [
'name' => '邮箱地址',
'type' => 'input',
'placeholder' => '用于注册Let\'s Encrypt账号',
'required' => true,
],
'mode' => [
'name' => '环境选择',
'type' => 'radio',
'options' => [
'live' => '正式环境',
'staging' => '测试环境',
],
'value' => 'live'
],
'proxy' => [
'name' => '使用代理服务器',
'type' => 'radio',
'options' => [
'0' => '否',
'1' => '是',
],
'value' => '0'
],
]
],
'zerossl' => [
'name' => 'ZeroSSL',
'class' => 1,
'icon' => 'zerossl.ico',
'wildcard' => true,
'max_domains' => 100,
'cname' => true,
'note' => '<a href="https://app.zerossl.com/developer" target="_blank" rel="noreferrer">ZeroSSL密钥手动获取</a>',
'inputs' => [
'email' => [
'name' => '邮箱地址',
'type' => 'input',
'placeholder' => 'EAB申请邮箱',
'required' => true,
],
'eabMode' => [
'name' => 'EAB获取方式',
'type' => 'radio',
'options' => [
'auto' => '自动获取',
'manual' => '手动输入',
],
'value' => 'manual'
],
'kid' => [
'name' => 'EAB KID',
'type' => 'input',
'placeholder' => '',
'required' => true,
'show' => 'eabMode==\'manual\'',
],
'key' => [
'name' => 'EAB HMAC Key',
'type' => 'input',
'placeholder' => '',
'required' => true,
'show' => 'eabMode==\'manual\'',
],
'proxy' => [
'name' => '使用代理服务器',
'type' => 'radio',
'options' => [
'0' => '否',
'1' => '是',
],
'value' => '0'
],
]
],
'google' => [
'name' => 'Google SSL',
'class' => 1,
'icon' => 'google.ico',
'wildcard' => true,
'max_domains' => 100,
'cname' => true,
'note' => 'EAB支持通过第三方接口<a href="https://panel.haozi.net" target="_blank" rel="noreferrer">(耗子面板提供)</a>自动获取(不支持测试环境)或手动输入,<a href="https://cloud.google.com/certificate-manager/docs/public-ca-tutorial" target="_blank" rel="noreferrer">查看Google SSL账户手动配置说明</a>',
'inputs' => [
'email' => [
'name' => '邮箱地址',
'type' => 'input',
'placeholder' => 'EAB申请邮箱',
'required' => true,
],
'eabMode' => [
'name' => 'EAB获取方式',
'type' => 'radio',
'options' => [
'auto' => '自动获取',
'manual' => '手动输入',
],
'value' => 'manual'
],
'kid' => [
'name' => 'keyId',
'type' => 'input',
'placeholder' => '',
'required' => true,
'show' => 'eabMode==\'manual\'',
],
'key' => [
'name' => 'b64MacKey',
'type' => 'input',
'placeholder' => '',
'required' => true,
'show' => 'eabMode==\'manual\'',
],
'mode' => [
'name' => '环境选择',
'type' => 'radio',
'options' => [
'live' => '正式环境',
'staging' => '测试环境',
],
'value' => 'live'
],
'proxy' => [
'name' => '使用代理服务器',
'type' => 'radio',
'options' => [
'0' => '否',
'1' => '',
'2' => '是(反向代理)'
],
'value' => '0'
],
'proxy_url' => [
'name' => '反向代理地址',
'type' => 'input',
'placeholder' => 'https://gts.rat.dev',
'required' => true,
'show' => 'proxy==2',
'note' => '反向代理配置参考:
<pre>resolver 8.8.8.8 ipv6=off valid=300s;
resolver_timeout 10s;
location / {
set $empty "";
proxy_pass https://dv.acme-v02.api.pki.goog$empty;
proxy_set_header Accept-Encoding "";
proxy_ssl_session_reuse off;
proxy_ssl_server_name on;
proxy_ssl_protocols TLSv1.2 TLSv1.3;
proxy_http_version 1.1;
sub_filter_once off;
sub_filter_types *;
sub_filter \'dv.acme-v02.api.pki.goog\' \'gts.rat.dev\'; # 替换自己的域名
}</pre>',
],
]
],
'litessl' => [
'name' => 'LiteSSL',
'class' => 1,
'icon' => 'litessl.ico',
'wildcard' => true,
'max_domains' => 100,
'cname' => true,
'note' => '<a href="https://freessl.cn/automation/eab-manager" target="_blank" rel="noreferrer">LiteSSL密钥获取</a>',
'inputs' => [
'email' => [
'name' => '邮箱地址',
'type' => 'input',
'placeholder' => 'EAB申请邮箱',
'required' => true,
],
'kid' => [
'name' => 'EAB KID',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'key' => [
'name' => 'EAB HMAC Key',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'proxy' => [
'name' => '使用代理服务器',
'type' => 'radio',
'options' => [
'0' => '否',
'1' => '是',
],
'value' => '0'
],
]
],
'tencent' => [
'name' => '腾讯云免费SSL',
'class' => 2,
'icon' => 'tencent.png',
'wildcard' => false,
'max_domains' => 1,
'cname' => false,
'note' => '一个账号有50张免费证书额度证书到期或吊销可释放额度。<a href="https://cloud.tencent.com/document/product/400/89868" target="_blank" rel="noreferrer">腾讯云免费SSL简介与额度说明</a>',
'inputs' => [
'SecretId' => [
'name' => 'SecretId',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'SecretKey' => [
'name' => 'SecretKey',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'email' => [
'name' => '邮箱地址',
'type' => 'input',
'placeholder' => '申请证书时填写的邮箱',
'required' => true,
],
'proxy' => [
'name' => '使用代理服务器',
'type' => 'radio',
'options' => [
'0' => '否',
'1' => '是',
],
'value' => '0'
],
]
],
'aliyun' => [
'name' => '阿里云免费SSL',
'class' => 2,
'icon' => 'aliyun.png',
'wildcard' => false,
'max_domains' => 1,
'cname' => false,
'note' => '每个自然年有20张免费证书额度证书到期或吊销不释放额度。需要先进入阿里云控制台-<a href="https://yundun.console.aliyun.com/?p=cas#/instance/test/cn-hangzhou" target="_blank" rel="noreferrer">数字证书管理服务</a>,购买测试证书,并在联系人管理添加联系人。',
'inputs' => [
'AccessKeyId' => [
'name' => 'AccessKeyId',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'AccessKeySecret' => [
'name' => 'AccessKeySecret',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'proxy' => [
'name' => '使用代理服务器',
'type' => 'radio',
'options' => [
'0' => '否',
'1' => '是',
],
'value' => '0'
],
]
],
'ucloud' => [
'name' => 'UCloud免费SSL',
'class' => 2,
'icon' => 'ucloud.ico',
'wildcard' => false,
'max_domains' => 1,
'cname' => false,
'note' => '一个账号有40张免费证书额度证书到期或吊销可释放额度。',
'inputs' => [
'PublicKey' => [
'name' => '公钥',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'PrivateKey' => [
'name' => '私钥',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'username' => [
'name' => '姓名',
'type' => 'input',
'placeholder' => '申请联系人的姓名',
'required' => true,
],
'phone' => [
'name' => '手机号码',
'type' => 'input',
'placeholder' => '申请联系人的手机号码',
'required' => true,
],
'email' => [
'name' => '邮箱地址',
'type' => 'input',
'placeholder' => '申请联系人的邮箱地址',
'required' => true,
],
]
],
'customacme' => [
'name' => '自定义ACME',
'class' => 1,
'icon' => 'ssl.ico',
'wildcard' => true,
'max_domains' => 100,
'cname' => true,
'note' => null,
'inputs' => [
'directory' => [
'name' => 'ACME地址',
'type' => 'input',
'placeholder' => 'ACME Directory 地址',
'required' => true,
],
'email' => [
'name' => '邮箱地址',
'type' => 'input',
'placeholder' => '证书申请邮箱',
'required' => true,
],
'kid' => [
'name' => 'EAB KID',
'type' => 'input',
'placeholder' => '留空则不使用EAB认证',
],
'key' => [
'name' => 'EAB HMAC Key',
'type' => 'input',
'placeholder' => '留空则不使用EAB认证',
],
'proxy' => [
'name' => '使用代理服务器',
'type' => 'radio',
'options' => [
'0' => '否',
'1' => '是',
],
'value' => '0'
],
]
],
];
public static $class_config = [
1 => '基于ACME的SSL证书',
2 => '云服务商的SSL证书',
];
public static function getList()
{
return self::$cert_config;
}
private static function getConfig($aid)
{
$account = Db::name('cert_account')->where('id', $aid)->find();
if (!$account) return false;
return $account;
}
public static function getInputs($type, $config = null)
{
$config = $config ? json_decode($config, true) : [];
$inputs = self::$cert_config[$type]['inputs'];
foreach ($inputs as &$input) {
if (isset($config[$input['name']])) {
$input['value'] = $config[$input['name']];
}
}
return $inputs;
}
/**
* @return CertInterface|bool
*/
public static function getModel($aid)
{
$account = self::getConfig($aid);
if (!$account) return false;
$type = $account['type'];
$class = "\\app\\lib\\cert\\{$type}";
if (class_exists($class)) {
$config = json_decode($account['config'], true);
$ext = $account['ext'] ? json_decode($account['ext'], true) : null;
$model = new $class($config, $ext);
return $model;
}
return false;
}
/**
* @return CertInterface|bool
*/
public static function getModel2($type, $config, $ext = null)
{
$class = "\\app\\lib\\cert\\{$type}";
if (class_exists($class)) {
$model = new $class($config, $ext);
return $model;
}
return false;
}
public static function getPfx($fullchain, $privatekey, $pwd = '123456')
{
openssl_pkcs12_export($fullchain, $pfx, $privatekey, $pwd);
return $pfx;
}
}

48
app/lib/CertInterface.php
View File

@@ -1,24 +1,24 @@
<?php
namespace app\lib;
interface CertInterface
{
function register();
function buyCert($domainList, &$order);
function createOrder($domainList, &$order, $keytype, $keysize);
function authOrder($domainList, $order);
function getAuthStatus($domainList, $order);
function finalizeOrder($domainList, $order, $keytype, $keysize);
function revoke($order, $pem);
function cancel($order);
function setLogger($func);
}
<?php
namespace app\lib;
interface CertInterface
{
function register();
function buyCert($domainList, &$order);
function createOrder($domainList, &$order, $keytype, $keysize);
function authOrder($domainList, $order);
function getAuthStatus($domainList, $order);
function finalizeOrder($domainList, $order, $keytype, $keysize);
function revoke($order, $pem);
function cancel($order);
function setLogger($func);
}

4187
app/lib/DeployHelper.php
View File

File diff suppressed because it is too large Load Diff

24
app/lib/DeployInterface.php
View File

@@ -1,12 +1,12 @@
<?php
namespace app\lib;
interface DeployInterface
{
function check();
function deploy($fullchain, $privatekey, $config, &$info);
function setLogger($func);
}
<?php
namespace app\lib;
interface DeployInterface
{
function check();
function deploy($fullchain, $privatekey, $config, &$info);
function setLogger($func);
}

855
app/lib/DnsHelper.php
View File

@@ -1,176 +1,679 @@
<?php
namespace app\lib;
use think\facade\Db;
class DnsHelper
{
public static $dns_config = [
'aliyun' => [
'name' => '阿里云',
'config' => [
'ak' => 'AccessKeyId',
'sk' => 'AccessKeySecret',
],
'remark' => 1, //是否支持备注1单独设置备注2和记录一起设置
'status' => true, //是否支持启用暂停
'redirect' => true, //是否支持域名转发
'log' => true, //是否支持查看日志
'weight' => false, //是否支持权重
],
'dnspod' => [
'name' => '腾讯云',
'config' => [
'ak' => 'SecretId',
'sk' => 'SecretKey',
],
'remark' => 1,
'status' => true,
'redirect' => true,
'log' => true,
'weight' => true,
],
'huawei' => [
'name' => '华为云',
'config' => [
'ak' => 'AccessKeyId',
'sk' => 'SecretAccessKey',
],
'remark' => 2,
'status' => true,
'redirect' => false,
'log' => false,
'weight' => true,
],
'baidu' => [
'name' => '百度云',
'config' => [
'ak' => 'AccessKey',
'sk' => 'SecretKey',
],
'remark' => 2,
'status' => false,
'redirect' => false,
'log' => false,
'weight' => false,
],
'west' => [
'name' => '西部数码',
'config' => [
'ak' => '用户名',
'sk' => 'API密码',
],
'remark' => 0,
'status' => true,
'redirect' => false,
'log' => false,
'weight' => false,
],
'huoshan' => [
'name' => '火山引擎',
'config' => [
'ak' => 'AccessKeyId',
'sk' => 'SecretAccessKey',
],
'remark' => 2,
'status' => true,
'redirect' => false,
'log' => false,
'weight' => true,
],
'dnsla' => [
'name' => 'DNSLA',
'config' => [
'ak' => 'APIID',
'sk' => 'API密钥',
],
'remark' => 0,
'status' => true,
'redirect' => true,
'log' => false,
'weight' => true,
],
'cloudflare' => [
'name' => 'Cloudflare',
'config' => [
'ak' => '邮箱地址',
'sk' => 'API密钥/令牌',
],
'remark' => 2,
'status' => false,
'redirect' => false,
'log' => false,
'weight' => false,
],
'namesilo' => [
'name' => 'NameSilo',
'config' => [
'ak' => '账户名',
'sk' => 'API Key',
],
'remark' => 0,
'status' => false,
'redirect' => false,
'log' => false,
'weight' => false,
],
];
public static $line_name = [
'aliyun' => ['DEF' => 'default', 'CT' => 'telecom', 'CU' => 'unicom', 'CM' => 'mobile', 'AB' => 'oversea'],
'dnspod' => ['DEF' => '0', 'CT' => '10=0', 'CU' => '10=1', 'CM' => '10=3', 'AB' => '3=0'],
'huawei' => ['DEF' => 'default_view', 'CT' => 'Dianxin', 'CU' => 'Liantong', 'CM' => 'Yidong', 'AB' => 'Abroad'],
'west' => ['DEF' => '', 'CT' => 'LTEL', 'CU' => 'LCNC', 'CM' => 'LMOB', 'AB' => 'LFOR'],
'dnsla' => ['DEF' => '', 'CT' => '84613316902921216', 'CU' => '84613316923892736', 'CM' => '84613316953252864', 'AB' => ''],
'huoshan' => ['DEF' => 'default', 'CT' => 'telecom', 'CU' => 'unicom', 'CM' => 'mobile', 'AB' => 'oversea'],
'baidu' => ['DEF' => 'default', 'CT' => 'ct', 'CU' => 'cnc', 'CM' => 'cmnet', 'AB' => ''],
'cloudflare' => ['DEF' => '0'],
];
public static function getList()
{
return self::$dns_config;
}
private static function getConfig($aid)
{
$account = Db::name('account')->where('id', $aid)->find();
if (!$account) return false;
return $account;
}
/**
* @return DnsInterface|bool
*/
public static function getModel($aid, $domain = null, $domainid = null)
{
$config = self::getConfig($aid);
if (!$config) return false;
$dnstype = $config['type'];
$class = "\\app\\lib\\dns\\{$dnstype}";
if (class_exists($class)) {
$config['domain'] = $domain;
$config['domainid'] = $domainid;
$model = new $class($config);
return $model;
}
return false;
}
/**
* @return DnsInterface|bool
*/
public static function getModel2($config)
{
$dnstype = $config['type'];
$class = "\\app\\lib\\dns\\{$dnstype}";
if (class_exists($class)) {
$config['domain'] = $config['name'];
$config['domainid'] = $config['thirdid'];
$model = new $class($config);
return $model;
}
return false;
}
}
<?php
namespace app\lib;
use think\facade\Db;
class DnsHelper
{
public static $dns_config = [
'aliyun' => [
'name' => '阿里云',
'icon' => 'aliyun.png',
'note' => '',
'config' => [
'AccessKeyId' => [
'name' => 'AccessKeyId',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'AccessKeySecret' => [
'name' => 'AccessKeySecret',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'proxy' => [
'name' => '使用代理服务器',
'type' => 'radio',
'options' => [
'0' => '否',
'1' => '是',
],
'value' => '0'
],
],
'remark' => 1, //是否支持备注1单独设置备注2和记录一起设置
'status' => true, //是否支持启用暂停
'redirect' => true, //是否支持域名转发
'log' => true, //是否支持查看日志
'weight' => false, //是否支持权重
'page' => false, //是否客户端分页
'add' => true, //是否支持添加域名
],
'dnspod' => [
'name' => '腾讯云',
'icon' => 'dnspod.ico',
'note' => '',
'config' => [
'SecretId' => [
'name' => 'SecretId',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'SecretKey' => [
'name' => 'SecretKey',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'proxy' => [
'name' => '使用代理服务器',
'type' => 'radio',
'options' => [
'0' => '否',
'1' => '是',
],
'value' => '0'
],
],
'remark' => 1,
'status' => true,
'redirect' => true,
'log' => true,
'weight' => true,
'page' => false,
'add' => true,
],
'huawei' => [
'name' => '华为云',
'icon' => 'huawei.ico',
'note' => '',
'config' => [
'AccessKeyId' => [
'name' => 'AccessKeyId',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'SecretAccessKey' => [
'name' => 'SecretAccessKey',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'proxy' => [
'name' => '使用代理服务器',
'type' => 'radio',
'options' => [
'0' => '否',
'1' => '是',
],
'value' => '0'
],
],
'remark' => 2,
'status' => true,
'redirect' => false,
'log' => false,
'weight' => true,
'page' => false,
'add' => true,
],
'baidu' => [
'name' => '百度云',
'icon' => 'baidu.ico',
'note' => '',
'config' => [
'AccessKeyId' => [
'name' => 'AccessKeyId',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'SecretAccessKey' => [
'name' => 'SecretAccessKey',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'proxy' => [
'name' => '使用代理服务器',
'type' => 'radio',
'options' => [
'0' => '否',
'1' => '是',
],
'value' => '0'
],
],
'remark' => 2,
'status' => false,
'redirect' => false,
'log' => false,
'weight' => false,
'page' => true,
'add' => true,
],
'west' => [
'name' => '西部数码',
'icon' => 'west.ico',
'note' => '',
'config' => [
'username' => [
'name' => '用户名',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'api_password' => [
'name' => 'API密码',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'proxy' => [
'name' => '使用代理服务器',
'type' => 'radio',
'options' => [
'0' => '否',
'1' => '是',
],
'value' => '0'
],
],
'remark' => 0,
'status' => true,
'redirect' => false,
'log' => false,
'weight' => false,
'page' => false,
'add' => false,
],
'huoshan' => [
'name' => '火山引擎',
'icon' => 'huoshan.ico',
'note' => '',
'config' => [
'AccessKeyId' => [
'name' => 'AccessKeyId',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'SecretAccessKey' => [
'name' => 'SecretAccessKey',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'proxy' => [
'name' => '使用代理服务器',
'type' => 'radio',
'options' => [
'0' => '否',
'1' => '是',
],
'value' => '0'
],
],
'remark' => 2,
'status' => true,
'redirect' => false,
'log' => false,
'weight' => true,
'page' => false,
'add' => true,
],
'jdcloud' => [
'name' => '京东云',
'icon' => 'jdcloud.ico',
'note' => '',
'config' => [
'AccessKeyId' => [
'name' => 'AccessKeyId',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'AccessKeySecret' => [
'name' => 'AccessKeySecret',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'proxy' => [
'name' => '使用代理服务器',
'type' => 'radio',
'options' => [
'0' => '否',
'1' => '是',
],
'value' => '0'
],
],
'remark' => 0,
'status' => true,
'redirect' => true,
'log' => false,
'weight' => true,
'page' => false,
'add' => true,
],
'dnsla' => [
'name' => 'DNSLA',
'icon' => 'dnsla.ico',
'note' => '',
'config' => [
'apiid' => [
'name' => 'APIID',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'apisecret' => [
'name' => 'API密钥',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'proxy' => [
'name' => '使用代理服务器',
'type' => 'radio',
'options' => [
'0' => '否',
'1' => '是',
],
'value' => '0'
],
],
'remark' => 0,
'status' => true,
'redirect' => true,
'log' => false,
'weight' => true,
'page' => false,
'add' => true,
],
'qingcloud' => [
'name' => '青云',
'icon' => 'qingcloud.ico',
'note' => '',
'config' => [
'access_key_id' => [
'name' => 'Access Key ID',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'secret_access_key' => [
'name' => 'Secret Access Key',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'proxy' => [
'name' => '使用代理服务器',
'type' => 'radio',
'options' => [
'0' => '否',
'1' => '是',
],
'value' => '0'
],
],
'remark' => 0,
'status' => true,
'redirect' => false,
'log' => false,
'weight' => true,
'page' => false,
'add' => false,
],
'bt' => [
'name' => '宝塔域名',
'icon' => 'bt.png',
'note' => '',
'config' => [
'AccessKey' => [
'name' => 'Access Key',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'SecretKey' => [
'name' => 'Secret Key',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'AccountID' => [
'name' => 'Account ID',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'proxy' => [
'name' => '使用代理服务器',
'type' => 'radio',
'options' => [
'0' => '否',
'1' => '是',
],
'value' => '0'
],
],
'remark' => 2,
'status' => true,
'redirect' => false,
'log' => false,
'weight' => true,
'page' => false,
'add' => true,
],
'cloudflare' => [
'name' => 'Cloudflare',
'icon' => 'cloudflare.ico',
'note' => '',
'config' => [
'email' => [
'name' => '邮箱地址',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'apikey' => [
'name' => 'API密钥/令牌',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'auth' => [
'name' => '认证方式',
'type' => 'radio',
'options' => [
'0' => 'API密钥',
'1' => 'API令牌',
],
'value' => '0'
],
'proxy' => [
'name' => '使用代理服务器',
'type' => 'radio',
'options' => [
'0' => '否',
'1' => '是',
],
'value' => '0'
],
],
'remark' => 2,
'status' => true,
'redirect' => false,
'log' => false,
'weight' => false,
'page' => false,
'add' => true,
],
'namesilo' => [
'name' => 'NameSilo',
'icon' => 'namesilo.ico',
'note' => '',
'config' => [
'username' => [
'name' => '账户名',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'apikey' => [
'name' => 'API Key',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'proxy' => [
'name' => '使用代理服务器',
'type' => 'radio',
'options' => [
'0' => '否',
'1' => '是',
],
'value' => '0'
],
],
'remark' => 0,
'status' => false,
'redirect' => false,
'log' => false,
'weight' => false,
'page' => true,
'add' => false,
],
'spaceship' => [
'name' => 'Spaceship',
'icon' => 'spaceship.ico',
'note' => '',
'config' => [
'apikey' => [
'name' => 'API Key',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'apisecret' => [
'name' => 'API Secret',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'proxy' => [
'name' => '使用代理服务器',
'type' => 'radio',
'options' => [
'0' => '否',
'1' => '是',
],
'value' => '0'
],
],
'remark' => 0,
'status' => false,
'redirect' => true,
'log' => false,
'weight' => false,
'page' => false,
'add' => false,
],
'powerdns' => [
'name' => 'PowerDNS',
'icon' => 'powerdns.ico',
'note' => '',
'config' => [
'ip' => [
'name' => 'IP地址',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'port' => [
'name' => '端口',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'apikey' => [
'name' => 'API KEY',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'proxy' => [
'name' => '使用代理服务器',
'type' => 'radio',
'options' => [
'0' => '否',
'1' => '是',
],
'value' => '0'
],
],
'remark' => 2,
'status' => true,
'redirect' => false,
'log' => false,
'weight' => false,
'page' => true,
'add' => true,
],
'aliyunesa' => [
'name' => '阿里云ESA',
'icon' => 'aliyun.png',
'note' => '仅支持以NS方式接入阿里云ESA的域名',
'config' => [
'AccessKeyId' => [
'name' => 'AccessKeyId',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'AccessKeySecret' => [
'name' => 'AccessKeySecret',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'region' => [
'name' => 'API接入点',
'type' => 'select',
'options' => [
['value' => 'cn-hangzhou', 'label' => '中国内地'],
['value' => 'ap-southeast-1', 'label' => '非中国内地'],
],
'value' => 'cn-hangzhou',
'required' => true,
],
'proxy' => [
'name' => '使用代理服务器',
'type' => 'radio',
'options' => [
'0' => '否',
'1' => '是',
],
'value' => '0'
],
],
'remark' => 2,
'status' => false,
'redirect' => false,
'log' => false,
'weight' => false,
'page' => false,
'add' => false,
],
'tencenteo' => [
'name' => '腾讯云EO',
'icon' => 'tencent.png',
'note' => '仅支持以NS方式接入腾讯云EO的域名',
'config' => [
'SecretId' => [
'name' => 'SecretId',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'SecretKey' => [
'name' => 'SecretKey',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'site_type' => [
'name' => 'API接入点',
'type' => 'select',
'options' => [
['value' => 'cn', 'label' => '中国内地'],
['value' => 'intl', 'label' => '非中国内地'],
],
'value' => 'cn',
'required' => true,
],
'proxy' => [
'name' => '使用代理服务器',
'type' => 'radio',
'options' => [
'0' => '否',
'1' => '是',
],
'value' => '0'
],
],
'remark' => 0,
'status' => true,
'redirect' => false,
'log' => false,
'weight' => true,
'page' => false,
'add' => false,
],
];
public static $line_name = [
'aliyun' => ['DEF' => 'default', 'CT' => 'telecom', 'CU' => 'unicom', 'CM' => 'mobile', 'AB' => 'oversea'],
'dnspod' => ['DEF' => '0', 'CT' => '10=0', 'CU' => '10=1', 'CM' => '10=3', 'AB' => '3=0'],
'huawei' => ['DEF' => 'default_view', 'CT' => 'Dianxin', 'CU' => 'Liantong', 'CM' => 'Yidong', 'AB' => 'Abroad'],
'west' => ['DEF' => '', 'CT' => 'LTEL', 'CU' => 'LCNC', 'CM' => 'LMOB', 'AB' => 'LFOR'],
'dnsla' => ['DEF' => '', 'CT' => '84613316902921216', 'CU' => '84613316923892736', 'CM' => '84613316953252864', 'AB' => ''],
'huoshan' => ['DEF' => 'default', 'CT' => 'telecom', 'CU' => 'unicom', 'CM' => 'mobile', 'AB' => 'oversea'],
'baidu' => ['DEF' => 'default', 'CT' => 'ct', 'CU' => 'cnc', 'CM' => 'cmnet', 'AB' => ''],
'jdcloud' => ['DEF' => '-1', 'CT' => '1', 'CU' => '2', 'CM' => '3', 'AB' => '4'],
'bt' => ['DEF' => '0', 'CT' => '285344768', 'CU' => '285345792', 'CM' => '285346816'],
'qingcloud' => ['DEF' => '0', 'CT' => '2', 'CU' => '3', 'CM' => '4', 'AB' => '8'],
'cloudflare' => ['DEF' => '0'],
'namesilo' => ['DEF' => 'default'],
'powerdns' => ['DEF' => 'default'],
'spaceship' => ['DEF' => 'default'],
'aliyunesa' => ['DEF' => '0'],
'tencenteo' => ['DEF' => 'Default'],
];
public static function getList()
{
return self::$dns_config;
}
private static function getConfig($aid)
{
$account = Db::name('account')->where('id', $aid)->find();
if (!$account) return false;
return $account;
}
/**
* @return DnsInterface|bool
*/
public static function getModel($aid, $domain = null, $domainid = null)
{
$account = self::getConfig($aid);
if (!$account) return false;
$dnstype = $account['type'];
$class = "\\app\\lib\\dns\\{$dnstype}";
if (class_exists($class)) {
$config = json_decode($account['config'] ?? '', true);
$config['domain'] = $domain;
$config['domainid'] = $domainid;
$model = new $class($config);
return $model;
}
return false;
}
/**
* @return DnsInterface|bool
*/
public static function getModel2($account)
{
$dnstype = $account['type'];
$class = "\\app\\lib\\dns\\{$dnstype}";
if (class_exists($class)) {
$config = json_decode($account['config'] ?? '', true);
$config['domain'] = $account['name'];
$config['domainid'] = $account['thirdid'];
$model = new $class($config);
return $model;
}
return false;
}
}

70
app/lib/DnsInterface.php
View File

@@ -1,34 +1,36 @@
<?php
namespace app\lib;
interface DnsInterface
{
function getError();
function check();
function getDomainList($KeyWord = null, $PageNumber = 1, $PageSize = 20);
function getDomainRecords($PageNumber = 1, $PageSize = 20, $KeyWord = null, $SubDomain = null, $Value = null, $Type = null, $Line = null, $Status = null);
function getSubDomainRecords($SubDomain, $PageNumber = 1, $PageSize = 20, $Type = null, $Line = null);
function getDomainRecordInfo($RecordId);
function addDomainRecord($Name, $Type, $Value, $Line = 'default', $TTL = 600, $MX = 1, $Weight = null, $Remark = null);
function updateDomainRecord($RecordId, $Name, $Type, $Value, $Line = 'default', $TTL = 600, $MX = 1, $Weight = null, $Remark = null);
function updateDomainRecordRemark($RecordId, $Remark);
function deleteDomainRecord($RecordId);
function setDomainRecordStatus($RecordId, $Status);
function getDomainRecordLog($PageNumber = 1, $PageSize = 20, $KeyWord = null, $StartDate = null, $endDate = null);
function getRecordLine();
function getMinTTL();
}
<?php
namespace app\lib;
interface DnsInterface
{
function getError();
function check();
function getDomainList($KeyWord = null, $PageNumber = 1, $PageSize = 20);
function getDomainRecords($PageNumber = 1, $PageSize = 20, $KeyWord = null, $SubDomain = null, $Value = null, $Type = null, $Line = null, $Status = null);
function getSubDomainRecords($SubDomain, $PageNumber = 1, $PageSize = 20, $Type = null, $Line = null);
function getDomainRecordInfo($RecordId);
function addDomainRecord($Name, $Type, $Value, $Line = 'default', $TTL = 600, $MX = 1, $Weight = null, $Remark = null);
function updateDomainRecord($RecordId, $Name, $Type, $Value, $Line = 'default', $TTL = 600, $MX = 1, $Weight = null, $Remark = null);
function updateDomainRecordRemark($RecordId, $Remark);
function deleteDomainRecord($RecordId);
function setDomainRecordStatus($RecordId, $Status);
function getDomainRecordLog($PageNumber = 1, $PageSize = 20, $KeyWord = null, $StartDate = null, $endDate = null);
function getRecordLine();
function getMinTTL();
function addDomain($Domain);
}

4
app/lib/NewDbManager.php
View File

@@ -10,11 +10,11 @@ class NewDbManager extends \think\Db
/**
* 创建数据库连接实例
* @access protected
* @param string|null $name 连接标识
* @param string|array|null $name 连接标识
* @param bool $force 强制重新连接
* @return ConnectionInterface
*/
protected function instance(string $name = null, bool $force = false): ConnectionInterface
protected function instance(string|array $name = null, bool $force = false): ConnectionInterface
{
if (empty($name)) {
$name = $this->getConfig('default', 'mysql');

456
app/lib/TOTP.php
View File

@@ -1,228 +1,228 @@
<?php
namespace app\lib;
class TOTP
{
private static $BASE32_ALPHABET = 'abcdefghijklmnopqrstuvwxyz234567';
private $period = 30;
private $digest = 'sha1';
private $digits = 6;
private $epoch = 0;
private $secret;
private $issuer;
private $label;
public function __construct(?string $secret)
{
if ($secret == null) {
$secret = $this->generateSecret();
}
$this->secret = $secret;
}
public static function create(?string $secret = null)
{
return new self($secret);
}
public function getSecret(): string
{
return $this->secret;
}
public function getLabel(): ?string
{
return $this->label;
}
public function setLabel(string $label): void
{
$this->label = $label;
}
public function getIssuer(): ?string
{
return $this->issuer;
}
public function setIssuer(string $issuer): void
{
$this->issuer = $issuer;
}
public function verify(string $otp, ?int $timestamp = null, ?int $window = null): bool
{
$timestamp = $this->getTimestamp($timestamp);
if (null === $window) {
return $this->compareOTP($this->at($timestamp), $otp);
}
return $this->verifyOtpWithWindow($otp, $timestamp, $window);
}
private function verifyOtpWithWindow(string $otp, int $timestamp, int $window): bool
{
$window = abs($window);
for ($i = 0; $i <= $window; ++$i) {
$next = $i * $this->period + $timestamp;
$previous = -$i * $this->period + $timestamp;
$valid = $this->compareOTP($this->at($next), $otp) ||
$this->compareOTP($this->at($previous), $otp);
if ($valid) {
return true;
}
}
return false;
}
public function getProvisioningUri(): string
{
$params = [];
if (30 !== $this->period) {
$params['period'] = $this->period;
}
if (0 !== $this->epoch) {
$params['epoch'] = $this->epoch;
}
$label = $this->getLabel();
if (null === $label) {
throw new \InvalidArgumentException('The label is not set.');
}
if ($this->hasColon($label)) {
throw new \InvalidArgumentException('Label must not contain a colon.');
}
$params['issuer'] = $this->getIssuer();
$params['secret'] = $this->getSecret();
$query = str_replace(['+', '%7E'], ['%20', '~'], http_build_query($params));
return sprintf('otpauth://totp/%s?%s', rawurlencode((null !== $this->getIssuer() ? $this->getIssuer() . ':' : '') . $label), $query);
}
/**
* The OTP at the specified input.
*/
private function generateOTP(int $input): string
{
$hash = hash_hmac($this->digest, $this->intToByteString($input), $this->base32_decode($this->getSecret()), true);
$hmac = array_values(unpack('C*', $hash));
$offset = ($hmac[\count($hmac) - 1] & 0xF);
$code = ($hmac[$offset + 0] & 0x7F) << 24 | ($hmac[$offset + 1] & 0xFF) << 16 | ($hmac[$offset + 2] & 0xFF) << 8 | ($hmac[$offset + 3] & 0xFF);
$otp = $code % (10 ** $this->digits);
return str_pad((string) $otp, $this->digits, '0', STR_PAD_LEFT);
}
private function at(int $timestamp): string
{
return $this->generateOTP($this->timecode($timestamp));
}
private function timecode(int $timestamp): int
{
return (int) floor(($timestamp - $this->epoch) / $this->period);
}
private function getTimestamp(?int $timestamp): int
{
$timestamp = $timestamp ?? time();
if ($timestamp < 0) {
throw new \InvalidArgumentException('Timestamp must be at least 0.');
}
return $timestamp;
}
private function generateSecret(): string
{
return strtoupper($this->base32_encode(random_bytes(20)));
}
private function base32_encode($data)
{
$dataSize = strlen($data);
$res = '';
$remainder = 0;
$remainderSize = 0;
for ($i = 0; $i < $dataSize; $i++) {
$b = ord($data[$i]);
$remainder = ($remainder << 8) | $b;
$remainderSize += 8;
while ($remainderSize > 4) {
$remainderSize -= 5;
$c = $remainder & (31 << $remainderSize);
$c >>= $remainderSize;
$res .= self::$BASE32_ALPHABET[$c];
}
}
if ($remainderSize > 0) {
$remainder <<= (5 - $remainderSize);
$c = $remainder & 31;
$res .= self::$BASE32_ALPHABET[$c];
}
return $res;
}
private function base32_decode($data)
{
$data = strtolower($data);
$dataSize = strlen($data);
$buf = 0;
$bufSize = 0;
$res = '';
for ($i = 0; $i < $dataSize; $i++) {
$c = $data[$i];
$b = strpos(self::$BASE32_ALPHABET, $c);
if ($b === false) {
throw new \Exception('Encoded string is invalid, it contains unknown char #'.ord($c));
}
$buf = ($buf << 5) | $b;
$bufSize += 5;
if ($bufSize > 7) {
$bufSize -= 8;
$b = ($buf & (0xff << $bufSize)) >> $bufSize;
$res .= chr($b);
}
}
return $res;
}
private function intToByteString(int $int): string
{
$result = [];
while (0 !== $int) {
$result[] = \chr($int & 0xFF);
$int >>= 8;
}
return str_pad(implode(array_reverse($result)), 8, "\000", STR_PAD_LEFT);
}
private function compareOTP(string $safe, string $user): bool
{
return hash_equals($safe, $user);
}
private function hasColon(string $value): bool
{
$colons = [':', '%3A', '%3a'];
foreach ($colons as $colon) {
if (false !== mb_strpos($value, $colon)) {
return true;
}
}
return false;
}
}
<?php
namespace app\lib;
class TOTP
{
private static $BASE32_ALPHABET = 'abcdefghijklmnopqrstuvwxyz234567';
private $period = 30;
private $digest = 'sha1';
private $digits = 6;
private $epoch = 0;
private $secret;
private $issuer;
private $label;
public function __construct(?string $secret)
{
if ($secret == null) {
$secret = $this->generateSecret();
}
$this->secret = $secret;
}
public static function create(?string $secret = null)
{
return new self($secret);
}
public function getSecret(): string
{
return $this->secret;
}
public function getLabel(): ?string
{
return $this->label;
}
public function setLabel(string $label): void
{
$this->label = $label;
}
public function getIssuer(): ?string
{
return $this->issuer;
}
public function setIssuer(string $issuer): void
{
$this->issuer = $issuer;
}
public function verify(string $otp, ?int $timestamp = null, ?int $window = null): bool
{
$timestamp = $this->getTimestamp($timestamp);
if (null === $window) {
return $this->compareOTP($this->at($timestamp), $otp);
}
return $this->verifyOtpWithWindow($otp, $timestamp, $window);
}
private function verifyOtpWithWindow(string $otp, int $timestamp, int $window): bool
{
$window = abs($window);
for ($i = 0; $i <= $window; ++$i) {
$next = $i * $this->period + $timestamp;
$previous = -$i * $this->period + $timestamp;
$valid = $this->compareOTP($this->at($next), $otp) ||
$this->compareOTP($this->at($previous), $otp);
if ($valid) {
return true;
}
}
return false;
}
public function getProvisioningUri(): string
{
$params = [];
if (30 !== $this->period) {
$params['period'] = $this->period;
}
if (0 !== $this->epoch) {
$params['epoch'] = $this->epoch;
}
$label = $this->getLabel();
if (null === $label) {
throw new \InvalidArgumentException('The label is not set.');
}
if ($this->hasColon($label)) {
throw new \InvalidArgumentException('Label must not contain a colon.');
}
$params['issuer'] = $this->getIssuer();
$params['secret'] = $this->getSecret();
$query = str_replace(['+', '%7E'], ['%20', '~'], http_build_query($params));
return sprintf('otpauth://totp/%s?%s', rawurlencode((null !== $this->getIssuer() ? $this->getIssuer() . ':' : '') . $label), $query);
}
/**
* The OTP at the specified input.
*/
private function generateOTP(int $input): string
{
$hash = hash_hmac($this->digest, $this->intToByteString($input), $this->base32_decode($this->getSecret()), true);
$hmac = array_values(unpack('C*', $hash));
$offset = ($hmac[\count($hmac) - 1] & 0xF);
$code = ($hmac[$offset + 0] & 0x7F) << 24 | ($hmac[$offset + 1] & 0xFF) << 16 | ($hmac[$offset + 2] & 0xFF) << 8 | ($hmac[$offset + 3] & 0xFF);
$otp = $code % (10 ** $this->digits);
return str_pad((string) $otp, $this->digits, '0', STR_PAD_LEFT);
}
private function at(int $timestamp): string
{
return $this->generateOTP($this->timecode($timestamp));
}
private function timecode(int $timestamp): int
{
return (int) floor(($timestamp - $this->epoch) / $this->period);
}
private function getTimestamp(?int $timestamp): int
{
$timestamp = $timestamp ?? time();
if ($timestamp < 0) {
throw new \InvalidArgumentException('Timestamp must be at least 0.');
}
return $timestamp;
}
private function generateSecret(): string
{
return strtoupper($this->base32_encode(random_bytes(20)));
}
private function base32_encode($data)
{
$dataSize = strlen($data);
$res = '';
$remainder = 0;
$remainderSize = 0;
for ($i = 0; $i < $dataSize; $i++) {
$b = ord($data[$i]);
$remainder = ($remainder << 8) | $b;
$remainderSize += 8;
while ($remainderSize > 4) {
$remainderSize -= 5;
$c = $remainder & (31 << $remainderSize);
$c >>= $remainderSize;
$res .= self::$BASE32_ALPHABET[$c];
}
}
if ($remainderSize > 0) {
$remainder <<= (5 - $remainderSize);
$c = $remainder & 31;
$res .= self::$BASE32_ALPHABET[$c];
}
return $res;
}
private function base32_decode($data)
{
$data = strtolower($data);
$dataSize = strlen($data);
$buf = 0;
$bufSize = 0;
$res = '';
for ($i = 0; $i < $dataSize; $i++) {
$c = $data[$i];
$b = strpos(self::$BASE32_ALPHABET, $c);
if ($b === false) {
throw new \Exception('Encoded string is invalid, it contains unknown char #'.ord($c));
}
$buf = ($buf << 5) | $b;
$bufSize += 5;
if ($bufSize > 7) {
$bufSize -= 8;
$b = ($buf & (0xff << $bufSize)) >> $bufSize;
$res .= chr($b);
}
}
return $res;
}
private function intToByteString(int $int): string
{
$result = [];
while (0 !== $int) {
$result[] = \chr($int & 0xFF);
$int >>= 8;
}
return str_pad(implode(array_reverse($result)), 8, "\000", STR_PAD_LEFT);
}
private function compareOTP(string $safe, string $user): bool
{
return hash_equals($safe, $user);
}
private function hasColon(string $value): bool
{
$colons = [':', '%3A', '%3a'];
foreach ($colons as $colon) {
if (false !== mb_strpos($value, $colon)) {
return true;
}
}
return false;
}
}

4
app/lib/acme/ACMECert.php
View File

@@ -25,7 +25,7 @@ class ACMECert extends ACMEv2
$protected = array(
'alg' => 'HS256',
'kid' => $eab_kid,
'url' => $this->resources['newAccount']
'url' => $this->unproxiedURL($this->resources['newAccount'])
);
$payload = $this->jwk_header['jwk'];
@@ -227,7 +227,7 @@ class ACMECert extends ACMEv2
public function authOrder($order)
{
if ($order['status'] != 'ready' && empty($order['challenges'])) {
if ($order['status'] != 'pending' && $order['status'] != 'ready' && empty($order['challenges'])) {
throw new Exception('No challenges available');
}

73
app/lib/acme/ACMEv2.php
View File

@@ -8,13 +8,22 @@ class ACMEv2
{ // Communication with Let's Encrypt via ACME v2 protocol
protected
$ch = null, $logger = true, $bits, $sha_bits, $directory, $resources, $jwk_header, $kid_header, $account_key, $thumbprint, $nonce = null, $proxy;
$ch = null, $logger = true, $bits, $sha_bits, $directory, $resources, $jwk_header, $kid_header, $account_key, $thumbprint, $nonce = null, $proxy, $proxy_config = null;
private $delay_until = null;
public function __construct($directory, $proxy = false)
{
/**
* @param $directory string ACME directory URL
* @param $proxy int 代理模式0为不使用代理1为使用系统代理2为使用反向代理
* @param null $proxy_config array 反向代理配置proxy参数为2时必填
* @throws Exception
*/
public function __construct($directory, $proxy = 0, $proxy_config = null)
{
$this->directory = $directory;
$this->proxy = $proxy;
if ($proxy == 2) {
$this->proxy_config = $proxy_config;
}
}
public function __destruct()
@@ -190,7 +199,8 @@ class ACMEv2
}
if (!$this->kid_header['kid'] && $type === 'newAccount') {
$this->kid_header['kid'] = $ret['headers']['location'];
// 反向替换反向代理配置,防止破坏签名
$this->kid_header['kid'] = $this->unproxiedURL($ret['headers']['location']);
$this->log('AccountID: ' . $this->kid_header['kid']);
}
@@ -218,7 +228,8 @@ class ACMEv2
throw new Exception('Resource "' . $type . '" not available.');
}
$protected['url'] = $this->resources[$type];
// 反向替换反向代理配置,防止破坏签名
$protected['url'] = $this->unproxiedURL($this->resources[$type]);
$protected64 = $this->base64url(json_encode($protected, JSON_UNESCAPED_SLASHES));
$payload64 = $this->base64url(is_string($payload) ? $payload : json_encode($payload, JSON_UNESCAPED_SLASHES));
@@ -285,6 +296,9 @@ class ACMEv2
$this->delay_until = null;
}
// 替换反向代理配置
$url = $this->proxiedURL($url);
$method = $data === false ? 'HEAD' : ($data === null ? 'GET' : 'POST');
$user_agent = 'ACMECert v3.4.0 (+https://github.com/skoerfgen/ACMECert)';
$header = ($data === null || $data === false) ? array() : array('Content-Type: application/jose+json');
@@ -307,27 +321,8 @@ class ACMEv2
}
));
if ($this->proxy) {
$proxy_server = config_get('proxy_server');
$proxy_port = intval(config_get('proxy_port'));
$proxy_userpwd = config_get('proxy_user').':'.config_get('proxy_pwd');
$proxy_type = config_get('proxy_type');
if ($proxy_type == 'https') {
$proxy_type = CURLPROXY_HTTPS;
} elseif ($proxy_type == 'sock4') {
$proxy_type = CURLPROXY_SOCKS4;
} elseif ($proxy_type == 'sock5') {
$proxy_type = CURLPROXY_SOCKS5;
} else {
$proxy_type = CURLPROXY_HTTP;
}
curl_setopt($this->ch, CURLOPT_PROXYAUTH, CURLAUTH_BASIC);
curl_setopt($this->ch, CURLOPT_PROXY, $proxy_server);
curl_setopt($this->ch, CURLOPT_PROXYPORT, $proxy_port);
if ($proxy_userpwd != ':') {
curl_setopt($this->ch, CURLOPT_PROXYUSERPWD, $proxy_userpwd);
}
curl_setopt($this->ch, CURLOPT_PROXYTYPE, $proxy_type);
if ($this->proxy == 1) {
curl_set_proxy($this->ch);
}
$took = microtime(true);
@@ -425,4 +420,30 @@ class ACMEv2
}, isset($error['subproblems']) ? $error['subproblems'] : array())
);
}
// 替换反向代理配置
protected function proxiedURL($url)
{
if ($this->proxy == 2) {
return str_replace(
$this->proxy_config['origin'],
$this->proxy_config['proxy'],
$url
);
}
return $url;
}
// 反向替换反向代理配置
protected function unproxiedURL($url)
{
if ($this->proxy == 2) {
return str_replace(
$this->proxy_config['proxy'],
$this->proxy_config['origin'],
$url
);
}
return $url;
}
}

395
app/lib/cert/aliyun.php
View File

@@ -1,167 +1,228 @@
<?php
namespace app\lib\cert;
use app\lib\CertInterface;
use app\lib\client\Aliyun as AliyunClient;
use Exception;
class aliyun implements CertInterface
{
private $AccessKeyId;
private $AccessKeySecret;
private $Endpoint = 'cas.aliyuncs.com'; //API接入域名
private $Version = '2020-04-07'; //API版本号
private $config;
private $logger;
private AliyunClient $client;
public function __construct($config, $ext = null)
{
$this->AccessKeyId = $config['AccessKeyId'];
$this->AccessKeySecret = $config['AccessKeySecret'];
$this->client = new AliyunClient($this->AccessKeyId, $this->AccessKeySecret, $this->Endpoint, $this->Version);
$this->config = $config;
}
public function register()
{
if (empty($this->AccessKeyId) || empty($this->AccessKeySecret) || empty($this->config['username']) || empty($this->config['phone']) || empty($this->config['email'])) throw new Exception('必填参数不能为空');
$param = ['Action' => 'ListUserCertificateOrder'];
$this->request($param, true);
return true;
}
public function buyCert($domainList, &$order)
{
$param = ['Action' => 'DescribePackageState', 'ProductCode' => 'digicert-free-1-free'];
$data = $this->request($param, true);
if (!isset($data['TotalCount']) || $data['TotalCount'] == 0) throw new Exception('没有可用的免费证书资源包');
$this->log('证书资源包总数量:' . $data['TotalCount'] . ',已使用数量:' . $data['UsedCount']);
}
public function createOrder($domainList, &$order, $keytype, $keysize)
{
if (empty($domainList)) throw new Exception('域名列表不能为空');
$domain = $domainList[0];
$param = [
'Action' => 'CreateCertificateRequest',
'ProductCode' => 'digicert-free-1-free',
'Username' => $this->config['username'],
'Phone' => $this->config['phone'],
'Email' => $this->config['email'],
'Domain' => $domain,
'ValidateType' => 'DNS'
];
$data = $this->request($param, true);
if (empty($data['OrderId'])) throw new Exception('证书申请失败OrderId为空');
$order['OrderId'] = $data['OrderId'];
sleep(3);
$param = [
'Action' => 'DescribeCertificateState',
'OrderId' => $order['OrderId'],
];
$data = $this->request($param, true);
$dnsList = [];
if ($data['Type'] == 'domain_verify') {
$mainDomain = getMainDomain($domain);
$name = str_replace('.' . $mainDomain, '', $data['RecordDomain']);
$dnsList[$mainDomain][] = ['name' => $name, 'type' => $data['RecordType'], 'value' => $data['RecordValue']];
}
return $dnsList;
}
public function authOrder($domainList, $order) {}
public function getAuthStatus($domainList, $order)
{
$param = [
'Action' => 'DescribeCertificateState',
'OrderId' => $order['OrderId'],
];
$data = $this->request($param, true);
if ($data['Type'] == 'certificate') {
return true;
} elseif ($data['Type'] == 'verify_fail') {
throw new Exception('证书审核失败');
} else {
return false;
}
}
public function finalizeOrder($domainList, $order, $keytype, $keysize)
{
$param = [
'Action' => 'DescribeCertificateState',
'OrderId' => $order['OrderId'],
];
$data = $this->request($param, true);
$fullchain = $data['Certificate'];
$private_key = $data['PrivateKey'];
if (empty($fullchain) || empty($private_key)) throw new Exception('证书内容获取失败');
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
return ['private_key' => $private_key, 'fullchain' => $fullchain, 'issuer' => $certInfo['issuer']['CN'], 'subject' => $certInfo['subject']['CN'], 'validFrom' => $certInfo['validFrom_time_t'], 'validTo' => $certInfo['validTo_time_t']];
}
public function revoke($order, $pem)
{
$param = [
'Action' => 'CancelCertificateForPackageRequest',
'OrderId' => $order['OrderId'],
];
$this->request($param);
}
public function cancel($order)
{
$param = [
'Action' => 'DescribeCertificateState',
'OrderId' => $order['OrderId'],
];
$data = $this->request($param, true);
if ($data['Type'] == 'domain_verify' || $data['Type'] == 'process') {
$param = [
'Action' => 'CancelOrderRequest',
'OrderId' => $order['OrderId'],
];
$this->request($param);
usleep(500000);
}
if ($data['Type'] == 'domain_verify' || $data['Type'] == 'process' || $data['Type'] == 'payed' || $data['Type'] == 'verify_fail') {
$param = [
'Action' => 'DeleteCertificateRequest',
'OrderId' => $order['OrderId'],
];
$this->request($param);
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
private function request($param, $returnData = false)
{
$this->log('Request:' . json_encode($param, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));
$result = $this->client->request($param);
$response = json_encode($result, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
if (!strpos($response, '"Type":"certificate"')) {
$this->log('Response:' . $response);
}
return $returnData ? $result : true;
}
}
<?php
namespace app\lib\cert;
use app\lib\CertInterface;
use app\lib\client\Aliyun as AliyunClient;
use Exception;
class aliyun implements CertInterface
{
private $AccessKeyId;
private $AccessKeySecret;
private $Endpoint = 'cas.aliyuncs.com'; //API接入域名
private $Version = '2020-04-07'; //API版本号
private $config;
private $logger;
private AliyunClient $client;
public function __construct($config, $ext = null)
{
$this->AccessKeyId = $config['AccessKeyId'];
$this->AccessKeySecret = $config['AccessKeySecret'];
$proxy = isset($config['proxy']) ? $config['proxy'] == 1 : false;
$this->client = new AliyunClient($this->AccessKeyId, $this->AccessKeySecret, $this->Endpoint, $this->Version, $proxy);
$this->config = $config;
}
public function register()
{
if (empty($this->AccessKeyId) || empty($this->AccessKeySecret)) throw new Exception('必填参数不能为空');
$param = ['Action' => 'ListInstances'];
$this->request($param, true);
return true;
}
public function buyCert($domainList, &$order)
{
$param = ['Action' => 'GetInstanceSummary', 'InstanceType' => 'TEST'];
$data = $this->request($param, true);
if (!isset($data['InactiveCount']) || $data['InactiveCount'] == 0) throw new Exception('没有待使用的测试证书实例,请先购买测试证书');
$this->log('实例总个数:' . $data['TotalCount'] . ',实例待使用总数:' . $data['InactiveCount']);
}
public function createOrder($domainList, &$order, $keytype, $keysize)
{
if (empty($domainList)) throw new Exception('域名列表不能为空');
$domain = $domainList[0];
$param = [
'Action' => 'ListInstances',
'Status' => 'inactive',
'InstanceType' => 'TEST',
];
$data = $this->request($param, true);
if (empty($data['InstanceList'])) throw new Exception('待使用的测试证书实例列表为空');
$instanceId = $data['InstanceList'][0]['InstanceId'];
$param = [
'Action' => 'ListContact',
];
$data = $this->request($param, true);
if (empty($data['ContactList'])) throw new Exception('联系人列表为空,请先添加联系人');
$contactId = $data['ContactList'][0]['ContactId'];
if ($keytype == 'ECC') $KeyAlgorithm = 'ECC_256';
else if ($keysize == '3072') $KeyAlgorithm = 'RSA_3072';
else $KeyAlgorithm = 'RSA_2048';
$param = [
'Action' => 'UpdateInstance',
'InstanceId' => $instanceId,
'Domain' => $domain,
'KeyAlgorithm' => $KeyAlgorithm,
'AutoReissue' => 'disable',
'ContactIdList.1' => $contactId,
'ValidateType' => 'DNS'
];
try {
$this->request($param);
} catch (Exception $e) {
throw new Exception('更新证书实例失败:' . $e->getMessage());
}
$param = [
'Action' => 'ApplyCertificate',
'InstanceId' => $instanceId
];
try {
$this->request($param);
} catch (Exception $e) {
throw new Exception('申请证书失败:' . $e->getMessage());
}
sleep(1);
$status = '';
do {
$param = [
'Action' => 'GetTaskAttribute',
'TaskId' => $instanceId
];
try {
$data = $this->request($param, true);
$status = $data['TaskStatus'];
} catch (Exception $e) {
throw new Exception('申请证书提交结果查询失败:' . $e->getMessage());
}
if ($status == 'processing') {
sleep(1);
} elseif ($status == 'failed') {
throw new Exception('申请证书失败:' . $data['TaskMessage']);
} else {
break;
}
} while ($status == 'processing');
$param = [
'Action' => 'GetInstanceDetail',
'InstanceId' => $instanceId
];
try {
$data = $this->request($param, true);
} catch (Exception $e) {
throw new Exception('获取实例详情失败:' . $e->getMessage());
}
$order['InstanceId'] = $instanceId;
$dnsList = [];
if (!empty($data['DomainValidationList'])) {
foreach ($data['DomainValidationList'] as $opts) {
$mainDomain = getMainDomain($opts['Domain']);
$name = substr($opts['ValidationKey'] . '.' . $opts['RootDomain'], 0, - (strlen($mainDomain) + 1));
$dnsList[$mainDomain][] = ['name' => $name, 'type' => $opts['ValidationType'], 'value' => $opts['ValidationValue']];
}
}
return $dnsList;
}
public function authOrder($domainList, $order) {}
public function getAuthStatus($domainList, $order)
{
$param = [
'Action' => 'GetInstanceDetail',
'InstanceId' => $order['InstanceId'],
];
$data = $this->request($param, true);
if ($data['Status'] == 'normal') {
return true;
} elseif ($data['Status'] == 'closed') {
throw new Exception('证书审核失败');
} else {
return false;
}
}
public function finalizeOrder($domainList, $order, $keytype, $keysize)
{
$param = [
'Action' => 'GetInstanceDetail',
'InstanceId' => $order['InstanceId'],
];
$data = $this->request($param, true);
if (empty($data['CertificateId'])) throw new Exception('证书ID不存在');
$param = [
'Action' => 'GetUserCertificateDetail',
'CertId' => $data['CertificateId'],
];
$data = $this->request($param, true);
$fullchain = $data['Cert'];
$private_key = $data['Key'];
if (empty($fullchain) || empty($private_key)) throw new Exception('证书内容获取失败');
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
return ['private_key' => $private_key, 'fullchain' => $fullchain, 'issuer' => $certInfo['issuer']['CN'], 'subject' => $certInfo['subject']['CN'], 'validFrom' => $certInfo['validFrom_time_t'], 'validTo' => $certInfo['validTo_time_t']];
}
public function revoke($order, $pem)
{
$param = [
'Action' => 'RevokeCertificate',
'InstanceId' => $order['InstanceId'],
];
$this->request($param);
}
public function cancel($order)
{
$param = [
'Action' => 'GetInstanceDetail',
'InstanceId' => $order['InstanceId'],
];
$data = $this->request($param, true);
if ($data['Status'] == 'pending') {
$param = [
'Action' => 'CancelPendingCertificate',
'InstanceId' => $order['InstanceId'],
];
$this->request($param);
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
private function request($param, $returnData = false)
{
$this->log('Request:' . json_encode($param, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));
$result = $this->client->request($param);
$response = json_encode($result, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
if (!strpos($response, '"Type":"certificate"')) {
$this->log('Response:' . $response);
}
return $returnData ? $result : true;
}
}

