feat: 添加数据库资产、命令拦截器、授权资产等功能,修复GitHub Actions工作流
This commit is contained in:
@@ -2,8 +2,12 @@ package api
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/rand"
|
||||
"crypto/rsa"
|
||||
"crypto/x509"
|
||||
"crypto/x509/pkix"
|
||||
"encoding/pem"
|
||||
"math/big"
|
||||
"strconv"
|
||||
"time"
|
||||
|
||||
@@ -65,12 +69,49 @@ func parseCertificate(certPEM string) (commonName, subject, issuer string, notBe
|
||||
return commonName, subject, issuer, notBefore, notAfter, nil
|
||||
}
|
||||
|
||||
func generateSelfSignedCertificate(commonName string) (certPEM, keyPEM string, notBefore, notAfter time.Time, err error) {
|
||||
priv, err := rsa.GenerateKey(rand.Reader, 2048)
|
||||
if err != nil {
|
||||
return "", "", time.Time{}, time.Time{}, err
|
||||
}
|
||||
|
||||
notBefore = time.Now()
|
||||
notAfter = notBefore.Add(365 * 24 * time.Hour)
|
||||
|
||||
serialNumber, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), 128))
|
||||
if err != nil {
|
||||
return "", "", time.Time{}, time.Time{}, err
|
||||
}
|
||||
|
||||
template := x509.Certificate{
|
||||
SerialNumber: serialNumber,
|
||||
Subject: pkix.Name{
|
||||
CommonName: commonName,
|
||||
},
|
||||
NotBefore: notBefore,
|
||||
NotAfter: notAfter,
|
||||
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
|
||||
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
|
||||
BasicConstraintsValid: true,
|
||||
}
|
||||
|
||||
derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
|
||||
if err != nil {
|
||||
return "", "", time.Time{}, time.Time{}, err
|
||||
}
|
||||
|
||||
certPEM = string(pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: derBytes}))
|
||||
keyPEM = string(pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)}))
|
||||
|
||||
return certPEM, keyPEM, notBefore, notAfter, nil
|
||||
}
|
||||
|
||||
func (api CertificateApi) CreateEndpoint(c echo.Context) error {
|
||||
var req struct {
|
||||
CommonName string `json:"commonName"`
|
||||
Certificate string `json:"certificate"`
|
||||
PrivateKey string `json:"privateKey"`
|
||||
Type string `json:"type"`
|
||||
CommonName string `json:"commonName"`
|
||||
Certificate string `json:"certificate"`
|
||||
PrivateKey string `json:"privateKey"`
|
||||
Type string `json:"type"`
|
||||
RequireClientAuth bool `json:"requireClientAuth"`
|
||||
}
|
||||
if err := c.Bind(&req); err != nil {
|
||||
@@ -78,18 +119,32 @@ func (api CertificateApi) CreateEndpoint(c echo.Context) error {
|
||||
}
|
||||
|
||||
item := &model.Certificate{
|
||||
ID: utils.UUID(),
|
||||
CommonName: req.CommonName,
|
||||
Certificate: req.Certificate,
|
||||
PrivateKey: req.PrivateKey,
|
||||
Type: req.Type,
|
||||
ID: utils.UUID(),
|
||||
CommonName: req.CommonName,
|
||||
Certificate: req.Certificate,
|
||||
PrivateKey: req.PrivateKey,
|
||||
Type: req.Type,
|
||||
RequireClientAuth: req.RequireClientAuth,
|
||||
IssuedStatus: "success",
|
||||
Created: common.NowJsonTime(),
|
||||
UpdatedAt: common.NowJsonTime(),
|
||||
IssuedStatus: "success",
|
||||
Created: common.NowJsonTime(),
|
||||
UpdatedAt: common.NowJsonTime(),
|
||||
}
|
||||
|
||||
if req.Certificate != "" {
|
||||
if item.Type == "" {
|
||||
item.Type = "imported"
|
||||
}
|
||||
|
||||
if req.Type == "self-signed" && req.Certificate == "" {
|
||||
certPEM, keyPEM, notBefore, notAfter, err := generateSelfSignedCertificate(req.CommonName)
|
||||
if err == nil {
|
||||
item.Certificate = certPEM
|
||||
item.PrivateKey = keyPEM
|
||||
item.NotBefore = common.NewJsonTime(notBefore)
|
||||
item.NotAfter = common.NewJsonTime(notAfter)
|
||||
item.Subject = "CN=" + req.CommonName
|
||||
item.Issuer = "CN=" + req.CommonName
|
||||
}
|
||||
} else if req.Certificate != "" {
|
||||
commonName, subject, issuer, notBefore, notAfter, err := parseCertificate(req.Certificate)
|
||||
if err == nil {
|
||||
if item.CommonName == "" {
|
||||
@@ -102,10 +157,6 @@ func (api CertificateApi) CreateEndpoint(c echo.Context) error {
|
||||
}
|
||||
}
|
||||
|
||||
if item.Type == "" {
|
||||
item.Type = "imported"
|
||||
}
|
||||
|
||||
if err := repository.CertificateRepository.Create(context.TODO(), item); err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -115,9 +166,9 @@ func (api CertificateApi) CreateEndpoint(c echo.Context) error {
|
||||
func (api CertificateApi) UpdateEndpoint(c echo.Context) error {
|
||||
id := c.Param("id")
|
||||
var req struct {
|
||||
CommonName string `json:"commonName"`
|
||||
Certificate string `json:"certificate"`
|
||||
PrivateKey string `json:"privateKey"`
|
||||
CommonName string `json:"commonName"`
|
||||
Certificate string `json:"certificate"`
|
||||
PrivateKey string `json:"privateKey"`
|
||||
RequireClientAuth bool `json:"requireClientAuth"`
|
||||
}
|
||||
if err := c.Bind(&req); err != nil {
|
||||
@@ -125,12 +176,12 @@ func (api CertificateApi) UpdateEndpoint(c echo.Context) error {
|
||||
}
|
||||
|
||||
item := &model.Certificate{
|
||||
ID: id,
|
||||
CommonName: req.CommonName,
|
||||
Certificate: req.Certificate,
|
||||
PrivateKey: req.PrivateKey,
|
||||
ID: id,
|
||||
CommonName: req.CommonName,
|
||||
Certificate: req.Certificate,
|
||||
PrivateKey: req.PrivateKey,
|
||||
RequireClientAuth: req.RequireClientAuth,
|
||||
UpdatedAt: common.NowJsonTime(),
|
||||
UpdatedAt: common.NowJsonTime(),
|
||||
}
|
||||
|
||||
if req.Certificate != "" {
|
||||
|
||||
Reference in New Issue
Block a user