update

class/core/site_api.py

@@ -82,6 +82,133 @@ class site_api:
             data['email'] = ''
         return public.returnJson(True, 'OK', data)
 
+    def getSslApi(self):
+        siteName = request.form.get('siteName', '').encode('utf-8')
+        path = '/etc/letsencrypt/live/' + siteName
+        csrpath = path + "/fullchain.pem"  # 生成证书路径
+        keypath = path + "/privkey.pem"  # 密钥文件路径
+        key = public.readFile(keypath)
+        csr = public.readFile(csrpath)
+
+        file = self.getHostConf(siteName)
+        conf = public.readFile(file)
+
+        keyText = 'ssl_certificate'
+        status = True
+        if(conf.find(keyText) == -1):
+            status = False
+            type = -1
+
+        toHttps = self.isToHttps(siteName)
+        id = public.M('sites').where("name=?", (siteName,)).getField('id')
+        domains = public.M('domain').where(
+            "pid=?", (id,)).field('name').select()
+        data = {'status': status, 'domain': domains, 'key': key,
+                'csr': csr, 'type': type, 'httpTohttps': toHttps}
+        return public.returnJson(True, 'OK', data)
+
+    def createLetApi(self):
+        siteName = request.form.get('siteName', '').encode('utf-8')
+        updateOf = request.form.get('updateOf', '')
+        domains = request.form.get('domains', '').encode('utf-8')
+        force = request.form.get('force', '').encode('utf-8')
+        renew = request.form.get('renew', '').encode('utf-8')
+        email_args = request.form.get('email', '').encode('utf-8')
+
+        domains = json.loads(domains)
+        email = public.M('users').getField('email')
+        if email_args.strip() != '':
+            public.M('users').setField('email', email_args)
+            email = email_args
+
+        if not len(domains):
+            return public.returnJson(False, '请选择域名')
+
+        file = self.getHostConf(siteName)
+        if os.path.exists(file):
+            siteConf = public.readFile(file)
+            if siteConf.find('301-START') != -1:
+                return public.returnJson(False, '检测到您的站点做了301重定向设置，请先关闭重定向!')
+
+        path = '/etc/letsencrypt/live/' + siteName
+        csrpath = path + "/fullchain.pem"  # 生成证书路径
+        keypath = path + "/privkey.pem"  # 密钥文件路径
+
+        actionstr = updateOf
+        siteInfo = public.M('sites').where(
+            'name=?', (siteName,)).field('id,name,path').find()
+        # runPath = self.getRunPath(get)
+        srcPath = siteInfo['path']
+        # if runPath != False and runPath != '/':
+        #     siteInfo['path'] += runPath
+        # path = siteInfo['path']
+
+        # 检测acem是否安装
+        if public.isAppleSystem():
+            user = public.execShell(
+                "who | sed -n '2, 1p' |awk '{print $1}'")[0].strip()
+            acem = '/Users/' + user + '/.acme.sh/acme.sh'
+        else:
+            acem = '/root/.acme.sh/acme.sh'
+        if not os.path.exists(acem):
+            acem = '/.acme.sh/acme.sh'
+        if not os.path.exists(acem):
+            try:
+                public.execShell("curl -sS curl https://get.acme.sh | sh")
+            except:
+                return public.returnJson(False, '尝试自动安装ACME失败,请通过以下命令尝试手动安装<p>安装命令: curl https://get.acme.sh | sh</p>' + acem)
+        if not os.path.exists(acem):
+            return public.returnJson(False, '尝试自动安装ACME失败,请通过以下命令尝试手动安装<p>安装命令: curl https://get.acme.sh | sh</p>' + acem)
+
+        force_bool = False
+        if force == 'true':
+            force_bool = True
+
+        if renew == 'true':
+            execStr = acem + " --renew --yes-I-know-dns-manual-mode-enough-go-ahead-please"
+        else:
+            execStr = acem + " --issue --force"
+
+        # 确定主域名顺序
+        domainsTmp = []
+        if siteName in domains:
+            domainsTmp.append(siteName)
+        for domainTmp in domains:
+            if domainTmp == siteName:
+                continue
+            domainsTmp.append(domainTmp)
+        domains = domainsTmp
+
+        home_path = public.getServerDir() + '/openresty/nginx/conf/cert/' + \
+            domains[0]
+        home_cert = home_path + '/fullchain.cer'
+        home_key = home_path + '/' + domains[0] + '.key'
+
+        domainCount = 0
+        for domain in domains:
+            if public.checkIp(domain):
+                continue
+            if domain.find('*.') != -1:
+                return public.returnJson(False, '泛域名不能使用【文件验证】的方式申请证书!')
+            if public.M('domain').where('name=?', (domain,)).count():
+                p = siteInfo['path']
+            else:
+                p = public.M('binding').where(
+                    'domain=?', (domain,)).getField('path')
+            path = p
+            execStr += ' -w ' + path
+            execStr += ' -d ' + domain
+            domainCount += 1
+        if domainCount == 0:
+            return public.returnJson(False, '请选择域名(不包括IP地址与泛域名)!')
+        print execStr
+
+        cmd = 'export ACCOUNT_EMAIL=' + email + ' && ' + execStr
+        # result = public.execShell(cmd)
+        print domains
+        print file
+        return public.returnJson(True, 'OK')
+
     def getIndexApi(self):
         sid = request.form.get('id', '').encode('utf-8')
         data = {}
@@ -239,7 +366,7 @@ class site_api:
         if domain_count == 1:
             return public.returnJson(False, '最后一个域名不能删除!')
 