232
app/lib/cert/customacme.php
View File

@@ -1,114 +1,118 @@
<?php
namespace app\lib\cert;
use app\lib\CertInterface;
use app\lib\acme\ACMECert;
use Exception;
class customacme implements CertInterface
{
private $ac;
private $config;
private $ext;
public function __construct($config, $ext = null)
{
$this->config = $config;
$this->ac = new ACMECert($config['directory'], $config['proxy'] == 1);
if ($ext) {
$this->ext = $ext;
$this->ac->loadAccountKey($ext['key']);
$this->ac->setAccount($ext['kid']);
}
}
public function register()
{
if (empty($this->config['directory'])) throw new Exception('ACME地址不能为空');
if (empty($this->config['email'])) throw new Exception('邮件地址不能为空');
if (!empty($this->ext['key'])) {
if (!empty($this->config['kid']) && !empty($this->config['key'])) {
$kid = $this->ac->registerEAB(true, $this->config['kid'], $this->config['key'], $this->config['email']);
} else {
$kid = $this->ac->register(true, $this->config['email']);
}
return ['kid' => $kid, 'key' => $this->ext['key']];
}
$key = $this->ac->generateRSAKey(2048);
$this->ac->loadAccountKey($key);
if (!empty($this->config['kid']) && !empty($this->config['key'])) {
$kid = $this->ac->registerEAB(true, $this->config['kid'], $this->config['key'], $this->config['email']);
} else {
$kid = $this->ac->register(true, $this->config['email']);
}
return ['kid' => $kid, 'key' => $key];
}
public function buyCert($domainList, &$order) {}
public function createOrder($domainList, &$order, $keytype, $keysize)
{
$domain_config = [];
foreach ($domainList as $domain) {
if (empty($domain)) continue;
$domain_config[$domain] = ['challenge' => 'dns-01'];
}
if (empty($domain_config)) throw new Exception('域名列表不能为空');
$order = $this->ac->createOrder($domain_config);
$dnsList = [];
if (!empty($order['challenges'])) {
foreach ($order['challenges'] as $opts) {
$mainDomain = getMainDomain($opts['domain']);
$name = str_replace('.' . $mainDomain, '', $opts['key']);
$dnsList[$mainDomain][] = ['name' => $name, 'type' => 'TXT', 'value' => $opts['value']];
}
}
return $dnsList;
}
public function authOrder($domainList, $order)
{
$this->ac->authOrder($order);
}
public function getAuthStatus($domainList, $order)
{
return true;
}
public function finalizeOrder($domainList, $order, $keytype, $keysize)
{
if (empty($domainList)) throw new Exception('域名列表不能为空');
if ($keytype == 'ECC') {
if (empty($keysize)) $keysize = '384';
$private_key = $this->ac->generateECKey($keysize);
} else {
if (empty($keysize)) $keysize = '2048';
$private_key = $this->ac->generateRSAKey($keysize);
}
$fullchain = $this->ac->finalizeOrder($domainList, $order, $private_key);
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
return ['private_key' => $private_key, 'fullchain' => $fullchain, 'issuer' => $certInfo['issuer']['CN'], 'subject' => $certInfo['subject']['CN'], 'validFrom' => $certInfo['validFrom_time_t'], 'validTo' => $certInfo['validTo_time_t']];
}
public function revoke($order, $pem)
{
$this->ac->revoke($pem);
}
public function cancel($order) {}
public function setLogger($func)
{
$this->ac->setLogger($func);
}
}
<?php
namespace app\lib\cert;
use app\lib\CertInterface;
use app\lib\acme\ACMECert;
use Exception;
class customacme implements CertInterface
{
private $ac;
private $config;
private $ext;
public function __construct($config, $ext = null)
{
$this->config = $config;
$this->ac = new ACMECert($config['directory'], (int)$config['proxy']);
if ($ext) {
$this->ext = $ext;
$this->ac->loadAccountKey($ext['key']);
$this->ac->setAccount($ext['kid']);
}
}
public function register()
{
if (empty($this->config['directory'])) throw new Exception('ACME地址不能为空');
if (empty($this->config['email'])) throw new Exception('邮件地址不能为空');
if (!empty($this->ext['key'])) {
if (!empty($this->config['kid']) && !empty($this->config['key'])) {
$kid = $this->ac->registerEAB(true, $this->config['kid'], $this->config['key'], $this->config['email']);
} else {
$kid = $this->ac->register(true, $this->config['email']);
}
return ['kid' => $kid, 'key' => $this->ext['key']];
}
$key = $this->ac->generateRSAKey(2048);
$this->ac->loadAccountKey($key);
if (!empty($this->config['kid']) && !empty($this->config['key'])) {
$kid = $this->ac->registerEAB(true, $this->config['kid'], $this->config['key'], $this->config['email']);
} else {
$kid = $this->ac->register(true, $this->config['email']);
}
return ['kid' => $kid, 'key' => $key];
}
public function buyCert($domainList, &$order) {}
public function createOrder($domainList, &$order, $keytype, $keysize)
{
$domain_config = [];
foreach ($domainList as $domain) {
if (empty($domain)) continue;
$domain_config[$domain] = ['challenge' => 'dns-01'];
}
if (empty($domain_config)) throw new Exception('域名列表不能为空');
$order = $this->ac->createOrder($domain_config);
$dnsList = [];
if (!empty($order['challenges'])) {
$keys = [];
foreach ($order['challenges'] as $opts) {
$key = $opts['key'] . '|' .$opts['value'];
if (in_array($key, $keys)) continue;
$mainDomain = getMainDomain($opts['domain']);
$name = substr($opts['key'], 0, -(strlen($mainDomain) + 1));
$dnsList[$mainDomain][] = ['name' => $name, 'type' => 'TXT', 'value' => $opts['value']];
$keys[] = $key;
}
}
return $dnsList;
}
public function authOrder($domainList, $order)
{
$this->ac->authOrder($order);
}
public function getAuthStatus($domainList, $order)
{
return true;
}
public function finalizeOrder($domainList, $order, $keytype, $keysize)
{
if (empty($domainList)) throw new Exception('域名列表不能为空');
if ($keytype == 'ECC') {
if (empty($keysize)) $keysize = '384';
$private_key = $this->ac->generateECKey($keysize);
} else {
if (empty($keysize)) $keysize = '2048';
$private_key = $this->ac->generateRSAKey($keysize);
}
$fullchain = $this->ac->finalizeOrder($domainList, $order, $private_key);
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
return ['private_key' => $private_key, 'fullchain' => $fullchain, 'issuer' => $certInfo['issuer']['CN'], 'subject' => $certInfo['subject']['CN'], 'validFrom' => $certInfo['validFrom_time_t'], 'validTo' => $certInfo['validTo_time_t']];
}
public function revoke($order, $pem)
{
$this->ac->revoke($pem);
}
public function cancel($order) {}
public function setLogger($func)
{
$this->ac->setLogger($func);
}
}

260
app/lib/cert/google.php
View File

@@ -1,118 +1,142 @@
<?php
namespace app\lib\cert;
use app\lib\CertInterface;
use app\lib\acme\ACMECert;
use Exception;
class google implements CertInterface
{
private $directories = array(
'live' => 'https://dv.acme-v02.api.pki.goog/directory',
'staging' => 'https://dv.acme-v02.test-api.pki.goog/directory'
);
private $ac;
private $config;
private $ext;
public function __construct($config, $ext = null)
{
$this->config = $config;
if (empty($config['mode'])) $config['mode'] = 'live';
$this->ac = new ACMECert($this->directories[$config['mode']], $config['proxy']==1);
if ($ext) {
$this->ext = $ext;
$this->ac->loadAccountKey($ext['key']);
$this->ac->setAccount($ext['kid']);
}
}
public function register()
{
if (empty($this->config['email'])) throw new Exception('邮件地址不能为空');
if (empty($this->config['kid']) || empty($this->config['key'])) throw new Exception('必填参数不能为空');
if (!empty($this->ext['key'])) {
$kid = $this->ac->registerEAB(true, $this->config['kid'], $this->config['key'], $this->config['email']);
return ['kid' => $kid, 'key' => $this->ext['key']];
}
$key = $this->ac->generateRSAKey(2048);
$this->ac->loadAccountKey($key);
$kid = $this->ac->registerEAB(true, $this->config['kid'], $this->config['key'], $this->config['email']);
return ['kid' => $kid, 'key' => $key];
}
public function buyCert($domainList, &$order)
{
}
public function createOrder($domainList, &$order, $keytype, $keysize)
{
$domain_config = [];
foreach ($domainList as $domain) {
if (empty($domain)) continue;
$domain_config[$domain] = ['challenge' => 'dns-01'];
}
if (empty($domain_config)) throw new Exception('域名列表不能为空');
$order = $this->ac->createOrder($domain_config);
$dnsList = [];
if (!empty($order['challenges'])) {
foreach ($order['challenges'] as $opts) {
$mainDomain = getMainDomain($opts['domain']);
$name = str_replace('.' . $mainDomain, '', $opts['key']);
/*if (!array_key_exists($mainDomain, $dnsList)) {
$dnsList[$mainDomain][] = ['name' => '@', 'type' => 'CAA', 'value' => '0 issue "pki.goog"'];
}*/
$dnsList[$mainDomain][] = ['name' => $name, 'type' => 'TXT', 'value' => $opts['value']];
}
}
return $dnsList;
}
public function authOrder($domainList, $order)
{
$this->ac->authOrder($order);
}
public function getAuthStatus($domainList, $order)
{
return true;
}
public function finalizeOrder($domainList, $order, $keytype, $keysize)
{
if (empty($domainList)) throw new Exception('域名列表不能为空');
if ($keytype == 'ECC') {
if (empty($keysize)) $keysize = '384';
$private_key = $this->ac->generateECKey($keysize);
} else {
if (empty($keysize)) $keysize = '2048';
$private_key = $this->ac->generateRSAKey($keysize);
}
$fullchain = $this->ac->finalizeOrder($domainList, $order, $private_key);
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
return ['private_key' => $private_key, 'fullchain' => $fullchain, 'issuer' => $certInfo['issuer']['CN'], 'subject' => $certInfo['subject']['CN'], 'validFrom' => $certInfo['validFrom_time_t'], 'validTo' => $certInfo['validTo_time_t']];
}
public function revoke($order, $pem)
{
$this->ac->revoke($pem);
}
public function cancel($order)
{
}
public function setLogger($func)
{
$this->ac->setLogger($func);
}
}
<?php
namespace app\lib\cert;
use app\lib\CertInterface;
use app\lib\acme\ACMECert;
use Exception;
class google implements CertInterface
{
private $directories = array(
'live' => 'https://dv.acme-v02.api.pki.goog',
'staging' => 'https://dv.acme-v02.test-api.pki.goog'
);
private $ac;
private $config;
private $ext;
public function __construct($config, $ext = null)
{
$this->config = $config;
if (empty($config['mode'])) $config['mode'] = 'live';
if (empty($config['proxy_url'])) $config['proxy_url'] = '';
$this->ac = new ACMECert($this->directories[$config['mode']] . '/directory', (int)$config['proxy'], [
'origin' => $this->directories[$config['mode']],
'proxy' => rtrim($config['proxy_url'], '/'),
]);
if ($ext) {
$this->ext = $ext;
$this->ac->loadAccountKey($ext['key']);
$this->ac->setAccount($ext['kid']);
}
}
public function register()
{
if (empty($this->config['email'])) throw new Exception('邮件地址不能为空');
if (isset($this->config['eabMode']) && $this->config['eabMode'] == 'auto') {
$eab = $this->getEAB();
} else {
$eab = ['kid' => $this->config['kid'], 'key' => $this->config['key']];
}
if (!empty($this->ext['key'])) {
$kid = $this->ac->registerEAB(true, $eab['kid'], $eab['key'], $this->config['email']);
return ['kid' => $kid, 'key' => $this->ext['key']];
}
$key = $this->ac->generateRSAKey(2048);
$this->ac->loadAccountKey($key);
$kid = $this->ac->registerEAB(true, $eab['kid'], $eab['key'], $this->config['email']);
return ['kid' => $kid, 'key' => $key];
}
public function buyCert($domainList, &$order)
{
}
public function createOrder($domainList, &$order, $keytype, $keysize)
{
$domain_config = [];
foreach ($domainList as $domain) {
if (empty($domain)) continue;
$domain_config[$domain] = ['challenge' => 'dns-01'];
}
if (empty($domain_config)) throw new Exception('域名列表不能为空');
$order = $this->ac->createOrder($domain_config);
$dnsList = [];
if (!empty($order['challenges'])) {
foreach ($order['challenges'] as $opts) {
$mainDomain = getMainDomain($opts['domain']);
$name = substr($opts['key'], 0, -(strlen($mainDomain) + 1));
/*if (!array_key_exists($mainDomain, $dnsList)) {
$dnsList[$mainDomain][] = ['name' => '@', 'type' => 'CAA', 'value' => '0 issue "pki.goog"'];
}*/
$dnsList[$mainDomain][] = ['name' => $name, 'type' => 'TXT', 'value' => $opts['value']];
}
}
return $dnsList;
}
public function authOrder($domainList, $order)
{
$this->ac->authOrder($order);
}
public function getAuthStatus($domainList, $order)
{
return true;
}
public function finalizeOrder($domainList, $order, $keytype, $keysize)
{
if (empty($domainList)) throw new Exception('域名列表不能为空');
if ($keytype == 'ECC') {
if (empty($keysize)) $keysize = '384';
$private_key = $this->ac->generateECKey($keysize);
} else {
if (empty($keysize)) $keysize = '2048';
$private_key = $this->ac->generateRSAKey($keysize);
}
$fullchain = $this->ac->finalizeOrder($domainList, $order, $private_key);
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
return ['private_key' => $private_key, 'fullchain' => $fullchain, 'issuer' => $certInfo['issuer']['CN'], 'subject' => $certInfo['subject']['CN'], 'validFrom' => $certInfo['validFrom_time_t'], 'validTo' => $certInfo['validTo_time_t']];
}
public function revoke($order, $pem)
{
$this->ac->revoke($pem);
}
public function cancel($order)
{
}
public function setLogger($func)
{
$this->ac->setLogger($func);
}
private function getEAB()
{
$api = "https://gts.rat.dev/eab";
$response = http_request($api, null, null, null, null, $this->config['proxy'] == 1, 'GET', 10);
$result = json_decode($response['body'], true);
if (!isset($result['msg'])) {
throw new Exception('解析返回数据失败:' . $response['body']);
} elseif ($result['msg'] != 'success') {
throw new Exception('获取EAB失败' . $result['msg']);
} elseif (empty($result['data']['key_id']) || empty($result['data']['mac_key'])) {
throw new Exception('获取EAB失败返回数据不完整');
}
return ['kid' => $result['data']['key_id'], 'key' => $result['data']['mac_key']];
}
}

327
app/lib/cert/huoshan.php
View File

@@ -1,163 +1,164 @@
<?php
namespace app\lib\cert;
use app\lib\CertInterface;
use app\lib\client\Volcengine;
use Exception;
class huoshan implements CertInterface
{
private $AccessKeyId;
private $SecretAccessKey;
private $endpoint = "open.volcengineapi.com";
private $service = "certificate_service";
private $version = "2021-06-01";
private $region = "cn-north-1";
private $logger;
private Volcengine $client;
public function __construct($config = null, $ext = null)
{
$this->AccessKeyId = $config['AccessKeyId'];
$this->SecretAccessKey = $config['SecretAccessKey'];
$this->client = new Volcengine($this->AccessKeyId, $this->SecretAccessKey, $this->endpoint, $this->service, $this->version, $this->region);
}
public function register()
{
if (empty($this->AccessKeyId) || empty($this->SecretAccessKey)) throw new Exception('必填参数不能为空');
$this->request('GET', 'CertificateGetInstance', ['limit'=>1,'offset'=>0]);
return true;
}
public function buyCert($domainList, &$order)
{
$data = $this->request('GET', 'CertificateGetOrganization');
if(empty($data['content'])) throw new Exception('请先添加信息模板');
$order['organization_id'] = $data['content'][0]['id'];
}
public function createOrder($domainList, &$order, $keytype, $keysize)
{
if (empty($domainList)) throw new Exception('域名列表不能为空');
$domain = $domainList[0];
$param = [
'plan' => 'digicert_free_standard_dv',
'common_name' => $domain,
'organization_id' => $order['organization_id'],
'key_alg' => strtolower($keytype),
'validation_type' => 'dns_txt',
];
$instance_id = $this->request('POST', 'QuickApplyCertificate', $param);
if(empty($instance_id)) throw new Exception('证书申请失败证书实例ID为空');
$order['instance_id'] = $instance_id;
sleep(3);
$param = [
'instance_id' => $instance_id,
];
$data = $this->request('GET', 'CertificateGetDcvParam', $param);
$dnsList = [];
if (!empty($data['domains_to_be_validated'])) {
$type = $data['validation_type'] == 'dns_cname' ? 'CNAME' : 'TXT';
foreach ($data['domains_to_be_validated'] as $opts) {
$mainDomain = getMainDomain($domain);
$name = str_replace('.' . $mainDomain, '', $opts['validation_domain']);
$dnsList[$mainDomain][] = ['name' => $name, 'type' => $type, 'value' => $opts['value']];
}
}
return $dnsList;
}
public function authOrder($domainList, $order)
{
$query = [
'instance_id' => $order['instance_id'],
];
$param = [
'action' => '',
];
$this->request('POST', 'CertificateProgressInstanceOrder', $param, $query);
}
public function getAuthStatus($domainList, $order)
{
$param = [
'instance_id' => $order['instance_id'],
];
$data = $this->request('GET', 'CertificateGetInstance', $param);
if(empty($data['content'])) throw new Exception('证书信息获取失败');
$data = $data['content'][0];
if($data['order_status'] == 300 && $data['certificate_exist'] == 1){
return true;
}elseif($data['order_status'] == 302){
throw new Exception('证书申请失败');
}else{
return false;
}
}
public function finalizeOrder($domainList, $order, $keytype, $keysize)
{
$param = [
'instance_id' => $order['instance_id'],
];
$data = $this->request('GET', 'CertificateGetInstance', $param);
if (empty($data['content'])) throw new Exception('证书信息获取失败');
$data = $data['content'][0];
if (!isset($data['ssl']['certificate']['chain'])) throw new Exception('证书内容获取失败');
$fullchain = implode('', $data['ssl']['certificate']['chain']);
$private_key = $data['ssl']['certificate']['private_key'];
return ['private_key' => $private_key, 'fullchain' => $fullchain, 'issuer' => $data['issuer'], 'subject' => $data['common_name']['CN'], 'validFrom' => intval($data['certificate_not_before_ms']/1000), 'validTo' => intval($data['certificate_not_after_ms']/1000)];
}
public function revoke($order, $pem)
{
$query = [
'instance_id' => $order['instance_id'],
];
$param = [
'action' => 'revoke',
'reason' => '关联域名错误',
];
$this->request('POST', 'CertificateProgressInstanceOrder', $param, $query);
}
public function cancel($order)
{
$query = [
'instance_id' => $order['instance_id'],
];
$param = [
'action' => 'cancel',
];
$this->request('POST', 'CertificateProgressInstanceOrder', $param, $query);
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
private function request($method, $action, $params = [], $query = [])
{
$this->log('Action:'.$action.PHP_EOL.'Request:'.json_encode($params, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));
$result = $this->client->request($method, $action, $params, $query);
if (is_array($result)) {
$this->log('Response:'.json_encode($result, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));
}
return $result;
}
}
<?php
namespace app\lib\cert;
use app\lib\CertInterface;
use app\lib\client\Volcengine;
use Exception;
class huoshan implements CertInterface
{
private $AccessKeyId;
private $SecretAccessKey;
private $endpoint = "open.volcengineapi.com";
private $service = "certificate_service";
private $version = "2021-06-01";
private $region = "cn-north-1";
private $logger;
private Volcengine $client;
public function __construct($config = null, $ext = null)
{
$this->AccessKeyId = $config['AccessKeyId'];
$this->SecretAccessKey = $config['SecretAccessKey'];
$proxy = isset($config['proxy']) ? $config['proxy'] == 1 : false;
$this->client = new Volcengine($this->AccessKeyId, $this->SecretAccessKey, $this->endpoint, $this->service, $this->version, $this->region, $proxy);
}
public function register()
{
if (empty($this->AccessKeyId) || empty($this->SecretAccessKey)) throw new Exception('必填参数不能为空');
$this->request('GET', 'CertificateGetInstance', ['limit'=>1,'offset'=>0]);
return true;
}
public function buyCert($domainList, &$order)
{
$data = $this->request('GET', 'CertificateGetOrganization');
if(empty($data['content'])) throw new Exception('请先添加信息模板');
$order['organization_id'] = $data['content'][0]['id'];
}
public function createOrder($domainList, &$order, $keytype, $keysize)
{
if (empty($domainList)) throw new Exception('域名列表不能为空');
$domain = $domainList[0];
$param = [
'plan' => 'digicert_free_standard_dv',
'common_name' => $domain,
'organization_id' => $order['organization_id'],
'key_alg' => strtolower($keytype),
'validation_type' => 'dns_txt',
];
$instance_id = $this->request('POST', 'QuickApplyCertificate', $param);
if(empty($instance_id)) throw new Exception('证书申请失败证书实例ID为空');
$order['instance_id'] = $instance_id;
sleep(3);
$param = [
'instance_id' => $instance_id,
];
$data = $this->request('GET', 'CertificateGetDcvParam', $param);
$dnsList = [];
if (!empty($data['domains_to_be_validated'])) {
$type = $data['validation_type'] == 'dns_cname' ? 'CNAME' : 'TXT';
foreach ($data['domains_to_be_validated'] as $opts) {
$mainDomain = getMainDomain($domain);
$name = substr($opts['validation_domain'], 0, -(strlen($mainDomain) + 1));
$dnsList[$mainDomain][] = ['name' => $name, 'type' => $type, 'value' => $opts['value']];
}
}
return $dnsList;
}
public function authOrder($domainList, $order)
{
$query = [
'instance_id' => $order['instance_id'],
];
$param = [
'action' => '',
];
$this->request('POST', 'CertificateProgressInstanceOrder', $param, $query);
}
public function getAuthStatus($domainList, $order)
{
$param = [
'instance_id' => $order['instance_id'],
];
$data = $this->request('GET', 'CertificateGetInstance', $param);
if(empty($data['content'])) throw new Exception('证书信息获取失败');
$data = $data['content'][0];
if($data['order_status'] == 300 && $data['certificate_exist'] == 1){
return true;
}elseif($data['order_status'] == 302){
throw new Exception('证书申请失败');
}else{
return false;
}
}
public function finalizeOrder($domainList, $order, $keytype, $keysize)
{
$param = [
'instance_id' => $order['instance_id'],
];
$data = $this->request('GET', 'CertificateGetInstance', $param);
if (empty($data['content'])) throw new Exception('证书信息获取失败');
$data = $data['content'][0];
if (!isset($data['ssl']['certificate']['chain'])) throw new Exception('证书内容获取失败');
$fullchain = implode('', $data['ssl']['certificate']['chain']);
$private_key = $data['ssl']['certificate']['private_key'];
return ['private_key' => $private_key, 'fullchain' => $fullchain, 'issuer' => $data['issuer'], 'subject' => $data['common_name']['CN'], 'validFrom' => intval($data['certificate_not_before_ms']/1000), 'validTo' => intval($data['certificate_not_after_ms']/1000)];
}
public function revoke($order, $pem)
{
$query = [
'instance_id' => $order['instance_id'],
];
$param = [
'action' => 'revoke',
'reason' => '关联域名错误',
];
$this->request('POST', 'CertificateProgressInstanceOrder', $param, $query);
}
public function cancel($order)
{
$query = [
'instance_id' => $order['instance_id'],
];
$param = [
'action' => 'cancel',
];
$this->request('POST', 'CertificateProgressInstanceOrder', $param, $query);
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
private function request($method, $action, $params = [], $query = [])
{
$this->log('Action:'.$action.PHP_EOL.'Request:'.json_encode($params, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));
$result = $this->client->request($method, $action, $params, $query);
if (is_array($result)) {
$this->log('Response:'.json_encode($result, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));
}
return $result;
}
}

226
app/lib/cert/letsencrypt.php
View File

@@ -1,113 +1,113 @@
<?php
namespace app\lib\cert;
use app\lib\CertInterface;
use app\lib\acme\ACMECert;
use Exception;
class letsencrypt implements CertInterface
{
private $directories = array(
'live' => 'https://acme-v02.api.letsencrypt.org/directory',
'staging' => 'https://acme-staging-v02.api.letsencrypt.org/directory'
);
private $ac;
private $config;
private $ext;
public function __construct($config, $ext = null)
{
$this->config = $config;
if (empty($config['mode'])) $config['mode'] = 'live';
$this->ac = new ACMECert($this->directories[$config['mode']], $config['proxy'] == 1);
if ($ext) {
$this->ext = $ext;
$this->ac->loadAccountKey($ext['key']);
$this->ac->setAccount($ext['kid']);
}
}
public function register()
{
if (empty($this->config['email'])) throw new Exception('邮件地址不能为空');
if (!empty($this->ext['key'])) {
$kid = $this->ac->register(true, $this->config['email']);
return ['kid' => $kid, 'key' => $this->ext['key']];
}
$key = $this->ac->generateRSAKey(2048);
$this->ac->loadAccountKey($key);
$kid = $this->ac->register(true, $this->config['email']);
return ['kid' => $kid, 'key' => $key];
}
public function buyCert($domainList, &$order) {}
public function createOrder($domainList, &$order, $keytype, $keysize)
{
$domain_config = [];
foreach ($domainList as $domain) {
if (empty($domain)) continue;
$domain_config[$domain] = ['challenge' => 'dns-01'];
}
if (empty($domain_config)) throw new Exception('域名列表不能为空');
$order = $this->ac->createOrder($domain_config);
$dnsList = [];
if (!empty($order['challenges'])) {
foreach ($order['challenges'] as $opts) {
$mainDomain = getMainDomain($opts['domain']);
$name = str_replace('.' . $mainDomain, '', $opts['key']);
/*if (!array_key_exists($mainDomain, $dnsList)) {
$dnsList[$mainDomain][] = ['name' => '@', 'type' => 'CAA', 'value' => '0 issue "letsencrypt.org"'];
}*/
$dnsList[$mainDomain][] = ['name' => $name, 'type' => 'TXT', 'value' => $opts['value']];
}
}
return $dnsList;
}
public function authOrder($domainList, $order)
{
$this->ac->authOrder($order);
}
public function getAuthStatus($domainList, $order)
{
return true;
}
public function finalizeOrder($domainList, $order, $keytype, $keysize)
{
if (empty($domainList)) throw new Exception('域名列表不能为空');
if ($keytype == 'ECC') {
if (empty($keysize)) $keysize = '384';
$private_key = $this->ac->generateECKey($keysize);
} else {
if (empty($keysize)) $keysize = '2048';
$private_key = $this->ac->generateRSAKey($keysize);
}
$fullchain = $this->ac->finalizeOrder($domainList, $order, $private_key);
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
return ['private_key' => $private_key, 'fullchain' => $fullchain, 'issuer' => $certInfo['issuer']['CN'], 'subject' => $certInfo['subject']['CN'], 'validFrom' => $certInfo['validFrom_time_t'], 'validTo' => $certInfo['validTo_time_t']];
}
public function revoke($order, $pem)
{
$this->ac->revoke($pem);
}
public function cancel($order) {}
public function setLogger($func)
{
$this->ac->setLogger($func);
}
}
<?php
namespace app\lib\cert;
use app\lib\CertInterface;
use app\lib\acme\ACMECert;
use Exception;
class letsencrypt implements CertInterface
{
private $directories = array(
'live' => 'https://acme-v02.api.letsencrypt.org/directory',
'staging' => 'https://acme-staging-v02.api.letsencrypt.org/directory'
);
private $ac;
private $config;
private $ext;
public function __construct($config, $ext = null)
{
$this->config = $config;
if (empty($config['mode'])) $config['mode'] = 'live';
$this->ac = new ACMECert($this->directories[$config['mode']], (int)$config['proxy']);
if ($ext) {
$this->ext = $ext;
$this->ac->loadAccountKey($ext['key']);
$this->ac->setAccount($ext['kid']);
}
}
public function register()
{
if (empty($this->config['email'])) throw new Exception('邮件地址不能为空');
if (!empty($this->ext['key'])) {
$kid = $this->ac->register(true, $this->config['email']);
return ['kid' => $kid, 'key' => $this->ext['key']];
}
$key = $this->ac->generateRSAKey(2048);
$this->ac->loadAccountKey($key);
$kid = $this->ac->register(true, $this->config['email']);
return ['kid' => $kid, 'key' => $key];
}
public function buyCert($domainList, &$order) {}
public function createOrder($domainList, &$order, $keytype, $keysize)
{
$domain_config = [];
foreach ($domainList as $domain) {
if (empty($domain)) continue;
$domain_config[$domain] = ['challenge' => 'dns-01'];
}
if (empty($domain_config)) throw new Exception('域名列表不能为空');
$order = $this->ac->createOrder($domain_config);
$dnsList = [];
if (!empty($order['challenges'])) {
foreach ($order['challenges'] as $opts) {
$mainDomain = getMainDomain($opts['domain']);
$name = substr($opts['key'], 0, -(strlen($mainDomain) + 1));
/*if (!array_key_exists($mainDomain, $dnsList)) {
$dnsList[$mainDomain][] = ['name' => '@', 'type' => 'CAA', 'value' => '0 issue "letsencrypt.org"'];
}*/
$dnsList[$mainDomain][] = ['name' => $name, 'type' => 'TXT', 'value' => $opts['value']];
}
}
return $dnsList;
}
public function authOrder($domainList, $order)
{
$this->ac->authOrder($order);
}
public function getAuthStatus($domainList, $order)
{
return true;
}
public function finalizeOrder($domainList, $order, $keytype, $keysize)
{
if (empty($domainList)) throw new Exception('域名列表不能为空');
if ($keytype == 'ECC') {
if (empty($keysize)) $keysize = '384';
$private_key = $this->ac->generateECKey($keysize);
} else {
if (empty($keysize)) $keysize = '2048';
$private_key = $this->ac->generateRSAKey($keysize);
}
$fullchain = $this->ac->finalizeOrder($domainList, $order, $private_key);
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
return ['private_key' => $private_key, 'fullchain' => $fullchain, 'issuer' => $certInfo['issuer']['CN'], 'subject' => $certInfo['subject']['CN'], 'validFrom' => $certInfo['validFrom_time_t'], 'validTo' => $certInfo['validTo_time_t']];
}
public function revoke($order, $pem)
{
$this->ac->revoke($pem);
}
public function cancel($order) {}
public function setLogger($func)
{
$this->ac->setLogger($func);
}
}

120
app/lib/cert/litessl.php Normal file
View File

@@ -0,0 +1,120 @@
<?php
namespace app\lib\cert;
use app\lib\CertInterface;
use app\lib\acme\ACMECert;
use Exception;
class litessl implements CertInterface
{
private $directory = 'https://acme.litessl.com/acme/v2/directory';
private $ac;
private $config;
private $ext;
public function __construct($config, $ext = null)
{
$this->config = $config;
$this->ac = new ACMECert($this->directory, (int)$config['proxy']);
if ($ext) {
$this->ext = $ext;
$this->ac->loadAccountKey($ext['key']);
$this->ac->setAccount($ext['kid']);
}
}
public function register()
{
if (empty($this->config['email'])) throw new Exception('邮件地址不能为空');
if (empty($this->config['kid']) || empty($this->config['key'])) {
throw new Exception('EAB密钥不能为空');
}
if (!empty($this->ext['key'])) {
$kid = $this->ac->registerEAB(true, $this->config['kid'], $this->config['key'], $this->config['email']);
return ['kid' => $kid, 'key' => $this->ext['key']];
}
$key = $this->ac->generateRSAKey(2048);
$this->ac->loadAccountKey($key);
$kid = $this->ac->registerEAB(true, $this->config['kid'], $this->config['key'], $this->config['email']);
return ['kid' => $kid, 'key' => $key];
}
public function buyCert($domainList, &$order)
{
}
public function createOrder($domainList, &$order, $keytype, $keysize)
{
$domain_config = [];
foreach ($domainList as $domain) {
if (empty($domain)) continue;
$domain_config[$domain] = ['challenge' => 'dns-01'];
}
if (empty($domain_config)) throw new Exception('域名列表不能为空');
$order = $this->ac->createOrder($domain_config);
$dnsList = [];
if (!empty($order['challenges'])) {
$keys = [];
foreach ($order['challenges'] as $opts) {
$key = $opts['key'] . '|' .$opts['value'];
if (in_array($key, $keys)) continue;
$mainDomain = getMainDomain($opts['domain']);
$name = substr($opts['key'], 0, -(strlen($mainDomain) + 1));
/*if (!array_key_exists($mainDomain, $dnsList)) {
$dnsList[$mainDomain][] = ['name' => '@', 'type' => 'CAA', 'value' => '0 issue "litessl.cn"'];
}*/
$dnsList[$mainDomain][] = ['name' => $name, 'type' => 'TXT', 'value' => $opts['value']];
$keys[] = $key;
}
}
return $dnsList;
}
public function authOrder($domainList, $order)
{
$this->ac->authOrder($order);
}
public function getAuthStatus($domainList, $order)
{
return true;
}
public function finalizeOrder($domainList, $order, $keytype, $keysize)
{
if (empty($domainList)) throw new Exception('域名列表不能为空');
if ($keytype == 'ECC') {
if (empty($keysize)) $keysize = '384';
$private_key = $this->ac->generateECKey($keysize);
} else {
if (empty($keysize)) $keysize = '2048';
$private_key = $this->ac->generateRSAKey($keysize);
}
$fullchain = $this->ac->finalizeOrder($domainList, $order, $private_key);
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
return ['private_key' => $private_key, 'fullchain' => $fullchain, 'issuer' => $certInfo['issuer']['CN'], 'subject' => $certInfo['subject']['CN'], 'validFrom' => $certInfo['validFrom_time_t'], 'validTo' => $certInfo['validTo_time_t']];
}
public function revoke($order, $pem)
{
$this->ac->revoke($pem);
}
public function cancel($order)
{
}
public function setLogger($func)
{
$this->ac->setLogger($func);
}
}

389
app/lib/cert/tencent.php
View File

@@ -1,189 +1,200 @@
<?php
namespace app\lib\cert;
use app\lib\CertInterface;
use app\lib\client\TencentCloud;
use Exception;
class tencent implements CertInterface
{
private $SecretId;
private $SecretKey;
private $email;
private $endpoint = "ssl.tencentcloudapi.com";
private $service = "ssl";
private $version = "2019-12-05";
private $logger;
private TencentCloud $client;
public function __construct($config, $ext = null)
{
$this->SecretId = $config['SecretId'];
$this->SecretKey = $config['SecretKey'];
$this->client = new TencentCloud($this->SecretId, $this->SecretKey, $this->endpoint, $this->service, $this->version);
$this->email = $config['email'];
}
public function register()
{
if (empty($this->SecretId) || empty($this->SecretKey) || empty($this->email)) throw new Exception('必填参数不能为空');
$this->request('DescribeCertificates', []);
return true;
}
public function buyCert($domainList, &$order) {}
public function createOrder($domainList, &$order, $keytype, $keysize)
{
if (empty($domainList)) throw new Exception('域名列表不能为空');
$domain = $domainList[0];
$param = [
'DvAuthMethod' => 'DNS',
'DomainName' => $domain,
'ContactEmail' => $this->email,
'CsrEncryptAlgo' => $keytype,
'CsrKeyParameter' => $keytype == 'ECC' ? 'prime256v1' : '2048',
];
$data = $this->request('ApplyCertificate', $param);
if (empty($data['CertificateId'])) throw new Exception('证书申请失败CertificateId为空');
$order['CertificateId'] = $data['CertificateId'];
$param = [
'CertificateId' => $order['CertificateId'],
];
$data = $this->request('DescribeCertificate', $param);
$order['OrderId'] = $data['OrderId'];
$dnsList = [];
if (!empty($data['DvAuthDetail']['DvAuths'])) {
foreach ($data['DvAuthDetail']['DvAuths'] as $opts) {
$mainDomain = $opts['DvAuthDomain'];
$dnsList[$mainDomain][] = ['name' => $opts['DvAuthSubDomain'], 'type' => $opts['DvAuthVerifyType'] ?? 'CNAME', 'value' => $opts['DvAuthValue']];
}
}
return $dnsList;
}
public function authOrder($domainList, $order)
{
$param = [
'CertificateId' => $order['CertificateId'],
];
$data = $this->request('DescribeCertificate', $param);
if ($data['Status'] == 0 || $data['Status'] == 4) {
$this->request('CompleteCertificate', $param);
sleep(3);
}
}
public function getAuthStatus($domainList, $order)
{
$param = [
'CertificateId' => $order['CertificateId'],
];
$data = $this->request('DescribeCertificate', $param);
if ($data['Status'] == 1) {
return true;
} elseif ($data['Status'] == 2) {
throw new Exception('证书审核失败' . (empty($data['StatusMsg'] ? '' : ':' . $data['StatusMsg'])));
} else {
return false;
}
}
public function finalizeOrder($domainList, $order, $keytype, $keysize)
{
if (!is_dir(app()->getRuntimePath() . 'cert')) mkdir(app()->getRuntimePath() . 'cert');
$param = [
'CertificateId' => $order['CertificateId'],
'ServiceType' => 'nginx',
];
$data = $this->request('DescribeDownloadCertificateUrl', $param);
$file_data = get_curl($data['DownloadCertificateUrl']);
$file_path = app()->getRuntimePath() . 'cert/' . $data['DownloadFilename'];
$file_name = substr($data['DownloadFilename'], 0, -4);
file_put_contents($file_path, $file_data);
$zip = new \ZipArchive;
if ($zip->open($file_path) === true) {
$zip->extractTo(app()->getRuntimePath() . 'cert/');
$zip->close();
} else {
throw new Exception('解压证书失败');
}
$cert_dir = app()->getRuntimePath() . 'cert/' . $file_name;
$items = scandir($cert_dir);
if ($items === false) throw new Exception('解压后的证书文件夹不存在');
$private_key = null;
$fullchain = null;
foreach ($items as $item) {
if (substr($item, -4) == '.key') {
$private_key = file_get_contents($cert_dir . '/' . $item);
} elseif (substr($item, -4) == '.crt') {
$fullchain = file_get_contents($cert_dir . '/' . $item);
}
}
if (empty($private_key) || empty($fullchain)) throw new Exception('解压后的证书文件夹内未找到证书文件');
clearDirectory($cert_dir);
rmdir($cert_dir);
unlink($file_path);
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
return ['private_key' => $private_key, 'fullchain' => $fullchain, 'issuer' => $certInfo['issuer']['CN'], 'subject' => $certInfo['subject']['CN'], 'validFrom' => $certInfo['validFrom_time_t'], 'validTo' => $certInfo['validTo_time_t']];
}
public function revoke($order, $pem)
{
$param = [
'CertificateId' => $order['CertificateId'],
];
$action = 'RevokeCertificate';
$data = $this->request($action, $param);
if (!empty($data['RevokeDomainValidateAuths'])) {
$dnsList = [];
foreach ($data['RevokeDomainValidateAuths'] as $opts) {
$mainDomain = getMainDomain($opts['DomainValidateAuthDomain']);
$name = str_replace('.' . $mainDomain, '', $opts['DomainValidateAuthKey']);
$dnsList[$mainDomain][] = ['name' => $name, 'type' => 'CNAME', 'value' => $opts['DomainValidateAuthValue']];
}
\app\utils\CertDnsUtils::addDns($dnsList, function ($txt) {
$this->log($txt);
});
}
}
public function cancel($order)
{
$param = [
'CertificateId' => $order['CertificateId'],
];
$action = 'CancelAuditCertificate';
$this->request($action, $param);
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
private function request($action, $param)
{
$this->log('Action:' . $action . PHP_EOL . 'Request:' . json_encode($param, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));
$result = $this->client->request($action, $param);
$this->log('Response:' . json_encode($result, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));
return $result;
}
}
<?php
namespace app\lib\cert;
use app\lib\CertInterface;
use app\lib\client\TencentCloud;
use Exception;
class tencent implements CertInterface
{
private $SecretId;
private $SecretKey;
private $email;
private $endpoint = "ssl.tencentcloudapi.com";
private $service = "ssl";
private $version = "2019-12-05";
private $logger;
private $proxy;
private TencentCloud $client;
public function __construct($config, $ext = null)
{
$this->SecretId = $config['SecretId'];
$this->SecretKey = $config['SecretKey'];
$this->proxy = isset($config['proxy']) ? $config['proxy'] == 1 : false;
$this->client = new TencentCloud($this->SecretId, $this->SecretKey, $this->endpoint, $this->service, $this->version, null, $this->proxy);
$this->email = $config['email'];
}
public function register()
{
if (empty($this->SecretId) || empty($this->SecretKey) || empty($this->email)) throw new Exception('必填参数不能为空');
$this->request('DescribeCertificates', []);
return true;
}
public function buyCert($domainList, &$order) {}
public function createOrder($domainList, &$order, $keytype, $keysize)
{
if (empty($domainList)) throw new Exception('域名列表不能为空');
$domain = $domainList[0];
$param = [
'DvAuthMethod' => 'DNS',
'DomainName' => $domain,
'ContactEmail' => $this->email,
'CsrEncryptAlgo' => $keytype,
'CsrKeyParameter' => $keytype == 'ECC' ? 'prime256v1' : '2048',
];
$data = $this->request('ApplyCertificate', $param);
if (empty($data['CertificateId'])) throw new Exception('证书申请失败CertificateId为空');
$order['CertificateId'] = $data['CertificateId'];
$param = [
'CertificateId' => $order['CertificateId'],
];
$data = $this->request('DescribeCertificate', $param);
$order['OrderId'] = $data['OrderId'];
$dnsList = [];
if (!empty($data['DvAuthDetail']['DvAuths'])) {
foreach ($data['DvAuthDetail']['DvAuths'] as $opts) {
$mainDomain = getMainDomain($opts['DvAuthKey']);
$name = substr($opts['DvAuthKey'], 0, -(strlen($mainDomain) + 1));
$dnsList[$mainDomain][] = ['name' => $name, 'type' => $opts['DvAuthVerifyType'] ?? 'CNAME', 'value' => $opts['DvAuthValue']];
}
}
return $dnsList;
}
public function authOrder($domainList, $order)
{
$param = [
'CertificateId' => $order['CertificateId'],
];
$data = $this->request('DescribeCertificate', $param);
if ($data['Status'] == 0 || $data['Status'] == 4) {
$this->request('CompleteCertificate', $param);
sleep(3);
}
}
public function getAuthStatus($domainList, $order)
{
$param = [
'CertificateId' => $order['CertificateId'],
];
$data = $this->request('DescribeCertificate', $param);
if ($data['Status'] == 1) {
return true;
} elseif ($data['Status'] == 2) {
throw new Exception('证书审核失败' . (empty($data['StatusMsg'] ? '' : ':' . $data['StatusMsg'])));
} else {
return false;
}
}
public function finalizeOrder($domainList, $order, $keytype, $keysize)
{
$param = [
'CertificateIds' => [$order['CertificateId']],
'SwitchStatus' => 1,
];
$this->request('ModifyCertificatesExpiringNotificationSwitch', $param);
if (!is_dir(app()->getRuntimePath() . 'cert')) mkdir(app()->getRuntimePath() . 'cert');
$param = [
'CertificateId' => $order['CertificateId'],
'ServiceType' => 'nginx',
];
$data = $this->request('DescribeDownloadCertificateUrl', $param);
$file_data = http_request($data['DownloadCertificateUrl'], null, null, null, null, $this->proxy);
$file_data = $file_data['body'] ?? null;
if (empty($file_data)) throw new Exception('下载证书失败');
$file_path = app()->getRuntimePath() . 'cert/' . $data['DownloadFilename'];
$file_name = substr($data['DownloadFilename'], 0, -4);
file_put_contents($file_path, $file_data);
$zip = new \ZipArchive;
if ($zip->open($file_path) === true) {
$zip->extractTo(app()->getRuntimePath() . 'cert/');
$zip->close();
} else {
throw new Exception('解压证书失败');
}
$cert_dir = app()->getRuntimePath() . 'cert/' . $file_name;
$items = scandir($cert_dir);
if ($items === false) throw new Exception('解压后的证书文件夹不存在');
$private_key = null;
$fullchain = null;
foreach ($items as $item) {
if (substr($item, -4) == '.key') {
$private_key = file_get_contents($cert_dir . '/' . $item);
} elseif (substr($item, -4) == '.crt') {
$fullchain = file_get_contents($cert_dir . '/' . $item);
}
}
if (empty($private_key) || empty($fullchain)) throw new Exception('解压后的证书文件夹内未找到证书文件');
clearDirectory($cert_dir);
rmdir($cert_dir);
unlink($file_path);
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
return ['private_key' => $private_key, 'fullchain' => $fullchain, 'issuer' => $certInfo['issuer']['CN'], 'subject' => $certInfo['subject']['CN'], 'validFrom' => $certInfo['validFrom_time_t'], 'validTo' => $certInfo['validTo_time_t']];
}
public function revoke($order, $pem)
{
$param = [
'CertificateId' => $order['CertificateId'],
];
$action = 'RevokeCertificate';
$data = $this->request($action, $param);
if (!empty($data['RevokeDomainValidateAuths'])) {
$dnsList = [];
foreach ($data['RevokeDomainValidateAuths'] as $opts) {
$mainDomain = getMainDomain($opts['DomainValidateAuthKey']);
$name = substr($opts['DomainValidateAuthKey'], 0, -(strlen($mainDomain) + 1));
$dnsList[$mainDomain][] = ['name' => $name, 'type' => 'TXT', 'value' => $opts['DomainValidateAuthValue']];
}
\app\utils\CertDnsUtils::addDns($dnsList, function ($txt) {
$this->log($txt);
});
}
}
public function cancel($order)
{
$param = [
'CertificateId' => $order['CertificateId'],
];
$action = 'CancelAuditCertificate';
$this->request($action, $param);
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
private function request($action, $param)
{
$this->log('Action:' . $action . PHP_EOL . 'Request:' . json_encode($param, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));
$result = $this->client->request($action, $param);
$this->log('Response:' . json_encode($result, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));
return $result;
}
}

375
app/lib/cert/ucloud.php
View File

@@ -1,187 +1,188 @@
<?php
namespace app\lib\cert;
use app\lib\CertInterface;
use app\lib\client\Ucloud as UcloudClient;
use Exception;
class ucloud implements CertInterface
{
private $PublicKey;
private $PrivateKey;
private $config;
private $logger;
private UcloudClient $client;
public function __construct($config, $ext = null)
{
$this->PublicKey = $config['PublicKey'];
$this->PrivateKey = $config['PrivateKey'];
$this->client = new UcloudClient($this->PublicKey, $this->PrivateKey);
$this->config = $config;
}
public function register()
{
if (empty($this->PublicKey) || empty($this->PrivateKey) || empty($this->config['username']) || empty($this->config['phone']) || empty($this->config['email'])) throw new Exception('必填参数不能为空');
$param = ['Mode' => 'free'];
$this->request('GetCertificateList', $param);
return true;
}
public function buyCert($domainList, &$order)
{
$param = [
'CertificateBrand' => 'TrustAsia',
'CertificateName' => 'TrustAsiaC1DVFree',
'DomainsCount' => 1,
'ValidYear' => 1,
];
$data = $this->request('PurchaseCertificate', $param);
if (!isset($data['CertificateID'])) throw new Exception('证书购买失败CertificateID为空');
$order['CertificateID'] = $data['CertificateID'];
}
public function createOrder($domainList, &$order, $keytype, $keysize)
{
if (empty($domainList)) throw new Exception('域名列表不能为空');
$domain = $domainList[0];
$param = [
'CertificateID' => $order['CertificateID'],
'Domains' => $domain,
'CSROnline' => 1,
'CSREncryptAlgo' => ['RSA' => 'RSA', 'ECC' => 'ECDSA'][$keytype],
'CSRKeyParameter' => ['2048' => '2048', '3072' => '3072', '256' => 'prime256v1', '384' => 'prime384v1'][$keysize],
'CompanyName' => '公司名称',
'CompanyAddress' => '公司地址',
'CompanyRegion' => '北京',
'CompanyCity' => '北京',
'CompanyCountry' => 'CN',
'CompanyDivision' => '部门',
'CompanyPhone' => $this->config['phone'],
'CompanyPostalCode' => '110100',
'AdminName' => $this->config['username'],
'AdminPhone' => $this->config['phone'],
'AdminEmail' => $this->config['email'],
'AdminTitle' => '职员',
'DVAuthMethod' => 'DNS'
];
$data = $this->request('ComplementCSRInfo', $param);
sleep(3);
$param = [
'CertificateID' => $order['CertificateID'],
];
$data = $this->request('GetDVAuthInfo', $param);
$dnsList = [];
if (!empty($data['Auths'])) {
foreach ($data['Auths'] as $auth) {
$mainDomain = getMainDomain($auth['Domain']);
$dnsList[$mainDomain][] = ['name' => $auth['AuthRecord'], 'type' => $auth['AuthType'] == 'DNS_TXT' ? 'TXT' : 'CNAME', 'value' => $auth['AuthValue']];
}
}
return $dnsList;
}
public function authOrder($domainList, $order) {}
public function getAuthStatus($domainList, $order)
{
$param = [
'CertificateID' => $order['CertificateID'],
];
$data = $this->request('GetCertificateDetailInfo', $param);
if ($data['CertificateInfo']['StateCode'] == 'COMPLETED' || $data['CertificateInfo']['StateCode'] == 'RENEWED') {
return true;
} elseif ($data['CertificateInfo']['StateCode'] == 'REJECTED' || $data['CertificateInfo']['StateCode'] == 'SECURITY_REVIEW_FAILED') {
throw new Exception('证书审核失败:' . $data['CertificateInfo']['State']);
} else {
return false;
}
}
public function finalizeOrder($domainList, $order, $keytype, $keysize)
{
if (!is_dir(app()->getRuntimePath() . 'cert')) mkdir(app()->getRuntimePath() . 'cert');
$param = [
'CertificateID' => $order['CertificateID'],
];
$info = $this->request('GetCertificateDetailInfo', $param);
$data = $this->request('DownloadCertificate', $param);
$file_data = get_curl($data['CertificateUrl']);
$file_path = app()->getRuntimePath() . 'cert/USSL_' . $order['CertificateID'] . '.zip';
file_put_contents($file_path, $file_data);
$zip = new \ZipArchive;
if ($zip->open($file_path) === true) {
$zip->extractTo(app()->getRuntimePath() . 'cert/');
$zip->close();
} else {
throw new Exception('解压证书失败');
}
$cert_dir = app()->getRuntimePath() . 'cert/Nginx';
$items = scandir($cert_dir);
if ($items === false) throw new Exception('解压后的证书文件夹不存在');
$private_key = null;
$fullchain = null;
foreach ($items as $item) {
if (substr($item, -4) == '.key') {
$private_key = file_get_contents($cert_dir . '/' . $item);
} elseif (substr($item, -4) == '.pem') {
$fullchain = file_get_contents($cert_dir . '/' . $item);
}
}
if (empty($private_key) || empty($fullchain)) throw new Exception('解压后的证书文件夹内未找到证书文件');
clearDirectory(app()->getRuntimePath() . 'cert');
return ['private_key' => $private_key, 'fullchain' => $fullchain, 'issuer' => $info['CertificateInfo']['CaOrganization'], 'subject' => $info['CertificateInfo']['Name'], 'validFrom' => $info['CertificateInfo']['IssuedDate'], 'validTo' => $info['CertificateInfo']['ExpiredDate']];
}
public function revoke($order, $pem)
{
$param = [
'CertificateID' => $order['CertificateID'],
'Reason' => '业务终止',
];
$this->request('RevokeCertificate', $param);
}
public function cancel($order)
{
$param = [
'CertificateID' => $order['CertificateID'],
];
$this->request('CancelCertificateOrder', $param);
sleep(1);
$param['CertificateMode'] = 'purchase';
$this->request('DeleteSSLCertificate', $param);
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
private function request($action, $params)
{
$this->log('Action:' . $action . PHP_EOL . 'Request:' . json_encode($params, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));
$result = $this->client->request($action, $params);
$this->log('Response:' . json_encode($result, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));
return $result;
}
}
<?php
namespace app\lib\cert;
use app\lib\CertInterface;
use app\lib\client\Ucloud as UcloudClient;
use Exception;
class ucloud implements CertInterface
{
private $PublicKey;
private $PrivateKey;
private $config;
private $logger;
private UcloudClient $client;
public function __construct($config, $ext = null)
{
$this->PublicKey = $config['PublicKey'];
$this->PrivateKey = $config['PrivateKey'];
$this->client = new UcloudClient($this->PublicKey, $this->PrivateKey);
$this->config = $config;
}
public function register()
{
if (empty($this->PublicKey) || empty($this->PrivateKey) || empty($this->config['username']) || empty($this->config['phone']) || empty($this->config['email'])) throw new Exception('必填参数不能为空');
$param = ['Mode' => 'free'];
$this->request('GetCertificateList', $param);
return true;
}
public function buyCert($domainList, &$order)
{
$param = [
'CertificateBrand' => 'TrustAsia',
'CertificateName' => 'TrustAsiaC1DVFree',
'DomainsCount' => 1,
'ValidYear' => 1,
];
$data = $this->request('PurchaseCertificate', $param);
if (!isset($data['CertificateID'])) throw new Exception('证书购买失败CertificateID为空');
$order['CertificateID'] = $data['CertificateID'];
}
public function createOrder($domainList, &$order, $keytype, $keysize)
{
if (empty($domainList)) throw new Exception('域名列表不能为空');
$domain = $domainList[0];
$param = [
'CertificateID' => $order['CertificateID'],
'Domains' => $domain,
'CSROnline' => 1,
'CSREncryptAlgo' => ['RSA' => 'RSA', 'ECC' => 'ECDSA'][$keytype],
'CSRKeyParameter' => ['2048' => '2048', '3072' => '3072', '256' => 'prime256v1', '384' => 'prime384v1'][$keysize],
'CompanyName' => '公司名称',
'CompanyAddress' => '公司地址',
'CompanyRegion' => '北京',
'CompanyCity' => '北京',
'CompanyCountry' => 'CN',
'CompanyDivision' => '部门',
'CompanyPhone' => $this->config['phone'],
'CompanyPostalCode' => '110100',
'AdminName' => $this->config['username'],
'AdminPhone' => $this->config['phone'],
'AdminEmail' => $this->config['email'],
'AdminTitle' => '职员',
'DVAuthMethod' => 'DNS'
];
$data = $this->request('ComplementCSRInfo', $param);
sleep(3);
$param = [
'CertificateID' => $order['CertificateID'],
];
$data = $this->request('GetDVAuthInfo', $param);
$dnsList = [];
if (!empty($data['Auths'])) {
foreach ($data['Auths'] as $auth) {
$mainDomain = getMainDomain($auth['Domain']);
$name = substr($auth['AuthKey'], 0, -(strlen($mainDomain) + 1));
$dnsList[$mainDomain][] = ['name' => $name, 'type' => $auth['AuthType'] == 'DNS_TXT' ? 'TXT' : 'CNAME', 'value' => $auth['AuthValue']];
}
}
return $dnsList;
}
public function authOrder($domainList, $order) {}
public function getAuthStatus($domainList, $order)
{
$param = [
'CertificateID' => $order['CertificateID'],
];
$data = $this->request('GetCertificateDetailInfo', $param);
if ($data['CertificateInfo']['StateCode'] == 'COMPLETED' || $data['CertificateInfo']['StateCode'] == 'RENEWED') {
return true;
} elseif ($data['CertificateInfo']['StateCode'] == 'REJECTED' || $data['CertificateInfo']['StateCode'] == 'SECURITY_REVIEW_FAILED') {
throw new Exception('证书审核失败:' . $data['CertificateInfo']['State']);
} else {
return false;
}
}
public function finalizeOrder($domainList, $order, $keytype, $keysize)
{
if (!is_dir(app()->getRuntimePath() . 'cert')) mkdir(app()->getRuntimePath() . 'cert');
$param = [
'CertificateID' => $order['CertificateID'],
];
$info = $this->request('GetCertificateDetailInfo', $param);
$data = $this->request('DownloadCertificate', $param);
$file_data = get_curl($data['CertificateUrl']);
$file_path = app()->getRuntimePath() . 'cert/USSL_' . $order['CertificateID'] . '.zip';
file_put_contents($file_path, $file_data);
$zip = new \ZipArchive;
if ($zip->open($file_path) === true) {
$zip->extractTo(app()->getRuntimePath() . 'cert/');
$zip->close();
} else {
throw new Exception('解压证书失败');
}
$cert_dir = app()->getRuntimePath() . 'cert/Nginx';
$items = scandir($cert_dir);
if ($items === false) throw new Exception('解压后的证书文件夹不存在');
$private_key = null;
$fullchain = null;
foreach ($items as $item) {
if (substr($item, -4) == '.key') {
$private_key = file_get_contents($cert_dir . '/' . $item);
} elseif (substr($item, -4) == '.pem') {
$fullchain = file_get_contents($cert_dir . '/' . $item);
}
}
if (empty($private_key) || empty($fullchain)) throw new Exception('解压后的证书文件夹内未找到证书文件');
clearDirectory(app()->getRuntimePath() . 'cert');
return ['private_key' => $private_key, 'fullchain' => $fullchain, 'issuer' => $info['CertificateInfo']['CaOrganization'], 'subject' => $info['CertificateInfo']['Name'], 'validFrom' => $info['CertificateInfo']['IssuedDate'], 'validTo' => $info['CertificateInfo']['ExpiredDate']];
}
public function revoke($order, $pem)
{
$param = [
'CertificateID' => $order['CertificateID'],
'Reason' => '业务终止',
];
$this->request('RevokeCertificate', $param);
}
public function cancel($order)
{
$param = [
'CertificateID' => $order['CertificateID'],
];
$this->request('CancelCertificateOrder', $param);
sleep(1);
$param['CertificateMode'] = 'purchase';
$this->request('DeleteSSLCertificate', $param);
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
private function request($action, $params)
{
$this->log('Action:' . $action . PHP_EOL . 'Request:' . json_encode($params, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));
$result = $this->client->request($action, $params);
$this->log('Response:' . json_encode($result, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));
return $result;
}
}

