ouyang/dnsmgr
1
1
Fork 0
mirror of https://github.com/netcccyun/dnsmgr.git synced 2026-05-10 23:36:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: ouyang:2.7.0
Branches Tags
ouyang:main
ouyang:2.18 ouyang:2.17 ouyang:2.16 ouyang:2.15 ouyang:2.14.0 ouyang:2.13.0 ouyang:2.12.0 ouyang:2.11.0 ouyang:2.10.0 ouyang:2.9.0 ouyang:2.8.2 ouyang:2.8.1 ouyang:2.8.0 ouyang:2.7.1 ouyang:2.7.0 ouyang:2.6.0 ouyang:2.5.0 ouyang:2.4.1 ouyang:2.4.0 ouyang:2.3.1 ouyang:2.3.0 ouyang:2.2.0 ouyang:2.1.0 ouyang:2.0.1 ouyang:2.0.0 ouyang:1.7.3 ouyang:1.7.2 ouyang:1.7.1 ouyang:1.7 ouyang:1.6.1 ouyang:1.6 ouyang:1.5 ouyang:1.4 ouyang:1.3 ouyang:1.2.1 ouyang:1.2 ouyang:1.0
..
compare: ouyang:2.10.0
Branches Tags
ouyang:main
ouyang:2.18 ouyang:2.17 ouyang:2.16 ouyang:2.15 ouyang:2.14.0 ouyang:2.13.0 ouyang:2.12.0 ouyang:2.11.0 ouyang:2.10.0 ouyang:2.9.0 ouyang:2.8.2 ouyang:2.8.1 ouyang:2.8.0 ouyang:2.7.1 ouyang:2.7.0 ouyang:2.6.0 ouyang:2.5.0 ouyang:2.4.1 ouyang:2.4.0 ouyang:2.3.1 ouyang:2.3.0 ouyang:2.2.0 ouyang:2.1.0 ouyang:2.0.1 ouyang:2.0.0 ouyang:1.7.3 ouyang:1.7.2 ouyang:1.7.1 ouyang:1.7 ouyang:1.6.1 ouyang:1.6 ouyang:1.5 ouyang:1.4 ouyang:1.3 ouyang:1.2.1 ouyang:1.2 ouyang:1.0

84 Commits
2.7.0 ... 2.10.0

Author SHA1 Message Date
net909
4bf87156e3 version 2025-10-10 20:47:20 +08:00
net909
475c14804a 更新composer 2025-10-10 20:11:35 +08:00
net909
531ad68847 Merge branch 'main' of ssh://ssh.github.com:443/netcccyun/dnsmgr 2025-10-10 20:10:54 +08:00
net909
f86c68fc6a 新增K8S部署 2025-10-10 20:10:12 +08:00
dependabot[bot]
460067a5e7 Bump phpmailer/phpmailer from 6.10.0 to 6.11.1 (#324) 
Bumps [phpmailer/phpmailer](https://github.com/PHPMailer/PHPMailer) from 6.10.0 to 6.11.1.
- [Release notes](https://github.com/PHPMailer/PHPMailer/releases)
- [Changelog](https://github.com/PHPMailer/PHPMailer/blob/master/changelog.md)
- [Commits](https://github.com/PHPMailer/PHPMailer/compare/v6.10.0...v6.11.1)

---
updated-dependencies:
- dependency-name: phpmailer/phpmailer
  dependency-version: 6.11.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-02 10:39:20 +08:00
net909
6ffa9e003a 新增天翼云部署 2025-09-29 10:45:38 +08:00
net909
c5ed1c6990 增加fnOS部署,堡塔云WAF支持部署本身证书 2025-09-17 20:46:11 +08:00
net909
2b51a2d015 新增南墙WAF、小皮面板部署 2025-09-03 19:48:18 +08:00
net909
2e00773c0a readme 2025-08-31 17:04:30 +08:00
net909
4bee80e06e 新增百度云BLB部署 2025-08-27 19:13:55 +08:00
net909
7cb745acdf 优化部署阿里云SLB 2025-08-26 22:32:30 +08:00
net909
79437aba60 新增支持宝塔Win极速版,lecdn支持令牌认证 2025-08-25 17:18:35 +08:00
net909
fd21a55d01 新增定时切换解析功能 2025-08-22 21:25:42 +08:00
net909
9f529e2528 新增uniCloud部署,cdnfly部署支持账号密码登录 2025-08-21 19:47:37 +08:00
net909
9a70fd7116 修复泛域名部署支持 2025-08-12 10:11:08 +08:00
dependabot[bot]
3dd55cf007 Bump topthink/think-orm from 4.0.48 to 4.0.49 (#293) 
Bumps [topthink/think-orm](https://github.com/top-think/think-orm) from 4.0.48 to 4.0.49.
- [Release notes](https://github.com/top-think/think-orm/releases)
- [Commits](https://github.com/top-think/think-orm/compare/v4.0.48...v4.0.49)

---
updated-dependencies:
- dependency-name: topthink/think-orm
  dependency-version: 4.0.49
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-12 10:09:29 +08:00
I
6ff8cb9f45 Update README.md (#294) 
将 Docker 本地持久化数据路径修改为与 docker-compose.yml 文件同目录,并移除 YAML 文件中的 version 标识(新版 Docker 已不再使用)。
 2025-08-12 10:09:04 +08:00
net909
98f185ee8e 修复腾讯云吊销证书 2025-08-08 10:13:36 +08:00
dependabot[bot]
028688df20 Bump cccyun/php-whois from 1.1 to 1.2 (#288) 2025-08-08 09:56:38 +08:00
dependabot[bot]
e8c68375a9 Bump topthink/think-orm from 4.0.47 to 4.0.48 (#284) 2025-08-03 00:06:45 +08:00
dependabot[bot]
6958530337 Bump symfony/var-dumper from 7.3.1 to 7.3.2 (#283) 2025-08-03 00:06:36 +08:00
net909
0863d02cc9 fix 2025-07-28 20:37:10 +08:00
net909
9032ea0405 整合计划任务,新增访问URL方式的计划任务 2025-07-28 20:30:09 +08:00
net909
e3749ecb6c Merge branch 'main' of ssh://ssh.github.com:443/netcccyun/dnsmgr 2025-07-18 14:47:30 +08:00
net909
e1e90c3c71 修复阿里云ESA部署失败 2025-07-18 14:47:12 +08:00
dependabot[bot]
a171a5b9b0 Bump topthink/think-trace from 1.6 to 2.0 (#276) 
---
updated-dependencies:
- dependency-name: topthink/think-trace
  dependency-version: '2.0'
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-16 17:08:08 +08:00
dependabot[bot]
f608b2fceb Bump topthink/framework from 8.1.2 to 8.1.3 (#277) 
---
updated-dependencies:
- dependency-name: topthink/framework
  dependency-version: 8.1.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-16 17:08:01 +08:00
Hanada
0837ac9be1 Merge pull request #274 from HanadaLee/multipartpostfix 
重构POST内容判断逻辑,去除X-Content-Type标头
 2025-07-12 09:44:14 +08:00
net909
c31e0eaf41 修复部署失败 2025-07-11 09:56:08 +08:00
net909
987deda95d 修复报错 2025-07-10 16:41:11 +08:00
消失的彩虹海
654151ce5b Merge pull request #270 from HanadaLee/ssldeployfix 
修复部署证书到阿里云和群晖失败的问题
 2025-07-08 23:25:03 +08:00
Hanada
2fedee1e93 修复使用guzzle库后部署证书到群晖失败的问题 2025-07-08 23:12:40 +08:00
Hanada
ba97ac3685 修复部署阿里云时证书序列号可能存在前置0的问题 2025-07-08 21:42:40 +08:00
net909
f2f1a0d01e 修复upyun部署 2025-07-07 21:47:15 +08:00
net909
933f98a909 2.8.1 2025-07-06 12:21:04 +08:00
net909
3beb0ec637 修复阿里云WAF部署 2025-07-06 12:19:02 +08:00
net909
7a92ad7094 Merge branch 'main' of ssh://ssh.github.com:443/netcccyun/dnsmgr 2025-07-06 11:17:06 +08:00
net909
5dc4dbfabd 增加Edgeone IP优选,修复EO海外版部署失败 2025-07-06 11:16:44 +08:00
DearTanker
291f715e91 优化记录值复制功能 (#266) 
1、修复无法复制包含双引号的 TXT 记录值
2、调整 MX 记录值的复制按钮到右侧,因为复制不需要复制优先级。
 2025-07-04 09:43:55 +08:00
net909
4f15d4d7a2 调整快速打开按钮位置 2025-07-03 19:48:34 +08:00
DearTanker
11e83860b7 添加 自定义样式功能、主机记录增加快速打开链接 (#263) 
* 添加支持自定义样式功能。

* 在主机记录列中增加一个新窗口打开链接的小按钮,方便快速访问。

* 记录值增加快速复制按钮,并用 padding 来调整了图标的间距避免空格
 2025-07-03 19:37:34 +08:00
net909
479af4fe5f 修复批量操作证书和部署任务 2025-06-30 12:44:31 +08:00
net909
3c00e426cc 修改字段长度 2025-06-25 14:35:28 +08:00
net909
814781c1d1 version 2025-06-25 14:24:31 +08:00
net909
af2117faf0 支持雨云SSL自动部署 2025-06-25 13:37:37 +08:00
net909
9275256e36 新增lucky部署,支持直接对接DNS服务商添加域名 2025-06-25 12:57:09 +08:00
net909
d368a0190a 修复API接口操作记录报错 2025-06-23 17:45:47 +08:00
dependabot[bot]
684a4e59ce Bump topthink/think-orm from 4.0.41 to 4.0.44 (#253) 2025-06-20 10:25:54 +08:00
Hanada
1bab48ad93 修复登录设置页面侧边栏没有自动展开的问题 (#252) 2025-06-20 10:21:55 +08:00
耗子
02718e58a9 更新PHPMailer并添加依赖机器人 (#251) 2025-06-20 10:21:40 +08:00
Hanada
8e563a89ff 阿里云ESA支持部署证书到非中国内地 (#249) 2025-06-19 12:51:02 +08:00
Hanada
7f370a095d 修复网宿API验证失败的问题 (#250) 
* 变更网宿check方法调用的API接口以避免产品未开通导致验证失败

* 兼容网宿CDN接口使用result作为失败返回值的场景
 2025-06-19 12:50:46 +08:00
Hanada
5aab54c79e 将登录验证码开关移到系统设置 (#246) 2025-06-16 19:25:28 +08:00
耗子
ce9ae51aeb 优化错误信息 (#239) 2025-06-10 11:22:52 +08:00
消失的彩虹海
8b06cc5400 Merge pull request #238 from devhaozi/main 
恢复自定义解析特性
 2025-06-10 10:40:02 +08:00
耗子
a71fd35f6f 恢复自定义解析特性 2025-06-10 10:37:04 +08:00
消失的彩虹海
0d20d8ad46 Merge pull request #236 from devhaozi/main 
更新ThinkPHP框架到8.1及curl请求重构
 2025-06-10 09:44:52 +08:00
耗子
ff676b7be1 撤销首页提示更改 2025-06-09 14:23:17 +08:00
耗子
8c7c568e5c 撤销首页提示更改 2025-06-09 14:21:42 +08:00
耗子
a4698d67c6 优化函数签名 2025-06-09 05:40:42 +08:00
耗子
5f0e973770 优化函数签名 2025-06-09 05:38:52 +08:00
耗子
a99d0320df 优化函数签名 2025-06-09 05:36:57 +08:00
耗子
bb35ee3378 优化默认Content-Type值及函数名 2025-06-09 05:17:15 +08:00
耗子
8193ade02d 修复get_curl方法header错误 2025-06-09 05:12:06 +08:00
耗子
904c3ceb5b 回滚swoole更改 2025-06-09 05:08:47 +08:00
耗子
5add791ef1 重构使用guzzlehttp发送请求 2025-06-09 05:04:06 +08:00
耗子
3587db2b53 优化代码格式 2025-06-09 01:53:04 +08:00
耗子
4a4cdd059c 优化代码格式 2025-06-09 01:47:53 +08:00
耗子
1021deb60d 优化部分代码 2025-06-09 01:43:58 +08:00
耗子
848610ffe0 优化部分代码 2025-06-09 00:51:50 +08:00
耗子
767aec5ebc 添加框架版本显示 2025-06-09 00:09:48 +08:00
耗子
30912fdf75 更新框架到8.1 2025-06-09 00:01:33 +08:00
net909
5050af2f73 修复阿里云设置权重 2025-06-06 09:49:45 +08:00
net909
6418c3a2ee 支持批量修改部署任务关联证书 2025-06-05 17:03:00 +08:00
net909
efd18676f3 界面优化 2025-06-04 22:52:38 +08:00
net909
5ba7c324af 优化添加部署账户页面 修复部分已知问题 2025-06-03 22:06:02 +08:00
net909
236610d8fb 证书订单支持设置手动续期 2025-05-31 21:34:43 +08:00
net909
0015015b7a 修复lecdn部署 2025-05-31 19:11:40 +08:00
net909
f776b9f47f 支持图形验证码关闭 2025-05-29 17:30:21 +08:00
消失的彩虹海
0860624bd5 Merge pull request #226 from FantajiNeko/main 
修复证书申请代理设置,使用反代时不使用代理
 2025-05-29 17:01:05 +08:00
Fantajī × Neko
e328dc6808 新增SOCK5H代理类型,远程解析主机名避免DNS污染 2025-05-29 16:43:51 +08:00
Fantajī × Neko
e58d8f4af1 修复证书申请代理设置,使用反代时不使用代理 2025-05-29 15:10:47 +08:00
net909
9d4260062c 修复ucloud证书 2025-05-25 20:44:04 +08:00
net909
17c50e4ba1 修复二级域名申请SSL 2025-05-25 20:35:23 +08:00
151 changed files with 7242 additions and 1465 deletions
Expand all files Collapse all files

15
.github/dependabot.yml vendored Normal file
View File

@@ -0,0 +1,15 @@
# Dependabot configuration.
#
# Please see the documentation for all configuration options:
# https://docs.github.com/code-security/dependabot/working-with-dependabot/dependabot-options-reference
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
- package-ecosystem: "composer"
directory: "/"
schedule:
interval: "daily"

1
.gitignore vendored
View File

@@ -3,4 +3,3 @@
/vendor
*.log
.env
/composer.lock

19
README.md
View File

@@ -17,6 +17,7 @@
- 多用户管理,可为每个用户可分配不同的域名解析权限;
- 提供API接口可获取域名单独的登录链接方便各种IDC系统对接
- 容灾切换功能支持ping、tcp、http(s)检测协议并自动暂停/修改域名解析,并支持发送通知;
- 定时切换功能,设置在指定时间/周期,自动修改/开启/暂停/删除域名解析;
- CF优选IP功能支持获取最新的Cloudflare优选IP并自动更新到解析记录
- SSL证书申请与自动部署功能支持从Let's Encrypt等渠道申请SSL证书并自动部署到各种面板、云服务商、服务器等
- 支持邮件、微信公众号、Telegram、钉钉、飞书、企业微信等多种通知渠道。
@@ -29,7 +30,7 @@
* 从[Release](https://github.com/netcccyun/dnsmgr/releases)页面下载安装包
* 运行环境要求PHP7.4+MySQL5.6+
* 运行环境要求PHP8.0+MySQL5.6+
* 设置网站运行目录为`public`
@@ -52,10 +53,13 @@
* Nginx
```
location ~* (runtime|application)/ {
return 403;
}
location / {
if (!-e $request_filename){
rewrite ^(.*)$ /index.php?s=$1 last; break;
}
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?s=$1 last; break;
}
}
```
@@ -95,7 +99,6 @@ docker pull swr.cn-east-3.myhuaweicloud.com/netcccyun/dnsmgr:latest
### docker-compose 部署
```
version: '3'
services:
dnsmgr-web:
container_name: dnsmgr-web
@@ -104,7 +107,7 @@ services:
ports:
- 8081:80
volumes:
- /volume1/docker/dnsmgr/web:/app/www
- ./web:/app/www
image: netcccyun/dnsmgr
depends_on:
- dnsmgr-mysql
@@ -195,6 +198,10 @@ SSL证书自动部署功能
⭐ 如果您觉得本项目对您有帮助,欢迎给项目点个 Star
🤝 捐赠:
<img height="240" src="https://wkphoto.bj.bcebos.com/d8f9d72a6059252db065f556249b033b5bb5b976.jpg">
### 其他推荐
- [彩虹云主机 - 免备案CDN/虚拟主机](https://www.cccyun.net/)

13
app/command/Certtask.php
View File

@@ -12,7 +12,10 @@ use think\console\input\Option;
use think\console\Output;
use think\facade\Db;
use think\facade\Config;
use app\service\OptimizeService;
use app\service\CertTaskService;
use app\service\ExpireNoticeService;
use app\service\ScheduleService;
class Certtask extends Command
{
@@ -20,7 +23,7 @@ class Certtask extends Command
{
// 指令配置
$this->setName('certtask')
->setDescription('证书申请与部署任务');
->setDescription('SSL证书续签与部署、域名到期提醒、定时切换解析、CF优选IP更新');
}
protected function execute(Input $input, Output $output)
@@ -28,6 +31,12 @@ class Certtask extends Command
$res = Db::name('config')->cache('configs', 0)->column('value', 'key');
Config::set($res, 'sys');
(new CertTaskService())->execute();
(new ScheduleService())->execute();
$res = (new OptimizeService())->execute();
if (!$res) {
(new CertTaskService())->execute();
(new ExpireNoticeService())->task();
}
echo 'done'.PHP_EOL;
}
}

33
app/command/Opiptask.php
View File

@@ -1,33 +0,0 @@
<?php
declare(strict_types=1);
namespace app\command;
use Exception;
use think\console\Command;
use think\console\Input;
use think\console\input\Argument;
use think\console\input\Option;
use think\console\Output;
use think\facade\Db;
use think\facade\Config;
use app\service\OptimizeService;
class Opiptask extends Command
{
protected function configure()
{
// 指令配置
$this->setName('opiptask')
->setDescription('CF优选IP任务');
}
protected function execute(Input $input, Output $output)
{
$res = Db::name('config')->cache('configs', 0)->column('value', 'key');
Config::set($res, 'sys');
(new OptimizeService())->execute();
}
}

328
app/common.php
View File

@@ -1,50 +1,54 @@
<?php
// 应用公共文件
use think\facade\Db;
use think\facade\Config;
use think\facade\Request;
use GuzzleHttp\Client;
use GuzzleHttp\Exception\GuzzleException;
function get_curl($url, $post = 0, $referer = 0, $cookie = 0, $header = 0, $ua = 0, $nobody = 0, $addheader = 0)
function get_curl($url, $post = 0, $referer = 0, $cookie = 0, $ua = 0, $nobody = 0, $addheader = [])
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
$httpheader[] = "Accept: */*";
$httpheader[] = "Accept-Encoding: gzip,deflate,sdch";
$httpheader[] = "Accept-Language: zh-CN,zh;q=0.8";
$httpheader[] = "Connection: close";
if ($addheader) {
$httpheader = array_merge($httpheader, $addheader);
}
curl_setopt($ch, CURLOPT_HTTPHEADER, $httpheader);
if ($post) {
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
}
if ($header) {
curl_setopt($ch, CURLOPT_HEADER, true);
$options = [
'timeout' => 10,
'verify' => false,
'headers' => [
'User-Agent' => $ua ?: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36'
],
'http_errors' => false // 不抛出异常
];
$options['headers'] = array_merge($options['headers'], $addheader);
if ($referer) {
$options['headers']['Referer'] = $referer;
}
if ($cookie) {
curl_setopt($ch, CURLOPT_COOKIE, $cookie);
$options['headers']['Cookie'] = $cookie;
}
if ($referer) {
curl_setopt($ch, CURLOPT_REFERER, $referer);
$method = 'GET';
if ($post) {
$method = 'POST';
if (!isset($options['headers']['Content-Type'])) {
$options['headers']['Content-Type'] = 'application/x-www-form-urlencoded';
}
if (is_array($post)) {
$options['form_params'] = $post;
} else {
$options['body'] = $post;
}
}
if ($ua) {
curl_setopt($ch, CURLOPT_USERAGENT, $ua);
} else {
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Linux; U; Android 4.0.4; es-mx; HTC_One_X Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0");
try {
$client = new Client();
$response = $client->request($method, $url, $options);
if ($nobody) {
return '';
}
return $response->getBody()->getContents();
} catch (GuzzleException $e) {
return '';
}
if ($nobody) {
curl_setopt($ch, CURLOPT_NOBODY, 1);
}
curl_setopt($ch, CURLOPT_ENCODING, "gzip");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$ret = curl_exec($ch);
curl_close($ch);
return $ret;
}
function real_ip($type = 0)
@@ -319,45 +323,41 @@ function getMainDomain($host)
function check_proxy($url, $proxy_server, $proxy_port, $type, $proxy_user, $proxy_pwd)
{
$ch = curl_init($url);
if ($type == 'https') {
$proxy_type = CURLPROXY_HTTPS;
} elseif ($type == 'sock4') {
$proxy_type = CURLPROXY_SOCKS4;
} elseif ($type == 'sock5') {
$proxy_type = CURLPROXY_SOCKS5;
} else {
$proxy_type = CURLPROXY_HTTP;
}
curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_PROXY, $proxy_server);
curl_setopt($ch, CURLOPT_PROXYPORT, intval($proxy_port));
match ($type) {
'https' => $proxy_string = 'https://',
'sock4' => $proxy_string = 'socks4://',
'sock5' => $proxy_string = 'socks5://',
'sock5h' => $proxy_string = 'socks5h://',
default => $proxy_string = 'http://',
};
if (!empty($proxy_user) && !empty($proxy_pwd)) {
curl_setopt($ch, CURLOPT_PROXYUSERPWD, $proxy_user . ':' . $proxy_pwd);
$proxy_string .= $proxy_user . ':' . $proxy_pwd . '@';
}
curl_setopt($ch, CURLOPT_PROXYTYPE, $proxy_type);
$httpheader[] = "Accept: */*";
$httpheader[] = "Accept-Language: zh-CN,zh;q=0.8";
$httpheader[] = "Connection: close";
curl_setopt($ch, CURLOPT_HTTPHEADER, $httpheader);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36');
curl_setopt($ch, CURLOPT_TIMEOUT, 3);
curl_exec($ch);
$errno = curl_errno($ch);
if ($errno) {
$errmsg = curl_error($ch);
curl_close($ch);
throw new Exception($errmsg);
}
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
if ($httpCode >= 200 && $httpCode < 400) {
return true;
} else {
throw new Exception('HTTP状态码异常' . $httpCode);
$proxy_string .= $proxy_server . ':' . intval($proxy_port);
$options = [
'proxy' => $proxy_string,
'timeout' => 3,
'connect_timeout' => 3,
'verify' => false,
'headers' => [
'User-Agent' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36'
]
];
try {
$client = new Client();
$response = $client->request('GET', $url, $options);
$httpCode = $response->getStatusCode();
if ($httpCode >= 200 && $httpCode < 400) {
return true;
} else {
throw new Exception('HTTP状态码异常' . $httpCode);
}
} catch (GuzzleException $e) {
throw new Exception(guzzle_error($e));
}
}
@@ -392,59 +392,155 @@ function clearDirectory($dir): bool
return true;
}
function curl_client($url, $data = null, $referer = null, $cookie = null, $headers = null, $proxy = false, $method = null, $timeout = 5, $default_headers = true)
/**
* 发送 HTTP 请求
*
* @param string $url 请求URL
* @param mixed $data 请求数据,可以是字符串或数组,数组将自动根据请求方法及传入的 Content-Type 头序列化
* @param string|null $referer 请求的 Referer 头
* @param array|null $cookie 请求的 Cookie 头
* @param array|null $headers 其他自定义请求头
* @param bool $proxy 是否使用代理
* @param string|null $method 请求方法,默认为 GET 或 POST如果存在请求数据
* @param int $timeout 请求超时时间,默认为 10 秒
* @return array 包含 HTTP 状态码、重定向 URL、响应头和响应体的数组
* @throws Exception
*/
function http_request($url, $data = null, $referer = null, $cookie = null, $headers = null, $proxy = false, $method = null, $timeout = 10): array
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
if ($default_headers === true) {
$httpheader[] = "Accept: */*";
$httpheader[] = "Accept-Language: zh-CN,zh;q=0.8";
$httpheader[] = "Connection: close";
if ($headers) {
$httpheader = array_merge($headers, $httpheader);
}
} else {
$httpheader = $headers;
$options = [
'timeout' => $timeout,
'connect_timeout' => $timeout,
'allow_redirects' => false,
'verify' => false,
'headers' => [
'User-Agent' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36',
],
'http_errors' => false // 不抛出异常
];
// 默认请求方法
if (!$method) {
$method = $data ? 'POST' : 'GET';
}
curl_setopt($ch, CURLOPT_HTTPHEADER, $httpheader);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.95 Safari/537.36");
curl_setopt($ch, CURLOPT_HEADER, true);
if ($data) {
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
// 处理头部
if (is_array($headers)) {
$options['headers'] = array_merge($options['headers'], $headers);
}
// 处理Cookie
if ($cookie) {
curl_setopt($ch, CURLOPT_COOKIE, $cookie);
$options['headers']['Cookie'] = $cookie;
}
// 处理Referer
if ($referer) {
curl_setopt($ch, CURLOPT_REFERER, $referer);
$options['headers']['Referer'] = $referer;
}
if ($method) {
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
// 处理数据
if ($data) {
if ($method !== 'GET') {
if (is_string($data)) {
$options['body'] = $data;
if (!isset($options['headers']['Content-Type'])) {
if (json_validate($data)) {
// json
$options['headers']['Content-Type'] = 'application/json';
} elseif (str_contains($data, '=') || str_contains($data, '&')) {
// 表单
$options['headers']['Content-Type'] = 'application/x-www-form-urlencoded';
}
}
} else if (is_array($data) || is_object($data)) {
if (!isset($options['headers']['Content-Type'])) {
// 默认为表单
$options['headers']['Content-Type'] = 'application/x-www-form-urlencoded';
}
if ($options['headers']['Content-Type'] == 'application/x-www-form-urlencoded') {
// 表单
$options['form_params'] = $data;
} else if ($options['headers']['Content-Type'] == 'multipart/form-data') {
// 表单文件
$options['multipart'] = $data;
unset($options['headers']['Content-Type']); // 由GuzzleHttp重新生成Content-Type头部
} else if ($options['headers']['Content-Type'] == 'application/json') {
// json
$options['json'] = $data;
} else {
// 其他
$options['body'] = http_build_query($data);
}
} else {
$options['body'] = $data;
}
} else {
// 兼容已经存在查询字符串的情况
if (!str_contains($url, '?')) {
$options['query'] = $data;
}
}
}
// 处理代理
if ($proxy) {
curl_set_proxy($ch);
$proxy_server = config_get('proxy_server');
$proxy_port = intval(config_get('proxy_port'));
$proxy_userpwd = config_get('proxy_user').':'.config_get('proxy_pwd');
$proxy_type = config_get('proxy_type');
if (empty($proxy_server) || empty($proxy_port)) {
throw new Exception('代理服务器或端口未配置');
}
match ($proxy_type) {
'https' => $proxy_string = 'https://',
'sock4' => $proxy_string = 'socks4://',
'sock5' => $proxy_string = 'socks5://',
'sock5h' => $proxy_string = 'socks5h://',
default => $proxy_string = 'http://',
};
if ($proxy_userpwd != ':') {
$proxy_string .= $proxy_userpwd . '@';
}
$proxy_string .= $proxy_server . ':' . $proxy_port;
$options['proxy'] = $proxy_string;
}
$ret = curl_exec($ch);
$errno = curl_errno($ch);
if ($errno) {
$errmsg = curl_error($ch);
curl_close($ch);
throw new Exception('Curl error: ' . $errmsg);
try {
$client = new Client();
$response = $client->request($method, $url, $options);
$code = $response->getStatusCode();
// 取重定向URL
$redirect_url = '';
if ($code >= 300 && $code < 400) {
$redirect_url = $response->getHeaderLine('Location');
}
return [
'code' => $code,
'redirect_url' => $redirect_url,
'headers' => $response->getHeaders(),
'body' => $response->getBody()->getContents()
];
} catch (GuzzleException $e) {
throw new Exception('请求失败: ' . guzzle_error($e));
}
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$headerSize = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
$redirect_url = curl_getinfo($ch, CURLINFO_REDIRECT_URL);
curl_close($ch);
$header = substr($ret, 0, $headerSize);
$body = substr($ret, $headerSize);
return ['code' => $httpCode, 'redirect_url' => $redirect_url, 'header' => $header, 'body' => $body];
}
function guzzle_error($e)
{
$errmsg = $e->getMessage();
if (preg_match('/^cURL error \d+: /', $errmsg)) {
$errmsg = preg_replace('/^cURL error \d+: /', '', $errmsg);
}
$pos = strpos($errmsg, ' (see https://curl.haxx.se/libcurl/c/libcurl-errors.html)');
if ($pos !== false) {
$errmsg = substr($errmsg, 0, $pos);
}
if (strlen($errmsg) > 100) {
$errmsg = substr($errmsg, 0, 97) . '...';
}
return $errmsg;
}
function curl_set_proxy(&$ch)
@@ -462,6 +558,8 @@ function curl_set_proxy(&$ch)
$proxy_type = CURLPROXY_SOCKS4;
} elseif ($proxy_type == 'sock5') {
$proxy_type = CURLPROXY_SOCKS5;
} elseif ($proxy_type == 'sock5h') {
$proxy_type = CURLPROXY_SOCKS5_HOSTNAME;
} else {
$proxy_type = CURLPROXY_HTTP;
}
@@ -496,7 +594,7 @@ function getDomainDate($domain)
$info = $whois->loadDomainInfo($domain);
if ($info) {
if ($info->expirationDate > 0) {
return [date('Y-m-d H:i:s', $info->creationDate), date('Y-m-d H:i:s', $info->expirationDate)];
return [$info->creationDate > 0 ? date('Y-m-d H:i:s', $info->creationDate) : null, date('Y-m-d H:i:s', $info->expirationDate)];
} else {
throw new Exception('域名到期时间未知');
}

2
app/controller/Auth.php
View File

@@ -26,7 +26,7 @@ class Auth extends BaseController
if (empty($username) || empty($password)) {
return json(['code' => -1, 'msg' => '用户名或密码不能为空']);
}
if (!captcha_check($code)) {
if (config_get('vcode', '1') == '1' && !captcha_check($code)) {
return json(['code' => -1, 'msg' => '验证码错误', 'vcode' => 1]);
}
if (file_exists($login_limit_file)) {

509
app/controller/Cert.php
View File

@@ -43,8 +43,17 @@ class Cert extends BaseController
$list = [];
foreach ($rows as $row) {
$row['typename'] = $deploy == 1 ? DeployHelper::$deploy_config[$row['type']]['name'] : CertHelper::$cert_config[$row['type']]['name'];
$row['icon'] = $deploy == 1 ? DeployHelper::$deploy_config[$row['type']]['icon'] : CertHelper::$cert_config[$row['type']]['icon'];
if ($deploy == 1) {
if (!empty($row['type']) && isset(DeployHelper::$deploy_config[$row['type']])) {
$row['typename'] = DeployHelper::$deploy_config[$row['type']]['name'];
$row['icon'] = DeployHelper::$deploy_config[$row['type']]['icon'];
}
} else {
if (!empty($row['type']) && isset(CertHelper::$cert_config[$row['type']])) {
$row['typename'] = CertHelper::$cert_config[$row['type']]['name'];
$row['icon'] = CertHelper::$cert_config[$row['type']]['icon'];
}
}
$list[] = $row;
}
@@ -66,7 +75,7 @@ class Cert extends BaseController
if ($type == 'local') $name = '复制到本机';
if (empty($name) || empty($config)) return json(['code' => -1, 'msg' => '必填参数不能为空']);
if (Db::name('cert_account')->where('type', $type)->where('config', $config)->find()) {
return json(['code' => -1, 'msg' => $title.'已存在']);
return json(['code' => -1, 'msg' => $title . '已存在']);
}
Db::startTrans();
$id = Db::name('cert_account')->insertGetId([
@@ -80,15 +89,15 @@ class Cert extends BaseController
try {
$this->checkAccount($id, $type, $deploy);
Db::commit();
return json(['code' => 0, 'msg' => '添加'.$title.'成功!']);
} catch(Exception $e) {
return json(['code' => 0, 'msg' => '添加' . $title . '成功!']);
} catch (Exception $e) {
Db::rollback();
return json(['code' => -1, 'msg' => $e->getMessage()]);
}
} elseif ($action == 'edit') {
$id = input('post.id/d');
$row = Db::name('cert_account')->where('id', $id)->find();
if (!$row) return json(['code' => -1, 'msg' => $title.'不存在']);
if (!$row) return json(['code' => -1, 'msg' => $title . '不存在']);
$type = input('post.type');
$name = input('post.name', null, 'trim');
$config = input('post.config', null, 'trim');
@@ -96,7 +105,7 @@ class Cert extends BaseController
if ($type == 'local') $name = '复制到本机';
if (empty($name) || empty($config)) return json(['code' => -1, 'msg' => '必填参数不能为空']);
if (Db::name('cert_account')->where('type', $type)->where('config', $config)->where('id', '<>', $id)->find()) {
return json(['code' => -1, 'msg' => $title.'已存在']);
return json(['code' => -1, 'msg' => $title . '已存在']);
}
Db::startTrans();
Db::name('cert_account')->where('id', $id)->update([
@@ -108,19 +117,19 @@ class Cert extends BaseController
try {
$this->checkAccount($id, $type, $deploy);
Db::commit();
return json(['code' => 0, 'msg' => '修改'.$title.'成功!']);
} catch(Exception $e) {
return json(['code' => 0, 'msg' => '修改' . $title . '成功!']);
} catch (Exception $e) {
Db::rollback();
return json(['code' => -1, 'msg' => $e->getMessage()]);
}
} elseif ($action == 'del') {
$id = input('post.id/d');
if($deploy == 0){
if ($deploy == 0) {
$dcount = DB::name('cert_order')->where('aid', $id)->count();
if ($dcount > 0) return json(['code' => -1, 'msg' => '该'.$title.'下存在证书订单,无法删除']);
}else{
if ($dcount > 0) return json(['code' => -1, 'msg' => '该' . $title . '下存在证书订单,无法删除']);
} else {
$dcount = DB::name('cert_deploy')->where('aid', $id)->count();
if ($dcount > 0) return json(['code' => -1, 'msg' => '该'.$title.'下存在自动部署任务,无法删除']);
if ($dcount > 0) return json(['code' => -1, 'msg' => '该' . $title . '下存在自动部署任务,无法删除']);
}
Db::name('cert_account')->where('id', $id)->delete();
return json(['code' => 0]);
@@ -139,7 +148,7 @@ class Cert extends BaseController
if ($action == 'edit') {
$id = input('get.id/d');
$account = Db::name('cert_account')->where('id', $id)->find();
if (empty($account)) return $this->alert('error', $title.'不存在');
if (empty($account)) return $this->alert('error', $title . '不存在');
}
$typeList = $deploy == 1 ? DeployHelper::getList() : CertHelper::getList();
@@ -156,32 +165,32 @@ class Cert extends BaseController
private function checkAccount($id, $type, $deploy)
{
if($deploy == 0){
if ($deploy == 0) {
$mod = CertHelper::getModel($id);
if($mod){
try{
if ($mod) {
try {
$ext = $mod->register();
if(is_array($ext)){
Db::name('cert_account')->where('id', $id)->update(['ext'=>json_encode($ext)]);
if (is_array($ext)) {
Db::name('cert_account')->where('id', $id)->update(['ext' => json_encode($ext)]);
}
return true;
}catch(Exception $e){
} catch (Exception $e) {
throw new Exception('验证SSL证书账户失败' . $e->getMessage());
}
}else{
throw new Exception('SSL证书申请模块'.$type.'不存在');
} else {
throw new Exception('SSL证书申请模块' . $type . '不存在');
}
}else{
} else {
$mod = DeployHelper::getModel($id);
if($mod){
try{
if ($mod) {
try {
$mod->check();
return true;
}catch(Exception $e){
} catch (Exception $e) {
throw new Exception('验证自动部署账户失败,' . $e->getMessage());
}
}else{
throw new Exception('SSL证书申请模块'.$type.'不存在');
} else {
throw new Exception('SSL证书申请模块' . $type . '不存在');
}
}
}
@@ -190,7 +199,7 @@ class Cert extends BaseController
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
$types = [];
foreach(CertHelper::$cert_config as $key=>$value){
foreach (CertHelper::$cert_config as $key => $value) {
$types[$key] = $value['name'];
}
View::assign('types', $types);
@@ -202,18 +211,22 @@ class Cert extends BaseController
if (!checkPermission(2)) return $this->alert('error', '无权限');
$domain = $this->request->post('domain', null, 'trim');
$id = input('post.id');
$aid = input('post.aid', null, 'trim');
$type = input('post.type', null, 'trim');
$status = input('post.status', null, 'trim');
$offset = input('post.offset/d');
$limit = input('post.limit/d');
$select = Db::name('cert_order')->alias('A')->join('cert_account B', 'A.aid = B.id');
$select = Db::name('cert_order')->alias('A')->leftJoin('cert_account B', 'A.aid = B.id');
if (!empty($id)) {
$select->where('A.id', $id);
}elseif (!empty($domain)) {
} elseif (!empty($domain)) {
$oids = Db::name('cert_domain')->where('domain', 'like', '%' . $domain . '%')->column('oid');
$select->whereIn('A.id', $oids);
}
if (!empty($aid)) {
$select->where('A.aid', $aid);
}
if (!empty($type)) {
$select->where('B.type', $type);
}
@@ -233,11 +246,15 @@ class Cert extends BaseController
$list = [];
foreach ($rows as $row) {
$row['typename'] = CertHelper::$cert_config[$row['type']]['name'];
$row['icon'] = CertHelper::$cert_config[$row['type']]['icon'];
$row['domains'] = Db::name('cert_domain')->where('oid', $row['id'])->order('sort','ASC')->column('domain');
if (!empty($row['type']) && isset(CertHelper::$cert_config[$row['type']])) {
$row['typename'] = CertHelper::$cert_config[$row['type']]['name'];
$row['icon'] = CertHelper::$cert_config[$row['type']]['icon'];
} else {
$row['typename'] = null;
}
$row['domains'] = Db::name('cert_domain')->where('oid', $row['id'])->order('sort', 'ASC')->column('domain');
$row['end_day'] = $row['expiretime'] ? ceil((strtotime($row['expiretime']) - time()) / 86400) : null;
if($row['error']) $row['error'] = htmlspecialchars(str_replace("'", "\\'", $row['error']));
if ($row['error']) $row['error'] = htmlspecialchars(str_replace("'", "\\'", $row['error']));
$list[] = $row;
}
@@ -252,7 +269,7 @@ class Cert extends BaseController
if (!$row) return json(['code' => -1, 'msg' => '证书订单不存在']);
$pfx = CertHelper::getPfx($row['fullchain'], $row['privatekey']);
$row['pfx'] = base64_encode($pfx);
return json(['code' => 0, 'data' => ['id' => $row['id'], 'crt' => $row['fullchain'], 'key' => $row['privatekey'], 'pfx' => $row['pfx'], 'issuetime' => $row['issuetime'], 'expiretime' => $row['expiretime'], 'domains' => Db::name('cert_domain')->where('oid', $row['id'])->order('sort','ASC')->column('domain')]]);
return json(['code' => 0, 'data' => ['id' => $row['id'], 'crt' => $row['fullchain'], 'key' => $row['privatekey'], 'pfx' => $row['pfx'], 'issuetime' => $row['issuetime'], 'expiretime' => $row['expiretime'], 'domains' => Db::name('cert_domain')->where('oid', $row['id'])->order('sort', 'ASC')->column('domain')]]);
}
public function order_op()
@@ -268,32 +285,66 @@ class Cert extends BaseController
$row['pfx'] = base64_encode($pfx);
return json(['code' => 0, 'data' => $row]);
} elseif ($action == 'add') {
$domains = input('post.domains', [], 'trim');
$order = [
'aid' => input('post.aid/d'),
'keytype' => input('post.keytype'),
'keysize' => input('post.keysize'),
'addtime' => date('Y-m-d H:i:s'),
'issuer' => '',
'status' => 0,
'isauto' => 1,
];
$domains = array_map('trim', $domains);
$domains = array_filter($domains, function ($v) {
return !empty($v);
});
$domains = array_unique($domains);
if (empty($domains)) return json(['code' => -1, 'msg' => '绑定域名不能为空']);
if (empty($order['aid']) || empty($order['keytype']) || empty($order['keysize'])) return json(['code' => -1, 'msg' => '必填参数不能为空']);
$aid = input('post.aid/d');
