mirror of
https://github.com/tobychui/zoraxy.git
synced 2025-06-01 13:17:21 +02:00
Fixed bugs caused by DNS challenge PR
- Fixed concurrency in EAB and DNS credential save - Fixed missing CA name in ACME Obtain certificate handler - Optimized acmedns code config - Fixed a lot of front-end bugs in acme snippet
This commit is contained in:
Toby Chui
parent
3454a9b975
commit
ce4f46cb50
@ -117,6 +117,11 @@ func (a *ACMEHandler) ObtainCert(domains []string, certificateName string, email
|
||||
}
|
||||
}
|
||||
|
||||
//Fallback to Let's Encrypt if it is not set
|
||||
if caName == "" {
|
||||
caName = "Let's Encrypt"
|
||||
}
|
||||
|
||||
// setup the custom ACME url endpoint.
|
||||
if caUrl != "" {
|
||||
config.CADirURL = caUrl
|
||||
|
||||
@ -7,20 +7,29 @@ import (
|
||||
"strings"
|
||||
|
||||
"github.com/go-acme/lego/v4/challenge"
|
||||
"github.com/go-acme/lego/v4/providers/dns"
|
||||
"imuslab.com/zoraxy/mod/acme/acmedns"
|
||||
)
|
||||
|
||||
func GetDnsChallengeProviderByName(dnsProvider string, dnsCredentials string) (challenge.Provider, error) {
|
||||
credentials, err := extractDnsCredentials(dnsCredentials)
|
||||
|
||||
//Original Implementation
|
||||
/*credentials, err := extractDnsCredentials(dnsCredentials)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
setCredentialsIntoEnvironmentVariables(credentials)
|
||||
|
||||
provider, err := dns.NewDNSChallengeProviderByName(dnsProvider)
|
||||
return provider, err
|
||||
*/
|
||||
|
||||
//New implementation using acmedns CICD pipeline generated datatype
|
||||
return acmedns.GetDNSProviderByJsonConfig(dnsProvider, dnsCredentials)
|
||||
}
|
||||
|
||||
/*
|
||||
Original implementation of DNS ACME using OS.Env as payload
|
||||
*/
|
||||
|
||||
func setCredentialsIntoEnvironmentVariables(credentials map[string]string) {
|
||||
for key, value := range credentials {
|
||||
err := os.Setenv(key, value)
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -133,7 +133,8 @@
|
||||
</div>
|
||||
<div class="field dnsChallengeOnly" style="display:none;">
|
||||
<div class="ui divider"></div>
|
||||
<p>Required Configurations</p>
|
||||
<p>DNS Credentials (Leave all fields empty to use previous settings)<br>
|
||||
<small><i class="yellow exclamation triangle icon"></i> Note that domain DNS credentials are stored separately. For each new subdomain, you will need to enter a new DNS credentials.</small></p>
|
||||
<div id="dnsProviderAPIFields">
|
||||
|
||||
</div>
|
||||
@ -355,9 +356,26 @@
|
||||
// Button click event handler for obtaining certificate
|
||||
$("#obtainButton").click(function() {
|
||||
$("#obtainButton").addClass("loading").addClass("disabled");
|
||||
updateCertificateEAB();
|
||||
updateCertificateDNS();
|
||||
obtainCertificate();
|
||||
updateCertificateEAB(function(succ){
|
||||
if (succ){
|
||||
//Continue to next step
|
||||
updateCertificateDNS(function(succ){
|
||||
if (succ){
|
||||
obtainCertificate(function(succ){
|
||||
$("#obtainButton").removeClass("loading").removeClass("disabled");
|
||||
});
|
||||
}else{
|
||||
$("#obtainButton").removeClass("loading").removeClass("disabled");
|
||||
console.log("update Certificate DNS process halted");
|
||||
}
|
||||
});
|
||||
}else{
|
||||
console.log("Update Certificate EAB process halted");
|
||||
$("#obtainButton").removeClass("loading").removeClass("disabled");
|
||||
}
|
||||
});
|
||||
|
||||
|
||||
});
|
||||
|
||||
//On CA change in dropdown
|
||||
@ -459,7 +477,7 @@
|
||||
|
||||
|
||||
// Update EAB values for autorenewal
|
||||
function updateCertificateEAB() {
|
||||
function updateCertificateEAB(callback=undefined) {
|
||||
var ca = $("#ca").dropdown("get value");
|
||||
var caURL = "";
|
||||
if (ca == "Custom ACME Server") {
|
||||
@ -472,6 +490,10 @@
|
||||
}
|
||||
|
||||
if(caURL == "") {
|
||||