244
app/lib/cert/zerossl.php
View File

@@ -1,110 +1,134 @@
<?php
namespace app\lib\cert;
use app\lib\CertInterface;
use app\lib\acme\ACMECert;
use Exception;
class zerossl implements CertInterface
{
private $directory = 'https://acme.zerossl.com/v2/DV90';
private $ac;
private $config;
private $ext;
public function __construct($config, $ext = null)
{
$this->config = $config;
$this->ac = new ACMECert($this->directory, $config['proxy'] == 1);
if ($ext) {
$this->ext = $ext;
$this->ac->loadAccountKey($ext['key']);
$this->ac->setAccount($ext['kid']);
}
}
public function register()
{
if (empty($this->config['email'])) throw new Exception('邮件地址不能为空');
if (empty($this->config['kid']) || empty($this->config['key'])) throw new Exception('必填参数不能为空');
if (!empty($this->ext['key'])) {
$kid = $this->ac->registerEAB(true, $this->config['kid'], $this->config['key'], $this->config['email']);
return ['kid' => $kid, 'key' => $this->ext['key']];
}
$key = $this->ac->generateRSAKey(2048);
$this->ac->loadAccountKey($key);
$kid = $this->ac->registerEAB(true, $this->config['kid'], $this->config['key'], $this->config['email']);
return ['kid' => $kid, 'key' => $key];
}
public function buyCert($domainList, &$order) {}
public function createOrder($domainList, &$order, $keytype, $keysize)
{
$domain_config = [];
foreach ($domainList as $domain) {
if (empty($domain)) continue;
$domain_config[$domain] = ['challenge' => 'dns-01'];
}
if (empty($domain_config)) throw new Exception('域名列表不能为空');
$order = $this->ac->createOrder($domain_config);
$dnsList = [];
if (!empty($order['challenges'])) {
foreach ($order['challenges'] as $opts) {
$mainDomain = getMainDomain($opts['domain']);
$name = str_replace('.' . $mainDomain, '', $opts['key']);
/*if (!array_key_exists($mainDomain, $dnsList)) {
$dnsList[$mainDomain][] = ['name' => '@', 'type' => 'CAA', 'value' => '0 issue "sectigo.com"'];
}*/
$dnsList[$mainDomain][] = ['name' => $name, 'type' => 'TXT', 'value' => $opts['value']];
}
}
return $dnsList;
}
public function authOrder($domainList, $order)
{
$this->ac->authOrder($order);
}
public function getAuthStatus($domainList, $order)
{
return true;
}
public function finalizeOrder($domainList, $order, $keytype, $keysize)
{
if (empty($domainList)) throw new Exception('域名列表不能为空');
if ($keytype == 'ECC') {
if (empty($keysize)) $keysize = '384';
$private_key = $this->ac->generateECKey($keysize);
} else {
if (empty($keysize)) $keysize = '2048';
$private_key = $this->ac->generateRSAKey($keysize);
}
$fullchain = $this->ac->finalizeOrder($domainList, $order, $private_key);
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
return ['private_key' => $private_key, 'fullchain' => $fullchain, 'issuer' => $certInfo['issuer']['CN'], 'subject' => $certInfo['subject']['CN'], 'validFrom' => $certInfo['validFrom_time_t'], 'validTo' => $certInfo['validTo_time_t']];
}
public function revoke($order, $pem)
{
$this->ac->revoke($pem);
}
public function cancel($order) {}
public function setLogger($func)
{
$this->ac->setLogger($func);
}
}
<?php
namespace app\lib\cert;
use app\lib\CertInterface;
use app\lib\acme\ACMECert;
use Exception;
class zerossl implements CertInterface
{
private $directory = 'https://acme.zerossl.com/v2/DV90';
private $ac;
private $config;
private $ext;
public function __construct($config, $ext = null)
{
$this->config = $config;
$this->ac = new ACMECert($this->directory, (int)$config['proxy']);
if ($ext) {
$this->ext = $ext;
$this->ac->loadAccountKey($ext['key']);
$this->ac->setAccount($ext['kid']);
}
}
public function register()
{
if (empty($this->config['email'])) throw new Exception('邮件地址不能为空');
if (isset($this->config['eabMode']) && $this->config['eabMode'] == 'auto') {
$eab = $this->getEAB($this->config['email']);
} else {
$eab = ['kid' => $this->config['kid'], 'key' => $this->config['key']];
}
if (!empty($this->ext['key'])) {
$kid = $this->ac->registerEAB(true, $eab['kid'], $eab['key'], $this->config['email']);
return ['kid' => $kid, 'key' => $this->ext['key']];
}
$key = $this->ac->generateRSAKey(2048);
$this->ac->loadAccountKey($key);
$kid = $this->ac->registerEAB(true, $eab['kid'], $eab['key'], $this->config['email']);
return ['kid' => $kid, 'key' => $key];
}
public function buyCert($domainList, &$order)
{
}
public function createOrder($domainList, &$order, $keytype, $keysize)
{
$domain_config = [];
foreach ($domainList as $domain) {
if (empty($domain)) continue;
$domain_config[$domain] = ['challenge' => 'dns-01'];
}
if (empty($domain_config)) throw new Exception('域名列表不能为空');
$order = $this->ac->createOrder($domain_config);
$dnsList = [];
if (!empty($order['challenges'])) {
foreach ($order['challenges'] as $opts) {
$mainDomain = getMainDomain($opts['domain']);
$name = substr($opts['key'], 0, -(strlen($mainDomain) + 1));
/*if (!array_key_exists($mainDomain, $dnsList)) {
$dnsList[$mainDomain][] = ['name' => '@', 'type' => 'CAA', 'value' => '0 issue "sectigo.com"'];
}*/
$dnsList[$mainDomain][] = ['name' => $name, 'type' => 'TXT', 'value' => $opts['value']];
}
}
return $dnsList;
}
public function authOrder($domainList, $order)
{
$this->ac->authOrder($order);
}
public function getAuthStatus($domainList, $order)
{
return true;
}
public function finalizeOrder($domainList, $order, $keytype, $keysize)
{
if (empty($domainList)) throw new Exception('域名列表不能为空');
if ($keytype == 'ECC') {
if (empty($keysize)) $keysize = '384';
$private_key = $this->ac->generateECKey($keysize);
} else {
if (empty($keysize)) $keysize = '2048';
$private_key = $this->ac->generateRSAKey($keysize);
}
$fullchain = $this->ac->finalizeOrder($domainList, $order, $private_key);
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
return ['private_key' => $private_key, 'fullchain' => $fullchain, 'issuer' => $certInfo['issuer']['CN'], 'subject' => $certInfo['subject']['CN'], 'validFrom' => $certInfo['validFrom_time_t'], 'validTo' => $certInfo['validTo_time_t']];
}
public function revoke($order, $pem)
{
$this->ac->revoke($pem);
}
public function cancel($order)
{
}
public function setLogger($func)
{
$this->ac->setLogger($func);
}
private function getEAB($email)
{
$api = "https://api.zerossl.com/acme/eab-credentials-email";
$response = http_request($api, http_build_query(['email' => $email]), null, null, null, $this->config['proxy'] == 1);
$result = json_decode($response['body'], true);
if (!isset($result['success'])) {
throw new Exception('获取EAB失败' . $response['body']);
} elseif (!$result['success'] && isset($result['error'])) {
throw new Exception('获取EAB失败' . $result['error']['code'] . ' - ' . $result['error']['type']);
} elseif (!isset($result['eab_kid']) || !isset($result['eab_hmac_key'])) {
throw new Exception('获取EAB失败返回数据不完整');
}
return ['kid' => $result['eab_kid'], 'key' => $result['eab_hmac_key']];
}
}

694
app/lib/client/AWS.php
View File

@@ -1,330 +1,364 @@
<?php
namespace app\lib\client;
use Exception;
/**
* AWS
*/
class AWS
{
private $AccessKeyId;
private $SecretAccessKey;
private $endpoint;
private $service;
private $version;
private $region;
private $etag;
public function __construct($AccessKeyId, $SecretAccessKey, $endpoint, $service, $version, $region)
{
$this->AccessKeyId = $AccessKeyId;
$this->SecretAccessKey = $SecretAccessKey;
$this->endpoint = $endpoint;
$this->service = $service;
$this->version = $version;
$this->region = $region;
}
/**
* @param string $method 请求方法
* @param string $action 方法名称
* @param array $params 请求参数
* @return array
* @throws Exception
*/
public function request($method, $action, $params = [])
{
if (!empty($params)) {
$params = array_filter($params, function ($a) {
return $a !== null;
});
}
$body = '';
$query = [];
if ($method == 'GET' || $method == 'DELETE') {
$query = $params;
} else {
$body = !empty($params) ? json_encode($params) : '';
}
$time = time();
$date = gmdate("Ymd\THis\Z", $time);
$headers = [
'Host' => $this->endpoint,
'X-Amz-Target' => $action,
'X-Amz-Date' => $date,
//'X-Amz-Content-Sha256' => hash("sha256", $body),
];
if ($body) {
$headers['Content-Type'] = 'application/x-amz-json-1.1';
}
$path = '/';
$authorization = $this->generateSign($method, $path, $query, $headers, $body, $date);
$headers['Authorization'] = $authorization;
$url = 'https://' . $this->endpoint . $path;
if (!empty($query)) {
$url .= '?' . http_build_query($query);
}
$header = [];
foreach ($headers as $key => $value) {
$header[] = $key . ': ' . $value;
}
return $this->curl($method, $url, $body, $header);
}
/**
* @param string $method 请求方法
* @param string $action 方法名称
* @param array $params 请求参数
* @return array
* @throws Exception
*/
public function requestXml($method, $action, $params = [])
{
if (!empty($params)) {
$params = array_filter($params, function ($a) {
return $a !== null;
});
}
$body = '';
$query = [
'Action' => $action,
'Version' => $this->version,
];
if ($method == 'GET' || $method == 'DELETE') {
$query = array_merge($query, $params);
} else {
$body = !empty($params) ? http_build_query($params) : '';
}
$time = time();
$date = gmdate("Ymd\THis\Z", $time);
$headers = [
'Host' => $this->endpoint,
'X-Amz-Date' => $date,
];
$path = '/';
$authorization = $this->generateSign($method, $path, $query, $headers, $body, $date);
$headers['Authorization'] = $authorization;
$url = 'https://' . $this->endpoint . $path;
if (!empty($query)) {
$url .= '?' . http_build_query($query);
}
$header = [];
foreach ($headers as $key => $value) {
$header[] = $key . ': ' . $value;
}
return $this->curl($method, $url, $body, $header, true);
}
/**
* @param string $method 请求方法
* @param string $path 请求路径
* @param array $params 请求参数
* @param \SimpleXMLElement $xml 请求XML
* @return array
* @throws Exception
*/
public function requestXmlN($method, $path, $params = [], $xml = null, $etag = false)
{
if (!empty($params)) {
$params = array_filter($params, function ($a) {
return $a !== null;
});
}
$path = '/' . $this->version . $path;
if ($method == 'GET' || $method == 'DELETE') {
$query = $params;
} else {
$body = !empty($params) ? $this->array2xml($params, $xml) : '';
}
$time = time();
$date = gmdate("Ymd\THis\Z", $time);
$headers = [
'Host' => $this->endpoint,
'X-Amz-Date' => $date,
//'X-Amz-Content-Sha256' => hash("sha256", $body),
];
if ($this->etag) {
$headers['If-Match'] = $this->etag;
}
$authorization = $this->generateSign($method, $path, $query, $headers, $body, $date);
$headers['Authorization'] = $authorization;
$url = 'https://' . $this->endpoint . $path;
if (!empty($query)) {
$url .= '?' . http_build_query($query);
}
$header = [];
foreach ($headers as $key => $value) {
$header[] = $key . ': ' . $value;
}
return $this->curl($method, $url, $body, $header, true, $etag);
}
private function generateSign($method, $path, $query, $headers, $body, $date)
{
$algorithm = "AWS4-HMAC-SHA256";
// step 1: build canonical request string
$httpRequestMethod = $method;
$canonicalUri = $path;
$canonicalQueryString = $this->getCanonicalQueryString($query);
[$canonicalHeaders, $signedHeaders] = $this->getCanonicalHeaders($headers);
$hashedRequestPayload = hash("sha256", $body);
$canonicalRequest = $httpRequestMethod . "\n"
. $canonicalUri . "\n"
. $canonicalQueryString . "\n"
. $canonicalHeaders . "\n"
. $signedHeaders . "\n"
. $hashedRequestPayload;
// step 2: build string to sign
$shortDate = substr($date, 0, 8);
$credentialScope = $shortDate . '/' . $this->region . '/' . $this->service . '/aws4_request';
$hashedCanonicalRequest = hash("sha256", $canonicalRequest);
$stringToSign = $algorithm . "\n"
. $date . "\n"
. $credentialScope . "\n"
. $hashedCanonicalRequest;
// step 3: sign string
$kDate = hash_hmac("sha256", $shortDate, 'AWS4' . $this->SecretAccessKey, true);
$kRegion = hash_hmac("sha256", $this->region, $kDate, true);
$kService = hash_hmac("sha256", $this->service, $kRegion, true);
$kSigning = hash_hmac("sha256", "aws4_request", $kService, true);
$signature = hash_hmac("sha256", $stringToSign, $kSigning);
// step 4: build authorization
$credential = $this->AccessKeyId . '/' . $credentialScope;
$authorization = $algorithm . ' Credential=' . $credential . ", SignedHeaders=" . $signedHeaders . ", Signature=" . $signature;
return $authorization;
}
private function escape($str)
{
$search = ['+', '*', '%7E'];
$replace = ['%20', '%2A', '~'];
return str_replace($search, $replace, urlencode($str));
}
private function getCanonicalQueryString($parameters)
{
if (empty($parameters)) return '';
ksort($parameters);
$canonicalQueryString = '';
foreach ($parameters as $key => $value) {
$canonicalQueryString .= '&' . $this->escape($key) . '=' . $this->escape($value);
}
return substr($canonicalQueryString, 1);
}
private function getCanonicalHeaders($oldheaders)
{
$headers = array();
foreach ($oldheaders as $key => $value) {
$headers[strtolower($key)] = trim($value);
}
ksort($headers);
$canonicalHeaders = '';
$signedHeaders = '';
foreach ($headers as $key => $value) {
$canonicalHeaders .= $key . ':' . $value . "\n";
$signedHeaders .= $key . ';';
}
$signedHeaders = substr($signedHeaders, 0, -1);
return [$canonicalHeaders, $signedHeaders];
}
private function curl($method, $url, $body, $header, $xml = false, $etag = false)
{
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
if (!empty($body)) {
curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
}
if ($etag) {
curl_setopt($ch, CURLOPT_HEADER, true);
}
$response = curl_exec($ch);
$errno = curl_errno($ch);
if ($errno) {
curl_close($ch);
throw new Exception('Curl error: ' . curl_error($ch));
}
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($etag) {
if (preg_match('/ETag: ([^\r\n]+)/', $response, $matches)) {
$this->etag = trim($matches[1]);
}
$headerSize = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
$response = substr($response, $headerSize);
}
curl_close($ch);
if ($httpCode >= 200 && $httpCode < 300) {
if (empty($response)) return true;
return $xml ? $this->xml2array($response) : json_decode($response, true);
}
if ($xml) {
$arr = $this->xml2array($response);
if (isset($arr['Error']['Message'])) {
throw new Exception($arr['Error']['Message']);
} else {
throw new Exception('HTTP Code: ' . $httpCode);
}
} else {
$arr = json_decode($response, true);
if (isset($arr['message'])) {
throw new Exception($arr['message']);
} else {
throw new Exception('HTTP Code: ' . $httpCode);
}
}
}
private function xml2array($xml)
{
if (!$xml) {
return false;
}
LIBXML_VERSION < 20900 && libxml_disable_entity_loader(true);
return json_decode(json_encode(simplexml_load_string($xml, 'SimpleXMLElement', LIBXML_NOCDATA), JSON_UNESCAPED_UNICODE), true);
}
private function array2xml($array, $xml = null)
{
if ($xml === null) {
$xml = new \SimpleXMLElement('<root/>');
}
foreach ($array as $key => $value) {
if (is_array($value)) {
$subNode = $xml->addChild($key);
$this->array2xml($value, $subNode);
} else {
$xml->addChild($key, $value);
}
}
return $xml->asXML();
}
}
<?php
namespace app\lib\client;
use Exception;
/**
* AWS
*/
class AWS
{
private $AccessKeyId;
private $SecretAccessKey;
private $endpoint;
private $service;
private $version;
private $region;
private $etag;
private $proxy = false;
public function __construct($AccessKeyId, $SecretAccessKey, $endpoint, $service, $version, $region, $proxy = false)
{
$this->AccessKeyId = $AccessKeyId;
$this->SecretAccessKey = $SecretAccessKey;
$this->endpoint = $endpoint;
$this->service = $service;
$this->version = $version;
$this->region = $region;
$this->proxy = $proxy;
}
/**
* @param string $method 请求方法
* @param string $action 方法名称
* @param array $params 请求参数
* @return array
* @throws Exception
*/
public function request($method, $action, $params = [])
{
if (!empty($params)) {
$params = array_filter($params, function ($a) {
return $a !== null;
});
}
$body = '';
$query = [];
if ($method == 'GET' || $method == 'DELETE') {
$query = $params;
} else {
$body = !empty($params) ? json_encode($params) : '';
}
$time = time();
$date = gmdate("Ymd\THis\Z", $time);
$headers = [
'Host' => $this->endpoint,
'X-Amz-Target' => $action,
'X-Amz-Date' => $date,
//'X-Amz-Content-Sha256' => hash("sha256", $body),
];
if ($body) {
$headers['Content-Type'] = 'application/x-amz-json-1.1';
}
$path = '/';
$authorization = $this->generateSign($method, $path, $query, $headers, $body, $date);
$headers['Authorization'] = $authorization;
$url = 'https://' . $this->endpoint . $path;
if (!empty($query)) {
$url .= '?' . http_build_query($query);
}
$header = [];
foreach ($headers as $key => $value) {
$header[] = $key . ': ' . $value;
}
return $this->curl($method, $url, $body, $header);
}
/**
* @param string $method 请求方法
* @param string $action 方法名称
* @param array $params 请求参数
* @return array
* @throws Exception
*/
public function requestXml($method, $action, $params = [])
{
if (!empty($params)) {
$params = array_filter($params, function ($a) {
return $a !== null;
});
}
$body = '';
$query = [
'Action' => $action,
'Version' => $this->version,
];
if ($method == 'GET' || $method == 'DELETE') {
$query = array_merge($query, $params);
} else {
$body = !empty($params) ? http_build_query($params) : '';
}
$time = time();
$date = gmdate("Ymd\THis\Z", $time);
$headers = [
'Host' => $this->endpoint,
'X-Amz-Date' => $date,
];
$path = '/';
$authorization = $this->generateSign($method, $path, $query, $headers, $body, $date);
$headers['Authorization'] = $authorization;
$url = 'https://' . $this->endpoint . $path;
if (!empty($query)) {
$url .= '?' . http_build_query($query);
}
$header = [];
foreach ($headers as $key => $value) {
$header[] = $key . ': ' . $value;
}
return $this->curl($method, $url, $body, $header, true);
}
/**
* @param string $method 请求方法
* @param string $path 请求路径
* @param array $params 请求参数
* @param \SimpleXMLElement $xml 请求XML
* @return array
* @throws Exception
*/
public function requestXmlN($method, $path, $params = [], $xml = null, $etag = false)
{
if (!empty($params)) {
$params = array_filter($params, function ($a) {
return $a !== null;
});
}
$path = '/' . $this->version . $path;
$body = '';
$query = [];
if ($method == 'GET' || $method == 'DELETE') {
$query = $params;
} else {
$body = !empty($params) ? $this->array2xml($params, $xml) : '';
}
$time = time();
$date = gmdate("Ymd\THis\Z", $time);
$headers = [
'Host' => $this->endpoint,
'X-Amz-Date' => $date,
//'X-Amz-Content-Sha256' => hash("sha256", $body),
];
if ($this->etag) {
$headers['If-Match'] = $this->etag;
}
$authorization = $this->generateSign($method, $path, $query, $headers, $body, $date);
$headers['Authorization'] = $authorization;
$url = 'https://' . $this->endpoint . $path;
if (!empty($query)) {
$url .= '?' . http_build_query($query);
}
$header = [];
foreach ($headers as $key => $value) {
$header[] = $key . ': ' . $value;
}
return $this->curl($method, $url, $body, $header, true, $etag);
}
private function generateSign($method, $path, $query, $headers, $body, $date)
{
$algorithm = "AWS4-HMAC-SHA256";
// step 1: build canonical request string
$httpRequestMethod = $method;
$canonicalUri = $this->getCanonicalURI($path);
$canonicalQueryString = $this->getCanonicalQueryString($query);
[$canonicalHeaders, $signedHeaders] = $this->getCanonicalHeaders($headers);
$hashedRequestPayload = hash("sha256", $body);
$canonicalRequest = $httpRequestMethod . "\n"
. $canonicalUri . "\n"
. $canonicalQueryString . "\n"
. $canonicalHeaders . "\n"
. $signedHeaders . "\n"
. $hashedRequestPayload;
// step 2: build string to sign
$shortDate = substr($date, 0, 8);
$credentialScope = $shortDate . '/' . $this->region . '/' . $this->service . '/aws4_request';
$hashedCanonicalRequest = hash("sha256", $canonicalRequest);
$stringToSign = $algorithm . "\n"
. $date . "\n"
. $credentialScope . "\n"
. $hashedCanonicalRequest;
// step 3: sign string
$kDate = hash_hmac("sha256", $shortDate, 'AWS4' . $this->SecretAccessKey, true);
$kRegion = hash_hmac("sha256", $this->region, $kDate, true);
$kService = hash_hmac("sha256", $this->service, $kRegion, true);
$kSigning = hash_hmac("sha256", "aws4_request", $kService, true);
$signature = hash_hmac("sha256", $stringToSign, $kSigning);
// step 4: build authorization
$credential = $this->AccessKeyId . '/' . $credentialScope;
$authorization = $algorithm . ' Credential=' . $credential . ", SignedHeaders=" . $signedHeaders . ", Signature=" . $signature;
return $authorization;
}
private function escape($str)
{
$search = ['+', '*', '%7E'];
$replace = ['%20', '%2A', '~'];
return str_replace($search, $replace, urlencode($str));
}
private function getCanonicalURI($path)
{
if (empty($path)) return '/';
$pattens = explode('/', $path);
$pattens = array_map(function ($item) {
return $this->escape($item);
}, $pattens);
$canonicalURI = implode('/', $pattens);
return $canonicalURI;
}
private function getCanonicalQueryString($parameters)
{
if (empty($parameters)) return '';
ksort($parameters);
$canonicalQueryString = '';
foreach ($parameters as $key => $value) {
$canonicalQueryString .= '&' . $this->escape($key) . '=' . $this->escape($value);
}
return substr($canonicalQueryString, 1);
}
private function getCanonicalHeaders($oldheaders)
{
$headers = array();
foreach ($oldheaders as $key => $value) {
$headers[strtolower($key)] = trim($value);
}
ksort($headers);
$canonicalHeaders = '';
$signedHeaders = '';
foreach ($headers as $key => $value) {
$canonicalHeaders .= $key . ':' . $value . "\n";
$signedHeaders .= $key . ';';
}
$signedHeaders = substr($signedHeaders, 0, -1);
return [$canonicalHeaders, $signedHeaders];
}
private function curl($method, $url, $body, $header, $xml = false, $etag = false)
{
$ch = curl_init($url);
if ($this->proxy) {
curl_set_proxy($ch);
}
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
if (!empty($body)) {
curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
}
if ($etag) {
curl_setopt($ch, CURLOPT_HEADER, true);
}
$response = curl_exec($ch);
$errno = curl_errno($ch);
if ($errno) {
$errmsg = curl_error($ch);
curl_close($ch);
throw new Exception('Curl error: ' . $errmsg);
}
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($etag) {
if (preg_match('/ETag: ([^\r\n]+)/', $response, $matches)) {
$this->etag = trim($matches[1]);
}
$headerSize = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
$response = substr($response, $headerSize);
}
curl_close($ch);
if ($httpCode >= 200 && $httpCode < 300) {
if (empty($response)) return true;
return $xml ? $this->xml2array($response) : json_decode($response, true);
}
if ($xml) {
$arr = $this->xml2array($response);
if (isset($arr['Error']['Message'])) {
throw new Exception($arr['Error']['Message']);
} else {
throw new Exception('HTTP Code: ' . $httpCode);
}
} else {
$arr = json_decode($response, true);
if (isset($arr['message'])) {
throw new Exception($arr['message']);
} else {
throw new Exception('HTTP Code: ' . $httpCode);
}
}
}
private function xml2array($xml)
{
if (!$xml) {
return false;
}
LIBXML_VERSION < 20900 && libxml_disable_entity_loader(true);
return json_decode(json_encode(simplexml_load_string($xml, 'SimpleXMLElement', LIBXML_NOCDATA), JSON_UNESCAPED_UNICODE), true);
}
private function array2xml($array, $xml = null, $parentTagName = 'root')
{
if ($xml === null) {
$xml = new \SimpleXMLElement('<root/>');
}
foreach ($array as $key => $value) {
// 确定当前标签名:如果是数字键名,使用父级标签名,否则使用当前键名
$tagName = is_numeric($key) ? $parentTagName : $key;
if (is_array($value)) {
// 检查数组的第一个子节点的键是否为0
$firstKey = array_key_first($value);
$isFirstKeyZero = ($firstKey === 0 || $firstKey === '0');
if ($isFirstKeyZero) {
// 如果第一个子节点的键是0则不生成当前节点标签直接递归子节点
$this->array2xml($value, $xml, $tagName);
} else {
// 否则生成当前节点标签,并递归子节点
$subNode = $xml->addChild($tagName);
$this->array2xml($value, $subNode, $tagName);
}
} else {
$xml->addChild($key, $value);
}
}
return $xml->asXML();
}
}

196
app/lib/client/Aliyun.php
View File

@@ -1,95 +1,101 @@
<?php
namespace app\lib\client;
use Exception;
/**
* 阿里云
*/
class Aliyun
{
private $AccessKeyId;
private $AccessKeySecret;
private $Endpoint;
private $Version;
public function __construct($AccessKeyId, $AccessKeySecret, $Endpoint, $Version)
{
$this->AccessKeyId = $AccessKeyId;
$this->AccessKeySecret = $AccessKeySecret;
$this->Endpoint = $Endpoint;
$this->Version = $Version;
}
/**
* @param array $param 请求参数
* @return bool|array
* @throws Exception
*/
public function request($param, $method = 'POST')
{
$url = 'https://' . $this->Endpoint . '/';
$data = array(
'Format' => 'JSON',
'Version' => $this->Version,
'AccessKeyId' => $this->AccessKeyId,
'SignatureMethod' => 'HMAC-SHA1',
'Timestamp' => gmdate('Y-m-d\TH:i:s\Z'),
'SignatureVersion' => '1.0',
'SignatureNonce' => random(8)
);
$data = array_merge($data, $param);
$data['Signature'] = $this->aliyunSignature($data, $this->AccessKeySecret, $method);
if ($method == 'GET') {
$url .= '?' . http_build_query($data);
}
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
if ($method == 'POST') {
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
}
$response = curl_exec($ch);
$errno = curl_errno($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($errno) {
curl_close($ch);
throw new Exception('Curl error: ' . curl_error($ch));
}
curl_close($ch);
$arr = json_decode($response, true);
if ($httpCode == 200) {
return $arr;
} elseif ($arr) {
throw new Exception($arr['Message']);
} else {
throw new Exception('返回数据解析失败');
}
}
private function aliyunSignature($parameters, $accessKeySecret, $method)
{
ksort($parameters);
$canonicalizedQueryString = '';
foreach ($parameters as $key => $value) {
if ($value === null) continue;
$canonicalizedQueryString .= '&' . $this->percentEncode($key) . '=' . $this->percentEncode($value);
}
$stringToSign = $method . '&%2F&' . $this->percentEncode(substr($canonicalizedQueryString, 1));
$signature = base64_encode(hash_hmac("sha1", $stringToSign, $accessKeySecret . "&", true));
return $signature;
}
private function percentEncode($str)
{
$search = ['+', '*', '%7E'];
$replace = ['%20', '%2A', '~'];
return str_replace($search, $replace, urlencode($str));
}
}
<?php
namespace app\lib\client;
use Exception;
/**
* 阿里云
*/
class Aliyun
{
private $AccessKeyId;
private $AccessKeySecret;
private $Endpoint;
private $Version;
private $proxy = false;
public function __construct($AccessKeyId, $AccessKeySecret, $Endpoint, $Version, $proxy = false)
{
$this->AccessKeyId = $AccessKeyId;
$this->AccessKeySecret = $AccessKeySecret;
$this->Endpoint = $Endpoint;
$this->Version = $Version;
$this->proxy = $proxy;
}
/**
* @param array $param 请求参数
* @return bool|array
* @throws Exception
*/
public function request($param, $method = 'POST')
{
$url = 'https://' . $this->Endpoint . '/';
$data = array(
'Format' => 'JSON',
'Version' => $this->Version,
'AccessKeyId' => $this->AccessKeyId,
'SignatureMethod' => 'HMAC-SHA1',
'Timestamp' => gmdate('Y-m-d\TH:i:s\Z'),
'SignatureVersion' => '1.0',
'SignatureNonce' => random(8)
);
$data = array_merge($data, $param);
$data['Signature'] = $this->aliyunSignature($data, $this->AccessKeySecret, $method);
if ($method == 'GET') {
$url .= '?' . http_build_query($data);
}
$ch = curl_init($url);
if ($this->proxy) {
curl_set_proxy($ch);
}
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
if ($method == 'POST') {
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
}
$response = curl_exec($ch);
$errno = curl_errno($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($errno) {
$errmsg = curl_error($ch);
curl_close($ch);
throw new Exception('Curl error: ' . $errmsg);
}
curl_close($ch);
$arr = json_decode($response, true);
if ($httpCode == 200) {
return $arr;
} elseif ($arr) {
throw new Exception($arr['Message']);
} else {
throw new Exception('返回数据解析失败');
}
}
private function aliyunSignature($parameters, $accessKeySecret, $method)
{
ksort($parameters);
$canonicalizedQueryString = '';
foreach ($parameters as $key => $value) {
if ($value === null) continue;
$canonicalizedQueryString .= '&' . $this->percentEncode($key) . '=' . $this->percentEncode($value);
}
$stringToSign = $method . '&%2F&' . $this->percentEncode(substr($canonicalizedQueryString, 1));
$signature = base64_encode(hash_hmac("sha1", $stringToSign, $accessKeySecret . "&", true));
return $signature;
}
private function percentEncode($str)
{
$search = ['+', '*', '%7E'];
$replace = ['%20', '%2A', '~'];
return str_replace($search, $replace, urlencode($str));
}
}

357
app/lib/client/AliyunNew.php
View File

@@ -1,169 +1,188 @@
<?php
namespace app\lib\client;
use Exception;
/**
* 阿里云V3
*/
class AliyunNew
{
private $AccessKeyId;
private $AccessKeySecret;
private $Endpoint;
private $Version;
public function __construct($AccessKeyId, $AccessKeySecret, $Endpoint, $Version)
{
$this->AccessKeyId = $AccessKeyId;
$this->AccessKeySecret = $AccessKeySecret;
$this->Endpoint = $Endpoint;
$this->Version = $Version;
}
/**
* @param string $method 请求方法
* @param string $action 操作名称
* @param array|null $params 请求参数
* @return array
* @throws Exception
*/
public function request($method, $action, $path = '/', $params = null)
{
if (!empty($params)) {
$params = array_filter($params, function ($a) { return $a !== null;});
}
if($method == 'GET' || $method == 'DELETE'){
$query = $params;
$body = '';
}else{
$query = [];
$body = !empty($params) ? json_encode($params) : '';
}
$headers = [
'x-acs-action' => $action,
'x-acs-version' => $this->Version,
'x-acs-signature-nonce' => md5(uniqid(mt_rand(), true) . microtime()),
'x-acs-date' => gmdate('Y-m-d\TH:i:s\Z'),
'x-acs-content-sha256' => hash("sha256", $body),
'Host' => $this->Endpoint,
];
if ($body) {
$headers['Content-Type'] = 'application/json; charset=utf-8';
}
$authorization = $this->generateSign($method, $path, $query, $headers, $body);
$headers['Authorization'] = $authorization;
$url = 'https://'.$this->Endpoint.$path;
if (!empty($query)) {
$url .= '?'.http_build_query($query);
}
$header = [];
foreach ($headers as $key => $value) {
$header[] = $key.': '.$value;
}
return $this->curl($method, $url, $body, $header);
}
private function generateSign($method, $path, $query, $headers, $body)
{
$algorithm = "ACS3-HMAC-SHA256";
// step 1: build canonical request string
$httpRequestMethod = $method;
$canonicalUri = $path;
$canonicalQueryString = $this->getCanonicalQueryString($query);
[$canonicalHeaders, $signedHeaders] = $this->getCanonicalHeaders($headers);
$hashedRequestPayload = hash("sha256", $body);
$canonicalRequest = $httpRequestMethod."\n"
.$canonicalUri."\n"
.$canonicalQueryString."\n"
.$canonicalHeaders."\n"
.$signedHeaders."\n"
.$hashedRequestPayload;
// step 2: build string to sign
$hashedCanonicalRequest = hash("sha256", $canonicalRequest);
$stringToSign = $algorithm."\n"
.$hashedCanonicalRequest;
// step 3: sign string
$signature = hash_hmac("sha256", $stringToSign, $this->AccessKeySecret);
// step 4: build authorization
$authorization = $algorithm . ' Credential=' . $this->AccessKeyId . ',SignedHeaders=' . $signedHeaders . ',Signature=' . $signature;
return $authorization;
}
private function escape($str)
{
$search = ['+', '*', '%7E'];
$replace = ['%20', '%2A', '~'];
return str_replace($search, $replace, urlencode($str));
}
private function getCanonicalQueryString($parameters)
{
if (empty($parameters)) return '';
ksort($parameters);
$canonicalQueryString = '';
foreach ($parameters as $key => $value) {
$canonicalQueryString .= '&' . $this->escape($key). '=' . $this->escape($value);
}
return substr($canonicalQueryString, 1);
}
private function getCanonicalHeaders($oldheaders)
{
$headers = array();
foreach ($oldheaders as $key => $value) {
$headers[strtolower($key)] = trim($value);
}
ksort($headers);
$canonicalHeaders = '';
$signedHeaders = '';
foreach ($headers as $key => $value) {
$canonicalHeaders .= $key . ':' . $value . "\n";
$signedHeaders .= $key . ';';
}
$signedHeaders = substr($signedHeaders, 0, -1);
return [$canonicalHeaders, $signedHeaders];
}
private function curl($method, $url, $body, $header)
{
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
if (!empty($body)) {
curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
}
$response = curl_exec($ch);
$errno = curl_errno($ch);
if ($errno) {
curl_close($ch);
throw new Exception('Curl error: ' . curl_error($ch));
}
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
$arr = json_decode($response, true);
if ($httpCode == 200) {
return $arr;
} elseif ($arr) {
if(strpos($arr['Message'], '.') > 0) $arr['Message'] = substr($arr['Message'], 0, strpos($arr['Message'], '.')+1);
throw new Exception($arr['Message']);
} else {
throw new Exception('返回数据解析失败');
}
}
}
<?php
namespace app\lib\client;
use Exception;
/**
* 阿里云V3
*/
class AliyunNew
{
private $AccessKeyId;
private $AccessKeySecret;
private $Endpoint;
private $Version;
private $proxy = false;
public function __construct($AccessKeyId, $AccessKeySecret, $Endpoint, $Version, $proxy = false)
{
$this->AccessKeyId = $AccessKeyId;
$this->AccessKeySecret = $AccessKeySecret;
$this->Endpoint = $Endpoint;
$this->Version = $Version;
$this->proxy = $proxy;
}
/**
* @param string $method 请求方法
* @param string $action 操作名称
* @param array|null $params 请求参数
* @return array
* @throws Exception
*/
public function request($method, $action, $path = '/', $params = null)
{
if (!empty($params)) {
$params = array_filter($params, function ($a) {
return $a !== null;
});
}
if ($method == 'GET' || $method == 'DELETE') {
$query = $params;
$body = '';
} else {
$query = [];
$body = !empty($params) ? json_encode($params) : '';
}
$headers = [
'x-acs-action' => $action,
'x-acs-version' => $this->Version,
'x-acs-signature-nonce' => md5(uniqid(mt_rand(), true) . microtime()),
'x-acs-date' => gmdate('Y-m-d\TH:i:s\Z'),
'x-acs-content-sha256' => hash("sha256", $body),
'Host' => $this->Endpoint,
];
if ($body) {
$headers['Content-Type'] = 'application/json; charset=utf-8';
}
$authorization = $this->generateSign($method, $path, $query, $headers, $body);
$headers['Authorization'] = $authorization;
$url = 'https://' . $this->Endpoint . $path;
if (!empty($query)) {
$url .= '?' . http_build_query($query);
}
$header = [];
foreach ($headers as $key => $value) {
$header[] = $key . ': ' . $value;
}
return $this->curl($method, $url, $body, $header);
}
private function generateSign($method, $path, $query, $headers, $body)
{
$algorithm = "ACS3-HMAC-SHA256";
// step 1: build canonical request string
$httpRequestMethod = $method;
$canonicalUri = $this->getCanonicalURI($path);
$canonicalQueryString = $this->getCanonicalQueryString($query);
[$canonicalHeaders, $signedHeaders] = $this->getCanonicalHeaders($headers);
$hashedRequestPayload = hash("sha256", $body);
$canonicalRequest = $httpRequestMethod . "\n"
. $canonicalUri . "\n"
. $canonicalQueryString . "\n"
. $canonicalHeaders . "\n"
. $signedHeaders . "\n"
. $hashedRequestPayload;
// step 2: build string to sign
$hashedCanonicalRequest = hash("sha256", $canonicalRequest);
$stringToSign = $algorithm . "\n"
. $hashedCanonicalRequest;
// step 3: sign string
$signature = hash_hmac("sha256", $stringToSign, $this->AccessKeySecret);
// step 4: build authorization
$authorization = $algorithm . ' Credential=' . $this->AccessKeyId . ',SignedHeaders=' . $signedHeaders . ',Signature=' . $signature;
return $authorization;
}
private function escape($str)
{
$search = ['+', '*', '%7E'];
$replace = ['%20', '%2A', '~'];
return str_replace($search, $replace, urlencode($str));
}
private function getCanonicalURI($path)
{
if (empty($path)) return '/';
$pattens = explode('/', $path);
$pattens = array_map(function ($item) {
return $this->escape($item);
}, $pattens);
$canonicalURI = implode('/', $pattens);
return $canonicalURI;
}
private function getCanonicalQueryString($parameters)
{
if (empty($parameters)) return '';
ksort($parameters);
$canonicalQueryString = '';
foreach ($parameters as $key => $value) {
$canonicalQueryString .= '&' . $this->escape($key) . '=' . $this->escape($value);
}
return substr($canonicalQueryString, 1);
}
private function getCanonicalHeaders($oldheaders)
{
$headers = array();
foreach ($oldheaders as $key => $value) {
$headers[strtolower($key)] = trim($value);
}
ksort($headers);
$canonicalHeaders = '';
$signedHeaders = '';
foreach ($headers as $key => $value) {
$canonicalHeaders .= $key . ':' . $value . "\n";
$signedHeaders .= $key . ';';
}
$signedHeaders = substr($signedHeaders, 0, -1);
return [$canonicalHeaders, $signedHeaders];
}
private function curl($method, $url, $body, $header)
{
$ch = curl_init($url);
if ($this->proxy) {
curl_set_proxy($ch);
}
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
if (!empty($body)) {
curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
}
$response = curl_exec($ch);
$errno = curl_errno($ch);
if ($errno) {
$errmsg = curl_error($ch);
curl_close($ch);
throw new Exception('Curl error: ' . $errmsg);
}
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
$arr = json_decode($response, true);
if ($httpCode == 200) {
return $arr;
} elseif ($arr) {
if (strpos($arr['Message'], '.') > 0) $arr['Message'] = substr($arr['Message'], 0, strpos($arr['Message'], '.') + 1);
throw new Exception($arr['Message']);
} else {
throw new Exception('返回数据解析失败');
}
}
}

526
app/lib/client/AliyunOss.php → app/lib/client/AliyunOSS.php
View File

@@ -1,261 +1,267 @@
<?php
namespace app\lib\client;
use Exception;
class AliyunOSS
{
private $AccessKeyId;
private $AccessKeySecret;
private $Endpoint;
public function __construct($AccessKeyId, $AccessKeySecret, $Endpoint)
{
$this->AccessKeyId = $AccessKeyId;
$this->AccessKeySecret = $AccessKeySecret;
$this->Endpoint = $Endpoint;
}
public function addBucketCnameCert($bucket, $domain, $cert_id)
{
$strXml = <<<EOF
<?xml version="1.0" encoding="utf-8"?>
<BucketCnameConfiguration>
</BucketCnameConfiguration>
EOF;
$xml = new \SimpleXMLElement($strXml);
$node = $xml->addChild('Cname');
$node->addChild('Domain', $domain);
$certNode = $node->addChild('CertificateConfiguration');
$certNode->addChild('CertId', $cert_id);
$certNode->addChild('Force', 'true');
$body = $xml->asXML();
$options = [
'bucket' => $bucket,
'key' => '',
];
$query = [
'cname' => '',
'comp' => 'add'
];
return $this->request('POST', '/', $query, $body, $options);
}
public function deleteBucketCnameCert($bucket, $domain)
{
$strXml = <<<EOF
<?xml version="1.0" encoding="utf-8"?>
<BucketCnameConfiguration>
</BucketCnameConfiguration>
EOF;
$xml = new \SimpleXMLElement($strXml);
$node = $xml->addChild('Cname');
$node->addChild('Domain', $domain);
$certNode = $node->addChild('CertificateConfiguration');
$certNode->addChild('DeleteCertificate', 'true');
$body = $xml->asXML();
$options = [
'bucket' => $bucket,
'key' => '',
];
$query = [
'cname' => '',
'comp' => 'add'
];
return $this->request('POST', '/', $query, $body, $options);
}
public function getBucketCname($bucket)
{
$options = [
'bucket' => $bucket,
'key' => '',
];
$query = [
'cname' => '',
];
return $this->request('GET', '/', $query, null, $options);
}
private function request($method, $path, $query, $body, $options)
{
$hostname = $options['bucket'] . '.' . $this->Endpoint;
$query_string = $this->toQueryString($query);
$query_string = empty($query_string) ? '' : '?' . $query_string;
$requestUrl = 'https://' . $hostname . $path . $query_string;
$headers = [
'Content-Type' => 'application/xml',
'Date' => gmdate('D, d M Y H:i:s \G\M\T'),
];
$headers['Authorization'] = $this->getAuthorization($method, $path, $query, $headers, $options);
$header = [];
foreach ($headers as $key => $value) {
$header[] = $key . ': ' . $value;
}
return $this->curl($method, $requestUrl, $body, $header);
}
private function curl($method, $url, $body, $header)
{
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
if (!empty($body)) {
curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
}
$response = curl_exec($ch);
$errno = curl_errno($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($errno) {
curl_close($ch);
throw new Exception('Curl error: ' . curl_error($ch));
}
curl_close($ch);
if ($httpCode >= 200 && $httpCode < 300) {
if (empty($response)) return true;
return $this->xml2array($response);
}
$arr = $this->xml2array($response);
if (isset($arr['Message'])) {
throw new Exception($arr['Message']);
} else {
throw new Exception('HTTP Code: ' . $httpCode);
}
}
private function toQueryString($params = array())
{
$temp = array();
uksort($params, 'strnatcasecmp');
foreach ($params as $key => $value) {
if (is_string($key) && !is_array($value)) {
if (strlen($value) > 0) {
$temp[] = rawurlencode($key) . '=' . rawurlencode($value);
} else {
$temp[] = rawurlencode($key);
}
}
}
return implode('&', $temp);
}
private function xml2array($xml)
{
if (!$xml) {
return false;
}
LIBXML_VERSION < 20900 && libxml_disable_entity_loader(true);
return json_decode(json_encode(simplexml_load_string($xml, 'SimpleXMLElement', LIBXML_NOCDATA), JSON_UNESCAPED_UNICODE), true);
}
private function getAuthorization($method, $url, $query, $headers, $options)
{
$method = strtoupper($method);
$date = $headers['Date'];
$resourcePath = $this->getResourcePath($options);
$stringToSign = $this->calcStringToSign($method, $date, $headers, $resourcePath, $query);
$signature = base64_encode(hash_hmac('sha1', $stringToSign, $this->AccessKeySecret, true));
return 'OSS ' . $this->AccessKeyId . ':' . $signature;
}
private function getResourcePath(array $options)
{
$resourcePath = '/';
if (strlen($options['bucket']) > 0) {
$resourcePath .= $options['bucket'] . '/';
}
if (strlen($options['key']) > 0) {
$resourcePath .= $options['key'];
}
return $resourcePath;
}
private function calcStringToSign($method, $date, array $headers, $resourcePath, array $query)
{
/*
SignToString =
VERB + "\n"
+ Content-MD5 + "\n"
+ Content-Type + "\n"
+ Date + "\n"
+ CanonicalizedOSSHeaders
+ CanonicalizedResource
Signature = base64(hmac-sha1(AccessKeySecret, SignToString))
*/
$contentMd5 = '';
$contentType = '';
// CanonicalizedOSSHeaders
$signheaders = array();
foreach ($headers as $key => $value) {
$lowk = strtolower($key);
if (strncmp($lowk, "x-oss-", 6) == 0) {
$signheaders[$lowk] = $value;
} else if ($lowk === 'content-md5') {
$contentMd5 = $value;
} else if ($lowk === 'content-type') {
$contentType = $value;
}
}
ksort($signheaders);
$canonicalizedOSSHeaders = '';
foreach ($signheaders as $key => $value) {
$canonicalizedOSSHeaders .= $key . ':' . $value . "\n";
}
// CanonicalizedResource
$signquery = array();
foreach ($query as $key => $value) {
if (in_array($key, $this->signKeyList)) {
$signquery[$key] = $value;
}
}
ksort($signquery);
$sortedQueryList = array();
foreach ($signquery as $key => $value) {
if (strlen($value) > 0) {
$sortedQueryList[] = $key . '=' . $value;
} else {
$sortedQueryList[] = $key;
}
}
$queryStringSorted = implode('&', $sortedQueryList);
$canonicalizedResource = $resourcePath;
if (!empty($queryStringSorted)) {
$canonicalizedResource .= '?' . $queryStringSorted;
}
return $method . "\n" . $contentMd5 . "\n" . $contentType . "\n" . $date . "\n" . $canonicalizedOSSHeaders . $canonicalizedResource;
}
private $signKeyList = array(
"acl", "uploads", "location", "cors",
"logging", "website", "referer", "lifecycle",
"delete", "append", "tagging", "objectMeta",
"uploadId", "partNumber", "security-token", "x-oss-security-token",
"position", "img", "style", "styleName",
"replication", "replicationProgress",
"replicationLocation", "cname", "bucketInfo",
"comp", "qos", "live", "status", "vod",
"startTime", "endTime", "symlink",
"x-oss-process", "response-content-type", "x-oss-traffic-limit",
"response-content-language", "response-expires",
"response-cache-control", "response-content-disposition",
"response-content-encoding", "udf", "udfName", "udfImage",
"udfId", "udfImageDesc", "udfApplication",
"udfApplicationLog", "restore", "callback", "callback-var", "qosInfo",
"policy", "stat", "encryption", "versions", "versioning", "versionId", "requestPayment",
"x-oss-request-payer", "sequential",
"inventory", "inventoryId", "continuation-token", "asyncFetch",
"worm", "wormId", "wormExtend", "withHashContext",
"x-oss-enable-md5", "x-oss-enable-sha1", "x-oss-enable-sha256",
"x-oss-hash-ctx", "x-oss-md5-ctx", "transferAcceleration",
"regionList", "cloudboxes", "x-oss-ac-source-ip", "x-oss-ac-subnet-mask", "x-oss-ac-vpc-id", "x-oss-ac-forward-allow",
"metaQuery", "resourceGroup", "rtc", "x-oss-async-process", "responseHeader"
);
<?php
namespace app\lib\client;
use Exception;
class AliyunOSS
{
private $AccessKeyId;
private $AccessKeySecret;
private $Endpoint;
private $proxy = false;
public function __construct($AccessKeyId, $AccessKeySecret, $Endpoint, $proxy = false)
{
$this->AccessKeyId = $AccessKeyId;
$this->AccessKeySecret = $AccessKeySecret;
$this->Endpoint = $Endpoint;
$this->proxy = $proxy;
}
public function addBucketCnameCert($bucket, $domain, $cert_id)
{
$strXml = <<<EOF
<?xml version="1.0" encoding="utf-8"?>
<BucketCnameConfiguration>
</BucketCnameConfiguration>
EOF;
$xml = new \SimpleXMLElement($strXml);
$node = $xml->addChild('Cname');
$node->addChild('Domain', $domain);
$certNode = $node->addChild('CertificateConfiguration');
$certNode->addChild('CertId', $cert_id);
$certNode->addChild('Force', 'true');
$body = $xml->asXML();
$options = [
'bucket' => $bucket,
'key' => '',
];
$query = [
'cname' => '',
'comp' => 'add'
];
return $this->request('POST', '/', $query, $body, $options);
}
public function deleteBucketCnameCert($bucket, $domain)
{
$strXml = <<<EOF
<?xml version="1.0" encoding="utf-8"?>
<BucketCnameConfiguration>
</BucketCnameConfiguration>
EOF;
$xml = new \SimpleXMLElement($strXml);
$node = $xml->addChild('Cname');
$node->addChild('Domain', $domain);
$certNode = $node->addChild('CertificateConfiguration');
$certNode->addChild('DeleteCertificate', 'true');
$body = $xml->asXML();
$options = [
'bucket' => $bucket,
'key' => '',
];
$query = [
'cname' => '',
'comp' => 'add'
];
return $this->request('POST', '/', $query, $body, $options);
}
public function getBucketCname($bucket)
{
$options = [
'bucket' => $bucket,
'key' => '',
];
$query = [
'cname' => '',
];
return $this->request('GET', '/', $query, null, $options);
}
private function request($method, $path, $query, $body, $options)
{
$hostname = $options['bucket'] . '.' . $this->Endpoint;
$query_string = $this->toQueryString($query);
$query_string = empty($query_string) ? '' : '?' . $query_string;
$requestUrl = 'https://' . $hostname . $path . $query_string;
$headers = [
'Content-Type' => 'application/xml',
'Date' => gmdate('D, d M Y H:i:s \G\M\T'),
];
$headers['Authorization'] = $this->getAuthorization($method, $path, $query, $headers, $options);
$header = [];
foreach ($headers as $key => $value) {
$header[] = $key . ': ' . $value;
}
return $this->curl($method, $requestUrl, $body, $header);
}
private function curl($method, $url, $body, $header)
{
$ch = curl_init($url);
if ($this->proxy) {
curl_set_proxy($ch);
}
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
if (!empty($body)) {
curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
}
$response = curl_exec($ch);
$errno = curl_errno($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($errno) {
$errmsg = curl_error($ch);
curl_close($ch);
throw new Exception('Curl error: ' . $errmsg);
}
curl_close($ch);
if ($httpCode >= 200 && $httpCode < 300) {
if (empty($response)) return true;
return $this->xml2array($response);
}
$arr = $this->xml2array($response);
if (isset($arr['Message'])) {
throw new Exception($arr['Message']);
} else {
throw new Exception('HTTP Code: ' . $httpCode);
}
}
private function toQueryString($params = array())
{
$temp = array();
uksort($params, 'strnatcasecmp');
foreach ($params as $key => $value) {
if (is_string($key) && !is_array($value)) {
if (strlen($value) > 0) {
$temp[] = rawurlencode($key) . '=' . rawurlencode($value);
} else {
$temp[] = rawurlencode($key);
}
}
}
return implode('&', $temp);
}
private function xml2array($xml)
{
if (!$xml) {
return false;
}
LIBXML_VERSION < 20900 && libxml_disable_entity_loader(true);
return json_decode(json_encode(simplexml_load_string($xml, 'SimpleXMLElement', LIBXML_NOCDATA), JSON_UNESCAPED_UNICODE), true);
}
private function getAuthorization($method, $url, $query, $headers, $options)
{
$method = strtoupper($method);
$date = $headers['Date'];
$resourcePath = $this->getResourcePath($options);
$stringToSign = $this->calcStringToSign($method, $date, $headers, $resourcePath, $query);
$signature = base64_encode(hash_hmac('sha1', $stringToSign, $this->AccessKeySecret, true));
return 'OSS ' . $this->AccessKeyId . ':' . $signature;
}
private function getResourcePath(array $options)
{
$resourcePath = '/';
if (strlen($options['bucket']) > 0) {
$resourcePath .= $options['bucket'] . '/';
}
if (strlen($options['key']) > 0) {
$resourcePath .= $options['key'];
}
return $resourcePath;
}
private function calcStringToSign($method, $date, array $headers, $resourcePath, array $query)
{
/*
SignToString =
VERB + "\n"
+ Content-MD5 + "\n"
+ Content-Type + "\n"
+ Date + "\n"
+ CanonicalizedOSSHeaders
+ CanonicalizedResource
Signature = base64(hmac-sha1(AccessKeySecret, SignToString))
*/
$contentMd5 = '';
$contentType = '';
// CanonicalizedOSSHeaders
$signheaders = array();
foreach ($headers as $key => $value) {
$lowk = strtolower($key);
if (strncmp($lowk, "x-oss-", 6) == 0) {
$signheaders[$lowk] = $value;
} else if ($lowk === 'content-md5') {
$contentMd5 = $value;
} else if ($lowk === 'content-type') {
$contentType = $value;
}
}
ksort($signheaders);
$canonicalizedOSSHeaders = '';
foreach ($signheaders as $key => $value) {
$canonicalizedOSSHeaders .= $key . ':' . $value . "\n";
}
// CanonicalizedResource
$signquery = array();
foreach ($query as $key => $value) {
if (in_array($key, $this->signKeyList)) {
$signquery[$key] = $value;
}
}
ksort($signquery);
$sortedQueryList = array();
foreach ($signquery as $key => $value) {
if (strlen($value) > 0) {
$sortedQueryList[] = $key . '=' . $value;
} else {
$sortedQueryList[] = $key;
}
}
$queryStringSorted = implode('&', $sortedQueryList);
$canonicalizedResource = $resourcePath;
if (!empty($queryStringSorted)) {
$canonicalizedResource .= '?' . $queryStringSorted;
}
return $method . "\n" . $contentMd5 . "\n" . $contentType . "\n" . $date . "\n" . $canonicalizedOSSHeaders . $canonicalizedResource;
}
private $signKeyList = array(
"acl", "uploads", "location", "cors",
"logging", "website", "referer", "lifecycle",
"delete", "append", "tagging", "objectMeta",
"uploadId", "partNumber", "security-token", "x-oss-security-token",
"position", "img", "style", "styleName",
"replication", "replicationProgress",
"replicationLocation", "cname", "bucketInfo",
"comp", "qos", "live", "status", "vod",
"startTime", "endTime", "symlink",
"x-oss-process", "response-content-type", "x-oss-traffic-limit",
"response-content-language", "response-expires",
"response-cache-control", "response-content-disposition",
"response-content-encoding", "udf", "udfName", "udfImage",
"udfId", "udfImageDesc", "udfApplication",
"udfApplicationLog", "restore", "callback", "callback-var", "qosInfo",
"policy", "stat", "encryption", "versions", "versioning", "versionId", "requestPayment",
"x-oss-request-payer", "sequential",
"inventory", "inventoryId", "continuation-token", "asyncFetch",
"worm", "wormId", "wormExtend", "withHashContext",
"x-oss-enable-md5", "x-oss-enable-sha1", "x-oss-enable-sha256",
"x-oss-hash-ctx", "x-oss-md5-ctx", "transferAcceleration",
"regionList", "cloudboxes", "x-oss-ac-source-ip", "x-oss-ac-subnet-mask", "x-oss-ac-vpc-id", "x-oss-ac-forward-allow",
"metaQuery", "resourceGroup", "rtc", "x-oss-async-process", "responseHeader"
);
}

