Commit 0316cb0

authored

feat: Add HTTPS fallback prevention configuration in OpenResty (1Panel-dev#9703)

1 parent 04b9cbd commit 0316cb0Copy full SHA for 0316cb0

File tree

18 files changed

+277

-0

lines changed

agent
- app
  - api/v2
    - nginx.go
  - dto
    - request
      - nginx.go
    - response
      - nginx.go
  - service
    - nginx.go
- router
  - ro_nginx.go
frontend/src
- api
  - interface
    - nginx.ts
  - modules
    - nginx.ts
- lang/modules
- views/website/website/nginx
  - index.vue
  - other
    - index.vue

18 files changed

+277

-0

lines changed

`‎agent/app/api/v2/nginx.go`

Lines changed: 36 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -157,3 +157,39 @@ func (b BaseApi) GetNginxModules(c gin.Context) {`
`157`	`157`	`}`
`158`	`158`	`helper.SuccessWithData(c, modules)`
`159`	`159`	`}`
	`160`	`+`
	`161`	`+// @Tags OpenResty`
	`162`	`+// @Summary Operate default HTTPs`
	`163`	`+// @Accept json`
	`164`	`+// @Param request body request.NginxOperateReq true "request"`
	`165`	`+// @Success 200`
	`166`	`+// @Security ApiKeyAuth`
	`167`	`+// @Security Timestamp`
	`168`	`+// @Router /openresty/https [post]`
	`169`	`+func (b BaseApi) OperateDefaultHTTPs(c gin.Context) {`
	`170`	`+ var req request.NginxOperateReq`
	`171`	`+ if err := helper.CheckBindAndValidate(&req, c); err != nil {`
	`172`	`+ return`
	`173`	`+ }`
	`174`	`+`
	`175`	`+ if err := nginxService.OperateDefaultHTTPs(req); err != nil {`
	`176`	`+ helper.InternalServer(c, err)`
	`177`	`+ return`
	`178`	`+ }`
	`179`	`+ helper.Success(c)`
	`180`	`+}`
	`181`	`+`
	`182`	`+// @Tags OpenResty`
	`183`	`+// @Summary Get default HTTPs status`
	`184`	`+// @Success 200 {object} response.NginxConfigRes`
	`185`	`+// @Security ApiKeyAuth`
	`186`	`+// @Security Timestamp`
	`187`	`+// @Router /openresty/https [get]`
	`188`	`+func (b BaseApi) GetDefaultHTTPsStatus(c gin.Context) {`
	`189`	`+ res, err := nginxService.GetDefaultHttpsStatus()`
	`190`	`+ if err != nil {`
	`191`	`+ helper.InternalServer(c, err)`
	`192`	`+ return`
	`193`	`+ }`
	`194`	`+ helper.SuccessWithData(c, res)`
	`195`	`+}`

`‎agent/app/dto/request/nginx.go`

Lines changed: 4 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -126,3 +126,7 @@ type NginxModuleUpdate struct {`
`126`	`126`	Enable bool `json:"enable"`
`127`	`127`	Params string `json:"params"`
`128`	`128`	`}`
	`129`	`+`
	`130`	`+type NginxOperateReq struct {`
	`131`	+ Operate string `json:"operate" validate:"required,oneof=enable disable"`
	`132`	`+}`

`‎agent/app/dto/response/nginx.go`

Lines changed: 4 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -80,3 +80,7 @@ type NginxBuildConfig struct {`
`80`	`80`	Mirror string `json:"mirror"`
`81`	`81`	Modules []NginxModule `json:"modules"`
`82`	`82`	`}`
	`83`	`+`
	`84`	`+type NginxConfigRes struct {`
	`85`	+ Https bool `json:"https"`
	`86`	`+}`