$res = $this->check_order($order, $domains);
if (is_array($res)) return json($res);
if ($aid == -1) {
$fullchain = input('post.fullchain', null, 'trim');
$privatekey = input('post.privatekey', null, 'trim');
$certInfo = $this->parse_cert_key($fullchain, $privatekey);
if ($certInfo['code'] == -1) return json($certInfo);
$domains = $certInfo['domains'];
$order_ids = Db::name('cert_order')->where('issuetime', $certInfo['issuetime'])->column('id');
if (!empty($order_ids)) {
foreach ($order_ids as $order_id) {
$domains2 = Db::name('cert_domain')->where('oid', $order_id)->column('domain');
if (arrays_are_equal($domains2, $domains)) {
return json(['code' => -1, 'msg' => '该证书已存在,无需重复添加']);
}
}
}
$order = [
'aid' => 0,
'keytype' => $certInfo['keytype'],
'keysize' => $certInfo['keysize'],
'addtime' => date('Y-m-d H:i:s'),
'updatetime' => date('Y-m-d H:i:s'),
'issuetime' => $certInfo['issuetime'],
'expiretime' => $certInfo['expiretime'],
'issuer' => $certInfo['issuer'],
'status' => 3,
'isauto' => 1,
'fullchain' => $fullchain,
'privatekey' => $privatekey,
];
} else {
$order = [
'aid' => $aid,
'keytype' => input('post.keytype'),
'keysize' => input('post.keysize'),
'addtime' => date('Y-m-d H:i:s'),
'issuer' => '',
'status' => 0,
'isauto' => 1,
];
$domains = input('post.domains', [], 'trim');
$domains = array_map('trim', $domains);
$domains = array_filter($domains, function ($v) {
return !empty($v);
});
$domains = array_unique($domains);
if (empty($domains)) return json(['code' => -1, 'msg' => '绑定域名不能为空']);
$res = $this->check_order($order, $domains);
if (is_array($res)) return json($res);
}
if (empty($order['keytype']) || empty($order['keysize'])) return json(['code' => -1, 'msg' => '必填参数不能为空']);
Db::startTrans();
$id = Db::name('cert_order')->insertGetId($order);
$domainList = [];
$i=1;
foreach($domains as $domain){
$i = 1;
foreach ($domains as $domain) {
$domainList[] = [
'oid' => $id,
'domain' => convertDomainToAscii($domain),
@@ -307,31 +358,53 @@ class Cert extends BaseController
$id = input('post.id/d');
$row = Db::name('cert_order')->where('id', $id)->find();
if (!$row) return json(['code' => -1, 'msg' => '证书订单不存在']);
$domains = input('post.domains', [], 'trim');
$order = [
'aid' => input('post.aid/d'),
'keytype' => input('post.keytype'),
'keysize' => input('post.keysize'),
'updatetime' => date('Y-m-d H:i:s'),
];
$domains = array_map('trim', $domains);
$domains = array_filter($domains, function ($v) {
return !empty($v);
});
$domains = array_unique($domains);
if (empty($domains)) return json(['code' => -1, 'msg' => '绑定域名不能为空']);
if (empty($order['aid']) || empty($order['keytype']) || empty($order['keysize'])) return json(['code' => -1, 'msg' => '必填参数不能为空']);
$res = $this->check_order($order, $domains);
if (is_array($res)) return json($res);
$aid = input('post.aid/d');
if ($aid == -1) {
$fullchain = input('post.fullchain', null, 'trim');
$privatekey = input('post.privatekey', null, 'trim');
$certInfo = $this->parse_cert_key($fullchain, $privatekey);
if ($certInfo['code'] == -1) return json($certInfo);
$domains = $certInfo['domains'];
$order = [
'aid' => 0,
'keytype' => $certInfo['keytype'],
'keysize' => $certInfo['keysize'],
'updatetime' => date('Y-m-d H:i:s'),
'issuetime' => $certInfo['issuetime'],
'expiretime' => $certInfo['expiretime'],
'issuer' => $certInfo['issuer'],
'status' => 3,
'issend' => 0,
'fullchain' => $fullchain,
'privatekey' => $privatekey,
];
} else {
$domains = input('post.domains', [], 'trim');
$order = [
'aid' => $aid,
'keytype' => input('post.keytype'),
'keysize' => input('post.keysize'),
'updatetime' => date('Y-m-d H:i:s'),
];
$domains = array_map('trim', $domains);
$domains = array_filter($domains, function ($v) {
return !empty($v);
});
$domains = array_unique($domains);
if (empty($domains)) return json(['code' => -1, 'msg' => '绑定域名不能为空']);
$res = $this->check_order($order, $domains);
if (is_array($res)) return json($res);
}
if (empty($order['keytype']) || empty($order['keysize'])) return json(['code' => -1, 'msg' => '必填参数不能为空']);
Db::startTrans();
Db::name('cert_order')->where('id', $id)->update($order);
Db::name('cert_domain')->where('oid', $id)->delete();
$domainList = [];
$i=1;
foreach($domains as $domain){
$i = 1;
foreach ($domains as $domain) {
$domainList[] = [
'oid' => $id,
'domain' => convertDomainToAscii($domain),
@@ -341,79 +414,13 @@ class Cert extends BaseController
Db::name('cert_domain')->insertAll($domainList);
Db::commit();
return json(['code' => 0, 'msg' => '修改证书订单成功!']);
} elseif ($action == 'import') {
$fullchain = input('post.fullchain', null, 'trim');
$privatekey = input('post.privatekey', null, 'trim');
if (!openssl_x509_read($fullchain)) return json(['code' => -1, 'msg' => '证书内容填写错误']);
if (!openssl_get_privatekey($privatekey)) return json(['code' => -1, 'msg' => '私钥内容填写错误']);
if (!openssl_x509_check_private_key($fullchain, $privatekey)) return json(['code' => -1, 'msg' => 'SSL证书与私钥不匹配']);
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo || !isset($certInfo['extensions']['subjectAltName'])) return json(['code' => -1, 'msg' => '证书内容解析失败']);
$domains = [];
$subjectAltName = explode(',', $certInfo['extensions']['subjectAltName']);
foreach ($subjectAltName as $domain) {
$domain = trim($domain);
if (strpos($domain, 'DNS:') === 0) $domain = substr($domain, 4);
if (!empty($domain)) {
$domains[] = $domain;
}
}
$domains = array_unique($domains);
if (empty($domains)) return json(['code' => -1, 'msg' => '证书绑定域名不能为空']);
$issuetime = date('Y-m-d H:i:s', $certInfo['validFrom_time_t']);
$expiretime = date('Y-m-d H:i:s', $certInfo['validTo_time_t']);
$issuer = $certInfo['issuer']['CN'];
$order_ids = Db::name('cert_order')->where('issuetime', $issuetime)->column('id');
if (!empty($order_ids)) {
foreach ($order_ids as $order_id) {
$domains2 = Db::name('cert_domain')->where('oid', $order_id)->column('domain');
if (arrays_are_equal($domains2, $domains)) {
return json(['code' => -1, 'msg' => '该证书已存在,无需重复添加']);
}
}
}
$order = [
'aid' => input('post.aid/d'),
'keytype' => input('post.keytype'),
'keysize' => input('post.keysize'),
'addtime' => date('Y-m-d H:i:s'),
'updatetime' => date('Y-m-d H:i:s'),
'issuetime' => $issuetime,
'expiretime' => $expiretime,
'issuer' => $issuer,
'status' => 3,
'fullchain' => $fullchain,
'privatekey' => $privatekey,
];
if (empty($order['aid']) || empty($order['keytype']) || empty($order['keysize'])) return json(['code' => -1, 'msg' => '必填参数不能为空']);
$res = $this->check_order($order, $domains);
if (is_array($res)) return json($res);
Db::startTrans();
$id = Db::name('cert_order')->insertGetId($order);
$domainList = [];
$i = 1;
foreach ($domains as $domain) {
$domainList[] = [
'oid' => $id,
'domain' => $domain,
'sort' => $i++,
];
}
Db::name('cert_domain')->insertAll($domainList);
Db::commit();
return json(['code' => 0, 'msg' => '导入证书成功!']);
} elseif ($action == 'del') {
$id = input('post.id/d');
$dcount = DB::name('cert_deploy')->where('oid', $id)->count();
if ($dcount > 0) return json(['code' => -1, 'msg' => '该证书关联了自动部署任务,无法删除']);
try{
try {
(new CertOrderService($id))->cancel();
}catch(Exception $e){
} catch (Exception $e) {
}
Db::name('cert_order')->where('id', $id)->delete();
Db::name('cert_domain')->where('oid', $id)->delete();
@@ -425,33 +432,33 @@ class Cert extends BaseController
return json(['code' => 0]);
} elseif ($action == 'reset') {
$id = input('post.id/d');
try{
try {
$service = new CertOrderService($id);
$service->cancel();
$service->reset();
return json(['code' => 0]);
}catch(Exception $e){
} catch (Exception $e) {
return json(['code' => -1, 'msg' => $e->getMessage()]);
}
} elseif ($action == 'revoke') {
$id = input('post.id/d');
try{
try {
$service = new CertOrderService($id);
$service->revoke();
return json(['code' => 0]);
}catch(Exception $e){
} catch (Exception $e) {
return json(['code' => -1, 'msg' => $e->getMessage()]);
}
} elseif ($action == 'show_log') {
$processid = input('post.processid');
$file = app()->getRuntimePath().'log/'.$processid.'.log';
if(!file_exists($file)) return json(['code' => -1, 'msg' => '日志文件不存在']);
return json(['code' => 0, 'data' => file_get_contents($file), 'time'=>filemtime($file)]);
$file = app()->getRuntimePath() . 'log/' . $processid . '.log';
if (!file_exists($file)) return json(['code' => -1, 'msg' => '日志文件不存在']);
return json(['code' => 0, 'data' => file_get_contents($file), 'time' => filemtime($file)]);
} elseif ($action == 'operation') {
$ids = input('post.ids');
$success = 0;
foreach ($ids as $id) {
if (input('post.action') == 'delete') {
if (input('post.act') == 'delete') {
$dcount = DB::name('cert_deploy')->where('oid', $id)->count();
if ($dcount > 0) continue;
try {
@@ -461,7 +468,7 @@ class Cert extends BaseController
Db::name('cert_order')->where('id', $id)->delete();
Db::name('cert_domain')->where('oid', $id)->delete();
$success++;
} elseif (input('post.action') == 'reset') {
} elseif (input('post.act') == 'reset') {
try {
$service = new CertOrderService($id);
$service->cancel();
@@ -469,8 +476,8 @@ class Cert extends BaseController
$success++;
} catch (Exception $e) {
}
} elseif (input('post.action') == 'open' || input('post.action') == 'close') {
$isauto = input('post.action') == 'open' ? 1 : 0;
} elseif (input('post.act') == 'open' || input('post.act') == 'close') {
$isauto = input('post.act') == 'open' ? 1 : 0;
Db::name('cert_order')->where('id', $id)->update(['isauto' => $isauto]);
$success++;
}
@@ -489,24 +496,79 @@ class Cert extends BaseController
$cname = CertHelper::$cert_config[$account['type']]['cname'];
if (count($domains) > $max_domains) {
if (!(count($domains) == 2 && $max_domains == 1 && ltrim($domains[0], 'www.') == ltrim($domains[1], 'www.'))) {
return ['code' => -1, 'msg' => '域名数量不能超过'.$max_domains.'个'];
return ['code' => -1, 'msg' => '域名数量不能超过' . $max_domains . '个'];
}
}
foreach($domains as $domain){
foreach ($domains as $domain) {
if (!$wildcard && strpos($domain, '*') !== false) return ['code' => -1, 'msg' => '该证书账户类型不支持泛域名'];
$mainDomain = getMainDomain($domain);
$drow = Db::name('domain')->where('name', $mainDomain)->find();
if (!$drow) {
if (substr($domain, 0, 2) == '*.') $domain = substr($domain, 2);
if (!$cname || !Db::name('cert_cname')->where('domain', $domain)->where('status', 1)->find()) {
return ['code' => -1, 'msg' => '域名'.$domain.'未在本系统添加'];
return ['code' => -1, 'msg' => '域名' . $domain . '未在本系统添加'];
}
}
}
return true;
}
private function parse_cert_key($fullchain, $privatekey)
{
if (!openssl_x509_read($fullchain)) return ['code' => -1, 'msg' => '证书内容填写错误'];
if (!openssl_get_privatekey($privatekey)) return ['code' => -1, 'msg' => '私钥内容填写错误'];
if (!openssl_x509_check_private_key($fullchain, $privatekey)) return ['code' => -1, 'msg' => 'SSL证书与私钥不匹配'];
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo || !isset($certInfo['extensions']['subjectAltName'])) return ['code' => -1, 'msg' => '证书内容解析失败'];
$pubKey = openssl_pkey_get_public($fullchain);
if (!$pubKey) return ['code' => -1, 'msg' => '证书公钥解析失败'];
$keyDetails = openssl_pkey_get_details($pubKey);
$keytype = null;
$keysize = 0;
switch ($keyDetails['type']) {
case OPENSSL_KEYTYPE_RSA:
$keytype = 'RSA';
$keysize = $keyDetails['bits'];
break;
case OPENSSL_KEYTYPE_EC:
$keytype = 'ECC';
$keysize = $keyDetails['bits'];
break;
case OPENSSL_KEYTYPE_DSA:
$keytype = 'DSA';
$keysize = $keyDetails['bits'];
break;
default:
$keytype = 'Unknown';
}
$domains = [];
$subjectAltName = explode(',', $certInfo['extensions']['subjectAltName']);
foreach ($subjectAltName as $domain) {
$domain = trim($domain);
if (strpos($domain, 'DNS:') === 0) $domain = substr($domain, 4);
if (!empty($domain)) {
$domains[] = $domain;
}
}
$domains = array_unique($domains);
if (empty($domains)) return ['code' => -1, 'msg' => '证书绑定域名不能为空'];
$issuetime = date('Y-m-d H:i:s', $certInfo['validFrom_time_t']);
$expiretime = date('Y-m-d H:i:s', $certInfo['validTo_time_t']);
$issuer = $certInfo['issuer']['CN'];
return [
'code' => 0,
'keytype' => $keytype,
'keysize' => $keysize,
'issuetime' => $issuetime,
'expiretime' => $expiretime,
'issuer' => $issuer,
'domains' => $domains,
];
}
public function order_process()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
@@ -518,18 +580,18 @@ class Cert extends BaseController
}
$id = input('post.id/d');
$reset = input('post.reset/d', 0);
try{
try {
$service = new CertOrderService($id);
if($reset == 1){
if ($reset == 1) {
$service->reset();
}
$retcode = $service->process(true);
if($retcode == 3){
if ($retcode == 3) {
return json(['code' => 0, 'msg' => '证书已签发成功!']);
}elseif($retcode == 1){
} elseif ($retcode == 1) {
return json(['code' => 0, 'msg' => '添加DNS记录成功请等待DNS生效后点击验证']);
}
}catch(Exception $e){
} catch (Exception $e) {
return json(['code' => -1, 'msg' => $e->getMessage(), 'trace' => $e->getTrace()]);
}
}
@@ -542,14 +604,16 @@ class Cert extends BaseController
$order = null;
if ($action == 'edit') {
$id = input('get.id/d');
$order = Db::name('cert_order')->where('id', $id)->fieldRaw('id,aid,keytype,keysize,status')->find();
$order = Db::name('cert_order')->where('id', $id)->fieldRaw('id,aid,keytype,keysize,status,fullchain,privatekey')->find();
if (empty($order)) return $this->alert('error', '证书订单不存在');
$order['domains'] = Db::name('cert_domain')->where('oid', $order['id'])->order('sort','ASC')->column('domain');
$order['domains'] = Db::name('cert_domain')->where('oid', $order['id'])->order('sort', 'ASC')->column('domain');
if ($order['aid'] == 0) $order['aid'] = -1;
}
$accounts = [];
foreach (Db::name('cert_account')->where('deploy', 0)->select() as $row) {
$accounts[$row['id']] = ['name'=>$row['id'].'_'.CertHelper::$cert_config[$row['type']]['name'], 'type'=>$row['type']];
if (empty($row['type']) || !isset(CertHelper::$cert_config[$row['type']])) continue;
$accounts[$row['id']] = ['name' => $row['id'] . '_' . CertHelper::$cert_config[$row['type']]['name'], 'type' => $row['type']];
if (!empty($row['remark'])) {
$accounts[$row['id']]['name'] .= '' . $row['remark'] . '';
}
@@ -561,26 +625,11 @@ class Cert extends BaseController
return View::fetch();
}
public function order_import()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
$accounts = [];
foreach (Db::name('cert_account')->where('deploy', 0)->select() as $row) {
$accounts[$row['id']] = ['name'=>$row['id'].'_'.CertHelper::$cert_config[$row['type']]['name'], 'type'=>$row['type']];
if (!empty($row['remark'])) {
$accounts[$row['id']]['name'] .= '' . $row['remark'] . '';
}
}
View::assign('accounts', $accounts);
return View::fetch();
}
public function deploytask()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
$types = [];
foreach(DeployHelper::$deploy_config as $key=>$value){
foreach (DeployHelper::$deploy_config as $key => $value) {
$types[$key] = $value['name'];
}
View::assign('types', $types);
@@ -592,19 +641,23 @@ class Cert extends BaseController
if (!checkPermission(2)) return $this->alert('error', '无权限');
$domain = $this->request->post('domain', null, 'trim');
$oid = input('post.oid');
$aid = input('post.aid', null, 'trim');
$type = input('post.type', null, 'trim');
$status = input('post.status', null, 'trim');
$remark = input('post.remark', null, 'trim');
$offset = input('post.offset/d');
$limit = input('post.limit/d');
$select = Db::name('cert_deploy')->alias('A')->join('cert_account B', 'A.aid = B.id')->join('cert_order C', 'A.oid = C.id')->join('cert_account D', 'C.aid = D.id');
$select = Db::name('cert_deploy')->alias('A')->leftJoin('cert_account B', 'A.aid = B.id')->leftJoin('cert_order C', 'A.oid = C.id')->leftJoin('cert_account D', 'C.aid = D.id');
if (!empty($oid)) {
$select->where('A.oid', $oid);
} elseif (!empty($domain)) {
$oids = Db::name('cert_domain')->where('domain', 'like', '%' . $domain . '%')->column('oid');
$select->whereIn('oid', $oids);
}
if (!empty($aid)) {
$select->where('A.aid', $aid);
}
if (!empty($type)) {
$select->where('B.type', $type);
}
@@ -619,11 +672,17 @@ class Cert extends BaseController
$list = [];
foreach ($rows as $row) {
$row['typename'] = DeployHelper::$deploy_config[$row['type']]['name'];
$row['icon'] = DeployHelper::$deploy_config[$row['type']]['icon'];
$row['certtypename'] = CertHelper::$cert_config[$row['certtype']]['name'];
$row['domains'] = Db::name('cert_domain')->where('oid', $row['oid'])->order('sort','ASC')->column('domain');
if($row['error']) $row['error'] = htmlspecialchars(str_replace("'", "\\'", $row['error']));
if (!empty($row['type']) && isset(DeployHelper::$deploy_config[$row['type']])) {
$row['typename'] = DeployHelper::$deploy_config[$row['type']]['name'];
$row['icon'] = DeployHelper::$deploy_config[$row['type']]['icon'];
}
if (!empty($row['certtype']) && isset(CertHelper::$cert_config[$row['certtype']])) {
$row['certtypename'] = CertHelper::$cert_config[$row['certtype']]['name'];
} else {
$row['certtypename'] = '手动续期';
}
$row['domains'] = Db::name('cert_domain')->where('oid', $row['oid'])->order('sort', 'ASC')->column('domain');
if ($row['error']) $row['error'] = htmlspecialchars(str_replace("'", "\\'", $row['error']));
$list[] = $row;
}
@@ -652,7 +711,7 @@ class Cert extends BaseController
$id = input('post.id/d');
$row = Db::name('cert_deploy')->where('id', $id)->find();
if (!$row) return json(['code' => -1, 'msg' => '自动部署任务不存在']);
$task = [
'aid' => input('post.aid/d'),
'oid' => input('post.oid/d'),
@@ -673,36 +732,45 @@ class Cert extends BaseController
return json(['code' => 0]);
} elseif ($action == 'reset') {
$id = input('post.id/d');
try{
try {
$service = new CertDeployService($id);
$service->reset();
return json(['code' => 0]);
}catch(Exception $e){
} catch (Exception $e) {
return json(['code' => -1, 'msg' => $e->getMessage()]);
}
} elseif ($action == 'show_log') {
$processid = input('post.processid');
$file = app()->getRuntimePath().'log/'.$processid.'.log';
if(!file_exists($file)) return json(['code' => -1, 'msg' => '日志文件不存在']);
return json(['code' => 0, 'data' => file_get_contents($file), 'time'=>filemtime($file)]);
$file = app()->getRuntimePath() . 'log/' . $processid . '.log';
if (!file_exists($file)) return json(['code' => -1, 'msg' => '日志文件不存在']);
return json(['code' => 0, 'data' => file_get_contents($file), 'time' => filemtime($file)]);
} elseif ($action == 'operation') {
$ids = input('post.ids');
$success = 0;
$certid = 0;
if (input('post.action') == 'cert') {
$certid = input('post.certid/d');
$cert = Db::name('cert_order')->where('id', $certid)->find();
if (!$cert) return json(['code' => -1, 'msg' => '证书订单不存在']);
}
foreach ($ids as $id) {
if (input('post.action') == 'delete') {
if (input('post.act') == 'delete') {
Db::name('cert_deploy')->where('id', $id)->delete();
$success++;
} elseif (input('post.action') == 'reset') {
} elseif (input('post.act') == 'reset') {
try {
$service = new CertDeployService($id);
$service->reset();
$success++;
} catch (Exception $e) {
}
} elseif (input('post.action') == 'open' || input('post.action') == 'close') {
$active = input('post.action') == 'open' ? 1 : 0;
} elseif (input('post.act') == 'open' || input('post.act') == 'close') {
$active = input('post.act') == 'open' ? 1 : 0;
Db::name('cert_deploy')->where('id', $id)->update(['active' => $active]);
$success++;
} elseif (input('post.act') == 'cert') {
Db::name('cert_deploy')->where('id', $id)->update(['oid' => $certid]);
$success++;
}
}
return json(['code' => 0, 'msg' => '成功操作' . $success . '个任务']);
@@ -721,14 +789,14 @@ class Cert extends BaseController
}
$id = input('post.id/d');
$reset = input('post.reset/d', 0);
try{
try {
$service = new CertDeployService($id);
if($reset == 1){
if ($reset == 1) {
$service->reset();
}
$service->process(true);
return json(['code' => 0, 'msg' => 'SSL证书部署任务执行成功']);
}catch(Exception $e){
} catch (Exception $e) {
return json(['code' => -1, 'msg' => $e->getMessage(), 'trace' => $e->getTrace()]);
}
}
@@ -747,7 +815,8 @@ class Cert extends BaseController
$accounts = [];
foreach (Db::name('cert_account')->where('deploy', 1)->select() as $row) {
$accounts[$row['id']] = ['name'=>$row['id'].'_'.DeployHelper::$deploy_config[$row['type']]['name'], 'type'=>$row['type']];
if (empty($row['type']) || !isset(DeployHelper::$deploy_config[$row['type']])) continue;
$accounts[$row['id']] = ['name' => $row['id'] . '_' . DeployHelper::$deploy_config[$row['type']]['name'], 'type' => $row['type']];
if (!empty($row['remark'])) {
$accounts[$row['id']]['name'] .= '' . $row['remark'] . '';
}
@@ -755,10 +824,15 @@ class Cert extends BaseController
View::assign('accounts', $accounts);
$orders = [];
foreach (Db::name('cert_order')->alias('A')->join('cert_account B', 'A.aid = B.id')->where('status', '<>', 4)->fieldRaw('A.id,A.aid,B.type,B.remark aremark')->order('id', 'desc')->select() as $row) {
$domains = Db::name('cert_domain')->where('oid', $row['id'])->order('sort','ASC')->column('domain');
$domainstr = count($domains) > 2 ? implode('、',array_slice($domains, 0, 2)).'等'.count($domains).'个域名' : implode('、',$domains);
$orders[$row['id']] = ['name'=>$row['id'].'_'.$domainstr.''.CertHelper::$cert_config[$row['type']]['name'].''];
foreach (Db::name('cert_order')->alias('A')->leftJoin('cert_account B', 'A.aid = B.id')->where('status', '<>', 4)->fieldRaw('A.id,A.aid,B.type,B.remark aremark')->order('id', 'desc')->select() as $row) {
$domains = Db::name('cert_domain')->where('oid', $row['id'])->order('sort', 'ASC')->column('domain');
$domainstr = count($domains) > 2 ? implode('、', array_slice($domains, 0, 2)) . '等' . count($domains) . '个域名' : implode('、', $domains);
if ($row['aid'] == 0) {
$name = $row['id'] . '_' . $domainstr . '(手动续期)';
} else {
$name = $row['id'] . '_' . $domainstr . '' . CertHelper::$cert_config[$row['type']]['name'] . '';
}
$orders[$row['id']] = ['name' => $name];
}
View::assign('orders', $orders);
@@ -786,7 +860,7 @@ class Cert extends BaseController
$offset = input('post.offset/d');
$limit = input('post.limit/d');
$select = Db::name('cert_cname')->alias('A')->join('domain B', 'A.did = B.id');
$select = Db::name('cert_cname')->alias('A')->leftJoin('domain B', 'A.did = B.id');
if (!empty($kw)) {
$select->whereLike('A.domain', '%' . $kw . '%');
}
@@ -829,7 +903,7 @@ class Cert extends BaseController
if (empty($data['domain']) || empty($data['rr']) || empty($data['did'])) return json(['code' => -1, 'msg' => '必填参数不能为空']);
if (!checkDomain($data['domain'])) return json(['code' => -1, 'msg' => '域名格式不正确']);
if (Db::name('cert_cname')->where('domain', $data['domain'])->find()) {
return json(['code' => -1, 'msg' => '域名'.$data['domain'].'已存在']);
return json(['code' => -1, 'msg' => '域名' . $data['domain'] . '已存在']);
}
if (Db::name('cert_cname')->where('rr', $data['rr'])->where('did', $data['did'])->find()) {
return json(['code' => -1, 'msg' => '已存在相同CNAME记录值']);
@@ -840,7 +914,7 @@ class Cert extends BaseController
$id = input('post.id/d');
$row = Db::name('cert_cname')->where('id', $id)->find();
if (!$row) return json(['code' => -1, 'msg' => 'CMAME代理不存在']);
$data = [
'rr' => input('post.rr', null, 'trim'),
'did' => input('post.did/d'),
@@ -867,13 +941,13 @@ class Cert extends BaseController
$domain = '_acme-challenge.' . $row['domain'];
$record = $row['rr'] . '.' . $row['cnamedomain'];
$result = \app\utils\DnsQueryUtils::get_dns_records($domain, 'CNAME');
if(!$result || !in_array($record, $result)){
if (!$result || !in_array($record, $result)) {
$result = \app\utils\DnsQueryUtils::query_dns_doh($domain, 'CNAME');
if(!$result || !in_array($record, $result)){
if (!$result || !in_array($record, $result)) {
$status = 0;
}
}
if($status != $row['status']){
if ($status != $row['status']) {
Db::name('cert_cname')->where('id', $id)->update(['status' => $status]);
}
return json(['code' => 0, 'status' => $status]);
@@ -883,17 +957,6 @@ class Cert extends BaseController
public function certset()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
if ($this->request->isPost()) {
$params = input('post.');
foreach ($params as $key => $value) {
if (empty($key)) {
continue;
}
config_set($key, $value);
Cache::delete('configs');
}
return json(['code' => 0, 'msg' => 'succ']);
}
return View::fetch();
}
}

211
app/controller/Dmonitor.php
View File

@@ -65,102 +65,125 @@ class Dmonitor extends BaseController
$list = $select->order('A.id', 'desc')->limit($offset, $limit)->field('A.*,B.name domain')->select()->toArray();
foreach ($list as &$row) {
$row['checktimestr'] = date('Y-m-d H:i:s', $row['checktime']);
$row['addtimestr'] = date('Y-m-d H:i:s', $row['addtime']);
$row['checktimestr'] = $row['checktime'] > 0 ? date('Y-m-d H:i:s', $row['checktime']) : '未运行';
}
return json(['total' => $total, 'rows' => $list]);
}
public function task_op()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
$action = input('param.action');
if ($action == 'add') {
$task = [
'did' => input('post.did/d'),
'rr' => input('post.rr', null, 'trim'),
'recordid' => input('post.recordid', null, 'trim'),
'type' => input('post.type/d'),
'main_value' => input('post.main_value', null, 'trim'),
'backup_value' => input('post.backup_value', null, 'trim'),
'checktype' => input('post.checktype/d'),
'checkurl' => input('post.checkurl', null, 'trim'),
'tcpport' => !empty(input('post.tcpport')) ? input('post.tcpport/d') : null,
'frequency' => input('post.frequency/d'),
'cycle' => input('post.cycle/d'),
'timeout' => input('post.timeout/d'),
'proxy' => input('post.proxy/d'),
'cdn' => input('post.cdn') == 'true' || input('post.cdn') == '1' ? 1 : 0,
'remark' => input('post.remark', null, 'trim'),
'recordinfo' => input('post.recordinfo', null, 'trim'),
'addtime' => time(),
'active' => 1
];
if (empty($task['did']) || empty($task['rr']) || empty($task['recordid']) || empty($task['main_value']) || empty($task['frequency']) || empty($task['cycle'])) {
return json(['code' => -1, 'msg' => '必填项不能为空']);
}
if ($task['checktype'] > 0 && $task['timeout'] > $task['frequency']) {
return json(['code' => -1, 'msg' => '为保障容灾切换任务正常运行,最大超时时间不能大于检测间隔']);
}
if ($task['type'] == 2 && $task['backup_value'] == $task['main_value']) {
return json(['code' => -1, 'msg' => '主备地址不能相同']);
}
if (Db::name('dmtask')->where('recordid', $task['recordid'])->find()) {
return json(['code' => -1, 'msg' => '当前容灾切换策略已存在']);
}
Db::name('dmtask')->insert($task);
return json(['code' => 0, 'msg' => '添加成功']);
} elseif ($action == 'edit') {
$id = input('post.id/d');
$task = [
'did' => input('post.did/d'),
'rr' => input('post.rr', null, 'trim'),
'recordid' => input('post.recordid', null, 'trim'),
'type' => input('post.type/d'),
'main_value' => input('post.main_value', null, 'trim'),
'backup_value' => input('post.backup_value', null, 'trim'),
'checktype' => input('post.checktype/d'),
'checkurl' => input('post.checkurl', null, 'trim'),
'tcpport' => !empty(input('post.tcpport')) ? input('post.tcpport/d') : null,
'frequency' => input('post.frequency/d'),
'cycle' => input('post.cycle/d'),
'timeout' => input('post.timeout/d'),
'proxy' => input('post.proxy/d'),
'cdn' => input('post.cdn') == 'true' || input('post.cdn') == '1' ? 1 : 0,
'remark' => input('post.remark', null, 'trim'),
'recordinfo' => input('post.recordinfo', null, 'trim'),
];
if (empty($task['did']) || empty($task['rr']) || empty($task['recordid']) || empty($task['main_value']) || empty($task['frequency']) || empty($task['cycle'])) {
return json(['code' => -1, 'msg' => '必填项不能为空']);
}
if ($task['checktype'] > 0 && $task['timeout'] > $task['frequency']) {
return json(['code' => -1, 'msg' => '为保障容灾切换任务正常运行,最大超时时间不能大于检测间隔']);
}
if ($task['type'] == 2 && $task['backup_value'] == $task['main_value']) {
return json(['code' => -1, 'msg' => '主备地址不能相同']);
}
if (Db::name('dmtask')->where('recordid', $task['recordid'])->where('id', '<>', $id)->find()) {
return json(['code' => -1, 'msg' => '当前容灾切换策略已存在']);
}
Db::name('dmtask')->where('id', $id)->update($task);
return json(['code' => 0, 'msg' => '修改成功']);
} elseif ($action == 'setactive') {
$id = input('post.id/d');
$active = input('post.active/d');
Db::name('dmtask')->where('id', $id)->update(['active' => $active]);
return json(['code' => 0, 'msg' => '设置成功']);
} elseif ($action == 'del') {
$id = input('post.id/d');
Db::name('dmtask')->where('id', $id)->delete();
Db::name('dmlog')->where('taskid', $id)->delete();
return json(['code' => 0, 'msg' => '删除成功']);
} elseif ($action == 'operation') {
$ids = input('post.ids');
$success = 0;
foreach ($ids as $id) {
if (input('post.act') == 'delete') {
Db::name('dmtask')->where('id', $id)->delete();
Db::name('dmlog')->where('taskid', $id)->delete();
$success++;
} elseif (input('post.act') == 'retry') {
Db::name('dmtask')->where('id', $id)->update(['checknexttime' => time()]);
$success++;
} elseif (input('post.act') == 'open' || input('post.act') == 'close') {
$isauto = input('post.act') == 'open' ? 1 : 0;
Db::name('dmtask')->where('id', $id)->update(['active' => $isauto]);
$success++;
}
}
return json(['code' => 0, 'msg' => '成功操作' . $success . '个容灾切换策略']);
} else {
return json(['code' => -1, 'msg' => '参数错误']);
}
}
public function taskform()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
$action = input('param.action');
if ($this->request->isPost()) {
if ($action == 'add') {
$task = [
'did' => input('post.did/d'),
'rr' => input('post.rr', null, 'trim'),
'recordid' => input('post.recordid', null, 'trim'),
'type' => input('post.type/d'),
'main_value' => input('post.main_value', null, 'trim'),
'backup_value' => input('post.backup_value', null, 'trim'),
'checktype' => input('post.checktype/d'),
'checkurl' => input('post.checkurl', null, 'trim'),
'tcpport' => !empty(input('post.tcpport')) ? input('post.tcpport/d') : null,
'frequency' => input('post.frequency/d'),
'cycle' => input('post.cycle/d'),
'timeout' => input('post.timeout/d'),
'proxy' => input('post.proxy/d'),
'cdn' => input('post.cdn') == 'true' || input('post.cdn') == '1' ? 1 : 0,
'remark' => input('post.remark', null, 'trim'),
'recordinfo' => input('post.recordinfo', null, 'trim'),
'addtime' => time(),
'active' => 1
];
if (empty($task['did']) || empty($task['rr']) || empty($task['recordid']) || empty($task['main_value']) || empty($task['frequency']) || empty($task['cycle'])) {
return json(['code' => -1, 'msg' => '必填项不能为空']);
}
if ($task['checktype'] > 0 && $task['timeout'] > $task['frequency']) {
return json(['code' => -1, 'msg' => '为保障容灾切换任务正常运行,最大超时时间不能大于检测间隔']);
}
if ($task['type'] == 2 && $task['backup_value'] == $task['main_value']) {
return json(['code' => -1, 'msg' => '主备地址不能相同']);
}
if (Db::name('dmtask')->where('recordid', $task['recordid'])->find()) {
return json(['code' => -1, 'msg' => '当前容灾切换策略已存在']);
}
Db::name('dmtask')->insert($task);
return json(['code' => 0, 'msg' => '添加成功']);
} elseif ($action == 'edit') {
$id = input('post.id/d');
$task = [
'did' => input('post.did/d'),
'rr' => input('post.rr', null, 'trim'),
'recordid' => input('post.recordid', null, 'trim'),
'type' => input('post.type/d'),
'main_value' => input('post.main_value', null, 'trim'),
'backup_value' => input('post.backup_value', null, 'trim'),
'checktype' => input('post.checktype/d'),
'checkurl' => input('post.checkurl', null, 'trim'),
'tcpport' => !empty(input('post.tcpport')) ? input('post.tcpport/d') : null,
'frequency' => input('post.frequency/d'),
'cycle' => input('post.cycle/d'),
'timeout' => input('post.timeout/d'),
'proxy' => input('post.proxy/d'),
'cdn' => input('post.cdn') == 'true' || input('post.cdn') == '1' ? 1 : 0,
'remark' => input('post.remark', null, 'trim'),
'recordinfo' => input('post.recordinfo', null, 'trim'),
];
if (empty($task['did']) || empty($task['rr']) || empty($task['recordid']) || empty($task['main_value']) || empty($task['frequency']) || empty($task['cycle'])) {