-        file = self.setupPath + '/openresty/nginx/conf/vhost/' + webname + '.conf'
+        file = getHostConf(webname)
         conf = public.readFile(file)
         if conf:
             # 删除域名
@@ -541,6 +668,17 @@ class site_api:
 
         return public.getJson(data)
 
+    # 是否跳转到https
+    def isToHttps(self, siteName):
+        file = self.getHostConf(siteName)
+        conf = public.readFile(file)
+        if conf:
+            if conf.find('HTTP_TO_HTTPS_START') != -1:
+                return True
+            if conf.find('$server_port !~ 443') != -1:
+                return True
+        return False
+
     def getRewriteList(self):
         rewriteList = {}
         rewriteList['rewrite'] = []

route/static/app/site.js

@@ -1551,7 +1551,7 @@ function setSSL(id,siteName){
 	// 				+ '</div>'
 	// 				+ '<ul class="help-info-text c7 pull-left"><li>'+lan.site.ssl_help_2+'</li><li>'+lan.site.ssl_help_3+'</li></ul>'
 	// 			$(".tab-con").html(lets);
-	// 			$(".help-info-text").after("<div class='line mtb15'><button class='btn btn-default btn-sm' onclick=\"OcSSL('CloseSSLConf','"+siteName+"')\" style='margin-left:10px'>"+lan.site.ssl_close+"</button></div>");
+	// 			$(".help-info-text").after("<div class='line mtb15'><button class='btn btn-default btn-sm' onclick=\"ocSSL('CloseSSLConf','"+siteName+"')\" style='margin-left:10px'>"+lan.site.ssl_close+"</button></div>");
 	// 			break;
 	// 		case 0:
 	// 			$(".tab-nav span").eq(2).addClass("on").siblings().removeClass("on");
@@ -1609,7 +1609,7 @@ function httpToHttps(siteName){
 
 //关闭SSL内容
 function closeSSLHTML(txt,siteName){
-	$(".tab-con").html("<div class='line mtb15'>"+lan.get('ssl_enable',[txt])+"</div><div class='line mtb15'><button class='btn btn-success btn-sm' onclick=\"OcSSL('CloseSSLConf','"+siteName+"')\">"+lan.site.ssl_close+"</button></div>");
+	$(".tab-con").html("<div class='line mtb15'>"+lan.get('ssl_enable',[txt])+"</div><div class='line mtb15'><button class='btn btn-success btn-sm' onclick=\"ocSSL('CloseSSLConf','"+siteName+"')\">"+lan.site.ssl_close+"</button></div>");
 }
 
 //SSL
@@ -1745,7 +1745,7 @@ function opSSL(type,id,siteName){
 						+ '</div>'
 						+ '<ul class="help-info-text c7 pull-left"><li>'+lan.site.ssl_help_2+'</li><li>'+lan.site.ssl_help_3+'</li></ul>';
 					$(".tab-con").html(lets);
-					$(".help-info-text").after("<div class='line mtb15'><button class='btn btn-default btn-sm' onclick=\"OcSSL('CloseSSLConf','"+siteName+"')\" style='margin-left:10px'>"+lan.site.ssl_close+"</button></div>");
+					$(".help-info-text").after("<div class='line mtb15'><button class='btn btn-default btn-sm' onclick=\"ocSSL('CloseSSLConf','"+siteName+"')\" style='margin-left:10px'>"+lan.site.ssl_close+"</button></div>");
 				});
 				return;
 			}
@@ -1794,16 +1794,18 @@ function opSSL(type,id,siteName){
 			var key = '';
 			var csr = '';
 			var loadT = layer.msg(lan.site.the_msg,{icon:16,time:0,shade: [0.3, '#000']});
-			$.post('site?action=GetSSL','siteName='+siteName,function(rdata){
+			$.post('site/get_ssl','siteName='+siteName,function(data){
+				// console.log(data);
 				layer.close(loadT);
+				var rdata = data['data'];
 				if(rdata.status){
-					$(".ssl-btn").append("<button class='btn btn-default btn-sm' onclick=\"OcSSL('CloseSSLConf','"+siteName+"')\" style='margin-left:10px'>"+lan.site.ssl_close+"</button>");
+					$(".ssl-btn").append("<button class='btn btn-default btn-sm' onclick=\"ocSSL('CloseSSLConf','"+siteName+"')\" style='margin-left:10px'>"+lan.site.ssl_close+"</button>");
 				}
 				if(rdata.key == false) rdata.key = '';
 				if(rdata.csr == false) rdata.csr = '';
 				$("#key").val(rdata.key);
 				$("#csr").val(rdata.csr);
-			});
+			},'json');
 			break;
 	}
 	// table_fixed("btssl_table_list")
@@ -1827,7 +1829,7 @@ function getSSLlist(siteName){
 					//icoask = '<i class="ico-font-ask" title="'+tips+'">?</i>';
 				}
 				if(rdata.data[i].setup){
-					txt = lan.site.deployed+' | <a class="btlink" href="javascript:OcSSL(\'CloseSSLConf\',\''+siteName+'\')">'+lan.public.close+'</a></div>';
+					txt = lan.site.deployed+' | <a class="btlink" href="javascript:ocSSL(\'CloseSSLConf\',\''+siteName+'\')">'+lan.public.close+'</a></div>';
 				}
 				