354
app/lib/client/BaiduCloud.php
View File

@@ -1,175 +1,181 @@
<?php
namespace app\lib\client;
use Exception;
/**
* 百度云
*/
class BaiduCloud
{
private $AccessKeyId;
private $SecretAccessKey;
private $endpoint;
public function __construct($AccessKeyId, $SecretAccessKey, $endpoint)
{
$this->AccessKeyId = $AccessKeyId;
$this->SecretAccessKey = $SecretAccessKey;
$this->endpoint = $endpoint;
}
/**
* @param string $method 请求方法
* @param string $path 请求路径
* @param array|null $query 请求参数
* @param array|null $params 请求
* @return array
* @throws Exception
*/
public function request($method, $path, $query = null, $params = null)
{
if (!empty($query)) {
$query = array_filter($query, function ($a) { return $a !== null;});
}
if (!empty($params)) {
$params = array_filter($params, function ($a) { return $a !== null;});
}
$time = time();
$date = gmdate("Y-m-d\TH:i:s\Z", $time);
$body = !empty($params) ? json_encode($params) : '';
$headers = [
'Host' => $this->endpoint,
'x-bce-date' => $date,
];
if ($body) {
$headers['Content-Type'] = 'application/json';
}
$authorization = $this->generateSign($method, $path, $query, $headers, $time);
$headers['Authorization'] = $authorization;
$url = 'https://'.$this->endpoint.$path;
if (!empty($query)) {
$url .= '?'.http_build_query($query);
}
$header = [];
foreach ($headers as $key => $value) {
$header[] = $key.': '.$value;
}
return $this->curl($method, $url, $body, $header);
}
private function generateSign($method, $path, $query, $headers, $time)
{
$algorithm = "bce-auth-v1";
// step 1: build canonical request string
$httpRequestMethod = $method;
$canonicalUri = $this->getCanonicalUri($path);
$canonicalQueryString = $this->getCanonicalQueryString($query);
[$canonicalHeaders, $signedHeaders] = $this->getCanonicalHeaders($headers);
$canonicalRequest = $httpRequestMethod."\n"
.$canonicalUri."\n"
.$canonicalQueryString."\n"
.$canonicalHeaders;
// step 2: calculate signing key
$date = gmdate("Y-m-d\TH:i:s\Z", $time);
$expirationInSeconds = 1800;
$authString = $algorithm . '/' . $this->AccessKeyId . '/' . $date . '/' . $expirationInSeconds;
$signingKey = hash_hmac('sha256', $authString, $this->SecretAccessKey);
// step 3: sign string
$signature = hash_hmac("sha256", $canonicalRequest, $signingKey);
// step 4: build authorization
$authorization = $authString . '/' . $signedHeaders . "/" . $signature;
return $authorization;
}
private function escape($str)
{
$search = ['+', '*', '%7E'];
$replace = ['%20', '%2A', '~'];
return str_replace($search, $replace, urlencode($str));
}
private function getCanonicalUri($path)
{
if (empty($path)) return '/';
$uri = str_replace('%2F', '/', $this->escape($path));
if (substr($uri, 0, 1) !== '/') $uri = '/' . $uri;
return $uri;
}
private function getCanonicalQueryString($parameters)
{
if (empty($parameters)) return '';
ksort($parameters);
$canonicalQueryString = '';
foreach ($parameters as $key => $value) {
if ($key == 'authorization') continue;
$canonicalQueryString .= '&' . $this->escape($key) . '=' . $this->escape($value);
}
return substr($canonicalQueryString, 1);
}
private function getCanonicalHeaders($oldheaders)
{
$headers = array();
foreach ($oldheaders as $key => $value) {
$headers[strtolower($key)] = trim($value);
}
ksort($headers);
$canonicalHeaders = '';
$signedHeaders = '';
foreach ($headers as $key => $value) {
$canonicalHeaders .= $this->escape($key) . ':' . $this->escape($value) . "\n";
$signedHeaders .= $key . ';';
}
$canonicalHeaders = substr($canonicalHeaders, 0, -1);
$signedHeaders = substr($signedHeaders, 0, -1);
return [$canonicalHeaders, $signedHeaders];
}
private function curl($method, $url, $body, $header)
{
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
if (!empty($body)) {
curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
}
$response = curl_exec($ch);
$errno = curl_errno($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($errno) {
curl_close($ch);
throw new Exception('Curl error: ' . curl_error($ch));
}
curl_close($ch);
if (empty($response) && $httpCode == 200) {
return true;
}
$arr = json_decode($response, true);
if ($arr) {
if (isset($arr['code']) && isset($arr['message'])) {
throw new Exception($arr['message']);
} else {
return $arr;
}
} else {
throw new Exception('返回数据解析失败');
}
}
<?php
namespace app\lib\client;
use Exception;
/**
* 百度云
*/
class BaiduCloud
{
private $AccessKeyId;
private $SecretAccessKey;
private $endpoint;
private $proxy = false;
public function __construct($AccessKeyId, $SecretAccessKey, $endpoint, $proxy = false)
{
$this->AccessKeyId = $AccessKeyId;
$this->SecretAccessKey = $SecretAccessKey;
$this->endpoint = $endpoint;
$this->proxy = $proxy;
}
/**
* @param string $method 请求方法
* @param string $path 请求路径
* @param array|null $query 请求参数
* @param array|null $params 请求体
* @return array
* @throws Exception
*/
public function request($method, $path, $query = null, $params = null)
{
if (!empty($query)) {
$query = array_filter($query, function ($a) { return $a !== null;});
}
if (!empty($params)) {
$params = array_filter($params, function ($a) { return $a !== null;});
}
$time = time();
$date = gmdate("Y-m-d\TH:i:s\Z", $time);
$body = !empty($params) ? json_encode($params) : '';
$headers = [
'Host' => $this->endpoint,
'x-bce-date' => $date,
];
if ($body) {
$headers['Content-Type'] = 'application/json';
}
$authorization = $this->generateSign($method, $path, $query, $headers, $time);
$headers['Authorization'] = $authorization;
$url = 'https://'.$this->endpoint.$path;
if (!empty($query)) {
$url .= '?'.http_build_query($query);
}
$header = [];
foreach ($headers as $key => $value) {
$header[] = $key.': '.$value;
}
return $this->curl($method, $url, $body, $header);
}
private function generateSign($method, $path, $query, $headers, $time)
{
$algorithm = "bce-auth-v1";
// step 1: build canonical request string
$httpRequestMethod = $method;
$canonicalUri = $this->getCanonicalUri($path);
$canonicalQueryString = $this->getCanonicalQueryString($query);
[$canonicalHeaders, $signedHeaders] = $this->getCanonicalHeaders($headers);
$canonicalRequest = $httpRequestMethod."\n"
.$canonicalUri."\n"
.$canonicalQueryString."\n"
.$canonicalHeaders;
// step 2: calculate signing key
$date = gmdate("Y-m-d\TH:i:s\Z", $time);
$expirationInSeconds = 1800;
$authString = $algorithm . '/' . $this->AccessKeyId . '/' . $date . '/' . $expirationInSeconds;
$signingKey = hash_hmac('sha256', $authString, $this->SecretAccessKey);
// step 3: sign string
$signature = hash_hmac("sha256", $canonicalRequest, $signingKey);
// step 4: build authorization
$authorization = $authString . '/' . $signedHeaders . "/" . $signature;
return $authorization;
}
private function escape($str)
{
$search = ['+', '*', '%7E'];
$replace = ['%20', '%2A', '~'];
return str_replace($search, $replace, urlencode($str));
}
private function getCanonicalUri($path)
{
if (empty($path)) return '/';
$uri = str_replace('%2F', '/', $this->escape($path));
if (substr($uri, 0, 1) !== '/') $uri = '/' . $uri;
return $uri;
}
private function getCanonicalQueryString($parameters)
{
if (empty($parameters)) return '';
ksort($parameters);
$canonicalQueryString = '';
foreach ($parameters as $key => $value) {
if ($key == 'authorization') continue;
$canonicalQueryString .= '&' . $this->escape($key) . '=' . $this->escape($value);
}
return substr($canonicalQueryString, 1);
}
private function getCanonicalHeaders($oldheaders)
{
$headers = array();
foreach ($oldheaders as $key => $value) {
$headers[strtolower($key)] = trim($value);
}
ksort($headers);
$canonicalHeaders = '';
$signedHeaders = '';
foreach ($headers as $key => $value) {
$canonicalHeaders .= $this->escape($key) . ':' . $this->escape($value) . "\n";
$signedHeaders .= $key . ';';
}
$canonicalHeaders = substr($canonicalHeaders, 0, -1);
$signedHeaders = substr($signedHeaders, 0, -1);
return [$canonicalHeaders, $signedHeaders];
}
private function curl($method, $url, $body, $header)
{
$ch = curl_init($url);
if ($this->proxy) {
curl_set_proxy($ch);
}
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
if (!empty($body)) {
curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
}
$response = curl_exec($ch);
$errno = curl_errno($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($errno) {
$errmsg = curl_error($ch);
curl_close($ch);
throw new Exception('Curl error: ' . $errmsg);
}
curl_close($ch);
if (empty($response) && $httpCode == 200) {
return true;
}
$arr = json_decode($response, true);
if ($arr) {
if (isset($arr['code']) && isset($arr['message'])) {
throw new Exception($arr['message']);
} else {
return $arr;
}
} else {
throw new Exception('返回数据解析失败');
}
}
}

169
app/lib/client/Ctyun.php Normal file
View File

@@ -0,0 +1,169 @@
<?php
namespace app\lib\client;
use Exception;
/**
* 天翼云
*/
class Ctyun
{
private $AccessKeyId;
private $SecretAccessKey;
private $endpoint;
private $proxy = false;
public function __construct($AccessKeyId, $SecretAccessKey, $endpoint, $proxy = false)
{
$this->AccessKeyId = $AccessKeyId;
$this->SecretAccessKey = $SecretAccessKey;
$this->endpoint = $endpoint;
$this->proxy = $proxy;
}
/**
* @param string $method 请求方法
* @param string $path 请求路径
* @param array|null $query 请求参数
* @param array|null $params 请求体
* @return array
* @throws Exception
*/
public function request($method, $path, $query = null, $params = null, $header = null)
{
if (!empty($query)) {
$query = array_filter($query, function ($a) { return $a !== null;});
}
if (!empty($params)) {
$params = array_filter($params, function ($a) { return $a !== null;});
}
$time = time();
$date = date("Ymd\THis\Z", $time);
$body = !empty($params) ? json_encode($params) : '';
$headers = [
'Host' => $this->endpoint,
'Eop-date' => $date,
'ctyun-eop-request-id' => getSid(),
];
if ($body) {
$headers['Content-Type'] = 'application/json';
}
if (!empty($header)) {
foreach ($header as $key => $value) {
$headers[$key] = $value;
}
}
$authorization = $this->generateSign($query, $headers, $body, $date);
$headers['Eop-Authorization'] = $authorization;
$url = 'https://' . $this->endpoint . $path;
if (!empty($query)) {
$url .= '?' . http_build_query($query);
}
$header = [];
foreach ($headers as $key => $value) {
$header[] = $key . ': ' . $value;
}
return $this->curl($method, $url, $body, $header);
}
private function generateSign($query, $headers, $body, $date)
{
// step 1: build canonical request string
$canonicalQueryString = $this->getCanonicalQueryString($query);
[$canonicalHeaders, $signedHeaders] = $this->getCanonicalHeaders($headers);
$hashedRequestPayload = hash("sha256", $body);
// step 2: build string to sign
$stringToSign = $canonicalHeaders . "\n"
. $canonicalQueryString . "\n"
. $hashedRequestPayload;
// step 3: sign string
$ktime = hash_hmac("sha256", $date, $this->SecretAccessKey, true);
$kAk = hash_hmac("sha256", $this->AccessKeyId, $ktime, true);
$kdate = hash_hmac("sha256", substr($date, 0, 8), $kAk, true);
$signature = hash_hmac("sha256", $stringToSign, $kdate, true);
$signature = base64_encode($signature);
// step 4: build authorization
$authorization = $this->AccessKeyId . " Headers=" . $signedHeaders . " Signature=" . $signature;
return $authorization;
}
private function escape($str)
{
$search = ['+', '*', '%7E'];
$replace = ['%20', '%2A', '~'];
return str_replace($search, $replace, urlencode($str));
}
private function getCanonicalQueryString($parameters)
{
if (empty($parameters)) return '';
ksort($parameters);
$canonicalQueryString = '';
foreach ($parameters as $key => $value) {
$canonicalQueryString .= '&' . $this->escape($key) . '=' . $this->escape($value);
}
return substr($canonicalQueryString, 1);
}
private function getCanonicalHeaders($oldheaders)
{
$headers = array();
foreach ($oldheaders as $key => $value) {
$headers[strtolower($key)] = trim($value);
}
ksort($headers);
$canonicalHeaders = '';
$signedHeaders = '';
foreach ($headers as $key => $value) {
$canonicalHeaders .= $key . ':' . $value . "\n";
$signedHeaders .= $key . ';';
}
$signedHeaders = substr($signedHeaders, 0, -1);
return [$canonicalHeaders, $signedHeaders];
}
private function curl($method, $url, $body, $header)
{
$ch = curl_init($url);
if ($this->proxy) {
curl_set_proxy($ch);
}
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
if (!empty($body)) {
curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
}
$response = curl_exec($ch);
$errno = curl_errno($ch);
if ($errno) {
$errmsg = curl_error($ch);
curl_close($ch);
throw new Exception('Curl error: ' . $errmsg);
}
curl_close($ch);
$arr = json_decode($response, true);
if (isset($arr['statusCode']) && ($arr['statusCode'] == 100000 || $arr['statusCode'] == 0 && $this->endpoint == 'cf-global.ctapi.ctyun.cn')) {
return isset($arr['returnObj']) ? $arr['returnObj'] : true;
} elseif (isset($arr['errorMessage'])) {
throw new Exception($arr['errorMessage']);
} elseif (isset($arr['message'])) {
throw new Exception($arr['message']);
} else {
throw new Exception('返回数据解析失败');
}
}
}

367
app/lib/client/HuaweiCloud.php
View File

@@ -1,175 +1,192 @@
<?php
namespace app\lib\client;
use Exception;
/**
* 华为云
*/
class HuaweiCloud
{
private $AccessKeyId;
private $SecretAccessKey;
private $endpoint;
public function __construct($AccessKeyId, $SecretAccessKey, $endpoint)
{
$this->AccessKeyId = $AccessKeyId;
$this->SecretAccessKey = $SecretAccessKey;
$this->endpoint = $endpoint;
}
/**
* @param string $method 请求方法
* @param string $path 请求路径
* @param array|null $query 请求参数
* @param array|null $params 请求
* @return array
* @throws Exception
*/
public function request($method, $path, $query = null, $params = null)
{
if (!empty($query)) {
$query = array_filter($query, function ($a) { return $a !== null;});
}
if (!empty($params)) {
$params = array_filter($params, function ($a) { return $a !== null;});
}
$time = time();
$date = gmdate("Ymd\THis\Z", $time);
$body = !empty($params) ? json_encode($params) : '';
$headers = [
'Host' => $this->endpoint,
'X-Sdk-Date' => $date,
];
if ($body) {
$headers['Content-Type'] = 'application/json';
}
$authorization = $this->generateSign($method, $path, $query, $headers, $body, $time);
$headers['Authorization'] = $authorization;
$url = 'https://' . $this->endpoint . $path;
if (!empty($query)) {
$url .= '?' . http_build_query($query);
}
$header = [];
foreach ($headers as $key => $value) {
$header[] = $key . ': ' . $value;
}
return $this->curl($method, $url, $body, $header);
}
private function generateSign($method, $path, $query, $headers, $body, $time)
{
$algorithm = "SDK-HMAC-SHA256";
// step 1: build canonical request string
$httpRequestMethod = $method;
$canonicalUri = $path;
if (substr($canonicalUri, -1) != "/") $canonicalUri .= "/";
$canonicalQueryString = $this->getCanonicalQueryString($query);
[$canonicalHeaders, $signedHeaders] = $this->getCanonicalHeaders($headers);
$hashedRequestPayload = hash("sha256", $body);
$canonicalRequest = $httpRequestMethod . "\n"
. $canonicalUri . "\n"
. $canonicalQueryString . "\n"
. $canonicalHeaders . "\n"
. $signedHeaders . "\n"
. $hashedRequestPayload;
// step 2: build string to sign
$date = gmdate("Ymd\THis\Z", $time);
$hashedCanonicalRequest = hash("sha256", $canonicalRequest);
$stringToSign = $algorithm . "\n"
. $date . "\n"
. $hashedCanonicalRequest;
// step 3: sign string
$signature = hash_hmac("sha256", $stringToSign, $this->SecretAccessKey);
// step 4: build authorization
$authorization = $algorithm . ' Access=' . $this->AccessKeyId . ", SignedHeaders=" . $signedHeaders . ", Signature=" . $signature;
return $authorization;
}
private function escape($str)
{
$search = ['+', '*', '%7E'];
$replace = ['%20', '%2A', '~'];
return str_replace($search, $replace, urlencode($str));
}
private function getCanonicalQueryString($parameters)
{
if (empty($parameters)) return '';
ksort($parameters);
$canonicalQueryString = '';
foreach ($parameters as $key => $value) {
$canonicalQueryString .= '&' . $this->escape($key) . '=' . $this->escape($value);
}
return substr($canonicalQueryString, 1);
}
private function getCanonicalHeaders($oldheaders)
{
$headers = array();
foreach ($oldheaders as $key => $value) {
$headers[strtolower($key)] = trim($value);
}
ksort($headers);
$canonicalHeaders = '';
$signedHeaders = '';
foreach ($headers as $key => $value) {
$canonicalHeaders .= $key . ':' . $value . "\n";
$signedHeaders .= $key . ';';
}
$signedHeaders = substr($signedHeaders, 0, -1);
return [$canonicalHeaders, $signedHeaders];
}
private function curl($method, $url, $body, $header)
{
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
if (!empty($body)) {
curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
}
$response = curl_exec($ch);
$errno = curl_errno($ch);
if ($errno) {
curl_close($ch);
throw new Exception('Curl error: ' . curl_error($ch));
}
curl_close($ch);
$arr = json_decode($response, true);
if ($arr) {
if (isset($arr['error_msg'])) {
throw new Exception($arr['error_msg']);
} elseif (isset($arr['message'])) {
throw new Exception($arr['message']);
} elseif (isset($arr['error']['error_msg'])) {
throw new Exception($arr['error']['error_msg']);
} else {
return $arr;
}
} else {
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($httpCode >= 200 && $httpCode < 300) {
return null;
} else {
throw new Exception('返回数据解析失败');
}
}
}
}
<?php
namespace app\lib\client;
use Exception;
/**
* 华为云
*/
class HuaweiCloud
{
private $AccessKeyId;
private $SecretAccessKey;
private $endpoint;
private $proxy = false;
public function __construct($AccessKeyId, $SecretAccessKey, $endpoint, $proxy = false)
{
$this->AccessKeyId = $AccessKeyId;
$this->SecretAccessKey = $SecretAccessKey;
$this->endpoint = $endpoint;
$this->proxy = $proxy;
}
/**
* @param string $method 请求方法
* @param string $path 请求路径
* @param array|null $query 请求参数
* @param array|null $params 请求体
* @return array
* @throws Exception
*/
public function request($method, $path, $query = null, $params = null)
{
if (!empty($query)) {
$query = array_filter($query, function ($a) { return $a !== null;});
}
if (!empty($params)) {
$params = array_filter($params, function ($a) { return $a !== null;});
}
$time = time();
$date = gmdate("Ymd\THis\Z", $time);
$body = !empty($params) ? json_encode($params) : '';
$headers = [
'Host' => $this->endpoint,
'X-Sdk-Date' => $date,
];
if ($body) {
$headers['Content-Type'] = 'application/json';
}
$authorization = $this->generateSign($method, $path, $query, $headers, $body, $time);
$headers['Authorization'] = $authorization;
$url = 'https://' . $this->endpoint . $path;
if (!empty($query)) {
$url .= '?' . http_build_query($query);
}
$header = [];
foreach ($headers as $key => $value) {
$header[] = $key . ': ' . $value;
}
return $this->curl($method, $url, $body, $header);
}
private function generateSign($method, $path, $query, $headers, $body, $time)
{
$algorithm = "SDK-HMAC-SHA256";
// step 1: build canonical request string
$httpRequestMethod = $method;
$canonicalUri = $this->getCanonicalURI($path);
$canonicalQueryString = $this->getCanonicalQueryString($query);
[$canonicalHeaders, $signedHeaders] = $this->getCanonicalHeaders($headers);
$hashedRequestPayload = hash("sha256", $body);
$canonicalRequest = $httpRequestMethod . "\n"
. $canonicalUri . "\n"
. $canonicalQueryString . "\n"
. $canonicalHeaders . "\n"
. $signedHeaders . "\n"
. $hashedRequestPayload;
// step 2: build string to sign
$date = gmdate("Ymd\THis\Z", $time);
$hashedCanonicalRequest = hash("sha256", $canonicalRequest);
$stringToSign = $algorithm . "\n"
. $date . "\n"
. $hashedCanonicalRequest;
// step 3: sign string
$signature = hash_hmac("sha256", $stringToSign, $this->SecretAccessKey);
// step 4: build authorization
$authorization = $algorithm . ' Access=' . $this->AccessKeyId . ", SignedHeaders=" . $signedHeaders . ", Signature=" . $signature;
return $authorization;
}
private function escape($str)
{
$search = ['+', '*', '%7E'];
$replace = ['%20', '%2A', '~'];
return str_replace($search, $replace, urlencode($str));
}
private function getCanonicalURI($path)
{
if (empty($path)) return '/';
$pattens = explode('/', $path);
$pattens = array_map(function ($item) {
return $this->escape($item);
}, $pattens);
$canonicalURI = implode('/', $pattens);
if (substr($canonicalURI, -1) != '/') $canonicalURI .= '/';
return $canonicalURI;
}
private function getCanonicalQueryString($parameters)
{
if (empty($parameters)) return '';
ksort($parameters);
$canonicalQueryString = '';
foreach ($parameters as $key => $value) {
$canonicalQueryString .= '&' . $this->escape($key) . '=' . $this->escape($value);
}
return substr($canonicalQueryString, 1);
}
private function getCanonicalHeaders($oldheaders)
{
$headers = array();
foreach ($oldheaders as $key => $value) {
$headers[strtolower($key)] = trim($value);
}
ksort($headers);
$canonicalHeaders = '';
$signedHeaders = '';
foreach ($headers as $key => $value) {
$canonicalHeaders .= $key . ':' . $value . "\n";
$signedHeaders .= $key . ';';
}
$signedHeaders = substr($signedHeaders, 0, -1);
return [$canonicalHeaders, $signedHeaders];
}
private function curl($method, $url, $body, $header)
{
$ch = curl_init($url);
if ($this->proxy) {
curl_set_proxy($ch);
}
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
if (!empty($body)) {
curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
}
$response = curl_exec($ch);
$errno = curl_errno($ch);
if ($errno) {
$errmsg = curl_error($ch);
curl_close($ch);
throw new Exception('Curl error: ' . $errmsg);
}
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
$arr = json_decode($response, true);
if ($arr) {
if (isset($arr['error_msg'])) {
throw new Exception($arr['error_msg']);
} elseif (isset($arr['message'])) {
throw new Exception($arr['message']);
} elseif (isset($arr['error']['error_msg'])) {
throw new Exception($arr['error']['error_msg']);
} else {
return $arr;
}
} else {
if ($httpCode >= 200 && $httpCode < 300) {
return null;
} else {
throw new Exception('返回数据解析失败');
}
}
}
}

232
app/lib/client/HuaweiOBS.php Normal file
View File

@@ -0,0 +1,232 @@
<?php
namespace app\lib\client;
use Exception;
/**
* 华为云OBS
*/
class HuaweiOBS
{
private $AccessKeyId;
private $SecretAccessKey;
private $Endpoint;
private $proxy = false;
public function __construct($AccessKeyId, $SecretAccessKey, $Endpoint, $proxy = false)
{
$this->AccessKeyId = $AccessKeyId;
$this->SecretAccessKey = $SecretAccessKey;
$this->Endpoint = $Endpoint;
$this->proxy = $proxy;
}
public function setBucketCustomdomain($bucket, $domain, $cert_name, $fullchain, $privatekey)
{
$strXml = <<<EOF
<CustomDomainConfiguration>
</CustomDomainConfiguration>
EOF;
$xml = new \SimpleXMLElement($strXml);
$xml->addChild('Name', $cert_name);
$xml->addChild('Certificate', $fullchain);
$xml->addChild('PrivateKey', $privatekey);
$body = $xml->asXML();
$options = [
'bucket' => $bucket,
'key' => '',
];
$query = [
'customdomain' => $domain
];
return $this->request('PUT', '/', $query, $body, $options);
}
public function deleteBucketCustomdomain($bucket, $domain)
{
$options = [
'bucket' => $bucket,
'key' => '',
];
$query = [
'customdomain' => $domain
];
return $this->request('DELETE', '/', $query, '', $options);
}
public function getBucketCustomdomain($bucket)
{
$options = [
'bucket' => $bucket,
'key' => '',
];
$query = [
'customdomain' => '',
];
return $this->request('GET', '/', $query, '', $options);
}
private function request($method, $path, $query, $body, $options)
{
$hostname = $options['bucket'] . '.' . $this->Endpoint;
$query_string = $this->toQueryString($query);
$query_string = empty($query_string) ? '' : '?' . $query_string;
$requestUrl = 'https://' . $hostname . $path . $query_string;
$headers = [
'Content-Type' => 'application/xml',
'Content-MD5' => base64_encode(md5($body, true)),
'Date' => gmdate('D, d M Y H:i:s \G\M\T'),
];
$headers['Authorization'] = $this->getAuthorization($method, $path, $query, $headers, $options);
$header = [];
foreach ($headers as $key => $value) {
$header[] = $key . ': ' . $value;
}
return $this->curl($method, $requestUrl, $body, $header);
}
private function curl($method, $url, $body, $header)
{
$ch = curl_init($url);
if ($this->proxy) {
curl_set_proxy($ch);
}
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
if (!empty($body)) {
curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
}
$response = curl_exec($ch);
$errno = curl_errno($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($errno) {
$errmsg = curl_error($ch);
curl_close($ch);
throw new Exception('Curl error: ' . $errmsg);
}
curl_close($ch);
if ($httpCode >= 200 && $httpCode < 300) {
if (empty($response)) return true;
return $this->xml2array($response);
}
$arr = $this->xml2array($response);
if (isset($arr['Message'])) {
throw new Exception($arr['Message']);
} else {
throw new Exception('HTTP Code: ' . $httpCode);
}
}
private function toQueryString($params = array())
{
$temp = array();
uksort($params, 'strnatcasecmp');
foreach ($params as $key => $value) {
if (is_string($key) && !is_array($value)) {
if (strlen($value) > 0) {
$temp[] = rawurlencode($key) . '=' . rawurlencode($value);
} else {
$temp[] = rawurlencode($key);
}
}
}
return implode('&', $temp);
}
private function xml2array($xml)
{
if (!$xml) {
return false;
}
LIBXML_VERSION < 20900 && libxml_disable_entity_loader(true);
return json_decode(json_encode(simplexml_load_string($xml, 'SimpleXMLElement', LIBXML_NOCDATA), JSON_UNESCAPED_UNICODE), true);
}
private function getAuthorization($method, $url, $query, $headers, $options)
{
$method = strtoupper($method);
$date = $headers['Date'];
$resourcePath = $this->getResourcePath($options);
$stringToSign = $this->calcStringToSign($method, $date, $headers, $resourcePath, $query);
$signature = base64_encode(hash_hmac('sha1', $stringToSign, $this->SecretAccessKey, true));
return 'OBS ' . $this->AccessKeyId . ':' . $signature;
}
private function getResourcePath(array $options)
{
$resourcePath = '/';
if (strlen($options['bucket']) > 0) {
$resourcePath .= $options['bucket'] . '/';
}
if (strlen($options['key']) > 0) {
$resourcePath .= $options['key'];
}
return $resourcePath;
}
private function calcStringToSign($method, $date, array $headers, $resourcePath, array $query)
{
/*
SignToString =
VERB + "\n"
+ Content-MD5 + "\n"
+ Content-Type + "\n"
+ Date + "\n"
+ CanonicalizedOSSHeaders
+ CanonicalizedResource
Signature = base64(hmac-sha1(AccessKeySecret, SignToString))
*/
$contentMd5 = '';
$contentType = '';
// CanonicalizedOSSHeaders
$signheaders = array();
foreach ($headers as $key => $value) {
$lowk = strtolower($key);
if (strncmp($lowk, "x-obs-", 6) == 0) {
$signheaders[$lowk] = $value;
} else if ($lowk === 'content-md5') {
$contentMd5 = $value;
} else if ($lowk === 'content-type') {
$contentType = $value;
}
}
ksort($signheaders);
$canonicalizedOSSHeaders = '';
foreach ($signheaders as $key => $value) {
$canonicalizedOSSHeaders .= $key . ':' . $value . "\n";
}
// CanonicalizedResource
$signquery = array();
foreach ($query as $key => $value) {
if (in_array($key, $this->signKeyList)) {
$signquery[$key] = $value;
}
}
ksort($signquery);
$sortedQueryList = array();
foreach ($signquery as $key => $value) {
if (strlen($value) > 0) {
$sortedQueryList[] = $key . '=' . $value;
} else {
$sortedQueryList[] = $key;
}
}
$queryStringSorted = implode('&', $sortedQueryList);
$canonicalizedResource = $resourcePath;
if (!empty($queryStringSorted)) {
$canonicalizedResource .= '?' . $queryStringSorted;
}
return $method . "\n" . $contentMd5 . "\n" . $contentType . "\n" . $date . "\n" . $canonicalizedOSSHeaders . $canonicalizedResource;
}
private $signKeyList = array(
'acl', 'policy', 'torrent', 'logging', 'location', 'storageinfo', 'quota', 'storagepolicy', 'requestpayment', 'versions', 'versioning', 'versionid', 'uploads', 'uploadid', 'partnumber', 'website', 'notification', 'lifecycle', 'deletebucket', 'delete', 'cors', 'restore', 'tagging', 'response-content-type', 'response-content-language', 'response-expires', 'response-cache-control', 'response-content-disposition', 'response-content-encoding', 'x-image-process', 'backtosource', 'storageclass', 'replication', 'append', 'position', 'x-oss-process', 'CDNNotifyConfiguration', 'attname', 'customdomain', 'directcoldaccess', 'encryption', 'inventory', 'length', 'metadata', 'modify', 'name', 'rename', 'truncate', 'x-image-save-bucket', 'x-image-save-object', 'x-obs-security-token', 'x-obs-callback'
);
}

191
app/lib/client/Jdcloud.php Normal file
View File

@@ -0,0 +1,191 @@
<?php
namespace app\lib\client;
use Exception;
/**
* 京东云
*/
class Jdcloud
{
private static $algorithm = 'JDCLOUD2-HMAC-SHA256';
private $AccessKeyId;
private $AccessKeySecret;
private $endpoint;
private $service;
private $region;
private $proxy = false;
public function __construct($AccessKeyId, $AccessKeySecret, $endpoint, $service, $region, $proxy = false)
{
$this->AccessKeyId = $AccessKeyId;
$this->AccessKeySecret = $AccessKeySecret;
$this->endpoint = $endpoint;
$this->service = $service;
$this->region = $region;
$this->proxy = $proxy;
}
/**
* @param string $method 请求方法
* @param string $path 请求路径
* @param array $params 请求参数
* @return array
* @throws Exception
*/
public function request($method, $path, $params = [])
{
if (!empty($params)) {
$params = array_filter($params, function ($a) {
return $a !== null;
});
}
if ($method == 'GET' || $method == 'DELETE') {
$query = $params;
$body = '';
} else {
$query = [];
$body = !empty($params) ? json_encode($params) : '';
}
$date = gmdate("Ymd\THis\Z");
$headers = [
'Host' => $this->endpoint,
'x-jdcloud-algorithm' => self::$algorithm,
'x-jdcloud-date' => $date,
'x-jdcloud-nonce' => uniqid('php', true),
];
if ($body) {
$headers['Content-Type'] = 'application/json';
}
$authorization = $this->generateSign($method, $path, $query, $headers, $body, $date);
$headers['authorization'] = $authorization;
$url = 'https://' . $this->endpoint . $path;
if (!empty($query)) {
$url .= '?' . http_build_query($query);
}
$header = [];
foreach ($headers as $key => $value) {
$header[] = $key . ': ' . $value;
}
return $this->curl($method, $url, $body, $header);
}
private function generateSign($method, $path, $query, $headers, $body, $date)
{
// step 1: build canonical request string
$httpRequestMethod = $method;
$canonicalUri = $path;
$canonicalQueryString = $this->getCanonicalQueryString($query);
[$canonicalHeaders, $signedHeaders] = $this->getCanonicalHeaders($headers);
$hashedRequestPayload = hash("sha256", $body);
$canonicalRequest = $httpRequestMethod . "\n"
. $canonicalUri . "\n"
. $canonicalQueryString . "\n"
. $canonicalHeaders . "\n"
. $signedHeaders . "\n"
. $hashedRequestPayload;
// step 2: build string to sign
$shortDate = substr($date, 0, 8);
$credentialScope = $shortDate . '/' . $this->region . '/' . $this->service . '/jdcloud2_request';
$hashedCanonicalRequest = hash("sha256", $canonicalRequest);
$stringToSign = self::$algorithm . "\n"
. $date . "\n"
. $credentialScope . "\n"
. $hashedCanonicalRequest;
// step 3: sign string
$kDate = hash_hmac("sha256", $shortDate, 'JDCLOUD2' . $this->AccessKeySecret, true);
$kRegion = hash_hmac("sha256", $this->region, $kDate, true);
$kService = hash_hmac("sha256", $this->service, $kRegion, true);
$kSigning = hash_hmac("sha256", "jdcloud2_request", $kService, true);
$signature = hash_hmac("sha256", $stringToSign, $kSigning);
// step 4: build authorization
$credential = $this->AccessKeyId . '/' . $credentialScope;
$authorization = self::$algorithm . ' Credential=' . $credential . ", SignedHeaders=" . $signedHeaders . ", Signature=" . $signature;
return $authorization;
}
private function escape($str)
{
$search = ['+', '*', '%7E'];
$replace = ['%20', '%2A', '~'];
return str_replace($search, $replace, urlencode($str));
}
private function getCanonicalQueryString($parameters)
{
if (empty($parameters)) return '';
ksort($parameters);
$canonicalQueryString = '';
foreach ($parameters as $key => $value) {
$canonicalQueryString .= '&' . $this->escape($key) . '=' . $this->escape($value);
}
return substr($canonicalQueryString, 1);
}
private function getCanonicalHeaders($oldheaders)
{
$headers = array();
foreach ($oldheaders as $key => $value) {
$headers[strtolower($key)] = trim($value);
}
ksort($headers);
$canonicalHeaders = '';
$signedHeaders = '';
foreach ($headers as $key => $value) {
$canonicalHeaders .= $key . ':' . $value . "\n";
$signedHeaders .= $key . ';';
}
$signedHeaders = substr($signedHeaders, 0, -1);
return [$canonicalHeaders, $signedHeaders];
}
private function curl($method, $url, $body, $header)
{
$ch = curl_init($url);
if ($this->proxy) {
curl_set_proxy($ch);
}
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
if (!empty($body)) {
curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
}
$response = curl_exec($ch);
$errno = curl_errno($ch);
if ($errno) {
$errmsg = curl_error($ch);
curl_close($ch);
throw new Exception('Curl error: ' . $errmsg);
}
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
$arr = json_decode($response, true);
if ($httpCode == 200) {
if (isset($arr['result'])) {
return $arr['result'];
}
return $arr;
} else {
if (isset($arr['error']['message'])) {
throw new Exception($arr['error']['message']);
} else {
throw new Exception('返回数据解析失败(http_code=' . $httpCode . ')');
}
}
}
}

209
app/lib/client/Ksyun.php Normal file
View File

@@ -0,0 +1,209 @@
<?php
namespace app\lib\client;
use Exception;
/**
* 金山云
*/
class Ksyun
{
private $AccessKeyId;
private $SecretAccessKey;
private $endpoint;
private $service;
private $region;
private $proxy = false;
public function __construct($AccessKeyId, $SecretAccessKey, $endpoint, $service, $region, $proxy = false)
{
$this->AccessKeyId = $AccessKeyId;
$this->SecretAccessKey = $SecretAccessKey;
$this->endpoint = $endpoint;
$this->service = $service;
$this->region = $region;
$this->proxy = $proxy;
}
/**
* @param string $method 请求方法
* @param string $action 方法名称
* @param array $params 请求参数
* @return array
* @throws Exception
*/
public function request($method, $action, $version, $path = '/', $params = [])
{
if (!empty($params)) {
$params = array_filter($params, function ($a) {
return $a !== null;
});
}
$body = '';
$query = [];
if ($method == 'GET') {
$query = $params;
} else {
$body = !empty($params) ? json_encode($params) : '';
}
$time = time();
$headers = [
'Host' => $this->endpoint,
'X-Amz-Date' => gmdate("Ymd\THis\Z", $time),
'X-Version' => $version,
'X-Action' => $action,
];
$authorization = $this->generateSign($method, $path, $query, $headers, $body, $time);
$headers['Authorization'] = $authorization;
$headers['Accept'] = 'application/json';
if ($body) {
$headers['Content-Type'] = 'application/json';
}
$url = 'https://' . $this->endpoint . $path;
if (!empty($query)) {
$url .= '?' . http_build_query($query);
}
$header = [];
foreach ($headers as $key => $value) {
$header[] = $key . ': ' . $value;
}
return $this->curl($method, $url, $body, $header);
}
private function generateSign($method, $path, $query, $headers, $body, $time)
{
$algorithm = "AWS4-HMAC-SHA256";
// step 1: build canonical request string
$httpRequestMethod = $method;
$canonicalUri = $this->getCanonicalURI($path);
$canonicalQueryString = $this->getCanonicalQueryString($query);
[$canonicalHeaders, $signedHeaders] = $this->getCanonicalHeaders($headers);
$hashedRequestPayload = hash("sha256", $body);
$canonicalRequest = $httpRequestMethod . "\n"
. $canonicalUri . "\n"
. $canonicalQueryString . "\n"
. $canonicalHeaders . "\n"
. $signedHeaders . "\n"
. $hashedRequestPayload;
// step 2: build string to sign
$date = gmdate("Ymd\THis\Z", $time);
$shortDate = substr($date, 0, 8);
$credentialScope = $shortDate . '/' . $this->region . '/' . $this->service . '/aws4_request';
$hashedCanonicalRequest = hash("sha256", $canonicalRequest);
$stringToSign = $algorithm . "\n"
. $date . "\n"
. $credentialScope . "\n"
. $hashedCanonicalRequest;
// step 3: sign string
$kDate = hash_hmac("sha256", $shortDate, 'AWS4' . $this->SecretAccessKey, true);
$kRegion = hash_hmac("sha256", $this->region, $kDate, true);
$kService = hash_hmac("sha256", $this->service, $kRegion, true);
$kSigning = hash_hmac("sha256", "aws4_request", $kService, true);
$signature = hash_hmac("sha256", $stringToSign, $kSigning);
// step 4: build authorization
$credential = $this->AccessKeyId . '/' . $credentialScope;
$authorization = $algorithm . ' Credential=' . $credential . ", SignedHeaders=" . $signedHeaders . ", Signature=" . $signature;
return $authorization;
}
private function escape($str)
{
$search = ['+', '*', '%7E'];
$replace = ['%20', '%2A', '~'];
return str_replace($search, $replace, urlencode($str));
}
private function getCanonicalURI($path)
{
if (empty($path)) return '/';
$pattens = explode('/', $path);
$pattens = array_map(function ($item) {
return $this->escape($item);
}, $pattens);
$canonicalURI = implode('/', $pattens);
return $canonicalURI;
}
private function getCanonicalQueryString($parameters)
{
if (empty($parameters)) return '';
ksort($parameters);
$canonicalQueryString = '';
foreach ($parameters as $key => $value) {
if (!is_array($value)) {
$canonicalQueryString .= '&' . $this->escape($key) . '=' . $this->escape($value);
} else {
sort($value);
foreach ($value as $v) {
$canonicalQueryString .= '&' . $this->escape($key) . '=' . $this->escape($v);
}
}
}
return substr($canonicalQueryString, 1);
}
private function getCanonicalHeaders($oldheaders)
{
$headers = array();
foreach ($oldheaders as $key => $value) {
$headers[strtolower($key)] = trim($value);
}
ksort($headers);
$canonicalHeaders = '';
$signedHeaders = '';
foreach ($headers as $key => $value) {
$canonicalHeaders .= $key . ':' . $value . "\n";
$signedHeaders .= $key . ';';
}
$signedHeaders = substr($signedHeaders, 0, -1);
return [$canonicalHeaders, $signedHeaders];
}
private function curl($method, $url, $body, $header)
{
$ch = curl_init($url);
if ($this->proxy) {
curl_set_proxy($ch);
}
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
if (!empty($body)) {
curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
}
$response = curl_exec($ch);
$errno = curl_errno($ch);
if ($errno) {
$errmsg = curl_error($ch);
curl_close($ch);
throw new Exception('Curl error: ' . $errmsg);
}
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
$arr = json_decode($response, true);
if ($httpCode == 200) {
return $arr;
} else {
if (isset($arr['Error']['Message'])) {
throw new Exception($arr['Error']['Message']);
} else {
throw new Exception('返回数据解析失败(http_code=' . $httpCode . ')');
}
}
}
}

247
app/lib/client/Qiniu.php
View File

@@ -1,104 +1,143 @@
<?php
namespace app\lib\client;
use Exception;
/**
* 七牛云
*/
class Qiniu
{
private $ApiUrl = 'https://api.qiniu.com';
private $AccessKey;
private $SecretKey;
public function __construct($AccessKey, $SecretKey)
{
$this->AccessKey = $AccessKey;
$this->SecretKey = $SecretKey;
}
/**
* @param string $method 请求方法
* @param string $path 请求路径
* @param array|null $query 请求参数
* @param array|null $params 请求
* @return array
* @throws Exception
*/
public function request($method, $path, $query = null, $params = null)
{
$url = $this->ApiUrl . $path;
$query_str = null;
$body = null;
if (!empty($query)) {
$query = array_filter($query, function ($a) {
return $a !== null;
});
$query_str = http_build_query($query);
$url .= '?' . $query_str;
}
if (!empty($params)) {
$params = array_filter($params, function ($a) {
return $a !== null;
});
$body = json_encode($params);
}
$sign_str = $path . ($query_str ? '?' . $query_str : '') . "\n";
$hmac = hash_hmac('sha1', $sign_str, $this->SecretKey, true);
$sign = $this->AccessKey . ':' . $this->base64_urlSafeEncode($hmac);
$header = [
'Authorization: QBox ' . $sign,
];
if ($body) {
$header[] = 'Content-Type: application/json';
}
return $this->curl($method, $url, $body, $header);
}
private function base64_urlSafeEncode($data)
{
$find = array('+', '/');
$replace = array('-', '_');
return str_replace($find, $replace, base64_encode($data));
}
private function curl($method, $url, $body, $header)
{
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_USERAGENT, 'QiniuPHP/7.14.0 (' . php_uname("s") . '/' . php_uname("m") . ') PHP/' . phpversion());
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
if (!empty($body)) {
curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
}
$response = curl_exec($ch);
$errno = curl_errno($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($errno) {
curl_close($ch);
throw new Exception('Curl error: ' . curl_error($ch));
}
curl_close($ch);
if ($httpCode == 200) {
$arr = json_decode($response, true);
if($arr) return $arr;
return true;
} else {
$arr = json_decode($response, true);
if ($arr && !empty($arr['error'])) {
throw new Exception($arr['error']);
} else {
throw new Exception('返回数据解析失败');
}
}
}
}
<?php
namespace app\lib\client;
use Exception;
/**
* 七牛云
*/
class Qiniu
{
private $ApiUrl = 'https://api.qiniu.com';
private $AccessKey;
private $SecretKey;
private $proxy = false;
public function __construct($AccessKey, $SecretKey, $proxy = false)
{
$this->AccessKey = $AccessKey;
$this->SecretKey = $SecretKey;
$this->proxy = $proxy;
}
/**
* @param string $method 请求方法
* @param string $path 请求路径
* @param array|null $query 请求参数
* @param array|null $params 请求体
* @return array
* @throws Exception
*/
public function request($method, $path, $query = null, $params = null)
{
$url = $this->ApiUrl . $path;
$query_str = null;
$body = null;
if (!empty($query)) {
$query = array_filter($query, function ($a) {
return $a !== null;
});
$query_str = http_build_query($query);
$url .= '?' . $query_str;
}
if (!empty($params)) {
$params = array_filter($params, function ($a) {
return $a !== null;
});
$body = json_encode($params);
}
$sign_str = $path . ($query_str ? '?' . $query_str : '') . "\n";
$hmac = hash_hmac('sha1', $sign_str, $this->SecretKey, true);
$sign = $this->AccessKey . ':' . $this->base64_urlSafeEncode($hmac);
$header = [
'Authorization: QBox ' . $sign,
];
if ($body) {
$header[] = 'Content-Type: application/json';
}
return $this->curl($method, $url, $body, $header);
}
public function pili_request($method, $path, $query = null, $params = null)
{
$this->ApiUrl = 'https://pili.qiniuapi.com';
$url = $this->ApiUrl . $path;
$query_str = null;
$body = null;
if (!empty($query)) {
$query = array_filter($query, function ($a) {
return $a !== null;
});
$query_str = http_build_query($query);
$url .= '?' . $query_str;
}
if (!empty($params)) {
$params = array_filter($params, function ($a) {
return $a !== null;
});
$body = json_encode($params);
}
$sign_str = $method . ' ' . $path . ($query_str ? '?' . $query_str : '') . "\nHost: pili.qiniuapi.com" . ($body ? "\nContent-Type: application/json" : '') . "\n\n" . $body;
$hmac = hash_hmac('sha1', $sign_str, $this->SecretKey, true);
$sign = $this->AccessKey . ':' . $this->base64_urlSafeEncode($hmac);
$header = [
'Authorization: Qiniu ' . $sign,
];
if ($body) {
$header[] = 'Content-Type: application/json';
}
return $this->curl($method, $url, $body, $header);
}
private function base64_urlSafeEncode($data)
{
$find = array('+', '/');
$replace = array('-', '_');
return str_replace($find, $replace, base64_encode($data));
}
private function curl($method, $url, $body, $header)
{
$ch = curl_init($url);
if ($this->proxy) {
curl_set_proxy($ch);
}
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_USERAGENT, 'QiniuPHP/7.14.0 (' . php_uname("s") . '/' . php_uname("m") . ') PHP/' . phpversion());
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
if (!empty($body)) {
curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
}
$response = curl_exec($ch);
$errno = curl_errno($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($errno) {
$errmsg = curl_error($ch);
curl_close($ch);
throw new Exception('Curl error: ' . $errmsg);
}
curl_close($ch);
if ($httpCode == 200) {
$arr = json_decode($response, true);
if ($arr) return $arr;
return true;
} else {
$arr = json_decode($response, true);
if ($arr && !empty($arr['error'])) {
throw new Exception($arr['error']);
} else {
throw new Exception('返回数据解析失败');
}
}
}
}

258
app/lib/client/TencentCloud.php
View File

@@ -1,127 +1,133 @@
<?php
namespace app\lib\client;
use Exception;
/**
* 腾讯云
*/
class TencentCloud
{
private $SecretId;
private $SecretKey;
private $endpoint;
private $service;
private $version;
private $region;
public function __construct($SecretId, $SecretKey, $endpoint, $service, $version, $region = null)
{
$this->SecretId = $SecretId;
$this->SecretKey = $SecretKey;
$this->endpoint = $endpoint;
$this->service = $service;
$this->version = $version;
$this->region = $region;
}
/**
* @param string $action 方法名称
* @param array $param 请求参数
* @return array
* @throws Exception
*/
public function request($action, $param)
{
$param = array_filter($param, function ($a) { return $a !== null;});
if (!$param) $param = (object)[];
$payload = json_encode($param);
$time = time();
$authorization = $this->generateSign($payload, $time);
$header = [
'Authorization: '.$authorization,
'Content-Type: application/json; charset=utf-8',
'X-TC-Action: '.$action,
'X-TC-Timestamp: '.$time,
'X-TC-Version: '.$this->version,
];
if($this->region) {
$header[] = 'X-TC-Region: '.$this->region;
}
$res = $this->curl_post($payload, $header);
return $res;
}
private function generateSign($payload, $time)
{
$algorithm = "TC3-HMAC-SHA256";
// step 1: build canonical request string
$httpRequestMethod = "POST";
$canonicalUri = "/";
$canonicalQueryString = "";
$canonicalHeaders = "content-type:application/json; charset=utf-8\n"."host:".$this->endpoint."\n";
$signedHeaders = "content-type;host";
$hashedRequestPayload = hash("SHA256", $payload);
$canonicalRequest = $httpRequestMethod."\n"
.$canonicalUri."\n"
.$canonicalQueryString."\n"
.$canonicalHeaders."\n"
.$signedHeaders."\n"
.$hashedRequestPayload;
// step 2: build string to sign
$date = gmdate("Y-m-d", $time);
$credentialScope = $date."/".$this->service."/tc3_request";
$hashedCanonicalRequest = hash("SHA256", $canonicalRequest);
$stringToSign = $algorithm."\n"
.$time."\n"
.$credentialScope."\n"
.$hashedCanonicalRequest;
// step 3: sign string
$secretDate = hash_hmac("SHA256", $date, "TC3".$this->SecretKey, true);
$secretService = hash_hmac("SHA256", $this->service, $secretDate, true);
$secretSigning = hash_hmac("SHA256", "tc3_request", $secretService, true);
$signature = hash_hmac("SHA256", $stringToSign, $secretSigning);
// step 4: build authorization
$authorization = $algorithm
." Credential=".$this->SecretId."/".$credentialScope
.", SignedHeaders=content-type;host, Signature=".$signature;
return $authorization;
}
private function curl_post($payload, $header)
{
$url = 'https://'.$this->endpoint.'/';
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
$response = curl_exec($ch);
$errno = curl_errno($ch);
if ($errno) {
curl_close($ch);
throw new Exception('Curl error: ' . curl_error($ch));
}
curl_close($ch);
$arr = json_decode($response, true);
if ($arr) {
if (isset($arr['Response']['Error'])) {
throw new Exception($arr['Response']['Error']['Message']);
} else {
return $arr['Response'];
}
} else {
throw new Exception('返回数据解析失败');
}
}
<?php
namespace app\lib\client;
use Exception;
/**
* 腾讯云
*/
class TencentCloud
{
private $SecretId;
private $SecretKey;
private $endpoint;
private $service;
private $version;
private $region;
private $proxy = false;
public function __construct($SecretId, $SecretKey, $endpoint, $service, $version, $region = null, $proxy = false)
{
$this->SecretId = $SecretId;
$this->SecretKey = $SecretKey;
$this->endpoint = $endpoint;
$this->service = $service;
$this->version = $version;
$this->region = $region;
$this->proxy = $proxy;
}
/**
* @param string $action 方法名称
* @param array $param 请求参数
* @return array
* @throws Exception
*/
public function request($action, $param)
{
$param = array_filter($param, function ($a) { return $a !== null;});
if (!$param) $param = (object)[];
$payload = json_encode($param);
$time = time();
$authorization = $this->generateSign($payload, $time);
$header = [
'Authorization: '.$authorization,
'Content-Type: application/json; charset=utf-8',
'X-TC-Action: '.$action,
'X-TC-Timestamp: '.$time,
'X-TC-Version: '.$this->version,
];
if($this->region) {
$header[] = 'X-TC-Region: '.$this->region;
}
$res = $this->curl_post($payload, $header);
return $res;
}
private function generateSign($payload, $time)
{
$algorithm = "TC3-HMAC-SHA256";
// step 1: build canonical request string
$httpRequestMethod = "POST";
$canonicalUri = "/";
$canonicalQueryString = "";
$canonicalHeaders = "content-type:application/json; charset=utf-8\n"."host:".$this->endpoint."\n";
$signedHeaders = "content-type;host";
$hashedRequestPayload = hash("SHA256", $payload);
$canonicalRequest = $httpRequestMethod."\n"
.$canonicalUri."\n"
.$canonicalQueryString."\n"
.$canonicalHeaders."\n"
.$signedHeaders."\n"
.$hashedRequestPayload;
// step 2: build string to sign
$date = gmdate("Y-m-d", $time);
$credentialScope = $date."/".$this->service."/tc3_request";
$hashedCanonicalRequest = hash("SHA256", $canonicalRequest);
$stringToSign = $algorithm."\n"
.$time."\n"
.$credentialScope."\n"
.$hashedCanonicalRequest;
// step 3: sign string
$secretDate = hash_hmac("SHA256", $date, "TC3".$this->SecretKey, true);
$secretService = hash_hmac("SHA256", $this->service, $secretDate, true);
$secretSigning = hash_hmac("SHA256", "tc3_request", $secretService, true);
$signature = hash_hmac("SHA256", $stringToSign, $secretSigning);
// step 4: build authorization
$authorization = $algorithm
." Credential=".$this->SecretId."/".$credentialScope
.", SignedHeaders=content-type;host, Signature=".$signature;
return $authorization;
}
private function curl_post($payload, $header)
{
$url = 'https://'.$this->endpoint.'/';
$ch = curl_init($url);
if ($this->proxy) {
curl_set_proxy($ch);
}
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
$response = curl_exec($ch);
$errno = curl_errno($ch);
if ($errno) {
$errmsg = curl_error($ch);
curl_close($ch);
throw new Exception('Curl error: ' . $errmsg);
}
curl_close($ch);
$arr = json_decode($response, true);
if ($arr) {
if (isset($arr['Response']['Error'])) {
throw new Exception($arr['Response']['Error']['Message']);
} else {
return $arr['Response'];
}
} else {
throw new Exception('返回数据解析失败');
}
}
}