return json(['code' => -1, 'msg' => '必填项不能为空']);
}
if ($task['checktype'] > 0 && $task['timeout'] > $task['frequency']) {
return json(['code' => -1, 'msg' => '为保障容灾切换任务正常运行,最大超时时间不能大于检测间隔']);
}
if ($task['type'] == 2 && $task['backup_value'] == $task['main_value']) {
return json(['code' => -1, 'msg' => '主备地址不能相同']);
}
if (Db::name('dmtask')->where('recordid', $task['recordid'])->where('id', '<>', $id)->find()) {
return json(['code' => -1, 'msg' => '当前容灾切换策略已存在']);
}
Db::name('dmtask')->where('id', $id)->update($task);
return json(['code' => 0, 'msg' => '修改成功']);
} elseif ($action == 'setactive') {
$id = input('post.id/d');
$active = input('post.active/d');
Db::name('dmtask')->where('id', $id)->update(['active' => $active]);
return json(['code' => 0, 'msg' => '设置成功']);
} elseif ($action == 'del') {
$id = input('post.id/d');
Db::name('dmtask')->where('id', $id)->delete();
Db::name('dmlog')->where('taskid', $id)->delete();
return json(['code' => 0, 'msg' => '删除成功']);
} else {
return json(['code' => -1, 'msg' => '参数错误']);
}
}
$task = null;
if ($action == 'edit') {
$id = input('get.id/d');
@@ -222,20 +245,6 @@ class Dmonitor extends BaseController
return json(['total' => $total, 'rows' => $list]);
}
public function noticeset()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
$params = input('post.');
foreach ($params as $key => $value) {
if (empty($key)) {
continue;
}
config_set($key, $value);
Cache::delete('configs');
}
return json(['code' => 0, 'msg' => 'succ']);
}
public function clean()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');

25
app/controller/Domain.php
View File

@@ -142,13 +142,14 @@ class Domain extends BaseController
$accounts = [];
$types = [];
foreach ($list as $row) {
$accounts[$row['id']] = $row['id'] . '_' . DnsHelper::$dns_config[$row['type']]['name'];
$name = $row['id'] . '_' . DnsHelper::$dns_config[$row['type']]['name'];
if (!array_key_exists($row['type'], $types)) {
$types[$row['type']] = DnsHelper::$dns_config[$row['type']]['name'];
}
if (!empty($row['remark'])) {
$accounts[$row['id']] .= '' . $row['remark'] . '';
$name .= '' . $row['remark'] . '';
}
$accounts[] = ['id' => $row['id'], 'name' => $name, 'type' => DnsHelper::$dns_config[$row['type']]['name'], 'add' => DnsHelper::$dns_config[$row['type']]['add']];
}
View::assign('accounts', $accounts);
View::assign('types', $types);
@@ -225,13 +226,21 @@ class Domain extends BaseController
} elseif ($act == 'add') {
if (!checkPermission(2)) return $this->alert('error', '无权限');
$aid = input('post.aid/d');
$method = input('post.method/d', 0);
$name = input('post.name', null, 'trim');
$thirdid = input('post.thirdid', null, 'trim');
$recordcount = input('post.recordcount/d', 0);
if (empty($name) || empty($thirdid)) return json(['code' => -1, 'msg' => '参数不能为空']);
if ($method == 1 && empty($name) || $method == 0 && (empty($name) || empty($thirdid))) return json(['code' => -1, 'msg' => '参数不能为空']);
if (Db::name('domain')->where('aid', $aid)->where('name', $name)->find()) {
return json(['code' => -1, 'msg' => '域名已存在']);
}
if ($method == 1) {
$dns = DnsHelper::getModel($aid);
$result = $dns->addDomain($name);
if (!$result) return json(['code' => -1, 'msg' => '添加域名失败,' . $dns->getError()]);
$name = $result['name'];
$thirdid = $result['id'];
}
Db::name('domain')->insert([
'aid' => $aid,
'name' => $name,
@@ -267,6 +276,7 @@ class Domain extends BaseController
Db::name('domain')->where('id', $id)->delete();
Db::name('dmtask')->where('did', $id)->delete();
Db::name('optimizeip')->where('did', $id)->delete();
Db::name('sctask')->where('did', $id)->delete();
return json(['code' => 0]);
} elseif ($act == 'batchadd') {
if (!checkPermission(2)) return $this->alert('error', '无权限');
@@ -309,6 +319,7 @@ class Domain extends BaseController
Db::name('domain')->where('id', 'in', $ids)->delete();
Db::name('dmtask')->where('did', 'in', $ids)->delete();
Db::name('optimizeip')->where('did', 'in', $ids)->delete();
Db::name('sctask')->where('did', 'in', $ids)->delete();
return json(['code' => 0, 'msg' => '成功删除' . count($ids) . '个域名!']);
}
return json(['code' => -3]);
@@ -536,7 +547,6 @@ class Domain extends BaseController
$remark = input('post.remark', null, 'trim');
$recordinfo = input('post.recordinfo', null, 'trim');
$recordinfo = json_decode($recordinfo, true);
if (empty($recordid) || empty($name) || empty($type) || empty($value)) {
return json(['code' => -1, 'msg' => '参数不能为空']);
@@ -546,6 +556,7 @@ class Domain extends BaseController
$recordid = $dns->updateDomainRecord($recordid, $name, $type, $value, $line, $ttl, $mx, $weight, $remark);
if ($recordid) {
if ($recordinfo) {
$recordinfo = json_decode($recordinfo, true);
if (is_array($recordinfo['Value'])) $recordinfo['Value'] = implode(',', $recordinfo['Value']);
if ($recordinfo['Name'] != $name || $recordinfo['Type'] != $type || $recordinfo['Value'] != $value) {
$this->add_log($drow['name'], '修改解析', $recordinfo['Name'].' ['.$recordinfo['Type'].'] '.$recordinfo['Value'].' → '.$name.' ['.$type.'] '.$value.' (线路:'.$line.' TTL:'.$ttl.')');
@@ -572,7 +583,6 @@ class Domain extends BaseController
$recordid = input('post.recordid', null, 'trim');
$recordinfo = input('post.recordinfo', null, 'trim');
$recordinfo = json_decode($recordinfo, true);
if (empty($recordid)) {
return json(['code' => -1, 'msg' => '参数不能为空']);
@@ -581,6 +591,7 @@ class Domain extends BaseController
$dns = DnsHelper::getModel($drow['aid'], $drow['name'], $drow['thirdid']);
if ($dns->deleteDomainRecord($recordid)) {
if ($recordinfo) {
$recordinfo = json_decode($recordinfo, true);
if (is_array($recordinfo['Value'])) $recordinfo['Value'] = implode(',', $recordinfo['Value']);
$this->add_log($drow['name'], '删除解析', $recordinfo['Name'].' ['.$recordinfo['Type'].'] '.$recordinfo['Value'].' (线路:'.$recordinfo['Line'].' TTL:'.$recordinfo['TTL'].')');
} else {
@@ -604,7 +615,6 @@ class Domain extends BaseController
$recordid = input('post.recordid', null, 'trim');
$status = input('post.status', null, 'trim');
$recordinfo = input('post.recordinfo', null, 'trim');
$recordinfo = json_decode($recordinfo, true);
if (empty($recordid)) {
return json(['code' => -1, 'msg' => '参数不能为空']);
@@ -614,6 +624,7 @@ class Domain extends BaseController
if ($dns->setDomainRecordStatus($recordid, $status)) {
$action = $status == '1' ? '启用解析' : '暂停解析';
if ($recordinfo) {
$recordinfo = json_decode($recordinfo, true);
if (is_array($recordinfo['Value'])) $recordinfo['Value'] = implode(',', $recordinfo['Value']);
$this->add_log($drow['name'], $action, $recordinfo['Name'].' ['.$recordinfo['Type'].'] '.$recordinfo['Value'].' (线路:'.$recordinfo['Line'].' TTL:'.$recordinfo['TTL'].')');
} else {
@@ -990,7 +1001,7 @@ class Domain extends BaseController
return json(['code' => -1, 'msg' => '参数不能为空']);
}
$dns = DnsHelper::getModel($drow['aid'], $drow['name'], $drow['thirdid']);
if ($dns->setWeightStatus($subdomain, $status, $type, $line)) {
if ($type == 'CNAME' || $dns->setWeightStatus($subdomain, $status, $type, $line)) {
if ($status == '1') {
$success = 0;
foreach($weight as $recordid => $weight) {

8
app/controller/Index.php
View File

@@ -7,8 +7,6 @@ use Exception;
use think\facade\Db;
use think\facade\View;
use think\facade\Cache;
use app\lib\DnsHelper;
use app\utils\MsgNotice;
class Index extends BaseController
{
@@ -28,7 +26,7 @@ class Index extends BaseController
$stat['tasks'] = Db::name('dmtask')->count();
$stat['certs'] = Db::name('cert_order')->count();
$stat['deploys'] = Db::name('cert_deploy')->count();
$run_time = config_get('run_time', null, true);
$run_state = $run_time ? (time() - strtotime($run_time) > 10 ? 0 : 1) : 0;
$stat['dmonitor_state'] = $run_state;
@@ -44,7 +42,7 @@ class Index extends BaseController
$stat['certorder_status_5'] = Db::name('cert_order')->where('status', '<', 0)->count();
$stat['certorder_status_6'] = Db::name('cert_order')->where('expiretime', '<', date('Y-m-d H:i:s', time() + 86400 * 7))->where('expiretime', '>=', date('Y-m-d H:i:s'))->count();
$stat['certorder_status_7'] = Db::name('cert_order')->where('expiretime', '<', date('Y-m-d H:i:s'))->count();
$stat['certdeploy_status_0'] = Db::name('cert_deploy')->where('status', 0)->count();
$stat['certdeploy_status_1'] = Db::name('cert_deploy')->where('status', 1)->count();
$stat['certdeploy_status_2'] = Db::name('cert_deploy')->where('status', -1)->count();
@@ -63,7 +61,7 @@ class Index extends BaseController
$tmp = 'version()';
$mysqlVersion = Db::query("select version()")[0][$tmp];
$info = [
'framework_version' => app()::VERSION,
'framework_version' => app()->version(),
'php_version' => PHP_VERSION,
'mysql_version' => $mysqlVersion,
'software' => $_SERVER['SERVER_SOFTWARE'],

3
app/controller/Optimizeip.php
View File

@@ -20,6 +20,9 @@ class Optimizeip extends BaseController
if (empty($key)) {
continue;
}
if ($key == 'optimize_ip_min' && intval($value) < 10) {
return json(['code' => -1, 'msg' => '自动更新时间间隔不能小于10分钟']);
}
config_set($key, $value);
Cache::delete('configs');
}

165
app/controller/Schedule.php Normal file
View File

@@ -0,0 +1,165 @@
<?php
namespace app\controller;
use app\BaseController;
use think\facade\Db;
use think\facade\View;
use think\facade\Cache;
use app\service\ScheduleService;
class Schedule extends BaseController
{
public function stask()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
return View::fetch();
}
public function stask_data()
{
if (!checkPermission(2)) return json(['total' => 0, 'rows' => []]);
$type = input('post.type/d', 1);
$kw = input('post.kw', null, 'trim');
$stype = input('post.stype', null);
$offset = input('post.offset/d');
$limit = input('post.limit/d');
$select = Db::name('sctask')->alias('A')->join('domain B', 'A.did = B.id');
if (!empty($kw)) {
if ($type == 1) {
$select->whereLike('rr|B.name', '%' . $kw . '%');
} elseif ($type == 2) {
$select->where('recordid', $kw);
} elseif ($type == 3) {
$select->where('value', $kw);
} elseif ($type == 4) {
$select->whereLike('remark', '%' . $kw . '%');
}
}
if (!isNullOrEmpty($stype)) {
$select->where('type', $stype);
}
$total = $select->count();
$list = $select->order('A.id', 'desc')->limit($offset, $limit)->field('A.*,B.name domain')->select()->toArray();
foreach ($list as &$row) {
$row['addtimestr'] = date('Y-m-d H:i:s', $row['addtime']);
$row['updatetimestr'] = $row['updatetime'] > 0 ? date('Y-m-d H:i:s', $row['updatetime']) : '未运行';
$row['nexttimestr'] = $row['nexttime'] > 0 ? date('Y-m-d H:i:s', $row['nexttime']) : '无';
}
return json(['total' => $total, 'rows' => $list]);
}
public function stask_op()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
$action = input('param.action');
if ($action == 'add') {
$task = [
'did' => input('post.did/d'),
'rr' => input('post.rr', null, 'trim'),
'recordid' => input('post.recordid', null, 'trim'),
'type' => input('post.type/d'),
'cycle' => input('post.cycle/d'),
'switchtype' => input('post.switchtype/d'),
'switchdate' => input('post.switchdate', null, 'trim'),
'switchtime' => input('post.switchtime', null, 'trim'),
'value' => input('post.value', null, 'trim'),
'line' => input('post.line', null, 'trim'),
'remark' => input('post.remark', null, 'trim'),
'recordinfo' => input('post.recordinfo', null, 'trim'),
'addtime' => time(),
'active' => 1
];
if (empty($task['did']) || empty($task['rr']) || empty($task['recordid'])) {
return json(['code' => -1, 'msg' => '必填项不能为空']);
}
if (Db::name('sctask')->where('recordid', $task['recordid'])->where('switchtype', $task['switchtype'])->where('switchtime', $task['switchtime'])->find()) {
return json(['code' => -1, 'msg' => '当前定时切换策略已存在']);
}
$id = Db::name('sctask')->insertGetId($task);
$row = Db::name('sctask')->where('id', $id)->find();
(new ScheduleService())->update_nexttime($row);
return json(['code' => 0, 'msg' => '添加成功']);
} elseif ($action == 'edit') {
$id = input('post.id/d');
$task = [
'did' => input('post.did/d'),
'rr' => input('post.rr', null, 'trim'),
'recordid' => input('post.recordid', null, 'trim'),
'type' => input('post.type/d'),
'cycle' => input('post.cycle/d'),
'switchtype' => input('post.switchtype/d'),
'switchdate' => input('post.switchdate', null, 'trim'),
'switchtime' => input('post.switchtime', null, 'trim'),
'value' => input('post.value', null, 'trim'),
'line' => input('post.line', null, 'trim'),
'remark' => input('post.remark', null, 'trim'),
'recordinfo' => input('post.recordinfo', null, 'trim'),
];
if (empty($task['did']) || empty($task['rr']) || empty($task['recordid'])) {
return json(['code' => -1, 'msg' => '必填项不能为空']);
}
if (Db::name('sctask')->where('recordid', $task['recordid'])->where('switchtype', $task['switchtype'])->where('switchtime', $task['switchtime'])->where('id', '<>', $id)->find()) {
return json(['code' => -1, 'msg' => '当前定时切换策略已存在']);
}
Db::name('sctask')->where('id', $id)->update($task);
$row = Db::name('sctask')->where('id', $id)->find();
(new ScheduleService())->update_nexttime($row);
return json(['code' => 0, 'msg' => '修改成功']);
} elseif ($action == 'setactive') {
$id = input('post.id/d');
$active = input('post.active/d');
Db::name('sctask')->where('id', $id)->update(['active' => $active]);
return json(['code' => 0, 'msg' => '设置成功']);
} elseif ($action == 'del') {
$id = input('post.id/d');
Db::name('sctask')->where('id', $id)->delete();
return json(['code' => 0, 'msg' => '删除成功']);
} elseif ($action == 'operation') {
$ids = input('post.ids');
$success = 0;
foreach ($ids as $id) {
if (input('post.act') == 'delete') {
Db::name('sctask')->where('id', $id)->delete();
$success++;
} elseif (input('post.act') == 'open' || input('post.act') == 'close') {
$isauto = input('post.act') == 'open' ? 1 : 0;
Db::name('sctask')->where('id', $id)->update(['active' => $isauto]);
$success++;
}
}
return json(['code' => 0, 'msg' => '成功操作' . $success . '个定时切换策略']);
} else {
return json(['code' => -1, 'msg' => '参数错误']);
}
}
public function staskform()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
$action = input('param.action');
$task = null;
if ($action == 'edit') {
$id = input('get.id/d');
$task = Db::name('sctask')->where('id', $id)->find();
if (empty($task)) return $this->alert('error', '切换策略不存在');
}
$domains = [];
$domainList = Db::name('domain')->alias('A')->join('account B', 'A.aid = B.id')->field('A.id,A.name,B.type')->select();
foreach ($domainList as $row) {
$domains[] = ['id'=>$row['id'], 'name'=>$row['name'], 'type'=>$row['type']];
}
View::assign('domains', $domains);
View::assign('info', $task);
View::assign('action', $action);
return View::fetch();
}
}

89
app/controller/System.php
View File

@@ -7,44 +7,46 @@ use Exception;
use think\facade\Db;
use think\facade\View;
use think\facade\Cache;
use app\service\OptimizeService;
use app\service\CertTaskService;
use app\service\ExpireNoticeService;
use app\service\ScheduleService;
class System extends BaseController
{
public function set()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
$params = input('post.');
if (isset($params['mail_type']) && isset($params['mail_name2']) && $params['mail_type'] > 0) {
$params['mail_name'] = $params['mail_name2'];
unset($params['mail_name2']);
}
foreach ($params as $key => $value) {
if (empty($key)) {
continue;
}
config_set($key, $value);
}
Cache::delete('configs');
return json(['code' => 0, 'msg' => 'succ']);
}
public function loginset()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
return View::fetch();
}
public function noticeset()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
if ($this->request->isPost()) {
$params = input('post.');
if (isset($params['mail_type']) && isset($params['mail_name2']) && $params['mail_type'] > 0) {
$params['mail_name'] = $params['mail_name2'];
unset($params['mail_name2']);
}
foreach ($params as $key => $value) {
if (empty($key)) {
continue;
}
config_set($key, $value);
Cache::delete('configs');
}
return json(['code' => 0, 'msg' => 'succ']);
}
return View::fetch();
}
public function proxyset()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
if ($this->request->isPost()) {
$params = input('post.');
foreach ($params as $key => $value) {
if (empty($key)) {
continue;
}
config_set($key, $value);
Cache::delete('configs');
}
return json(['code' => 0, 'msg' => 'succ']);
}
return View::fetch();
}
@@ -109,4 +111,39 @@ class System extends BaseController
}
return json(['code' => 0]);
}
public function cronset()
{
if (!checkPermission(2)) return $this->alert('error', '无权限');
if (config_get('cron_key') === null) {
config_set('cron_key', random(10));
Cache::delete('configs');
}
View::assign('is_user_www', isset($_SERVER['USER']) && $_SERVER['USER'] == 'www');
View::assign('siteurl', request()->root(true));
return View::fetch();
}
public function cron()
{
if (function_exists("set_time_limit")) {
@set_time_limit(0);
}
if (function_exists("ignore_user_abort")) {
@ignore_user_abort(true);
}
if (isset($_SERVER['HTTP_USER_AGENT']) && str_contains($_SERVER['HTTP_USER_AGENT'], 'Baiduspider')) exit;
$key = input('get.key', '');
$cron_key = config_get('cron_key');
if (config_get('cron_type', '0') != '1' || empty($cron_key)) exit('未开启当前方式');
if ($key != $cron_key) exit('访问密钥错误');
(new ScheduleService())->execute();
$res = (new OptimizeService())->execute();
if (!$res) {
(new CertTaskService())->execute();
(new ExpireNoticeService())->task();
}
echo 'success!';
}
}

2
app/controller/User.php
View File

@@ -171,7 +171,7 @@ class User extends BaseController
$select->where('domain', $this->request->user['name']);
} elseif ($this->request->user['level'] == 1) {
$select->where('uid', $this->request->user['id']);
} elseif (!empty($uid)) {
} elseif (!isNullOrEmpty($uid)) {
$select->where('uid', $uid);
}
if (!empty($kw)) {

4
app/lib/CertHelper.php
View File

@@ -177,7 +177,7 @@ location / {
'tencent' => [
'name' => '腾讯云免费SSL',
'class' => 2,
'icon' => 'tencent.ico',
'icon' => 'tencent.png',
'wildcard' => false,
'max_domains' => 1,
'cname' => false,
@@ -215,7 +215,7 @@ location / {
'aliyun' => [
'name' => '阿里云免费SSL',
'class' => 2,
'icon' => 'aliyun.ico',
'icon' => 'aliyun.png',
'wildcard' => false,
'max_domains' => 1,
'cname' => false,

585
app/lib/DeployHelper.php
View File

@@ -10,7 +10,8 @@ class DeployHelper
'btpanel' => [
'name' => '宝塔面板',
'class' => 1,
'icon' => 'bt.ico',
'icon' => 'bt.png',
'desc' => '支持部署到宝塔面板&aaPanel搭建的站点、Docker、邮局与面板本身',
'note' => null,
'inputs' => [
'url' => [
@@ -26,6 +27,15 @@ class DeployHelper
'placeholder' => '宝塔面板设置->面板设置->API接口',
'required' => true,
],
'version' => [
'name' => '面板版本',
'type' => 'radio',
'options' => [
'0' => 'Linux面板+Win经典版',
'1' => 'Win极速版',
],
'value' => '0'
],
'proxy' => [
'name' => '使用代理服务器',
'type' => 'radio',
@@ -41,9 +51,10 @@ class DeployHelper
'name' => '部署类型',
'type' => 'radio',
'options' => [
'0' => '宝塔面板站点的证书',
'1' => '宝塔面板本身的证书',
'2' => '宝塔邮局域名的证书',
'0' => '网站的证书',
'3' => 'Docker网站的证书',
'2' => '邮局域名的证书',
'1' => '面板本身的证书',
],
'value' => '0',
'required' => true,
@@ -52,16 +63,27 @@ class DeployHelper
'name' => '网站名称列表',
'type' => 'textarea',
'placeholder' => '填写要部署证书的网站名称,每行一个',
'note' => 'PHP项目和反代项目填写创建时绑定的第一个域名Java/Node/Go等其他项目填写项目名称邮局填写域名',
'show' => 'type==0||type==2',
'note' => 'PHP项目和反代项目填写创建时绑定的第一个域名Java/Node/Go等其他项目填写项目名称邮局和IIS站点填写绑定的域名',
'show' => 'type==0||type==2||type==3',
'required' => true,
],
'is_iis' => [
'name' => '是否IIS站点',
'type' => 'radio',
'options' => [
'0' => '否',
'1' => '是',
],
'show' => 'type==0',
'value' => '0'
],
],
],
'kangle' => [
'name' => 'Kangle用户',
'class' => 1,
'icon' => 'host.png',
'desc' => '支持虚拟主机与CDN站点',
'note' => '以上登录信息为Easypanel用户面板的非管理员面板。如选网站密码认证类型则用户面板登录不能开启验证码。',
'inputs' => [
'url' => [
@@ -135,12 +157,13 @@ class DeployHelper
'name' => 'Kangle管理员',
'class' => 1,
'icon' => 'host.png',
'note' => '以上登录地址需填写Easypanel管理员面板地址非用户面板。',
'desc' => '支持虚拟主机与CDN站点',
'note' => '以上登录信息为Easypanel管理员面板的非用户面板。',
'inputs' => [
'url' => [
'name' => '面板地址',
'type' => 'input',
'placeholder' => 'Easypanel管理员面板地址',
'placeholder' => 'Easypanel面板地址',
'note' => '填写规则如http://192.168.1.100:3312 ,不要带其他后缀',
'required' => true,
],
@@ -201,6 +224,7 @@ class DeployHelper
'name' => '雷池WAF',
'class' => 1,
'icon' => 'safeline.png',
'desc' => '',
'note' => null,
'tasknote' => '系统会根据关联SSL证书的域名自动更新对应证书',
'inputs' => [
@@ -232,7 +256,8 @@ class DeployHelper
'btwaf' => [
'name' => '堡塔云WAF',
'class' => 1,
'icon' => 'bt.ico',
'icon' => 'bt.png',
'desc' => '',
'note' => null,
'tasknote' => '',
'inputs' => [
@@ -260,11 +285,22 @@ class DeployHelper
],
],
'taskinputs' => [
'type' => [
'name' => '部署类型',
'type' => 'radio',
'options' => [
'0' => '网站的证书',
'1' => '面板本身的证书',
],
'value' => '0',
'required' => true,
],
'sites' => [
'name' => '网站名称列表',
'type' => 'textarea',
'placeholder' => '填写要部署证书的网站名称,每行一个',
'required' => true,
'show' => 'type==0',
],
],
],
@@ -272,6 +308,7 @@ class DeployHelper
'name' => 'Cdnfly',
'class' => 1,
'icon' => 'waf.png',
'desc' => '',
'note' => '登录Cdnfly控制台->账户中心->API密钥点击开启后获取',
'inputs' => [
'url' => [
@@ -281,17 +318,43 @@ class DeployHelper
'note' => '填写示例http://demo.cdnfly.cn',
'required' => true,
],
'auth' => [
'name' => '认证方式',
'type' => 'radio',
'options' => [
'0' => '接口密钥',
'1' => '模拟登录',
],
'value' => '0',
'required' => true,
],
'api_key' => [
'name' => 'api_key',
'type' => 'input',
'placeholder' => '',
'required' => true,
'show' => 'auth==0',
],
'api_secret' => [
'name' => 'api_secret',
'type' => 'input',
'placeholder' => '',
'required' => true,
'show' => 'auth==0',
],
'username' => [
'name' => '登录账号',
'type' => 'input',
'placeholder' => '',
'required' => true,
'show' => 'auth==1',
],
'password' => [
'name' => '登录密码',
'type' => 'input',
'placeholder' => '',
'required' => true,
'show' => 'auth==1',
],
'proxy' => [
'name' => '使用代理服务器',
@@ -317,6 +380,7 @@ class DeployHelper
'name' => 'LeCDN',
'class' => 1,
'icon' => 'waf.png',
'desc' => '',
'note' => null,
'inputs' => [
'url' => [
@@ -326,17 +390,36 @@ class DeployHelper
'note' => '填写示例http://demo.xxxx.cn',
'required' => true,
],
'auth' => [
'name' => '认证方式',
'type' => 'radio',
'options' => [
'0' => '账号密码(旧版)',
'1' => 'API访问令牌',
],
'value' => '0',
'required' => true,
],
'api_key' => [
'name' => 'API访问令牌',
'type' => 'input',
'placeholder' => '',
'required' => true,
'show' => 'auth==1',
],
'email' => [
'name' => '邮箱地址',
'type' => 'input',
'placeholder' => '',
'required' => true,
'show' => 'auth==0',
],
'password' => [
'name' => '密码',
'type' => 'input',
'placeholder' => '',
'required' => true,
'show' => 'auth==0',
],
'proxy' => [
'name' => '使用代理服务器',
@@ -362,6 +445,7 @@ class DeployHelper
'name' => 'GoEdge',
'class' => 1,
'icon' => 'waf.png',
'desc' => '支持GoEdge与FlexCDN',
'note' => '需要先<a href="https://goedge.cloud/docs/API/Settings.md" target="_blank" rel="noreferrer">开启HTTP API端口</a>',
'tasknote' => '系统会根据关联SSL证书的域名自动更新对应证书',
'inputs' => [
@@ -416,10 +500,64 @@ class DeployHelper
],
'taskinputs' => [],
],
'uusec' => [
'name' => '南墙WAF',
'class' => 1,
'icon' => 'waf.png',
'desc' => '',
'note' => null,
'inputs' => [
'url' => [
'name' => '控制台地址',
'type' => 'input',
'placeholder' => '南墙WAF控制台地址',
'note' => '填写规则如http://192.168.1.100:4443 ,不要带其他后缀',
'required' => true,
],
'username' => [
'name' => '用户名',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'password' => [
'name' => '密码',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'proxy' => [
'name' => '使用代理服务器',
'type' => 'radio',
'options' => [
'0' => '否',
'1' => '是',
],
'value' => '0'
],
],
'taskinputs' => [
'id' => [
'name' => '证书ID',
'type' => 'input',
'placeholder' => '',
'note' => '在证书管理查看证书的ID注意域名是否与证书匹配',
'required' => true,
],
'name' => [
'name' => '证书名称',
'type' => 'input',
'placeholder' => '',
'note' => '在证书管理查看证书的名称',
'required' => true,
],
],
],
'opanel' => [
'name' => '1Panel',
'class' => 1,
'icon' => 'opanel.png',
'desc' => '更新面板证书管理内的SSL证书',
'note' => null,
'tasknote' => '系统会根据关联SSL证书的域名自动更新对应证书',
'inputs' => [
@@ -462,6 +600,7 @@ class DeployHelper
'name' => 'MW面板',
'class' => 1,
'icon' => 'mwpanel.ico',
'desc' => '',
'note' => null,
'tasknote' => '',
'inputs' => [
@@ -519,6 +658,7 @@ class DeployHelper
'name' => '耗子面板',
'class' => 1,
'icon' => 'ratpanel.ico',
'desc' => '支持耗子面板 v2.5+ 版本使用',
'note' => '支持耗子面板 v2.5+ 版本使用',
'inputs' => [
'url' => [
@@ -573,10 +713,52 @@ class DeployHelper
],
],
],
'xp' => [
'name' => '小皮面板',
'class' => 1,
'icon' => 'xp.png',
'desc' => '',
'note' => null,
'tasknote' => '',
'inputs' => [
'url' => [
'name' => '面板地址',
'type' => 'input',
'placeholder' => '小皮面板地址',
'note' => '填写规则如http://192.168.1.100:8888 ,不要带其他后缀',
'required' => true,
],
'apikey' => [
'name' => '接口密钥',
'type' => 'input',
'placeholder' => '设置->OpenAPI接口',
'required' => true,
],
'proxy' => [
'name' => '使用代理服务器',
'type' => 'radio',
'options' => [
'0' => '否',
'1' => '是',
],
'value' => '0'
],
],
'taskinputs' => [
'sites' => [
'name' => '网站名称列表',
'type' => 'textarea',
'placeholder' => '填写要部署证书的网站名称,每行一个',
'note' => '网站名称,即为网站创建时绑定的第一个域名',
'required' => true,
],
],
],
'synology' => [
'name' => '群晖面板',
'class' => 1,
'icon' => 'synology.png',
'desc' => '支持群晖DSM 6.x/7.x版本',
'note' => null,
'tasknote' => '',
'inputs' => [
@@ -628,10 +810,90 @@ class DeployHelper
],
],
],
'lucky' => [
'name' => 'Lucky',
'class' => 1,
'icon' => 'lucky.png',
'desc' => '更新Lucky证书',
'note' => '在“设置->开发者设置”打开OpenToken开关',
'tasknote' => '系统会根据关联SSL证书的域名自动更新对应证书',
'inputs' => [
'url' => [
'name' => '面板地址',
'type' => 'input',
'placeholder' => 'Lucky 面板地址',
'note' => '填写规则如https://192.168.1.100:16601 ,不要带其他后缀',
'required' => true,
],
'path' => [
'name' => '安全入口',
'type' => 'input',
'note' => '未设置请留空参考Lucky设置中的安全入口设置'
],
'opentoken' => [
'name' => 'OpenToken',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'proxy' => [
'name' => '使用代理服务器',
'type' => 'radio',
'options' => [
'0' => '否',
'1' => '是',
],
'value' => '0'
],
],
'taskinputs' => [],
],
'fnos' => [
'name' => '飞牛OS',
'class' => 1,
'icon' => 'fnos.png',
'desc' => '更新飞牛OS的证书',
'note' => '请先配置sudo免密<br/>
sudo visudo<br/>
#在文件最后一行增加以下内容需要将username替换成自己的用户名<br/>
username ALL=(ALL) NOPASSWD: NOPASSWD: ALL<br/>
ctrl+x 保存退出',
'tasknote' => '系统会根据关联SSL证书的域名自动更新对应证书',
'inputs' => [
'host' => [
'name' => '主机地址',
'type' => 'input',
'placeholder' => '填写IP地址或域名需开启SSH功能',
'required' => true,
],
'port' => [
'name' => 'SSH端口',
'type' => 'input',
'placeholder' => '',
'value' => '22',
'required' => true,
],
'username' => [
'name' => '用户名',
'type' => 'input',
'placeholder' => '登录用户名',
'value' => '',
'required' => true,
],
'password' => [
'name' => '密码',
'type' => 'input',
'placeholder' => '登录密码',
'required' => true,
],
],
'taskinputs' => [],
],
'proxmox' => [
'name' => 'Proxmox VE',
'class' => 1,
'icon' => 'proxmox.ico',
'desc' => '部署到PVE节点',
'note' => '在“权限->API令牌”添加令牌不要选特权分离',
'tasknote' => '',
'inputs' => [
@@ -673,11 +935,62 @@ class DeployHelper
],
],
],
'k8s' => [
'name' => 'K8S',
'class' => 1,
'icon' => 'server.png',
'desc' => '部署到K8S集群的Secret和Ingress',
'note' => '支持部署到K8S集群的Secret和Ingress',
'tasknote' => '',
'inputs' => [
'name' => [
'name' => '名称',
'type' => 'input',
'placeholder' => '仅用于区分',
'required' => true,
],
'kubeconfig' => [
'name' => 'kubeconfig',
'type' => 'textarea',
'placeholder' => '',
'required' => true,
],
'proxy' => [
'name' => '使用代理服务器',
'type' => 'radio',
'options' => [
'0' => '否',
'1' => '是',
],
'value' => '0'
],
],
'taskinputs' => [
'namespace' => [
'name' => '命名空间',
'type' => 'input',
'value' => 'default',
'required' => true,
],
'secret_name' => [
'name' => 'Secret名称',
'type' => 'input',
'placeholder' => '如果Secret不存在则自动创建',
'required' => true,
],
'ingresses' => [
'name' => 'Ingress名称',
'type' => 'input',
'placeholder' => '多个用英文逗号分隔可留空留空则只更新Secret',
],
],
],
'aliyun' => [
'name' => '阿里云',
'class' => 2,
'icon' => 'aliyun.ico',
'note' => '支持部署到阿里云CDN、ESA、SLB、OSS、WAF等服务',
'icon' => 'aliyun.png',
'desc' => '支持部署到阿里云CDN、ESA、SLB、OSS、WAF、FC等服务',
'note' => '支持部署到阿里云CDN、ESA、SLB、OSS、WAF、FC等服务',
'tasknote' => '',
'inputs' => [
'AccessKeyId' => [
@@ -755,7 +1068,7 @@ class DeployHelper
['value'=>'ap-southeast-1', 'label'=>'非中国内地'],
],
'value' => 'cn-hangzhou',
'show' => 'product==\'waf\'||product==\'waf2\'||product==\'ddoscoo\'',
'show' => 'product==\'waf\'||product==\'waf2\'||product==\'ddoscoo\'||product==\'esa\'',
'required' => true,
],
'regionid' => [
@@ -811,6 +1124,24 @@ class DeployHelper
'note' => '进入NLB实例详情->监听列表复制监听ID只支持TCPSSL监听协议',
'required' => true,
],
'deploy_type' => [
'name' => '部署证书类型',
'type' => 'select',
'options' => [
['value'=>'0', 'label'=>'默认证书'],
['value'=>'1', 'label'=>'扩展证书'],
],
'value' => '0',
'show' => 'product==\'clb\'||product==\'alb\'||product==\'nlb\'',
'required' => true,
],
'clb_domain' => [
'name' => '扩展域名',
'type' => 'input',
'placeholder' => '多个域名可使用,分隔',
'show' => 'product==\'clb\'&&deploy_type==1',
'required' => true,
],
'domain' => [
'name' => '绑定的域名',
'type' => 'input',
@@ -823,7 +1154,8 @@ class DeployHelper
'tencent' => [
'name' => '腾讯云',
'class' => 2,
'icon' => 'tencent.ico',
'icon' => 'tencent.png',
'desc' => '支持部署到腾讯云CDN、EO、CLB、COS、TKE、SCF等服务',
'note' => '支持部署到腾讯云CDN、EO、CLB、COS、TKE、SCF等服务',
'tasknote' => '',
'inputs' => [
@@ -944,6 +1276,24 @@ class DeployHelper
'show' => 'product==\'lighthouse\'||product==\'ddos\'',
'required' => true,
],
'site_type' => [
'name' => '站点类型',
'type' => 'select',
'options' => [
['value'=>'cn', 'label'=>'国内站'],
['value'=>'intl', 'label'=>'国际站'],
],
'value' => 'cn',
'show' => 'product==\'teo\'',
'required' => true,
],
'site_id' => [
'name' => '站点ID',
'type' => 'input',
'placeholder' => '类似于zone-xxxx在站点列表或概览页面查看',
'show' => 'product==\'teo\'',
'required' => true,
],
'domain' => [
'name' => '绑定的域名',
'type' => 'input',
@@ -958,6 +1308,7 @@ class DeployHelper
'name' => '华为云',
'class' => 2,
'icon' => 'huawei.ico',
'desc' => '支持部署到华为云CDN、ELB、WAF等服务',
'note' => '支持部署到华为云CDN、ELB、WAF等服务',
'inputs' => [
'AccessKeyId' => [
@@ -1030,6 +1381,7 @@ class DeployHelper
'name' => 'UCloud',
'class' => 2,
'icon' => 'ucloud.ico',
'desc' => '支持部署到UCDN',
'note' => '支持部署到UCDN',
'inputs' => [
'PublicKey' => [
@@ -1059,6 +1411,7 @@ class DeployHelper
'name' => '七牛云',
'class' => 2,
'icon' => 'qiniu.ico',
'desc' => '支持部署到七牛云CDN、OSS',
'note' => '支持部署到七牛云CDN、OSS',
'inputs' => [
'AccessKey' => [
@@ -1113,7 +1466,8 @@ class DeployHelper
'doge' => [
'name' => '多吉云',
'class' => 2,
'icon' => 'cloud.png',
'icon' => 'doge.png',
'desc' => '支持部署到多吉云融合CDN',
'note' => '支持部署到多吉云融合CDN',
'inputs' => [
'AccessKey' => [
@@ -1151,6 +1505,8 @@ class DeployHelper
'name' => '又拍云',
'class' => 2,
'icon' => 'upyun.ico',
'desc' => '支持部署到又拍云CDN',
'note' => '支持部署到又拍云CDN',
'tasknote' => '系统会根据关联SSL证书的域名进行证书的迁移操作',
'inputs' => [
'username' => [
@@ -1180,7 +1536,8 @@ class DeployHelper
'name' => '百度云',
'class' => 2,
'icon' => 'baidu.ico',
'note' => '支持部署到百度云CDN',
'desc' => '支持部署到百度云CDN、BLB',
'note' => '支持部署到百度云CDN、BLB',
'inputs' => [
'AccessKeyId' => [
'name' => 'AccessKeyId',
@@ -1205,10 +1562,102 @@ class DeployHelper
],
],
'taskinputs' => [
'product' => [
'name' => '要部署的产品',
'type' => 'select',
'options' => [
['value'=>'cdn', 'label'=>'CDN'],
['value'=>'blb', 'label'=>'普通型BLB'],
['value'=>'appblb', 'label'=>'应用型BLB'],
],
'value' => 'cdn',
'required' => true,
],
'domain' => [
'name' => '绑定的域名',
'type' => 'input',
'placeholder' => '多个域名可使用,分隔',
'show' => 'product==\'cdn\'',
'required' => true,
],
'region' => [
'name' => '所属地域',
'type' => 'select',
'options' => [
['value'=>'bj', 'label'=>'北京'],
['value'=>'gz', 'label'=>'广州'],
['value'=>'su', 'label'=>'苏州'],
['value'=>'hkg', 'label'=>'香港'],
['value'=>'fwh', 'label'=>'武汉'],
['value'=>'bd', 'label'=>'保定'],
['value'=>'fsh', 'label'=>'上海'],
['value'=>'sin', 'label'=>'新加坡'],
],
'value' => 'bj',
