Skip to content

Commit

Permalink
Added default Ca features
Browse files Browse the repository at this point in the history
+ Added default CA feature
+ Fixed RWD issue in TLS cert table
+ Optimized ACME UI in the TLS page
  • Loading branch information
tobychui committed Sep 25, 2023
1 parent fd6ba56 commit bda47fc
Show file tree
Hide file tree
Showing 9 changed files with 124 additions and 18 deletions.
21 changes: 21 additions & 0 deletions src/acme.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package main

import (
"encoding/json"
"fmt"
"io"
"log"
Expand Down Expand Up @@ -114,3 +115,23 @@ func AcmeCheckAndHandleRenewCertificate(w http.ResponseWriter, r *http.Request)
}
}
}

// HandleACMEPreferredCA return the user preferred / default CA for new subdomain auto creation
func HandleACMEPreferredCA(w http.ResponseWriter, r *http.Request) {
ca, err := utils.PostPara(r, "set")
if err != nil {
//Return the current ca to user
prefCA := "Let's Encrypt"
sysdb.Read("acmepref", "prefca", &prefCA)
js, _ := json.Marshal(prefCA)
utils.SendJSONResponse(w, string(js))
} else {
//Check if the CA is supported
acme.IsSupportedCA(ca)
//Set the new config
sysdb.Write("acmepref", "prefca", ca)
log.Println("Updating prefered ACME CA to " + ca)
utils.SendOK(w)
}

}
1 change: 1 addition & 0 deletions src/api.go
Original file line number Diff line number Diff line change
Expand Up @@ -162,6 +162,7 @@ func initAPIs() {
authRouter.HandleFunc("/api/acme/listExpiredDomains", acmeHandler.HandleGetExpiredDomains)
authRouter.HandleFunc("/api/acme/obtainCert", AcmeCheckAndHandleRenewCertificate)
authRouter.HandleFunc("/api/acme/autoRenew/enable", acmeAutoRenewer.HandleAutoRenewEnable)
authRouter.HandleFunc("/api/acme/autoRenew/ca", HandleACMEPreferredCA)
authRouter.HandleFunc("/api/acme/autoRenew/email", acmeAutoRenewer.HandleACMEEmail)
authRouter.HandleFunc("/api/acme/autoRenew/setDomains", acmeAutoRenewer.HandleSetAutoRenewDomains)
authRouter.HandleFunc("/api/acme/autoRenew/listDomains", acmeAutoRenewer.HandleLoadAutoRenewDomains)
Expand Down
2 changes: 1 addition & 1 deletion src/mod/acme/acme.go
Original file line number Diff line number Diff line change
Expand Up @@ -361,8 +361,8 @@ func IsPortInUse(port int) bool {

}

// Load cert information from json file
func loadCertInfoJSON(filename string) (*CertificateInfoJSON, error) {

certInfoBytes, err := os.ReadFile(filename)
if err != nil {
return nil, err
Expand Down
5 changes: 5 additions & 0 deletions src/mod/acme/ca.go
Original file line number Diff line number Diff line change
Expand Up @@ -49,3 +49,8 @@ func loadCAApiServerFromName(caName string) (string, error) {

return val, nil
}

func IsSupportedCA(caName string) bool {
_, err := loadCAApiServerFromName(caName)
return err == nil
}
2 changes: 2 additions & 0 deletions src/start.go
Original file line number Diff line number Diff line change
Expand Up @@ -204,6 +204,8 @@ func startupSequence() {
Obtaining certificates from ACME Server
*/
//Create a table just to store acme related preferences
sysdb.NewTable("acmepref")
acmeHandler = initACME()
acmeAutoRenewer, err = acme.NewAutoRenewer("./conf/acme_conf.json", "./conf/certs/", int64(*acmeAutoRenewInterval), acmeHandler)
if err != nil {
Expand Down
95 changes: 81 additions & 14 deletions src/web/components/cert.html
Original file line number Diff line number Diff line change
Expand Up @@ -65,17 +65,20 @@ <h4>Sub-domain Certificates</h4>
</div>
<br>
<div>
<table class="ui sortable unstackable celled table">
<thead>
<tr><th>Domain</th>
<th>Last Update</th>
<th>Expire At</th>
<th class="no-sort">Remove</th>
</tr></thead>
<tbody id="certifiedDomainList">

</tbody>
</table>
<div style="width: 100%; overflow-x: auto; margin-bottom: 1em;">
<table class="ui sortable unstackable celled table">
<thead>
<tr><th>Domain</th>
<th>Last Update</th>
<th>Expire At</th>
<th class="no-sort">Remove</th>
</tr></thead>
<tbody id="certifiedDomainList">