`‎agent/app/service/nginx.go`

Lines changed: 72 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,8 @@ import (`
`4`	`4`	`"bufio"`
`5`	`5`	`"encoding/json"`
`6`	`6`	`"fmt"`
	`7`	`+ "github.com/1Panel-dev/1Panel/agent/utils/nginx"`
	`8`	`+ "github.com/1Panel-dev/1Panel/agent/utils/nginx/parser"`
`7`	`9`	`"io"`
`8`	`10`	`"net/http"`
`9`	`11`	`"os"`
`@@ -42,6 +44,9 @@ type INginxService interface {`
`42`	`44`	`Build(req request.NginxBuildReq) error`
`43`	`45`	`GetModules() (*response.NginxBuildConfig, error)`
`44`	`46`	`UpdateModule(req request.NginxModuleUpdate) error`
	`47`	`+`
	`48`	`+ OperateDefaultHTTPs(req request.NginxOperateReq) error`
	`49`	`+ GetDefaultHttpsStatus() (*response.NginxConfigRes, error)`
`45`	`50`	`}`
`46`	`51`
`47`	`52`	`func NewINginxService() INginxService {`
`@@ -348,3 +353,70 @@ func (n NginxService) UpdateModule(req request.NginxModuleUpdate) error {`
`348`	`353`	`}`
`349`	`354`	`return fileOp.SaveFileWithByte(moduleConfigPath, moduleByte, constant.DirPerm)`
`350`	`355`	`}`
	`356`	`+`
	`357`	`+func (n NginxService) OperateDefaultHTTPs(req request.NginxOperateReq) error {`
	`358`	`+ appInstall, err := getAppInstallByKey(constant.AppOpenresty)`
	`359`	`+ if err != nil {`
	`360`	`+ return err`
	`361`	`+ }`
	`362`	`+ websites, _ := websiteRepo.List()`
	`363`	`+ hasDefaultWebsite := false`
	`364`	`+ for _, website := range websites {`
	`365`	`+ if website.DefaultServer {`
	`366`	`+ hasDefaultWebsite = true`
	`367`	`+ break`
	`368`	`+ }`
	`369`	`+ }`
	`370`	`+ defaultConfigPath := path.Join(appInstall.GetPath(), "conf", "default", "00.default.conf")`
	`371`	`+ content, err := os.ReadFile(defaultConfigPath)`
	`372`	`+ if err != nil {`
	`373`	`+ return err`
	`374`	`+ }`
	`375`	`+ if req.Operate == "enable" {`
	`376`	`+ if err := handleSSLConfig(&appInstall, hasDefaultWebsite); err != nil {`
	`377`	`+ return err`
	`378`	`+ }`
	`379`	`+ } else if req.Operate == "disable" {`
	`380`	`+ defaultConfig, err := parser.NewStringParser(string(content)).Parse()`
	`381`	`+ if err != nil {`
	`382`	`+ return err`
	`383`	`+ }`
	`384`	`+ defaultConfig.FilePath = defaultConfigPath`
	`385`	`+ defaultServer := defaultConfig.FindServers()[0]`
	`386`	`+ defaultServer.RemoveListen(fmt.Sprintf("%d", appInstall.HttpsPort))`
	`387`	`+ defaultServer.RemoveListen(fmt.Sprintf("[::]:%d", appInstall.HttpsPort))`
	`388`	`+ defaultServer.RemoveDirective("include", []string{"/usr/local/openresty/nginx/conf/ssl/root_ssl.conf"})`
	`389`	`+ defaultServer.RemoveDirective("http2", []string{"on"})`
	`390`	`+ if err = nginx.WriteConfig(defaultConfig, nginx.IndentedStyle); err != nil {`
	`391`	`+ return err`
	`392`	`+ }`
	`393`	`+ }`
	`394`	`+ return nginxCheckAndReload(string(content), defaultConfigPath, appInstall.ContainerName)`
	`395`	`+}`
	`396`	`+`
	`397`	`+func (n NginxService) GetDefaultHttpsStatus() (*response.NginxConfigRes, error) {`
	`398`	`+ appInstall, err := getAppInstallByKey(constant.AppOpenresty)`
	`399`	`+ if err != nil {`
	`400`	`+ return nil, err`
	`401`	`+ }`
	`402`	`+ defaultConfigPath := path.Join(appInstall.GetPath(), "conf", "default", "00.default.conf")`
	`403`	`+ content, err := os.ReadFile(defaultConfigPath)`
	`404`	`+ if err != nil {`
	`405`	`+ return nil, err`
	`406`	`+ }`
	`407`	`+ defaultConfig, err := parser.NewStringParser(string(content)).Parse()`
	`408`	`+ if err != nil {`
	`409`	`+ return nil, err`
	`410`	`+ }`
	`411`	`+ defaultConfig.FilePath = defaultConfigPath`
	`412`	`+ defaultServer := defaultConfig.FindServers()[0]`
	`413`	`+ res := &response.NginxConfigRes{}`
	`414`	`+ for _, directive := range defaultServer.GetDirectives() {`
	`415`	`+ if directive.GetName() == "include" && directive.GetParameters()[0] == "/usr/local/openresty/nginx/conf/ssl/root_ssl.conf" {`
	`416`	`+ return &response.NginxConfigRes{`
	`417`	`+ Https: true,`
	`418`	`+ }, nil`
	`419`	`+ }`
	`420`	`+ }`
	`421`	`+ return res, nil`
	`422`	`+}`