102
app/lib/client/Ucloud.php
View File

@@ -1,51 +1,51 @@
<?php
namespace app\lib\client;
use Exception;
class Ucloud
{
const VERSION = "0.1.0";
private $ApiUrl = 'https://api.ucloud.cn/';
private $PublicKey;
private $PrivateKey;
public function __construct($PublicKey, $PrivateKey)
{
$this->PublicKey = $PublicKey;
$this->PrivateKey = $PrivateKey;
}
public function request($action, $params)
{
$param = [
'Action' => $action,
'PublicKey' => $this->PublicKey,
];
$param = array_merge($param, $params);
$param['Signature'] = $this->ucloudSignature($param);
$ua = sprintf("PHP/%s PHP-SDK/%s", phpversion(), self::VERSION);
$response = get_curl($this->ApiUrl, json_encode($param), 0, 0, 0, $ua, 0, ['Content-Type: application/json']);
$result = json_decode($response, true);
if (isset($result['RetCode']) && $result['RetCode'] == 0) {
return $result;
} elseif (isset($result['Message'])) {
throw new Exception($result['Message']);
} else {
throw new Exception('返回数据解析失败');
}
}
private function ucloudSignature($param)
{
ksort($param);
$str = '';
foreach ($param as $key => $value) {
$str .= $key . $value;
}
$str .= $this->PrivateKey;
return sha1($str);
}
}
<?php
namespace app\lib\client;
use Exception;
class Ucloud
{
const VERSION = "0.1.0";
private $ApiUrl = 'https://api.ucloud.cn/';
private $PublicKey;
private $PrivateKey;
public function __construct($PublicKey, $PrivateKey)
{
$this->PublicKey = $PublicKey;
$this->PrivateKey = $PrivateKey;
}
public function request($action, $params)
{
$param = [
'Action' => $action,
'PublicKey' => $this->PublicKey,
];
$param = array_merge($param, $params);
$param['Signature'] = $this->ucloudSignature($param);
$ua = sprintf("PHP/%s PHP-SDK/%s", phpversion(), self::VERSION);
$response = get_curl($this->ApiUrl, json_encode($param), 0, 0, $ua, 0, ['Content-Type' => 'application/json']);
$result = json_decode($response, true);
if (isset($result['RetCode']) && $result['RetCode'] == 0) {
return $result;
} elseif (isset($result['Message'])) {
throw new Exception($result['Message']);
} else {
throw new Exception('返回数据解析失败');
}
}
private function ucloudSignature($param)
{
ksort($param);
$str = '';
foreach ($param as $key => $value) {
$str .= $key . $value;
}
$str .= $this->PrivateKey;
return sha1($str);
}
}

444
app/lib/client/Volcengine.php
View File

@@ -1,192 +1,252 @@
<?php
namespace app\lib\client;
use Exception;
/**
* 火山引擎
*/
class Volcengine
{
private $AccessKeyId;
private $SecretAccessKey;
private $endpoint = "open.volcengineapi.com";
private $service;
private $version;
private $region;
public function __construct($AccessKeyId, $SecretAccessKey, $endpoint, $service, $version, $region)
{
$this->AccessKeyId = $AccessKeyId;
$this->SecretAccessKey = $SecretAccessKey;
$this->endpoint = $endpoint;
$this->service = $service;
$this->version = $version;
$this->region = $region;
}
/**
* @param string $method 请求方法
* @param string $action 方法名称
* @param array $params 请求参数
* @return array
* @throws Exception
*/
public function request($method, $action, $params = [], $querys = [])
{
if (!empty($params)) {
$params = array_filter($params, function ($a) { return $a !== null;});
}
$query = [
'Action' => $action,
'Version' => $this->version,
];
$body = '';
if ($method == 'GET') {
$query = array_merge($query, $params);
} else {
$body = !empty($params) ? json_encode($params) : '';
if (!empty($querys)) {
$query = array_merge($query, $querys);
}
}
$time = time();
$headers = [
'Host' => $this->endpoint,
'X-Date' => gmdate("Ymd\THis\Z", $time),
//'X-Content-Sha256' => hash("sha256", $body),
];
if ($body) {
$headers['Content-Type'] = 'application/json';
}
$path = '/';
$authorization = $this->generateSign($method, $path, $query, $headers, $body, $time);
$headers['Authorization'] = $authorization;
$url = 'https://' . $this->endpoint . $path . '?' . http_build_query($query);
$header = [];
foreach ($headers as $key => $value) {
$header[] = $key . ': ' . $value;
}
return $this->curl($method, $url, $body, $header);
}
private function generateSign($method, $path, $query, $headers, $body, $time)
{
$algorithm = "HMAC-SHA256";
// step 1: build canonical request string
$httpRequestMethod = $method;
$canonicalUri = $path;
if (substr($canonicalUri, -1) != "/") $canonicalUri .= "/";
$canonicalQueryString = $this->getCanonicalQueryString($query);
[$canonicalHeaders, $signedHeaders] = $this->getCanonicalHeaders($headers);
$hashedRequestPayload = hash("sha256", $body);
$canonicalRequest = $httpRequestMethod . "\n"
. $canonicalUri . "\n"
. $canonicalQueryString . "\n"
. $canonicalHeaders . "\n"
. $signedHeaders . "\n"
. $hashedRequestPayload;
// step 2: build string to sign
$date = gmdate("Ymd\THis\Z", $time);
$shortDate = substr($date, 0, 8);
$credentialScope = $shortDate . '/' . $this->region . '/' . $this->service . '/request';
$hashedCanonicalRequest = hash("sha256", $canonicalRequest);
$stringToSign = $algorithm . "\n"
. $date . "\n"
. $credentialScope . "\n"
. $hashedCanonicalRequest;
// step 3: sign string
$kDate = hash_hmac("sha256", $shortDate, $this->SecretAccessKey, true);
$kRegion = hash_hmac("sha256", $this->region, $kDate, true);
$kService = hash_hmac("sha256", $this->service, $kRegion, true);
$kSigning = hash_hmac("sha256", "request", $kService, true);
$signature = hash_hmac("sha256", $stringToSign, $kSigning);
// step 4: build authorization
$credential = $this->AccessKeyId . '/' . $credentialScope;
$authorization = $algorithm . ' Credential=' . $credential . ", SignedHeaders=" . $signedHeaders . ", Signature=" . $signature;
return $authorization;
}
private function escape($str)
{
$search = ['+', '*', '%7E'];
$replace = ['%20', '%2A', '~'];
return str_replace($search, $replace, urlencode($str));
}
private function getCanonicalQueryString($parameters)
{
if (empty($parameters)) return '';
ksort($parameters);
$canonicalQueryString = '';
foreach ($parameters as $key => $value) {
$canonicalQueryString .= '&' . $this->escape($key) . '=' . $this->escape($value);
}
return substr($canonicalQueryString, 1);
}
private function getCanonicalHeaders($oldheaders)
{
$headers = array();
foreach ($oldheaders as $key => $value) {
$headers[strtolower($key)] = trim($value);
}
ksort($headers);
$canonicalHeaders = '';
$signedHeaders = '';
foreach ($headers as $key => $value) {
$canonicalHeaders .= $key . ':' . $value . "\n";
$signedHeaders .= $key . ';';
}
$signedHeaders = substr($signedHeaders, 0, -1);
return [$canonicalHeaders, $signedHeaders];
}
private function curl($method, $url, $body, $header)
{
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
if (!empty($body)) {
curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
}
$response = curl_exec($ch);
$errno = curl_errno($ch);
if ($errno) {
curl_close($ch);
throw new Exception('Curl error: ' . curl_error($ch));
}
curl_close($ch);
$arr = json_decode($response, true);
if ($arr) {
if (isset($arr['ResponseMetadata']['Error']['MessageCN'])) {
throw new Exception($arr['ResponseMetadata']['Error']['MessageCN']);
} elseif (isset($arr['ResponseMetadata']['Error']['Message'])) {
throw new Exception($arr['ResponseMetadata']['Error']['Message']);
} elseif (isset($arr['Result'])) {
return $arr['Result'];
} else {
return true;
}
} else {
throw new Exception('返回数据解析失败');
}
}
}
<?php
namespace app\lib\client;
use Exception;
/**
* 火山引擎
*/
class Volcengine
{
private $AccessKeyId;
private $SecretAccessKey;
private $endpoint = "open.volcengineapi.com";
private $service;
private $version;
private $region;
private $proxy = false;
public function __construct($AccessKeyId, $SecretAccessKey, $endpoint, $service, $version, $region, $proxy = false)
{
$this->AccessKeyId = $AccessKeyId;
$this->SecretAccessKey = $SecretAccessKey;
$this->endpoint = $endpoint;
$this->service = $service;
$this->version = $version;
$this->region = $region;
$this->proxy = $proxy;
}
/**
* @param string $method 请求方法
* @param string $action 方法名称
* @param array $params 请求参数
* @return array
* @throws Exception
*/
public function request($method, $action, $params = [], $querys = [])
{
if (!empty($params)) {
$params = array_filter($params, function ($a) {
return $a !== null;
});
}
$query = [
'Action' => $action,
'Version' => $this->version,
];
$body = '';
if ($method == 'GET') {
$query = array_merge($query, $params);
} else {
$body = !empty($params) ? json_encode($params) : '';
if (!empty($querys)) {
$query = array_merge($query, $querys);
}
}
$time = time();
$headers = [
'Host' => $this->endpoint,
'X-Date' => gmdate("Ymd\THis\Z", $time),
//'X-Content-Sha256' => hash("sha256", $body),
];
if ($body) {
$headers['Content-Type'] = 'application/json';
}
$path = '/';
$authorization = $this->generateSign($method, $path, $query, $headers, $body, $time);
$headers['Authorization'] = $authorization;
$url = 'https://' . $this->endpoint . $path . '?' . http_build_query($query);
$header = [];
foreach ($headers as $key => $value) {
$header[] = $key . ': ' . $value;
}
return $this->curl($method, $url, $body, $header);
}
/**
* @param string $method 请求方法
* @param string $action 方法名称
* @param array $params 请求参数
* @return array
* @throws Exception
*/
public function tos_request($method, $params = [], $query = [])
{
if (!empty($params)) {
$params = array_filter($params, function ($a) {
return $a !== null;
});
}
$body = '';
if ($method != 'GET') {
$body = !empty($params) ? json_encode($params) : '';
}
$time = time();
$headers = [
'Host' => $this->endpoint,
'X-Tos-Date' => gmdate("Ymd\THis\Z", $time),
'X-Tos-Content-Sha256' => hash("sha256", $body),
];
if ($body) {
$headers['Content-Type'] = 'application/json';
}
$path = '/';
$authorization = $this->generateSign($method, $path, $query, $headers, $body, $time);
$headers['Authorization'] = $authorization;
$url = 'https://' . $this->endpoint . $path . '?' . http_build_query($query);
$header = [];
foreach ($headers as $key => $value) {
$header[] = $key . ': ' . $value;
}
return $this->curl($method, $url, $body, $header);
}
private function generateSign($method, $path, $query, $headers, $body, $time)
{
$algorithm = $this->service == 'tos' ? "TOS4-HMAC-SHA256" : "HMAC-SHA256";
// step 1: build canonical request string
$httpRequestMethod = $method;
$canonicalUri = $path;
if (substr($canonicalUri, -1) != "/") $canonicalUri .= "/";
$canonicalQueryString = $this->getCanonicalQueryString($query);
[$canonicalHeaders, $signedHeaders] = $this->getCanonicalHeaders($headers);
$hashedRequestPayload = hash("sha256", $body);
$canonicalRequest = $httpRequestMethod . "\n"
. $canonicalUri . "\n"
. $canonicalQueryString . "\n"
. $canonicalHeaders . "\n"
. $signedHeaders . "\n"
. $hashedRequestPayload;
// step 2: build string to sign
$date = gmdate("Ymd\THis\Z", $time);
$shortDate = substr($date, 0, 8);
$credentialScope = $shortDate . '/' . $this->region . '/' . $this->service . '/request';
$hashedCanonicalRequest = hash("sha256", $canonicalRequest);
$stringToSign = $algorithm . "\n"
. $date . "\n"
. $credentialScope . "\n"
. $hashedCanonicalRequest;
// step 3: sign string
$kDate = hash_hmac("sha256", $shortDate, $this->SecretAccessKey, true);
$kRegion = hash_hmac("sha256", $this->region, $kDate, true);
$kService = hash_hmac("sha256", $this->service, $kRegion, true);
$kSigning = hash_hmac("sha256", "request", $kService, true);
$signature = hash_hmac("sha256", $stringToSign, $kSigning);
// step 4: build authorization
$credential = $this->AccessKeyId . '/' . $credentialScope;
$authorization = $algorithm . ' Credential=' . $credential . ", SignedHeaders=" . $signedHeaders . ", Signature=" . $signature;
return $authorization;
}
private function escape($str)
{
$search = ['+', '*', '%7E'];
$replace = ['%20', '%2A', '~'];
return str_replace($search, $replace, urlencode($str));
}
private function getCanonicalQueryString($parameters)
{
if (empty($parameters)) return '';
ksort($parameters);
$canonicalQueryString = '';
foreach ($parameters as $key => $value) {
$canonicalQueryString .= '&' . $this->escape($key) . '=' . $this->escape($value);
}
return substr($canonicalQueryString, 1);
}
private function getCanonicalHeaders($oldheaders)
{
$headers = array();
foreach ($oldheaders as $key => $value) {
$headers[strtolower($key)] = trim($value);
}
ksort($headers);
$canonicalHeaders = '';
$signedHeaders = '';
foreach ($headers as $key => $value) {
$canonicalHeaders .= $key . ':' . $value . "\n";
$signedHeaders .= $key . ';';
}
$signedHeaders = substr($signedHeaders, 0, -1);
return [$canonicalHeaders, $signedHeaders];
}
private function curl($method, $url, $body, $header)
{
$ch = curl_init($url);
if ($this->proxy) {
curl_set_proxy($ch);
}
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
if (!empty($body)) {
curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
}
$response = curl_exec($ch);
$errno = curl_errno($ch);
if ($errno) {
$errmsg = curl_error($ch);
curl_close($ch);
throw new Exception('Curl error: ' . $errmsg);
}
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
$arr = json_decode($response, true);
if ($httpCode == 200) {
if (isset($arr['ResponseMetadata']['Error']['MessageCN'])) {
throw new Exception($arr['ResponseMetadata']['Error']['MessageCN']);
} elseif (isset($arr['ResponseMetadata']['Error']['Message'])) {
throw new Exception($arr['ResponseMetadata']['Error']['Message']);
} elseif (isset($arr['Result'])) {
return $arr['Result'];
}
return true;
} else {
if (isset($arr['ResponseMetadata']['Error']['MessageCN'])) {
throw new Exception($arr['ResponseMetadata']['Error']['MessageCN']);
} elseif (isset($arr['ResponseMetadata']['Error']['Message'])) {
throw new Exception($arr['ResponseMetadata']['Error']['Message']);
} elseif (isset($arr['Message'])) {
throw new Exception($arr['Message']);
} elseif (isset($arr['message'])) {
throw new Exception($arr['message']);
} else {
throw new Exception('返回数据解析失败(http_code=' . $httpCode . ')');
}
}
}
}

163
app/lib/deploy/acepanel.php Normal file
View File

@@ -0,0 +1,163 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class acepanel implements DeployInterface
{
private $logger;
private $url;
private $id;
private $token;
private $proxy;
public function __construct($config)
{
$this->url = rtrim($config['url'], '/');
$this->id = $config['id'];
$this->token = $config['token'];
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->url) || empty($this->id) || empty($this->token)) throw new Exception('请填写完整面板地址和访问令牌');
$response = $this->request('/user/info', null, 'GET');
$result = json_decode($response, true);
if (isset($result['msg']) && $result['msg'] == "success") {
return true;
} else {
throw new Exception($result['msg'] ?? '面板地址无法连接');
}
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
if ($config['type'] == '1') {
$this->deployPanel($fullchain, $privatekey);
$this->log("面板证书部署成功");
return;
}
$sites = explode("\n", $config['sites']);
$success = 0;
$errmsg = null;
foreach ($sites as $site) {
$site = trim($site);
if (empty($site)) continue;
try {
$this->deploySite($site, $fullchain, $privatekey);
$this->log("网站 {$site} 证书部署成功");
$success++;
} catch (Exception $e) {
$errmsg = $e->getMessage();
$this->log("网站 {$site} 证书部署失败:" . $errmsg);
}
}
if ($success == 0) {
throw new Exception($errmsg ?: '要部署的网站不存在');
}
}
private function deployPanel($fullchain, $privatekey)
{
$data = [
'cert' => $fullchain,
'key' => $privatekey,
];
$response = $this->request('/setting/cert', $data);
$result = json_decode($response, true);
if (isset($result['msg']) && $result['msg'] == "success") {
return true;
} elseif (isset($result['msg'])) {
throw new Exception($result['msg']);
} else {
throw new Exception($response ?: '返回数据解析失败');
}
}
private function deploySite($name, $fullchain, $privatekey)
{
$data = [
'name' => $name,
'cert' => $fullchain,
'key' => $privatekey,
];
$response = $this->request('/website/cert', $data);
$result = json_decode($response, true);
if (isset($result['msg']) && $result['msg'] == "success") {
return true;
} elseif (isset($result['msg'])) {
throw new Exception($result['msg']);
} else {
throw new Exception($response ?: '返回数据解析失败');
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
private function request($path, $params, $method = 'POST')
{
$url = $this->url . '/api' . $path;
$body = $method == 'GET' ? null : json_encode($params);
$sign = $this->signRequest($method, $url, $body, $this->id, $this->token);
$response = http_request($url, $body, null, null, [
'Content-Type' => 'application/json',
'X-Timestamp' => $sign['timestamp'],
'Authorization' => 'HMAC-SHA256 Credential=' . $sign['id'] . ', Signature=' . $sign['signature']
], $this->proxy, $method);
return $response['body'];
}
private function signRequest($method, $url, $body, $id, $token)
{
// 解析URL并获取路径
$parsedUrl = parse_url($url);
$path = $parsedUrl['path'];
$query = $parsedUrl['query'] ?? '';
// 规范化路径
$canonicalPath = $path;
if (!str_starts_with($path, '/api')) {
$apiPos = strpos($path, '/api');
if ($apiPos !== false) {
$canonicalPath = substr($path, $apiPos);
}
}
// 构造规范化请求
$canonicalRequest = implode("\n", [
$method,
$canonicalPath,
$query,
hash('sha256', $body ?: '')
]);
// 计算签名
$timestamp = time();
$stringToSign = implode("\n", [
'HMAC-SHA256',
$timestamp,
hash('sha256', $canonicalRequest)
]);
$signature = hash_hmac('sha256', $stringToSign, $token);
return [
'timestamp' => $timestamp,
'signature' => $signature,
'id' => $id
];
}
}

1582
app/lib/deploy/aliyun.php
View File

File diff suppressed because it is too large Load Diff

127
app/lib/deploy/allwaf.php
View File

@@ -1,127 +0,0 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class allwaf implements DeployInterface
{
private $logger;
private $url = 'https://api.allwaf.cn';
private $accessKeyId;
private $accessKey;
private $usertype = 'user';
private $proxy;
private $accessToken;
public function __construct($config)
{
$this->accessKeyId = $config['accessKeyId'];
$this->accessKey = $config['accessKey'];
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->url) || empty($this->accessKeyId) || empty($this->accessKey)) throw new Exception('必填参数不能为空');
$this->getAccessToken();
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$domains = $config['domainList'];
if (empty($domains)) throw new Exception('没有设置要部署的域名');
$this->getAccessToken();
$params = [
'domains' => $domains,
'offset' => 0,
'size' => 10,
];
try {
$data = $this->request('/SSLCertService/listSSLCerts', $params);
} catch (Exception $e) {
throw new Exception('获取证书列表失败:' . $e->getMessage());
}
$list = json_decode(base64_decode($data['sslCertsJSON']), true);
if (!$list || empty($list)) {
throw new Exception('证书列表为空');
}
$this->log('获取证书列表成功(total=' . count($list) . ')');
$certInfo = openssl_x509_parse($fullchain, true);
foreach ($list as $row) {
$params = [
'sslCertId' => $row['id'],
'isOn' => true,
'name' => $row['name'],
'description' => $row['description'],
'serverName' => $row['serverName'],
'isCA' => false,
'certData' => base64_encode($fullchain),
'keyData' => base64_encode($privatekey),
'timeBeginAt' => $certInfo['validFrom_time_t'],
'timeEndAt' => $certInfo['validTo_time_t'],
'dnsNames' => $domains,
'commonNames' => [$certInfo['issuer']['CN']],
];
$this->request('/SSLCertService/updateSSLCert', $params);
$this->log('证书ID:' . $row['id'] . '更新成功!');
}
}
private function getAccessToken()
{
$path = '/APIAccessTokenService/getAPIAccessToken';
$params = [
'type' => $this->usertype,
'accessKeyId' => $this->accessKeyId,
'accessKey' => $this->accessKey,
];
$result = $this->request($path, $params);
if (isset($result['token'])) {
$this->accessToken = $result['token'];
} else {
throw new Exception('登录成功获取AccessToken失败');
}
}
private function request($path, $params = null)
{
$url = $this->url . $path;
$headers = [];
$body = null;
if ($this->accessToken) {
$headers[] = 'X-Cloud-Access-Token: ' . $this->accessToken;
}
if ($params) {
$headers[] = 'Content-Type: application/json';
$body = json_encode($params);
}
$response = curl_client($url, $body, null, null, $headers, $this->proxy);
$result = json_decode($response['body'], true);
if (isset($result['code']) && $result['code'] == 200) {
return isset($result['data']) ? $result['data'] : null;
} elseif (isset($result['message'])) {
throw new Exception($result['message']);
} else {
if (!empty($response['body'])) $this->log('Response:' . $response['body']);
throw new Exception('返回数据解析失败');
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}

108
app/lib/deploy/amh.php Normal file
View File

@@ -0,0 +1,108 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class amh implements DeployInterface
{
private $logger;
private $url;
private $apikey;
private $proxy;
public function __construct($config)
{
$this->url = rtrim($config['url'], '/');
$this->apikey = $config['apikey'];
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->url) || empty($this->apikey)) throw new Exception('请填写面板地址和接口密钥');
$this->login();
return true;
}
private function login()
{
$path = '/?c=amapi&a=login';
$post_data = 'amapi_expires=' . time() + 120;
$post_data .= '&amapi_sign=' . hash_hmac('sha256', $post_data, $this->apikey);
$response = $this->request($path, $post_data);
if ($response['code'] == 302 && strpos($response['redirect_url'], 'amh_token=') !== false) {
if(preg_match('/amh_token=([A-Za-z0-9]+)/', $response['redirect_url'], $matches)) {
return $matches[1];
}else{
throw new Exception('面板返回数据异常');
}
} elseif ($response['code'] == 200 && preg_match('/<p id="error".*?>(.*?)<\/p>/s', $response['body'], $matches)) {
throw new Exception(strip_tags($matches[1]));
} else {
throw new Exception('面板地址无法连接');
}
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
if (empty($config['env_name'])) throw new Exception('环境名称不能为空');
if (empty($config['vhost_name'])) throw new Exception('网站标识域名不能为空');
$amh_token = $this->login();
foreach (explode("\n", $config['vhost_name']) as $vhost_name) {
$vhost_name = trim($vhost_name);
if (empty($vhost_name)) continue;
$path = '/?c=amssl&a=admin_amssl&envs_name=' . $config['env_name'] . '&vhost_name=' . $vhost_name . '&ModuleSort=app';
$params = [
'submit_key_crt' => 'y',
'key_input1' => 'key_input1',
'key_content1' => $privatekey,
'crt_input1' => 'crt_input1',
'crt_content1' => $fullchain,
'amh_token' => $amh_token,
];
$response = $this->request($path, $params);
if (strpos($response['body'], '<p id="success"') !== false) {
$this->log("网站 {$vhost_name} 证书部署成功");
} elseif (preg_match('/<p id="error".*?>(.*?)<\/p>/s', $response['body'], $matches)) {
$errmsg = strip_tags($matches[1]);
$this->log("网站 {$vhost_name} 证书部署失败:" . $errmsg);
throw new Exception($errmsg);
} elseif (preg_match('/<p id="error".*?>(.*?)<br \/>/s', $response['body'], $matches)) {
$errmsg = $matches[1];
if (strpos($errmsg, '<br />') !== false) {
$errmsg = explode('<br />', $errmsg)[0];
}
$errmsg = strip_tags($errmsg);
$this->log("网站 {$vhost_name} 证书部署失败:" . $errmsg);
throw new Exception($errmsg);
} else {
throw new Exception("网站 {$vhost_name} 证书部署失败:未知错误");
}
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
private function request($path, $post_data = null)
{
$url = $this->url . $path;
$cookie = 'PHPSESSID=' . hash_hmac('md5', 'php_sessid=' . $this->apikey, $this->apikey);
$response = http_request($url, $post_data, null, $cookie, null, $this->proxy);
return $response;
}
}

240
app/lib/deploy/aws.php
View File

@@ -1,90 +1,150 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use app\lib\client\AWS as AWSClient;
use Exception;
class aws implements DeployInterface
{
private $logger;
private $AccessKeyId;
private $SecretAccessKey;
public function __construct($config)
{
$this->AccessKeyId = $config['AccessKeyId'];
$this->SecretAccessKey = $config['SecretAccessKey'];
}
public function check()
{
if (empty($this->AccessKeyId) || empty($this->SecretAccessKey)) throw new Exception('必填参数不能为空');
$client = new AWSClient($this->AccessKeyId, $this->SecretAccessKey, 'iam.amazonaws.com', 'iam', '2010-05-08', 'us-east-1');
$client->requestXml('GET', 'GetUser');
return true;
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
if (empty($config['distribution_id'])) throw new Exception('分配ID不能为空');
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
$config['cert_name'] = str_replace('*.', '', $certInfo['subject']['CN']) . '-' . $certInfo['validFrom_time_t'];
if (isset($info['cert_id']) && isset($info['cert_name']) && $info['cert_name'] == $config['cert_name']) {
$cert_id = $info['cert_id'];
$this->log('证书已上传:' . $cert_id);
} else {
$cert_id = $this->get_cert_id($fullchain, $privatekey);
$this->log('证书上传成功:' . $cert_id);
$info['cert_id'] = $cert_id;
$info['cert_name'] = $config['cert_name'];
usleep(500000);
}
$client = new \app\lib\client\AWS($this->AccessKeyId, $this->SecretAccessKey, 'cloudfront.amazonaws.com', 'cloudfront', '2020-05-31', 'us-east-1');
try {
$data = $client->requestXmlN('GET', '/distribution/' . $config['distribution_id'] . '/config', [], null, true);
} catch (Exception $e) {
throw new Exception('获取分配信息失败:' . $e->getMessage());
}
$data['ViewerCertificate']['ACMCertificateArn'] = $cert_id;
$data['ViewerCertificate']['CloudFrontDefaultCertificate'] = false;
$xml = new \SimpleXMLElement('<?xml version="1.0" encoding="utf-8"?><DistributionConfig></DistributionConfig>');
$client->requestXmlN('PUT', '/distribution/' . $config['distribution_id'] . '/config', $data, $xml);
$this->log('分配ID: ' . $config['distribution_id'] . ' 证书部署成功!');
}
private function get_cert_id($fullchain, $privatekey)
{
$cert = explode('-----END CERTIFICATE-----', $fullchain)[0] . '-----END CERTIFICATE-----';
$param = [
'Certificate' => base64_encode($cert),
'PrivateKey' => base64_encode($privatekey),
];
$client = new \app\lib\client\AWS($this->AccessKeyId, $this->SecretAccessKey, 'acm.us-east-1.amazonaws.com', 'acm', '', 'us-east-1');
try {
$data = $client->request('POST', 'CertificateManager.ImportCertificate', $param);
$cert_id = $data['CertificateArn'];
} catch (Exception $e) {
throw new Exception('上传证书失败:' . $e->getMessage());
}
return $cert_id;
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use app\lib\client\AWS as AWSClient;
use Exception;
class aws implements DeployInterface
{
private $logger;
private $AccessKeyId;
private $SecretAccessKey;
private $proxy;
public function __construct($config)
{
$this->AccessKeyId = $config['AccessKeyId'];
$this->SecretAccessKey = $config['SecretAccessKey'];
$this->proxy = isset($config['proxy']) ? $config['proxy'] == 1 : false;
}
public function check()
{
if (empty($this->AccessKeyId) || empty($this->SecretAccessKey)) throw new Exception('必填参数不能为空');
$client = new AWSClient($this->AccessKeyId, $this->SecretAccessKey, 'iam.amazonaws.com', 'iam', '2010-05-08', 'us-east-1', $this->proxy);
$client->requestXml('GET', 'GetUser');
return true;
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
if ($config['product'] == 'acm') {
if (empty($config['acm_arn'])) throw new Exception('ACM ARN不能为空');
$this->get_cert_id($fullchain, $privatekey, $config['acm_arn'], true);
} else {
$this->deploy_cloudfront($fullchain, $privatekey, $config, $info);
}
}
private function deploy_cloudfront($fullchain, $privatekey, $config, &$info)
{
if (empty($config['distribution_id'])) throw new Exception('分配ID不能为空');
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
$cert_id = isset($info['cert_id']) ? $info['cert_id'] : null;
$cert_id = $this->get_cert_id($fullchain, $privatekey, $cert_id);
usleep(500000);
$client = new AWSClient($this->AccessKeyId, $this->SecretAccessKey, 'cloudfront.amazonaws.com', 'cloudfront', '2020-05-31', 'us-east-1', $this->proxy);
try {
$data = $client->requestXmlN('GET', '/distribution/' . $config['distribution_id'] . '/config', [], null, true);
} catch (Exception $e) {
throw new Exception('获取分配信息失败:' . $e->getMessage());
}
$data['ViewerCertificate']['ACMCertificateArn'] = $cert_id;
$data['ViewerCertificate']['CloudFrontDefaultCertificate'] = 'false';
unset($data['ViewerCertificate']['Certificate']);
unset($data['ViewerCertificate']['CertificateSource']);
$xml = new \SimpleXMLElement('<DistributionConfig xmlns="http://cloudfront.amazonaws.com/doc/2020-05-31/"></DistributionConfig>');
$client->requestXmlN('PUT', '/distribution/' . $config['distribution_id'] . '/config', $data, $xml);
$this->log('分配ID: ' . $config['distribution_id'] . ' 证书部署成功!');
}
private function get_cert_id($fullchain, $privatekey, $cert_id = null, $acm = false)
{
if ($acm === true && $cert_id == null) {
throw new Exception('ACM ARN不能为空');
}
$certificates = explode('-----END CERTIFICATE-----', $fullchain);
$cert = $certificates[0] . '-----END CERTIFICATE-----';
$client = new AWSClient($this->AccessKeyId, $this->SecretAccessKey, 'acm.us-east-1.amazonaws.com', 'acm', '', 'us-east-1', $this->proxy);
if (!empty($cert_id)) {
try {
$data = $client->request('POST', 'CertificateManager.GetCertificate', [
'CertificateArn' => $cert_id
]);
// 如果成功获取证书信息说明证书存在直接返回cert_id
if (isset($data['Certificate']) && trim($data['Certificate']) == trim($cert)) {
$this->log('证书已是最新ACM ARN' . $cert_id);
return $cert_id;
} else {
$this->log('证书已过期或被删除,准备更新或者重新上传');
}
} catch (Exception $e) {
if ($acm === true) {
throw new Exception('获取证书信息失败请检查ACM ARN是否正确' . $e->getMessage());
}
$this->log('证书已被删除:' . $cert_id. ',准备重新上传');
}
}
$certificateChain = '';
if (count($certificates) > 1) {
// 从第二个证书开始,重新拼接中间证书链
for ($i = 1; $i < count($certificates); $i++) {
if (trim($certificates[$i]) !== '') { // 忽略空字符串(可能由末尾分割产生)
$certificateChain .= $certificates[$i] . '-----END CERTIFICATE-----';
}
}
}
$param = [
'Certificate' => base64_encode($cert),
'PrivateKey' => base64_encode($privatekey),
];
// 如果有中间证书链,则添加到参数中
if (!empty($certificateChain)) {
$param['CertificateChain'] = base64_encode($certificateChain);
}
// 如果是ACM则添加ARN参数用于更新证书
if ($acm === true) {
$param['CertificateArn'] = $cert_id;
}
$client = new AWSClient($this->AccessKeyId, $this->SecretAccessKey, 'acm.us-east-1.amazonaws.com', 'acm', '', 'us-east-1', $this->proxy);
try {
$data = $client->request('POST', 'CertificateManager.ImportCertificate', $param);
$cert_id = $data['CertificateArn'];
} catch (Exception $e) {
throw new Exception('上传证书失败:' . $e->getMessage());
}
$this->log('证书上传成功:' . $cert_id);
$info['cert_id'] = $cert_id;
return $cert_id;
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}

232
app/lib/deploy/baidu.php
View File

@@ -1,71 +1,161 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use app\lib\client\BaiduCloud;
use Exception;
class baidu implements DeployInterface
{
private $logger;
private $AccessKeyId;
private $SecretAccessKey;
public function __construct($config)
{
$this->AccessKeyId = $config['AccessKeyId'];
$this->SecretAccessKey = $config['SecretAccessKey'];
}
public function check()
{
if (empty($this->AccessKeyId) || empty($this->SecretAccessKey)) throw new Exception('必填参数不能为空');
$client = new BaiduCloud($this->AccessKeyId, $this->SecretAccessKey, 'cdn.baidubce.com');
$client->request('GET', '/v2/domain');
return true;
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
if (empty($config['domain'])) throw new Exception('绑定的域名不能为空');
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
$config['cert_name'] = str_replace('*.', '', $certInfo['subject']['CN']) . '-' . $certInfo['validFrom_time_t'];
$client = new BaiduCloud($this->AccessKeyId, $this->SecretAccessKey, 'cdn.baidubce.com');
try {
$data = $client->request('GET', '/v2/' . $config['domain'] . '/certificates');
if (isset($data['certName']) && $data['certName'] == $config['cert_name']) {
$this->log('CDN域名 ' . $config['domain'] . ' 证书已存在,无需重复部署');
return;
}
} catch (Exception $e) {
$this->log($e->getMessage());
}
$param = [
'httpsEnable' => 'ON',
'certificate' => [
'certName' => $config['cert_name'],
'certServerData' => $fullchain,
'certPrivateData' => $privatekey,
],
];
$data = $client->request('PUT', '/v2/' . $config['domain'] . '/certificates', null, $param);
$info['cert_id'] = $data['certId'];
$this->log('CDN域名 ' . $config['domain'] . ' 证书部署成功!');
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use app\lib\client\BaiduCloud;
use Exception;
class baidu implements DeployInterface
{
private $logger;
private $AccessKeyId;
private $SecretAccessKey;
private $proxy;
public function __construct($config)
{
$this->AccessKeyId = $config['AccessKeyId'];
$this->SecretAccessKey = $config['SecretAccessKey'];
$this->proxy = isset($config['proxy']) ? $config['proxy'] == 1 : false;
}
public function check()
{
if (empty($this->AccessKeyId) || empty($this->SecretAccessKey)) throw new Exception('必填参数不能为空');
$client = new BaiduCloud($this->AccessKeyId, $this->SecretAccessKey, 'cdn.baidubce.com', $this->proxy);
$client->request('GET', '/v2/domain');
return true;
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
if (!isset($config['product']) || $config['product'] == 'cdn') {
$this->deploy_cdn($fullchain, $privatekey, $config, $info);
} else {
$cert_id = $this->get_cert_id($fullchain, $privatekey);
$info['cert_id'] = $cert_id;
if ($config['product'] == 'blb') {
$this->deploy_blb($cert_id, $config);
} elseif ($config['product'] == 'appblb') {
$this->deploy_appblb($cert_id, $config);
} elseif ($config['product'] == 'upload') {
} else {
throw new Exception('不支持的产品类型');
}
}
}
public function deploy_cdn($fullchain, $privatekey, $config, &$info)
{
if (empty($config['domain'])) throw new Exception('绑定的域名不能为空');
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
$config['cert_name'] = str_replace('*.', '', $certInfo['subject']['CN']) . '-' . $certInfo['validFrom_time_t'];
$client = new BaiduCloud($this->AccessKeyId, $this->SecretAccessKey, 'cdn.baidubce.com', $this->proxy);
$param = [
'httpsEnable' => 'ON',
'certificate' => [
'certName' => $config['cert_name'],
'certServerData' => $fullchain,
'certPrivateData' => $privatekey,
],
];
foreach (explode(',', $config['domain']) as $domain) {
if (empty($domain)) continue;
try {
$data = $client->request('GET', '/v2/' . $domain . '/certificates');
if (isset($data['certName']) && $data['certName'] == $config['cert_name']) {
$this->log('CDN域名 ' . $domain . ' 证书已存在,无需重复部署');
return;
}
} catch (Exception $e) {
$this->log($e->getMessage());
}
$data = $client->request('PUT', '/v2/' . $domain . '/certificates', null, $param);
$info['cert_id'] = $data['certId'];
$this->log('CDN域名 ' . $domain . ' 证书部署成功!');
}
}
public function deploy_blb($cert_id, $config)
{
if (empty($config['blb_id'])) throw new Exception('负载均衡实例ID不能为空');
if (empty($config['blb_port'])) throw new Exception('HTTPS监听端口不能为空');
$client = new BaiduCloud($this->AccessKeyId, $this->SecretAccessKey, 'blb.' . $config['region'] . '.baidubce.com', $this->proxy);
$query = [
'listenerPort' => $config['blb_port'],
];
$param = [
'certIds' => [$cert_id],
];
$client->request('PUT', '/v1/blb/' . $config['blb_id'] . '/HTTPSlistener', $query, $param);
$this->log('普通型BLB ' . $config['blb_id'] . ' 部署证书成功!');
}
public function deploy_appblb($cert_id, $config)
{
if (empty($config['blb_id'])) throw new Exception('负载均衡实例ID不能为空');
if (empty($config['blb_port'])) throw new Exception('HTTPS监听端口不能为空');
$client = new BaiduCloud($this->AccessKeyId, $this->SecretAccessKey, 'blb.' . $config['region'] . '.baidubce.com', $this->proxy);
$query = [
'listenerPort' => $config['blb_port'],
];
$param = [
'certIds' => [$cert_id],
];
$client->request('PUT', '/v1/appblb/' . $config['blb_id'] . '/HTTPSlistener', $query, $param);
$this->log('应用型BLB ' . $config['blb_id'] . ' 部署证书成功!');
}
private function get_cert_id($fullchain, $privatekey)
{
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
$cert_name = str_replace('*.', '', $certInfo['subject']['CN']) . '-' . $certInfo['validFrom_time_t'];
$client = new BaiduCloud($this->AccessKeyId, $this->SecretAccessKey, 'certificate.baidubce.com', $this->proxy);
$query = [
'certName' => $cert_name,
];
try {
$data = $client->request('GET', '/v1/certificate', $query);
} catch (Exception $e) {
throw new Exception('查找证书失败:' . $e->getMessage());
}
foreach ($data['certs'] as $row) {
if ($row['certName'] == $cert_name) {
$this->log('证书已存在 CertId=' . $row['certId']);
return $row['certId'];
}
}
$param = [
'certName' => $cert_name,
'certServerData' => $fullchain,
'certPrivateData' => $privatekey,
];
try {
$data = $client->request('POST', '/v1/certificate', null, $param);
} catch (Exception $e) {
throw new Exception('上传证书失败:' . $e->getMessage());
}
$cert_id = $data['certId'];
$this->log('上传证书成功 CertId=' . $cert_id);
return $cert_id;
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}

170
app/lib/deploy/baishan.php
View File

@@ -1,85 +1,85 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class baishan implements DeployInterface
{
private $logger;
private $url = 'https://cdn.api.baishan.com';
private $token;
private $proxy;
public function __construct($config)
{
$this->token = $config['token'];
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->token)) throw new Exception('token不能为空');
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
if (empty($config['id'])) throw new Exception('证书ID不能为空');
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
$cert_name = str_replace('*.', '', $certInfo['subject']['CN']) . '-' . $certInfo['validFrom_time_t'];
$params = [
'cert_id' => $config['id'],
'name' => $cert_name,
'certificate' => $fullchain,
'key' => $privatekey,
];
try {
$this->request('/v2/domain/certificate?token=' . $this->token, $params);
} catch (Exception $e) {
if (strpos($e->getMessage(), 'this certificate is exists') !== false) {
$this->log('证书ID:' . $config['id'] . '已存在,无需更新');
return;
}
throw new Exception($e->getMessage());
}
$this->log('证书ID:' . $config['id'] . '更新成功!');
}
private function request($path, $params = null)
{
$url = $this->url . $path;
$headers = [];
$body = null;
if ($params) {
$headers[] = 'Content-Type: application/json';
$body = json_encode($params);
}
$response = curl_client($url, $body, null, null, $headers, $this->proxy);
$result = json_decode($response['body'], true);
if (isset($result['code']) && $result['code'] == 0) {
return $result;
} elseif (isset($result['message'])) {
throw new Exception($result['message']);
} else {
if (!empty($response['body'])) $this->log('Response:' . $response['body']);
throw new Exception('请求失败(httpCode=' . $response['code'] . ')');
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class baishan implements DeployInterface
{
private $logger;
private $url = 'https://cdn.api.baishan.com';
private $token;
private $proxy;
public function __construct($config)
{
$this->token = $config['token'];
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->token)) throw new Exception('token不能为空');
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
if (empty($config['id'])) throw new Exception('证书ID不能为空');
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
$cert_name = str_replace('*.', '', $certInfo['subject']['CN']) . '-' . $certInfo['validFrom_time_t'];
$params = [
'cert_id' => $config['id'],
'name' => $cert_name,
'certificate' => $fullchain,
'key' => $privatekey,
];
try {
$this->request('/v2/domain/certificate?token=' . $this->token, $params);
} catch (Exception $e) {
if (strpos($e->getMessage(), 'this certificate is exists') !== false) {
$this->log('证书ID:' . $config['id'] . '已存在,无需更新');
return;
}
throw new Exception($e->getMessage());
}
$this->log('证书ID:' . $config['id'] . '更新成功!');
}
private function request($path, $params = null)
{
$url = $this->url . $path;
$headers = [];
$body = null;
if ($params) {
$headers['Content-Type'] = 'application/json';
$body = json_encode($params);
}
$response = http_request($url, $body, null, null, $headers, $this->proxy);
$result = json_decode($response['body'], true);
if (isset($result['code']) && $result['code'] == 0) {
return $result;
} elseif (isset($result['message'])) {
throw new Exception($result['message']);
} else {
if (!empty($response['body'])) $this->log('Response:' . $response['body']);
throw new Exception('请求失败(httpCode=' . $response['code'] . ')');
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}

351
app/lib/deploy/btpanel.php
View File

@@ -1,126 +1,225 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class btpanel implements DeployInterface
{
private $logger;
private $url;
private $key;
private $proxy;
public function __construct($config)
{
$this->url = rtrim($config['url'], '/');
$this->key = $config['key'];
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->url) || empty($this->key)) throw new Exception('请填写面板地址和接口密钥');
$path = '/config?action=get_config';
$response = $this->request($path, []);
$result = json_decode($response, true);
if (isset($result['status']) && $result['status'] == 1) {
return true;
} else {
throw new Exception(isset($result['msg']) ? $result['msg'] : '面板地址无法连接');
}
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
if ($config['type'] == '1') {
$this->deployPanel($fullchain, $privatekey);
$this->log("面板证书部署成功");
return;
}
$sites = explode("\n", $config['sites']);
$success = 0;
$errmsg = null;
foreach ($sites as $site) {
$siteName = trim($site);
if (empty($siteName)) continue;
try {
$this->deploySite($siteName, $fullchain, $privatekey);
$this->log("网站 {$siteName} 证书部署成功");
$success++;
} catch (Exception $e) {
$errmsg = $e->getMessage();
$this->log("网站 {$siteName} 证书部署失败:" . $errmsg);
}
}
if ($success == 0) {
throw new Exception($errmsg ? $errmsg : '要部署的网站不存在');
}
}
private function deployPanel($fullchain, $privatekey)
{
$path = '/config?action=SavePanelSSL';
$data = [
'privateKey' => $privatekey,
'certPem' => $fullchain,
];
$response = $this->request($path, $data);
$result = json_decode($response, true);
if (isset($result['status']) && $result['status']) {
return true;
} elseif (isset($result['msg'])) {
throw new Exception($result['msg']);
} else {
throw new Exception($response ? $response : '返回数据解析失败');
}
}
private function deploySite($siteName, $fullchain, $privatekey)
{
$path = '/site?action=SetSSL';
$data = [
'type' => '0',
'siteName' => $siteName,
'key' => $privatekey,
'csr' => $fullchain,
];
$response = $this->request($path, $data);
$result = json_decode($response, true);
if (isset($result['status']) && $result['status']) {
return true;
} elseif (isset($result['msg'])) {
throw new Exception($result['msg']);
} else {
throw new Exception($response ? $response : '返回数据解析失败');
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
private function request($path, $params)
{
$url = $this->url . $path;
$now_time = time();
$post_data = [
'request_token' => md5($now_time . md5($this->key)),
'request_time' => $now_time
];
$post_data = array_merge($post_data, $params);
$response = curl_client($url, $post_data, null, null, null, $this->proxy);
return $response['body'];
}
}
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use app\lib\CertHelper;
use Exception;
class btpanel implements DeployInterface
{
private $logger;
private $url;
private $key;
private $proxy;
public function __construct($config)
{
$this->url = rtrim($config['url'], '/');
$this->key = $config['key'];
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->url) || empty($this->key)) throw new Exception('请填写面板地址和接口密钥');
$path = '/config?action=get_config';
$response = $this->request($path, []);
$result = json_decode($response, true);
if (isset($result['status']) && ($result['status'] == 1 || isset($result['sites_path']))) {
return true;
} else {
throw new Exception(isset($result['msg']) ? $result['msg'] : '面板地址无法连接');
}
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
if ($config['type'] == '1') {
$this->deployPanel($fullchain, $privatekey);
$this->log("面板证书部署成功");
return;
}
$sites = explode("\n", $config['sites']);
$success = 0;
$errmsg = null;
foreach ($sites as $site) {
$siteName = trim($site);
if (empty($siteName)) continue;
if ($config['type'] == '4') {
try {
$this->deployProxy($siteName, $fullchain, $privatekey);
$this->log("反向代理站点 {$siteName} 证书部署成功");
$success++;
} catch (Exception $e) {
$errmsg = $e->getMessage();
$this->log("反向代理站点 {$siteName} 证书部署失败:" . $errmsg);
}
} elseif ($config['type'] == '3') {
try {
$this->deployDocker($siteName, $fullchain, $privatekey);
$this->log("Docker域名 {$siteName} 证书部署成功");
$success++;
} catch (Exception $e) {
$errmsg = $e->getMessage();
$this->log("Docker域名 {$siteName} 证书部署失败:" . $errmsg);
}
} elseif ($config['type'] == '2') {
try {
$this->deployMailSys($siteName, $fullchain, $privatekey);
$this->log("邮局域名 {$siteName} 证书部署成功");
$success++;
} catch (Exception $e) {
$errmsg = $e->getMessage();
$this->log("邮局域名 {$siteName} 证书部署失败:" . $errmsg);
}
} else {
try {
$this->deploySite($siteName, $fullchain, $privatekey);
$this->log("网站 {$siteName} 证书部署成功");
$success++;
} catch (Exception $e) {
$errmsg = $e->getMessage();
$this->log("网站 {$siteName} 证书部署失败:" . $errmsg);
}
}
}
if ($success == 0) {
throw new Exception($errmsg ? $errmsg : '要部署的网站不存在');
}
}
private function deployPanel($fullchain, $privatekey)
{
$path = '/config?action=SavePanelSSL';
$data = [
'privateKey' => $privatekey,
'certPem' => $fullchain,
];
$response = $this->request($path, $data);
$result = json_decode($response, true);
if (isset($result['status']) && $result['status']) {
return true;
} elseif (isset($result['msg'])) {
throw new Exception($result['msg']);
} else {
throw new Exception($response ? $response : '返回数据解析失败');
}
}
private function deploySite($siteName, $fullchain, $privatekey)
{
$path = '/site?action=SetSSL';
$data = [
'type' => '0',
'siteName' => $siteName,
'key' => $privatekey,
'csr' => $fullchain,
];
$response = $this->request($path, $data);
$result = json_decode($response, true);
if (isset($result['status']) && $result['status']) {
return true;
} elseif (isset($result['msg'])) {
throw new Exception($result['msg']);
} else {
throw new Exception($response ? $response : '返回数据解析失败');
}
}
private function deployMailSys($domain, $fullchain, $privatekey)
{
$path = '/plugin?action=a&name=mail_sys&s=set_mail_certificate_multiple';
$data = [
'domain' => $domain,
'key' => $privatekey,
'csr' => $fullchain,
'act' => 'add',
];
$response = $this->request($path, $data);
$result = json_decode($response, true);
if (isset($result['status']) && $result['status']) {
return true;
} elseif (isset($result['msg'])) {
throw new Exception($result['msg']);
} else {
throw new Exception($response ? $response : '返回数据解析失败');
}
}
private function deployDocker($domain, $fullchain, $privatekey)
{
$path = '/mod/docker/com/set_ssl';
$data = [
'site_name' => $domain,
'key' => $privatekey,
'csr' => $fullchain,
];
$response = $this->request($path, $data);
$result = json_decode($response, true);
if (isset($result['status']) && $result['status']) {
return true;
} elseif (isset($result['msg'])) {
throw new Exception($result['msg']);
} else {
throw new Exception($response ? $response : '返回数据解析失败');
}
}
private function deployProxy($domain, $fullchain, $privatekey)
{
$path = '/mod/proxy/com/set_ssl';
$data = [
'site_name' => $domain,
'key' => $privatekey,
'csr' => $fullchain,
];
$response = $this->request($path, $data);
$result = json_decode($response, true);
if (isset($result['status']) && $result['status']) {
return true;
} elseif (isset($result['msg'])) {
throw new Exception($result['msg']);
} else {
throw new Exception($response ? $response : '返回数据解析失败');
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
private function request($path, $params, $file = false)
{
$url = $this->url . $path;
$now_time = time();
$headers = [];
if ($file) {
$post_data = [
['name' => 'request_token', 'contents' => md5($now_time . md5($this->key))],
['name' => 'request_time', 'contents' => $now_time],
];
$post_data = array_merge($post_data, $params);
$headers['Content-Type'] = 'multipart/form-data';
} else {
$post_data = [
'request_token' => md5($now_time . md5($this->key)),
'request_time' => $now_time
];
$post_data = array_merge($post_data, $params);
}
$response = http_request($url, $post_data, null, null, $headers, $this->proxy);
return $response['body'];
}
}

158
app/lib/deploy/btwaf.php Normal file
View File

@@ -0,0 +1,158 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class btwaf implements DeployInterface
{
private $logger;
private $url;
private $key;
private $proxy;
public function __construct($config)
{
$this->url = rtrim($config['url'], '/');
$this->key = $config['key'];
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->url) || empty($this->key)) throw new Exception('请填写面板地址和接口密钥');
$path = '/api/user/latest_version';
$response = $this->request($path, []);
$result = json_decode($response, true);
if (isset($result['code']) && $result['code'] == 0) {
return true;
} else {
throw new Exception(isset($result['res']) ? $result['res'] : '面板地址无法连接');
}
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
if ($config['type'] == '1') {
$this->deployPanel($fullchain, $privatekey);
$this->log("面板证书部署成功");
return;
}
$sites = explode("\n", $config['sites']);
$success = 0;
$errmsg = null;
foreach ($sites as $site) {
$siteName = trim($site);
if (empty($siteName)) continue;
try {
$this->deploySite($siteName, $fullchain, $privatekey);
$this->log("网站 {$siteName} 证书部署成功");
$success++;
} catch (Exception $e) {
$errmsg = $e->getMessage();
$this->log("网站 {$siteName} 证书部署失败:" . $errmsg);
}
}
if ($success == 0) {
throw new Exception($errmsg ? $errmsg : '要部署的网站不存在');
}
}
private function deploySite($siteName, $fullchain, $privatekey)
{
$site_id = null;
$listen_ssl_port = ['443'];
$path = '/api/wafmastersite/get_site_list';
$data = ['p' => 1, 'p_size' => 10, 'site_name' => $siteName];
$response = $this->request($path, $data);
$result = json_decode($response, true);
if (isset($result['code']) && $result['code'] == 0) {
foreach ($result['res']['list'] as $site) {
if ($site['site_name'] == $siteName) {
$site_id = $site['site_id'];
if (isset($site['server']['listen_ssl_port']) && !empty($site['server']['listen_ssl_port'])) {
$listen_ssl_port = $site['server']['listen_ssl_port'];
}
break;
}
}
if (!$site_id) {
throw new Exception("网站名称不存在");
}
} elseif (isset($result['res'])) {
throw new Exception($result['res']);
} else {
throw new Exception($response ? $response : '返回数据解析失败');
}
$path = '/api/wafmastersite/modify_site';
$data = [
'types' => 'openCert',
'site_id' => $site_id,
'server' => [
'listen_ssl_port' => $listen_ssl_port,
'ssl' => [
'is_ssl' => 1,
'private_key' => $privatekey,
'full_chain' => $fullchain,
],
]
];
$response = $this->request($path, $data);
$result = json_decode($response, true);
if (isset($result['code']) && $result['code'] == 0) {
return true;
} elseif (isset($result['res'])) {
throw new Exception($result['res']);
} else {
throw new Exception($response ? $response : '返回数据解析失败');
}
}
private function deployPanel($fullchain, $privatekey)
{
$path = '/api/config/set_cert';
$data = [
'certContent' => $fullchain,
'keyContent' => $privatekey,
];
$response = $this->request($path, $data);
$result = json_decode($response, true);
if (isset($result['code']) && $result['code'] == 0) {
return true;
} elseif (isset($result['res'])) {
throw new Exception($result['res']);
} else {
throw new Exception($response ? $response : '返回数据解析失败');
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
private function request($path, $params)
{
$url = $this->url . $path;
$now_time = time();
$headers = [
'waf_request_time' => $now_time,
'waf_request_token' => md5($now_time . md5($this->key)),
'Content-Type' => 'application/json',
];
$post = $params ? json_encode($params) : null;
$response = http_request($url, $post, null, null, $headers, $this->proxy, 'POST');
return $response['body'];
}
}