</tbody>
</table>
</div>

<button class="ui basic button" onclick="initManagedDomainCertificateList();"><i class="green refresh icon"></i> Refresh List</button>
</div>
<div class="ui message">
Expand All @@ -90,6 +93,7 @@ <h4>Certificate Authority (CA) and Auto Renew (ACME)</h4>
<p>The default CA to use when create a new subdomain proxy endpoint with TLS certificate</p>
<div class="ui fluid form">
<div class="field">
<label>Preferred CA</label>
<div class="ui selection dropdown" id="defaultCA">
<input type="hidden" name="defaultCA">
<i class="dropdown icon"></i>
Expand All @@ -101,10 +105,22 @@ <h4>Certificate Authority (CA) and Auto Renew (ACME)</h4>
</div>
</div>
</div>
<div class="field">
<label>ACME Email</label>
<input id="prefACMEEmail" type="text" placeholder="ACME Email">
</div>
<button class="ui basic icon button" onclick="saveDefaultCA();"><i class="ui blue save icon"></i> Save Settings</button>
</div><br>

<h5>Certificate Renew / Generation (ACME) Settings</h5>
<div class="ui basic segment">
<h4 class="ui header" id="acmeAutoRenewer">
<i class="red circle icon"></i>
<div class="content">
<span id="acmeAutoRenewerStatus">Disabled</span>
<div class="sub header">Auto-Renewer Status</div>
</div>
</h4>
</div>
<p>This tool provide you a graphical interface to setup auto certificate renew on your (sub)domains. You can also manually generate a certificate if one of your domain do not have certificate.</p>
<button class="ui basic button" onclick="openACMEManager();"><i class="yellow external icon"></i> Open ACME Tool</button>
</div>
Expand Down Expand Up @@ -134,9 +150,60 @@ <h5>Certificate Renew / Generation (ACME) Settings</h5>

}

function initAcmeStatus(){
//Initialize the current default CA options
$.get("/api/acme/autoRenew/email", function(data){
$("#prefACMEEmail").val(data);
});

$.get("/api/acme/autoRenew/ca", function(data){
$("#defaultCA").dropdown("set value", data);
});

$.get("/api/acme/autoRenew/enable", function(data){
setACMEEnableStates(data);
})
}
//Set the status of the acme enable icon
function setACMEEnableStates(enabled){
$("#acmeAutoRenewerStatus").text(enabled?"Enabled":"Disabled");
$("#acmeAutoRenewer").find("i").attr("class", enabled?"green circle icon":"red circle icon");
}
initAcmeStatus();

function saveDefaultCA(){
//TODO: Add an endpoint to handle default CA set and load
alert("WIP");
let newDefaultEmail = $("#prefACMEEmail").val().trim();
let newDefaultCA = $("#defaultCA").dropdown("get value");

if (newDefaultEmail == ""){
msgbox("Invalid acme email given", false);
return;
}

$.ajax({
url: "/api/acme/autoRenew/email",
method: "POST",
data: {"set": newDefaultEmail},
success: function(data){
if (data.error != undefined){
msgbox(data.error, false);
}
}
});

$.ajax({
url: "/api/acme/autoRenew/ca",
data: {"set": newDefaultCA},
method: "POST",
success: function(data){
if (data.error != undefined){
msgbox(data.error, false);
}
}
});

msgbox("Settings updated");

}

//List the stored certificates
Expand Down
9 changes: 7 additions & 2 deletions src/web/components/rules.html
Original file line number Diff line number Diff line change
Expand Up @@ -184,10 +184,15 @@ <h2>New Proxy Rule</h2>
if (type == "subd" && $("#tls").checkbox("is checked")){
confirmBox("Request new SSL Cert for this subdomain?", function(choice){
if (choice == true){
//Load the prefer CA from TLS page
let defaultCA = $("#defaultCA").dropdown("get value");
if (defaultCA.trim() == ""){
defaultCA = "Let's Encrypt";
}
//Get a new cert using ACME
msgbox("Requesting certificate via Let's Encrypt...");
msgbox("Requesting certificate via " + defaultCA +"...");
console.log("Trying to get a new certificate via ACME");
obtainCertificate(rootname);
obtainCertificate(rootname, defaultCA.trim());
}else{
msgbox("Proxy Endpoint Added");
}
Expand Down
2 changes: 1 addition & 1 deletion src/web/components/webserv.html
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ <h4 class="ui header" id="webservRunningState">
<i class="green circle icon"></i>
<div class="content">
<span class="webserv_status">Running</span>
<div class="sub header">Listening on :<span class="webserv_port">8081</span></div>
<div class="sub header">Listen port :<span class="webserv_port">8081</span></div>
</div>
</h4>
</div>
Expand Down
5 changes: 5 additions & 0 deletions src/web/snippet/acme.html
Original file line number Diff line number Diff line change
Expand Up @@ -218,6 +218,11 @@ <h3>Generate New Certificate</h3>
$("#enableToggleSucc").stop().finish().fadeIn("fast").delay(3000).fadeOut("fast");
}
});

if (parent && parent.setACMEEnableStates){
parent.setACMEEnableStates(enabled);
}

}

//Render the domains table that exists in this zoraxy host
Expand Down

0 comments on commit bda47fc

Please sign in to comment.