`‎agent/router/ro_nginx.go`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -21,5 +21,7 @@ func (a NginxRouter) InitRouter(Router gin.RouterGroup) {`
`21`	`21`	`groupRouter.POST("/build", baseApi.BuildNginx)`
`22`	`22`	`groupRouter.POST("/modules/update", baseApi.UpdateNginxModule)`
`23`	`23`	`groupRouter.GET("/modules", baseApi.GetNginxModules)`
	`24`	`+ groupRouter.POST("/https", baseApi.OperateDefaultHTTPs)`
	`25`	`+ groupRouter.GET("/https", baseApi.GetDefaultHTTPsStatus)`
`24`	`26`	`}`
`25`	`27`	`}`

`‎frontend/src/api/interface/nginx.ts`

Lines changed: 8 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -50,4 +50,12 @@ export namespace Nginx {`
`50`	`50`	`export interface NginxModuleUpdate extends NginxModule {`
`51`	`51`	`operate: string;`
`52`	`52`	`}`
	`53`	`+`
	`54`	`+ export interface NginxHttpsStatus {`
	`55`	`+ https: boolean;`
	`56`	`+ }`
	`57`	`+`
	`58`	`+ export interface NginxOperateReq {`
	`59`	`+ operate: string;`
	`60`	`+ }`
`53`	`61`	`}`

`‎frontend/src/api/modules/nginx.ts`

Lines changed: 8 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -33,3 +33,11 @@ export const getNginxModules = () => {`
`33`	`33`	`export const updateNginxModule = (req: Nginx.NginxModuleUpdate) => {`
`34`	`34`	return http.post(`/openresty/modules/update`, req);
`35`	`35`	`};`
	`36`	`+`
	`37`	`+export const getHttpsStatus = () => {`
	`38`	+ return http.get<Nginx.NginxHttpsStatus>(`/openresty/https`);
	`39`	`+};`
	`40`	`+`
	`41`	`+export const operateHttps = (req: Nginx.NginxOperateReq) => {`
	`42`	+ return http.post(`/openresty/https`, req);
	`43`	`+};`

`‎frontend/src/lang/modules/en.ts`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -2566,6 +2566,8 @@ const message = {`
`2566`	`2566`	`'Scripts to execute before compilation, usually for downloading module source code, installing dependencies, etc.',`
`2567`	`2567`	`buildHelper:`
`2568`	`2568`	`'Click build after adding/modifying a module. OpenResty will automatically restart upon successful build.',`
	`2569`	`+ defaultHttps: 'HTTPS Anti-tampering',`
	`2570`	`+ defaultHttpsHelper1: 'Enabling this can resolve HTTPS tampering issues.',`
`2569`	`2571`	`},`
`2570`	`2572`	`ssl: {`
`2571`	`2573`	`create: 'Request',`