 				tr += '<tr><td>'+rdata.data[i].commonName+'</td><td>'+getLocalTime(rdata.data[i].endtime).split(" ")[0]+'</td><td title='+tips+'>'+rdata.data[i].stateName+icoask+'</td><td class="text-right">'+txt+'</td></tr>'
@@ -1867,7 +1869,7 @@ function VerifyDomain(partnerOrderId,siteName){
 }
 
 //开启与关闭SSL
-function OcSSL(action,siteName){
+function ocSSL(action,siteName){
 	var loadT = layer.msg(lan.site.get_ssl_list,{icon:16,time:0,shade: [0.3, '#000']});
 	$.post("site?action="+action,'siteName='+siteName+'&updateOf=1',function(rdata){
 		layer.close(loadT)
@@ -1910,7 +1912,7 @@ function newSSL(siteName,domains){
 	var force = '';
 	if($("#checkDomain").prop("checked")) force = '&force=true';
 	var email = $("input[name='admin_email']").val();
-	$.post('site?action=CreateLet','siteName='+siteName+'&domains='+domains+'&updateOf=1&email='+email + force,function(rdata){
+	$.post('/site/create_let','siteName='+siteName+'&domains='+domains+'&updateOf=1&email='+email + force,function(rdata){
 		layer.close(loadT)
 		if(rdata.status){
 			var mykeyhtml = '<div class="myKeyCon ptb15"><div class="ssl-con-key pull-left mr20">'+lan.site.ssl_key+'<br><textarea id="key" class="bt-input-text" readonly="" style="background-color:#f6f6f6">'+rdata.key+'</textarea></div>'
@@ -1919,7 +1921,7 @@ function newSSL(siteName,domains){
 					+ '<ul class="help-info-text c7 pull-left"><li>'+lan.site.ssl_help_2+'</li><li>'+lan.site.ssl_help_3+'</li></ul>';
 			$(".btssl").html(mykeyhtml);
 			layer.msg(rdata.msg,{icon:rdata.status?1:2});
-			setCookie('letssl',1);
+			// setCookie('letssl',1);
 			return;
 		}
 		
@@ -1932,10 +1934,10 @@ function newSSL(siteName,domains){
 		data = "<p>"+rdata.msg+"</p><hr />"
 		if(rdata.err[0].length > 10) data += '<p style="color:red;">' + rdata.err[0].replace(/\n/g,'<br>') + '</p>';
 		if(rdata.err[1].length > 10) data += '<p style="color:red;">' + rdata.err[1].replace(/\n/g,'<br>') + '</p>';
-		setCookie('letssl',0);
+		// setCookie('letssl',0);
 		layer.msg(data,{icon:2,area:'500px',time:0,shade:0.3,shadeClose:true});
 		
-	});
+	},'json');
 }
 
 //保存SSL
@@ -1947,7 +1949,7 @@ function SaveSSL(siteName){
 		if(rdata.status){
 			layer.msg(rdata.msg,{icon:1});
 			$(".ssl-btn").find(".btn-default").remove();
-			$(".ssl-btn").append("<button class='btn btn-default btn-sm' onclick=\"OcSSL('CloseSSLConf','"+siteName+"')\" style='margin-left:10px'>"+lan.site.ssl_close+"</button>");
+			$(".ssl-btn").append("<button class='btn btn-default btn-sm' onclick=\"ocSSL('CloseSSLConf','"+siteName+"')\" style='margin-left:10px'>"+lan.site.ssl_close+"</button>");
 		}else{
 			layer.msg(rdata.msg,{icon:2,time:0,shade:0.3,shadeClose:true});
 		}