'show' => 'product==\'blb\'||product==\'appblb\'',
'required' => true,
],
'blb_id' => [
'name' => '负载均衡实例ID',
'type' => 'input',
'placeholder' => '',
'show' => 'product==\'blb\'||product==\'appblb\'',
'required' => true,
],
'blb_port' => [
'name' => 'HTTPS监听端口',
'type' => 'input',
'placeholder' => '',
'value' => '443',
'show' => 'product==\'blb\'||product==\'appblb\'',
'required' => true,
],
],
],
'ksyun' => [
'name' => '金山云',
'class' => 2,
'icon' => 'ksyun.ico',
'desc' => '支持部署到金山云CDN',
'note' => '支持部署到金山云CDN',
'inputs' => [
'AccessKeyId' => [
'name' => 'AccessKeyId',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'SecretAccessKey' => [
'name' => 'SecretAccessKey',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'proxy' => [
'name' => '使用代理服务器',
'type' => 'radio',
'options' => [
'0' => '否',
'1' => '是',
],
'value' => '0'
],
],
'taskinputs' => [
'product' => [
'name' => '要部署的产品',
'type' => 'select',
'options' => [
['value'=>'cdn', 'label'=>'CDN'],
],
'value' => 'cdn',
'required' => true,
],
'domain' => [
'name' => '绑定的域名',
'type' => 'input',
'placeholder' => '多个域名可使用,分隔',
'show' => 'product==\'cdn\'',
'required' => true,
],
],
@@ -1217,7 +1666,8 @@ class DeployHelper
'name' => '火山引擎',
'class' => 2,
'icon' => 'huoshan.ico',
'note' => '支持部署到火山引擎CDN',
'desc' => '支持部署到火山引擎CDN、CLB、TOS、直播、veImageX',
'note' => '支持部署到火山引擎CDN、CLB、TOS、直播、veImageX',
'inputs' => [
'AccessKeyId' => [
'name' => 'AccessKeyId',
@@ -1284,6 +1734,7 @@ class DeployHelper
'name' => '西部数码',
'class' => 2,
'icon' => 'west.ico',
'desc' => '支持部署到西部数码虚拟主机',
'note' => '支持部署到西部数码虚拟主机',
'inputs' => [
'username' => [
@@ -1321,6 +1772,7 @@ class DeployHelper
'name' => '网宿科技',
'class' => 2,
'icon' => 'wangsu.ico',
'desc' => '支持部署到网宿CDN',
'note' => '适用产品网页加速、下载分发、全站加速、点播分发、直播分发、上传加速、移动加速、上网加速、S-P2P、PCDN、应用性能管理、WEB应用防火墙、BotGuard爬虫管理、WSS、DMS、DDoS云清洗、应用加速、应用安全加速解决方案、IPv6一体化解决方案、电商安全加速解决方案、金融安全加速解决方案、政企安全加速解决方案、DDoS云清洗(非网站业务)、区块链安全加速解决方案、IPv6安全加速解决方案、CDN Pro。暂不支持AKSK鉴权。',
'inputs' => [
'username' => [
@@ -1389,6 +1841,7 @@ class DeployHelper
'name' => '白山云',
'class' => 2,
'icon' => 'waf.png',
'desc' => '替换白山云证书管理内的证书',
'note' => null,
'inputs' => [
'account' => [
@@ -1428,7 +1881,8 @@ class DeployHelper
'name' => '天翼云',
'class' => 2,
'icon' => 'ctyun.ico',
'note' => '支持部署到天翼云CDN',
'desc' => '支持部署到天翼云CDN、边缘加速',
'note' => '支持部署到天翼云CDN、边缘加速',
'inputs' => [
'AccessKeyId' => [
'name' => 'AccessKeyId',
@@ -1476,6 +1930,7 @@ class DeployHelper
'name' => '括彩云',
'class' => 2,
'icon' => 'kuocai.jpg',
'desc' => '替换括彩云证书管理内的证书',
'note' => '支持括彩云及其代理商,填写控制台登录账号及密码',
'inputs' => [
'username' => [
@@ -1511,21 +1966,61 @@ class DeployHelper
],
],
],
'allwaf' => [
'name' => 'AllWAF',
'rainyun' => [
'name' => '雨云',
'class' => 2,
'icon' => 'waf.png',
'note' => '在<a href="https://user.allwaf.cn/" target="_blank" rel="noreferrer">ALLWAF</a>访问控制页面创建AccessKey',
'tasknote' => '系统会根据关联SSL证书的域名自动更新对应证书',
'desc' => '替换雨云证书管理内的证书',
'note' => null,
'inputs' => [
'accessKeyId' => [
'name' => 'AccessKey ID',
'account' => [
'name' => '账号',
'type' => 'input',
'placeholder' => '仅用作标记',
'required' => true,
],
'apikey' => [
'name' => 'ApiKey',
'type' => 'input',
'placeholder' => '',
'note' => '在 账户设置->API密钥 页面查看',
'required' => true,
],
'proxy' => [
'name' => '使用代理服务器',
'type' => 'radio',
'options' => [
'0' => '否',
'1' => '是',
],
'value' => '0'
],
],
'taskinputs' => [
'id' => [
'name' => '证书ID',
'type' => 'input',
'placeholder' => '',
'note' => '在SSL证书->我的证书页面查看,注意域名是否与证书匹配',
'required' => true,
],
],
],
'unicloud' => [
'name' => 'uniCloud',
'class' => 2,
'icon' => 'unicloud.png',
'desc' => '部署到uniCloud服务空间',
'note' => null,
'inputs' => [
'username' => [
'name' => '账号',
'type' => 'input',
'placeholder' => '',
'required' => true,
],
'accessKey' => [
'name' => 'AccessKey密钥',
'password' => [
'name' => '密码',
'type' => 'input',
'placeholder' => '',
'required' => true,
@@ -1540,12 +2035,37 @@ class DeployHelper
'value' => '0'
],
],
'taskinputs' => [],
'taskinputs' => [
'spaceId' => [
'name' => '服务空间ID',
'type' => 'input',
'placeholder' => 'spaceId',
'required' => true,
],
'provider' => [
'name' => '空间提供商',
'type' => 'select',
'options' => [
['value'=>'aliyun', 'label'=>'阿里云'],
['value'=>'tencent', 'label'=>'腾讯云'],
['value'=>'alipay', 'label'=>'支付宝云'],
],
'value' => 'aliyun',
'required' => true,
],
'domains' => [
'name' => '空间域名',
'type' => 'input',
'placeholder' => '多个域名可使用,分隔',
'required' => true,
],
],
],
'aws' => [
'name' => 'AWS',
'class' => 2,
'icon' => 'aws.ico',
'icon' => 'aws.png',
'desc' => '支持部署到Amazon CloudFront、AWS Certificate Manager',
'note' => '支持部署到Amazon CloudFront、AWS Certificate Manager',
'inputs' => [
'AccessKeyId' => [
@@ -1602,6 +2122,7 @@ class DeployHelper
'name' => 'Gcore',
'class' => 2,
'icon' => 'gcore.ico',
'desc' => '替换Gcore CDN证书',
'note' => '在 个人资料->API令牌 页面创建API令牌',
'inputs' => [
'account' => [
@@ -1646,6 +2167,7 @@ class DeployHelper
'name' => 'Cachefly',
'class' => 2,
'icon' => 'cloud.png',
'desc' => '替换Cachefly CDN证书',
'note' => '在 API Tokens 页面生成 API Token',
'inputs' => [
'account' => [
@@ -1678,6 +2200,7 @@ class DeployHelper
'name' => 'SSH服务器',
'class' => 3,
'icon' => 'server.png',
'desc' => '可通过SSH连接到Linux/Windows服务器并部署证书',
'note' => '可通过SSH连接到Linux/Windows服务器并部署证书php需要安装ssh2扩展',
'tasknote' => '请确保路径存在且有写入权限,路径一定要以/开头Windows路径请使用/代替\,且需要在最开头加/',
'inputs' => [
@@ -1786,6 +2309,12 @@ class DeployHelper
'show' => 'format==\'pfx\'',
'required' => true,
],
'cmd_pre' => [
'name' => '上传前执行命令',
'type' => 'textarea',
'show' => 'format==\'pem\'||uptype==0',
'placeholder' => '可留空,上传前执行脚本命令',
],
'cmd' => [
'name' => '上传完执行命令',
'type' => 'textarea',
@@ -1804,6 +2333,7 @@ class DeployHelper
'name' => 'FTP服务器',
'class' => 3,
'icon' => 'server.png',
'desc' => '可将证书上传到FTP服务器',
'note' => '可将证书上传到FTP服务器php需要安装ftp扩展',
'tasknote' => '请确保路径存在且有写入权限',
'inputs' => [
@@ -1887,6 +2417,7 @@ class DeployHelper
'name' => '复制到本机',
'class' => 3,
'icon' => 'server2.png',
'desc' => '将证书复制到本机指定路径',
'note' => '将证书复制到本机指定路径',
'tasknote' => '请确保php进程有对证书保存路径的写入权限宝塔面板需关闭防跨站攻击如果当前是Docker运行的则需要做目录映射到宿主机。',
'inputs' => [],

11
app/lib/DnsHelper.php
View File

@@ -19,6 +19,7 @@ class DnsHelper
'log' => true, //是否支持查看日志
'weight' => false, //是否支持权重
'page' => false, //是否客户端分页
'add' => true, //是否支持添加域名
],
'dnspod' => [
'name' => '腾讯云',
@@ -32,6 +33,7 @@ class DnsHelper
'log' => true,
'weight' => true,
'page' => false,
'add' => true,
],
'huawei' => [
'name' => '华为云',
@@ -45,6 +47,7 @@ class DnsHelper
'log' => false,
'weight' => true,
'page' => false,
'add' => true,
],
'baidu' => [
'name' => '百度云',
@@ -58,6 +61,7 @@ class DnsHelper
'log' => false,
'weight' => false,
'page' => true,
'add' => true,
],
'west' => [
'name' => '西部数码',
@@ -71,6 +75,7 @@ class DnsHelper
'log' => false,
'weight' => false,
'page' => false,
'add' => false,
],
'huoshan' => [
'name' => '火山引擎',
@@ -84,6 +89,7 @@ class DnsHelper
'log' => false,
'weight' => true,
'page' => false,
'add' => true,
],
'jdcloud' => [
'name' => '京东云',
@@ -97,6 +103,7 @@ class DnsHelper
'log' => false,
'weight' => true,
'page' => false,
'add' => true,
],
'dnsla' => [
'name' => 'DNSLA',
@@ -110,6 +117,7 @@ class DnsHelper
'log' => false,
'weight' => true,
'page' => false,
'add' => true,
],
'cloudflare' => [
'name' => 'Cloudflare',
@@ -123,6 +131,7 @@ class DnsHelper
'log' => false,
'weight' => false,
'page' => false,
'add' => true,
],
'namesilo' => [
'name' => 'NameSilo',
@@ -136,6 +145,7 @@ class DnsHelper
'log' => false,
'weight' => false,
'page' => true,
'add' => false,
],
'powerdns' => [
'name' => 'PowerDNS',
@@ -150,6 +160,7 @@ class DnsHelper
'log' => false,
'weight' => false,
'page' => true,
'add' => true,
],
];

2
app/lib/DnsInterface.php
View File

@@ -31,4 +31,6 @@ interface DnsInterface
function getRecordLine();
function getMinTTL();
function addDomain($Domain);
}

4
app/lib/NewDbManager.php
View File

@@ -10,11 +10,11 @@ class NewDbManager extends \think\Db
/**
* 创建数据库连接实例
* @access protected
* @param string|null $name 连接标识
* @param string|array|null $name 连接标识
* @param bool $force 强制重新连接
* @return ConnectionInterface
*/
protected function instance(string $name = null, bool $force = false): ConnectionInterface
protected function instance(string|array $name = null, bool $force = false): ConnectionInterface
{
if (empty($name)) {
$name = $this->getConfig('default', 'mysql');

2
app/lib/acme/ACMEv2.php
View File

@@ -321,7 +321,7 @@ class ACMEv2
}
));
if ($this->proxy) {
if ($this->proxy == 1) {
curl_set_proxy($this->ch);
}

2
app/lib/cert/aliyun.php
View File

@@ -69,7 +69,7 @@ class aliyun implements CertInterface
$dnsList = [];
if ($data['Type'] == 'domain_verify') {
$mainDomain = getMainDomain($domain);
$name = str_replace('.' . $mainDomain, '', $data['RecordDomain']);
$name = substr($data['RecordDomain'], 0, -(strlen($mainDomain) + 1));
$dnsList[$mainDomain][] = ['name' => $name, 'type' => $data['RecordType'], 'value' => $data['RecordValue']];
}

2
app/lib/cert/customacme.php
View File

@@ -64,7 +64,7 @@ class customacme implements CertInterface
if (!empty($order['challenges'])) {
foreach ($order['challenges'] as $opts) {
$mainDomain = getMainDomain($opts['domain']);
$name = str_replace('.' . $mainDomain, '', $opts['key']);
$name = substr($opts['key'], 0, -(strlen($mainDomain) + 1));
$dnsList[$mainDomain][] = ['name' => $name, 'type' => 'TXT', 'value' => $opts['value']];
}
}

4
app/lib/cert/google.php
View File

@@ -72,7 +72,7 @@ class google implements CertInterface
if (!empty($order['challenges'])) {
foreach ($order['challenges'] as $opts) {
$mainDomain = getMainDomain($opts['domain']);
$name = str_replace('.' . $mainDomain, '', $opts['key']);
$name = substr($opts['key'], 0, -(strlen($mainDomain) + 1));
/*if (!array_key_exists($mainDomain, $dnsList)) {
$dnsList[$mainDomain][] = ['name' => '@', 'type' => 'CAA', 'value' => '0 issue "pki.goog"'];
}*/
@@ -128,7 +128,7 @@ class google implements CertInterface
private function getEAB()
{
$api = "https://gts.rat.dev/eab";
$response = curl_client($api, null, null, null, null, $this->config['proxy'] == 1, 'GET', 10);
$response = http_request($api, null, null, null, null, $this->config['proxy'] == 1, 'GET', 10);
$result = json_decode($response['body'], true);
if (!isset($result['msg'])) {
throw new Exception('解析返回数据失败:' . $response['body']);

2
app/lib/cert/huoshan.php
View File

@@ -66,7 +66,7 @@ class huoshan implements CertInterface
$type = $data['validation_type'] == 'dns_cname' ? 'CNAME' : 'TXT';
foreach ($data['domains_to_be_validated'] as $opts) {
$mainDomain = getMainDomain($domain);
$name = str_replace('.' . $mainDomain, '', $opts['validation_domain']);
$name = substr($opts['validation_domain'], 0, -(strlen($mainDomain) + 1));
$dnsList[$mainDomain][] = ['name' => $name, 'type' => $type, 'value' => $opts['value']];
}
}

2
app/lib/cert/letsencrypt.php
View File

@@ -60,7 +60,7 @@ class letsencrypt implements CertInterface
if (!empty($order['challenges'])) {
foreach ($order['challenges'] as $opts) {
$mainDomain = getMainDomain($opts['domain']);
$name = str_replace('.' . $mainDomain, '', $opts['key']);
$name = substr($opts['key'], 0, -(strlen($mainDomain) + 1));
/*if (!array_key_exists($mainDomain, $dnsList)) {
$dnsList[$mainDomain][] = ['name' => '@', 'type' => 'CAA', 'value' => '0 issue "letsencrypt.org"'];
}*/

19
app/lib/cert/tencent.php
View File

@@ -60,8 +60,9 @@ class tencent implements CertInterface
$dnsList = [];
if (!empty($data['DvAuthDetail']['DvAuths'])) {
foreach ($data['DvAuthDetail']['DvAuths'] as $opts) {
$mainDomain = $opts['DvAuthDomain'];
$dnsList[$mainDomain][] = ['name' => $opts['DvAuthSubDomain'], 'type' => $opts['DvAuthVerifyType'] ?? 'CNAME', 'value' => $opts['DvAuthValue']];
$mainDomain = getMainDomain($opts['DvAuthKey']);
$name = substr($opts['DvAuthKey'], 0, -(strlen($mainDomain) + 1));
$dnsList[$mainDomain][] = ['name' => $name, 'type' => $opts['DvAuthVerifyType'] ?? 'CNAME', 'value' => $opts['DvAuthValue']];
}
}
@@ -97,13 +98,19 @@ class tencent implements CertInterface
public function finalizeOrder($domainList, $order, $keytype, $keysize)
{
$param = [
'CertificateIds' => [$order['CertificateId']],
'SwitchStatus' => 1,
];
$this->request('ModifyCertificatesExpiringNotificationSwitch', $param);
if (!is_dir(app()->getRuntimePath() . 'cert')) mkdir(app()->getRuntimePath() . 'cert');
$param = [
'CertificateId' => $order['CertificateId'],
'ServiceType' => 'nginx',
];
$data = $this->request('DescribeDownloadCertificateUrl', $param);
$file_data = curl_client($data['DownloadCertificateUrl'], null, null, null, null, $this->proxy);
$file_data = http_request($data['DownloadCertificateUrl'], null, null, null, null, $this->proxy);
$file_data = $file_data['body'] ?? null;
if (empty($file_data)) throw new Exception('下载证书失败');
$file_path = app()->getRuntimePath() . 'cert/' . $data['DownloadFilename'];
@@ -152,9 +159,9 @@ class tencent implements CertInterface
if (!empty($data['RevokeDomainValidateAuths'])) {
$dnsList = [];
foreach ($data['RevokeDomainValidateAuths'] as $opts) {
$mainDomain = getMainDomain($opts['DomainValidateAuthDomain']);
$name = str_replace('.' . $mainDomain, '', $opts['DomainValidateAuthKey']);
$dnsList[$mainDomain][] = ['name' => $name, 'type' => 'CNAME', 'value' => $opts['DomainValidateAuthValue']];
$mainDomain = getMainDomain($opts['DomainValidateAuthKey']);
$name = substr($opts['DomainValidateAuthKey'], 0, -(strlen($mainDomain) + 1));
$dnsList[$mainDomain][] = ['name' => $name, 'type' => 'TXT', 'value' => $opts['DomainValidateAuthValue']];
}
\app\utils\CertDnsUtils::addDns($dnsList, function ($txt) {
$this->log($txt);

3
app/lib/cert/ucloud.php
View File

@@ -80,7 +80,8 @@ class ucloud implements CertInterface
if (!empty($data['Auths'])) {
foreach ($data['Auths'] as $auth) {
$mainDomain = getMainDomain($auth['Domain']);
$dnsList[$mainDomain][] = ['name' => $auth['AuthRecord'], 'type' => $auth['AuthType'] == 'DNS_TXT' ? 'TXT' : 'CNAME', 'value' => $auth['AuthValue']];
$name = substr($auth['AuthKey'], 0, -(strlen($mainDomain) + 1));
$dnsList[$mainDomain][] = ['name' => $name, 'type' => $auth['AuthType'] == 'DNS_TXT' ? 'TXT' : 'CNAME', 'value' => $auth['AuthValue']];
}
}
return $dnsList;

4
app/lib/cert/zerossl.php
View File

@@ -64,7 +64,7 @@ class zerossl implements CertInterface
if (!empty($order['challenges'])) {
foreach ($order['challenges'] as $opts) {
$mainDomain = getMainDomain($opts['domain']);
$name = str_replace('.' . $mainDomain, '', $opts['key']);
$name = substr($opts['key'], 0, -(strlen($mainDomain) + 1));
/*if (!array_key_exists($mainDomain, $dnsList)) {
$dnsList[$mainDomain][] = ['name' => '@', 'type' => 'CAA', 'value' => '0 issue "sectigo.com"'];
}*/
@@ -120,7 +120,7 @@ class zerossl implements CertInterface
private function getEAB($email)
{
$api = "https://api.zerossl.com/acme/eab-credentials-email";
$response = curl_client($api, http_build_query(['email' => $email]), null, null, null, $this->config['proxy'] == 1);
$response = http_request($api, http_build_query(['email' => $email]), null, null, null, $this->config['proxy'] == 1);
$result = json_decode($response['body'], true);
if (!isset($result['success'])) {
throw new Exception('获取EAB失败' . $response['body']);

209
app/lib/client/Ksyun.php Normal file
View File

@@ -0,0 +1,209 @@
<?php
namespace app\lib\client;
use Exception;
/**
* 金山云
*/
class Ksyun
{
private $AccessKeyId;
private $SecretAccessKey;
private $endpoint;
private $service;
private $region;
private $proxy = false;
public function __construct($AccessKeyId, $SecretAccessKey, $endpoint, $service, $region, $proxy = false)
{
$this->AccessKeyId = $AccessKeyId;
$this->SecretAccessKey = $SecretAccessKey;
$this->endpoint = $endpoint;
$this->service = $service;
$this->region = $region;
$this->proxy = $proxy;
}
/**
* @param string $method 请求方法
* @param string $action 方法名称
* @param array $params 请求参数
* @return array
* @throws Exception
*/
public function request($method, $action, $version, $path = '/', $params = [])
{
if (!empty($params)) {
$params = array_filter($params, function ($a) {
return $a !== null;
});
}
$body = '';
$query = [];
if ($method == 'GET') {
$query = $params;
} else {
$body = !empty($params) ? json_encode($params) : '';
}
$time = time();
$headers = [
'Host' => $this->endpoint,
'X-Amz-Date' => gmdate("Ymd\THis\Z", $time),
'X-Version' => $version,
'X-Action' => $action,
];
$authorization = $this->generateSign($method, $path, $query, $headers, $body, $time);
$headers['Authorization'] = $authorization;
$headers['Accept'] = 'application/json';
if ($body) {
$headers['Content-Type'] = 'application/json';
}
$url = 'https://' . $this->endpoint . $path;
if (!empty($query)) {
$url .= '?' . http_build_query($query);
}
$header = [];
foreach ($headers as $key => $value) {
$header[] = $key . ': ' . $value;
}
return $this->curl($method, $url, $body, $header);
}
private function generateSign($method, $path, $query, $headers, $body, $time)
{
$algorithm = "AWS4-HMAC-SHA256";
// step 1: build canonical request string
$httpRequestMethod = $method;
$canonicalUri = $this->getCanonicalURI($path);
$canonicalQueryString = $this->getCanonicalQueryString($query);
[$canonicalHeaders, $signedHeaders] = $this->getCanonicalHeaders($headers);
$hashedRequestPayload = hash("sha256", $body);
$canonicalRequest = $httpRequestMethod . "\n"
. $canonicalUri . "\n"
. $canonicalQueryString . "\n"
. $canonicalHeaders . "\n"
. $signedHeaders . "\n"
. $hashedRequestPayload;
// step 2: build string to sign
$date = gmdate("Ymd\THis\Z", $time);
$shortDate = substr($date, 0, 8);
$credentialScope = $shortDate . '/' . $this->region . '/' . $this->service . '/aws4_request';
$hashedCanonicalRequest = hash("sha256", $canonicalRequest);
$stringToSign = $algorithm . "\n"
. $date . "\n"
. $credentialScope . "\n"
. $hashedCanonicalRequest;
// step 3: sign string
$kDate = hash_hmac("sha256", $shortDate, 'AWS4' . $this->SecretAccessKey, true);
$kRegion = hash_hmac("sha256", $this->region, $kDate, true);
$kService = hash_hmac("sha256", $this->service, $kRegion, true);
$kSigning = hash_hmac("sha256", "aws4_request", $kService, true);
$signature = hash_hmac("sha256", $stringToSign, $kSigning);
// step 4: build authorization
$credential = $this->AccessKeyId . '/' . $credentialScope;
$authorization = $algorithm . ' Credential=' . $credential . ", SignedHeaders=" . $signedHeaders . ", Signature=" . $signature;
return $authorization;
}
private function escape($str)
{
$search = ['+', '*', '%7E'];
$replace = ['%20', '%2A', '~'];
return str_replace($search, $replace, urlencode($str));
}
private function getCanonicalURI($path)
{
if (empty($path)) return '/';
$pattens = explode('/', $path);
$pattens = array_map(function ($item) {
return $this->escape($item);
}, $pattens);
$canonicalURI = implode('/', $pattens);
return $canonicalURI;
}
private function getCanonicalQueryString($parameters)
{
if (empty($parameters)) return '';
ksort($parameters);
$canonicalQueryString = '';
foreach ($parameters as $key => $value) {
if (!is_array($value)) {
$canonicalQueryString .= '&' . $this->escape($key) . '=' . $this->escape($value);
} else {
sort($value);
foreach ($value as $v) {
$canonicalQueryString .= '&' . $this->escape($key) . '=' . $this->escape($v);
}
}
}
return substr($canonicalQueryString, 1);
}
private function getCanonicalHeaders($oldheaders)
{
$headers = array();
foreach ($oldheaders as $key => $value) {
$headers[strtolower($key)] = trim($value);
}
ksort($headers);
$canonicalHeaders = '';
$signedHeaders = '';
foreach ($headers as $key => $value) {
$canonicalHeaders .= $key . ':' . $value . "\n";
$signedHeaders .= $key . ';';
}
$signedHeaders = substr($signedHeaders, 0, -1);
return [$canonicalHeaders, $signedHeaders];
}
private function curl($method, $url, $body, $header)
{
$ch = curl_init($url);
if ($this->proxy) {
curl_set_proxy($ch);
}
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
if (!empty($body)) {
curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
}
$response = curl_exec($ch);
$errno = curl_errno($ch);
if ($errno) {
$errmsg = curl_error($ch);
curl_close($ch);
throw new Exception('Curl error: ' . $errmsg);
}
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
$arr = json_decode($response, true);
if ($httpCode == 200) {
return $arr;
} else {
if (isset($arr['Error']['Message'])) {
throw new Exception($arr['Error']['Message']);
} else {
throw new Exception('返回数据解析失败(http_code=' . $httpCode . ')');
}
}
}
}

2
app/lib/client/Ucloud.php
View File

@@ -27,7 +27,7 @@ class Ucloud
$param = array_merge($param, $params);
$param['Signature'] = $this->ucloudSignature($param);
$ua = sprintf("PHP/%s PHP-SDK/%s", phpversion(), self::VERSION);
$response = get_curl($this->ApiUrl, json_encode($param), 0, 0, 0, $ua, 0, ['Content-Type: application/json']);
$response = get_curl($this->ApiUrl, json_encode($param), 0, 0, $ua, 0, ['Content-Type' => 'application/json']);
$result = json_decode($response, true);
if (isset($result['RetCode']) && $result['RetCode'] == 0) {
return $result;

290
app/lib/deploy/aliyun.php
View File

@@ -42,14 +42,14 @@ class aliyun implements DeployInterface
} elseif ($config['product'] == 'fc2') {
$this->deploy_fc2($fullchain, $privatekey, $config);
} else {
[$cert_id, $cert_name] = $this->get_cert_id($fullchain, $privatekey);
[$cert_id, $cert_name] = $this->get_cert_id($fullchain, $privatekey, $config);
if (!$cert_id) throw new Exception('证书ID获取失败');
if ($config['product'] == 'cdn') {
$this->deploy_cdn($cert_id, $cert_name, $config);
} elseif ($config['product'] == 'dcdn') {
$this->deploy_dcdn($cert_id, $cert_name, $config);
} elseif ($config['product'] == 'esa') {
$this->deploy_esa($cert_id, $config);
$this->deploy_esa($cert_id, $cert_name, $config);
} elseif ($config['product'] == 'oss') {
$this->deploy_oss($cert_id, $config);
} elseif ($config['product'] == 'waf') {
@@ -74,14 +74,20 @@ class aliyun implements DeployInterface
}
}
private function get_cert_id($fullchain, $privatekey)
private function get_cert_id($fullchain, $privatekey, $config)
{
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
$cert_name = str_replace('*.', '', $certInfo['subject']['CN']) . '-' . $certInfo['validFrom_time_t'];
$serial_no = strtolower($certInfo['serialNumberHex']);
$client = new AliyunClient($this->AccessKeyId, $this->AccessKeySecret, 'cas.aliyuncs.com', '2020-04-07', $this->proxy);
if ($config['region'] == 'ap-southeast-1') {
$endpoint = 'cas.ap-southeast-1.aliyuncs.com';
} else {
$endpoint = 'cas.aliyuncs.com';
}
$client = new AliyunClient($this->AccessKeyId, $this->AccessKeySecret, $endpoint, '2020-04-07', $this->proxy);
$param = [
'Action' => 'ListUserCertificateOrder',
'Keyword' => $certInfo['subject']['CN'],
@@ -95,7 +101,7 @@ class aliyun implements DeployInterface
$cert_id = null;
if ($data['TotalCount'] > 0 && !empty($data['CertificateOrderList'])) {
foreach ($data['CertificateOrderList'] as $cert) {
if (strtolower($cert['SerialNo']) == $serial_no) {
if (strtolower($cert['SerialNo']) == $serial_no || strpos(strtolower($cert['SerialNo']), $serial_no) !== false) {
$cert_id = $cert['CertificateId'];
$cert_name = $cert['Name'];
break;
@@ -157,12 +163,18 @@ class aliyun implements DeployInterface
$this->log('DCDN域名 ' . $domain . ' 部署证书成功!');
}
private function deploy_esa($cas_id, $config)
private function deploy_esa($cas_id, $cert_name, $config)
{
$sitename = $config['esa_sitename'];
if (empty($sitename)) throw new Exception('ESA站点名称不能为空');
$client = new AliyunClient($this->AccessKeyId, $this->AccessKeySecret, 'esa.cn-hangzhou.aliyuncs.com', '2024-09-10');
if ($config['region'] == 'ap-southeast-1') {
$endpoint = 'esa.ap-southeast-1.aliyuncs.com';
} else {
$endpoint = 'esa.cn-hangzhou.aliyuncs.com';
}
$client = new AliyunClient($this->AccessKeyId, $this->AccessKeySecret, $endpoint, '2024-09-10');
$param = [
'Action' => 'ListSites',
'SiteName' => $sitename,
@@ -188,24 +200,26 @@ class aliyun implements DeployInterface
}
$this->log('ESA站点 ' . $sitename . ' 查询到' . $data['TotalCount'] . '个SSL证书');
$cert_id = null;
$cert_name = null;
$casid = null;
foreach ($data['Result'] as $cert) {
$domains = explode(',', $cert['SAN']);
$flag = true;
foreach ($domains as $domain) {
if (!in_array($domain, $config['domainList'])) {
$flag = false;
$exist_cert_id = null;
$exist_cert_name = null;
$exist_cert_casid = null;
if ($data['TotalCount'] > 0) {
foreach ($data['Result'] as $cert) {
$domains = explode(',', $cert['SAN']);
$flag = true;
foreach ($domains as $domain) {
if (!in_array($domain, $config['domainList'])) {
$flag = false;
break;
}
}
if ($flag) {
$exist_cert_id = $cert['Id'];
$exist_cert_name = $cert['Name'];
$exist_cert_casid = isset($cert['CasId']) ? $cert['CasId'] : null;
break;
}
}
if ($flag) {
$cert_id = $cert['Id'];
$cert_name = $cert['CommonName'];
$casid = $cert['CasId'];
break;
}
}
$param = [
@@ -213,20 +227,25 @@ class aliyun implements DeployInterface
'SiteId' => $site_id,
'Type' => 'cas',
'CasId' => $cas_id,
'Name' => $cert_name,
'Region' => $config['region'],
];
if ($cert_id) {
$param['Update'] = 'true';
$param['Id'] = $cert_id;
if ($casid == $cas_id) {
if ($exist_cert_id) {
$param['Id'] = $exist_cert_id;
if ($exist_cert_casid == $cas_id) {
$this->log('ESA站点 ' . $sitename . ' 证书已配置,无需重复操作');
return;
}
}
$client->request($param);
if ($cert_id) {
$this->log('ESA站点 ' . $sitename . ' 域名 ' . $cert_name . ' 更新证书成功!');
if ($exist_cert_name) {
$this->log('ESA站点 ' . $sitename . ' 证书 ' . $exist_cert_name . ' 更新成功');
} else {
$this->log('ESA站点 ' . $sitename . ' 添加证书成功!');
$this->log('ESA站点 ' . $sitename . ' 证书添加成功!');
}
}
@@ -245,6 +264,12 @@ class aliyun implements DeployInterface
$domain = $config['domain'];
if (empty($domain)) throw new Exception('WAF绑定域名不能为空');
if ($config['region'] == 'ap-southeast-1') {
$cert_id .= '-ap-southeast-1';
} else {
$cert_id .= '-cn-hangzhou';
}
$endpoint = 'wafopenapi.' . $config['region'] . '.aliyuncs.com';
$client = new AliyunClient($this->AccessKeyId, $this->AccessKeySecret, $endpoint, '2021-10-01', $this->proxy);
@@ -273,17 +298,19 @@ class aliyun implements DeployInterface
} catch (Exception $e) {
throw new Exception('查询CNAME接入详情失败' . $e->getMessage());
}
if (!isset($data['Listen'])) {
throw new Exception('没有找到' . $domain . '监听器');
}
if (isset($data['Listen']['CertId'])) {
$old_cert_id = $data['Listen']['CertId'];
if (strpos($old_cert_id, '-')) $old_cert_id = substr($old_cert_id, 0, strpos($old_cert_id, '-'));
if (!empty($old_cert_id) && $old_cert_id == $cert_id) {
$this->log('WAF域名 ' . $domain . ' 证书已配置,无需重复操作');
return;
}
}
$data['Listen']['CertId'] = $cert_id . '-cn-hangzhou';
$data['Listen']['CertId'] = $cert_id;
if (empty($data['Listen']['HttpsPorts'])) $data['Listen']['HttpsPorts'] = [443];
$data['Redirect']['Backends'] = $data['Redirect']['AllBackends'];
$param = [
@@ -541,36 +568,65 @@ class aliyun implements DeployInterface
$this->log('找到已添加的服务器证书 ServerCertificateId=' . $ServerCertificateId);
}
$param = [
'Action' => 'DescribeLoadBalancerHTTPSListenerAttribute',
'RegionId' => $config['regionid'],
'LoadBalancerId' => $config['clb_id'],
'ListenerPort' => $config['clb_port'],
];
try {
$data = $client->request($param);
} catch (Exception $e) {
throw new Exception('HTTPS监听配置查询失败' . $e->getMessage());
}
$deploy_type = isset($config['deploy_type']) ? intval($config['deploy_type']) : 0;
if ($deploy_type == 1) {
if (empty($config['clb_domain'])) throw new Exception('扩展域名不能为空');
$domains = explode(',', $config['clb_domain']);
$param = [
'Action' => 'DescribeDomainExtensions',
'RegionId' => $config['regionid'],
'LoadBalancerId' => $config['clb_id'],
'ListenerPort' => $config['clb_port'],
];
try {
$data = $client->request($param);
} catch (Exception $e) {
throw new Exception('扩展域名列表查询失败:' . $e->getMessage());
}
foreach ($data['DomainExtensions']['DomainExtension'] as $item) {
if (in_array($item['Domain'], $domains)) {
if ($ServerCertificateId == $item['ServerCertificateId']) {
$this->log('负载均衡HTTPS扩展域名 ' . $item['Domain'] . ' 证书已配置');
} else {
$param = [
'Action' => 'SetDomainExtensionAttribute',
'RegionId' => $config['regionid'],
'DomainExtensionId' => $item['DomainExtensionId'],
'ServerCertificateId' => $ServerCertificateId,
];
$client->request($param);
$this->log('负载均衡HTTPS扩展域名 ' . $item['Domain'] . ' 证书更新成功');
}
}
}
} else {
$param = [
'Action' => 'DescribeLoadBalancerHTTPSListenerAttribute',
'RegionId' => $config['regionid'],
'LoadBalancerId' => $config['clb_id'],
'ListenerPort' => $config['clb_port'],
];
try {
$data = $client->request($param);
} catch (Exception $e) {
throw new Exception('HTTPS监听配置查询失败' . $e->getMessage());
}
if ($data['ServerCertificateId'] == $ServerCertificateId) {
$this->log('负载均衡HTTPS监听已配置该证书无需重复操作');
return;
}
if ($data['ServerCertificateId'] == $ServerCertificateId) {
$this->log('负载均衡HTTPS监听已配置该证书无需重复操作');
return;
}
$param = [
'Action' => 'SetLoadBalancerHTTPSListenerAttribute',
'RegionId' => $config['regionid'],
'LoadBalancerId' => $config['clb_id'],
'ListenerPort' => $config['clb_port'],
];
$keys = ['Bandwidth', 'XForwardedFor', 'Scheduler', 'StickySession', 'StickySessionType', 'CookieTimeout', 'Cookie', 'HealthCheck', 'HealthCheckMethod', 'HealthCheckDomain', 'HealthCheckURI', 'HealthyThreshold', 'UnhealthyThreshold', 'HealthCheckTimeout', 'HealthCheckInterval', 'HealthCheckConnectPort', 'HealthCheckHttpCode', 'ServerCertificateId', 'CACertificateId', 'VServerGroup', 'VServerGroupId', 'XForwardedFor_SLBIP', 'XForwardedFor_SLBID', 'XForwardedFor_proto', 'Gzip', 'AclId', 'AclType', 'AclStatus', 'IdleTimeout', 'RequestTimeout', 'EnableHttp2', 'TLSCipherPolicy', 'Description', 'XForwardedFor_SLBPORT', 'XForwardedFor_ClientSrcPort'];
foreach ($keys as $key) {
if (isset($data[$key])) $param[$key] = $data[$key];
$param = [
'Action' => 'SetLoadBalancerHTTPSListenerAttribute',
'RegionId' => $config['regionid'],
'LoadBalancerId' => $config['clb_id'],
'ListenerPort' => $config['clb_port'],
'ServerCertificateId' => $ServerCertificateId,
];
$client->request($param);
$this->log('负载均衡HTTPS监听证书配置成功');
}
$param['ServerCertificateId'] = $ServerCertificateId;
$client->request($param);
$this->log('负载均衡HTTPS监听证书配置成功');
}
private function deploy_alb($cert_id, $config)
@@ -579,33 +635,44 @@ class aliyun implements DeployInterface
$endpoint = 'alb.' . $config['regionid'] . '.aliyuncs.com';
$client = new AliyunClient($this->AccessKeyId, $this->AccessKeySecret, $endpoint, '2020-06-16', $this->proxy);
$cert_id = $cert_id . '-cn-hangzhou';
$deploy_type = isset($config['deploy_type']) ? intval($config['deploy_type']) : 0;
$param = [
'Action' => 'ListListenerCertificates',
'MaxResults' => 100,
'ListenerId' => $config['alb_listener_id'],
'CertificateType' => 'Server',
];
try {
$data = $client->request($param);
} catch (Exception $e) {
throw new Exception('获取监听证书列表失败:' . $e->getMessage());
}
foreach ($data['Certificates'] as $cert) {
if (strpos($cert['CertificateId'], '-')) $cert['CertificateId'] = substr($cert['CertificateId'], 0, strpos($cert['CertificateId'], '-'));
if ($cert['CertificateId'] == $cert_id) {
$this->log('负载均衡监听证书已添加,无需重复操作');
return;
if ($deploy_type == 1) {
$param = [
'Action' => 'ListListenerCertificates',
'MaxResults' => 100,
'ListenerId' => $config['alb_listener_id'],
'CertificateType' => 'Server',
];
try {
$data = $client->request($param);
} catch (Exception $e) {
throw new Exception('获取监听证书列表失败:' . $e->getMessage());
}
foreach ($data['Certificates'] as $cert) {
if ($cert['CertificateId'] == $cert_id) {
$this->log('负载均衡监听扩展证书已添加,无需重复操作');
return;
}
}
}
$param = [
'Action' => 'AssociateAdditionalCertificatesWithListener',
'ListenerId' => $config['alb_listener_id'],