//Skip update
|
||||
if (callback != undefined){
|
||||
callback(true);
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
@ -479,6 +501,10 @@
|
||||
var hmac = $("#eab_hmac").val();
|
||||
|
||||
if(kid == "" || hmac == "") {
|
||||
//Skip update
|
||||
if (callback != undefined){
|
||||
callback(true);
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
@ -498,6 +524,9 @@
|
||||
console.log("Error:", response.error);
|
||||
// Show error message
|
||||
parent.msgbox(response.error, false, 12000);
|
||||
if (callback != undefined){
|
||||
callback(false);
|
||||
}
|
||||
} else {
|
||||
console.log("Certificate EAB updated successfully");
|
||||
// Show success message
|
||||
@ -505,12 +534,18 @@
|
||||
|
||||
// Renew the parent certificate list
|
||||
parent.initManagedDomainCertificateList();
|
||||
if (callback != undefined){
|
||||
callback(true);
|
||||
}
|
||||
}
|
||||
},
|
||||
error: function(error) {
|
||||
//$("#obtainButton").removeClass("loading").removeClass("disabled");
|
||||
console.log("Failed to update EAB configuration:", error);
|
||||
parent.msgbox("Failed to update EAB configuration");
|
||||
if (callback != undefined){
|
||||
callback(false);
|
||||
}
|
||||
}
|
||||
});
|
||||
}
|
||||
@ -519,30 +554,49 @@
|
||||
// the old DNSCredential TextArea input
|
||||
|
||||
function readDnsCredentials(){
|
||||
let dnsCredentials = "";
|
||||
let dnsCredentials = {};
|
||||
$(".dnsConfigField").each(function(){
|
||||
let thisKey = $(this).attr("key");
|
||||
let value = "";
|
||||
if ($(this).hasClass("checkbox")){
|
||||
//Boolean option
|
||||
let checked = $(this).find("input")[0].checked;
|
||||
dnsCredentials += `${thisKey}=${checked?"true":"false"}\n`
|
||||
dnsCredentials[thisKey] = checked;
|
||||
}else{
|
||||
//String or int options
|
||||
let value = $(this).find("input").val().trim();
|
||||
dnsCredentials += `${thisKey}=${value}\n`
|
||||
dnsCredentials[thisKey] = value;
|
||||
}
|
||||
});
|
||||
dnsCredentials = dnsCredentials.trim();
|
||||
|
||||
return dnsCredentials;
|
||||
}
|
||||
|
||||
// Update DNS values for autorenewal
|
||||
function updateCertificateDNS() {
|
||||
function updateCertificateDNS(callback=undefined) {
|
||||
var dns = $("#useDnsChallenge")[0].checked;
|
||||
var dnsProvider = "";
|
||||
var dnsCredentials = "";
|
||||
|
||||
if (!dns) {
|
||||
if (callback != undefined){
|
||||
callback(true);
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
//Check if all fields is empty. If yes, do not update the config
|
||||
let allFieldsEmpty = true;
|
||||
$(".dnsConfigField").each(function(){
|
||||
if ($(this).find("input").val().trim() != ""){
|
||||
allFieldsEmpty = false;
|
||||
}
|
||||
});
|
||||
if (allFieldsEmpty){
|
||||
//Do not update config on server side
|
||||
if (callback != undefined){
|
||||
callback(true);
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
@ -554,18 +608,18 @@
|
||||
if(dnsProvider == "") {
|
||||
parent.msgbox("DNS Provider cannot be empty", false, 5000);
|
||||
$("#obtainButton").removeClass("loading").removeClass("disabled");
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
if(dnsCredentials == "") {
|
||||
parent.msgbox("DNS Credentials cannot be empty", false, 5000);
|
||||
$("#obtainButton").removeClass("loading").removeClass("disabled");
|
||||
if (callback != undefined){
|
||||
callback(false);
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
var filename = getFilename();
|
||||
if (filename == '') {
|
||||
parent.msgbox("Domain to renew cannot be empty", false, 5000);
|
||||
if (callback != undefined){
|
||||
callback(false);
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
@ -575,7 +629,7 @@
|
||||
data: {
|
||||
filename: filename,
|
||||
dnsProvider: dnsProvider,
|
||||
dnsCredentials: dnsCredentials,
|
||||
dnsCredentials: JSON.stringify(dnsCredentials),