229
app/lib/deploy/btwin.php Normal file
View File

@@ -0,0 +1,229 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use app\lib\CertHelper;
use Exception;
class btwin implements DeployInterface
{
private $logger;
private $url;
private $key;
private $proxy;
public function __construct($config)
{
$this->url = rtrim($config['url'], '/');
$this->key = $config['key'];
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->url) || empty($this->key)) throw new Exception('请填写面板地址和接口密钥');
$path = '/config/get_config';
$response = $this->request($path, []);
$result = json_decode($response, true);
if (isset($result['panel']['status']) && $result['panel']['status']) {
return true;
} else {
throw new Exception(isset($result['msg']) ? $result['msg'] : '面板地址无法连接');
}
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
if ($config['type'] == '1') {
$this->deployPanel($fullchain, $privatekey);
$this->log("面板证书部署成功");
return;
}
$isIIS = $config['type'] == '0' && isset($config['is_iis']) && $config['is_iis'] == '1';
if ($isIIS) {
$response = $this->request('/panel/get_config', []);
$result = json_decode($response, true);
if (isset($result['paths']['soft'])) {
if ($result['config']['webserver'] != 'iis') {
throw new Exception('当前安装的Web服务器不是IIS');
}
$panel_path = $result['paths']['soft'];
} else {
throw new Exception(isset($result['msg']) ? $result['msg'] : '面板地址无法连接');
}
$pfx_dir = $panel_path . '/temp/ssl/' . getMillisecond();
$pfx_path = $pfx_dir . '/cert.pfx';
$pfx_password = '123456';
$pfx = CertHelper::getPfx($fullchain, $privatekey, $pfx_password);
$data = [
['name' => 'path', 'contents' => $pfx_dir],
['name' => 'filename', 'contents' => 'cert.pfx'],
['name' => 'size', 'contents' => strlen($pfx)],
['name' => 'start', 'contents' => '0'],
['name' => 'blob', 'filename' => 'cert.pfx', 'contents' => $pfx],
['name' => 'force', 'contents' => 'true'],
];
$response = $this->request('/files/upload', $data, true);
$result = json_decode($response, true);
if (isset($result['status']) && $result['status']) {
} else {
throw new Exception(isset($result['msg']) ? $result['msg'] : '面板地址无法连接');
}
}
$sites = explode("\n", $config['sites']);
$success = 0;
$errmsg = null;
foreach ($sites as $site) {
$siteName = trim($site);
if (empty($siteName)) continue;
if ($isIIS) {
try {
$this->deployIISSite($siteName, $pfx_path, $pfx_password);
$this->log("域名 {$siteName} 证书部署成功");
$success++;
} catch (Exception $e) {
$errmsg = $e->getMessage();
$this->log("域名 {$siteName} 证书部署失败:" . $errmsg);
}
} else {
try {
$this->deploySite($siteName, $fullchain, $privatekey);
$this->log("网站 {$siteName} 证书部署成功");
$success++;
} catch (Exception $e) {
$errmsg = $e->getMessage();
$this->log("网站 {$siteName} 证书部署失败:" . $errmsg);
}
}
}
if ($success == 0) {
throw new Exception($errmsg ? $errmsg : '要部署的网站不存在');
}
}
private function deployPanel($fullchain, $privatekey)
{
$path = '/config/set_panel_ssl';
$data = [
'ssl_key' => $privatekey,
'ssl_pem' => $fullchain,
];
$response = $this->request($path, $data);
$result = json_decode($response, true);
if (isset($result['status']) && $result['status']) {
return true;
} elseif (isset($result['msg'])) {
throw new Exception($result['msg']);
} else {
throw new Exception($response ? $response : '返回数据解析失败');
}
}
private function deploySite($siteName, $fullchain, $privatekey)
{
$path = '/datalist/get_data_list';
$data = [
'table' => 'sites',
'search_type' => 'PHP',
'search' => $siteName,
'p' => 1,
'limit' => 10,
'type' => -1,
];
$response = $this->request($path, $data);
$result = json_decode($response, true);
if (isset($result['data'])) {
if (empty($result['data'])) throw new Exception("网站 {$siteName} 不存在");
$siteId = null;
foreach ($result['data'] as $item) {
if ($item['name'] == $siteName) {
$siteId = $item['id'];
break;
}
}
if (is_null($siteId)) throw new Exception("网站 {$siteName} 不存在");
$path = '/site/set_site_ssl';
$data = [
'siteid' => $siteId,
'status' => 'true',
'sslType' => '',
'cert' => $fullchain,
'key' => $privatekey,
];
$response = $this->request($path, $data);
$result = json_decode($response, true);
if (isset($result['status']) && $result['status']) {
return true;
} elseif (isset($result['msg'])) {
throw new Exception($result['msg']);
} else {
throw new Exception($response ? $response : '返回数据解析失败');
}
return true;
} elseif (isset($result['msg'])) {
throw new Exception($result['msg']);
} else {
throw new Exception($response ? $response : '返回数据解析失败');
}
}
private function deployIISSite($domain, $pfx_path, $password = '123456')
{
$path = '/site/set_site_domain_ssl';
$data = [
'domain' => $domain,
'path' => $pfx_path,
'password' => $password,
];
$response = $this->request($path, $data);
$result = json_decode($response, true);
if (isset($result['status']) && $result['status']) {
return true;
} elseif (isset($result['msg'])) {
throw new Exception($result['msg']);
} else {
throw new Exception($response ? $response : '返回数据解析失败');
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
private function request($path, $params, $file = false)
{
$url = $this->url . $path;
$now_time = time();
$headers = [];
if ($file) {
$post_data = [
['name' => 'request_token', 'contents' => md5($now_time . md5($this->key))],
['name' => 'request_time', 'contents' => $now_time],
];
$post_data = array_merge($post_data, $params);
$headers['Content-Type'] = 'multipart/form-data';
} else {
$post_data = [
'request_token' => md5($now_time . md5($this->key)),
'request_time' => $now_time
];
$post_data = array_merge($post_data, $params);
}
$response = http_request($url, $post_data, null, null, $headers, $this->proxy);
return $response['body'];
}
}

134
app/lib/deploy/cachefly.php
View File

@@ -1,67 +1,67 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class cachefly implements DeployInterface
{
private $logger;
private $url = 'https://api.cachefly.com/api/2.5';
private $apikey;
private $proxy;
public function __construct($config)
{
$this->apikey = $config['apikey'];
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->apikey)) throw new Exception('API令牌不能为空');
$this->request('/accounts/me');
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$params = [
'certificate' => $fullchain,
'certificateKey' => $privatekey,
];
$this->request('/certificates', $params);
$this->log('证书上传成功!');
}
private function request($path, $params = null, $method = null)
{
$url = $this->url . $path;
$headers = ['x-cf-authorization: Bearer ' . $this->apikey];
$body = null;
if ($params) {
$headers[] = 'Content-Type: application/json';
$body = json_encode($params);
}
$response = curl_client($url, $body, null, null, $headers, $this->proxy, $method);
$result = json_decode($response['body'], true);
if ($response['code'] >= 200 && $response['code'] < 300) {
return $result;
} else {
if (!empty($response['body'])) $this->log('Response:' . $response['body']);
throw new Exception('请求失败(httpCode=' . $response['code'] . ')');
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class cachefly implements DeployInterface
{
private $logger;
private $url = 'https://api.cachefly.com/api/2.5';
private $apikey;
private $proxy;
public function __construct($config)
{
$this->apikey = $config['apikey'];
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->apikey)) throw new Exception('API令牌不能为空');
$this->request('/accounts/me');
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$params = [
'certificate' => $fullchain,
'certificateKey' => $privatekey,
];
$this->request('/certificates', $params);
$this->log('证书上传成功!');
}
private function request($path, $params = null, $method = null)
{
$url = $this->url . $path;
$headers = ['x-cf-authorization' => 'Bearer ' . $this->apikey];
$body = null;
if ($params) {
$headers['Content-Type'] = 'application/json';
$body = json_encode($params);
}
$response = http_request($url, $body, null, null, $headers, $this->proxy, $method);
$result = json_decode($response['body'], true);
if ($response['code'] >= 200 && $response['code'] < 300) {
return $result;
} else {
if (!empty($response['body'])) $this->log('Response:' . $response['body']);
throw new Exception('请求失败(httpCode=' . $response['code'] . ')');
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}

231
app/lib/deploy/cdnfly.php
View File

@@ -1,75 +1,156 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class cdnfly implements DeployInterface
{
private $logger;
private $url;
private $api_key;
private $api_secret;
private $proxy;
public function __construct($config)
{
$this->url = rtrim($config['url'], '/');
$this->api_key = $config['api_key'];
$this->api_secret = $config['api_secret'];
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->url) || empty($this->api_key) || empty($this->api_secret)) throw new Exception('必填参数不能为空');
$this->request('/v1/user');
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$id = $config['id'];
if (empty($id)) throw new Exception('证书ID不能为空');
$params = [
'type' => 'custom',
'cert' => $fullchain,
'key' => $privatekey,
];
$this->request('/v1/certs/' . $id, $params, 'PUT');
$this->log("证书ID:{$id}更新成功!");
}
private function request($path, $params = null, $method = null)
{
$url = $this->url . $path;
$headers = ['api-key: ' . $this->api_key, 'api-secret: ' . $this->api_secret];
$body = null;
if ($params) {
$headers[] = 'Content-Type: application/json';
$body = json_encode($params);
}
$response = curl_client($url, $body, null, null, $headers, $this->proxy, $method);
$result = json_decode($response['body'], true);
if (isset($result['code']) && $result['code'] == 0) {
return isset($result['data']) ? $result['data'] : null;
} elseif (isset($result['msg'])) {
throw new Exception($result['msg']);
} else {
throw new Exception('返回数据解析失败');
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class cdnfly implements DeployInterface
{
private $logger;
private $url;
private $api_key;
private $api_secret;
private $auth = 0;
private $username;
private $password;
private $proxy;
public function __construct($config)
{
$this->url = rtrim($config['url'], '/');
$this->api_key = $config['api_key'];
$this->api_secret = $config['api_secret'];
$this->auth = isset($config['auth']) ? $config['auth'] : 0;
if ($this->auth == 1) {
$this->username = $config['username'];
$this->password = $config['password'];
}
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if ($this->auth == 1) {
if (empty($this->url) || empty($this->username) || empty($this->password)) throw new Exception('必填参数不能为空');
$this->login();
} else {
if (empty($this->url) || empty($this->api_key) || empty($this->api_secret)) throw new Exception('必填参数不能为空');
$this->request('/v1/user');
}
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$id = $config['id'];
if (empty($id)) {
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
$cert_name = str_replace('*.', '', $certInfo['subject']['CN']) . '-' . $certInfo['validFrom_time_t'];
$params = [
'type' => 'custom',
'name' => $cert_name,
'cert' => $fullchain,
'key' => $privatekey,
];
if ($this->auth == 1) {
$access_token = $this->login();
$url = $this->url . '/v1/certs';
$body = json_encode($params);
$headers = [
'Access-Token' => $access_token,
];
$response = http_request($url, $body, null, null, $headers, $this->proxy, 'POST');
$result = json_decode($response['body'], true);
if (isset($result['code']) && $result['code'] == 0) {
$id = $result['data'];
} elseif (isset($result['msg'])) {
throw new Exception('证书添加失败,' . $result['msg']);
} else {
throw new Exception('证书添加失败,返回数据解析失败');
}
} else {
$id = $this->request('/v1/certs', $params, 'POST');
}
$this->log("证书ID:{$id}添加成功!");
$info['config']['id'] = $id;
return;
}
$params = [
'type' => 'custom',
'cert' => $fullchain,
'key' => $privatekey,
];
if ($this->auth == 1) {
$access_token = $this->login();
$url = $this->url . '/v1/certs/' . $id;
$body = json_encode($params);
$headers = [
'Access-Token' => $access_token,
];
$response = http_request($url, $body, null, null, $headers, $this->proxy, 'PUT');
$result = json_decode($response['body'], true);
if (isset($result['code']) && $result['code'] == 0) {
} elseif (isset($result['msg'])) {
throw new Exception('证书ID:' . $id . '更新失败,' . $result['msg']);
} else {
throw new Exception('证书ID:' . $id . '更新失败,返回数据解析失败');
}
} else {
$this->request('/v1/certs/' . $id, $params, 'PUT');
}
$this->log("证书ID:{$id}更新成功!");
}
public function login()
{
$url = $this->url . '/v1/login';
$params = [
'account' => $this->username,
'password' => $this->password,
];
$body = json_encode($params);
$response = http_request($url, $body, null, null, null, $this->proxy);
$result = json_decode($response['body'], true);
if (isset($result['code']) && $result['code'] == 0) {
return $result['data']['access_token'];
} elseif (isset($result['msg'])) {
throw new Exception($result['msg']);
} else {
throw new Exception('登录失败,返回数据解析失败');
}
}
private function request($path, $params = null, $method = null)
{
$url = $this->url . $path;
$headers = ['api-key' => $this->api_key, 'api-secret' => $this->api_secret];
$body = null;
if ($params) {
$headers['Content-Type'] = 'application/json';
$body = json_encode($params);
}
$response = http_request($url, $body, null, null, $headers, $this->proxy, $method);
$result = json_decode($response['body'], true);
if (isset($result['code']) && $result['code'] == 0) {
return isset($result['data']) ? $result['data'] : null;
} elseif (isset($result['msg'])) {
throw new Exception($result['msg']);
} else {
throw new Exception('返回数据解析失败');
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}

236
app/lib/deploy/ctyun.php Normal file
View File

@@ -0,0 +1,236 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use app\lib\client\Ctyun as CtyunClient;
use Exception;
class ctyun implements DeployInterface
{
private $logger;
private $AccessKeyId;
private $SecretAccessKey;
private $proxy;
public function __construct($config)
{
$this->AccessKeyId = $config['AccessKeyId'];
$this->SecretAccessKey = $config['SecretAccessKey'];
$this->proxy = isset($config['proxy']) ? $config['proxy'] == 1 : false;
}
public function check()
{
if (empty($this->AccessKeyId) || empty($this->SecretAccessKey)) throw new Exception('必填参数不能为空');
$client = new CtyunClient($this->AccessKeyId, $this->SecretAccessKey, 'ctcdn-global.ctapi.ctyun.cn', $this->proxy);
$client->request('GET', '/v1/cert/query-cert-list');
return true;
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
$config['cert_name'] = str_replace('*.', '', $certInfo['subject']['CN']) . '-' . $certInfo['validFrom_time_t'];
if ($config['product'] == 'cdn') {
$this->deploy_cdn($fullchain, $privatekey, $config);
} elseif ($config['product'] == 'icdn') {
$this->deploy_icdn($fullchain, $privatekey, $config);
} elseif ($config['product'] == 'accessone') {
$this->deploy_accessone($fullchain, $privatekey, $config);
} elseif ($config['product'] == 'cf') {
$this->deploy_cf($fullchain, $privatekey, $config);
}
}
private function deploy_cdn($fullchain, $privatekey, $config)
{
$client = new CtyunClient($this->AccessKeyId, $this->SecretAccessKey, 'ctcdn-global.ctapi.ctyun.cn', $this->proxy);
$param = [
'name' => $config['cert_name'],
'key' => $privatekey,
'certs' => $fullchain,
];
try {
$client->request('POST', '/v1/cert/creat-cert', null, $param);
} catch (Exception $e) {
if (strpos($e->getMessage(), '已存在重名的证书') !== false) {
$this->log('已存在重名的证书 cert_name=' . $config['cert_name']);
} else {
throw new Exception('上传证书失败:' . $e->getMessage());
}
}
$this->log('上传证书成功 cert_name=' . $config['cert_name']);
foreach (explode(',', $config['domain']) as $domain) {
if (empty($domain)) continue;
$param = [
'domain' => $domain,
'https_status' => 'on',
'cert_name' => $config['cert_name'],
];
try {
$client->request('POST', '/v1/domain/update-domain', null, $param);
} catch (Exception $e) {
if (strpos($e->getMessage(), '请求已提交,请勿重复操作!') === false) {
throw new Exception($e->getMessage());
}
}
$this->log('CDN域名 ' . $domain . ' 部署证书成功!');
}
}
private function deploy_icdn($fullchain, $privatekey, $config)
{
$client = new CtyunClient($this->AccessKeyId, $this->SecretAccessKey, 'icdn-global.ctapi.ctyun.cn', $this->proxy);
$param = [
'name' => $config['cert_name'],
'key' => $privatekey,
'certs' => $fullchain,
];
try {
$client->request('POST', '/v1/cert/creat-cert', null, $param);
} catch (Exception $e) {
if (strpos($e->getMessage(), '已存在重名的证书') !== false) {
$this->log('已存在重名的证书 cert_name=' . $config['cert_name']);
} else {
throw new Exception('上传证书失败:' . $e->getMessage());
}
}
$this->log('上传证书成功 cert_name=' . $config['cert_name']);
foreach (explode(',', $config['domain']) as $domain) {
if (empty($domain)) continue;
$param = [
'domain' => $domain,
'https_status' => 'on',
'cert_name' => $config['cert_name'],
];
try {
$client->request('POST', '/v1/domain/update-domain', null, $param);
} catch (Exception $e) {
if (strpos($e->getMessage(), '请求已提交,请勿重复操作!') === false) {
throw new Exception($e->getMessage());
}
}
$this->log('CDN域名 ' . $domain . ' 部署证书成功!');
}
}
private function deploy_accessone($fullchain, $privatekey, $config)
{
$client = new CtyunClient($this->AccessKeyId, $this->SecretAccessKey, 'accessone-global.ctapi.ctyun.cn', $this->proxy);
$param = [
'name' => $config['cert_name'],
'key' => $privatekey,
'certs' => $fullchain,
];
try {
$client->request('POST', '/ctapi/v1/accessone/cert/create', null, $param);
} catch (Exception $e) {
if (strpos($e->getMessage(), '已存在重名的证书') !== false) {
$this->log('已存在重名的证书 cert_name=' . $config['cert_name']);
} else {
throw new Exception('上传证书失败:' . $e->getMessage());
}
}
$this->log('上传证书成功 cert_name=' . $config['cert_name']);
foreach (explode(',', $config['domain']) as $domain) {
if (empty($domain)) continue;
$param = [
'domain' => $domain,
'product_code' => '020',
];
try {
$result = $client->request('POST', '/ctapi/v1/accessone/domain/config', null, $param);
} catch (Exception $e) {
throw new Exception('查询域名配置失败:' . $e->getMessage());
}
if ($result['https_status'] == 'on' && $result['cert_name'] == $config['cert_name']) {
$this->log('边缘安全加速域名 ' . $domain . ' 证书已部署,无需重复操作!');
return;
}
$result['https_status'] = 'on';
$result['cert_name'] = $config['cert_name'];
$exclude_keys = ['status', 'area_scope', 'cname', 'insert_date', 'status_date', 'record_status', 'record_num', 'customer_name', 'outlink_replace_filter', 'website_ipv6_access_mark', 'websocket_speed', 'dynamic_config', 'dynamic_ability'];
foreach ($result as $key => $value) {
if (in_array($key, $exclude_keys) || is_array($value) && empty($value)) {
unset($result[$key]);
}
}
if (isset($result['origin'])) {
foreach ($result['origin'] as &$origin) {
$origin['weight'] = strval($origin['weight']);
}
}
try {
$client->request('POST', '/ctapi/v1/scdn/domain/modify_config', null, $result);
} catch (Exception $e) {
if (strpos($e->getMessage(), '请求已提交,请勿重复操作!') === false) {
throw new Exception($e->getMessage());
}
}
$this->log('边缘安全加速域名 ' . $domain . ' 部署证书成功!');
}
}
private function deploy_cf($fullchain, $privatekey, $config)
{
$client = new CtyunClient($this->AccessKeyId, $this->SecretAccessKey, 'cf-global.ctapi.ctyun.cn', $this->proxy);
foreach (explode(',', $config['domain']) as $domain) {
if (empty($domain)) continue;
try {
$data = $client->request('GET', '/openapi/v1/domains/customdomains/' . $domain, null, null, ['regionId' => $config['region_id']]);
} catch (Exception $e) {
throw new Exception('获取自定义域名配置失败:' . $e->getMessage());
}
if (isset($data['certConfig']['certificate']) && trim($data['certConfig']['certificate']) == trim($fullchain)) {
$this->log('函数计算域名 ' . $domain . ' 证书已部署,无需重复操作!');
return;
}
if ($data['protocol'] == 'HTTP') $data['protocol'] = 'HTTP,HTTPS';
$param = [
'domainName' => $domain,
'description' => $data['description'],
'protocol' => $data['protocol'],
'certConfig' => [
'certName' => 'cert' . substr($config['cert_name'], strpos($config['cert_name'], '-') + 1),
'certificate' => $fullchain,
'privateKey' => $privatekey,
],
'authConfig' => $data['authConfig'],
'routeConfig' => $data['routeConfig'],
];
try {
$client->request('PUT', '/openapi/v1/domains/customdomains/' . $domain, null, $param, ['regionId' => $config['region_id']]);
} catch (Exception $e) {
if (strpos($e->getMessage(), '请求已提交,请勿重复操作!') === false) {
throw new Exception($e->getMessage());
}
}
$this->log('函数计算域名 ' . $domain . ' 部署证书成功!');
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}

244
app/lib/deploy/doge.php
View File

@@ -1,120 +1,124 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class doge implements DeployInterface
{
private $logger;
private $AccessKey;
private $SecretKey;
public function __construct($config)
{
$this->AccessKey = $config['AccessKey'];
$this->SecretKey = $config['SecretKey'];
}
public function check()
{
if (empty($this->AccessKey) || empty($this->SecretKey)) throw new Exception('必填参数不能为空');
$this->request('/cdn/cert/list.json');
return true;
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$domain = $config['domain'];
if (empty($domain)) throw new Exception('绑定的域名不能为空');
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
$cert_name = str_replace('*.', '', $certInfo['subject']['CN']) . '-' . $certInfo['validFrom_time_t'];
$cert_id = $this->get_cert_id($fullchain, $privatekey, $cert_name);
$param = [
'id' => $cert_id,
'domain' => $domain,
];
$this->request('/cdn/cert/bind.json', $param);
$this->log('CDN域名 ' . $domain . ' 绑定证书成功!');
$info['cert_id'] = $cert_id;
}
private function get_cert_id($fullchain, $privatekey, $cert_name)
{
$cert_id = null;
$data = $this->request('/cdn/cert/list.json');
foreach ($data['certs'] as $cert) {
if ($cert_name == $cert['note']) {
$cert_id = $cert['id'];
$this->log('证书' . $cert_name . '已存在证书ID:' . $cert_id);
} elseif ($cert['expire'] < time() && $cert['domainCount'] == 0) {
try {
$this->request('/cdn/cert/delete.json', ['id' => $cert['id']]);
$this->log('证书' . $cert['name'] . '已过期,删除证书成功');
} catch (Exception $e) {
$this->log('证书' . $cert['name'] . '已过期,删除证书失败:' . $e->getMessage());
}
usleep(300000);
}
}
if (!$cert_id) {
$param = [
'note' => $cert_name,
'cert' => $fullchain,
'private' => $privatekey,
];
try {
$data = $this->request('/cdn/cert/upload.json', $param);
} catch (Exception $e) {
throw new Exception('上传证书失败:' . $e->getMessage());
}
$this->log('上传证书成功证书ID:' . $data['id']);
$cert_id = $data['id'];
usleep(500000);
}
return $cert_id;
}
private function request($path, $data = null, $json = false)
{
$body = null;
if($data){
$body = $json ? json_encode($data) : http_build_query($data);
}
$signStr = $path . "\n" . $body;
$sign = hash_hmac('sha1', $signStr, $this->SecretKey);
$authorization = "TOKEN " . $this->AccessKey . ":" . $sign;
$headers = ['Authorization: ' . $authorization];
if($body && $json) $headers[] = 'Content-Type: application/json';
$url = 'https://api.dogecloud.com'.$path;
$response = curl_client($url, $body, null, null, $headers);
$result = json_decode($response['body'], true);
if(isset($result['code']) && $result['code'] == 200){
return isset($result['data']) ? $result['data'] : true;
}elseif(isset($result['msg'])){
throw new Exception($result['msg']);
}else{
throw new Exception('请求失败');
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class doge implements DeployInterface
{
private $logger;
private $AccessKey;
private $SecretKey;
private $proxy;
public function __construct($config)
{
$this->AccessKey = $config['AccessKey'];
$this->SecretKey = $config['SecretKey'];
$this->proxy = isset($config['proxy']) ? $config['proxy'] == 1 : false;
}
public function check()
{
if (empty($this->AccessKey) || empty($this->SecretKey)) throw new Exception('必填参数不能为空');
$this->request('/cdn/cert/list.json');
return true;
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$domains = $config['domain'];
if (empty($domains)) throw new Exception('绑定的域名不能为空');
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
$cert_name = str_replace('*.', '', $certInfo['subject']['CN']) . '-' . $certInfo['validFrom_time_t'];
$cert_id = $this->get_cert_id($fullchain, $privatekey, $cert_name);
foreach (explode(',', $domains) as $domain) {
if (empty($domain)) continue;
$param = [
'id' => $cert_id,
'domain' => $domain,
];
$this->request('/cdn/cert/bind.json', $param);
$this->log('CDN域名 ' . $domain . ' 绑定证书成功!');
}
$info['cert_id'] = $cert_id;
}
private function get_cert_id($fullchain, $privatekey, $cert_name)
{
$cert_id = null;
$data = $this->request('/cdn/cert/list.json');
foreach ($data['certs'] as $cert) {
if ($cert_name == $cert['note']) {
$cert_id = $cert['id'];
$this->log('证书' . $cert_name . '已存在证书ID:' . $cert_id);
} elseif ($cert['expire'] < time() && $cert['domainCount'] == 0) {
try {
$this->request('/cdn/cert/delete.json', ['id' => $cert['id']]);
$this->log('证书' . $cert['name'] . '已过期,删除证书成功');
} catch (Exception $e) {
$this->log('证书' . $cert['name'] . '已过期,删除证书失败:' . $e->getMessage());
}
usleep(300000);
}
}
if (!$cert_id) {
$param = [
'note' => $cert_name,
'cert' => $fullchain,
'private' => $privatekey,
];
try {
$data = $this->request('/cdn/cert/upload.json', $param);
} catch (Exception $e) {
throw new Exception('上传证书失败:' . $e->getMessage());
}
$this->log('上传证书成功证书ID:' . $data['id']);
$cert_id = $data['id'];
usleep(500000);
}
return $cert_id;
}
private function request($path, $data = null, $json = false)
{
$body = null;
if($data){
$body = $json ? json_encode($data) : http_build_query($data);
}
$signStr = $path . "\n" . $body;
$sign = hash_hmac('sha1', $signStr, $this->SecretKey);
$authorization = "TOKEN " . $this->AccessKey . ":" . $sign;
$headers = ['Authorization' => $authorization];
if($body && $json) $headers['Content-Type'] = 'application/json';
$url = 'https://api.dogecloud.com'.$path;
$response = http_request($url, $body, null, null, $headers, $this->proxy);
$result = json_decode($response['body'], true);
if(isset($result['code']) && $result['code'] == 200){
return $result['data'] ?? true;
}elseif(isset($result['msg'])){
throw new Exception($result['msg']);
}else{
throw new Exception('请求失败');
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}

132
app/lib/deploy/fnos.php Normal file
View File

@@ -0,0 +1,132 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class fnos implements DeployInterface
{
private $logger;
private $config;
public function __construct($config)
{
$this->config = $config;
}
public function check()
{
$this->connect();
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$domains = $config['domainList'];
if (empty($domains)) throw new Exception('没有设置要部署的域名');
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
$connection = $this->connect();
$cert_all = $this->exec($connection, '获取证书列表', 'cat /usr/trim/etc/network_cert_all.conf');
$list = json_decode($cert_all, true);
if (!$list) throw new Exception('获取证书列表失败');
$success = 0;
foreach ($list as $row) {
if (empty($row['san'])) continue;
$cert_domains = $row['san'];
$flag = false;
foreach ($cert_domains as $domain) {
if (in_array($domain, $domains)) {
$flag = true;
break;
}
}
if ($flag) {
$certPath = $row['certificate'];
$keyPath = $row['privateKey'];
$certDir = dirname($certPath);
$this->exec($connection, '上传证书文件', "sudo tee ".$certPath." > /dev/null <<'EOF'\n".$fullchain."\nEOF");
$this->exec($connection, '上传私钥文件', "sudo tee ".$keyPath." > /dev/null <<'EOF'\n".$privatekey."\nEOF");
$this->exec($connection, '刷新目录权限', 'sudo chmod 0755 "'.$certDir.'" -R');
$this->exec($connection, '更新数据表', 'cd /tmp && sudo -u postgres psql -d trim_connect -c "UPDATE cert SET valid_to='.$certInfo['validTo_time_t'].'000,valid_from='.$certInfo['validFrom_time_t'].'000,issued_by=\''.$certInfo['issuer']['CN'].'\',updated_time='.getMillisecond().' WHERE private_key=\''.$keyPath.'\'"');
$this->log('证书 '.$row['domain'].' 更新成功');
$success++;
}
}
if ($success == 0) {
throw new Exception('没有要更新的证书');
} else {
$this->exec($connection, '重启webdav', 'sudo systemctl restart webdav.service');
$this->exec($connection, '重启smbftpd', 'sudo systemctl restart smbftpd.service');
$this->exec($connection, '重启trim_nginx', 'sudo systemctl restart trim_nginx.service');
}
}
private function exec($connection, $name, $cmd)
{
$stream = ssh2_exec($connection, $cmd);
$errorStream = ssh2_fetch_stream($stream, SSH2_STREAM_STDERR);
if (!$stream || !$errorStream) {
throw new Exception($name.'执行命令失败');
}
stream_set_blocking($stream, true);
stream_set_blocking($errorStream, true);
$output = stream_get_contents($stream);
$errorOutput = stream_get_contents($errorStream);
fclose($stream);
fclose($errorStream);
if (trim($errorOutput)) {
if (strpos($errorOutput, 'a password is required') !== false) {
throw new Exception('权限不足,请先配置 sudo 免密');
}
throw new Exception($name.'失败:' . trim($errorOutput));
} else {
if (strlen($output) > 200) {
return $output;
}
$this->log($name.'成功 ' . trim($output));
return $output;
}
}
private function connect()
{
if (!function_exists('ssh2_connect')) {
throw new Exception('ssh2扩展未安装');
}
if (empty($this->config['host']) || empty($this->config['port']) || empty($this->config['username']) || empty($this->config['password'])) {
throw new Exception('必填参数不能为空');
}
if (!filter_var($this->config['host'], FILTER_VALIDATE_IP) && !filter_var($this->config['host'], FILTER_VALIDATE_DOMAIN)) {
throw new Exception('主机地址不合法');
}
if (!is_numeric($this->config['port']) || $this->config['port'] < 1 || $this->config['port'] > 65535) {
throw new Exception('SSH端口不合法');
}
$connection = ssh2_connect($this->config['host'], intval($this->config['port']));
if (!$connection) {
throw new Exception('SSH连接失败');
}
if (!ssh2_auth_password($connection, $this->config['username'], $this->config['password'])) {
throw new Exception('用户名或密码错误');
}
return $connection;
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}

226
app/lib/deploy/ftp.php
View File

@@ -1,113 +1,113 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class ftp implements DeployInterface
{
private $logger;
private $config;
public function __construct($config)
{
$this->config = $config;
}
public function check()
{
$this->connect();
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$conn_id = $this->connect();
ftp_pasv($conn_id, true);
if ($config['format'] == 'pem') {
$temp_stream = fopen('php://temp', 'r+');
fwrite($temp_stream, $fullchain);
rewind($temp_stream);
if (ftp_fput($conn_id, $config['pem_cert_file'], $temp_stream, FTP_BINARY)) {
$this->log('证书文件上传成功:' . $config['pem_cert_file']);
} else {
fclose($temp_stream);
ftp_close($conn_id);
throw new Exception('证书文件上传失败:' . $config['pem_cert_file']);
}
fclose($temp_stream);
$temp_stream = fopen('php://temp', 'r+');
fwrite($temp_stream, $privatekey);
rewind($temp_stream);
if (ftp_fput($conn_id, $config['pem_key_file'], $temp_stream, FTP_BINARY)) {
$this->log('私钥文件上传成功:' . $config['pem_key_file']);
} else {
fclose($temp_stream);
ftp_close($conn_id);
throw new Exception('私钥文件上传失败:' . $config['pem_key_file']);
}
fclose($temp_stream);
} elseif ($config['format'] == 'pfx') {
$pfx = \app\lib\CertHelper::getPfx($fullchain, $privatekey, $config['pfx_pass'] ? $config['pfx_pass'] : null);
$temp_stream = fopen('php://temp', 'r+');
fwrite($temp_stream, $pfx);
rewind($temp_stream);
if (ftp_fput($conn_id, $config['pfx_file'], $temp_stream, FTP_BINARY)) {
$this->log('PFX证书文件上传成功' . $config['pfx_file']);
} else {
fclose($temp_stream);
ftp_close($conn_id);
throw new Exception('PFX证书文件上传失败' . $config['pfx_file']);
}
fclose($temp_stream);
}
ftp_close($conn_id);
}
private function connect()
{
if (!function_exists('ftp_connect')) {
throw new Exception('ftp扩展未安装');
}
if (empty($this->config['host']) || empty($this->config['port']) || empty($this->config['username']) || empty($this->config['password'])) {
throw new Exception('必填参数不能为空');
}
if (!filter_var($this->config['host'], FILTER_VALIDATE_IP) && !filter_var($this->config['host'], FILTER_VALIDATE_DOMAIN)) {
throw new Exception('主机地址不合法');
}
if (!is_numeric($this->config['port']) || $this->config['port'] < 1 || $this->config['port'] > 65535) {
throw new Exception('端口不合法');
}
if ($this->config['secure'] == '1') {
$conn_id = ftp_ssl_connect($this->config['host'], intval($this->config['port']), 10);
if (!$conn_id) {
throw new Exception('FTP服务器无法连接(SSL)');
}
} else {
$conn_id = ftp_connect($this->config['host'], intval($this->config['port']), 10);
if (!$conn_id) {
throw new Exception('FTP服务器无法连接');
}
}
if (!ftp_login($conn_id, $this->config['username'], $this->config['password'])) {
ftp_close($conn_id);
throw new Exception('FTP登录失败');
}
return $conn_id;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
public function setLogger($logger)
{
$this->logger = $logger;
}
}
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class ftp implements DeployInterface
{
private $logger;
private $config;
public function __construct($config)
{
$this->config = $config;
}
public function check()
{
$this->connect();
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$conn_id = $this->connect();
ftp_pasv($conn_id, true);
if ($config['format'] == 'pem') {
$temp_stream = fopen('php://temp', 'r+');
fwrite($temp_stream, $fullchain);
rewind($temp_stream);
if (ftp_fput($conn_id, $config['pem_cert_file'], $temp_stream, FTP_BINARY)) {
$this->log('证书文件上传成功:' . $config['pem_cert_file']);
} else {
fclose($temp_stream);
ftp_close($conn_id);
throw new Exception('证书文件上传失败:' . $config['pem_cert_file']);
}
fclose($temp_stream);
$temp_stream = fopen('php://temp', 'r+');
fwrite($temp_stream, $privatekey);
rewind($temp_stream);
if (ftp_fput($conn_id, $config['pem_key_file'], $temp_stream, FTP_BINARY)) {
$this->log('私钥文件上传成功:' . $config['pem_key_file']);
} else {
fclose($temp_stream);
ftp_close($conn_id);
throw new Exception('私钥文件上传失败:' . $config['pem_key_file']);
}
fclose($temp_stream);
} elseif ($config['format'] == 'pfx') {
$pfx = \app\lib\CertHelper::getPfx($fullchain, $privatekey, $config['pfx_pass'] ? $config['pfx_pass'] : null);
$temp_stream = fopen('php://temp', 'r+');
fwrite($temp_stream, $pfx);
rewind($temp_stream);
if (ftp_fput($conn_id, $config['pfx_file'], $temp_stream, FTP_BINARY)) {
$this->log('PFX证书文件上传成功' . $config['pfx_file']);
} else {
fclose($temp_stream);
ftp_close($conn_id);
throw new Exception('PFX证书文件上传失败' . $config['pfx_file']);
}
fclose($temp_stream);
}
ftp_close($conn_id);
}
private function connect()
{
if (!function_exists('ftp_connect')) {
throw new Exception('ftp扩展未安装');
}
if (empty($this->config['host']) || empty($this->config['port']) || empty($this->config['username']) || empty($this->config['password'])) {
throw new Exception('必填参数不能为空');
}
if (!filter_var($this->config['host'], FILTER_VALIDATE_IP) && !filter_var($this->config['host'], FILTER_VALIDATE_DOMAIN)) {
throw new Exception('主机地址不合法');
}
if (!is_numeric($this->config['port']) || $this->config['port'] < 1 || $this->config['port'] > 65535) {
throw new Exception('端口不合法');
}
if ($this->config['secure'] == '1') {
$conn_id = ftp_ssl_connect($this->config['host'], intval($this->config['port']), 10);
if (!$conn_id) {
throw new Exception('FTP服务器无法连接(SSL)');
}
} else {
$conn_id = ftp_connect($this->config['host'], intval($this->config['port']), 10);
if (!$conn_id) {
throw new Exception('FTP服务器无法连接');
}
}
if (!ftp_login($conn_id, $this->config['username'], $this->config['password'])) {
ftp_close($conn_id);
throw new Exception('FTP登录失败');
}
return $conn_id;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
public function setLogger($logger)
{
$this->logger = $logger;
}
}

154
app/lib/deploy/gcore.php
View File

@@ -1,77 +1,77 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class gcore implements DeployInterface
{
private $logger;
private $url = 'https://api.gcore.com';
private $apikey;
private $proxy;
public function __construct($config)
{
$this->apikey = $config['apikey'];
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->apikey)) throw new Exception('API令牌不能为空');
$this->request('/iam/clients/me');
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$id = $config['id'];
if (empty($id)) throw new Exception('证书ID不能为空');
$params = [
'name' => $config['name'],
'sslCertificate' => $fullchain,
'sslPrivateKey' => $privatekey,
'validate_root_ca' => true,
];
$this->request('/cdn/sslData/' . $id, $params, 'PUT');
$this->log('证书ID:' . $id . '更新成功!');
}
private function request($path, $params = null, $method = null)
{
$url = $this->url . $path;
$headers = ['Authorization: APIKey ' . $this->apikey];
$body = null;
if ($params) {
$headers[] = 'Content-Type: application/json';
$body = json_encode($params);
}
$response = curl_client($url, $body, null, null, $headers, $this->proxy, $method);
$result = json_decode($response['body'], true);
if ($response['code'] >= 200 && $response['code'] < 300) {
return $result;
} elseif (isset($result['message']['message'])) {
throw new Exception($result['message']['message']);
} elseif (isset($result['errors'])) {
$errors = $result['errors'][array_key_first($result['errors'])];
throw new Exception($errors[0]);
} else {
if (!empty($response['body'])) $this->log('Response:' . $response['body']);
throw new Exception('请求失败(httpCode=' . $response['code'] . ')');
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class gcore implements DeployInterface
{
private $logger;
private $url = 'https://api.gcore.com';
private $apikey;
private $proxy;
public function __construct($config)
{
$this->apikey = $config['apikey'];
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->apikey)) throw new Exception('API令牌不能为空');
$this->request('/iam/clients/me');
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$id = $config['id'];
if (empty($id)) throw new Exception('证书ID不能为空');
$params = [
'name' => $config['name'],
'sslCertificate' => $fullchain,
'sslPrivateKey' => $privatekey,
'validate_root_ca' => true,
];
$this->request('/cdn/sslData/' . $id, $params, 'PUT');
$this->log('证书ID:' . $id . '更新成功!');
}
private function request($path, $params = null, $method = null)
{
$url = $this->url . $path;
$headers = ['Authorization' => 'APIKey ' . $this->apikey];
$body = null;
if ($params) {
$headers['Content-Type'] = 'application/json';
$body = json_encode($params);
}
$response = http_request($url, $body, null, null, $headers, $this->proxy, $method);
$result = json_decode($response['body'], true);
if ($response['code'] >= 200 && $response['code'] < 300) {
return $result;
} elseif (isset($result['message']['message'])) {
throw new Exception($result['message']['message']);
} elseif (isset($result['errors'])) {
$errors = $result['errors'][array_key_first($result['errors'])];
throw new Exception($errors[0]);
} else {
if (!empty($response['body'])) $this->log('Response:' . $response['body']);
throw new Exception('请求失败(httpCode=' . $response['code'] . ')');
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}

289
app/lib/deploy/goedge.php
View File

@@ -1,135 +1,154 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class goedge implements DeployInterface
{
private $logger;
private $url;
private $accessKeyId;
private $accessKey;
private $usertype;
private $systype;
private $proxy;
private $accessToken;
public function __construct($config)
{
$this->url = rtrim($config['url'], '/');
$this->accessKeyId = $config['accessKeyId'];
$this->accessKey = $config['accessKey'];
$this->usertype = $config['usertype'];
$this->systype = $config['systype'];
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->url) || empty($this->accessKeyId) || empty($this->accessKey)) throw new Exception('必填参数不能为空');
$this->getAccessToken();
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$domains = $config['domainList'];
if (empty($domains)) throw new Exception('没有设置要部署的域名');
$this->getAccessToken();
$params = [
'domains' => $domains,
'offset' => 0,
'size' => 10,
];
try {
$data = $this->request('/SSLCertService/listSSLCerts', $params);
} catch (Exception $e) {
throw new Exception('获取证书列表失败:' . $e->getMessage());
}
$list = json_decode(base64_decode($data['sslCertsJSON']), true);
if (!$list || empty($list)) {
throw new Exception('证书列表为空');
}
$this->log('获取证书列表成功(total=' . count($list) . ')');
$certInfo = openssl_x509_parse($fullchain, true);
foreach ($list as $row) {
$params = [
'sslCertId' => $row['id'],
'isOn' => true,
'name' => $row['name'],
'description' => $row['description'],
'serverName' => $row['serverName'],
'isCA' => false,
'certData' => base64_encode($fullchain),
'keyData' => base64_encode($privatekey),
'timeBeginAt' => $certInfo['validFrom_time_t'],
'timeEndAt' => $certInfo['validTo_time_t'],
'dnsNames' => $domains,
'commonNames' => [$certInfo['issuer']['CN']],
];
$this->request('/SSLCertService/updateSSLCert', $params);
$this->log('证书ID:' . $row['id'] . '更新成功!');
}
}
private function getAccessToken()
{
$path = '/APIAccessTokenService/getAPIAccessToken';
$params = [
'type' => $this->usertype,
'accessKeyId' => $this->accessKeyId,
'accessKey' => $this->accessKey,
];
$result = $this->request($path, $params);
if (isset($result['token'])) {
$this->accessToken = $result['token'];
} else {
throw new Exception('登录成功获取AccessToken失败');
}
}
private function request($path, $params = null)
{
$url = $this->url . $path;
$headers = [];
$body = null;
if ($this->accessToken) {
if ($this->systype == '1') {
$headers[] = 'X-Cloud-Access-Token: ' . $this->accessToken;
} else {
$headers[] = 'X-Edge-Access-Token: ' . $this->accessToken;
}
}
if ($params) {
$headers[] = 'Content-Type: application/json';
$body = json_encode($params);
}
$response = curl_client($url, $body, null, null, $headers, $this->proxy);
$result = json_decode($response['body'], true);
if (isset($result['code']) && $result['code'] == 200) {
return isset($result['data']) ? $result['data'] : null;
} elseif (isset($result['message'])) {
throw new Exception($result['message']);
} else {
if (!empty($response['body'])) $this->log('Response:' . $response['body']);
throw new Exception('返回数据解析失败');
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class goedge implements DeployInterface
{
private $logger;
private $url;
private $accessKeyId;
private $accessKey;
private $usertype;
private $systype;
private $proxy;
private $accessToken;
public function __construct($config)
{
$this->url = rtrim($config['url'], '/');
$this->accessKeyId = $config['accessKeyId'];
$this->accessKey = $config['accessKey'];
$this->usertype = $config['usertype'];
$this->systype = $config['systype'];
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->url) || empty($this->accessKeyId) || empty($this->accessKey)) throw new Exception('必填参数不能为空');
$this->getAccessToken();
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$domains = $config['domainList'];
if (empty($domains)) throw new Exception('没有设置要部署的域名');
$this->getAccessToken();
$params = [
'domains' => $domains,
'offset' => 0,
'size' => 10,
];
try {
$data = $this->request('/SSLCertService/listSSLCerts', $params);
} catch (Exception $e) {
throw new Exception('获取证书列表失败:' . $e->getMessage());
}
$list = json_decode(base64_decode($data['sslCertsJSON']), true);
if ($list === false) {
throw new Exception('证书列表为空');
}
$this->log('获取证书列表成功(total=' . count($list) . ')');
$certInfo = openssl_x509_parse($fullchain, true);
$cert_name = str_replace('*.', '', $certInfo['subject']['CN']) . '-' . $certInfo['validFrom_time_t'];
if (!empty($list)) {
foreach ($list as $row) {
$params = [
'sslCertId' => $row['id'],
'isOn' => true,
'name' => $row['name'],
'description' => $row['description'],
'serverName' => $row['serverName'],
'isCA' => false,
'certData' => base64_encode($fullchain),
'keyData' => base64_encode($privatekey),
'timeBeginAt' => $certInfo['validFrom_time_t'],
'timeEndAt' => $certInfo['validTo_time_t'],
'dnsNames' => $domains,
'commonNames' => [$certInfo['issuer']['CN']],
];
$this->request('/SSLCertService/updateSSLCert', $params);
$this->log('证书ID:' . $row['id'] . '更新成功!');
}
} else {
$params = [
'isOn' => true,
'name' => $cert_name,
'description' => $cert_name,
'serverName' => $certInfo['subject']['CN'],
'isCA' => false,
'certData' => base64_encode($fullchain),
'keyData' => base64_encode($privatekey),
'timeBeginAt' => $certInfo['validFrom_time_t'],
'timeEndAt' => $certInfo['validTo_time_t'],
'dnsNames' => $domains,
'commonNames' => [$certInfo['issuer']['CN']],
];
$result = $this->request('/SSLCertService/createSSLCert', $params);
$this->log('证书ID:' . $result['sslCertId'] . '添加成功!');
}
}
private function getAccessToken()
{
$path = '/APIAccessTokenService/getAPIAccessToken';
$params = [
'type' => $this->usertype,
'accessKeyId' => $this->accessKeyId,
'accessKey' => $this->accessKey,
];
$result = $this->request($path, $params);
if (isset($result['token'])) {
$this->accessToken = $result['token'];
} else {
throw new Exception('登录成功获取AccessToken失败');
}
}
private function request($path, $params = null)
{
$url = $this->url . $path;
$headers = [];
$body = null;
if ($this->accessToken) {
if ($this->systype == '1') {
$headers['X-Cloud-Access-Token'] = $this->accessToken;
} else {
$headers['X-Edge-Access-Token'] = $this->accessToken;
}
}
if ($params) {
$headers['Content-Type'] = 'application/json';
$body = json_encode($params);
}
$response = http_request($url, $body, null, null, $headers, $this->proxy);
$result = json_decode($response['body'], true);
if (isset($result['code']) && $result['code'] == 200) {
return $result['data'] ?? null;
} elseif (isset($result['message'])) {
throw new Exception($result['message']);
} else {
if (!empty($response['body'])) $this->log('Response:' . $response['body']);
throw new Exception('返回数据解析失败');
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}

318
app/lib/deploy/huawei.php
View File

@@ -1,147 +1,171 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use app\lib\client\HuaweiCloud;
use Exception;
class huawei implements DeployInterface
{
private $logger;
private $AccessKeyId;
private $SecretAccessKey;
public function __construct($config)
{
$this->AccessKeyId = $config['AccessKeyId'];
$this->SecretAccessKey = $config['SecretAccessKey'];
}
public function check()
{
if (empty($this->AccessKeyId) || empty($this->SecretAccessKey)) throw new Exception('必填参数不能为空');
$client = new HuaweiCloud($this->AccessKeyId, $this->SecretAccessKey, 'scm.cn-north-4.myhuaweicloud.com');
$client->request('GET', '/v3/scm/certificates');
return true;
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
$config['cert_name'] = str_replace('*.', '', $certInfo['subject']['CN']) . '-' . $certInfo['validFrom_time_t'];
if ($config['product'] == 'cdn') {
$this->deploy_cdn($fullchain, $privatekey, $config);
} elseif ($config['product'] == 'elb') {
$this->deploy_elb($fullchain, $privatekey, $config);
} elseif ($config['product'] == 'waf') {
$this->deploy_waf($fullchain, $privatekey, $config);
}
}
private function deploy_cdn($fullchain, $privatekey, $config)
{
if (empty($config['domain'])) throw new Exception('绑定的域名不能为空');
$client = new HuaweiCloud($this->AccessKeyId, $this->SecretAccessKey, 'cdn.myhuaweicloud.com');
$param = [
'configs' => [
'https' => [
'https_status' => 'on',
'certificate_type' => 'server',
'certificate_source' => 0,
'certificate_name' => $config['cert_name'],
'certificate_value' => $fullchain,
'private_key' => $privatekey,
],
],
];
$client->request('PUT', '/v1.1/cdn/configuration/domains/' . $config['domain'] . '/configs', null, $param);
$this->log('CDN域名 ' . $config['domain'] . ' 部署证书成功!');
}
private function deploy_elb($fullchain, $privatekey, $config)
{
if (empty($config['project_id'])) throw new Exception('项目ID不能为空');
if (empty($config['region_id'])) throw new Exception('区域ID不能为空');
if (empty($config['cert_id'])) throw new Exception('证书ID不能为空');
$endpoint = 'elb.' . $config['region_id'] . '.myhuaweicloud.com';
$client = new HuaweiCloud($this->AccessKeyId, $this->SecretAccessKey, $endpoint);
try {
$data = $client->request('GET', '/v3/' . $config['project_id'] . '/elb/certificates/' . $config['cert_id']);
} catch (Exception $e) {
throw new Exception('证书详情查询失败:' . $e->getMessage());
}
if (isset($data['certificate']['certificate']) && trim($data['certificate']['certificate']) == trim($fullchain)) {
$this->log('ELB证书ID ' . $config['cert_id'] . ' 已存在,无需重复部署');
return;
}
$param = [
'certificate' => [
'certificate' => $fullchain,
'private_key' => $privatekey,
'domain' => implode(',', $config['domainList']),
],
];
$client->request('PUT', '/v3/' . $config['project_id'] . '/elb/certificates/' . $config['cert_id'], null, $param);
$this->log('ELB证书ID ' . $config['cert_id'] . ' 更新证书成功!');
}
private function deploy_waf($fullchain, $privatekey, $config)
{
if (empty($config['project_id'])) throw new Exception('项目ID不能为空');
if (empty($config['region_id'])) throw new Exception('区域ID不能为空');
if (empty($config['cert_id'])) throw new Exception('证书ID不能为空');
$endpoint = 'waf.' . $config['region_id'] . '.myhuaweicloud.com';
$client = new HuaweiCloud($this->AccessKeyId, $this->SecretAccessKey, $endpoint);
try {
$data = $client->request('GET', '/v1/' . $config['project_id'] . '/waf/certificates/' . $config['cert_id']);
} catch (Exception $e) {
throw new Exception('证书详情查询失败:' . $e->getMessage());
}
if (isset($data['content']) && trim($data['content']) == trim($fullchain)) {
$this->log('WAF证书ID ' . $config['cert_id'] . ' 已存在,无需重复部署');
return;
}
$param = [
'name' => $config['cert_name'],
'content' => $fullchain,
'key' => $privatekey,
];
$client->request('PUT', '/v1/' . $config['project_id'] . '/waf/certificates/' . $config['cert_id'], null, $param);
$this->log('WAF证书ID ' . $config['cert_id'] . ' 更新证书成功!');
}
private function get_cert_id($fullchain, $privatekey)
{
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
$cert_name = str_replace('*.', '', $certInfo['subject']['CN']) . '-' . $certInfo['validFrom_time_t'];
$client = new HuaweiCloud($this->AccessKeyId, $this->SecretAccessKey, 'scm.cn-north-4.myhuaweicloud.com');
$param = [
'name' => $cert_name,
'certificate' => $fullchain,
'private_key' => $privatekey,
];
try {
$data = $client->request('POST', '/v3/scm/certificates/import', null, $param);
} catch (Exception $e) {
throw new Exception('上传证书失败:' . $e->getMessage());
}
$this->log('上传证书成功 certificate_id=' . $data['certificate_id']);
return $data['certificate_id'];
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use app\lib\client\HuaweiCloud;
use app\lib\client\HuaweiOBS;
use Exception;
class huawei implements DeployInterface
{
private $logger;
private $AccessKeyId;
private $SecretAccessKey;
private $proxy;
public function __construct($config)
{
$this->AccessKeyId = $config['AccessKeyId'];
$this->SecretAccessKey = $config['SecretAccessKey'];
$this->proxy = isset($config['proxy']) ? $config['proxy'] == 1 : false;
}
public function check()
{
if (empty($this->AccessKeyId) || empty($this->SecretAccessKey)) throw new Exception('必填参数不能为空');
$client = new HuaweiCloud($this->AccessKeyId, $this->SecretAccessKey, 'scm.cn-north-4.myhuaweicloud.com', $this->proxy);
$client->request('GET', '/v3/scm/certificates');
return true;
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
$config['cert_name'] = str_replace('*.', '', $certInfo['subject']['CN']) . '-' . $certInfo['validFrom_time_t'];
if ($config['product'] == 'cdn') {
$this->deploy_cdn($fullchain, $privatekey, $config);
} elseif ($config['product'] == 'elb') {
$this->deploy_elb($fullchain, $privatekey, $config);
} elseif ($config['product'] == 'waf') {
$this->deploy_waf($fullchain, $privatekey, $config);
} elseif ($config['product'] == 'obs') {
$this->deploy_obs($fullchain, $privatekey, $config);
} elseif ($config['product'] == 'upload') {
$cert_id = $this->get_cert_id($fullchain, $privatekey);
$info['cert_id'] = $cert_id;
}
}
private function deploy_cdn($fullchain, $privatekey, $config)
{
if (empty($config['domain'])) throw new Exception('绑定的域名不能为空');
$client = new HuaweiCloud($this->AccessKeyId, $this->SecretAccessKey, 'cdn.myhuaweicloud.com', $this->proxy);
$param = [
'configs' => [
'https' => [
'https_status' => 'on',
'certificate_type' => 'server',
'certificate_source' => 0,
'certificate_name' => $config['cert_name'],
'certificate_value' => $fullchain,
'private_key' => $privatekey,
],
],
];
foreach (explode(',', $config['domain']) as $domain) {
if (empty($domain)) continue;
$client->request('PUT', '/v1.1/cdn/configuration/domains/' . $domain . '/configs', null, $param);
$this->log('CDN域名 ' . $domain . ' 部署证书成功!');
}
}
private function deploy_elb($fullchain, $privatekey, $config)
{
if (empty($config['project_id'])) throw new Exception('项目ID不能为空');
if (empty($config['region_id'])) throw new Exception('区域ID不能为空');
if (empty($config['cert_id'])) throw new Exception('证书ID不能为空');
$endpoint = 'elb.' . $config['region_id'] . '.myhuaweicloud.com';
$client = new HuaweiCloud($this->AccessKeyId, $this->SecretAccessKey, $endpoint, $this->proxy);
try {
$data = $client->request('GET', '/v3/' . $config['project_id'] . '/elb/certificates/' . $config['cert_id']);
} catch (Exception $e) {
throw new Exception('证书详情查询失败:' . $e->getMessage());
}
if (isset($data['certificate']['certificate']) && trim($data['certificate']['certificate']) == trim($fullchain)) {
$this->log('ELB证书ID ' . $config['cert_id'] . ' 已存在,无需重复部署');
return;
}
$param = [
'certificate' => [
'certificate' => $fullchain,
'private_key' => $privatekey,
'domain' => implode(',', $config['domainList']),
],
];
$client->request('PUT', '/v3/' . $config['project_id'] . '/elb/certificates/' . $config['cert_id'], null, $param);
$this->log('ELB证书ID ' . $config['cert_id'] . ' 更新证书成功!');
}
private function deploy_waf($fullchain, $privatekey, $config)
{
if (empty($config['project_id'])) throw new Exception('项目ID不能为空');
if (empty($config['region_id'])) throw new Exception('区域ID不能为空');
if (empty($config['cert_id'])) throw new Exception('证书ID不能为空');
$endpoint = 'waf.' . $config['region_id'] . '.myhuaweicloud.com';
$client = new HuaweiCloud($this->AccessKeyId, $this->SecretAccessKey, $endpoint, $this->proxy);
try {
$data = $client->request('GET', '/v1/' . $config['project_id'] . '/waf/certificates/' . $config['cert_id']);
} catch (Exception $e) {
throw new Exception('证书详情查询失败:' . $e->getMessage());
}
if (isset($data['content']) && trim($data['content']) == trim($fullchain)) {
$this->log('WAF证书ID ' . $config['cert_id'] . ' 已存在,无需重复部署');
return;
}
$param = [
'name' => $config['cert_name'],
'content' => $fullchain,
'key' => $privatekey,
];
$client->request('PUT', '/v1/' . $config['project_id'] . '/waf/certificates/' . $config['cert_id'], null, $param);
$this->log('WAF证书ID ' . $config['cert_id'] . ' 更新证书成功!');
}
private function deploy_obs($fullchain, $privatekey, $config)
{
if (empty($config['domain'])) throw new Exception('绑定的域名不能为空');
if (empty($config['obs_endpoint'])) throw new Exception('OBS Endpoint不能为空');
if (empty($config['obs_bucket'])) throw new Exception('OBS 桶名称不能为空');
$obsClient = new HuaweiOBS($this->AccessKeyId, $this->SecretAccessKey, $config['obs_endpoint'], $this->proxy);
foreach (explode(',', $config['domain']) as $domain) {
if (empty($domain)) continue;
$obsClient->setBucketCustomdomain($config['obs_bucket'], $domain, $config['cert_name'], $fullchain, $privatekey);
$this->log('OSS域名 ' . $domain . ' 部署证书成功!');
}
}
private function get_cert_id($fullchain, $privatekey)
{
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
$cert_name = str_replace('*.', '', $certInfo['subject']['CN']) . '-' . $certInfo['validFrom_time_t'];
$client = new HuaweiCloud($this->AccessKeyId, $this->SecretAccessKey, 'scm.cn-north-4.myhuaweicloud.com', $this->proxy);
$param = [
'name' => $cert_name,
'certificate' => $fullchain,
'private_key' => $privatekey,
];
try {
$data = $client->request('POST', '/v3/scm/certificates/import', null, $param);
} catch (Exception $e) {
throw new Exception('上传证书失败:' . $e->getMessage());
}
$this->log('上传证书成功 certificate_id=' . $data['certificate_id']);
return $data['certificate_id'];
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}