'Certificates.1.CertificateId' => $cert_id . '-cn-hangzhou',
];
$client->request($param);
$this->log('应用型负载均衡监听证书添加成功!');
$param = [
'Action' => 'AssociateAdditionalCertificatesWithListener',
'ListenerId' => $config['alb_listener_id'],
'Certificates.1.CertificateId' => $cert_id,
];
$client->request($param);
$this->log('应用型负载均衡监听扩展证书添加成功!');
} else {
$param = [
'Action' => 'UpdateListenerAttribute',
'ListenerId' => $config['alb_listener_id'],
'Certificates.1.CertificateId' => $cert_id,
];
$client->request($param);
$this->log('应用型负载均衡监听默认证书更新成功!');
}
}
private function deploy_nlb($cert_id, $config)
@@ -614,33 +681,44 @@ class aliyun implements DeployInterface
$endpoint = 'nlb.' . $config['regionid'] . '.aliyuncs.com';
$client = new AliyunClient($this->AccessKeyId, $this->AccessKeySecret, $endpoint, '2022-04-30', $this->proxy);
$cert_id = $cert_id . '-cn-hangzhou';
$deploy_type = isset($config['deploy_type']) ? intval($config['deploy_type']) : 0;
$param = [
'Action' => 'ListListenerCertificates',
'MaxResults' => 50,
'ListenerId' => $config['nlb_listener_id'],
'CertificateType' => 'Server',
];
try {
$data = $client->request($param);
} catch (Exception $e) {
throw new Exception('获取监听证书列表失败:' . $e->getMessage());
}
foreach ($data['Certificates'] as $cert) {
if (strpos($cert['CertificateId'], '-')) $cert['CertificateId'] = substr($cert['CertificateId'], 0, strpos($cert['CertificateId'], '-'));
if ($cert['CertificateId'] == $cert_id) {
$this->log('负载均衡监听证书已添加,无需重复操作');
return;
if ($deploy_type == 1) {
$param = [
'Action' => 'ListListenerCertificates',
'MaxResults' => 50,
'ListenerId' => $config['nlb_listener_id'],
'CertificateType' => 'Server',
];
try {
$data = $client->request($param);
} catch (Exception $e) {
throw new Exception('获取监听证书列表失败:' . $e->getMessage());
}
foreach ($data['Certificates'] as $cert) {
if ($cert['CertificateId'] == $cert_id) {
$this->log('负载均衡监听扩展证书已添加,无需重复操作');
return;
}
}
}
$param = [
'Action' => 'AssociateAdditionalCertificatesWithListener',
'ListenerId' => $config['nlb_listener_id'],
'AdditionalCertificateIds.1' => $cert_id . '-cn-hangzhou',
];
$client->request($param);
$this->log('网络型负载均衡监听证书添加成功!');
$param = [
'Action' => 'AssociateAdditionalCertificatesWithListener',
'ListenerId' => $config['nlb_listener_id'],
'AdditionalCertificateIds.1' => $cert_id,
];
$client->request($param);
$this->log('网络型负载均衡监听扩展证书添加成功!');
} else {
$param = [
'Action' => 'UpdateListenerAttribute',
'ListenerId' => $config['nlb_listener_id'],
'CertificateIds.1' => $cert_id,
];
$client->request($param);
$this->log('网络型负载均衡监听默认证书更新成功!');
}
}
public function setLogger($func)

146
app/lib/deploy/allwaf.php
View File

@@ -1,146 +0,0 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class allwaf implements DeployInterface
{
private $logger;
private $url = 'https://api.allwaf.cn';
private $accessKeyId;
private $accessKey;
private $usertype = 'user';
private $proxy;
private $accessToken;
public function __construct($config)
{
$this->accessKeyId = $config['accessKeyId'];
$this->accessKey = $config['accessKey'];
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->url) || empty($this->accessKeyId) || empty($this->accessKey)) throw new Exception('必填参数不能为空');
$this->getAccessToken();
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$domains = $config['domainList'];
if (empty($domains)) throw new Exception('没有设置要部署的域名');
$this->getAccessToken();
$params = [
'domains' => $domains,
'offset' => 0,
'size' => 10,
];
try {
$data = $this->request('/SSLCertService/listSSLCerts', $params);
} catch (Exception $e) {
throw new Exception('获取证书列表失败:' . $e->getMessage());
}
$list = json_decode(base64_decode($data['sslCertsJSON']), true);
if (!$list || empty($list)) {
throw new Exception('证书列表为空');
}
$this->log('获取证书列表成功(total=' . count($list) . ')');
$certInfo = openssl_x509_parse($fullchain, true);
$cert_name = str_replace('*.', '', $certInfo['subject']['CN']) . '-' . $certInfo['validFrom_time_t'];
if (!empty($list)) {
foreach ($list as $row) {
$params = [
'sslCertId' => $row['id'],
'isOn' => true,
'name' => $row['name'],
'description' => $row['description'],
'serverName' => $row['serverName'],
'isCA' => false,
'certData' => base64_encode($fullchain),
'keyData' => base64_encode($privatekey),
'timeBeginAt' => $certInfo['validFrom_time_t'],
'timeEndAt' => $certInfo['validTo_time_t'],
'dnsNames' => $domains,
'commonNames' => [$certInfo['issuer']['CN']],
];
$this->request('/SSLCertService/updateSSLCert', $params);
$this->log('证书ID:' . $row['id'] . '更新成功!');
}
} else {
$params = [
'isOn' => true,
'name' => $cert_name,
'description' => $cert_name,
'serverName' => $certInfo['subject']['CN'],
'isCA' => false,
'certData' => base64_encode($fullchain),
'keyData' => base64_encode($privatekey),
'timeBeginAt' => $certInfo['validFrom_time_t'],
'timeEndAt' => $certInfo['validTo_time_t'],
'dnsNames' => $domains,
'commonNames' => [$certInfo['issuer']['CN']],
];
$result = $this->request('/SSLCertService/createSSLCert', $params);
$this->log('证书ID:' . $result['sslCertId'] . '添加成功!');
}
}
private function getAccessToken()
{
$path = '/APIAccessTokenService/getAPIAccessToken';
$params = [
'type' => $this->usertype,
'accessKeyId' => $this->accessKeyId,
'accessKey' => $this->accessKey,
];
$result = $this->request($path, $params);
if (isset($result['token'])) {
$this->accessToken = $result['token'];
} else {
throw new Exception('登录成功获取AccessToken失败');
}
}
private function request($path, $params = null)
{
$url = $this->url . $path;
$headers = [];
$body = null;
if ($this->accessToken) {
$headers[] = 'X-Cloud-Access-Token: ' . $this->accessToken;
}
if ($params) {
$headers[] = 'Content-Type: application/json';
$body = json_encode($params);
}
$response = curl_client($url, $body, null, null, $headers, $this->proxy);
$result = json_decode($response['body'], true);
if (isset($result['code']) && $result['code'] == 200) {
return isset($result['data']) ? $result['data'] : null;
} elseif (isset($result['message'])) {
throw new Exception($result['message']);
} else {
if (!empty($response['body'])) $this->log('Response:' . $response['body']);
throw new Exception('返回数据解析失败');
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}

113
app/lib/deploy/baidu.php
View File

@@ -29,6 +29,23 @@ class baidu implements DeployInterface
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
if (!isset($config['product']) || $config['product'] == 'cdn') {
$this->deploy_cdn($fullchain, $privatekey, $config, $info);
} else {
$cert_id = $this->get_cert_id($fullchain, $privatekey);
$info['cert_id'] = $cert_id;
if ($config['product'] == 'blb') {
$this->deploy_blb($cert_id, $config);
} elseif ($config['product'] == 'appblb') {
$this->deploy_appblb($cert_id, $config);
} else {
throw new Exception('不支持的产品类型');
}
}
}
public function deploy_cdn($fullchain, $privatekey, $config, &$info)
{
if (empty($config['domain'])) throw new Exception('绑定的域名不能为空');
$certInfo = openssl_x509_parse($fullchain, true);
@@ -36,16 +53,6 @@ class baidu implements DeployInterface
$config['cert_name'] = str_replace('*.', '', $certInfo['subject']['CN']) . '-' . $certInfo['validFrom_time_t'];
$client = new BaiduCloud($this->AccessKeyId, $this->SecretAccessKey, 'cdn.baidubce.com', $this->proxy);
try {
$data = $client->request('GET', '/v2/' . $config['domain'] . '/certificates');
if (isset($data['certName']) && $data['certName'] == $config['cert_name']) {
$this->log('CDN域名 ' . $config['domain'] . ' 证书已存在,无需重复部署');
return;
}
} catch (Exception $e) {
$this->log($e->getMessage());
}
$param = [
'httpsEnable' => 'ON',
'certificate' => [
@@ -54,9 +61,89 @@ class baidu implements DeployInterface
'certPrivateData' => $privatekey,
],
];
$data = $client->request('PUT', '/v2/' . $config['domain'] . '/certificates', null, $param);
$info['cert_id'] = $data['certId'];
$this->log('CDN域名 ' . $config['domain'] . ' 证书部署成功!');
foreach (explode(',', $config['domain']) as $domain) {
if (empty($domain)) continue;
try {
$data = $client->request('GET', '/v2/' . $domain . '/certificates');
if (isset($data['certName']) && $data['certName'] == $config['cert_name']) {
$this->log('CDN域名 ' . $domain . ' 证书已存在,无需重复部署');
return;
}
} catch (Exception $e) {
$this->log($e->getMessage());
}
$data = $client->request('PUT', '/v2/' . $domain . '/certificates', null, $param);
$info['cert_id'] = $data['certId'];
$this->log('CDN域名 ' . $domain . ' 证书部署成功!');
}
}
public function deploy_blb($cert_id, $config)
{
if (empty($config['blb_id'])) throw new Exception('负载均衡实例ID不能为空');
if (empty($config['blb_port'])) throw new Exception('HTTPS监听端口不能为空');
$client = new BaiduCloud($this->AccessKeyId, $this->SecretAccessKey, 'blb.' . $config['region'] . '.baidubce.com', $this->proxy);
$query = [
'listenerPort' => $config['blb_port'],
];
$param = [
'certIds' => [$cert_id],
];
$client->request('PUT', '/v1/blb/' . $config['blb_id'] . '/HTTPSlistener', $query, $param);
$this->log('普通型BLB ' . $config['blb_id'] . ' 部署证书成功!');
}
public function deploy_appblb($cert_id, $config)
{
if (empty($config['blb_id'])) throw new Exception('负载均衡实例ID不能为空');
if (empty($config['blb_port'])) throw new Exception('HTTPS监听端口不能为空');
$client = new BaiduCloud($this->AccessKeyId, $this->SecretAccessKey, 'blb.' . $config['region'] . '.baidubce.com', $this->proxy);
$query = [
'listenerPort' => $config['blb_port'],
];
$param = [
'certIds' => [$cert_id],
];
$client->request('PUT', '/v1/appblb/' . $config['blb_id'] . '/HTTPSlistener', $query, $param);
$this->log('应用型BLB ' . $config['blb_id'] . ' 部署证书成功!');
}
private function get_cert_id($fullchain, $privatekey)
{
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
$cert_name = str_replace('*.', '', $certInfo['subject']['CN']) . '-' . $certInfo['validFrom_time_t'];
$client = new BaiduCloud($this->AccessKeyId, $this->SecretAccessKey, 'certificate.baidubce.com', $this->proxy);
$query = [
'certName' => $cert_name,
];
try {
$data = $client->request('GET', '/v1/certificate', $query);
} catch (Exception $e) {
throw new Exception('查找证书失败:' . $e->getMessage());
}
foreach ($data['certs'] as $row) {
if ($row['certName'] == $cert_name) {
$this->log('证书已存在 CertId=' . $row['certId']);
return $row['certId'];
}
}
$param = [
'certName' => $cert_name,
'certServerData' => $fullchain,
'certPrivateData' => $privatekey,
];
try {
$data = $client->request('POST', '/v1/certificate', null, $param);
} catch (Exception $e) {
throw new Exception('上传证书失败:' . $e->getMessage());
}
$cert_id = $data['certId'];
$this->log('上传证书成功 CertId=' . $cert_id);
return $cert_id;
}
public function setLogger($func)

4
app/lib/deploy/baishan.php
View File

@@ -56,10 +56,10 @@ class baishan implements DeployInterface
$headers = [];
$body = null;
if ($params) {
$headers[] = 'Content-Type: application/json';
$headers['Content-Type'] = 'application/json';
$body = json_encode($params);
}
$response = curl_client($url, $body, null, null, $headers, $this->proxy);
$response = http_request($url, $body, null, null, $headers, $this->proxy);
$result = json_decode($response['body'], true);
if (isset($result['code']) && $result['code'] == 0) {
return $result;

240
app/lib/deploy/btpanel.php
View File

@@ -3,6 +3,7 @@
namespace app\lib\deploy;
use app\lib\DeployInterface;
use app\lib\CertHelper;
use Exception;
class btpanel implements DeployInterface
@@ -10,12 +11,14 @@ class btpanel implements DeployInterface
private $logger;
private $url;
private $key;
private $version;
private $proxy;
public function __construct($config)
{
$this->url = rtrim($config['url'], '/');
$this->key = $config['key'];
$this->version = isset($config['version']) ? intval($config['version']) : 0;
$this->proxy = $config['proxy'] == 1;
}
@@ -23,13 +26,24 @@ class btpanel implements DeployInterface
{
if (empty($this->url) || empty($this->key)) throw new Exception('请填写面板地址和接口密钥');
$path = '/config?action=get_config';
$response = $this->request($path, []);
$result = json_decode($response, true);
if (isset($result['status']) && ($result['status']==1 || isset($result['sites_path']))) {
return true;
if ($this->version == 1) {
$path = '/config/get_config';
$response = $this->request($path, []);
$result = json_decode($response, true);
if (isset($result['panel']['status']) && $result['panel']['status']) {
return true;
} else {
throw new Exception(isset($result['msg']) ? $result['msg'] : '面板地址无法连接');
}
} else {
throw new Exception(isset($result['msg']) ? $result['msg'] : '面板地址无法连接');
$path = '/config?action=get_config';
$response = $this->request($path, []);
$result = json_decode($response, true);
if (isset($result['status']) && ($result['status'] == 1 || isset($result['sites_path']))) {
return true;
} else {
throw new Exception(isset($result['msg']) ? $result['msg'] : '面板地址无法连接');
}
}
}
@@ -40,13 +54,56 @@ class btpanel implements DeployInterface
$this->log("面板证书部署成功");
return;
}
$isIIS = $config['type'] == '0' && $this->version == 1 && isset($config['is_iis']) && $config['is_iis'] == '1';
if ($isIIS) {
$response = $this->request('/panel/get_config', []);
$result = json_decode($response, true);
if (isset($result['paths']['soft'])) {
if ($result['config']['webserver'] != 'iis') {
throw new Exception('当前安装的Web服务器不是IIS');
}
$panel_path = $result['paths']['soft'];
} else {
throw new Exception(isset($result['msg']) ? $result['msg'] : '面板地址无法连接');
}
$pfx_dir = $panel_path . '/temp/ssl/' . getMillisecond();
$pfx_path = $pfx_dir . '/cert.pfx';
$pfx_password = '123456';
$pfx = CertHelper::getPfx($fullchain, $privatekey, $pfx_password);
$data = [
['name' => 'path', 'contents' => $pfx_dir],
['name' => 'filename', 'contents' => 'cert.pfx'],
['name' => 'size', 'contents' => strlen($pfx)],
['name' => 'start', 'contents' => '0'],
['name' => 'blob', 'filename' => 'cert.pfx', 'contents' => $pfx],
['name' => 'force', 'contents' => 'true'],
];
$response = $this->request('/files/upload', $data, true);
$result = json_decode($response, true);
if (isset($result['status']) && $result['status']) {
} else {
throw new Exception(isset($result['msg']) ? $result['msg'] : '面板地址无法连接');
}
}
$sites = explode("\n", $config['sites']);
$success = 0;
$errmsg = null;
foreach ($sites as $site) {
$siteName = trim($site);
if (empty($siteName)) continue;
if ($config['type'] == '2') {
if ($config['type'] == '3') {
try {
$this->deployDocker($siteName, $fullchain, $privatekey);
$this->log("Docker域名 {$siteName} 证书部署成功");
$success++;
} catch (Exception $e) {
$errmsg = $e->getMessage();
$this->log("Docker域名 {$siteName} 证书部署失败:" . $errmsg);
}
} elseif ($config['type'] == '2') {
try {
$this->deployMailSys($siteName, $fullchain, $privatekey);
$this->log("邮局域名 {$siteName} 证书部署成功");
@@ -55,6 +112,15 @@ class btpanel implements DeployInterface
$errmsg = $e->getMessage();
$this->log("邮局域名 {$siteName} 证书部署失败:" . $errmsg);
}
} elseif ($isIIS) {
try {
$this->deployIISSite($siteName, $pfx_path, $pfx_password);
$this->log("域名 {$siteName} 证书部署成功");
$success++;
} catch (Exception $e) {
$errmsg = $e->getMessage();
$this->log("域名 {$siteName} 证书部署失败:" . $errmsg);
}
} else {
try {
$this->deploySite($siteName, $fullchain, $privatekey);
@@ -73,30 +139,113 @@ class btpanel implements DeployInterface
private function deployPanel($fullchain, $privatekey)
{
$path = '/config?action=SavePanelSSL';
$data = [
'privateKey' => $privatekey,
'certPem' => $fullchain,
];
$response = $this->request($path, $data);
$result = json_decode($response, true);
if (isset($result['status']) && $result['status']) {
return true;
} elseif (isset($result['msg'])) {
throw new Exception($result['msg']);
if ($this->version == 1) {
$path = '/config/set_panel_ssl';
$data = [
'ssl_key' => $privatekey,
'ssl_pem' => $fullchain,
];
$response = $this->request($path, $data);
$result = json_decode($response, true);
if (isset($result['status']) && $result['status']) {
return true;
} elseif (isset($result['msg'])) {
throw new Exception($result['msg']);
} else {
throw new Exception($response ? $response : '返回数据解析失败');
}
} else {
throw new Exception($response ? $response : '返回数据解析失败');
$path = '/config?action=SavePanelSSL';
$data = [
'privateKey' => $privatekey,
'certPem' => $fullchain,
];
$response = $this->request($path, $data);
$result = json_decode($response, true);
if (isset($result['status']) && $result['status']) {
return true;
} elseif (isset($result['msg'])) {
throw new Exception($result['msg']);
} else {
throw new Exception($response ? $response : '返回数据解析失败');
}
}
}
private function deploySite($siteName, $fullchain, $privatekey)
{
$path = '/site?action=SetSSL';
if ($this->version == 1) {
$path = '/datalist/get_data_list';
$data = [
'table' => 'sites',
'search_type' => 'PHP',
'search' => $siteName,
'p' => 1,
'limit' => 10,
'type' => -1,
];
$response = $this->request($path, $data);
$result = json_decode($response, true);
if (isset($result['data'])) {
if (empty($result['data'])) throw new Exception("网站 {$siteName} 不存在");
$siteId = null;
foreach ($result['data'] as $item) {
if ($item['name'] == $siteName) {
$siteId = $item['id'];
break;
}
}
if (is_null($siteId)) throw new Exception("网站 {$siteName} 不存在");
$path = '/site/set_site_ssl';
$data = [
'siteid' => $siteId,
'status' => 'true',
'sslType' => '',
'cert' => $fullchain,
'key' => $privatekey,
];
$response = $this->request($path, $data);
$result = json_decode($response, true);
if (isset($result['status']) && $result['status']) {
return true;
} elseif (isset($result['msg'])) {
throw new Exception($result['msg']);
} else {
throw new Exception($response ? $response : '返回数据解析失败');
}
return true;
} elseif (isset($result['msg'])) {
throw new Exception($result['msg']);
} else {
throw new Exception($response ? $response : '返回数据解析失败');
}
} else {
$path = '/site?action=SetSSL';
$data = [
'type' => '0',
'siteName' => $siteName,
'key' => $privatekey,
'csr' => $fullchain,
];
$response = $this->request($path, $data);
$result = json_decode($response, true);
if (isset($result['status']) && $result['status']) {
return true;
} elseif (isset($result['msg'])) {
throw new Exception($result['msg']);
} else {
throw new Exception($response ? $response : '返回数据解析失败');
}
}
}
private function deployIISSite($domain, $pfx_path, $password = '123456')
{
$path = '/site/set_site_domain_ssl';
$data = [
'type' => '0',
'siteName' => $siteName,
'key' => $privatekey,
'csr' => $fullchain,
'domain' => $domain,
'path' => $pfx_path,
'password' => $password,
];
$response = $this->request($path, $data);
$result = json_decode($response, true);
@@ -129,6 +278,25 @@ class btpanel implements DeployInterface
}
}
private function deployDocker($domain, $fullchain, $privatekey)
{
$path = '/mod/docker/com/set_ssl';
$data = [
'site_name' => $domain,
'key' => $privatekey,
'csr' => $fullchain,
];
$response = $this->request($path, $data);
$result = json_decode($response, true);
if (isset($result['status']) && $result['status']) {
return true;
} elseif (isset($result['msg'])) {
throw new Exception($result['msg']);
} else {
throw new Exception($response ? $response : '返回数据解析失败');
}
}
public function setLogger($func)
{
$this->logger = $func;
@@ -141,17 +309,27 @@ class btpanel implements DeployInterface
}
}
private function request($path, $params)
private function request($path, $params, $file = false)
{
$url = $this->url . $path;
$now_time = time();
$post_data = [
'request_token' => md5($now_time . md5($this->key)),
'request_time' => $now_time
];
$post_data = array_merge($post_data, $params);
$response = curl_client($url, $post_data, null, null, null, $this->proxy);
$headers = [];
if ($file) {
$post_data = [
['name' => 'request_token', 'contents' => md5($now_time . md5($this->key))],
['name' => 'request_time', 'contents' => $now_time],
];
$post_data = array_merge($post_data, $params);
$headers['Content-Type'] = 'multipart/form-data';
} else {
$post_data = [
'request_token' => md5($now_time . md5($this->key)),
'request_time' => $now_time
];
$post_data = array_merge($post_data, $params);
}
$response = http_request($url, $post_data, null, null, $headers, $this->proxy);
return $response['body'];
}
}

32
app/lib/deploy/btwaf.php
View File

@@ -35,6 +35,12 @@ class btwaf implements DeployInterface
public function deploy($fullchain, $privatekey, $config, &$info)
{
if ($config['type'] == '1') {
$this->deployPanel($fullchain, $privatekey);
$this->log("面板证书部署成功");
return;
}
$sites = explode("\n", $config['sites']);
$success = 0;
$errmsg = null;
@@ -105,6 +111,24 @@ class btwaf implements DeployInterface
}
}
private function deployPanel($fullchain, $privatekey)
{
$path = '/api/config/set_cert';
$data = [
'certContent' => $fullchain,
'keyContent' => $privatekey,
];
$response = $this->request($path, $data);
$result = json_decode($response, true);
if (isset($result['code']) && $result['code'] == 0) {
return true;
} elseif (isset($result['res'])) {
throw new Exception($result['res']);
} else {
throw new Exception($response ? $response : '返回数据解析失败');
}
}
public function setLogger($func)
{
$this->logger = $func;
@@ -123,12 +147,12 @@ class btwaf implements DeployInterface
$now_time = time();
$headers = [
'waf_request_time: ' . $now_time,
'waf_request_token: ' . md5($now_time . md5($this->key)),
'Content-Type: application/json',
'waf_request_time' => $now_time,
'waf_request_token' => md5($now_time . md5($this->key)),
'Content-Type' => 'application/json',
];
$post = $params ? json_encode($params) : null;
$response = curl_client($url, $post, null, null, $headers, $this->proxy, 'POST');
$response = http_request($url, $post, null, null, $headers, $this->proxy, 'POST');
return $response['body'];
}
}

6
app/lib/deploy/cachefly.php
View File

@@ -37,13 +37,13 @@ class cachefly implements DeployInterface
private function request($path, $params = null, $method = null)
{
$url = $this->url . $path;
$headers = ['x-cf-authorization: Bearer ' . $this->apikey];
$headers = ['x-cf-authorization' => 'Bearer ' . $this->apikey];
$body = null;
if ($params) {
$headers[] = 'Content-Type: application/json';
$headers['Content-Type'] = 'application/json';
$body = json_encode($params);
}
$response = curl_client($url, $body, null, null, $headers, $this->proxy, $method);
$response = http_request($url, $body, null, null, $headers, $this->proxy, $method);
$result = json_decode($response['body'], true);
if ($response['code'] >= 200 && $response['code'] < 300) {
return $result;

61
app/lib/deploy/cdnfly.php
View File

@@ -11,6 +11,9 @@ class cdnfly implements DeployInterface
private $url;
private $api_key;
private $api_secret;
private $auth = 0;
private $username;
private $password;
private $proxy;
public function __construct($config)
@@ -18,13 +21,23 @@ class cdnfly implements DeployInterface
$this->url = rtrim($config['url'], '/');
$this->api_key = $config['api_key'];
$this->api_secret = $config['api_secret'];
$this->auth = isset($config['auth']) ? $config['auth'] : 0;
if ($this->auth == 1) {
$this->username = $config['username'];
$this->password = $config['password'];
}
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->url) || empty($this->api_key) || empty($this->api_secret)) throw new Exception('必填参数不能为空');
$this->request('/v1/user');
if ($this->auth == 1) {
if (empty($this->url) || empty($this->username) || empty($this->password)) throw new Exception('必填参数不能为空');
$this->login();
} else {
if (empty($this->url) || empty($this->api_key) || empty($this->api_secret)) throw new Exception('必填参数不能为空');
$this->request('/v1/user');
}
}
public function deploy($fullchain, $privatekey, $config, &$info)
@@ -37,20 +50,56 @@ class cdnfly implements DeployInterface
'cert' => $fullchain,
'key' => $privatekey,
];
$this->request('/v1/certs/' . $id, $params, 'PUT');
if ($this->auth == 1) {
$access_token = $this->login();
$url = $this->url . '/v1/certs/' . $id;
$body = json_encode($params);
$headers = [
'Access-Token' => $access_token,
];
$response = http_request($url, $body, null, null, $headers, $this->proxy, 'PUT');
$result = json_decode($response['body'], true);
if (isset($result['code']) && $result['code'] == 0) {
} elseif (isset($result['msg'])) {
throw new Exception('证书ID:' . $id . '更新失败,' . $result['msg']);
} else {
throw new Exception('证书ID:' . $id . '更新失败,返回数据解析失败');
}
} else {
$this->request('/v1/certs/' . $id, $params, 'PUT');
}
$this->log("证书ID:{$id}更新成功!");
}
public function login()
{
$url = $this->url . '/v1/login';
$params = [
'account' => $this->username,
'password' => $this->password,
];
$body = json_encode($params);
$response = http_request($url, $body, null, null, null, $this->proxy);
$result = json_decode($response['body'], true);
if (isset($result['code']) && $result['code'] == 0) {
return $result['data']['access_token'];
} elseif (isset($result['msg'])) {
throw new Exception($result['msg']);
} else {
throw new Exception('登录失败,返回数据解析失败');
}
}
private function request($path, $params = null, $method = null)
{
$url = $this->url . $path;
$headers = ['api-key: ' . $this->api_key, 'api-secret: ' . $this->api_secret];
$headers = ['api-key' => $this->api_key, 'api-secret' => $this->api_secret];
$body = null;
if ($params) {
$headers[] = 'Content-Type: application/json';
$headers['Content-Type'] = 'application/json';
$body = json_encode($params);
}
$response = curl_client($url, $body, null, null, $headers, $this->proxy, $method);
$response = http_request($url, $body, null, null, $headers, $this->proxy, $method);
$result = json_decode($response['body'], true);
if (isset($result['code']) && $result['code'] == 0) {
return isset($result['data']) ? $result['data'] : null;

9
app/lib/deploy/doge.php
View File

@@ -38,6 +38,7 @@ class doge implements DeployInterface
$cert_id = $this->get_cert_id($fullchain, $privatekey, $cert_name);
foreach (explode(',', $domains) as $domain) {
if (empty($domain)) continue;
$param = [
'id' => $cert_id,
'domain' => $domain,
@@ -95,13 +96,13 @@ class doge implements DeployInterface
$signStr = $path . "\n" . $body;
$sign = hash_hmac('sha1', $signStr, $this->SecretKey);
$authorization = "TOKEN " . $this->AccessKey . ":" . $sign;
$headers = ['Authorization: ' . $authorization];
if($body && $json) $headers[] = 'Content-Type: application/json';
$headers = ['Authorization' => $authorization];
if($body && $json) $headers['Content-Type'] = 'application/json';
$url = 'https://api.dogecloud.com'.$path;
$response = curl_client($url, $body, null, null, $headers, $this->proxy);
$response = http_request($url, $body, null, null, $headers, $this->proxy);
$result = json_decode($response['body'], true);
if(isset($result['code']) && $result['code'] == 200){
return isset($result['data']) ? $result['data'] : true;
return $result['data'] ?? true;
}elseif(isset($result['msg'])){
throw new Exception($result['msg']);
}else{

132
app/lib/deploy/fnos.php Normal file
View File

@@ -0,0 +1,132 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class fnos implements DeployInterface
{
private $logger;
private $config;
public function __construct($config)
{
$this->config = $config;
}
public function check()
{
$this->connect();
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$domains = $config['domainList'];
if (empty($domains)) throw new Exception('没有设置要部署的域名');
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
$connection = $this->connect();
$cert_all = $this->exec($connection, '获取证书列表', 'cat /usr/trim/etc/network_cert_all.conf');
$list = json_decode($cert_all, true);
if (!$list) throw new Exception('获取证书列表失败');
$success = 0;
foreach ($list as $row) {
if (empty($row['san'])) continue;
$cert_domains = $row['san'];
$flag = false;
foreach ($cert_domains as $domain) {
if (in_array($domain, $domains)) {
$flag = true;
break;
}
}
if ($flag) {
$certPath = $row['certificate'];
$keyPath = $row['privateKey'];
$certDir = dirname($certPath);
$this->exec($connection, '上传证书文件', "sudo tee ".$certPath." > /dev/null <<'EOF'\n".$fullchain."\nEOF");
$this->exec($connection, '上传私钥文件', "sudo tee ".$keyPath." > /dev/null <<'EOF'\n".$privatekey."\nEOF");
$this->exec($connection, '刷新目录权限', 'sudo chmod 0755 "'.$certDir.'" -R');
$this->exec($connection, '更新数据表', 'sudo -u postgres psql -d trim_connect -c "UPDATE cert SET valid_to='.$certInfo['validTo_time_t'].'000,valid_from='.$certInfo['validFrom_time_t'].'000,issued_by=\''.$certInfo['issuer']['CN'].'\',updated_time='.getMillisecond().' WHERE private_key=\''.$keyPath.'\'"');
$this->log('证书 '.$row['domain'].' 更新成功');
$success++;
}
}
if ($success == 0) {
throw new Exception('没有要更新的证书');
} else {
$this->exec($connection, '重启webdav', 'sudo systemctl restart webdav.service');
$this->exec($connection, '重启smbftpd', 'sudo systemctl restart smbftpd.service');
$this->exec($connection, '重启trim_nginx', 'sudo systemctl restart trim_nginx.service');
}
}
private function exec($connection, $name, $cmd)
{
$stream = ssh2_exec($connection, $cmd);
$errorStream = ssh2_fetch_stream($stream, SSH2_STREAM_STDERR);
if (!$stream || !$errorStream) {
throw new Exception($name.'执行命令失败');
}
stream_set_blocking($stream, true);
stream_set_blocking($errorStream, true);
$output = stream_get_contents($stream);
$errorOutput = stream_get_contents($errorStream);
fclose($stream);
fclose($errorStream);
if (trim($errorOutput)) {
if (strpos($errorOutput, 'a password is required') !== false) {
throw new Exception('权限不足,请先配置 sudo 免密');
}
throw new Exception($name.'失败:' . trim($errorOutput));
} else {
if (strlen($output) > 200) {
return $output;
}
$this->log($name.'成功 ' . trim($output));
return $output;
}
}
private function connect()
{
if (!function_exists('ssh2_connect')) {
throw new Exception('ssh2扩展未安装');
}
if (empty($this->config['host']) || empty($this->config['port']) || empty($this->config['username']) || empty($this->config['password'])) {
throw new Exception('必填参数不能为空');
}
if (!filter_var($this->config['host'], FILTER_VALIDATE_IP) && !filter_var($this->config['host'], FILTER_VALIDATE_DOMAIN)) {
throw new Exception('主机地址不合法');
}
if (!is_numeric($this->config['port']) || $this->config['port'] < 1 || $this->config['port'] > 65535) {
throw new Exception('SSH端口不合法');
}
$connection = ssh2_connect($this->config['host'], intval($this->config['port']));
if (!$connection) {
throw new Exception('SSH连接失败');
}
if (!ssh2_auth_password($connection, $this->config['username'], $this->config['password'])) {
throw new Exception('用户名或密码错误');
}
return $connection;
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}

6
app/lib/deploy/gcore.php
View File

@@ -42,13 +42,13 @@ class gcore implements DeployInterface
private function request($path, $params = null, $method = null)
{
$url = $this->url . $path;
$headers = ['Authorization: APIKey ' . $this->apikey];
$headers = ['Authorization' => 'APIKey ' . $this->apikey];
$body = null;
if ($params) {
$headers[] = 'Content-Type: application/json';
$headers['Content-Type'] = 'application/json';
$body = json_encode($params);
}
$response = curl_client($url, $body, null, null, $headers, $this->proxy, $method);
$response = http_request($url, $body, null, null, $headers, $this->proxy, $method);
$result = json_decode($response['body'], true);
if ($response['code'] >= 200 && $response['code'] < 300) {
return $result;

10
app/lib/deploy/goedge.php
View File

@@ -119,19 +119,19 @@ class goedge implements DeployInterface
$body = null;
if ($this->accessToken) {
if ($this->systype == '1') {
$headers[] = 'X-Cloud-Access-Token: ' . $this->accessToken;
$headers['X-Cloud-Access-Token'] = $this->accessToken;
} else {
$headers[] = 'X-Edge-Access-Token: ' . $this->accessToken;
$headers['X-Edge-Access-Token'] = $this->accessToken;
}
}
if ($params) {
$headers[] = 'Content-Type: application/json';
$headers['Content-Type'] = 'application/json';
$body = json_encode($params);
}