|
||||
},
|
||||
success: function(response) {
|
||||
//$("#obtainButton").removeClass("loading").removeClass("disabled");
|
||||
@ -583,31 +637,44 @@
|
||||
console.log("Error:", response.error);
|
||||
// Show error message
|
||||
parent.msgbox(response.error, false, 12000);
|
||||
if (callback != undefined){
|
||||
callback(false);
|
||||
}
|
||||
} else {
|
||||
console.log("Certificate DNS Credentials updated successfully");
|
||||
// Show success message
|
||||
parent.msgbox("Certificate DNS Credentials updated successfully");
|
||||
if (callback != undefined){
|
||||
callback(true);
|
||||
}
|
||||
}
|
||||
},
|
||||
error: function(error) {
|
||||
//$("#obtainButton").removeClass("loading").removeClass("disabled");
|
||||
console.log("Failed to update DNS configuration:", error);
|
||||
parent.msgbox("Failed to update DNS configuration");
|
||||
if (callback != undefined){
|
||||
callback(false);
|
||||
}
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
// Obtain certificate from API
|
||||
function obtainCertificate() {
|
||||
function obtainCertificate(callback=undefined) {
|
||||
var domains = $("#domainsInput").val();
|
||||
var filename = getFilename();
|
||||
if (filename == '') {
|
||||
if (callback != undefined){
|
||||
parent.msgbox("Domain to obtain certificate cannot be empty", false)
|
||||
callback(false);
|
||||
}
|
||||
return;
|
||||
}
|
||||
var email = $("#caRegisterEmail").val();
|
||||
if (email == ""){
|
||||
parent.msgbox("ACME renew email is not set", false)
|
||||
$("#obtainButton").removeClass("loading").removeClass("disabled");
|
||||
if (callback != undefined){callback(false);}
|
||||
return;
|
||||
}
|
||||
|
||||
@ -641,6 +708,7 @@
|
||||
console.log("Error:", response.error);
|
||||
// Show error message
|
||||
parent.msgbox(response.error, false, 12000);
|
||||
if (callback != undefined){callback(false);}
|
||||
} else {
|
||||
console.log("Certificate renewed successfully");
|
||||
// Show success message
|
||||
@ -648,11 +716,14 @@
|
||||
|
||||
// Renew the parent certificate list
|
||||
parent.initManagedDomainCertificateList();
|
||||
|
||||
if (callback != undefined){callback(true);}
|
||||
}
|
||||
},
|
||||
error: function(error) {
|
||||
$("#obtainButton").removeClass("loading").removeClass("disabled");
|
||||
console.log("Failed to renewed certificate:", error);
|
||||
if (callback != undefined){callback(false);}
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -176,6 +176,8 @@ func main() {
|
||||
Title: fields[0],
|
||||
Datatype: fields[1],
|
||||
})
|
||||
} else if fields[0] == "TTL" {
|
||||
//haveTTLField = true
|
||||
} else {
|
||||
hiddenKeys = append(hiddenKeys, &Field{
|
||||
Title: fields[0],
|
||||
@ -210,17 +212,15 @@ func main() {
|
||||
HiddenFields: hiddenKeys,
|
||||
}
|
||||
|
||||
//Generate the code for it
|
||||
|
||||
//Generate the code for converting incoming json into target config
|
||||
codeSegment := `
|
||||
case "` + providerName + `":
|
||||
cfg := ` + providerName + `.Config{}
|
||||
cfg := ` + providerName + `.NewDefaultConfig()
|
||||
err := json.Unmarshal([]byte(js), &cfg)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return ` + providerName + `.NewDNSProviderConfig(&cfg)`
|
||||
return ` + providerName + `.NewDNSProviderConfig(cfg)`
|
||||
|
||||
generatedConvertcode += codeSegment
|
||||
importList += ` "github.com/go-acme/lego/v4/providers/dns/` + providerName + "\"\n"
|
||||
|
||||
@ -22,5 +22,5 @@ go run ./extract.go
|
||||
echo "Cleaning up lego"
|
||||
# Comment the line below if you dont want to pull everytime update
|
||||
# This is to help go compiler to not load all the lego source file when compile
|
||||
rm -rf ./lego/
|
||||
#rm -rf ./lego/
|
||||
echo "Config generated"
|
||||
Loading…
x
Reference in New Issue
Block a user