`‎frontend/src/lang/modules/ja.ts`

Lines changed: 18 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -2466,6 +2466,24 @@ const message = {`
`2466`	`2466`	`clearProxyCache: '逆プロキシキャッシュをきれいにします',`
`2467`	`2467`	`clearProxyCacheWarn:`
`2468`	`2468`	`'キャッシュで構成されたすべてのWebサイトが影響を受け、「OpenResty」が再起動されます。続けたいですか?',`
	`2469`	`+ create: 'モジュールを追加',`
	`2470`	`+ update: 'モジュールを編集',`
	`2471`	`+ params: 'パラメータ',`
	`2472`	`+ packages: 'パッケージ',`
	`2473`	`+ script: 'スクリプト',`
	`2474`	`+ module: 'モジュール',`
	`2475`	`+ build: 'ビルド',`
	`2476`	`+ buildWarn:`
	`2477`	`+ 'OpenRestyのビルドには一定量のCPUとメモリを確保する必要があり、時間がかかる場合がありますので、お待ちください。',`
	`2478`	`+ mirrorUrl: 'ソフトウェアソース',`
	`2479`	`+ paramsHelper: '例:--add-module=/tmp/ngx_brotli',`
	`2480`	`+ packagesHelper: '例:git,curl カンマ区切り',`
	`2481`	`+ scriptHelper:`
	`2482`	`+ 'コンパイル前に実行するスクリプト、通常はモジュールソースコードのダウンロード、依存関係のインストールなど',`
	`2483`	`+ buildHelper:`
	`2484`	`+ 'モジュールの追加/変更後にビルドをクリックします。ビルドが成功すると、OpenRestyは自動的に再起動します。',`
	`2485`	`+ defaultHttps: 'HTTPS 改ざん防止',`
	`2486`	`+ defaultHttpsHelper1: 'これを有効にすると、HTTPS 改ざん問題を解決できます。',`
`2469`	`2487`	`},`
`2470`	`2488`	`ssl: {`
`2471`	`2489`	`create: 'リクエスト',`

`‎frontend/src/lang/modules/ko.ts`

Lines changed: 15 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -2423,6 +2423,21 @@ const message = {`
`2423`	`2423`	`clearProxyCache: '리버스 프록시 캐시 삭제',`
`2424`	`2424`	`clearProxyCacheWarn:`
`2425`	`2425`	`'캐시가 구성된 모든 웹사이트에 영향을 미치며 OpenResty 가 다시 시작됩니다. 계속하시겠습니까?',`
	`2426`	`+ create: '모듈 추가',`
	`2427`	`+ update: '모듈 편집',`
	`2428`	`+ params: '매개변수',`
	`2429`	`+ packages: '패키지',`
	`2430`	`+ script: '스크립트',`
	`2431`	`+ module: '모듈',`
	`2432`	`+ build: '빌드',`
	`2433`	`+ buildWarn: 'OpenResty 빌드는 CPU와 메모리의 일정량을 예약해야 하며, 시간이 오래 걸릴 수 있으니 기다려 주세요.',`
	`2434`	`+ mirrorUrl: '소프트웨어 소스',`
	`2435`	`+ paramsHelper: '예: --add-module=/tmp/ngx_brotli',`
	`2436`	`+ packagesHelper: '예: git,curl 쉼표로 구분',`
	`2437`	`+ scriptHelper: '컴파일 전에 실행할 스크립트, 일반적으로 모듈 소스 코드 다운로드, 종속성 설치 등',`
	`2438`	`+ buildHelper: '모듈 추가/수정 후 빌드를 클릭하세요. 빌드가 성공하면 OpenResty가 자동으로 재시작됩니다.',`
	`2439`	`+ defaultHttps: 'HTTPS 변조 방지',`
	`2440`	`+ defaultHttpsHelper1: '이를 활성화하면 HTTPS 변조 문제를 해결할 수 있습니다.',`
`2426`	`2441`	`},`
`2427`	`2442`	`ssl: {`
`2428`	`2443`	`create: '요청',`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit 0316cb0

File tree

18 files changed

18 files changed

`‎agent/app/api/v2/nginx.go`

`‎agent/app/dto/request/nginx.go`

`‎agent/app/dto/response/nginx.go`

`‎agent/app/service/nginx.go`

`‎agent/router/ro_nginx.go`

`‎frontend/src/api/interface/nginx.ts`

`‎frontend/src/api/modules/nginx.ts`

`‎frontend/src/lang/modules/en.ts`

`‎frontend/src/lang/modules/ja.ts`

`‎frontend/src/lang/modules/ko.ts`

0 commit comments