$response = curl_client($url, $body, null, null, $headers, $this->proxy);
$response = http_request($url, $body, null, null, $headers, $this->proxy);
$result = json_decode($response['body'], true);
if (isset($result['code']) && $result['code'] == 200) {
return isset($result['data']) ? $result['data'] : null;
return $result['data'] ?? null;
} elseif (isset($result['message'])) {
throw new Exception($result['message']);
} else {

1
app/lib/deploy/huawei.php
View File

@@ -59,6 +59,7 @@ class huawei implements DeployInterface
],
];
foreach (explode(',', $config['domain']) as $domain) {
if (empty($domain)) continue;
$client->request('PUT', '/v1.1/cdn/configuration/domains/' . $domain . '/configs', null, $param);
$this->log('CDN域名 ' . $domain . ' 部署证书成功!');
}

3
app/lib/deploy/huoshan.php
View File

@@ -89,6 +89,7 @@ class huoshan implements DeployInterface
if (empty($config['domain'])) throw new Exception('绑定的域名不能为空');
$client = new Volcengine($this->AccessKeyId, $this->SecretAccessKey, $config['bucket_domain'], 'tos', '2021-04-01', 'cn-beijing', $this->proxy);
foreach (explode(',', $config['domain']) as $domain) {
if (empty($domain)) continue;
$param = [
'CustomDomainRule' => [
'Domain' => $domain,
@@ -122,6 +123,7 @@ class huoshan implements DeployInterface
$this->log('上传证书成功 ChainID=' . $result['ChainID']);
foreach (explode(',', $config['domain']) as $domain) {
if (empty($domain)) continue;
$param = [
'ChainID' => $result['ChainID'],
'Domain' => $domain,
@@ -138,6 +140,7 @@ class huoshan implements DeployInterface
if (empty($config['domain'])) throw new Exception('绑定的域名不能为空');
$client = new Volcengine($this->AccessKeyId, $this->SecretAccessKey, 'imagex.volcengineapi.com', 'imagex', '2018-08-01', 'cn-north-1', $this->proxy);
foreach (explode(',', $config['domain']) as $domain) {
if (empty($domain)) continue;
$param = [
[
'domain' => $domain,

202
app/lib/deploy/k8s.php Normal file
View File

@@ -0,0 +1,202 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Symfony\Component\Yaml\Yaml;
use Exception;
class k8s implements DeployInterface
{
private $logger;
private $kubeconfig;
private $server;
private $bearerToken;
private $tls = [];
private $proxy;
public function __construct($config)
{
$this->kubeconfig = $config['kubeconfig'];
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->kubeconfig)) throw new Exception('Kubeconfig不能为空');
$this->verify();
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$namespace = $config['namespace'];
$secretName = $config['secret_name'];
if (empty($namespace)) throw new Exception('命名空间不能为空');
if (empty($secretName)) throw new Exception('Secret名称不能为空');
$this->parse();
$secretPayload = [
'apiVersion' => 'v1',
'kind' => 'Secret',
'metadata' => ['name' => $secretName, 'namespace' => $namespace],
'type' => 'kubernetes.io/tls',
'data' => [
'tls.crt' => base64_encode($config['fullchain']),
'tls.key' => base64_encode($config['privatekey']),
],
];
$secretUrl = '/api/v1/namespaces/' . $namespace . '/secrets/' . $secretName;
list($sCode, $sBody, $sErr) = $this->k8s_request('GET', $secretUrl);
if ($sCode === 404) {
$createUrl = '/api/v1/namespaces/' . $namespace . '/secrets';
$this->log('Secret:' . $secretName . ' 不存在,正在创建...');
list($cCode, $cBody, $cErr) = $this->k8s_request('POST', $createUrl, json_encode($secretPayload));
if ($cCode < 200 || $cCode >= 300) throw new Exception("创建Secret失败 (HTTP $cCode): $cBody | $cErr");
$this->log('Secret:' . $namespace . ' 创建成功');
} elseif ($sCode >= 200 && $sCode < 300) {
$this->log('Secret:' . $secretName . ' 已存在,正在更新...');
$patch = ['data' => $secretPayload['data'], 'type' => 'kubernetes.io/tls'];
list($pCode, $pBody, $pErr) = $this->k8s_request('PATCH', $secretUrl, json_encode($patch));
if ($pCode < 200 || $pCode >= 300) throw new Exception("更新Secret失败 (HTTP $pCode): $pBody | $pErr");
$this->log('Secret:' . $secretName . ' 更新成功');
} else {
throw new Exception("获取Secret失败 (HTTP $sCode): $sBody | $sErr");
}
// Bind Secret to specified Ingresses (merge spec.tls & hosts) ----
if (!empty($config['ingresses'])) {
$ingressUrl = '/apis/networking.k8s.io/v1/namespaces/' . $namespace . '/ingresses';
foreach (explode(',', $config['ingresses']) as $ingName) {
list($gCode, $gBody, $gErr) = $this->k8s_request('GET', $ingressUrl . '/' . $ingName);
if ($gCode < 200 || $gCode >= 300) throw new Exception("获取Ingress '$ingName' 失败 (HTTP $gCode): $gBody | $gErr");
$ing = json_decode($gBody, true);
if (!$ing) throw new Exception("解析Ingress '$ingName' JSON失败: $gBody");
// collect hosts from spec.rules
$hosts = [];
foreach (($ing['spec']['rules'] ?? []) as $rule) {
if (!empty($rule['host'])) $hosts[] = $rule['host'];
}
$hosts = array_values(array_unique($hosts));
// merge/ensure spec.tls entry
$tls = $ing['spec']['tls'] ?? [];
$found = false;
foreach ($tls as &$entry) {
if (($entry['secretName'] ?? '') === $secretName) {
$found = true;
$existingHosts = $entry['hosts'] ?? [];
$entry['hosts'] = array_values(array_unique(array_merge($existingHosts, $hosts)));
}
}
unset($entry);
if (!$found) {
$tls[] = ['secretName' => $secretName, 'hosts' => $hosts];
}
$patch = ['spec' => ['tls' => $tls]];
list($iCode, $iBody, $iErr) = $this->k8s_request('PATCH', $ingressUrl . '/' . $ingName, json_encode($patch, JSON_UNESCAPED_SLASHES));
if ($iCode < 200 || $iCode >= 300) throw new Exception("更新Ingress '$ingName' 失败 (HTTP $iCode): $iBody | $iErr");
$this->log("Ingress '$ingName' 更新TLS成功");
}
}
}
private function parse()
{
$kcfg = Yaml::parse($this->kubeconfig);
if (!$kcfg) throw new Exception('Kubeconfig格式错误');
$curr = $kcfg['current-context'] ?? null;
if (!$curr) throw new Exception('Kubeconfig缺少current-context');
$contexts = $this->index_by_name($kcfg['contexts'] ?? []);
$clusters = $this->index_by_name($kcfg['clusters'] ?? []);
$users = $this->index_by_name($kcfg['users'] ?? []);
$ctx = $contexts[$curr] ?? null;
if (!$ctx) throw new Exception("Kubeconfig中找不到current-context: $curr");
$clusterName = $ctx['context']['cluster'] ?? null;
$userName = $ctx['context']['user'] ?? null;
if (!$clusterName || !$userName) throw new Exception("Kubeconfig中context缺少cluster或user: $curr");
$cluster = $clusters[$clusterName] ?? null;
$user = $users[$userName] ?? null;
if (!$cluster) throw new Exception("Kubeconfig中找不到cluster: $clusterName");
if (!$user) throw new Exception("Kubeconfig中找不到user: $userName");
$this->server = $cluster['cluster']['server'] ?? null;
if (!$this->server) throw new Exception("Kubeconfig中找不到cluster.server");
$this->server = rtrim($this->server, '/');
$this->bearerToken = $user['user']['token'] ?? ($user['user']['auth-provider']['config']['access-token'] ?? null);
$clientCertFile = $clientKeyFile = null;
if (!empty($user['user']['client-certificate-data']) && !empty($user['user']['client-key-data'])) {
$clientCertFile = tempnam(sys_get_temp_dir(), 'kcc_');
$clientKeyFile = tempnam(sys_get_temp_dir(), 'kck_');
file_put_contents($clientCertFile, base64_decode($user['user']['client-certificate-data']));
file_put_contents($clientKeyFile, base64_decode($user['user']['client-key-data']));
} elseif (!empty($user['user']['client-certificate']) && !empty($user['user']['client-key'])) {
$clientCertFile = $user['user']['client-certificate'];
$clientKeyFile = $user['user']['client-key'];
}
$this->tls = ['cert' => $clientCertFile, 'key' => $clientKeyFile];
}
private function verify()
{
$this->parse();
list($vCode, $vBody, $vErr) = $this->k8s_request('GET', '/version');
if ($vErr) throw new Exception("连接Kubernetes API服务器失败: $vErr");
if ($vCode != 200) throw new Exception("连接Kubernetes API服务器失败: HTTP $vCode $vBody");
}
private function k8s_request($method, $path, $body = null)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $this->server . $path);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
$headers = ['Accept: application/json'];
if ($this->bearerToken) $headers[] = 'Authorization: Bearer ' . $this->bearerToken;
if ($body !== null) $headers[] = 'Content-Type: application/json';
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
if ($body !== null) curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
if (!empty($this->tls['cert']) && !empty($this->tls['key'])) {
curl_setopt($ch, CURLOPT_SSLCERT, $this->tls['cert']);
curl_setopt($ch, CURLOPT_SSLKEY, $this->tls['key']);
}
$resp = curl_exec($ch);
$code = curl_getinfo($ch, CURLINFO_RESPONSE_CODE);
$err = curl_error($ch);
curl_close($ch);
return [$code, $resp, $err];
}
private function index_by_name($arr)
{
$out = [];
foreach ($arr as $item) {
if (isset($item['name'])) $out[$item['name']] = $item;
}
return $out;
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}

20
app/lib/deploy/kangle.php
View File

@@ -71,7 +71,7 @@ class kangle implements DeployInterface
'certificate' => $fullchain,
'certificate_key' => $privatekey,
];
$response = curl_client($this->url . $path, http_build_query($post), null, $this->cookie, null, $this->proxy);
$response = http_request($this->url . $path, http_build_query($post), null, $this->cookie, null, $this->proxy);
if (strpos($response['body'], '成功')) {
return true;
} elseif (preg_match('/alert\(\'(.*?)\'\)/i', $response['body'], $match)) {
@@ -90,7 +90,7 @@ class kangle implements DeployInterface
'certificate' => $fullchain,
'certificate_key' => $privatekey,
];
$response = curl_client($this->url . $path, http_build_query($post), null, $this->cookie, null, $this->proxy);
$response = http_request($this->url . $path, http_build_query($post), null, $this->cookie, null, $this->proxy);
if (strpos($response['body'], '成功')) {
return true;
} elseif (preg_match('/alert\(\'(.*?)\'\)/i', $response['body'], $match)) {
@@ -114,11 +114,11 @@ class kangle implements DeployInterface
private function loginBySkey()
{
$url = $this->url . '/vhost/index.php?c=sso&a=hello&url=' . urlencode($this->url . '/index.php?');
$response = curl_client($url, null, null, null, null, $this->proxy);
$response = http_request($url, null, null, null, null, $this->proxy);
if ($response['code'] == 302 && !empty($response['redirect_url'])) {
$cookie = '';
if (preg_match_all('/Set-Cookie: (.*);/iU', $response['header'], $matchs)) {
foreach ($matchs[1] as $val) {
if (isset($response['headers']['Set-Cookie'])) {
foreach ($response['headers']['Set-Cookie'] as $val) {
$arr = explode('=', $val);
if ($arr[1] == '' || $arr[1] == 'deleted') continue;
$cookie .= $val . '; ';
@@ -147,7 +147,7 @@ class kangle implements DeployInterface
{
$s = md5($sess_key . $this->username . $sess_key . $this->skey);
$url = $this->url . '/vhost/index.php?c=sso&a=login&name=' . $this->username . '&r=' . $sess_key . '&s=' . $s;
$response = curl_client($url, null, null, $cookie, null, $this->proxy);
$response = http_request($url, null, null, $cookie, null, $this->proxy);
if ($response['code'] == 302) {
return true;
} elseif (strlen($response['body']) > 3 && strlen($response['body']) < 50) {
@@ -165,11 +165,11 @@ class kangle implements DeployInterface
'username' => $this->username,
'passwd' => $this->password,
];
$response = curl_client($url, http_build_query($post), $referer, null, null, $this->proxy);
$response = http_request($url, http_build_query($post), $referer, null, null, $this->proxy);
if ($response['code'] == 302) {
$cookie = '';
if (preg_match_all('/Set-Cookie: (.*);/iU', $response['header'], $matchs)) {
foreach ($matchs[1] as $val) {
if (isset($response['headers']['Set-Cookie'])) {
foreach ($response['headers']['Set-Cookie'] as $val) {
$arr = explode('=', $val);
if ($arr[1] == '' || $arr[1] == 'deleted') continue;
$cookie .= $val . '; ';
@@ -191,7 +191,7 @@ class kangle implements DeployInterface
private function getMain()
{
$path = '/vhost/';
curl_client($this->url . $path, null, null, $this->cookie, null, $this->proxy);
http_request($this->url . $path, null, null, $this->cookie, null, $this->proxy);
}
public function setLogger($func)

16
app/lib/deploy/kangleadmin.php
View File

@@ -71,7 +71,7 @@ class kangleadmin implements DeployInterface
'certificate' => $fullchain,
'certificate_key' => $privatekey,
];
$response = curl_client($this->url . $path, http_build_query($post), null, $this->cookie, null, $this->proxy);
$response = http_request($this->url . $path, http_build_query($post), null, $this->cookie, null, $this->proxy);
if (strpos($response['body'], '成功')) {
return true;
} elseif (preg_match('/alert\(\'(.*?)\'\)/i', $response['body'], $match)) {
@@ -90,7 +90,7 @@ class kangleadmin implements DeployInterface
'certificate' => $fullchain,
'certificate_key' => $privatekey,
];
$response = curl_client($this->url . $path, http_build_query($post), null, $this->cookie, null, $this->proxy);
$response = http_request($this->url . $path, http_build_query($post), null, $this->cookie, null, $this->proxy);
if (strpos($response['body'], '成功')) {
return true;
} elseif (preg_match('/alert\(\'(.*?)\'\)/i', $response['body'], $match)) {
@@ -105,11 +105,11 @@ class kangleadmin implements DeployInterface
private function login()
{
$url = $this->url . $this->path . '/index.php?c=sso&a=hello&url=' . urlencode($this->url . $this->path . '/index.php?');
$response = curl_client($url, null, null, null, null, $this->proxy);
$response = http_request($url, null, null, null, null, $this->proxy);
if ($response['code'] == 302 && !empty($response['redirect_url'])) {
$cookie = '';
if (preg_match_all('/Set-Cookie: (.*);/iU', $response['header'], $matchs)) {
foreach ($matchs[1] as $val) {
if (isset($response['headers']['Set-Cookie'])) {
foreach ($response['headers']['Set-Cookie'] as $val) {
$arr = explode('=', $val);
if ($arr[1] == '' || $arr[1] == 'deleted') continue;
$cookie .= $val . '; ';
@@ -138,7 +138,7 @@ class kangleadmin implements DeployInterface
{
$s = md5($sess_key . $this->username . $sess_key . $this->skey);
$url = $this->url . $this->path . '/index.php?c=sso&a=login&name=' . $this->username . '&r=' . $sess_key . '&s=' . $s;
$response = curl_client($url, null, null, $cookie, null, $this->proxy);
$response = http_request($url, null, null, $cookie, null, $this->proxy);
if ($response['code'] == 302) {
return true;
} elseif (strlen($response['body']) > 3 && strlen($response['body']) < 50) {
@@ -151,9 +151,9 @@ class kangleadmin implements DeployInterface
private function loginVhost($name)
{
$url = $this->url . $this->path . '/index.php?c=vhost&a=impLogin&name=' . $name;
$response = curl_client($url, null, null, $this->cookie, null, $this->proxy);
$response = http_request($url, null, null, $this->cookie, null, $this->proxy);
if ($response['code'] == 302) {
curl_client($this->url . '/vhost/', null, null, $this->cookie, null, $this->proxy);
http_request($this->url . '/vhost/', null, null, $this->cookie, null, $this->proxy);
} else {
throw new Exception('用户面板登录失败 (httpCode=' . $response['code'] . ')');
}

79
app/lib/deploy/ksyun.php Normal file
View File

@@ -0,0 +1,79 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use app\lib\client\Ksyun as KsyunClient;
use Exception;
class ksyun implements DeployInterface
{
private $logger;
private $AccessKeyId;
private $SecretAccessKey;
private $proxy;
public function __construct($config)
{
$this->AccessKeyId = $config['AccessKeyId'];
$this->SecretAccessKey = $config['SecretAccessKey'];
$this->proxy = isset($config['proxy']) ? $config['proxy'] == 1 : false;
}
public function check()
{
if (empty($this->AccessKeyId) || empty($this->SecretAccessKey)) throw new Exception('必填参数不能为空');
$client = new KsyunClient($this->AccessKeyId, $this->SecretAccessKey, 'cdn.api.ksyun.com', 'cdn', 'cn-shanghai-2', $this->proxy);
$client->request('GET', 'GetCertificates', '2016-09-01', '/2016-09-01/cert/GetCertificates');
return true;
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$this->deploy_cdn($fullchain, $privatekey, $config, $info);
}
public function deploy_cdn($fullchain, $privatekey, $config, &$info)
{
if (empty($config['domain'])) throw new Exception('绑定的域名不能为空');
$certInfo = openssl_x509_parse($fullchain, true);
if (!$certInfo) throw new Exception('证书解析失败');
$config['cert_name'] = str_replace('*.', '', $certInfo['subject']['CN']) . '-' . $certInfo['validFrom_time_t'];
$domains = explode(',', $config['domain']);
$client = new KsyunClient($this->AccessKeyId, $this->SecretAccessKey, 'cdn.api.ksyun.com', 'cdn', 'cn-shanghai-2', $this->proxy);
$param = [
'PageSize' => 100,
'PageNumber' => 1,
];
$domain_ids = [];
$result = $client->request('GET', 'GetCdnDomains', '2019-06-01', '/2019-06-01/domain/GetCdnDomains', $param);
foreach ($result['Domains'] as $row) {
if (in_array($row['DomainName'], $domains)) {
$domain_ids[] = $row['DomainId'];
}
}
if (count($domain_ids) == 0) throw new Exception('未找到对应的CDN域名');
$param = [
'Enable' => 'on',
'DomainIds' => implode(',', $domain_ids),
'CertificateName' => $config['cert_name'],
'ServerCertificate' => $fullchain,
'PrivateKey' => $privatekey,
];
$result = $client->request('POST', 'ConfigCertificate', '2016-09-01', '/2016-09-01/cert/ConfigCertificate', $param);
$this->log('CDN证书部署成功证书ID' . $result['CertificateId']);
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}

4
app/lib/deploy/kuocai.php
View File

@@ -73,8 +73,8 @@ class kuocai implements DeployInterface
$url = 'https://kuocai.cn' . $path;
$body = $json ? json_encode($params) : $params;
$headers = [];
if ($json) $headers[] = 'Content-Type: application/json';
$response = curl_client(
if ($json) $headers['Content-Type'] = 'application/json';
$response = http_request(
$url,
$body,
null,

30
app/lib/deploy/lecdn.php
View File

@@ -11,6 +11,8 @@ class lecdn implements DeployInterface
private $url;
private $email;
private $password;
private $auth;
private $apiKey;
private $proxy;
private $accessToken;
@@ -19,13 +21,22 @@ class lecdn implements DeployInterface
$this->url = rtrim($config['url'], '/');
$this->email = $config['email'];
$this->password = $config['password'];
$this->auth = isset($config['auth']) ? intval($config['auth']) : 0;
if ($this->auth == 1) {
$this->apiKey = $config['api_key'];
}
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->url) || empty($this->email) || empty($this->password)) throw new Exception('账号和密码不能为空');
$this->login();
if ($this->auth == 1) {
if (empty($this->url) || empty($this->apiKey)) throw new Exception('API访问令牌不能为空');
$this->request('/prod-api/system/info');
} else {
if (empty($this->url) || empty($this->email) || empty($this->password)) throw new Exception('账号和密码不能为空');
$this->login();
}
}
public function deploy($fullchain, $privatekey, $config, &$info)
@@ -33,7 +44,9 @@ class lecdn implements DeployInterface
$id = $config['id'];
if (empty($id)) throw new Exception('证书ID不能为空');
$this->login();
if ($this->auth == 0) {
$this->login();
}
try {
$data = $this->request('/prod-api/certificate/' . $id);
@@ -59,6 +72,7 @@ class lecdn implements DeployInterface
$path = '/prod-api/login';
$params = [
'email' => $this->email,
'username' => $this->email,
'password' => $this->password,
];
$result = $this->request($path, $params);
@@ -75,16 +89,18 @@ class lecdn implements DeployInterface
$headers = [];
$body = null;
if ($this->accessToken) {
$headers[] = 'Authorization: Bearer ' . $this->accessToken;
$headers['Authorization'] = 'Bearer ' . $this->accessToken;
} elseif ($this->auth == 1 && $this->apiKey) {
$headers['Authorization'] = $this->apiKey;
}
if ($params) {
$headers[] = 'Content-Type: application/json;charset=UTF-8';
$headers['Content-Type'] = 'application/json;charset=UTF-8';
$body = json_encode($params);
}
$response = curl_client($url, $body, null, null, $headers, $this->proxy, $method);
$response = http_request($url, $body, null, null, $headers, $this->proxy, $method);
$result = json_decode($response['body'], true);
if (isset($result['code']) && $result['code'] == 200) {
return isset($result['data']) ? $result['data'] : null;
return $result['data'] ?? null;
} elseif (isset($result['message'])) {
throw new Exception($result['message']);
} else {

114
app/lib/deploy/lucky.php Normal file
View File

@@ -0,0 +1,114 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class lucky implements DeployInterface
{
private $logger;
private $url;
private $opentoken;
private $proxy;
public function __construct($config)
{
$this->url = rtrim($config['url'], '/') . (!empty($config['path']) ? $config['path'] : '');
$this->opentoken = $config['opentoken'];
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->url) || empty($this->opentoken)) throw new Exception('请填写面板地址和OpenToken');
$this->request("/api/modules/list");
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$domains = $config['domainList'];
if (empty($domains)) throw new Exception('没有设置要部署的域名');
try {
$data = $this->request("/api/ssl");
$this->log('获取证书列表成功');
} catch (Exception $e) {
throw new Exception('获取证书列表失败:' . $e->getMessage());
}
$success = 0;
$errmsg = null;
if (!empty($data['list'])) {
foreach ($data['list'] as $row) {
if (empty($row['CertsInfo']['Domains'])) continue;
$cert_domains = $row['CertsInfo']['Domains'];
$flag = false;
foreach ($cert_domains as $domain) {
if (in_array($domain, $domains)) {
$flag = true;
break;
}
}
if ($flag) {
$params = [
'Key' => $row['Key'],
'CertBase64' => base64_encode($fullchain),
'KeyBase64' => base64_encode($privatekey),
'AddFrom' => 'file',
'Enable' => true,
'MappingToPath' => false,
'Remark' => $row['Remark'] ?: '',
'AllSyncClient' => false,
];
try {
$this->request('/api/ssl', $params, 'PUT');
$this->log("证书ID:{$row['Key']}更新成功!");
$success++;
} catch (Exception $e) {
$errmsg = $e->getMessage();
$this->log("证书ID:{$row['Key']}更新失败:" . $errmsg);
}
}
}
}
if ($success == 0) {
throw new Exception($errmsg ? $errmsg : '没有要更新的证书');
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
private function request($path, $params = null, $method = null)
{
$url = $this->url . $path;
$headers = [
'openToken' => $this->opentoken,
];
$body = null;
if ($params) {
$body = json_encode($params);
$headers['Content-Type'] = 'application/json';
}
$response = http_request($url, $body, null, null, $headers, $this->proxy, $method);
$result = json_decode($response['body'], true);
if (isset($result['ret']) && $result['ret'] == 0) {
return $result;
} elseif (isset($result['msg'])) {
throw new Exception($result['msg']);
} else {
throw new Exception('请求失败(httpCode=' . $response['code'] . ')');
}
}
}

6
app/lib/deploy/mwpanel.php
View File

@@ -118,10 +118,10 @@ class mwpanel implements DeployInterface
$url = $this->url . $path;
$headers = [
'app-id: '.$this->appid,
'app-secret: '.$this->appsecret,
'app-id' => $this->appid,
'app-secret' => $this->appsecret,
];
$response = curl_client($url, $params ? http_build_query($params) : null, null, null, $headers, $this->proxy);
$response = http_request($url, $params ? http_build_query($params) : null, null, null, $headers, $this->proxy);
return $response['body'];
}
}

12
app/lib/deploy/opanel.php
View File

@@ -48,7 +48,7 @@ class opanel implements DeployInterface
if (!empty($row['domains'])) $cert_domains += explode(',', $row['domains']);
$flag = false;
foreach ($cert_domains as $domain) {
if (in_array($domain, $domains)) {
if (in_array($domain, $domains) || in_array('*' . substr($domain, strpos($domain, '.')), $domains)) {
$flag = true;
break;
}
@@ -96,15 +96,15 @@ class opanel implements DeployInterface
$timestamp = time() . '';
$token = md5('1panel' . $this->key . $timestamp);
$headers = [
'1Panel-Token: ' . $token,
'1Panel-Timestamp: ' . $timestamp
'1Panel-Token' => $token,
'1Panel-Timestamp' => $timestamp
];
$body = $params ? json_encode($params) : '{}';
if ($body) $headers[] = 'Content-Type: application/json';
$response = curl_client($url, $body, null, null, $headers, $this->proxy);
if ($body) $headers['Content-Type'] = 'application/json';
$response = http_request($url, $body, null, null, $headers, $this->proxy);
$result = json_decode($response['body'], true);
if (isset($result['code']) && $result['code'] == 200) {
return isset($result['data']) ? $result['data'] : null;
return $result['data'] ?? null;
} elseif (isset($result['message'])) {
throw new Exception($result['message']);
} else {

11
app/lib/deploy/proxmox.php
View File

@@ -59,9 +59,9 @@ class proxmox implements DeployInterface
private function send_request($path, $params = null)
{
$url = $this->url . $path;
$headers = ['Authorization: PVEAPIToken=' . $this->api_user . '=' . $this->api_key];
$headers = ['Authorization' => 'PVEAPIToken=' . $this->api_user . '=' . $this->api_key];
$post = $params ? http_build_query($params) : null;
$response = curl_client($url, $post, null, null, $headers, $this->proxy);
$response = http_request($url, $post, null, null, $headers, $this->proxy);
if ($response['code'] == 200) {
$result = json_decode($response['body'], true);
if (isset($result['data'])) {
@@ -75,12 +75,7 @@ class proxmox implements DeployInterface
throw new Exception('返回数据解析失败');
}
} else {
$header = getSubstr($response['header'], ' ', "\r\n");
if ($header) {
throw new Exception($header);
} else {
throw new Exception('请求失败(httpCode=' . $response['code'] . ')');
}
throw new Exception('请求失败(httpCode=' . $response['code'] . ', body=' . $response['body'] . ')');
}
}

1
app/lib/deploy/qiniu.php
View File

@@ -39,6 +39,7 @@ class qiniu implements DeployInterface
$cert_id = $this->get_cert_id($fullchain, $privatekey, $certInfo['subject']['CN'], $cert_name);
foreach (explode(',', $domains) as $domain) {
if (empty($domain)) continue;
if ($config['product'] == 'cdn') {
$this->deploy_cdn($domain, $cert_id);
} elseif ($config['product'] == 'oss') {

78
app/lib/deploy/rainyun.php Normal file
View File

@@ -0,0 +1,78 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class rainyun implements DeployInterface
{
private $logger;
private $url = 'https://api.v2.rainyun.com';
private $apikey;
private $proxy;
public function __construct($config)
{
$this->apikey = $config['apikey'];
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->apikey)) throw new Exception('ApiKey不能为空');
$this->request('/product/');
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
if (empty($config['id'])) throw new Exception('证书ID不能为空');
$params = [
'cert' => $fullchain,
'key' => $privatekey,
];
try {
$this->request('/product/sslcenter/' . $config['id'], $params, 'PUT');
} catch (Exception $e) {
throw new Exception($e->getMessage());
}
$this->log('证书ID:' . $config['id'] . '更新成功!');
}
private function request($path, $params = null, $method = null)
{
$url = $this->url . $path;
$headers = [
'x-api-key' => $this->apikey,
];
$body = null;
if ($params) {
$headers['Content-Type'] = 'application/json';
$body = json_encode($params);
}
$response = http_request($url, $body, null, null, $headers, $this->proxy, $method);
$result = json_decode($response['body'], true);
if (isset($result['code']) && $result['code'] == 200) {
return $result;
} elseif (isset($result['message'])) {
throw new Exception($result['message']);
} else {
if (!empty($response['body'])) $this->log('Response:' . $response['body']);
throw new Exception('请求失败(httpCode=' . $response['code'] . ')');
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}

10
app/lib/deploy/ratpanel.php
View File

@@ -113,10 +113,10 @@ class ratpanel implements DeployInterface
$url = $this->url . '/api' . $path;
$body = $method == 'GET' ? null : json_encode($params);
$sign = $this->signRequest($method, $url, $body, $this->id, $this->token);
$response = curl_client($url, $body, null, null, [
'Content-Type: application/json',
'X-Timestamp: ' . $sign['timestamp'],
'Authorization: HMAC-SHA256 Credential=' . $sign['id'] . ', Signature=' . $sign['signature']
$response = http_request($url, $body, null, null, [
'Content-Type' => 'application/json',
'X-Timestamp' => $sign['timestamp'],
'Authorization' => 'HMAC-SHA256 Credential=' . $sign['id'] . ', Signature=' . $sign['signature']
], $this->proxy, $method);
return $response['body'];
}
@@ -130,7 +130,7 @@ class ratpanel implements DeployInterface
// 规范化路径
$canonicalPath = $path;
if (strpos($path, '/api') !== 0) {
if (!str_starts_with($path, '/api')) {
$apiPos = strpos($path, '/api');
if ($apiPos !== false) {
$canonicalPath = substr($path, $apiPos);

10
app/lib/deploy/safeline.php
View File

@@ -43,7 +43,7 @@ class safeline implements DeployInterface
if (empty($row['domains'])) continue;
$flag = false;
foreach ($row['domains'] as $domain) {
if (in_array($domain, $domains)) {
if (in_array($domain, $domains) || in_array('*' . substr($domain, strpos($domain, '.')), $domains)) {
$flag = true;
break;
}
@@ -83,16 +83,16 @@ class safeline implements DeployInterface
private function request($path, $params = null)
{
$url = $this->url . $path;
$headers = ['X-SLCE-API-TOKEN: ' . $this->token];
$headers = ['X-SLCE-API-TOKEN' => $this->token];
$body = null;
if ($params) {
$heders[] = 'Content-Type: application/json';
$headers['Content-Type'] = 'application/json';
$body = json_encode($params);
}
$response = curl_client($url, $body, null, null, $headers, $this->proxy);
$response = http_request($url, $body, null, null, $headers, $this->proxy);
$result = json_decode($response['body'], true);
if ($response['code'] == 200 && $result) {
return isset($result['data']) ? $result['data'] : null;
return $result['data'] ?? null;
} else {
throw new Exception(!empty($result['msg']) ? $result['msg'] : '请求失败(httpCode=' . $response['code'] . ')');
}

8
app/lib/deploy/ssh.php
View File

@@ -23,6 +23,14 @@ class ssh implements DeployInterface
public function deploy($fullchain, $privatekey, $config, &$info)
{
$connection = $this->connect();
if (isset($config['cmd_pre']) && !empty($config['cmd_pre'])) {
$cmds = explode("\n", $config['cmd_pre']);
foreach ($cmds as $cmd) {
$cmd = trim($cmd);
if (empty($cmd)) continue;
$this->exec($connection, $cmd);
}
}
$sftp = ssh2_sftp($connection);
if ($config['format'] == 'pem') {
$stream = fopen("ssh2.sftp://$sftp{$config['pem_cert_file']}", 'w');

39
app/lib/deploy/synology.php
View File

@@ -43,7 +43,7 @@ class synology implements DeployInterface
'format' => 'sid',
'enable_syno_token' => 'yes',
];
$response = curl_client($url, http_build_query($params), null, null, null, $this->proxy);
$response = http_request($url, http_build_query($params), null, null, null, $this->proxy);
$result = json_decode($response['body'], true);
if (isset($result['success']) && $result['success']) {
$this->token = $result['data'];
@@ -69,7 +69,7 @@ class synology implements DeployInterface
'_sid' => $this->token['sid'],
'SynoToken' => $this->token['synotoken'],
];
$response = curl_client($url . '?' . http_build_query($params), null, null, $this->proxy);
$response = http_request($url . '?' . http_build_query($params), null, null, $this->proxy);
$result = json_decode($response['body'], true);
if (isset($result['success']) && $result['success']) {
$this->log('获取证书列表成功');
@@ -109,19 +109,30 @@ class synology implements DeployInterface
'_sid' => $this->token['sid'],
'SynoToken' => $this->token['synotoken'],
];
$privatekey_file = tempnam(sys_get_temp_dir(), 'privatekey');
file_put_contents($privatekey_file, $privatekey);
$fullchain_file = tempnam(sys_get_temp_dir(), 'fullchain');
file_put_contents($fullchain_file, $fullchain);
$post = [
'key' => new \CURLFile($privatekey_file),
'cert' => new \CURLFile($fullchain_file),
'id' => $id,
'desc' => $config['desc'],
$headers = [
'Content-Type' => 'multipart/form-data'
];
$response = curl_client($url . '?' . http_build_query($params), $post, null, null, null, $this->proxy, null, 15);
unlink($privatekey_file);
unlink($fullchain_file);
$post = [
[
'name' => 'key',
'filename' => 'key.pem',
'contents' => $privatekey
],
[
'name' => 'cert',
'filename' => 'cert.pem',