363
app/lib/deploy/huoshan.php
View File

@@ -1,96 +1,267 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use app\lib\client\Volcengine;
use Exception;
class huoshan implements DeployInterface
{
private $logger;
private $AccessKeyId;
private $SecretAccessKey;
public function __construct($config)
{
$this->AccessKeyId = $config['AccessKeyId'];
$this->SecretAccessKey = $config['SecretAccessKey'];
}
public function check()
{
if (empty($this->AccessKeyId) || empty($this->SecretAccessKey)) throw new Exception('必填参数不能为空');
$client = new Volcengine($this->AccessKeyId, $this->SecretAccessKey, 'cdn.volcengineapi.com', 'cdn', '2021-03-01', 'cn-north-1');
$client->request('POST', 'ListCertInfo', ['Source' => 'volc_cert_center']);
return true;
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
if (empty($config['domain'])) throw new Exception('绑定的域名不能为空');
$cert_id = $this->get_cert_id($fullchain, $privatekey);
if (!$cert_id) throw new Exception('获取证书ID失败');
$info['cert_id'] = $cert_id;
$this->deploy_cdn($cert_id, $config);
}
private function deploy_cdn($cert_id, $config)
{
if (empty($config['domain'])) throw new Exception('绑定的域名不能为空');
$client = new Volcengine($this->AccessKeyId, $this->SecretAccessKey, 'cdn.volcengineapi.com', 'cdn', '2021-03-01', 'cn-north-1');
$param = [
'CertId' => $cert_id,
'Domain' => $config['domain'],
];
$data = $client->request('POST', 'BatchDeployCert', $param);
if (empty($data['DeployResult'])) throw new Exception('部署证书失败DeployResult为空');
foreach ($data['DeployResult'] as $row) {
if ($row['Status'] == 'success') {
$this->log('CDN域名 ' . $row['Domain'] . ' 部署证书成功!');
} else {
$this->log('CDN域名 ' . $row['Domain'] . ' 部署证书失败:' . isset($row['ErrorMsg']) ? $row['ErrorMsg'] : '');
}
}
}
private function get_cert_id($fullchain, $privatekey)
{
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
$cert_name = str_replace('*.', '', $certInfo['subject']['CN']) . '-' . $certInfo['validFrom_time_t'];
$client = new Volcengine($this->AccessKeyId, $this->SecretAccessKey, 'cdn.volcengineapi.com', 'cdn', '2021-03-01', 'cn-north-1');
$param = [
'Source' => 'volc_cert_center',
'Certificate' => $fullchain,
'PrivateKey' => $privatekey,
'Desc' => $cert_name,
'Repeatable' => false,
];
try {
$data = $client->request('POST', 'AddCertificate', $param);
} catch (Exception $e) {
if (strpos($e->getMessage(), '证书已存在ID为') !== false) {
$cert_id = trim(getSubstr($e->getMessage(), '证书已存在ID为', '。'));
$this->log('证书已存在 CertId=' . $cert_id);
return $cert_id;
}
throw new Exception('上传证书失败:' . $e->getMessage());
}
$this->log('上传证书成功 CertId=' . $data['CertId']);
return $data['CertId'];
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use app\lib\client\Volcengine;
use Exception;
class huoshan implements DeployInterface
{
private $logger;
private $AccessKeyId;
private $SecretAccessKey;
private $proxy;
public function __construct($config)
{
$this->AccessKeyId = $config['AccessKeyId'];
$this->SecretAccessKey = $config['SecretAccessKey'];
$this->proxy = isset($config['proxy']) ? $config['proxy'] == 1 : false;
}
public function check()
{
if (empty($this->AccessKeyId) || empty($this->SecretAccessKey)) throw new Exception('必填参数不能为空');
$client = new Volcengine($this->AccessKeyId, $this->SecretAccessKey, 'open.volcengineapi.com', 'cdn', '2021-03-01', 'cn-north-1', $this->proxy);
$client->request('POST', 'ListCertInfo', ['Source' => 'volc_cert_center']);
return true;
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
if ($config['product'] == 'live') {
$this->deploy_live($fullchain, $privatekey, $config);
} else {
$cert_id = $this->get_cert_id($fullchain, $privatekey);
if (!$cert_id) throw new Exception('获取证书ID失败');
$info['cert_id'] = $cert_id;
if (!isset($config['product']) || $config['product'] == 'cdn') {
$this->deploy_cdn($cert_id, $config);
} elseif ($config['product'] == 'dcdn') {
$this->deploy_dcdn($cert_id, $config);
} elseif ($config['product'] == 'tos') {
$this->deploy_tos($cert_id, $config);
} elseif ($config['product'] == 'imagex') {
$this->deploy_imagex($cert_id, $config);
} elseif ($config['product'] == 'clb') {
$this->deploy_clb($cert_id, $config);
} elseif ($config['product'] == 'alb') {
$this->deploy_alb($cert_id, $config);
} elseif ($config['product'] == 'vod') {
$this->deploy_vod($cert_id, $config);
}
}
}
private function deploy_cdn($cert_id, $config)
{
if (empty($config['domain'])) throw new Exception('绑定的域名不能为空');
$client = new Volcengine($this->AccessKeyId, $this->SecretAccessKey, 'cdn.volcengineapi.com', 'cdn', '2021-03-01', 'cn-north-1', $this->proxy);
$param = [
'CertId' => $cert_id,
'Domain' => $config['domain'],
];
$data = $client->request('POST', 'BatchDeployCert', $param);
if (empty($data['DeployResult'])) throw new Exception('部署证书失败DeployResult为空');
foreach ($data['DeployResult'] as $row) {
if ($row['Status'] == 'success') {
$this->log('CDN域名 ' . $row['Domain'] . ' 部署证书成功!');
} else {
$this->log('CDN域名 ' . $row['Domain'] . ' 部署证书失败:' . (isset($row['ErrorMsg']) ? $row['ErrorMsg'] : ''));
}
}
}
private function deploy_dcdn($cert_id, $config)
{
if (empty($config['domain'])) throw new Exception('绑定的域名不能为空');
$client = new Volcengine($this->AccessKeyId, $this->SecretAccessKey, 'open.volcengineapi.com', 'dcdn', '2021-04-01', 'cn-north-1', $this->proxy);
$param = [
'CertId' => $cert_id,
'DomainNames' => explode(',', $config['domain']),
];
$client->request('POST', 'CreateCertBind', $param);
$this->log('DCDN域名 ' . $config['domain'] . ' 部署证书成功!');
}
private function deploy_tos($cert_id, $config)
{
if (empty($config['bucket_domain'])) throw new Exception('Bucket域名不能为空');
if (empty($config['domain'])) throw new Exception('绑定的域名不能为空');
$client = new Volcengine($this->AccessKeyId, $this->SecretAccessKey, $config['bucket_domain'], 'tos', '2021-04-01', 'cn-beijing', $this->proxy);
foreach (explode(',', $config['domain']) as $domain) {
if (empty($domain)) continue;
$param = [
'CustomDomainRule' => [
'Domain' => $domain,
'CertId' => $cert_id,
]
];
$query = ['customdomain' => ''];
$client->tos_request('PUT', $param, $query);
$this->log('对象存储域名 ' . $config['domain'] . ' 部署证书成功!');
}
}
private function deploy_live($fullchain, $privatekey, $config)
{
if (empty($config['domain'])) throw new Exception('绑定的域名不能为空');
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
$cert_name = str_replace('*.', '', $certInfo['subject']['CN']) . '-' . $certInfo['validFrom_time_t'];
$client = new Volcengine($this->AccessKeyId, $this->SecretAccessKey, 'live.volcengineapi.com', 'live', '2023-01-01', 'cn-north-1', $this->proxy);
$param = [
'CertName' => $cert_name,
'Rsa' => [
'Pubkey' => $fullchain,
'Prikey' => $privatekey,
],
'UseWay' => 'https',
];
$result = $client->request('POST', 'CreateCert', $param);
$this->log('上传证书成功 ChainID=' . $result['ChainID']);
foreach (explode(',', $config['domain']) as $domain) {
if (empty($domain)) continue;
$param = [
'ChainID' => $result['ChainID'],
'Domain' => $domain,
'HTTPS' => true,
'HTTP2' => true,
];
$client->request('POST', 'BindCert', $param);
$this->log('视频直播域名 ' . $domain . ' 部署证书成功!');
}
}
private function deploy_vod($cert_id, $config)
{
if (empty($config['domain'])) throw new Exception('绑定的域名不能为空');
if (empty($config['vod_space_name'])) throw new Exception('点播空间名称不能为空');
if (empty($config['vod_domain_type'])) throw new Exception('点播域名类型不能为空');
$client = new Volcengine($this->AccessKeyId, $this->SecretAccessKey, 'vod.volcengineapi.com', 'vod', '2023-07-01', 'cn-north-1', $this->proxy);
foreach (explode(',', $config['domain']) as $domain) {
if (empty($domain)) continue;
$param = [
'SpaceName' => $config['vod_space_name'],
'DomainType' => $config['vod_domain_type'],
'Domain' => $domain,
'Config' => [
'HTTPS' => [
'Switch' => true,
'CertInfo' => [
'CertId' => $cert_id,
],
],
],
];
$client->request('POST', 'UpdateDomainConfig', $param);
$this->log('视频点播域名 ' . $domain . ' 部署证书成功!');
}
}
private function deploy_imagex($cert_id, $config)
{
if (empty($config['domain'])) throw new Exception('绑定的域名不能为空');
$client = new Volcengine($this->AccessKeyId, $this->SecretAccessKey, 'imagex.volcengineapi.com', 'imagex', '2018-08-01', 'cn-north-1', $this->proxy);
foreach (explode(',', $config['domain']) as $domain) {
if (empty($domain)) continue;
$param = [
[
'domain' => $domain,
'cert_id' => $cert_id,
]
];
$result = $client->request('POST', 'UpdateImageBatchDomainCert', $param);
if (isset($result['SuccessDomains']) && count($result['SuccessDomains']) > 0) {
$this->log('veImageX域名 ' . $domain . ' 部署证书成功!');
} elseif (isset($result['FailedDomains']) && count($result['FailedDomains']) > 0) {
$errmsg = $result['FailedDomains'][0]['ErrMsg'];
$this->log('veImageX域名 ' . $domain . ' 部署证书失败:' . $errmsg);
} else {
$this->log('veImageX域名 ' . $domain . ' 部署证书失败');
}
}
}
private function deploy_clb($cert_id, $config)
{
if (empty($config['listener_id'])) throw new Exception('监听器ID不能为空');
$client = new Volcengine($this->AccessKeyId, $this->SecretAccessKey, 'open.volcengineapi.com', 'clb', '2020-04-01', 'cn-beijing', $this->proxy);
$param = [
'ListenerId' => $config['listener_id'],
'CertificateSource' => 'cert_center',
'CertCenterCertificateId' => $cert_id,
];
$client->request('GET', 'ModifyListenerAttributes', $param);
$this->log('CLB监听器 ' . $config['listener_id'] . ' 部署证书成功!');
}
private function deploy_alb($cert_id, $config)
{
if (empty($config['listener_id'])) throw new Exception('监听器ID不能为空');
$client = new Volcengine($this->AccessKeyId, $this->SecretAccessKey, 'open.volcengineapi.com', 'alb', '2020-04-01', 'cn-beijing', $this->proxy);
$param = [
'ListenerId' => $config['listener_id'],
'CertificateSource' => 'cert_center',
'CertCenterCertificateId' => $cert_id,
];
$client->request('GET', 'ModifyListenerAttributes', $param);
$this->log('ALB监听器 ' . $config['listener_id'] . ' 部署证书成功!');
}
private function get_cert_id($fullchain, $privatekey)
{
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
$cert_name = str_replace('*.', '', $certInfo['subject']['CN']) . '-' . $certInfo['validFrom_time_t'];
$client = new Volcengine($this->AccessKeyId, $this->SecretAccessKey, 'certificate-service.volcengineapi.com', 'certificate_service', '2024-10-01', 'cn-beijing', $this->proxy);
$param = [
'Tag' => $cert_name,
'Repeatable' => false,
'CertificateInfo' => [
'CertificateChain' => $fullchain,
'PrivateKey' => $privatekey,
],
];
try {
$data = $client->request('POST', 'ImportCertificate', $param);
} catch (Exception $e) {
throw new Exception('上传证书失败:' . $e->getMessage());
}
if (!empty($data['InstanceId'])) {
$cert_id = $data['InstanceId'];
$this->log('上传证书成功 CertId=' . $cert_id);
$param = [
'InstanceId' => $cert_id,
'Options' => [
'ExpiredNotice' => 'Disabled',
],
];
$client->request('POST', 'CertificateUpdateInstance', $param);
} else {
$cert_id = $data['RepeatId'];
$this->log('找到已上传的证书 CertId=' . $cert_id);
}
return $cert_id;
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}

202
app/lib/deploy/k8s.php Normal file
View File

@@ -0,0 +1,202 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Symfony\Component\Yaml\Yaml;
use Exception;
class k8s implements DeployInterface
{
private $logger;
private $kubeconfig;
private $server;
private $bearerToken;
private $tls = [];
private $proxy;
public function __construct($config)
{
$this->kubeconfig = $config['kubeconfig'];
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->kubeconfig)) throw new Exception('Kubeconfig不能为空');
$this->verify();
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$namespace = $config['namespace'];
$secretName = $config['secret_name'];
if (empty($namespace)) throw new Exception('命名空间不能为空');
if (empty($secretName)) throw new Exception('Secret名称不能为空');
$this->parse();
$secretPayload = [
'apiVersion' => 'v1',
'kind' => 'Secret',
'metadata' => ['name' => $secretName, 'namespace' => $namespace],
'type' => 'kubernetes.io/tls',
'data' => [
'tls.crt' => base64_encode($config['fullchain']),
'tls.key' => base64_encode($config['privatekey']),
],
];
$secretUrl = '/api/v1/namespaces/' . $namespace . '/secrets/' . $secretName;
list($sCode, $sBody, $sErr) = $this->k8s_request('GET', $secretUrl);
if ($sCode === 404) {
$createUrl = '/api/v1/namespaces/' . $namespace . '/secrets';
$this->log('Secret:' . $secretName . ' 不存在,正在创建...');
list($cCode, $cBody, $cErr) = $this->k8s_request('POST', $createUrl, json_encode($secretPayload));
if ($cCode < 200 || $cCode >= 300) throw new Exception("创建Secret失败 (HTTP $cCode): $cBody | $cErr");
$this->log('Secret:' . $namespace . ' 创建成功');
} elseif ($sCode >= 200 && $sCode < 300) {
$this->log('Secret:' . $secretName . ' 已存在,正在更新...');
$patch = ['data' => $secretPayload['data'], 'type' => 'kubernetes.io/tls'];
list($pCode, $pBody, $pErr) = $this->k8s_request('PATCH', $secretUrl, json_encode($patch));
if ($pCode < 200 || $pCode >= 300) throw new Exception("更新Secret失败 (HTTP $pCode): $pBody | $pErr");
$this->log('Secret:' . $secretName . ' 更新成功');
} else {
throw new Exception("获取Secret失败 (HTTP $sCode): $sBody | $sErr");
}
// Bind Secret to specified Ingresses (merge spec.tls & hosts) ----
if (!empty($config['ingresses'])) {
$ingressUrl = '/apis/networking.k8s.io/v1/namespaces/' . $namespace . '/ingresses';
foreach (explode(',', $config['ingresses']) as $ingName) {
list($gCode, $gBody, $gErr) = $this->k8s_request('GET', $ingressUrl . '/' . $ingName);
if ($gCode < 200 || $gCode >= 300) throw new Exception("获取Ingress '$ingName' 失败 (HTTP $gCode): $gBody | $gErr");
$ing = json_decode($gBody, true);
if (!$ing) throw new Exception("解析Ingress '$ingName' JSON失败: $gBody");
// collect hosts from spec.rules
$hosts = [];
foreach (($ing['spec']['rules'] ?? []) as $rule) {
if (!empty($rule['host'])) $hosts[] = $rule['host'];
}
$hosts = array_values(array_unique($hosts));
// merge/ensure spec.tls entry
$tls = $ing['spec']['tls'] ?? [];
$found = false;
foreach ($tls as &$entry) {
if (($entry['secretName'] ?? '') === $secretName) {
$found = true;
$existingHosts = $entry['hosts'] ?? [];
$entry['hosts'] = array_values(array_unique(array_merge($existingHosts, $hosts)));
}
}
unset($entry);
if (!$found) {
$tls[] = ['secretName' => $secretName, 'hosts' => $hosts];
}
$patch = ['spec' => ['tls' => $tls]];
list($iCode, $iBody, $iErr) = $this->k8s_request('PATCH', $ingressUrl . '/' . $ingName, json_encode($patch, JSON_UNESCAPED_SLASHES));
if ($iCode < 200 || $iCode >= 300) throw new Exception("更新Ingress '$ingName' 失败 (HTTP $iCode): $iBody | $iErr");
$this->log("Ingress '$ingName' 更新TLS成功");
}
}
}
private function parse()
{
$kcfg = Yaml::parse($this->kubeconfig);
if (!$kcfg) throw new Exception('Kubeconfig格式错误');
$curr = $kcfg['current-context'] ?? null;
if (!$curr) throw new Exception('Kubeconfig缺少current-context');
$contexts = $this->index_by_name($kcfg['contexts'] ?? []);
$clusters = $this->index_by_name($kcfg['clusters'] ?? []);
$users = $this->index_by_name($kcfg['users'] ?? []);
$ctx = $contexts[$curr] ?? null;
if (!$ctx) throw new Exception("Kubeconfig中找不到current-context: $curr");
$clusterName = $ctx['context']['cluster'] ?? null;
$userName = $ctx['context']['user'] ?? null;
if (!$clusterName || !$userName) throw new Exception("Kubeconfig中context缺少cluster或user: $curr");
$cluster = $clusters[$clusterName] ?? null;
$user = $users[$userName] ?? null;
if (!$cluster) throw new Exception("Kubeconfig中找不到cluster: $clusterName");
if (!$user) throw new Exception("Kubeconfig中找不到user: $userName");
$this->server = $cluster['cluster']['server'] ?? null;
if (!$this->server) throw new Exception("Kubeconfig中找不到cluster.server");
$this->server = rtrim($this->server, '/');
$this->bearerToken = $user['user']['token'] ?? ($user['user']['auth-provider']['config']['access-token'] ?? null);
$clientCertFile = $clientKeyFile = null;
if (!empty($user['user']['client-certificate-data']) && !empty($user['user']['client-key-data'])) {
$clientCertFile = tempnam(sys_get_temp_dir(), 'kcc_');
$clientKeyFile = tempnam(sys_get_temp_dir(), 'kck_');
file_put_contents($clientCertFile, base64_decode($user['user']['client-certificate-data']));
file_put_contents($clientKeyFile, base64_decode($user['user']['client-key-data']));
} elseif (!empty($user['user']['client-certificate']) && !empty($user['user']['client-key'])) {
$clientCertFile = $user['user']['client-certificate'];
$clientKeyFile = $user['user']['client-key'];
}
$this->tls = ['cert' => $clientCertFile, 'key' => $clientKeyFile];
}
private function verify()
{
$this->parse();
list($vCode, $vBody, $vErr) = $this->k8s_request('GET', '/version');
if ($vErr) throw new Exception("连接Kubernetes API服务器失败: $vErr");
if ($vCode != 200) throw new Exception("连接Kubernetes API服务器失败: HTTP $vCode $vBody");
}
private function k8s_request($method, $path, $body = null)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $this->server . $path);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
$headers = ['Accept: application/json'];
if ($this->bearerToken) $headers[] = 'Authorization: Bearer ' . $this->bearerToken;
if ($body !== null) $headers[] = 'Content-Type: application/json';
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
if ($body !== null) curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
if (!empty($this->tls['cert']) && !empty($this->tls['key'])) {
curl_setopt($ch, CURLOPT_SSLCERT, $this->tls['cert']);
curl_setopt($ch, CURLOPT_SSLKEY, $this->tls['key']);
}
$resp = curl_exec($ch);
$code = curl_getinfo($ch, CURLINFO_RESPONSE_CODE);
$err = curl_error($ch);
curl_close($ch);
return [$code, $resp, $err];
}
private function index_by_name($arr)
{
$out = [];
foreach ($arr as $item) {
if (isset($item['name'])) $out[$item['name']] = $item;
}
return $out;
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}

416
app/lib/deploy/kangle.php
View File

@@ -1,208 +1,208 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class kangle implements DeployInterface
{
private $logger;
private $url;
private $auth;
private $username;
private $password;
private $skey;
private $proxy;
private $cookie;
public function __construct($config)
{
$this->url = rtrim($config['url'], '/');
$this->auth = $config['auth'];
$this->username = $config['username'];
$this->password = $config['password'];
$this->skey = $config['skey'];
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->url) || empty($this->username)) throw new Exception('必填参数不能为空');
$this->login();
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$this->login();
$this->log('登录成功 cookie:' . $this->cookie);
$this->getMain();
if ($config['type'] == '1' && !empty($config['domains'])) {
$domains = explode("\n", $config['domains']);
$success = 0;
$errmsg = null;
foreach ($domains as $domain) {
$domain = trim($domain);
if (empty($domain)) continue;
try {
$this->deployDomain($domain, $fullchain, $privatekey);
$this->log("域名 {$domain} 证书部署成功");
$success++;
} catch (Exception $e) {
$errmsg = $e->getMessage();
$this->log("域名 {$domain} 证书部署失败:" . $errmsg);
}
}
if ($success == 0) {
throw new Exception($errmsg ? $errmsg : '要部署的域名不存在');
}
} else {
$this->deployAccount($fullchain, $privatekey);
$this->log("账号级SSL证书部署成功");
}
}
private function deployDomain($domain, $fullchain, $privatekey)
{
$path = '/vhost/?c=ssl&a=domainSsl';
$post = [
'domain' => $domain,
'certificate' => $fullchain,
'certificate_key' => $privatekey,
];
$response = curl_client($this->url . $path, http_build_query($post), null, $this->cookie, null, $this->proxy);
if (strpos($response['body'], '成功')) {
return true;
} elseif (preg_match('/alert\(\'(.*?)\'\)/i', $response['body'], $match)) {
throw new Exception(htmlspecialchars($match[1]));
} elseif (strlen($response['body']) > 3 && strlen($response['body']) < 50) {
throw new Exception(htmlspecialchars($response['body']));
} else {
throw new Exception('原因未知(httpCode=' . $response['code'] . ')');
}
}
private function deployAccount($fullchain, $privatekey)
{
$path = '/vhost/?c=ssl&a=ssl';
$post = [
'certificate' => $fullchain,
'certificate_key' => $privatekey,
];
$response = curl_client($this->url . $path, http_build_query($post), null, $this->cookie, null, $this->proxy);
if (strpos($response['body'], '成功')) {
return true;
} elseif (preg_match('/alert\(\'(.*?)\'\)/i', $response['body'], $match)) {
throw new Exception(htmlspecialchars($match[1]));
} elseif (strlen($response['body']) > 3 && strlen($response['body']) < 50) {
throw new Exception(htmlspecialchars($response['body']));
} else {
throw new Exception('原因未知(httpCode=' . $response['code'] . ')');
}
}
private function login()
{
if ($this->auth == '1') {
return $this->loginBySkey();
} else {
return $this->loginByPwd();
}
}
private function loginBySkey()
{
$url = $this->url . '/vhost/index.php?c=sso&a=hello&url=' . urlencode($this->url . '/index.php?');
$response = curl_client($url, null, null, null, null, $this->proxy);
if ($response['code'] == 302 && !empty($response['redirect_url'])) {
$cookie = '';
if (preg_match_all('/Set-Cookie: (.*);/iU', $response['header'], $matchs)) {
foreach ($matchs[1] as $val) {
$arr = explode('=', $val);
if ($arr[1] == '' || $arr[1] == 'deleted') continue;
$cookie .= $val . '; ';
}
$query = parse_url($response['redirect_url'], PHP_URL_QUERY);
parse_str($query, $params);
if (isset($params['r'])) {
$sess_key = $params['r'];
$this->loginBySkey2($cookie, $sess_key);
$this->cookie = $cookie;
return true;
} else {
throw new Exception('获取SSO凭据失败sess_key获取失败');
}
} else {
throw new Exception('获取SSO凭据失败获取cookie失败');
}
} elseif (strlen($response['body']) > 3 && strlen($response['body']) < 50) {
throw new Exception('获取SSO凭据失败 (' . htmlspecialchars($response['body']) . ')');
} else {
throw new Exception('获取SSO凭据失败 (httpCode=' . $response['code'] . ')');
}
}
private function loginBySkey2($cookie, $sess_key)
{
$s = md5($sess_key . $this->username . $sess_key . $this->skey);
$url = $this->url . '/vhost/index.php?c=sso&a=login&name=' . $this->username . '&r=' . $sess_key . '&s=' . $s;
$response = curl_client($url, null, null, $cookie, null, $this->proxy);
if ($response['code'] == 302) {
return true;
} elseif (strlen($response['body']) > 3 && strlen($response['body']) < 50) {
throw new Exception('SSO登录失败 (' . htmlspecialchars($response['body']) . ')');
} else {
throw new Exception('SSO登录失败 (httpCode=' . $response['code'] . ')');
}
}
private function loginByPwd()
{
$referer = $this->url . '/vhost/index.php?c=session&a=loginForm';
$url = $this->url . '/vhost/index.php?c=session&a=login';
$post = [
'username' => $this->username,
'passwd' => $this->password,
];
$response = curl_client($url, http_build_query($post), $referer, null, null, $this->proxy);
if ($response['code'] == 302) {
$cookie = '';
if (preg_match_all('/Set-Cookie: (.*);/iU', $response['header'], $matchs)) {
foreach ($matchs[1] as $val) {
$arr = explode('=', $val);
if ($arr[1] == '' || $arr[1] == 'deleted') continue;
$cookie .= $val . '; ';
}
$this->cookie = $cookie;
return true;
} else {
throw new Exception('登录失败获取cookie失败');
}
} elseif (strpos($response['body'], '验证码错误')) {
throw new Exception('登录失败,需输入验证码');
} elseif (strpos($response['body'], '密码错误')) {
throw new Exception('登录失败,用户名或密码错误');
} else {
throw new Exception('登录失败 (httpCode=' . $response['code'] . ')');
}
}
private function getMain()
{
$path = '/vhost/';
curl_client($this->url . $path, null, null, $this->cookie, null, $this->proxy);
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class kangle implements DeployInterface
{
private $logger;
private $url;
private $auth;
private $username;
private $password;
private $skey;
private $proxy;
private $cookie;
public function __construct($config)
{
$this->url = rtrim($config['url'], '/');
$this->auth = $config['auth'];
$this->username = $config['username'];
$this->password = $config['password'];
$this->skey = $config['skey'];
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->url) || empty($this->username)) throw new Exception('必填参数不能为空');
$this->login();
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$this->login();
$this->log('登录成功 cookie:' . $this->cookie);
$this->getMain();
if ($config['type'] == '1' && !empty($config['domains'])) {
$domains = explode("\n", $config['domains']);
$success = 0;
$errmsg = null;
foreach ($domains as $domain) {
$domain = trim($domain);
if (empty($domain)) continue;
try {
$this->deployDomain($domain, $fullchain, $privatekey);
$this->log("域名 {$domain} 证书部署成功");
$success++;
} catch (Exception $e) {
$errmsg = $e->getMessage();
$this->log("域名 {$domain} 证书部署失败:" . $errmsg);
}
}
if ($success == 0) {
throw new Exception($errmsg ? $errmsg : '要部署的域名不存在');
}
} else {
$this->deployAccount($fullchain, $privatekey);
$this->log("账号级SSL证书部署成功");
}
}
private function deployDomain($domain, $fullchain, $privatekey)
{
$path = '/vhost/?c=ssl&a=domainSsl';
$post = [
'domain' => $domain,
'certificate' => $fullchain,
'certificate_key' => $privatekey,
];
$response = http_request($this->url . $path, http_build_query($post), null, $this->cookie, null, $this->proxy);
if (strpos($response['body'], '成功')) {
return true;
} elseif (preg_match('/alert\(\'(.*?)\'\)/i', $response['body'], $match)) {
throw new Exception(htmlspecialchars($match[1]));
} elseif (strlen($response['body']) > 3 && strlen($response['body']) < 50) {
throw new Exception(htmlspecialchars($response['body']));
} else {
throw new Exception('原因未知(httpCode=' . $response['code'] . ')');
}
}
private function deployAccount($fullchain, $privatekey)
{
$path = '/vhost/?c=ssl&a=ssl';
$post = [
'certificate' => $fullchain,
'certificate_key' => $privatekey,
];
$response = http_request($this->url . $path, http_build_query($post), null, $this->cookie, null, $this->proxy);
if (strpos($response['body'], '成功')) {
return true;
} elseif (preg_match('/alert\(\'(.*?)\'\)/i', $response['body'], $match)) {
throw new Exception(htmlspecialchars($match[1]));
} elseif (strlen($response['body']) > 3 && strlen($response['body']) < 50) {
throw new Exception(htmlspecialchars($response['body']));
} else {
throw new Exception('原因未知(httpCode=' . $response['code'] . ')');
}
}
private function login()
{
if ($this->auth == '1') {
return $this->loginBySkey();
} else {
return $this->loginByPwd();
}
}
private function loginBySkey()
{
$url = $this->url . '/vhost/index.php?c=sso&a=hello&url=' . urlencode($this->url . '/index.php?');
$response = http_request($url, null, null, null, null, $this->proxy);
if ($response['code'] == 302 && !empty($response['redirect_url'])) {
$cookie = '';
if (isset($response['headers']['Set-Cookie'])) {
foreach ($response['headers']['Set-Cookie'] as $val) {
$arr = explode('=', $val);
if ($arr[1] == '' || $arr[1] == 'deleted') continue;
$cookie .= $val . '; ';
}
$query = parse_url($response['redirect_url'], PHP_URL_QUERY);
parse_str($query, $params);
if (isset($params['r'])) {
$sess_key = $params['r'];
$this->loginBySkey2($cookie, $sess_key);
$this->cookie = $cookie;
return true;
} else {
throw new Exception('获取SSO凭据失败sess_key获取失败');
}
} else {
throw new Exception('获取SSO凭据失败获取cookie失败');
}
} elseif (strlen($response['body']) > 3 && strlen($response['body']) < 50) {
throw new Exception('获取SSO凭据失败 (' . htmlspecialchars($response['body']) . ')');
} else {
throw new Exception('获取SSO凭据失败 (httpCode=' . $response['code'] . ')');
}
}
private function loginBySkey2($cookie, $sess_key)
{
$s = md5($sess_key . $this->username . $sess_key . $this->skey);
$url = $this->url . '/vhost/index.php?c=sso&a=login&name=' . $this->username . '&r=' . $sess_key . '&s=' . $s;
$response = http_request($url, null, null, $cookie, null, $this->proxy);
if ($response['code'] == 302) {
return true;
} elseif (strlen($response['body']) > 3 && strlen($response['body']) < 50) {
throw new Exception('SSO登录失败 (' . htmlspecialchars($response['body']) . ')');
} else {
throw new Exception('SSO登录失败 (httpCode=' . $response['code'] . ')');
}
}
private function loginByPwd()
{
$referer = $this->url . '/vhost/index.php?c=session&a=loginForm';
$url = $this->url . '/vhost/index.php?c=session&a=login';
$post = [
'username' => $this->username,
'passwd' => $this->password,
];
$response = http_request($url, http_build_query($post), $referer, null, null, $this->proxy);
if ($response['code'] == 302) {
$cookie = '';
if (isset($response['headers']['Set-Cookie'])) {
foreach ($response['headers']['Set-Cookie'] as $val) {
$arr = explode('=', $val);
if ($arr[1] == '' || $arr[1] == 'deleted') continue;
$cookie .= $val . '; ';
}
$this->cookie = $cookie;
return true;
} else {
throw new Exception('登录失败获取cookie失败');
}
} elseif (strpos($response['body'], '验证码错误')) {
throw new Exception('登录失败,需输入验证码');
} elseif (strpos($response['body'], '密码错误')) {
throw new Exception('登录失败,用户名或密码错误');
} else {
throw new Exception('登录失败 (httpCode=' . $response['code'] . ')');
}
}
private function getMain()
{
$path = '/vhost/';
http_request($this->url . $path, null, null, $this->cookie, null, $this->proxy);
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}

173
app/lib/deploy/kangleadmin.php Normal file
View File

@@ -0,0 +1,173 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class kangleadmin implements DeployInterface
{
private $logger;
private $url;
private $path;
private $username;
private $skey;
private $proxy;
private $cookie;
public function __construct($config)
{
$this->url = rtrim($config['url'], '/');
if (empty($config['path'])) $config['path'] = '/admin';
$this->path = rtrim($config['path'], '/');
$this->username = $config['username'];
$this->skey = $config['skey'];
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->url) || empty($this->username) || empty($this->skey)) throw new Exception('必填参数不能为空');
$this->login();
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
if (empty($config['name'])) throw new Exception('网站用户名不能为空');
$this->login();
$this->log('登录成功 cookie:' . $this->cookie);
$this->loginVhost($config['name']);
if ($config['type'] == '1' && !empty($config['domains'])) {
$domains = explode("\n", $config['domains']);
$success = 0;
$errmsg = null;
foreach ($domains as $domain) {
$domain = trim($domain);
if (empty($domain)) continue;
try {
$this->deployDomain($domain, $fullchain, $privatekey);
$this->log("域名 {$domain} 证书部署成功");
$success++;
} catch (Exception $e) {
$errmsg = $e->getMessage();
$this->log("域名 {$domain} 证书部署失败:" . $errmsg);
}
}
if ($success == 0) {
throw new Exception($errmsg ? $errmsg : '要部署的域名不存在');
}
} else {
$this->deployAccount($fullchain, $privatekey);
$this->log("账号级SSL证书部署成功");
}
}
private function deployDomain($domain, $fullchain, $privatekey)
{
$path = '/vhost/?c=ssl&a=domainSsl';
$post = [
'domain' => $domain,
'certificate' => $fullchain,
'certificate_key' => $privatekey,
];
$response = http_request($this->url . $path, http_build_query($post), null, $this->cookie, null, $this->proxy);
if (strpos($response['body'], '成功')) {
return true;
} elseif (preg_match('/alert\(\'(.*?)\'\)/i', $response['body'], $match)) {
throw new Exception(htmlspecialchars($match[1]));
} elseif (strlen($response['body']) > 3 && strlen($response['body']) < 50) {
throw new Exception(htmlspecialchars($response['body']));
} else {
throw new Exception('原因未知(httpCode=' . $response['code'] . ')');
}
}
private function deployAccount($fullchain, $privatekey)
{
$path = '/vhost/?c=ssl&a=ssl';
$post = [
'certificate' => $fullchain,
'certificate_key' => $privatekey,
];
$response = http_request($this->url . $path, http_build_query($post), null, $this->cookie, null, $this->proxy);
if (strpos($response['body'], '成功')) {
return true;
} elseif (preg_match('/alert\(\'(.*?)\'\)/i', $response['body'], $match)) {
throw new Exception(htmlspecialchars($match[1]));
} elseif (strlen($response['body']) > 3 && strlen($response['body']) < 50) {
throw new Exception(htmlspecialchars($response['body']));
} else {
throw new Exception('原因未知(httpCode=' . $response['code'] . ')');
}
}
private function login()
{
$url = $this->url . $this->path . '/index.php?c=sso&a=hello&url=' . urlencode($this->url . $this->path . '/index.php?');
$response = http_request($url, null, null, null, null, $this->proxy);
if ($response['code'] == 302 && !empty($response['redirect_url'])) {
$cookie = '';
if (isset($response['headers']['Set-Cookie'])) {
foreach ($response['headers']['Set-Cookie'] as $val) {
$arr = explode('=', $val);
if ($arr[1] == '' || $arr[1] == 'deleted') continue;
$cookie .= $val . '; ';
}
$query = parse_url($response['redirect_url'], PHP_URL_QUERY);
parse_str($query, $params);
if (isset($params['r'])) {
$sess_key = $params['r'];
$this->login2($cookie, $sess_key);
$this->cookie = $cookie;
return true;
} else {
throw new Exception('获取SSO凭据失败sess_key获取失败');
}
} else {
throw new Exception('获取SSO凭据失败获取cookie失败');
}
} elseif (strlen($response['body']) > 3 && strlen($response['body']) < 50) {
throw new Exception('获取SSO凭据失败 (' . htmlspecialchars($response['body']) . ')');
} else {
throw new Exception('获取SSO凭据失败 (httpCode=' . $response['code'] . ')');
}
}
private function login2($cookie, $sess_key)
{
$s = md5($sess_key . $this->username . $sess_key . $this->skey);
$url = $this->url . $this->path . '/index.php?c=sso&a=login&name=' . $this->username . '&r=' . $sess_key . '&s=' . $s;
$response = http_request($url, null, null, $cookie, null, $this->proxy);
if ($response['code'] == 302) {
return true;
} elseif (strlen($response['body']) > 3 && strlen($response['body']) < 50) {
throw new Exception('SSO登录失败 (' . htmlspecialchars($response['body']) . ')');
} else {
throw new Exception('SSO登录失败 (httpCode=' . $response['code'] . ')');
}
}
private function loginVhost($name)
{
$url = $this->url . $this->path . '/index.php?c=vhost&a=impLogin&name=' . $name;
$response = http_request($url, null, null, $this->cookie, null, $this->proxy);
if ($response['code'] == 302) {
http_request($this->url . '/vhost/', null, null, $this->cookie, null, $this->proxy);
} else {
throw new Exception('用户面板登录失败 (httpCode=' . $response['code'] . ')');
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}

79
app/lib/deploy/ksyun.php Normal file
View File

@@ -0,0 +1,79 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use app\lib\client\Ksyun as KsyunClient;
use Exception;
class ksyun implements DeployInterface
{
private $logger;
private $AccessKeyId;
private $SecretAccessKey;
private $proxy;
public function __construct($config)
{
$this->AccessKeyId = $config['AccessKeyId'];
$this->SecretAccessKey = $config['SecretAccessKey'];
$this->proxy = isset($config['proxy']) ? $config['proxy'] == 1 : false;
}
public function check()
{
if (empty($this->AccessKeyId) || empty($this->SecretAccessKey)) throw new Exception('必填参数不能为空');
$client = new KsyunClient($this->AccessKeyId, $this->SecretAccessKey, 'cdn.api.ksyun.com', 'cdn', 'cn-shanghai-2', $this->proxy);
$client->request('GET', 'GetCertificates', '2016-09-01', '/2016-09-01/cert/GetCertificates');
return true;
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$this->deploy_cdn($fullchain, $privatekey, $config, $info);
}
public function deploy_cdn($fullchain, $privatekey, $config, &$info)
{
if (empty($config['domain'])) throw new Exception('绑定的域名不能为空');
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
$config['cert_name'] = str_replace('*.', '', $certInfo['subject']['CN']) . '-' . $certInfo['validFrom_time_t'];
$domains = explode(',', $config['domain']);
$client = new KsyunClient($this->AccessKeyId, $this->SecretAccessKey, 'cdn.api.ksyun.com', 'cdn', 'cn-shanghai-2', $this->proxy);
$param = [
'PageSize' => 100,
'PageNumber' => 1,
];
$domain_ids = [];
$result = $client->request('GET', 'GetCdnDomains', '2019-06-01', '/2019-06-01/domain/GetCdnDomains', $param);
foreach ($result['Domains'] as $row) {
if (in_array($row['DomainName'], $domains)) {
$domain_ids[] = $row['DomainId'];
}
}
if (count($domain_ids) == 0) throw new Exception('未找到对应的CDN域名');
$param = [
'Enable' => 'on',
'DomainIds' => implode(',', $domain_ids),
'CertificateName' => $config['cert_name'],
'ServerCertificate' => $fullchain,
'PrivateKey' => $privatekey,
];
$result = $client->request('POST', 'ConfigCertificate', '2016-09-01', '/2016-09-01/cert/ConfigCertificate', $param);
$this->log('CDN证书部署成功证书ID' . $result['CertificateId']);
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}

94
app/lib/deploy/kuocai.php Normal file
View File

@@ -0,0 +1,94 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class kuocai implements DeployInterface
{
private $logger;
private $username;
private $password;
private $proxy;
private $token = null;
public function __construct($config)
{
$this->username = $config['username'];
$this->password = $config['password'];
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->username) || empty($this->password)) {
throw new Exception('请填写控制台账号和密码');
}
$this->request('/login/loginUser', [
'userAccount' => $this->username,
'userPwd' => $this->password,
'remember' => 'true'
]);
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$id = $config['id'];
if (empty($id)) {
throw new Exception('域名ID不能为空');
}
$this->token = $this->request('/login/loginUser', [
'userAccount' => $this->username,
'userPwd' => $this->password,
'remember' => 'true'
]);
$this->request('/CdnDomainHttps/httpsConfiguration', [
'doMainId' => $id,
'https' => [
'certificate_name' => uniqid('cert_'),
'certificate_source' => '0',
'certificate_value' => $fullchain,
'https_status' => 'on',
'private_key' => $privatekey,
]
], true);
$this->log("域名ID:{$id}更新成功!");
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
private function request($path, $params = null, $json = false)
{
$url = 'https://www.kuocaicdn.com' . $path;
$body = $json ? json_encode($params) : $params;
$headers = [];
if ($json) $headers['Content-Type'] = 'application/json';
$response = http_request(
$url,
$body,
null,
$this->token ? "kuocai_cdn_token={$this->token}" : null,
$headers,
$this->proxy
);
$result = json_decode($response['body'], true);
if (isset($result['code']) && $result['code'] == 'SUCCESS') {
return isset($result['data']) ? $result['data'] : null;
} elseif (isset($result['message'])) {
throw new Exception($result['message']);
} else {
throw new Exception('请求失败(httpCode=' . $response['code'] . ')');
}
}
}

244
app/lib/deploy/lecdn.php
View File

@@ -1,106 +1,138 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class lecdn implements DeployInterface
{
private $logger;
private $url;
private $email;
private $password;
private $proxy;
private $accessToken;
public function __construct($config)
{
$this->url = rtrim($config['url'], '/');
$this->email = $config['email'];
$this->password = $config['password'];
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->url) || empty($this->email) || empty($this->password)) throw new Exception('账号和密码不能为空');
$this->login();
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$id = $config['id'];
if (empty($id)) throw new Exception('证书ID不能为空');
$this->login();
try {
$data = $this->request('/prod-api/certificate/' . $id);
} catch (Exception $e) {
throw new Exception('证书ID:' . $id . '获取失败:' . $e->getMessage());
}
$params = [
'id' => intval($id),
'name' => $data['name'],
'description' => $data['description'],
'type' => 'upload',
'ssl_pem' => base64_encode($fullchain),
'ssl_key' => base64_encode($privatekey),
'auto_renewal' => false,
];
$this->request('/prod-api/certificate/' . $id, $params, 'PUT');
$this->log("证书ID:{$id}更新成功!");
}
private function login()
{
$path = '/prod-api/login';
$params = [
'email' => $this->email,
'password' => $this->password,
];
$result = $this->request($path, $params);
if (isset($result['access_token'])) {
$this->accessToken = $result['access_token'];
} else {
throw new Exception('登录成功获取access_token失败');
}
}
private function request($path, $params = null, $method = null)
{
$url = $this->url . $path;
$headers = [];
$body = null;
if ($this->accessToken) {
$headers[] = 'Authorization: Bearer ' . $this->accessToken;
}
if ($params) {
$headers[] = 'Content-Type: application/json;charset=UTF-8';
$body = json_encode($params);
}
$response = curl_client($url, $body, null, null, $headers, $this->proxy, $method);
$result = json_decode($response['body'], true);
if (isset($result['code']) && $result['code'] == 0) {
return isset($result['data']) ? $result['data'] : null;
} elseif (isset($result['message'])) {
throw new Exception($result['message']);
} else {
throw new Exception('返回数据解析失败');
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class lecdn implements DeployInterface
{
private $logger;
private $url;
private $email;
private $password;
private $auth;
private $apiKey;
private $proxy;
private $accessToken;
public function __construct($config)
{
$this->url = rtrim($config['url'], '/');
$this->email = $config['email'];
$this->password = $config['password'];
$this->auth = isset($config['auth']) ? intval($config['auth']) : 0;
if ($this->auth == 1) {
$this->apiKey = $config['api_key'];
}
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if ($this->auth == 1) {
if (empty($this->url) || empty($this->apiKey)) throw new Exception('API访问令牌不能为空');
$this->request('/prod-api/system/info');
} else {
if (empty($this->url) || empty($this->email) || empty($this->password)) throw new Exception('账号和密码不能为空');
$this->login();
}
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
if ($this->auth == 0) {
$this->login();
}
$id = $config['id'];
if (empty($id)) {
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
$cert_name = str_replace('*.', '', $certInfo['subject']['CN']) . '-' . $certInfo['validFrom_time_t'];
$params = [
'name' => $cert_name,
'type' => 'upload',
'ssl_pem' => base64_encode($fullchain),
'ssl_key' => base64_encode($privatekey),
'auto_renewal' => false,
];
$data = $this->request('/prod-api/certificate', $params, 'POST');
$id = $data['id'];
$this->log("证书ID:{$id}添加成功!");
$info['config']['id'] = $id;
return;
}
try {
$data = $this->request('/prod-api/certificate/' . $id);
} catch (Exception $e) {
throw new Exception('证书ID:' . $id . '获取失败:' . $e->getMessage());
}
$params = [
'id' => intval($id),
'name' => $data['name'],
'description' => $data['description'],
'type' => 'upload',
'ssl_pem' => base64_encode($fullchain),
'ssl_key' => base64_encode($privatekey),
'auto_renewal' => false,
];
$this->request('/prod-api/certificate/' . $id, $params, 'PUT');
$this->log("证书ID:{$id}更新成功!");
}
private function login()
{
$path = '/prod-api/login';
$params = [
'email' => $this->email,
'username' => $this->email,
'password' => $this->password,
];
$result = $this->request($path, $params);
if (isset($result['token'])) {
$this->accessToken = $result['token'];
} else {
throw new Exception('登录成功获取access_token失败');
}
}
private function request($path, $params = null, $method = null)
{
$url = $this->url . $path;
$headers = [];
$body = null;
if ($this->accessToken) {
$headers['Authorization'] = 'Bearer ' . $this->accessToken;
} elseif ($this->auth == 1 && $this->apiKey) {
$headers['Authorization'] = $this->apiKey;
}
if ($params) {
$headers['Content-Type'] = 'application/json;charset=UTF-8';
$body = json_encode($params);
}
$response = http_request($url, $body, null, null, $headers, $this->proxy, $method);
$result = json_decode($response['body'], true);
if (isset($result['code']) && $result['code'] == 200) {
return $result['data'] ?? null;
} elseif (isset($result['message'])) {
throw new Exception($result['message']);
} else {
throw new Exception('返回数据解析失败');
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}

154
app/lib/deploy/local.php
View File

@@ -1,77 +1,77 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class local implements DeployInterface
{
private $logger;
public function __construct($config) {}
public function check() {}
public function deploy($fullchain, $privatekey, $config, &$info)
{
if (!empty($config['cmd']) && !function_exists('exec')) {
throw new Exception('exec函数被禁用');
}
if ($config['format'] == 'pem') {
$dir = dirname($config['pem_cert_file']);
if (!is_dir($dir)) throw new Exception($dir . ' 目录不存在');
if (!is_writable($dir)) throw new Exception($dir . ' 目录不可写');
if (file_put_contents($config['pem_cert_file'], $fullchain)) {
$this->log('证书已保存到:' . $config['pem_cert_file']);
} else {
throw new Exception('证书保存到' . $config['pem_cert_file'] . '失败,请检查目录权限');
}
if (file_put_contents($config['pem_key_file'], $privatekey)) {
$this->log('私钥已保存到:' . $config['pem_key_file']);
} else {
throw new Exception('私钥保存到' . $config['pem_key_file'] . '失败,请检查目录权限');
}
} elseif ($config['format'] == 'pfx') {
$dir = dirname($config['pfx_file']);
if (!is_dir($dir)) throw new Exception($dir . ' 目录不存在');
if (!is_writable($dir)) throw new Exception($dir . ' 目录不可写');
$pfx = \app\lib\CertHelper::getPfx($fullchain, $privatekey, $config['pfx_pass'] ? $config['pfx_pass'] : null);
if (file_put_contents($config['pfx_file'], $pfx)) {
$this->log('PFX证书已保存到' . $config['pfx_file']);
} else {
throw new Exception('PFX证书保存到' . $config['pfx_file'] . '失败,请检查目录权限');
}
}
if (!empty($config['cmd'])) {
$cmds = explode("\n", $config['cmd']);
foreach ($cmds as $cmd) {
$cmd = trim($cmd);
if (empty($cmd)) continue;
$this->log('执行命令:' . $cmd);
$output = [];
$ret = 0;
exec($cmd, $output, $ret);
if ($ret == 0) {
$this->log('执行命令成功:' . implode("\n", $output));
} else {
throw new Exception('执行命令失败:' . implode("\n", $output));
}
}
}
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
public function setLogger($logger)
{
$this->logger = $logger;
}
}
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class local implements DeployInterface
{
private $logger;
public function __construct($config) {}
public function check() {}
public function deploy($fullchain, $privatekey, $config, &$info)
{
if (!empty($config['cmd']) && !function_exists('exec')) {
throw new Exception('exec函数被禁用');
}
if ($config['format'] == 'pem') {
$dir = dirname($config['pem_cert_file']);
if (!is_dir($dir)) throw new Exception($dir . ' 目录不存在');
if (!is_writable($dir)) throw new Exception($dir . ' 目录不可写');
if (file_put_contents($config['pem_cert_file'], $fullchain)) {
$this->log('证书已保存到:' . $config['pem_cert_file']);
} else {
throw new Exception('证书保存到' . $config['pem_cert_file'] . '失败,请检查目录权限');
}
if (file_put_contents($config['pem_key_file'], $privatekey)) {
$this->log('私钥已保存到:' . $config['pem_key_file']);
} else {
throw new Exception('私钥保存到' . $config['pem_key_file'] . '失败,请检查目录权限');
}
} elseif ($config['format'] == 'pfx') {
$dir = dirname($config['pfx_file']);
if (!is_dir($dir)) throw new Exception($dir . ' 目录不存在');
if (!is_writable($dir)) throw new Exception($dir . ' 目录不可写');
$pfx = \app\lib\CertHelper::getPfx($fullchain, $privatekey, $config['pfx_pass'] ? $config['pfx_pass'] : null);
if (file_put_contents($config['pfx_file'], $pfx)) {
$this->log('PFX证书已保存到' . $config['pfx_file']);
} else {
throw new Exception('PFX证书保存到' . $config['pfx_file'] . '失败,请检查目录权限');
}
}
if (!empty($config['cmd'])) {
$cmds = explode("\n", $config['cmd']);
foreach ($cmds as $cmd) {
$cmd = trim($cmd);
if (empty($cmd)) continue;
$this->log('执行命令:' . $cmd);
$output = [];
$ret = 0;
exec($cmd, $output, $ret);
if ($ret == 0) {
$this->log('执行命令成功:' . implode("\n", $output));
} else {
throw new Exception('执行命令失败:' . implode("\n", $output));
}
}
}
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
public function setLogger($logger)
{
$this->logger = $logger;
}
}