'contents' => $fullchain
],
[
'name' => 'id',
'contents' => $id
],
[
'name' => 'desc',
'contents' => $config['desc']
]
];
$response = http_request($url . '?' . http_build_query($params), $post, null, null, $headers, $this->proxy, null, 15);
$result = json_decode($response['body'], true);
if ($id) {
if (isset($result['success']) && $result['success']) {

35
app/lib/deploy/tencent.php
View File

@@ -60,6 +60,8 @@ class tencent implements DeployInterface
return $this->deploy_clb($cert_id, $config);
} elseif ($config['product'] == 'scf') {
return $this->deploy_scf($cert_id, $config);
} elseif ($config['product'] == 'teo' && isset($config['site_id'])) {
return $this->deploy_teo($cert_id, $config);
} else {
if (empty($config['domain'])) throw new Exception('绑定的域名不能为空');
if ($config['product'] == 'waf') {
@@ -105,6 +107,13 @@ class tencent implements DeployInterface
}
$this->log('上传证书成功 CertificateId=' . $data['CertificateId']);
usleep(300000);
$param = [
'CertificateIds' => [$data['CertificateId']],
'SwitchStatus' => 1,
];
$this->client->request('ModifyCertificatesExpiringNotificationSwitch', $param);
return $data['CertificateId'];
}
@@ -115,11 +124,17 @@ class tencent implements DeployInterface
} else {
$instance_ids = [$instance_id];
}
if ($product == 'cdn') {
$instance_ids = array_map(function ($id) {
return $id . '|on';
}, $instance_ids);
}
$param = [
'CertificateId' => $cert_id,
'InstanceIdList' => $instance_ids,
'ResourceType' => $product,
];
if ($product == 'live') $param['Status'] = 1;
$data = $this->client->request('DeployCertificateInstance', $param);
$this->log(json_encode($data));
$this->log(strtoupper($product) . '实例 ' . $instance_id . ' 部署证书成功!');
@@ -246,6 +261,26 @@ class tencent implements DeployInterface
$this->log('云函数自定义域名 ' . $config['domain'] . ' 部署证书成功!');
}
private function deploy_teo($cert_id, $config)
{
if (empty($config['site_id'])) throw new Exception('站点ID不能为空');
if (empty($config['domain'])) throw new Exception('绑定的域名不能为空');
$endpoint = isset($config['site_type']) && $config['site_type'] == 'intl' ? 'teo.intl.tencentcloudapi.com' : 'teo.tencentcloudapi.com';
$client = new TencentCloud($this->SecretId, $this->SecretKey, $endpoint, 'teo', '2022-09-01', null, $this->proxy);
$hosts = explode(',', $config['domain']);
$param = [
'ZoneId' => $config['site_id'],
'Hosts' => $hosts,
'Mode' => 'sslcert',
'ServerCertInfo' => [[
'CertId' => $cert_id
]]
];
$data = $client->request('ModifyHostsCertificate', $param);
$this->log('边缘安全加速域名 ' . $config['domain'] . ' 部署证书成功!');
}
public function setLogger($func)
{
$this->logger = $func;

34
app/lib/deploy/ucloud.php
View File

@@ -37,34 +37,20 @@ class ucloud implements DeployInterface
if (!$certInfo) throw new Exception('证书解析失败');
$cert_name = str_replace(['*', '.'], '', $certInfo['subject']['CN']) . '-' . $certInfo['validFrom_time_t'];
$param = [
'CertName' => $cert_name,
'UserCert' => $fullchain,
'PrivateKey' => $privatekey,
];
try {
$data = $this->client->request('GetCertificateV2', []);
$data = $this->client->request('AddCertificate', $param);
$this->log('添加证书成功,名称:' . $cert_name);
} catch (Exception $e) {
throw new Exception('获取证书列表失败 ' . $e->getMessage());
}
$exist = false;
foreach ($data['CertList'] as $cert) {
if (trim($cert['UserCert']) == trim($fullchain)) {
$cert_name = $cert['CertName'];
$exist = true;
}
}
if (!$exist) {
$param = [
'CertName' => $cert_name,
'UserCert' => $fullchain,
'PrivateKey' => $privatekey,
];
try {
$data = $this->client->request('AddCertificate', $param);
} catch (Exception $e) {
if (strpos($e->getMessage(), 'cert already exist') !== false) {
$this->log('证书已存在,名称:' . $cert_name);
} else {
throw new Exception('添加证书失败 ' . $e->getMessage());
}
$this->log('添加证书成功,名称:' . $cert_name);
} else {
$this->log('获取到已添加的证书,名称:' . $cert_name);
}
try {

212
app/lib/deploy/unicloud.php Normal file
View File

@@ -0,0 +1,212 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class unicloud implements DeployInterface
{
private $logger;
private $username;
private $password;
private $deviceId;
private $proxy;
private $token;
public function __construct($config)
{
$this->username = $config['username'];
$this->password = $config['password'];
$this->proxy = $config['proxy'] == 1;
$this->deviceId = getMillisecond() . random(7, 1);
}
public function check()
{
if (empty($this->username) || empty($this->password)) throw new Exception('账号或密码不能为空');
$this->login();
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
if (empty($config['domains'])) throw new Exception('绑定的域名不能为空');
$this->getToken();
$url = 'https://unicloud-api.dcloud.net.cn/unicloud/api/host/create-domain-with-cert';
foreach (explode(',', $config['domains']) as $domain) {
if (empty($domain)) continue;
$params = [
'appid' => '',
'provider' => $config['provider'],
'spaceId' => $config['spaceId'],
'domain' => $domain,
'cert' => rawurlencode($fullchain),
'key' => rawurlencode($privatekey),
];
$post = json_encode($params, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
$headers = [
'Token' => $this->token,
];
$response = http_request($url, $post, null, null, $headers, $this->proxy);
$result = json_decode($response['body'], true);
if (isset($result['ret']) && $result['ret'] == 0) {
$this->log('域名:' . $domain . ' 证书更新成功!');
} elseif(isset($result['desc'])) {
throw new Exception('域名:' . $domain . ' 证书更新失败:' . $result['desc']);
} else {
throw new Exception('域名:' . $domain . ' 证书更新失败:' . $response['body']);
}
}
}
private function login()
{
$url = 'https://account.dcloud.net.cn/client';
$clientInfo = $this->getClientInfo('__UNI__unicloud_console', '账号中心');
$bizParams = [
'functionTarget' => 'uni-id-co',
'functionArgs' => [
'method' => 'login',
'params' => [[
'password' => $this->password,
'captcha' => '',
'resetAppId' => '__UNI__unicloud_console',
'resetUniPlatform' => 'web',
'isReturnToken' => false,
'email' => $this->username,
]],
'clientInfo' => $clientInfo,
],
];
$params = [
'method' => 'serverless.function.runtime.invoke',
'params' => json_encode($bizParams, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES),
'spaceId' => 'uni-id-server',
'timestamp' => getMillisecond(),
];
$sign = $this->sign($params, 'ba461799-fde8-429f-8cc4-4b6d306e2339');
$post = json_encode($params, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
$headers = [
'Origin' => 'https://account.dcloud.net.cn',
'Referer' => 'https://account.dcloud.net.cn/',
'X-Client-Info' => json_encode($clientInfo, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES),
'X-Serverless-Sign' => $sign,
];
$response = http_request($url, $post, null, null, $headers, $this->proxy);
$result = json_decode($response['body'], true);
if (isset($result['success']) && $result['success'] == true) {
if (isset($result['data']['errCode']) && $result['data']['errCode'] == 0) {
return $result['data']['newToken']['token'];
} else {
throw new Exception('登录失败:' . $result['data']['errMsg']);
}
} else {
throw new Exception('登录失败:' . $response['body']);
}
}
private function getToken()
{
$uniIdToken = $this->login();
$url = 'https://unicloud.dcloud.net.cn/client';
$clientInfo = $this->getClientInfo('__UNI__unicloud_console', 'uniCloud控制台');
$bizParams = [
'functionTarget' => 'uni-cloud-kernel',
'functionArgs' => [
'action' => 'user/getUserToken',
'data' => [
'isLogin' => true
],
'clientInfo' => $clientInfo,
'uniIdToken' => $uniIdToken,
],
];
$params = [
'method' => 'serverless.function.runtime.invoke',
'params' => json_encode($bizParams, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES),
'spaceId' => 'dc-6nfabcn6ada8d3dd',
'timestamp' => getMillisecond(),
];
$sign = $this->sign($params, '4c1f7fbf-c732-42b0-ab10-4634a8bbe834');
$post = json_encode($params, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
$headers = [
'Origin' => 'https://account.dcloud.net.cn',
'Referer' => 'https://account.dcloud.net.cn/',
'X-Client-Info' => json_encode($clientInfo, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES),
'X-Client-Token' => $uniIdToken,
'X-Serverless-Sign' => $sign,
];
$response = http_request($url, $post, null, null, $headers, $this->proxy);
$result = json_decode($response['body'], true);
if (isset($result['success']) && $result['success'] == true) {
if (isset($result['data']['code']) && $result['data']['code'] == 0) {
if (isset($result['data']['data']['ret']) && $result['data']['data']['ret'] == 0) {
$this->token = $result['data']['data']['data']['token'];
return $result['data']['data']['data']['token'];
} else {
throw new Exception('获取token失败:' . $result['data']['data']['desc']);
}
} else {
throw new Exception('获取token失败:' . $response['body']);
}
} else {
throw new Exception('获取token失败:' . $response['body']);
}
}
private function getClientInfo($appId, $appName, $appVersion = '1.0.0', $appVersionCode = '100')
{
$clientInfo = [
'PLATFORM' => 'web',
'OS' => 'windows',
'APPID' => $appId,
'DEVICEID' => $this->deviceId,
'scene' => 1001,
'appId' => $appId,
'appLanguage' => 'zh-Hans',
'appName' => $appName,
'appVersion' => $appVersion,
'appVersionCode' => $appVersionCode,
'browserName' => 'chrome',
'browserVersion' => '122.0.6261.95',
'deviceId' => $this->deviceId,
'deviceModel' => 'PC',
'deviceType' => 'pc',
'hostName' => 'chrome',
'hostVersion' => '122.0.6261.95',
'osName' => 'windows',
'osVersion' => '10 x64',
'ua' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.95 Safari/537.36',
'uniCompilerVersion' => '4.45',
'uniPlatform' => 'web',
'uniRuntimeVersion' => '4.45',
'locale' => 'zh-Hans',
'LOCALE' => 'zh-Hans',
];
return $clientInfo;
}
private function sign($data, $key)
{
ksort($data);
$signstr = '';
foreach ($data as $k => $v) {
$signstr .= $k . '=' . $v . '&';
}
$signstr = rtrim($signstr, '&');
return hash_hmac('md5', $signstr, $key);
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}

12
app/lib/deploy/upyun.php
View File

@@ -35,7 +35,7 @@ class upyun implements DeployInterface
'certificate' => $fullchain,
'private_key' => $privatekey,
];
$response = curl_client($url, http_build_query($params), null, $this->cookie, null, $this->proxy);
$response = http_request($url, http_build_query($params), null, $this->cookie, null, $this->proxy);
$result = json_decode($response['body'], true);
if ($result['data']['status'] === 0) {
$common_name = $result['data']['result']['commonName'];
@@ -52,7 +52,7 @@ class upyun implements DeployInterface
'limit' => 100,
'domain' => $common_name,
];
$response = curl_client($url . '?' . http_build_query($params), null, null, $this->cookie, null, $this->proxy);
$response = http_request($url . '?' . http_build_query($params), null, null, $this->cookie, null, $this->proxy);
$result = json_decode($response['body'], true);
if (isset($result['data']['result']) && is_array($result['data']['result'])) {
$cert_list = $result['data']['result'];
@@ -73,7 +73,7 @@ class upyun implements DeployInterface
'new_crt_id' => $certificate_id,
'old_crt_id' => $crt_id,
];
$response = curl_client($url, http_build_query($params), null, $this->cookie, null, $this->proxy);
$response = http_request($url, http_build_query($params), null, $this->cookie, null, $this->proxy);
$result = json_decode($response['body'], true);
if (isset($result['data']['result']) && $result['data']['result'] == true) {
$i++;
@@ -97,12 +97,12 @@ class upyun implements DeployInterface
'username' => $this->username,
'password' => $this->password,
];
$response = curl_client($url, http_build_query($params), null, null, null, $this->proxy);
$response = http_request($url, http_build_query($params), null, null, null, $this->proxy);
$result = json_decode($response['body'], true);
if (isset($result['data']['result']) && $result['data']['result'] == true) {
$cookie = '';
if (preg_match_all('/Set-Cookie: (.*);/iU', $response['header'], $matchs)) {
foreach ($matchs[1] as $val) {
if (isset($response['headers']['set-cookie'])) {
foreach ($response['headers']['set-cookie'] as $val) {
$arr = explode('=', $val);
if ($arr[1] == '' || $arr[1] == 'deleted') continue;
$cookie .= $val . '; ';

103
app/lib/deploy/uusec.php Normal file
View File

@@ -0,0 +1,103 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class uusec implements DeployInterface
{
private $logger;
private $url;
private $username;
private $password;
private $proxy;
private $accessToken;
public function __construct($config)
{
$this->url = rtrim($config['url'], '/');
$this->username = $config['username'];
$this->password = $config['password'];
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->url) || empty($this->password) || empty($this->password)) throw new Exception('用户名和密码不能为空');
$this->login();
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$id = $config['id'];
if (empty($id)) throw new Exception('证书ID不能为空');
$this->login();
$params = [
'id' => intval($id),
'type' => 1,
'name' => $config['name'],
'crt' => $fullchain,
'key' => $privatekey,
];
$result = $this->request('/api/v1/certs', $params, 'PUT');
if (is_string($result) && $result == 'OK') {
$this->log('证书ID:' . $id . '更新成功!');
} else {
throw new Exception('证书ID:' . $id . '更新失败,' . (isset($result['err']) ? $result['err'] : '未知错误'));
}
}
private function login()
{
$path = '/api/v1/users/login';
$params = [
'usr' => $this->username,
'pwd' => $this->password,
'otp' => '',
];
$result = $this->request($path, $params);
if (isset($result['token'])) {
$this->accessToken = $result['token'];
} else {
throw new Exception('登录失败,' . (isset($result['err']) ? $result['err'] : '未知错误'));
}
}
private function request($path, $params = null, $method = null)
{
$url = $this->url . $path;
$headers = [];
$body = null;
if ($this->accessToken) {
$headers['Authorization'] = 'Bearer ' . $this->accessToken;
}
if ($params) {
$headers['Content-Type'] = 'application/json;charset=UTF-8';
$body = json_encode($params);
}
$response = http_request($url, $body, null, null, $headers, $this->proxy, $method);
$result = json_decode($response['body'], true);
if ($response['code'] == 200) {
return $result;
} elseif (isset($result['message'])) {
throw new Exception($result['message']);
} else {
throw new Exception('请求失败HTTP状态码' . $response['code']);
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
}

31
app/lib/deploy/wangsu.php
View File

@@ -24,7 +24,7 @@ class wangsu implements DeployInterface
public function check()
{
if (empty($this->username) || empty($this->apiKey)) throw new Exception('必填参数不能为空');
$this->request('/cdn/certificates');
$this->request('/api/ssl/certificate');
return true;
}
@@ -273,7 +273,7 @@ class wangsu implements DeployInterface
} elseif ($cert_name == $cert['name']) {
$this->log('证书' . $cert_name . '已存在,但序列号(' . $cert['certificate-id'] . ')不匹配,准备重新上传');
try {
$this->request('/api/certificate/' . $cert['certificate-id'], [['name'] => $cert_name . '-bak'], true, null, 'PUT');
$this->request('/api/certificate/' . $cert['certificate-id'], ['name' => $cert_name . '-bak'], true, null, 'PUT');
} catch (Exception $e) {
throw new Exception('证书更名失败:' . $e->getMessage());
}
@@ -416,29 +416,29 @@ class wangsu implements DeployInterface
if (empty($headers)) {
$headers = [
'Authorization: ' . $authorization,
'Date: ' . $date,
'Accept: application/json',
'Connection: close',
'Authorization' => $authorization,
'Date' => $date,
'Accept' => 'application/json',
'Connection' => 'close',
];
} else {
$headers[] = 'Authorization: ' . $authorization;
$headers[] = 'Date: ' . $date;
$headers[] = 'Accept: application/json';
$headers[] = 'Connection: close';
$headers['Authorization'] = $authorization;
$headers['Date'] = $date;
$headers['Accept'] = 'application/json';
$headers['Connection'] = 'close';
}
if ($body && $json) {
$headers[] = 'Content-Type: application/json';
$headers['Content-Type'] = 'application/json';
}
$url = 'https://open.chinanetcenter.com' . $path;
$response = curl_client($url, $body, null, null, $headers, $this->proxy, $method, 30, false);
$response = http_request($url, $body, null, null, $headers, $this->proxy, $method, 30);
$result = json_decode($response['body'], true);
if ((isset($response['code']) && $response['code'] == 201) || (isset($response['code']) && $response['code'] == 200 && $getLocation === true)) {
if (preg_match('/Location:\s*(.*)/i', $response['header'], $matches)) {
$location = trim($matches[1]); // 提取 Location 头部的值并去除多余空格
if (isset($response['headers']['Location'])) {
$location = trim(array_shift($response['headers']['Location'])); // 提取 Location 头部的值并去除多余空格
if (!empty($location)) {
return $location;
}
@@ -452,6 +452,9 @@ class wangsu implements DeployInterface
} elseif (isset($result['message'])) {
throw new Exception($result['message']);
} elseif (isset($result['result'])) {
throw new Exception($result['result']);
} else {
throw new Exception('请求失败');
}

2
app/lib/deploy/west.php
View File

@@ -103,7 +103,7 @@ class west implements DeployInterface
$params['username'] = $this->username;
$params['time'] = getMillisecond();
$params['token'] = md5($this->username . $this->api_password . $params['time']);
$response = curl_client($this->baseUrl . $path, str_replace('+', '%20', http_build_query($params)), null, null, null, $this->proxy);
$response = http_request($this->baseUrl . $path, str_replace('+', '%20', http_build_query($params)), null, null, null, $this->proxy);
$response = mb_convert_encoding($response['body'], 'UTF-8', 'GBK');
$arr = json_decode($response, true);
if ($arr) {

113
app/lib/deploy/xp.php Normal file
View File

@@ -0,0 +1,113 @@
<?php
namespace app\lib\deploy;
use app\lib\DeployInterface;
use Exception;
class xp implements DeployInterface
{
private $logger;
private $url;
private $apikey;
private $proxy;
public function __construct($config)
{
$this->url = rtrim($config['url'], '/');
$this->apikey = $config['apikey'];
$this->proxy = $config['proxy'] == 1;
}
public function check()
{
if (empty($this->url) || empty($this->apikey)) throw new Exception('请填写面板地址和接口密钥');
$path = '/openApi/siteList';
$response = $this->request($path);
$result = json_decode($response, true);
if (isset($result['code']) && $result['code'] == 1000) {
return true;
} else {
throw new Exception(isset($result['message']) ? $result['message'] : '面板地址无法连接');
}
}
public function deploy($fullchain, $privatekey, $config, &$info)
{
$path = '/openApi/siteList';
$response = $this->request($path);
$result = json_decode($response, true);
if (isset($result['code']) && $result['code'] == 1000) {
$sites = explode("\n", $config['sites']);
$sites = array_map('trim', $sites);
$success = 0;
$errmsg = null;
foreach ($result['data'] as $item) {
if (!in_array($item['name'], $sites)) {
continue;
}
try {
$this->deploySite($item['id'], $fullchain, $privatekey);
$this->log("网站 {$item['name']} 证书部署成功");
$success++;
} catch (Exception $e) {
$errmsg = $e->getMessage();
$this->log("网站 {$item['name']} 证书部署失败:" . $errmsg);
}
}
if ($success == 0) {
throw new Exception($errmsg ? $errmsg : '要部署的网站不存在');
}
} elseif (isset($result['message'])) {
throw new Exception($result['message']);
} else {
throw new Exception($response ? $response : '返回数据解析失败');
}
}
private function deploySite($id, $fullchain, $privatekey)
{
$path = '/openApi/setSSL';
$data = [
'id' => $id,
'key' => $privatekey,
'pem' => $fullchain,
];
$response = $this->request($path, $data);
$result = json_decode($response, true);
if (isset($result['code']) && $result['code'] == 1000) {
return true;
} elseif (isset($result['message'])) {
throw new Exception($result['message']);
} else {
throw new Exception($response ? $response : '返回数据解析失败');
}
}
public function setLogger($func)
{
$this->logger = $func;
}
private function log($txt)
{
if ($this->logger) {
call_user_func($this->logger, $txt);
}
}
private function request($path, $params = null)
{
$url = $this->url . $path;
$headers = [
'XP-API-KEY' => $this->apikey,
];
$response = http_request($url, $params ? json_encode($params) : null, null, null, $headers, $this->proxy);
return $response['body'];
}
}

10
app/lib/dns/aliyun.php
View File

@@ -293,6 +293,16 @@ class aliyun implements DnsInterface
return $this->request($param);
}
public function addDomain($Domain)
{
$param = ['Action' => 'AddDomain', 'DomainName' => $Domain];
$result = $this->request($param, true);
if ($result) {
return ['id' => $result['DomainId'], 'name' => $result['DomainName']];
}
return false;
}
private function convertLineCode($line)
{
$convert_dict = ['0' => 'default', '10=1' => 'unicom', '10=0' => 'telecom', '10=3' => 'mobile', '10=2' => 'edu', '3=0' => 'oversea', '10=22' => 'btvn', '80=0' => 'search', '7=0' => 'internal'];

13
app/lib/dns/baidu.php
View File

@@ -222,6 +222,19 @@ class baidu implements DnsInterface
return false;
}
public function addDomain($Domain)
{
$query = ['clientToken' => getSid(), 'name' => $Domain];
$res = $this->send_reuqest('POST', '/v1/dns/zone', null, $query);
if ($res) {
$data = $this->getDomainInfo($Domain);
if ($data) {
return ['id' => $data['DomainId'], 'name' => $data['Domain']];
}
}
return false;
}
private function convertType($type)
{
return $type;

10
app/lib/dns/cloudflare.php
View File

@@ -205,6 +205,16 @@ class cloudflare implements DnsInterface
return false;
}
public function addDomain($Domain)
{
$param = ['name' => $Domain];
$data = $this->send_reuqest('POST', '/zones', $param);
if ($data) {
return ['id' => $data['result']['id'], 'name' => $data['result']['name']];
}
return false;
}
private function convertType($type)
{
$convert_dict = ['REDIRECT_URL' => 'URI', 'FORWARD_URL' => 'URI'];

10
app/lib/dns/dnsla.php
View File

@@ -210,6 +210,16 @@ class dnsla implements DnsInterface
return false;
}
public function addDomain($Domain)
{
$param = ['domain' => $Domain];
$data = $this->execute('POST', '/api/domain', $param);
if ($data) {
return ['id' => $data['id'], 'name' => $Domain];
}
return false;
}
private function convertType($type)
{
$typeList = array_flip($this->typeList);

13
app/lib/dns/dnspod.php
View File

@@ -314,6 +314,19 @@ class dnspod implements DnsInterface
return false;
}
public function addDomain($Domain)
{
$action = 'CreateDomain';
$param = [
'Domain' => $Domain,
];
$data = $this->send_request($action, $param);
if ($data) {
return ['id' => $data['DomainInfo']['Id'], 'name' => $data['DomainInfo']['Domain']];
}
return false;
}
private function convertLineCode($line)
{
$convert_dict = ['default' => '0', 'unicom' => '10=1', 'telecom' => '10=0', 'mobile' => '10=3', 'edu' => '10=2', 'oversea' => '3=0', 'btvn' => '10=22', 'search' => '80=0', 'internal' => '7=0'];

12
app/lib/dns/huawei.php
View File

@@ -229,6 +229,18 @@ class huawei implements DnsInterface
return false;
}
public function addDomain($Domain)
{
$params = [
'name' => $Domain,
];
$data = $this->send_request('POST', '/v2/zones', null, $params);
if ($data) {
return ['id' => $data['id'], 'name' => rtrim($data['name'], '.')];
}
return false;
}
private function convertType($type)
{
return $type;

10
app/lib/dns/huoshan.php
View File

@@ -237,6 +237,16 @@ class huoshan implements DnsInterface
return false;
}
public function addDomain($Domain)
{
$params = ['ZoneName' => $Domain];
$data = $this->send_request('POST', 'CreateZone', $params);
if ($data) {
return ['id' => $data['ZID'], 'name' => $data['ZoneName']];
}
return false;
}
private function convertType($type)
{
return $type;

10
app/lib/dns/jdcloud.php
View File

@@ -225,6 +225,16 @@ class jdcloud implements DnsInterface
return false;
}
public function addDomain($Domain)
{
$params = ['packId' => 0, 'domainName' => $Domain];
$data = $this->send_request('POST', '/domain', $params);
if ($data) {
return ['id' => $data['data']['id'], 'name' => $data['data']['domainName']];
}
return false;
}
private function convertType($type)
{
$convert_dict = ['REDIRECT_URL' => 'EXPLICIT_URL', 'FORWARD_URL' => 'IMPLICIT_URL'];

7
app/lib/dns/namesilo.php
View File

@@ -181,6 +181,11 @@ class namesilo implements DnsInterface
return false;
}
public function addDomain($Domain)
{
return false;
}
private function send_reuqest($operation, $param = null)
{
$url = $this->baseUrl . $operation;
@@ -197,7 +202,7 @@ class namesilo implements DnsInterface
$url .= '?' . http_build_query($params);
try{
$response = curl_client($url, null, null, null, null, $this->proxy);
$response = http_request($url, null, null, null, null, $this->proxy);
}catch(Exception $e){
$this->setError($e->getMessage());
return false;

24
app/lib/dns/powerdns.php
View File

@@ -327,6 +327,23 @@ class powerdns implements DnsInterface
return false;
}
public function addDomain($Domain)
{
if (substr($Domain, -1) != '.') {
$Domain .= '.';
}
$param = [
'name' => $Domain,
'kind' => 'Native',
'soa_edit_api' => 'INCREASE',
];
$result = $this->send_reuqest('POST', '/servers/' . $this->server_id . '/zones', $param);
if ($result) {
return ['id' => $result['id'], 'name' => rtrim($result['name'], '.')];
}
return false;
}
private function rrset_replace($host, $type, $ttl, $records, $remark = null)
{
$name = $host == '@' ? $this->domainid : $host . '.' . $this->domainid;
@@ -369,7 +386,7 @@ class powerdns implements DnsInterface
private function send_reuqest($method, $path, $params = null)
{
$url = $this->url . $path;
$headers[] = 'X-API-Key: ' . $this->apikey;
$headers['X-API-Key'] = $this->apikey;
$body = null;
if ($method == 'GET' || $method == 'DELETE') {
if ($params) {
@@ -377,10 +394,10 @@ class powerdns implements DnsInterface
}
} else {
$body = json_encode($params);
$headers[] = 'Content-Type: application/json';
$headers['Content-Type'] = 'application/json';
}
try {
$response = curl_client($url, $body, null, null, $headers, $this->proxy, $method);
$response = http_request($url, $body, null, null, $headers, $this->proxy, $method);
} catch (Exception $e) {
$this->setError($e->getMessage());
return false;
@@ -404,6 +421,5 @@ class powerdns implements DnsInterface
private function setError($message)
{
$this->error = $message;
//file_put_contents('logs.txt',date('H:i:s').' '.$message."\r\n", FILE_APPEND);
}
}

7
app/lib/dns/west.php
View File

@@ -171,6 +171,11 @@ class west implements DnsInterface
return false;
}
public function addDomain($Domain)
{
return false;
}
private function convertType($type)
{
return $type;
@@ -182,7 +187,7 @@ class west implements DnsInterface
$params['time'] = getMillisecond();
$params['token'] = md5($this->username.$this->api_password.$params['time']);
try{
$response = curl_client($this->baseUrl . $path, http_build_query($params), null, null, null, $this->proxy);
$response = http_request($this->baseUrl . $path, http_build_query($params), null, null, null, $this->proxy);
}catch(\Exception $e){
$this->setError($e->getMessage());
return false;

2
app/lib/mail/PHPMailer/Exception.php
View File

@@ -1,2 +0,0 @@
<?php
namespace app\lib\mail\PHPMailer; class Exception extends \Exception { public function errorMessage() { return '<strong>' . htmlspecialchars($this->getMessage(), ENT_COMPAT | ENT_HTML401) . "</strong><br />\n"; } }

2
app/lib/mail/PHPMailer/PHPMailer.php
View File

File diff suppressed because one or more lines are too long

2
app/lib/mail/PHPMailer/SMTP.php
View File

File diff suppressed because one or more lines are too long

5
app/service/CertDeployService.php
View File

@@ -29,7 +29,7 @@ class CertDeployService
$this->client = DeployHelper::getModel($this->aid);
if (!$this->client) throw new Exception('该自动部署任务类型不存在', 102);
$this->info = $task['info'] ? json_decode($task['info'], true) : null;
$this->info = $task['info'] ? json_decode($task['info'], true) : [];
}
public function process($isManual = false)
@@ -89,6 +89,9 @@ class CertDeployService
private function saveResult($status, $error = null, $retrytime = null)
{
$this->task['status'] = $status;
if (!empty($error) && strlen($error) > 300) {
$error = mb_strcut($error, 0, 300);
}
$update = ['status' => $status, 'error' => $error, 'retrytime' => $retrytime];
if ($status == 1){
$update['retry'] = 0;

3
app/service/CertOrderService.php
View File

@@ -178,6 +178,9 @@ class CertOrderService
private function saveResult($status, $error = null, $retrytime = null)
{
$this->order['status'] = $status;
if (!empty($error) && strlen($error) > 300) {
$error = mb_strcut($error, 0, 300);
}
$update = ['status' => $status, 'error' => $error, 'updatetime' => date('Y-m-d H:i:s'), 'retrytime' => $retrytime];
$res = Db::name('cert_order')->where('id', $this->order['id'])->data($update);
if ($status < 0 || $retrytime) {

25
app/service/CertTaskService.php
View File

@@ -11,20 +11,26 @@ class CertTaskService
public function execute()
{
$this->execute_deploy();
$this->execute_order();
(new ExpireNoticeService())->task();
config_set('certtask_time', date("Y-m-d H:i:s"));
echo 'done'.PHP_EOL;
if ($this->execute_deploy()) {
config_set('certdeploy_time', date("Y-m-d H:i:s"));
}
if ($this->execute_order()) {
config_set('certtask_time', date("Y-m-d H:i:s"));
}
}
private function execute_order()
{
echo '开始执行SSL证书签发任务...'.PHP_EOL;
$days = config_get('cert_renewdays', 7);
$list = Db::name('cert_order')->field('id,status,issend')->whereRaw('status NOT IN (3,4) AND (retrytime IS NULL OR retrytime<NOW()) OR status=3 AND isauto=1 AND expiretime<:expiretime', ['expiretime' => date('Y-m-d H:i:s', time() + $days * 86400)])->select();
$list = Db::name('cert_order')->field('id,aid,status,issend')->whereRaw('status NOT IN (3,4) AND (retrytime IS NULL OR retrytime<NOW()) OR status=3 AND isauto=1 AND expiretime<:expiretime', ['expiretime' => date('Y-m-d H:i:s', time() + $days * 86400)])->select();
//print_r($list);exit;
$failcount = 0;
foreach ($list as $row) {
if ($row['aid'] == 0) {
if($row['issend'] == 0) MsgNotice::cert_order_send($row['id'], true);
continue;
}
try {
$service = new CertOrderService($row['id']);
if ($row['status'] == 3) {
@@ -51,6 +57,7 @@ class CertTaskService
if ($failcount >= 3) break;
sleep(1);
}
return true;
}
private function execute_deploy()
@@ -60,14 +67,15 @@ class CertTaskService
$hour = date('H');
if($start <= $end){
if($hour < $start || $hour > $end){
echo '不在部署任务运行时间范围内'.PHP_EOL; return;
echo '不在部署任务运行时间范围内'.PHP_EOL; return false;
}
}else{
if($hour < $start && $hour > $end){
echo '不在部署任务运行时间范围内'.PHP_EOL; return;
echo '不在部署任务运行时间范围内'.PHP_EOL; return false;
}
}
echo '开始执行SSL证书部署任务...'.PHP_EOL;
$list = Db::name('cert_deploy')->field('id,status,issend')->whereRaw('active=1 AND status IN (0,-1) AND (retrytime IS NULL OR retrytime<NOW())')->select();
//print_r($list);exit;
$count = 0;
@@ -91,5 +99,6 @@ class CertTaskService
if ($count >= 3) break;
sleep(1);
}
return true;
}
}

2
app/service/ExpireNoticeService.php
View File

@@ -26,6 +26,8 @@ class ExpireNoticeService
public function task()
{
echo '开始执行域名到期提醒任务...' . PHP_EOL;
config_set('domain_expire_time', date("Y-m-d H:i:s"));
$count = $this->refreshDomainList();
if ($count > 0) return;

18
app/service/OptimizeService.php
View File

@@ -39,9 +39,7 @@ class OptimizeService
public function get_ip_address($cdn_type = 1, $ip_type = 'v4')
{
$api = config_get('optimize_ip_api', 0);
if ($api == 2) {
$url = 'https://api.345673.xyz/get_data';
} elseif ($api == 1) {
if ($api == 1) {
$url = 'https://api.hostmonit.com/get_optimization_ip';
} else {
$url = 'https://www.wetest.vip/api/cf2dns/';
@@ -51,13 +49,15 @@ class OptimizeService
$url .= 'get_cloudfront_ip';
} elseif ($cdn_type == 3) {
$url .= 'get_gcore_ip';
} elseif ($cdn_type == 4) {
$url .= 'get_edgeone_ip';
}
}
$params = [
'key' => config_get('optimize_ip_key', 'o1zrmHAF'),
'type' => $ip_type,
];
$response = get_curl($url, json_encode($params), 0, 0, 0, 0, 0, ['Content-Type: application/json; charset=UTF-8']);
$response = get_curl($url, json_encode($params), 0, 0, 0, 0, ['Content-Type' => 'application/json; charset=UTF-8']);
$arr = json_decode($response, true);
if (isset($arr['code']) && $arr['code'] == 200) {
return $arr['info'];
@@ -96,7 +96,15 @@ class OptimizeService
//批量执行优选任务
public function execute()
{
$minute = config_get('optimize_ip_min', '30');
$last = config_get('optimize_ip_time', null, true);
if ($last && strtotime($last) > time() - $minute * 60) {
return false;
}
$list = Db::name('optimizeip')->where('active', 1)->select();
if (count($list) == 0) {
return false;
}
echo '开始执行IP优选任务共获取到'.count($list).'个待执行任务'."\n";
foreach ($list as $row) {
try {
@@ -108,6 +116,8 @@ class OptimizeService
echo '优选任务'.$row['id'].'执行失败:'.$e->getMessage()."\n";
}
}
config_set('optimize_ip_time', date("Y-m-d H:i:s"));
return true;
}
//执行单个优选任务

118
app/service/ScheduleService.php Normal file
View File

@@ -0,0 +1,118 @@
<?php
namespace app\service;
use Exception;
use think\facade\Db;
use app\lib\DnsHelper;
/**
* 域名定时切换解析
*/
class ScheduleService
{
public function execute()
{
$list = Db::name('sctask')->where('nexttime', '>', 0)->where('nexttime', '<=', time())->where('active', 1)->select();
if (count($list) == 0) {
return false;
}
echo '开始执行定时切换解析任务,共获取到' . count($list) . '个待执行任务' . "\n";
foreach ($list as $row) {
try {
$this->execute_one($row);
echo '定时切换任务' . $row['id'] . '执行成功' . "\n";
} catch (Exception $e) {
echo '定时切换任务' . $row['id'] . '执行失败,' . $e->getMessage() . "\n";
}
}
config_set('schedule_time', date("Y-m-d H:i:s"));
return true;
}
public function execute_one($row)
{
$drow = Db::name('domain')->alias('A')->join('account B', 'A.aid = B.id')->where('A.id', $row['did'])->field('A.*,B.type,B.ak,B.sk,B.ext')->find();
if (!$drow) throw new Exception('域名不存在');
Db::name('sctask')->where('id', $row['id'])->update(['updatetime' => time()]);
$domain = $row['rr'] . '.' . $drow['name'];
$dns = DnsHelper::getModel2($drow);
if ($row['switchtype'] == 1) {
$res = $dns->setDomainRecordStatus($row['recordid'], '1');
if ($res) {
$this->add_log($domain, '启用解析', '定时启用解析成功');
} else {
$this->add_log($domain, '启用解析失败', $dns->getError());
}
} elseif ($row['switchtype'] == 2) {
$res = $dns->setDomainRecordStatus($row['recordid'], '0');
if ($res) {
$this->add_log($domain, '暂停解析', '定时暂停解析成功');
} else {
$this->add_log($domain, '暂停解析失败', $dns->getError());
}
} elseif ($row['switchtype'] == 3) {
$res = $dns->deleteDomainRecord($row['recordid']);
if ($res) {
$this->add_log($domain, '删除解析', '定时删除解析成功');
} else {
$this->add_log($domain, '删除解析失败', $dns->getError());
}
} else {
$recordinfo = json_decode($row['recordinfo'], true);
if ($drow['type'] == 'cloudflare' && !isNullOrEmpty($row['line'])) {
$recordinfo['Line'] = $row['line'];
}
$res = $dns->updateDomainRecord($row['recordid'], $row['rr'], getDnsType($row['value']), $row['value'], $recordinfo['Line'], $recordinfo['TTL']);
if ($res) {
$this->add_log($domain, '修改解析', $row['rr'].' ['.getDnsType($row['value']).'] '.$row['value'].' (线路:'.$recordinfo['Line'].' TTL:'.$recordinfo['TTL'].')');
} else {
$this->add_log($domain, '修改解析失败', $dns->getError());
}
}
$this->update_nexttime($row);
}
public function update_nexttime($row)
{
if ($row['type'] == 1) {
if ($row['cycle'] == 2) {
$date = intval($row['switchdate']);
$nexttime = strtotime(date('Y-m-') . $date . ' ' . $row['switchtime'] . ':00');
if ($nexttime <= time()) {
$nexttime = strtotime("+1 month", $nexttime);
}
} elseif ($row['cycle'] == 1) {
$weekday = intval($row['switchdate']); // 0-6, 0=周日
$nexttime = strtotime("last Sunday +{$weekday} days {$row['switchtime']}:00");
if ($nexttime <= time()) {
$nexttime = strtotime("+1 week", $nexttime);
if ($nexttime <= time()) {
$nexttime = strtotime("+1 week", $nexttime);
}
}
} else {
$nexttime = strtotime(date('Y-m-d') . ' ' . $row['switchtime'] . ':00');
if ($nexttime <= time()) {
$nexttime = strtotime("+1 day", $nexttime);
}
}
} else {
$nexttime = strtotime($row['switchtime'] . ':00');
if ($nexttime <= time()) {
$nexttime = 0;
}
}
Db::name('sctask')->where('id', $row['id'])->update(['nexttime' => $nexttime]);
}
private function add_log($domain, $action, $data)
{
if (strlen($data) > 500) $data = substr($data, 0, 500);
Db::name('log')->insert(['uid' => 0, 'domain' => $domain, 'action' => $action, 'data' => $data, 'addtime' => date("Y-m-d H:i:s")]);
}
}

31
app/sql/install.sql
View File

@@ -5,7 +5,7 @@ CREATE TABLE `dnsmgr_config` (
PRIMARY KEY (`key`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
INSERT INTO `dnsmgr_config` VALUES ('version', '1033');
INSERT INTO `dnsmgr_config` VALUES ('version', '1040');
INSERT INTO `dnsmgr_config` VALUES ('notice_mail', '0');
INSERT INTO `dnsmgr_config` VALUES ('notice_wxtpl', '0');
INSERT INTO `dnsmgr_config` VALUES ('mail_smtp', 'smtp.qq.com');
@@ -28,7 +28,7 @@ DROP TABLE IF EXISTS `dnsmgr_domain`;
CREATE TABLE `dnsmgr_domain` (
`id` int(11) unsigned NOT NULL auto_increment,
`aid` int(11) unsigned NOT NULL,
`name` varchar(128) NOT NULL,
`name` varchar(255) NOT NULL,
`thirdid` varchar(60) DEFAULT NULL,
`addtime` datetime DEFAULT NULL,
`is_hide` tinyint(1) NOT NULL DEFAULT '0',
@@ -66,7 +66,7 @@ DROP TABLE IF EXISTS `dnsmgr_permission`;
CREATE TABLE `dnsmgr_permission` (
`id` int(11) unsigned NOT NULL auto_increment,
`uid` int(11) unsigned NOT NULL,
`domain` varchar(128) NOT NULL,
`domain` varchar(255) NOT NULL,
`sub` varchar(80) DEFAULT NULL,
PRIMARY KEY (`id`),
KEY `uid` (`uid`)
@@ -77,7 +77,7 @@ CREATE TABLE `dnsmgr_log` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`uid` int(11) unsigned NOT NULL,
`action` varchar(40) NOT NULL,
`domain` varchar(128) NOT NULL DEFAULT '',
`domain` varchar(255) NOT NULL DEFAULT '',
`data` varchar(500) DEFAULT NULL,
`addtime` datetime NOT NULL,
PRIMARY KEY (`id`),
@@ -230,4 +230,27 @@ CREATE TABLE `dnsmgr_cert_cname` (
`addtime` datetime DEFAULT NULL,
`status` tinyint(1) NOT NULL DEFAULT 0,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
DROP TABLE IF EXISTS `dnsmgr_sctask`;
CREATE TABLE `dnsmgr_sctask` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`did` int(11) unsigned NOT NULL,
`rr` varchar(128) NOT NULL,
`recordid` varchar(60) NOT NULL,
`type` tinyint(1) NOT NULL DEFAULT 0,
`cycle` tinyint(1) NOT NULL DEFAULT 0,
`switchtype` tinyint(1) NOT NULL DEFAULT 0,
`switchdate` varchar(10) DEFAULT NULL,
`switchtime` varchar(20) DEFAULT NULL,
`value` varchar(128) DEFAULT NULL,
`line` varchar(20) DEFAULT NULL,
`addtime` int(11) NOT NULL DEFAULT 0,
`updatetime` int(11) NOT NULL DEFAULT 0,
`nexttime` int(11) NOT NULL DEFAULT 0,
`active` tinyint(1) NOT NULL DEFAULT 0,
`recordinfo` varchar(200) DEFAULT NULL,
`remark` varchar(100) DEFAULT NULL,
PRIMARY KEY (`id`),
KEY `did` (`did`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;

24
app/sql/update.sql
View File

@@ -163,4 +163,26 @@ ADD COLUMN `regtime` datetime DEFAULT NULL,
ADD COLUMN `expiretime` datetime DEFAULT NULL,
ADD COLUMN `checktime` datetime DEFAULT NULL,
ADD COLUMN `noticetime` datetime DEFAULT NULL,
ADD COLUMN `checkstatus` tinyint(1) NOT NULL DEFAULT '0';
ADD COLUMN `checkstatus` tinyint(1) NOT NULL DEFAULT '0';
CREATE TABLE IF NOT EXISTS `dnsmgr_sctask` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`did` int(11) unsigned NOT NULL,
`rr` varchar(128) NOT NULL,
`recordid` varchar(60) NOT NULL,
`type` tinyint(1) NOT NULL DEFAULT 0,
`cycle` tinyint(1) NOT NULL DEFAULT 0,
`switchtype` tinyint(1) NOT NULL DEFAULT 0,
`switchdate` varchar(10) DEFAULT NULL,
`switchtime` varchar(20) DEFAULT NULL,
`value` varchar(128) DEFAULT NULL,
`line` varchar(20) DEFAULT NULL,
`addtime` int(11) NOT NULL DEFAULT 0,
`updatetime` int(11) NOT NULL DEFAULT 0,
`nexttime` int(11) NOT NULL DEFAULT 0,
`active` tinyint(1) NOT NULL DEFAULT 0,
`recordinfo` varchar(200) DEFAULT NULL,
`remark` varchar(100) DEFAULT NULL,
PRIMARY KEY (`id`),
KEY `did` (`did`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;

124
app/utils/CheckUtils.php
View File

@@ -2,85 +2,102 @@
namespace app\utils;
use GuzzleHttp\Client;
use GuzzleHttp\Exception\GuzzleException;
class CheckUtils
{
public static function curl($url, $timeout, $ip = null, $proxy = false)
{
$status = true;
$errmsg = null;
$start = microtime(true);
$urlarr = parse_url($url);
if (!$urlarr) {
return ['status' => false, 'errmsg' => 'Invalid URL', 'usetime' => 0];
}
if (str_starts_with($urlarr['host'], '[') && str_ends_with($urlarr['host'], ']')) {
$urlarr['host'] = substr($urlarr['host'], 1, -1);
}
if (!empty($ip) && !filter_var($urlarr['host'], FILTER_VALIDATE_IP)) {
if (!filter_var($ip, FILTER_VALIDATE_IP)) {
$ip = gethostbyname($ip);
}
if (!empty($ip) && filter_var($ip, FILTER_VALIDATE_IP)) {
$port = isset($urlarr['port']) ? $urlarr['port'] : ($urlarr['scheme'] == 'https' ? 443 : 80);
$port = $urlarr['port'] ?? ($urlarr['scheme'] == 'https' ? 443 : 80);
$resolve = $urlarr['host'] . ':' . $port . ':' . $ip;
}
}
$ch = curl_init();
$options = [
'timeout' => $timeout,
'connect_timeout' => $timeout,
'verify' => false,
'headers' => [
'User-Agent' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36'
],
'http_errors' => false // 不抛出异常
];
// 处理解析
if (!empty($resolve)) {
$options['curl'] = [
CURLOPT_DNS_USE_GLOBAL_CACHE => false,
CURLOPT_RESOLVE => [$resolve]
];
}
// 处理代理
if ($proxy) {
$proxy_server = config_get('proxy_server');
$proxy_port = intval(config_get('proxy_port'));
$proxy_userpwd = config_get('proxy_user').':'.config_get('proxy_pwd');
$proxy_type = config_get('proxy_type');
if ($proxy_type == 'https') {
$proxy_type = CURLPROXY_HTTPS;
} elseif ($proxy_type == 'sock4') {
$proxy_type = CURLPROXY_SOCKS4;
} elseif ($proxy_type == 'sock5') {
$proxy_type = CURLPROXY_SOCKS5;
} else {
$proxy_type = CURLPROXY_HTTP;
if (!empty($proxy_server) && !empty($proxy_port)) {
match ($proxy_type) {
'https' => $proxy_string = 'https://',
'sock4' => $proxy_string = 'socks4://',
'sock5' => $proxy_string = 'socks5://',
'sock5h' => $proxy_string = 'socks5h://',
default => $proxy_string = 'http://',
};
if ($proxy_userpwd != ':') {
$proxy_string .= $proxy_userpwd . '@';
}
$proxy_string .= $proxy_server . ':' . $proxy_port;
$options['proxy'] = $proxy_string;
}
curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_PROXY, $proxy_server);
curl_setopt($ch, CURLOPT_PROXYPORT, $proxy_port);
if ($proxy_userpwd != ':') {
curl_setopt($ch, CURLOPT_PROXYUSERPWD, $proxy_userpwd);
}
try {
$client = new Client();
$response = $client->request('GET', $url, $options);
$httpcode = $response->getStatusCode();
if ($httpcode < 200 || $httpcode >= 400) {
$status = false;
$errmsg = 'http_code=' . $httpcode;
}
curl_setopt($ch, CURLOPT_PROXYTYPE, $proxy_type);
}
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
$httpheader[] = "Accept: */*";
$httpheader[] = "Accept-Language: zh-CN,zh;q=0.8";
$httpheader[] = "Connection: close";
curl_setopt($ch, CURLOPT_HTTPHEADER, $httpheader);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
if (!empty($resolve)) {
curl_setopt($ch, CURLOPT_DNS_USE_GLOBAL_CACHE, false);
curl_setopt($ch, CURLOPT_RESOLVE, [$resolve]);
}
curl_exec($ch);
$errno = curl_errno($ch);
if ($errno) {
} catch (GuzzleException $e) {
$status = false;
$errmsg = curl_error($ch);
$errmsg = guzzle_error($e);
}
$httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($status && ($httpcode < 200 || $httpcode >= 400)) {
$status = false;
$errmsg = 'http_code='.$httpcode;
}
$usetime = round(curl_getinfo($ch, CURLINFO_TOTAL_TIME) * 1000);
curl_close($ch);
$usetime = round((microtime(true) - $start) * 1000);
return ['status' => $status, 'errmsg' => $errmsg, 'usetime' => $usetime];
}
public static function tcp($target, $ip, $port, $timeout)
{
if (!empty($ip) && filter_var($ip, FILTER_VALIDATE_IP)) $target = $ip;
if (substr($target, -1) == '.') $target = substr($target, 0, -1);
if (str_ends_with($target, '.')) $target = substr($target, 0, -1);
if (!filter_var($target, FILTER_VALIDATE_IP) && checkDomain($target)) {
$target = gethostbyname($target);
if (!$target) return ['status' => false, 'errmsg' => 'DNS resolve failed', 'usetime' => 0];
}
if (filter_var($target, FILTER_VALIDATE_IP) && strpos($target, ':') !== false) {
if (filter_var($target, FILTER_VALIDATE_IP) && str_contains($target, ':')) {
$target = '['.$target.']';
}
$starttime = getMillisecond();
@@ -100,7 +117,7 @@ class CheckUtils
{
if (!function_exists('exec')) return ['status' => false, 'errmsg' => 'exec函数不可用', 'usetime' => 0];
if (!empty($ip) && filter_var($ip, FILTER_VALIDATE_IP)) $target = $ip;
if (substr($target, -1) == '.') $target = substr($target, 0, -1);
if (str_ends_with($target, '.')) $target = substr($target, 0, -1);
if (!filter_var($target, FILTER_VALIDATE_IP) && checkDomain($target)) {
$target = gethostbyname($target);
if (!$target) return ['status' => false, 'errmsg' => 'DNS resolve failed', 'usetime' => 0];
@@ -109,8 +126,19 @@ class CheckUtils
return ['status' => false, 'errmsg' => 'Invalid IP address', 'usetime' => 0];
}
$timeout = 1;
exec('ping -c 1 -w '.$timeout.' '.$target.'', $output, $return_var);
$usetime = !empty($output[1]) ? round(getSubstr($output[1], 'time=', ' ms')) : 0;
if (str_contains($target, ':')) {
exec('ping -6 -c 1 -w '.$timeout.' '.$target, $output, $return_var);
} else {
exec('ping -c 1 -w '.$timeout.' '.$target, $output, $return_var);
}
if (!empty($output[1])) {
if (strpos($output[1], '毫秒') !== false) {
$usetime = getSubstr($output[1], '时间=', ' 毫秒');
} else {
$usetime = getSubstr($output[1], 'time=', ' ms');
}
}
$usetime = !empty($usetime) ? round(trim($usetime)) : 0;
$errmsg = null;
if ($return_var !== 0) {
$usetime = $usetime == 0 ? $timeout * 1000 : $usetime;

10
app/utils/DnsQueryUtils.php
View File

@@ -2,6 +2,8 @@
namespace app\utils;
use Exception;
class DnsQueryUtils
{
private static $doh_servers = ['https://dns.alidns.com/resolve', 'https://doh.pub/resolve', 'https://doh.360.cn/resolve'];
@@ -10,7 +12,11 @@ class DnsQueryUtils
{
$dns_type = ['A' => DNS_A, 'AAAA' => DNS_AAAA, 'CNAME' => DNS_CNAME, 'MX' => DNS_MX, 'TXT' => DNS_TXT];
if (!array_key_exists($type, $dns_type)) return false;
$list = dns_get_record($domain, $dns_type[$type]);
try{
$list = dns_get_record($domain, $dns_type[$type]);
}catch(Exception $e){
return false;
}
if (!$list || empty($list)) return false;
$result = [];
foreach ($list as $row) {
@@ -38,7 +44,7 @@ class DnsQueryUtils
$data = get_curl($url);
$arr = json_decode($data, true);
if (!$arr) {
unset($doh_servers[$id]);
unset(self::$doh_servers[$id]);
$id = array_rand(self::$doh_servers);
$url = self::$doh_servers[$id].'?name='.urlencode($domain).'&type='.$dns_type[$type];
$data = get_curl($url);

45
app/utils/MsgNotice.php
View File

@@ -1,6 +1,7 @@
<?php
namespace app\utils;
use PHPMailer\PHPMailer\PHPMailer;
use think\facade\Db;
use app\lib\CertHelper;
use app\lib\DeployHelper;
@@ -66,24 +67,33 @@ class MsgNotice
{
$row = Db::name('cert_order')->field('id,aid,issuetime,expiretime,issuer,status,error')->where('id', $id)->find();
if (!$row) return;
$type = Db::name('cert_account')->where('id', $row['aid'])->value('type');
$domainList = Db::name('cert_domain')->where('oid', $id)->column('domain');
if (empty($domainList)) return;
if ($result) {
if ($row['aid'] == 0) {
if (count($domainList) > 1) {
$mail_title = $domainList[0] . '等' . count($domainList) . '个域名SSL证书签发成功通知';
$mail_title = $domainList[0] . '等' . count($domainList) . '个域名SSL证书即将到期提醒';
} else {
$mail_title = $domainList[0] . '域名SSL证书签发成功通知';
$mail_title = $domainList[0] . '域名SSL证书即将到期提醒';
}
$mail_content = '尊敬的用户,您好:您SSL证书已签发成功!<br/><b>证书账户:</b> '.CertHelper::$cert_config[$type]['name'].'('.$row['aid'].')<br/><b>证书域名:</b> '.implode('、', $domainList).'<br/><b>签发时间:</b> '.$row['issuetime'].'<br/><b>到期时间:</b> '.$row['expiretime'].'<br/><b>颁发机构:</b> '.$row['issuer'];
$mail_content = '尊敬的用户,您好:您有一张SSL证书将在'.config_get('cert_renewdays', 7).'天后到期,该证书为手动续期证书,请及时续期!<br/><b>证书域名:</b> '.implode('、', $domainList).'<br/><b>签发时间:</b> '.$row['issuetime'].'<br/><b>到期时间:</b> '.$row['expiretime'].'<br/><b>颁发机构:</b> '.$row['issuer'];
} else {
$status_arr = [0 => '失败', -1 => '购买证书失败', -2 => '创建订单失败', -3 => '添加DNS失败', -4 => '验证DNS失败', -5 => '验证订单失败', -6 => '订单验证未通过', -7 => '签发证书失败'];
if(count($domainList) > 1){
$mail_title = $domainList[0].'等'.count($domainList).'个域名SSL证书'.$status_arr[$row['status']].'通知';
}else{
$mail_title = $domainList[0].'域名SSL证书'.$status_arr[$row['status']].'通知';
$type = Db::name('cert_account')->where('id', $row['aid'])->value('type');
if ($result) {
if (count($domainList) > 1) {
$mail_title = $domainList[0] . '等' . count($domainList) . '个域名SSL证书签发成功通知';
} else {
$mail_title = $domainList[0] . '域名SSL证书签发成功通知';
}
$mail_content = '尊敬的用户您好您的SSL证书已签发成功<br/><b>证书账户:</b> '.CertHelper::$cert_config[$type]['name'].'('.$row['aid'].')<br/><b>证书域名:</b> '.implode('、', $domainList).'<br/><b>签发时间:</b> '.$row['issuetime'].'<br/><b>到期时间:</b> '.$row['expiretime'].'<br/><b>颁发机构:</b> '.$row['issuer'];
} else {
$status_arr = [0 => '失败', -1 => '购买证书失败', -2 => '创建订单失败', -3 => '添加DNS失败', -4 => '验证DNS失败', -5 => '验证订单失败', -6 => '订单验证未通过', -7 => '签发证书失败'];
if(count($domainList) > 1){
$mail_title = $domainList[0].'等'.count($domainList).'个域名SSL证书'.$status_arr[$row['status']].'通知';
}else{
$mail_title = $domainList[0].'域名SSL证书'.$status_arr[$row['status']].'通知';
}
$mail_content = '尊敬的用户您好您的SSL证书'.$status_arr[$row['status']].'<br/><b>证书账户:</b> '.CertHelper::$cert_config[$type]['name'].'('.$row['aid'].')<br/><b>证书域名:</b> '.implode('、', $domainList).'<br/><b>失败时间:</b> '.date('Y-m-d H:i:s').'<br/><b>失败原因:</b> <font color="warning">'.$row['error'].'</font>';
}
$mail_content = '尊敬的用户您好您的SSL证书'.$status_arr[$row['status']].'<br/><b>证书账户:</b> '.CertHelper::$cert_config[$type]['name'].'('.$row['aid'].')<br/><b>证书域名:</b> '.implode('、', $domainList).'<br/><b>失败时间:</b> '.date('Y-m-d H:i:s').'<br/><b>失败原因:</b> <font color="warning">'.$row['error'].'</font>';
}
$mail_content .= '<br/><font color="grey">'.self::$sitename.'</font><br/><font color="grey">'.date('Y-m-d H:i:s').'</font>';
@@ -176,7 +186,8 @@ class MsgNotice
$mail_smtp = config_get('mail_smtp');
$mail_pwd = config_get('mail_pwd');
if (!$mail_name || !$mail_port || !$mail_smtp || !$mail_pwd) return false;
$mail = new \app\lib\mail\PHPMailer\PHPMailer(true);
$mail = new PHPMailer(true);
$mail->setLanguage('zh_cn');
try {
$mail->SMTPDebug = 0;
$mail->CharSet = 'UTF-8';
@@ -211,12 +222,12 @@ class MsgNotice
if (!$wechat_apptoken || !$wechat_appuid) return false;
$url = 'https://wxpusher.zjiecode.com/api/send/message';
$post = ['appToken' => $wechat_apptoken, 'content' => $content, 'summary' => $title, 'contentType' => 3, 'uids' => [$wechat_appuid]];
$result = get_curl($url, json_encode($post), 0, 0, 0, 0, 0, ['Content-Type: application/json; charset=UTF-8']);
$result = get_curl($url, json_encode($post), 0, 0, 0, 0, ['Content-Type' => 'application/json; charset=UTF-8']);
$arr = json_decode($result, true);
if (isset($arr['success']) && $arr['success'] == true) {
return true;
} else {
return isset($arr['msg']) ? $arr['msg'] : '请求失败';
return $arr['msg'] ?? '请求失败';
}
}
@@ -239,7 +250,7 @@ class MsgNotice
if (isset($arr['ok']) && $arr['ok'] == true) {
return true;
} else {
return isset($arr['description']) ? $arr['description'] : '请求失败';
return $arr['description'] ?? '请求失败';
}
}
@@ -275,12 +286,12 @@ class MsgNotice
} else {
return '不支持的Webhook地址';
}
$result = get_curl($url, json_encode($post), 0, 0, 0, 0, 0, ['Content-Type: application/json; charset=UTF-8']);
$result = get_curl($url, json_encode($post), 0, 0, 0, 0, ['Content-Type' => 'application/json; charset=UTF-8']);
$arr = json_decode($result, true);
if (isset($arr['errcode']) && $arr['errcode'] == 0 || isset($arr['code']) && $arr['code'] == 0) {
return true;
} else {
return isset($arr['errmsg']) ? $arr['errmsg'] : (isset($arr['msg']) ? $arr['msg'] : '请求失败');
return $arr['errmsg'] ?? (isset($arr['msg']) ? $arr['msg'] : '请求失败');
}
}

4
app/view/auth/login.html
View File

@@ -55,13 +55,13 @@ a{color:#444}
<div class="input-group-addon"><span class="glyphicon glyphicon-lock" aria-hidden="true"></span></div>
<input type="password" class="form-control" placeholder="密码" name="password" required="required"/>
</div>
<div class="input-group">
{if config_get('vcode', '1')=='1'}<div class="input-group">
<div class="input-group-addon"><span class="glyphicon glyphicon-lock" aria-hidden="true"></span></div>
<input type="text" class="form-control input-lg" placeholder="验证码" name="code" autocomplete="off" required="required"/>
<span class="input-group-addon" style="padding: 0">
<img id="verifycode" src="/verifycode" height="45" onclick="this.src='/verifycode?r='+Math.random();" title="点击更换验证码">
</span>
</div>
</div>{/if}
<div class="form-group">
<button type="submit" class="btn btn-success btn-lg btn-block" id="submit" style="background:#708eea;">登 录</button>
</div>

132
app/view/cert/account_form.html
View File

@@ -9,19 +9,108 @@
color: #f56c6c;
margin-right: 4px;
}
/* 账户类型卡片样式 */
.account-type-container {
display: flex;
flex-wrap: wrap;
gap: 15px;
margin-bottom: 20px;
}
.account-type-category {
width: 100%;
margin-bottom: 10px;
font-size: 18px;
font-weight: bold;
color: #333;
border-bottom: 1px solid #eee;
padding-bottom: 5px;
}
.account-type-card {
width: calc(25% - 15px);
min-width: 200px;
padding: 10px;
border: 1px solid #ddd;
border-radius: 5px;
cursor: pointer;
transition: all 0.3s;
background: #fff;
height: 100px;
overflow: hidden;
}
.account-type-card:hover {
border-color: #409EFF;
box-shadow: 0 2px 12px 0 rgba(0,0,0,0.1);
}
.account-type-card .icon {
width: 30px;
margin: 11px 8px;
float: left;
}
.account-type-card .content {
margin-left: 38px;
}
.account-type-card .title {
font-size: 14px;
font-weight: bold;
margin-bottom: 3px;
color: #333;
}
.account-type-card .desc {
font-size: 12px;
color: #999;
line-height: 1.4;
display: -webkit-box;
-webkit-line-clamp: 2;
-webkit-box-orient: vertical;
overflow: hidden;
text-overflow: ellipsis;
}
@media (max-width: 768px) {
.account-type-card {
width: calc(50% - 15px);
}
}
@media (max-width: 480px) {
.account-type-card {
width: 100%;
height: 78px;
}
.account-type-card .desc {
-webkit-line-clamp: 1;
}
}
</style>
<div class="row" id="app">
<div class="col-xs-12 center-block" style="float: none;">
<div class="panel panel-default">
<div class="panel-heading"><h3 class="panel-title"><a href="javascript:window.history.back()" class="btn btn-sm btn-default pull-right" style="margin-top:-6px"><i class="fa fa-reply fa-fw"></i> 返回</a>{if $action=='edit'}编辑{else}添加{/if}{$title}</h3></div>
<div class="panel-body">
<form onsubmit="return false" method="post" class="form-horizontal" role="form" id="accountform">
<!-- 账户类型选择视图 -->
<div id="account-type-view" v-if="!selectedType">
<div v-for="(category, classId) in groupedTypes" :key="classId">
<div class="account-type-category">{{ category.label }}</div>
<div class="account-type-container">
<div class="account-type-card" v-for="type in category.types" :key="type.value" @click="selectType(type.value)">
<img class="icon" :src="'/static/images/' + typeList[type.value].icon" :alt="type.label">
<div class="content">
<div class="title">{{ type.label }}</div>
<div class="desc">{{ typeList[type.value].desc || ''}}</div>
</div>
</div>
</div>
</div>
</div>
<!-- 表单视图 -->
<form onsubmit="return false" method="post" class="form-horizontal" role="form" id="accountform" v-if="selectedType">
<div class="form-group">
<label class="col-sm-3 control-label no-padding-right" is-required>账户类型</label>
<div class="col-sm-6">
<select name="type" v-model="set.type" class="form-control" required :disabled="action=='edit'">
<optgroup v-for="item in typeOption" :label="item.label"><option v-for="item2 in item.children" :value="item2.value">{{item2.label}}</option></optgroup>
</select>
<div class="form-control-static">
{{ typeList[set.type].name }}
<a href="javascript:;" @click="selectedType = false" class="pull-right btn btn-default" v-if="action=='add'">重新选择</a>
</div>
<input type="hidden" name="type" v-model="set.type">
</div>
</div>
<div v-for="(item,name) in inputs" v-show="isShow(item.show)">
@@ -93,7 +182,7 @@
</div>
{/block}
{block name="script"}
<script src="{$cdnpublic}vue/2.6.14/vue.min.js"></script>
<script src="{$cdnpublic}vue/2.7.16/vue.min.js"></script>
<script src="{$cdnpublic}layer/3.1.1/layer.js"></script>
<script src="/static/js/bootstrapValidator.min.js"></script>
<script>
@@ -104,6 +193,7 @@ new Vue({
el: '#app',
data: {
action: '{$action}',
selectedType: false,
set: {
deploy: '{$deploy}',
id: '',
@@ -140,16 +230,24 @@ new Vue({
}
}
},
mounted() {
this.typeOption = Object.keys(classList).map((key) => {
var tempList = [];
Object.keys(typeList).forEach((key2) => {
if(typeList[key2].class == key){
tempList.push({label: typeList[key2].name, value: key2})
}
computed: {
groupedTypes() {
return Object.keys(classList).map((key) => {
var tempList = [];
Object.keys(typeList).forEach((key2) => {
if(typeList[key2].class == key){
tempList.push({label: typeList[key2].name, value: key2})
}
})
return {label: classList[key], types: tempList}
})
return {label: classList[key], children: tempList}
})
}
},
mounted() {
this.typeOption = this.groupedTypes;
if(this.action == 'edit') {
this.selectedType = true;
}
if(this.action == 'edit'){
Object.keys(info).forEach((key) => {
this.set[key] = info[key]
@@ -181,6 +279,10 @@ new Vue({
})
},
methods: {
selectType(type) {
this.set.type = type;
this.selectedType = true;
},
submit(){
var that=this;
Object.keys(this.config).forEach((key) => {
@@ -235,4 +337,4 @@ new Vue({
},
});
</script>
{/block}
{/block}

8
app/view/cert/certaccount.html
View File

@@ -65,10 +65,10 @@ $(document).ready(function(){
title: '添加时间'
},
{
field: '',
field: 'action',
title: '操作',
formatter: function(value, row, index) {
var html = '<a href="/cert/account/edit?deploy=0&id='+row.id+'" class="btn btn-info btn-xs">编辑</a> <a href="javascript:delItem('+row.id+')" class="btn btn-danger btn-xs">删除</a>';
var html = '<a href="/cert/account/edit?deploy=0&id='+row.id+'" class="btn btn-info btn-xs">编辑</a> <a href="javascript:delItem('+row.id+')" class="btn btn-danger btn-xs">删除</a> <a href="/cert/certorder?aid='+row.id+'" class="btn btn-default btn-xs">订单</a>';
return html;
}
},
@@ -79,12 +79,12 @@ function delItem(id){
layer.confirm('确定要删除此账户吗?', {
btn: ['确定','取消']
}, function(){
$.post('/cert/account/del?deploy=0', {id: id}, function(data){
$.post('/cert/account/del', {id: id, deploy: 0}, function(data){
if(data.code == 0) {
layer.msg('删除成功', {icon: 1, time:800});
$('#listTable').bootstrapTable('refresh');
} else {
layer.msg(data.msg, {icon: 2});
layer.alert(data.msg, {icon: 2});
}
}, 'json');
});

25
app/view/cert/certorder.html
View File

@@ -16,6 +16,7 @@ pre.pre-log{height: 330px;overflow-y: auto;width: 100%;background-color: rgba(51
<form onsubmit="return searchSubmit()" method="GET" class="form-inline" id="searchToolbar">
<input type="hidden" name="id" value="">
<input type="hidden" name="aid" value="">
<div class="form-group">
<label>搜索</label>
<div class="form-group">
@@ -34,12 +35,6 @@ pre.pre-log{height: 330px;overflow-y: auto;width: 100%;background-color: rgba(51
<a href="javascript:searchClear()" class="btn btn-default" title="刷新订单列表"><i class="fa fa-refresh"></i> 刷新</a>
<div class="btn-group">
<a href="/cert/order/add" class="btn btn-success"><i class="fa fa-plus"></i> 添加</a>
<button type="button" class="btn btn-default dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
<span class="caret"></span>
</button>
<ul class="dropdown-menu">
<li><a href="/cert/order/import">导入已有证书</a></li>
</ul>
</div>
<div class="btn-group" role="group">
<button type="button" class="btn btn-default dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">批量操作 <span class="caret"></span></button>
@@ -87,7 +82,10 @@ $(document).ready(function(){
field: 'typename',
title: '证书账户',
formatter: function(value, row, index) {
return '<span title="'+row.aremark+'" data-toggle="tooltip" data-placement="right"><img src="/static/images/'+row.icon+'" class="type-logo">'+value+'('+row.aid+')</span>';
if(value){
return '<span title="'+row.aremark+'" data-toggle="tooltip" data-placement="right"><img src="/static/images/'+row.icon+'" class="type-logo">'+value+'('+row.aid+')</span>';
}
return '手动续期';
}
},
{
@@ -197,7 +195,7 @@ $(document).ready(function(){
}
},
{
field: '',
field: 'action',
title: '操作',
formatter: function(value, row, index) {
var html = '';
@@ -208,7 +206,10 @@ $(document).ready(function(){
}else if(row.status == 2) {
html += '<a href="javascript:doOrder(\''+row.id+'\')" class="btn btn-success btn-xs"><i class="fa fa-check-circle"></i> 继续验证</a>&nbsp;&nbsp;';
}else if(row.status == 3) {
html += '<a href="javascript:download(\''+row.id+'\')" class="btn btn-success btn-xs"><i class="fa fa-download"></i> 下载</a>&nbsp;&nbsp;<a href="javascript:renewOrder(\''+row.id+'\')" class="btn btn-warning btn-xs"><i class="fa fa-refresh"></i> 续签</a>&nbsp;&nbsp;';
html += '<a href="javascript:download(\''+row.id+'\')" class="btn btn-success btn-xs"><i class="fa fa-download"></i> 下载</a>&nbsp;&nbsp;';
if(row.aid > 0){
html += '<a href="javascript:renewOrder(\''+row.id+'\')" class="btn btn-warning btn-xs"><i class="fa fa-refresh"></i> 续签</a>&nbsp;&nbsp;';
}
}else if(row.status == 4) {
html += '<a href="javascript:renewOrder(\''+row.id+'\')" class="btn btn-success btn-xs"><i class="fa fa-play-circle"></i> 重新申请</a>&nbsp;&nbsp;';
}else{
@@ -219,7 +220,9 @@ $(document).ready(function(){
html += '<li><a href="javascript:showLog(\''+row.processid+'\')">查看日志</a></li>';
if(row.status == 3){
html += '<li><a href="/cert/deploytask?oid='+row.id+'">部署任务</a></li>';
html += '<li><a href="javascript:revokeOrder(\''+row.id+'\')">吊销证书</a></li>';
if(row.aid > 0){
html += '<li><a href="javascript:revokeOrder(\''+row.id+'\')">吊销证书</a></li>';
}
}else if(row.status < 0){
html += '<li><a href="javascript:resetOrder(\''+row.id+'\')">重置订单</a></li>';
}else if(row.status == 1 || row.status == 2){
@@ -451,7 +454,7 @@ function operation(action){
$.ajax({
type : 'POST',
url : '/cert/order/operation',
data : {action: action, ids: ids},
data : {act: action, ids: ids},
dataType : 'json',
success : function(data) {
layer.close(ii);

12
app/view/cert/certset.html
View File

@@ -3,14 +3,6 @@
{block name="main"}
<div class="row">
<div class="col-xs-12 col-sm-8 col-lg-6 center-block" style="float: none;">
<div class="panel panel-warning">
<div class="panel-heading"><h3 class="panel-title">计划任务说明</h3></div>
<div class="panel-body">
<p><li>计划任务将以下命令添加到计划任务1分钟1次</li></p>
<p><code>cd {:app()->getRootPath()} && php think certtask</code></p>
<p><li>上次运行时间:<font color="green">{:config_get('certtask_time', '未运行', true)}</font></li></p>
</div>
</div>
<div class="panel panel-info">
<div class="panel-heading"><h3 class="panel-title">自动续签设置</h3></div>
@@ -28,7 +20,7 @@
</form>
</div>
<div class="panel-footer">
<li>提示:只有已开启自动续签的证书,才会自动续签。</li>
<li>提示:只有已开启自动续签的证书,并添加<a href="/system/cronset">计划任务</a>才会自动续签。</li>
</div>
</div>
@@ -93,7 +85,7 @@ function saveSetting(obj){
var ii = layer.load(2, {shade:[0.1,'#fff']});
$.ajax({
type : 'POST',
url : '',
url : '/system/set',
data : $(obj).serialize(),
dataType : 'json',
success : function(data) {

2
app/view/cert/cname.html
View File

@@ -130,7 +130,7 @@ $(document).ready(function(){
title: '添加时间'
},
{
field: '',
field: 'action',
title: '操作',
formatter: function(value, row, index) {
var html = '<a href="javascript:editframe('+row.id+')" class="btn btn-primary btn-xs">编辑</a> <a href="javascript:delItem('+row.id+')" class="btn btn-danger btn-xs">删除</a>';

Some files were not shown because too many files have changed in this diff Show More