114
app/lib/deploy/lucky.php Normal file
View File

@@ -0,0 +1,114 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class lucky implements DeployInterface
{
private $logger;
private $url;
private $opentoken;
private $proxy;
public function __construct($config)
{
$this->url = rtrim($config['url'], '/') . (!empty($config['path']) ? $config['path'] : '');
$this->opentoken = $config['opentoken'];
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->url) || empty($this->opentoken)) throw new Exception('请填写面板地址和OpenToken');
$this->request("/api/modules/list");
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$domains = $config['domainList'];
if (empty($domains)) throw new Exception('没有设置要部署的域名');
try {
$data = $this->request("/api/ssl");
$this->log('获取证书列表成功');
} catch (Exception $e) {
throw new Exception('获取证书列表失败:' . $e->getMessage());
}
$success = 0;
$errmsg = null;
if (!empty($data['list'])) {
foreach ($data['list'] as $row) {
if (empty($row['CertsInfo']['Domains'])) continue;
$cert_domains = $row['CertsInfo']['Domains'];
$flag = false;
foreach ($cert_domains as $domain) {
if (in_array($domain, $domains)) {
$flag = true;
break;
}
}
if ($flag) {
$params = [
'Key' => $row['Key'],
'CertBase64' => base64_encode($fullchain),
'KeyBase64' => base64_encode($privatekey),
'AddFrom' => 'file',
'Enable' => true,
'MappingToPath' => false,
'Remark' => $row['Remark'] ?: '',
'AllSyncClient' => false,
];
try {
$this->request('/api/ssl', $params, 'PUT');
$this->log("证书ID:{$row['Key']}更新成功!");
$success++;
} catch (Exception $e) {
$errmsg = $e->getMessage();
$this->log("证书ID:{$row['Key']}更新失败:" . $errmsg);
}
}
}
}
if ($success == 0) {
throw new Exception($errmsg ? $errmsg : '没有要更新的证书');
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
private function request($path, $params = null, $method = null)
{
$url = $this->url . $path;
$headers = [
'openToken' => $this->opentoken,
];
$body = null;
if ($params) {
$body = json_encode($params);
$headers['Content-Type'] = 'application/json';
}
$response = http_request($url, $body, null, null, $headers, $this->proxy, $method);
$result = json_decode($response['body'], true);
if (isset($result['ret']) && $result['ret'] == 0) {
return $result;
} elseif (isset($result['msg'])) {
throw new Exception($result['msg']);
} else {
throw new Exception('请求失败(httpCode=' . $response['code'] . ')');
}
}
}

127
app/lib/deploy/mwpanel.php Normal file
View File

@@ -0,0 +1,127 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class mwpanel implements DeployInterface
{
private $logger;
private $url;
private $appid;
private $appsecret;
private $proxy;
public function __construct($config)
{
$this->url = rtrim($config['url'], '/');
$this->appid = $config['appid'];
$this->appsecret = $config['appsecret'];
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->url) || empty($this->appid) || empty($this->appsecret)) throw new Exception('请填写面板地址和接口密钥');
$path = '/task/count';
$response = $this->request($path);
$result = json_decode($response, true);
if (isset($result['status']) && $result['status'] == true) {
return true;
} else {
throw new Exception(isset($result['msg']) ? $result['msg'] : '面板地址无法连接');
}
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
if ($config['type'] == '1') {
$this->deployPanel($fullchain, $privatekey);
$this->log("面板证书部署成功");
return;
}
$sites = explode("\n", $config['sites']);
$success = 0;
$errmsg = null;
foreach ($sites as $site) {
$siteName = trim($site);
if (empty($siteName)) continue;
try {
$this->deploySite($siteName, $fullchain, $privatekey);
$this->log("网站 {$siteName} 证书部署成功");
$success++;
} catch (Exception $e) {
$errmsg = $e->getMessage();
$this->log("网站 {$siteName} 证书部署失败:" . $errmsg);
}
}
if ($success == 0) {
throw new Exception($errmsg ? $errmsg : '要部署的网站不存在');
}
}
private function deployPanel($fullchain, $privatekey)
{
$path = '/setting/save_panel_ssl';
$data = [
'privateKey' => $privatekey,
'certPem' => $fullchain,
'choose' => 'local',
];
$response = $this->request($path, $data);
$result = json_decode($response, true);
if (isset($result['status']) && $result['status']) {
return true;
} elseif (isset($result['msg'])) {
throw new Exception($result['msg']);
} else {
throw new Exception($response ? $response : '返回数据解析失败');
}
}
private function deploySite($siteName, $fullchain, $privatekey)
{
$path = '/site/set_ssl';
$data = [
'type' => '1',
'siteName' => $siteName,
'key' => $privatekey,
'csr' => $fullchain,
];
$response = $this->request($path, $data);
$result = json_decode($response, true);
if (isset($result['status']) && $result['status']) {
return true;
} elseif (isset($result['msg'])) {
throw new Exception($result['msg']);
} else {
throw new Exception($response ? $response : '返回数据解析失败');
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
private function request($path, $params = null)
{
$url = $this->url . $path;
$headers = [
'app-id' => $this->appid,
'app-secret' => $this->appsecret,
];
$response = http_request($url, $params ? http_build_query($params) : null, null, null, $headers, $this->proxy);
return $response['body'];
}
}

381
app/lib/deploy/opanel.php
View File

@@ -1,111 +1,270 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class opanel implements DeployInterface
{
private $logger;
private $url;
private $key;
private $proxy;
public function __construct($config)
{
$this->url = rtrim($config['url'], '/');
$this->key = $config['key'];
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->url) || empty($this->key)) throw new Exception('请填写面板地址和接口密钥');
$this->request('/api/v1/settings/search');
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$domains = $config['domainList'];
if (empty($domains)) throw new Exception('没有设置要部署的域名');
$params = ['page'=>1, 'pageSize'=>500];
try {
$data = $this->request('/api/v1/websites/ssl/search', $params);
$this->log('获取证书列表成功(total=' . $data['total'] . ')');
} catch (Exception $e) {
throw new Exception('获取证书列表失败:' . $e->getMessage());
}
$success = 0;
$errmsg = null;
foreach ($data['items'] as $row) {
if (empty($row['primaryDomain'])) continue;
$cert_domains[] = $row['primaryDomain'];
if(!empty($row['domains'])) $cert_domains += explode(',', $row['domains']);
$flag = false;
foreach ($cert_domains as $domain) {
if (in_array($domain, $domains)) {
$flag = true;
break;
}
}
if ($flag) {
$params = [
'sslID' => $row['id'],
'type' => 'paste',
'certificate' => $fullchain,
'privateKey' => $privatekey,
'description' => '',
];
try {
$this->request('/api/v1/websites/ssl/upload', $params);
$this->log("证书ID:{$row['id']}更新成功!");
$success++;
} catch (Exception $e) {
$errmsg = $e->getMessage();
$this->log("证书ID:{$row['id']}更新失败:" . $errmsg);
}
}
}
if ($success == 0) {
throw new Exception($errmsg ? $errmsg : '没有要更新的证书');
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
private function request($path, $params = null)
{
$url = $this->url . $path;
$timestamp = time().'';
$token = md5('1panel' . $this->key . $timestamp);
$headers = [
'1Panel-Token: '.$token,
'1Panel-Timestamp: '.$timestamp
];
$body = $params ? json_encode($params) : null;
if($body) $headers[] = 'Content-Type: application/json';
$response = curl_client($url, $body, null, null, $headers, $this->proxy);
$result = json_decode($response['body'], true);
if(isset($result['code']) && $result['code'] == 200){
return isset($result['data']) ? $result['data'] : null;
}elseif(isset($result['message'])){
throw new Exception($result['message']);
}else{
throw new Exception('请求失败(httpCode=' . $response['code'] . ')');
}
}
}
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class opanel implements DeployInterface
{
private $logger;
private $url;
private $key;
private $proxy;
public function __construct($config)
{
$this->url = rtrim($config['url'], '/') . '/api/' . (isset($config['version']) ? $config['version'] : 'v1');
$this->key = $config['key'];
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->url) || empty($this->key)) throw new Exception('请填写面板地址和接口密钥');
$this->request("/settings/search");
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
// 解析节点名称列表
$nodeNames = $this->parseNodeNames($config);
if (isset($config['type']) && $config['type'] == '3') {
// 面板本身的证书部署
$params = [
'cert' => $fullchain,
'key' => $privatekey,
'ssl' => 'Enable',
'sslID' => null,
'sslType' => 'import-paste',
];
if (empty($nodeNames)) {
// 没有指定节点,只部署到主控节点
try {
$this->request('/core/settings/ssl/update', $params);
$this->log("面板证书更新成功!");
return;
} catch (Exception $e) {
throw new Exception("面板证书更新失败:" . $e->getMessage());
}
} else {
// 同时部署到主节点和所有指定的子节点
$successCount = 0;
$failCount = 0;
// 先更新主节点
try {
$this->request('/core/settings/ssl/update', $params);
$this->log("主节点面板证书更新成功!");
$successCount++;
} catch (Exception $e) {
$this->log("主节点面板证书更新失败:" . $e->getMessage());
$failCount++;
}
// 然后更新所有子节点
foreach ($nodeNames as $nodeName) {
try {
$this->request('/core/settings/ssl/update', $params, $nodeName);
$this->log("节点 [{$nodeName}] 面板证书更新成功!");
$successCount++;
} catch (Exception $e) {
$this->log("节点 [{$nodeName}] 面板证书更新失败:" . $e->getMessage());
$failCount++;
}
}
if ($failCount > 0 && $successCount == 0) {
throw new Exception("所有节点证书更新失败");
}
return;
}
}
// 如果没有指定节点,则只部署到主控节点
if (empty($nodeNames)) {
$this->deployToNode($fullchain, $privatekey, $config, null);
} else {
// 同时部署到主节点和所有指定的子节点
$successCount = 0;
$failCount = 0;
// 先更新主节点
try {
$this->deployToNode($fullchain, $privatekey, $config, null);
$successCount++;
} catch (Exception $e) {
$this->log("主节点部署失败:" . $e->getMessage());
$failCount++;
}
// 然后更新所有子节点
foreach ($nodeNames as $nodeName) {
try {
$this->deployToNode($fullchain, $privatekey, $config, $nodeName);
$successCount++;
} catch (Exception $e) {
$this->log("节点 [{$nodeName}] 部署失败:" . $e->getMessage());
$failCount++;
}
}
if ($failCount > 0 && $successCount == 0) {
throw new Exception("所有节点部署失败");
}
}
}
/**
* 部署到指定节点
*/
private function deployToNode($fullchain, $privatekey, $config, $nodeName = null)
{
if (!empty($config['id'])) {
// 指定证书ID的情况
$params = [
'sslID' => intval($config['id']),
'type' => 'paste',
'certificate' => $fullchain,
'privateKey' => $privatekey,
'description' => '',
];
try {
$this->request('/websites/ssl/upload', $params, $nodeName);
$logMsg = $nodeName ? "节点 [{$nodeName}] 证书ID:{$config['id']}更新成功!" : "证书ID:{$config['id']}更新成功!";
$this->log($logMsg);
return;
} catch (Exception $e) {
$logMsg = $nodeName ? "节点 [{$nodeName}] 证书ID:{$config['id']}更新失败:" : "证书ID:{$config['id']}更新失败:";
throw new Exception($logMsg . $e->getMessage());
}
}
// 根据域名自动匹配证书
$domains = $config['domainList'];
if (empty($domains)) throw new Exception('没有设置要部署的域名');
$params = ['page' => 1, 'pageSize' => 500, 'orderBy' => 'expire_date', 'order' => 'null'];
try {
$data = $this->request("/websites/ssl/search", $params, $nodeName);
$logMsg = $nodeName ? "节点 [{$nodeName}] " : "";
$this->log($logMsg . '获取证书列表成功(total=' . $data['total'] . ')');
} catch (Exception $e) {
$logMsg = $nodeName ? "节点 [{$nodeName}] " : "";
throw new Exception($logMsg . '获取证书列表失败:' . $e->getMessage());
}
$success = 0;
$errmsg = null;
if (!empty($data['items'])) {
foreach ($data['items'] as $row) {
if (empty($row['primaryDomain'])) continue;
$cert_domains = [];
$cert_domains[] = $row['primaryDomain'];
if (!empty($row['domains'])) $cert_domains += explode(',', $row['domains']);
$flag = false;
foreach ($cert_domains as $domain) {
if (in_array($domain, $domains) || in_array('*' . substr($domain, strpos($domain, '.')), $domains)) {
$flag = true;
break;
}
}
if ($flag) {
$params = [
'sslID' => $row['id'],
'type' => 'paste',
'certificate' => $fullchain,
'privateKey' => $privatekey,
'description' => '',
];
try {
$this->request('/websites/ssl/upload', $params, $nodeName);
$logMsg = $nodeName ? "节点 [{$nodeName}] 证书ID:{$row['id']}更新成功!" : "证书ID:{$row['id']}更新成功!";
$this->log($logMsg);
$success++;
} catch (Exception $e) {
$errmsg = $e->getMessage();
$logMsg = $nodeName ? "节点 [{$nodeName}] 证书ID:{$row['id']}更新失败:" : "证书ID:{$row['id']}更新失败:";
$this->log($logMsg . $errmsg);
}
}
}
}
if ($success == 0) {
$params = [
'sslID' => 0,
'type' => 'paste',
'certificate' => $fullchain,
'privateKey' => $privatekey,
'description' => '',
];
$this->request('/websites/ssl/upload', $params, $nodeName);
$logMsg = $nodeName ? "节点 [{$nodeName}] 证书上传成功!" : "证书上传成功!";
$this->log($logMsg);
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
/**
* 解析节点名称列表
*/
private function parseNodeNames($config)
{
if (!isset($config['node_name']) || empty($config['node_name'])) {
return [];
}
$nodeNameStr = trim($config['node_name']);
if (empty($nodeNameStr)) {
return [];
}
// 按行分割,过滤空行
$nodeNames = array_filter(
array_map('trim', explode("\n", $nodeNameStr)),
function($name) {
return !empty($name);
}
);
return array_values($nodeNames);
}
private function request($path, $params = null, $nodeName = null)
{
$url = $this->url . $path;
$timestamp = time() . '';
$token = md5('1panel' . $this->key . $timestamp);
$headers = [
'1Panel-Token' => $token,
'1Panel-Timestamp' => $timestamp,
];
// 只有子节点时才设置 CurrentNode 头,主节点时不设置该头
if (!empty($nodeName)) {
$headers['CurrentNode'] = $nodeName;
}
$body = $params ? json_encode($params) : '{}';
if ($body) $headers['Content-Type'] = 'application/json';
$response = http_request($url, $body, null, null, $headers, $this->proxy);
$result = json_decode($response['body'], true);
if (isset($result['code']) && $result['code'] == 200) {
return $result['data'] ?? null;
} elseif (isset($result['message'])) {
throw new Exception($result['message']);
} else {
throw new Exception('请求失败(httpCode=' . $response['code'] . ')');
}
}
}

93
app/lib/deploy/proxmox.php Normal file
View File

@@ -0,0 +1,93 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class proxmox implements DeployInterface
{
private $logger;
private $url;
private $api_user;
private $api_key;
private $proxy;
public function __construct($config)
{
$this->url = rtrim($config['url'], '/');
$this->api_user = $config['api_user'];
$this->api_key = $config['api_key'];
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->url) || empty($this->api_user) || empty($this->api_key)) throw new Exception('必填内容不能为空');
$path = '/api2/json/access';
$this->send_request($path);
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
if (empty($config['node'])) throw new Exception('节点名称不能为空');
$cert_hash = openssl_x509_fingerprint($fullchain, 'sha256');
if (!$cert_hash) throw new Exception('证书解析失败');
$path = '/api2/json/nodes/' . $config['node'] . '/certificates/info';
$list = $this->send_request($path);
foreach ($list as $item) {
$fingerprint = strtolower(str_replace(':', '', $item['fingerprint']));
if ($fingerprint == $cert_hash) {
$this->log('节点:' . $config['node'] . ' 证书已存在');
return;
}
}
$path = '/api2/json/nodes/' . $config['node'] . '/certificates/custom';
$params = [
'certificates' => $fullchain,
'key' => $privatekey,
'force' => 1,
'restart' => 1,
];
$this->send_request($path, $params);
$this->log('节点:' . $config['node'] . ' 证书部署成功!');
}
private function send_request($path, $params = null)
{
$url = $this->url . $path;
$headers = ['Authorization' => 'PVEAPIToken=' . $this->api_user . '=' . $this->api_key];
$post = $params ? http_build_query($params) : null;
$response = http_request($url, $post, null, null, $headers, $this->proxy);
if ($response['code'] == 200) {
$result = json_decode($response['body'], true);
if (isset($result['data'])) {
return $result['data'];
} elseif (isset($result['errors'])) {
if (is_array($result['errors'])) {
$result['errors'] = implode(';', $result['errors']);
}
throw new Exception($result['errors']);
} else {
throw new Exception('返回数据解析失败');
}
} else {
throw new Exception('请求失败(httpCode=' . $response['code'] . ', body=' . $response['body'] . ')');
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}

305
app/lib/deploy/qiniu.php
View File

@@ -1,145 +1,160 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use app\lib\client\Qiniu as QiniuClient;
use Exception;
class qiniu implements DeployInterface
{
private $logger;
private $AccessKey;
private $SecretKey;
private QiniuClient $client;
public function __construct($config)
{
$this->AccessKey = $config['AccessKey'];
$this->SecretKey = $config['SecretKey'];
$this->client = new QiniuClient($this->AccessKey, $this->SecretKey);
}
public function check()
{
if (empty($this->AccessKey) || empty($this->SecretKey)) throw new Exception('必填参数不能为空');
$this->client->request('GET', '/sslcert');
return true;
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$domain = $config['domain'];
if (empty($domain)) throw new Exception('绑定的域名不能为空');
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
$cert_name = str_replace('*.', '', $certInfo['subject']['CN']) . '-' . $certInfo['validFrom_time_t'];
$cert_id = $this->get_cert_id($fullchain, $privatekey, $certInfo['subject']['CN'], $cert_name);
if ($config['product'] == 'cdn') {
$this->deploy_cdn($domain, $cert_id);
} elseif ($config['product'] == 'oss') {
$this->deploy_oss($domain, $cert_id);
} else {
throw new Exception('未知的产品类型');
}
$info['cert_id'] = $cert_id;
$info['cert_name'] = $cert_name;
}
private function deploy_cdn($domain, $cert_id)
{
try {
$data = $this->client->request('GET', '/domain/' . $domain);
} catch (Exception $e) {
throw new Exception('获取域名信息失败:' . $e->getMessage());
}
if (isset($data['https']['certId']) && $data['https']['certId'] == $cert_id) {
$this->log('域名 ' . $domain . ' 证书已部署,无需重复操作');
return;
}
if (empty($data['https']['certId'])) {
$param = [
'certid' => $cert_id,
];
$this->client->request('PUT', '/domain/' . $domain . '/sslize', null, $param);
} else {
$param = [
'certid' => $cert_id,
'forceHttps' => $data['https']['forceHttps'],
'http2Enable' => $data['https']['http2Enable'],
];
$this->client->request('PUT', '/domain/' . $domain . '/httpsconf', null, $param);
}
$this->log('CDN域名 ' . $domain . ' 证书部署成功!');
}
private function deploy_oss($domain, $cert_id)
{
$param = [
'certid' => $cert_id,
'domain' => $domain,
];
$this->client->request('POST', '/cert/bind', null, $param);
$this->log('OSS域名 ' . $domain . ' 证书部署成功!');
}
private function get_cert_id($fullchain, $privatekey, $common_name, $cert_name)
{
$cert_id = null;
$marker = '';
do {
$query = ['marker' => $marker, 'limit' => 100];
$data = $this->client->request('GET', '/sslcert', $query);
if (empty($data['certs'])) break;
$marker = $data['marker'];
foreach ($data['certs'] as $cert) {
if ($cert_name == $cert['name']) {
$cert_id = $cert['certid'];
$this->log('证书' . $cert_name . '已存在证书ID:' . $cert_id);
} elseif ($cert['not_after'] < time()) {
try {
$this->client->request('DELETE', '/sslcert/' . $cert['certid']);
$this->log('证书' . $cert['name'] . '已过期,删除证书成功');
} catch (Exception $e) {
$this->log('证书' . $cert['name'] . '已过期,删除证书失败:' . $e->getMessage());
}
usleep(300000);
}
}
} while ($marker != '');
if (!$cert_id) {
$param = [
'name' => $cert_name,
'common_name' => $common_name,
'pri' => $privatekey,
'ca' => $fullchain,
];
try {
$data = $this->client->request('POST', '/sslcert', null, $param);
} catch (Exception $e) {
throw new Exception('上传证书失败:' . $e->getMessage());
}
$this->log('上传证书成功证书ID:' . $data['certID']);
$cert_id = $data['certID'];
usleep(500000);
}
return $cert_id;
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use app\lib\client\Qiniu as QiniuClient;
use Exception;
class qiniu implements DeployInterface
{
private $logger;
private $AccessKey;
private $SecretKey;
private QiniuClient $client;
public function __construct($config)
{
$this->AccessKey = $config['AccessKey'];
$this->SecretKey = $config['SecretKey'];
$this->client = new QiniuClient($this->AccessKey, $this->SecretKey, isset($config['proxy']) ? $config['proxy'] == 1 : false);
}
public function check()
{
if (empty($this->AccessKey) || empty($this->SecretKey)) throw new Exception('必填参数不能为空');
$this->client->request('GET', '/sslcert');
return true;
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$domains = $config['domain'];
if (empty($domains)) throw new Exception('绑定的域名不能为空');
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
$cert_name = str_replace('*.', '', $certInfo['subject']['CN']) . '-' . $certInfo['validFrom_time_t'];
$cert_id = $this->get_cert_id($fullchain, $privatekey, $certInfo['subject']['CN'], $cert_name);
$info['cert_id'] = $cert_id;
$info['cert_name'] = $cert_name;
if ($config['product'] == 'upload') return;
foreach (explode(',', $domains) as $domain) {
if (empty($domain)) continue;
if ($config['product'] == 'cdn') {
$this->deploy_cdn($domain, $cert_id);
} elseif ($config['product'] == 'oss') {
$this->deploy_oss($domain, $cert_id);
} elseif ($config['product'] == 'pili') {
$this->deploy_pili($config['pili_hub'], $domain, $cert_name);
} else {
throw new Exception('未知的产品类型');
}
}
}
private function deploy_cdn($domain, $cert_id)
{
try {
$data = $this->client->request('GET', '/domain/' . $domain);
} catch (Exception $e) {
throw new Exception('获取域名信息失败:' . $e->getMessage());
}
if (isset($data['https']['certId']) && $data['https']['certId'] == $cert_id) {
$this->log('域名 ' . $domain . ' 证书已部署,无需重复操作');
return;
}
if (empty($data['https']['certId'])) {
$param = [
'certid' => $cert_id,
];
$this->client->request('PUT', '/domain/' . $domain . '/sslize', null, $param);
} else {
$param = [
'certid' => $cert_id,
'forceHttps' => $data['https']['forceHttps'],
'http2Enable' => $data['https']['http2Enable'],
];
$this->client->request('PUT', '/domain/' . $domain . '/httpsconf', null, $param);
}
$this->log('CDN域名 ' . $domain . ' 证书部署成功!');
}
private function deploy_oss($domain, $cert_id)
{
$param = [
'certid' => $cert_id,
'domain' => $domain,
];
$this->client->request('POST', '/cert/bind', null, $param);
$this->log('OSS域名 ' . $domain . ' 证书部署成功!');
}
private function deploy_pili($hub, $domain, $cert_name)
{
$param = [
'CertName' => $cert_name,
];
$this->client->pili_request('POST', '/v2/hubs/'.$hub.'/domains/'.$domain.'/cert', null, $param);
$this->log('视频直播域名 ' . $domain . ' 证书部署成功!');
}
private function get_cert_id($fullchain, $privatekey, $common_name, $cert_name)
{
$cert_id = null;
$marker = '';
do {
$query = ['marker' => $marker, 'limit' => 100];
$data = $this->client->request('GET', '/sslcert', $query);
if (empty($data['certs'])) break;
$marker = $data['marker'];
foreach ($data['certs'] as $cert) {
if ($cert_name == $cert['name']) {
$cert_id = $cert['certid'];
$this->log('证书' . $cert_name . '已存在证书ID:' . $cert_id);
} elseif ($cert['not_after'] < time()) {
try {
$this->client->request('DELETE', '/sslcert/' . $cert['certid']);
$this->log('证书' . $cert['name'] . '已过期,删除证书成功');
} catch (Exception $e) {
$this->log('证书' . $cert['name'] . '已过期,删除证书失败:' . $e->getMessage());
}
usleep(300000);
}
}
} while ($marker != '');
if (!$cert_id) {
$param = [
'name' => $cert_name,
'common_name' => $common_name,
'pri' => $privatekey,
'ca' => $fullchain,
];
try {
$data = $this->client->request('POST', '/sslcert', null, $param);
} catch (Exception $e) {
throw new Exception('上传证书失败:' . $e->getMessage());
}
$this->log('上传证书成功证书ID:' . $data['certID']);
$cert_id = $data['certID'];
usleep(500000);
}
return $cert_id;
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}

102
app/lib/deploy/rainyun.php Normal file
View File

@@ -0,0 +1,102 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class rainyun implements DeployInterface
{
private $logger;
private $url = 'https://api.v2.rainyun.com';
private $apikey;
private $proxy;
public function __construct($config)
{
$this->apikey = $config['apikey'];
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->apikey)) throw new Exception('ApiKey不能为空');
$this->request('/product/');
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
if (empty($config['id'])) {
$params = [
'cert' => $fullchain,
'key' => $privatekey,
];
try {
$this->request('/product/sslcenter/', $params, 'POST');
} catch (Exception $e) {
throw new Exception('上传证书失败,' . $e->getMessage());
}
$params = [
'options' => '{"columnFilters":{"Domain":""},"sort":[],"page":1,"perPage":1}',
];
try {
$data = $this->request('/product/sslcenter/?' . http_build_query($params), null, 'GET');
} catch (Exception $e) {
throw new Exception('获取证书列表失败,' . $e->getMessage());
}
if (empty($data['Records'])) throw new Exception('未找到已上传的证书');
$cert_id = $data['Records'][0]['ID'];
$info['config']['id'] = $cert_id;
$this->log('证书ID:' . $cert_id . '添加成功!');
} else {
$params = [
'cert' => $fullchain,
'key' => $privatekey,
];
try {
$this->request('/product/sslcenter/' . $config['id'], $params, 'PUT');
} catch (Exception $e) {
throw new Exception($e->getMessage());
}
$this->log('证书ID:' . $config['id'] . '更新成功!');
}
}
private function request($path, $params = null, $method = null)
{
$url = $this->url . $path;
$headers = [
'x-api-key' => $this->apikey,
];
$body = null;
if ($params) {
$headers['Content-Type'] = 'application/json';
$body = json_encode($params);
}
$response = http_request($url, $body, null, null, $headers, $this->proxy, $method);
$result = json_decode($response['body'], true);
if (isset($result['code']) && $result['code'] == 200) {
return isset($result['data']) ? $result['data'] : null;
} elseif (isset($result['message'])) {
throw new Exception($result['message']);
} else {
if (!empty($response['body'])) $this->log('Response:' . $response['body']);
throw new Exception('请求失败(httpCode=' . $response['code'] . ')');
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}

163
app/lib/deploy/ratpanel.php Normal file
View File

@@ -0,0 +1,163 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class ratpanel implements DeployInterface
{
private $logger;
private $url;
private $id;
private $token;
private $proxy;
public function __construct($config)
{
$this->url = rtrim($config['url'], '/');
$this->id = $config['id'];
$this->token = $config['token'];
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->url) || empty($this->id) || empty($this->token)) throw new Exception('请填写完整面板地址和访问令牌');
$response = $this->request('/user/info', null, 'GET');
$result = json_decode($response, true);
if (isset($result['msg']) && $result['msg'] == "success") {
return true;
} else {
throw new Exception($result['msg'] ?? '面板地址无法连接');
}
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
if ($config['type'] == '1') {
$this->deployPanel($fullchain, $privatekey);
$this->log("面板证书部署成功");
return;
}
$sites = explode("\n", $config['sites']);
$success = 0;
$errmsg = null;
foreach ($sites as $site) {
$site = trim($site);
if (empty($site)) continue;
try {
$this->deploySite($site, $fullchain, $privatekey);
$this->log("网站 {$site} 证书部署成功");
$success++;
} catch (Exception $e) {
$errmsg = $e->getMessage();
$this->log("网站 {$site} 证书部署失败:" . $errmsg);
}
}
if ($success == 0) {
throw new Exception($errmsg ?: '要部署的网站不存在');
}
}
private function deployPanel($fullchain, $privatekey)
{
$data = [
'cert' => $fullchain,
'key' => $privatekey,
];
$response = $this->request('/setting/cert', $data);
$result = json_decode($response, true);
if (isset($result['msg']) && $result['msg'] == "success") {
return true;
} elseif (isset($result['msg'])) {
throw new Exception($result['msg']);
} else {
throw new Exception($response ?: '返回数据解析失败');
}
}
private function deploySite($name, $fullchain, $privatekey)
{
$data = [
'name' => $name,
'cert' => $fullchain,
'key' => $privatekey,
];
$response = $this->request('/website/cert', $data);
$result = json_decode($response, true);
if (isset($result['msg']) && $result['msg'] == "success") {
return true;
} elseif (isset($result['msg'])) {
throw new Exception($result['msg']);
} else {
throw new Exception($response ?: '返回数据解析失败');
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
private function request($path, $params, $method = 'POST')
{
$url = $this->url . '/api' . $path;
$body = $method == 'GET' ? null : json_encode($params);
$sign = $this->signRequest($method, $url, $body, $this->id, $this->token);
$response = http_request($url, $body, null, null, [
'Content-Type' => 'application/json',
'X-Timestamp' => $sign['timestamp'],
'Authorization' => 'HMAC-SHA256 Credential=' . $sign['id'] . ', Signature=' . $sign['signature']
], $this->proxy, $method);
return $response['body'];
}
private function signRequest($method, $url, $body, $id, $token)
{
// 解析URL并获取路径
$parsedUrl = parse_url($url);
$path = $parsedUrl['path'];
$query = $parsedUrl['query'] ?? '';
// 规范化路径
$canonicalPath = $path;
if (!str_starts_with($path, '/api')) {
$apiPos = strpos($path, '/api');
if ($apiPos !== false) {
$canonicalPath = substr($path, $apiPos);
}
}
// 构造规范化请求
$canonicalRequest = implode("\n", [
$method,
$canonicalPath,
$query,
hash('sha256', $body ?: '')
]);
// 计算签名
$timestamp = time();
$stringToSign = implode("\n", [
'HMAC-SHA256',
$timestamp,
hash('sha256', $canonicalRequest)
]);
$signature = hash_hmac('sha256', $stringToSign, $token);
return [
'timestamp' => $timestamp,
'signature' => $signature,
'id' => $id
];
}
}

221
app/lib/deploy/s3storage.php Normal file
View File

@@ -0,0 +1,221 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class s3storage implements DeployInterface
{
private $logger;
private $AccessKeyId;
private $SecretAccessKey;
private $endpoint;
private $region;
private $proxy;
public function __construct($config)
{
$this->AccessKeyId = $config['AccessKeyId'];
$this->SecretAccessKey = $config['SecretAccessKey'];
$this->endpoint = rtrim($config['endpoint'], '/');
$this->region = !empty($config['region']) ? $config['region'] : 'us-east-1';
$this->proxy = isset($config['proxy']) ? $config['proxy'] == 1 : false;
}
public function check()
{
if (empty($this->AccessKeyId) || empty($this->SecretAccessKey) || empty($this->endpoint)) {
throw new Exception('必填参数不能为空');
}
$this->s3Request('GET', '/', '', null);
return true;
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$bucket = $config['bucket'];
if (empty($bucket)) throw new Exception('存储桶名称不能为空');
$certPath = trim($config['cert_path'], '/');
$keyPath = trim($config['key_path'], '/');
if (empty($certPath) || empty($keyPath)) throw new Exception('证书和私钥保存路径不能为空');
$this->putObject($bucket, $certPath, $fullchain);
$this->log("证书已上传到s3://{$bucket}/{$certPath}");
$this->putObject($bucket, $keyPath, $privatekey);
$this->log("私钥已上传到s3://{$bucket}/{$keyPath}");
}
private function putObject($bucket, $key, $content)
{
$path = '/' . $bucket . '/' . $key;
$this->s3Request('PUT', $path, $content, 'application/x-pem-file');
}
private function s3Request($method, $path, $body, $contentType)
{
$time = time();
$date = gmdate("Ymd\THis\Z", $time);
$shortDate = gmdate("Ymd", $time);
$host = preg_replace('#^https?://#', '', $this->endpoint);
$scheme = (strpos($this->endpoint, 'https://') === 0) ? 'https' : 'http';
if (strpos($this->endpoint, '://') === false) {
$scheme = 'https';
}
$payloadHash = hash('sha256', $body ?? '');
$headers = [
'Host' => $host,
'X-Amz-Date' => $date,
'X-Amz-Content-Sha256' => $payloadHash,
];
if ($contentType) {
$headers['Content-Type'] = $contentType;
}
$authorization = $this->generateSign($method, $path, [], $headers, $body ?? '', $date, $shortDate);
$headers['Authorization'] = $authorization;
$url = $scheme . '://' . $host . $path;
$headerArr = [];
foreach ($headers as $k => $v) {
$headerArr[] = $k . ': ' . $v;
}
$ch = curl_init($url);
if ($this->proxy) {
curl_set_proxy($ch);
}
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headerArr);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
if ($body !== null && $body !== '') {
curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
}
$response = curl_exec($ch);
$errno = curl_errno($ch);
if ($errno) {
$errmsg = curl_error($ch);
curl_close($ch);
throw new Exception('Curl error: ' . $errmsg);
}
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
if ($httpCode >= 200 && $httpCode < 300) {
return $response;
}
$errmsg = 'HTTP Code: ' . $httpCode;
if ($response) {
LIBXML_VERSION < 20900 && libxml_disable_entity_loader(true);
$xml = @simplexml_load_string($response);
if ($xml && isset($xml->Message)) {
$errmsg = (string)$xml->Message;
} elseif ($xml && isset($xml->Error->Message)) {
$errmsg = (string)$xml->Error->Message;
}
}
throw new Exception($errmsg);
}
private function generateSign($method, $path, $query, $headers, $body, $date, $shortDate)
{
$algorithm = 'AWS4-HMAC-SHA256';
$canonicalUri = $this->getCanonicalURI($path);
$canonicalQueryString = $this->getCanonicalQueryString($query);
[$canonicalHeaders, $signedHeaders] = $this->getCanonicalHeaders($headers);
$hashedPayload = hash('sha256', $body);
$canonicalRequest = $method . "\n"
. $canonicalUri . "\n"
. $canonicalQueryString . "\n"
. $canonicalHeaders . "\n"
. $signedHeaders . "\n"
. $hashedPayload;
$credentialScope = $shortDate . '/' . $this->region . '/s3/aws4_request';
$stringToSign = $algorithm . "\n"
. $date . "\n"
. $credentialScope . "\n"
. hash('sha256', $canonicalRequest);
$kDate = hash_hmac('sha256', $shortDate, 'AWS4' . $this->SecretAccessKey, true);
$kRegion = hash_hmac('sha256', $this->region, $kDate, true);
$kService = hash_hmac('sha256', 's3', $kRegion, true);
$kSigning = hash_hmac('sha256', 'aws4_request', $kService, true);
$signature = hash_hmac('sha256', $stringToSign, $kSigning);
return $algorithm . ' Credential=' . $this->AccessKeyId . '/' . $credentialScope
. ', SignedHeaders=' . $signedHeaders
. ', Signature=' . $signature;
}
private function escape($str)
{
$search = ['+', '*', '%7E'];
$replace = ['%20', '%2A', '~'];
return str_replace($search, $replace, urlencode($str));
}
private function getCanonicalURI($path)
{
if (empty($path)) return '/';
$parts = explode('/', $path);
$parts = array_map(function ($item) {
return $this->escape($item);
}, $parts);
return implode('/', $parts);
}
private function getCanonicalQueryString($parameters)
{
if (empty($parameters)) return '';
ksort($parameters);
$pairs = [];
foreach ($parameters as $key => $value) {
$pairs[] = $this->escape($key) . '=' . $this->escape($value);
}
return implode('&', $pairs);
}
private function getCanonicalHeaders($oldHeaders)
{
$headers = [];
foreach ($oldHeaders as $key => $value) {
$headers[strtolower($key)] = trim($value);
}
ksort($headers);
$canonicalHeaders = '';
$signedHeaders = '';
foreach ($headers as $key => $value) {
$canonicalHeaders .= $key . ':' . $value . "\n";
$signedHeaders .= $key . ';';
}
$signedHeaders = substr($signedHeaders, 0, -1);
return [$canonicalHeaders, $signedHeaders];
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}

216
app/lib/deploy/safeline.php
View File

@@ -1,104 +1,112 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class safeline implements DeployInterface
{
private $logger;
private $url;
private $token;
private $proxy;
public function __construct($config)
{
$this->url = rtrim($config['url'], '/');
$this->token = $config['token'];
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->url) || empty($this->token)) throw new Exception('请填写控制台地址和API Token');
$this->request('/api/open/system');
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$domains = $config['domainList'];
if (empty($domains)) throw new Exception('没有设置要部署的域名');
try {
$data = $this->request('/api/open/cert');
$this->log('获取证书列表成功(total=' . $data['total'] . ')');
} catch (Exception $e) {
throw new Exception('获取证书列表失败:' . $e->getMessage());
}
$success = 0;
$errmsg = null;
foreach ($data['nodes'] as $row) {
if (empty($row['domains'])) continue;
$flag = false;
foreach ($row['domains'] as $domain) {
if (in_array($domain, $domains)) {
$flag = true;
break;
}
}
if ($flag) {
$params = [
'id' => $row['id'],
'manual' => [
'crt' => $fullchain,
'key' => $privatekey,
],
'type' => 2,
];
try {
$this->request('/api/open/cert', $params);
$this->log("证书ID:{$row['id']}更新成功!");
$success++;
} catch (Exception $e) {
$errmsg = $e->getMessage();
$this->log("证书ID:{$row['id']}更新失败:" . $errmsg);
}
}
}
if ($success == 0) {
throw new Exception($errmsg ? $errmsg : '没有要更新的证书');
}
}
private function request($path, $params = null)
{
$url = $this->url . $path;
$headers = ['X-SLCE-API-TOKEN: ' . $this->token];
$body = null;
if ($params) {
$heders[] = 'Content-Type: application/json';
$body = json_encode($params);
}
$response = curl_client($url, $body, null, null, $headers, $this->proxy);
$result = json_decode($response['body'], true);
if ($response['code'] == 200 && $result) {
return isset($result['data']) ? $result['data'] : null;
} else {
throw new Exception(!empty($result['msg']) ? $result['msg'] : '请求失败(httpCode=' . $response['code'] . ')');
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class safeline implements DeployInterface
{
private $logger;
private $url;
private $token;
private $proxy;
public function __construct($config)
{
$this->url = rtrim($config['url'], '/');
$this->token = $config['token'];
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->url) || empty($this->token)) throw new Exception('请填写控制台地址和API Token');
$this->request('/api/open/system');
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$domains = $config['domainList'];
if (empty($domains)) throw new Exception('没有设置要部署的域名');
try {
$data = $this->request('/api/open/cert');
$this->log('获取证书列表成功(total=' . $data['total'] . ')');
} catch (Exception $e) {
throw new Exception('获取证书列表失败:' . $e->getMessage());
}
$success = 0;
$errmsg = null;
foreach ($data['nodes'] as $row) {
if (empty($row['domains'])) continue;
$flag = false;
foreach ($row['domains'] as $domain) {
if (in_array($domain, $domains) || in_array('*' . substr($domain, strpos($domain, '.')), $domains)) {
$flag = true;
break;
}
}
if ($flag) {
$params = [
'id' => $row['id'],
'manual' => [
'crt' => $fullchain,
'key' => $privatekey,
],
'type' => 2,
];
try {
$this->request('/api/open/cert', $params);
$this->log("证书ID:{$row['id']}更新成功!");
$success++;
} catch (Exception $e) {
$errmsg = $e->getMessage();
$this->log("证书ID:{$row['id']}更新失败:" . $errmsg);
}
}
}
if ($success == 0) {
$params = [
'manual' => [
'crt' => $fullchain,
'key' => $privatekey,
],
'type' => 2,
];
$this->request('/api/open/cert', $params);
$this->log("证书上传成功!");
}
}
private function request($path, $params = null)
{
$url = $this->url . $path;
$headers = ['X-SLCE-API-TOKEN' => $this->token];
$body = null;
if ($params) {
$headers['Content-Type'] = 'application/json';
$body = json_encode($params);
}
$response = http_request($url, $body, null, null, $headers, $this->proxy);
$result = json_decode($response['body'], true);
if ($response['code'] == 200 && $result) {
return $result['data'] ?? null;
} else {
throw new Exception(!empty($result['msg']) ? $result['msg'] : '请求失败(httpCode=' . $response['code'] . ')');
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}

432
app/lib/deploy/ssh.php
View File

@@ -1,205 +1,227 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class ssh implements DeployInterface
{
private $logger;
private $config;
public function __construct($config)
{
$this->config = $config;
}
public function check()
{
$this->connect();
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$connection = $this->connect();
$sftp = ssh2_sftp($connection);
if ($config['format'] == 'pem') {
$stream = fopen("ssh2.sftp://$sftp{$config['pem_cert_file']}", 'w');
if (!$stream) {
throw new Exception("无法创建证书文件:{$config['pem_cert_file']}");
}
fwrite($stream, $fullchain);
fclose($stream);
$this->log('证书已保存到:' . $config['pem_cert_file']);
$stream = fopen("ssh2.sftp://$sftp{$config['pem_key_file']}", 'w');
if (!$stream) {
throw new Exception("无法创建私钥文件:{$config['pem_key_file']}");
}
fwrite($stream, $privatekey);
fclose($stream);
$this->log('私钥已保存到:' . $config['pem_key_file']);
} elseif ($config['format'] == 'pfx') {
$pfx = \app\lib\CertHelper::getPfx($fullchain, $privatekey, $config['pfx_pass'] ? $config['pfx_pass'] : null);
$stream = fopen("ssh2.sftp://$sftp{$config['pfx_file']}", 'w');
if (!$stream) {
throw new Exception("无法创建PFX证书文件{$config['pfx_file']}");
}
fwrite($stream, $pfx);
fclose($stream);
$this->log('PFX证书已保存到' . $config['pfx_file']);
if ($config['uptype'] == '1' && !empty($config['iis_domain'])) {
$cert_hash = openssl_x509_fingerprint($fullchain, 'sha1');
$this->deploy_iis($connection, $config['iis_domain'], $config['pfx_file'], $config['pfx_pass'], $cert_hash);
$config['cmd'] = null;
}
}
if (!empty($config['cmd'])) {
$cmds = explode("\n", $config['cmd']);
foreach ($cmds as $cmd) {
$cmd = trim($cmd);
if (empty($cmd)) continue;
$this->exec($connection, $cmd);
}
}
}
private function deploy_iis($connection, $domain, $pfx_file, $pfx_pass, $cert_hash)
{
if (!strpos($domain, ':')) {
$domain .= ':443';
}
$ret = $this->exec($connection, 'netsh http show sslcert hostnameport=' . $domain);
if (preg_match('/:\s+(\w{40})/', $ret, $match)) {
if ($match[1] == $cert_hash) {
$this->log('IIS域名 ' . $domain . ' 证书已存在,无需更新');
return;
}
}
$p = '-p ""';
if (!empty($pfx_pass)) $p = '-p ' . $pfx_pass;
if (substr($pfx_file, 0, 1) == '/') $pfx_file = substr($pfx_file, 1);
$this->exec($connection, 'certutil ' . $p . ' -importPFX ' . $pfx_file);
$this->exec($connection, 'netsh http delete sslcert hostnameport=' . $domain);
$this->exec($connection, 'netsh http add sslcert hostnameport=' . $domain . ' certhash=' . $cert_hash . ' certstorename=MY appid=\'{' . $this->uuid() . '}\'');
$this->log('IIS域名 ' . $domain . ' 证书已更新');
}
private function uuid()
{
$guid = md5(uniqid(mt_rand(), true));
return substr($guid, 0, 8) . '-' . substr($guid, 8, 4) . '-4' . substr($guid, 12, 3) . '-' . substr($guid, 16, 4) . '-' . substr($guid, 20, 12);
}
private function exec($connection, $cmd)
{
$this->log('执行命令:' . $cmd);
$stream = ssh2_exec($connection, $cmd);
$errorStream = ssh2_fetch_stream($stream, SSH2_STREAM_STDERR);
if (!$stream || !$errorStream) {
throw new Exception('执行命令失败');
}
stream_set_blocking($stream, true);
stream_set_blocking($errorStream, true);
$output = stream_get_contents($stream);
$errorOutput = stream_get_contents($errorStream);
fclose($stream);
fclose($errorStream);
if (trim($errorOutput)) {
if ($this->config['windows'] == '1' && $this->containsGBKChinese($errorOutput)) {
$errorOutput = mb_convert_encoding($errorOutput, 'UTF-8', 'GBK');
}
throw new Exception('执行命令失败:' . trim($errorOutput));
} else {
if ($this->config['windows'] == '1' && $this->containsGBKChinese($output)) {
$output = mb_convert_encoding($output, 'UTF-8', 'GBK');
}
$this->log('执行命令成功:' . trim($output));
return $output;
}
}
private function connect()
{
if (!function_exists('ssh2_connect')) {
throw new Exception('ssh2扩展未安装');
}
if (empty($this->config['host']) || empty($this->config['port']) || empty($this->config['username']) || $this->config['auth'] == '0' && empty($this->config['password']) || $this->config['auth'] == '1' && empty($this->config['privatekey'])) {
throw new Exception('必填参数不能为空');
}
if (!filter_var($this->config['host'], FILTER_VALIDATE_IP) && !filter_var($this->config['host'], FILTER_VALIDATE_DOMAIN)) {
throw new Exception('主机地址不合法');
}
if (!is_numeric($this->config['port']) || $this->config['port'] < 1 || $this->config['port'] > 65535) {
throw new Exception('端口不合法');
}
$connection = ssh2_connect($this->config['host'], intval($this->config['port']));
if (!$connection) {
throw new Exception('SSH连接失败');
}
if ($this->config['auth'] == '1') {
$publicKey = $this->getPublicKey($this->config['privatekey']);
$publicKeyPath = app()->getRuntimePath() . $this->config['host'] . '.pub';
$privateKeyPath = app()->getRuntimePath() . $this->config['host'] . '.key';
$umask = umask(0066);
file_put_contents($privateKeyPath, $this->config['privatekey']);
file_put_contents($publicKeyPath, $publicKey);
umask($umask);
if (!ssh2_auth_pubkey_file($connection, $this->config['username'], $publicKeyPath, $privateKeyPath)) {
throw new Exception('私钥认证失败');
}
} else {
if (!ssh2_auth_password($connection, $this->config['username'], $this->config['password'])) {
throw new Exception('用户名或密码错误');
}
}
return $connection;
}
private function getPublicKey($privateKey)
{
$res = openssl_pkey_get_private($privateKey);
if (!$res) {
throw new Exception('加载私钥失败');
}
$details = openssl_pkey_get_details($res);
if (!$details || !isset($details['key'])) {
throw new Exception('从私钥导出公钥失败');
}
$buffer = pack("N", 7) . "ssh-rsa" .
$this->sshEncodeBuffer($details['rsa']['e']) .
$this->sshEncodeBuffer($details['rsa']['n']);
return "ssh-rsa " . base64_encode($buffer);
}
private function sshEncodeBuffer($buffer)
{
$len = strlen($buffer);
if (ord($buffer[0]) & 0x80) {
$len++;
$buffer = "\x00" . $buffer;
}
return pack("Na*", $len, $buffer);
}
private function containsGBKChinese($string)
{
return preg_match('/[\x81-\xFE][\x40-\xFE]/', $string) === 1;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
public function setLogger($logger)
{
$this->logger = $logger;
}
}
<?php
namespace app\lib\deploy;
use app\lib\CertHelper;
use app\lib\DeployInterface;
use Exception;
class ssh implements DeployInterface
{
private $logger;
private $config;
public function __construct($config)
{
$this->config = $config;
}
public function check()
{
$this->connect();
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$connection = $this->connect();
if (isset($config['cmd_pre']) && !empty($config['cmd_pre'])) {
$cmds = explode("\n", $config['cmd_pre']);
foreach ($cmds as $cmd) {
$cmd = trim($cmd);
if (empty($cmd)) continue;
$this->exec($connection, $cmd);
}
}
$sftp = ssh2_sftp($connection);
if ($config['format'] == 'pem') {
$stream = fopen("ssh2.sftp://$sftp{$config['pem_cert_file']}", 'w');
if (!$stream) {
throw new Exception("无法创建证书文件:{$config['pem_cert_file']}");
}
fwrite($stream, $fullchain);
fclose($stream);
$this->log('证书已保存到:' . $config['pem_cert_file']);
$stream = fopen("ssh2.sftp://$sftp{$config['pem_key_file']}", 'w');
if (!$stream) {
throw new Exception("无法创建私钥文件:{$config['pem_key_file']}");
}
fwrite($stream, $privatekey);
fclose($stream);
$this->log('私钥已保存到:' . $config['pem_key_file']);
} elseif ($config['format'] == 'pfx') {
$pfx_pass = $config['pfx_pass'] ?? null;
$pfx = CertHelper::getPfx($fullchain, $privatekey, $pfx_pass);
$stream = fopen("ssh2.sftp://$sftp{$config['pfx_file']}", 'w');
if (!$stream) {
throw new Exception("无法创建PFX证书文件{$config['pfx_file']}");
}
fwrite($stream, $pfx);
fclose($stream);
$this->log('PFX证书已保存到' . $config['pfx_file']);
if ($config['uptype'] == '1' && !empty($config['iis_domain'])) {
$cert_hash = openssl_x509_fingerprint($fullchain, 'sha1');
$this->deploy_iis($connection, $config['iis_domain'], $config['pfx_file'], $config['pfx_pass'], $cert_hash);
$config['cmd'] = null;
}
}
if (!empty($config['cmd'])) {
$cmds = explode("\n", $config['cmd']);
foreach ($cmds as $cmd) {
$cmd = trim($cmd);
if (empty($cmd)) continue;
$this->exec($connection, $cmd);
}
}
}
private function deploy_iis($connection, $domain, $pfx_file, $pfx_pass, $cert_hash)
{
if (!strpos($domain, ':')) {
$domain .= ':443';
}
$ret = $this->exec($connection, 'netsh http show sslcert hostnameport=' . $domain);
if (preg_match('/:\s+(\w{40})/', $ret, $match)) {
if ($match[1] == $cert_hash) {
$this->log('IIS域名 ' . $domain . ' 证书已存在,无需更新');
return;
}
}
$p = '-p ""';
if (!empty($pfx_pass)) $p = '-p ' . $pfx_pass;
if (substr($pfx_file, 0, 1) == '/') $pfx_file = substr($pfx_file, 1);
$this->exec($connection, 'certutil ' . $p . ' -importPFX ' . $pfx_file);
$this->exec($connection, 'netsh http delete sslcert hostnameport=' . $domain);
$this->exec($connection, 'netsh http add sslcert hostnameport=' . $domain . ' certhash=' . $cert_hash . ' certstorename=MY appid=\'{' . $this->uuid() . '}\'');
$this->log('IIS域名 ' . $domain . ' 证书已更新');
}
private function uuid()
{
$guid = md5(uniqid(mt_rand(), true));
return substr($guid, 0, 8) . '-' . substr($guid, 8, 4) . '-4' . substr($guid, 12, 3) . '-' . substr($guid, 16, 4) . '-' . substr($guid, 20, 12);
}
private function exec($connection, $cmd)
{
$this->log('执行命令:' . $cmd);
$stream = ssh2_exec($connection, $cmd);
$errorStream = ssh2_fetch_stream($stream, SSH2_STREAM_STDERR);
if (!$stream || !$errorStream) {
throw new Exception('执行命令失败');
}
stream_set_blocking($stream, true);
stream_set_blocking($errorStream, true);
$output = stream_get_contents($stream);
$errorOutput = stream_get_contents($errorStream);
fclose($stream);
fclose($errorStream);
if (trim($errorOutput)) {
if ($this->config['windows'] == '1' && $this->containsGBKChinese($errorOutput)) {
$errorOutput = mb_convert_encoding($errorOutput, 'UTF-8', 'GBK');
}
throw new Exception('执行命令失败:' . trim($errorOutput));
} else {
if ($this->config['windows'] == '1' && $this->containsGBKChinese($output)) {
$output = mb_convert_encoding($output, 'UTF-8', 'GBK');
}
$this->log('执行命令成功:' . trim($output));
return $output;
}
}
private function connect()
{
if (!function_exists('ssh2_connect')) {
throw new Exception('ssh2扩展未安装');
}
if (empty($this->config['host']) || empty($this->config['port']) || empty($this->config['username']) || $this->config['auth'] == '0' && empty($this->config['password']) || $this->config['auth'] == '1' && empty($this->config['privatekey'])) {
throw new Exception('必填参数不能为空');
}
if (!filter_var($this->config['host'], FILTER_VALIDATE_IP) && !filter_var($this->config['host'], FILTER_VALIDATE_DOMAIN)) {
throw new Exception('主机地址不合法');
}
if (!is_numeric($this->config['port']) || $this->config['port'] < 1 || $this->config['port'] > 65535) {
throw new Exception('端口不合法');
}
$connection = ssh2_connect($this->config['host'], intval($this->config['port']));
if (!$connection) {
throw new Exception('SSH连接失败');
}
if ($this->config['auth'] == '1') {
$publicKey = $this->getPublicKey($this->config['privatekey']);
$publicKeyPath = app()->getRuntimePath() . $this->config['host'] . '.pub';
$privateKeyPath = app()->getRuntimePath() . $this->config['host'] . '.key';
$umask = umask(0066);
file_put_contents($privateKeyPath, $this->config['privatekey']);
file_put_contents($publicKeyPath, $publicKey);
umask($umask);
try {
if (!empty($this->config['passphrase'])) {
if (!ssh2_auth_pubkey_file($connection, $this->config['username'], $publicKeyPath, $privateKeyPath, $this->config['passphrase'])) {
throw new Exception('私钥认证失败');
}
} else {
if (!ssh2_auth_pubkey_file($connection, $this->config['username'], $publicKeyPath, $privateKeyPath)) {
throw new Exception('私钥认证失败');
}
}
} finally {
unlink($publicKeyPath);
unlink($privateKeyPath);
}
} else {
if (!ssh2_auth_password($connection, $this->config['username'], $this->config['password'])) {
throw new Exception('用户名或密码错误');
}
}
return $connection;
}
private function getPublicKey($privateKey)
{
$res = openssl_pkey_get_private($privateKey);
if (!$res) {
throw new Exception('加载私钥失败');
}
$details = openssl_pkey_get_details($res);
if (!$details || !isset($details['key'])) {
throw new Exception('从私钥导出公钥失败');
}
$buffer = pack("N", 7) . "ssh-rsa" .
$this->sshEncodeBuffer($details['rsa']['e']) .
$this->sshEncodeBuffer($details['rsa']['n']);
return "ssh-rsa " . base64_encode($buffer);
}
private function sshEncodeBuffer($buffer)
{
$len = strlen($buffer);
if (ord($buffer[0]) & 0x80) {
$len++;
$buffer = "\x00" . $buffer;
}
return pack("Na*", $len, $buffer);
}
private function containsGBKChinese($string)
{
return preg_match('/[\x81-\xFE][\x40-\xFE]/', $string) === 1;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
public function setLogger($logger)
{
$this->logger = $logger;
}
}

Some files were not shown because too many files have changed in this diff Show More