مراية لـ
https://github.com/postalserver/postal.git
تم المزامنة 2025-11-30 21:32:30 +00:00
refactor: remove the fast server
هذا الالتزام موجود في:
Adam Cooke
@@ -1,15 +0,0 @@
|
||||
class RenewTrackCertificatesJob < Postal::Job
|
||||
|
||||
def perform
|
||||
TrackCertificate.where("renew_after IS NULL OR renew_after <= ?", Time.now).each do |certificate|
|
||||
log "Renewing certificate for track domain ##{certificate.id} (#{certificate.domain})"
|
||||
if certificate.get
|
||||
log "Successfully renewed"
|
||||
else
|
||||
certificate.update(:renew_after => 1.day.from_now)
|
||||
log "Could not be renewed"
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
@@ -1,108 +0,0 @@
|
||||
# == Schema Information
|
||||
#
|
||||
# Table name: track_certificates
|
||||
#
|
||||
# id :integer not null, primary key
|
||||
# domain :string(255)
|
||||
# certificate :text(65535)
|
||||
# intermediaries :text(65535)
|
||||
# key :text(65535)
|
||||
# expires_at :datetime
|
||||
# renew_after :datetime
|
||||
# verification_path :string(255)
|
||||
# verification_string :string(255)
|
||||
# created_at :datetime not null
|
||||
# updated_at :datetime not null
|
||||
#
|
||||
# Indexes
|
||||
#
|
||||
# index_track_certificates_on_domain (domain)
|
||||
#
|
||||
|
||||
class TrackCertificate < ApplicationRecord
|
||||
|
||||
validates :domain, :presence => true, :uniqueness => true
|
||||
|
||||
default_value :key, -> { OpenSSL::PKey::RSA.new(2048).to_s }
|
||||
|
||||
scope :active, -> { where("certificate IS NOT NULL AND expires_at > ?", Time.now) }
|
||||
|
||||
def active?
|
||||
certificate.present?
|
||||
end
|
||||
|
||||
def get
|
||||
order = Postal::LetsEncrypt.client.new_order(identifiers: [self.domain])
|
||||
authorization = order.authorizations.first
|
||||
challenge = authorization.http
|
||||
self.verification_path = challenge.filename
|
||||
self.verification_string = challenge.file_content
|
||||
self.save!
|
||||
logger.info "Attempting verification of #{self.domain}"
|
||||
challenge.request_validation
|
||||
checks = 0
|
||||
until challenge.status != "pending"
|
||||
checks += 1
|
||||
if checks > 30
|
||||
logger.info "Status remained at pending for 30 checks"
|
||||
return false
|
||||
end
|
||||
sleep 1
|
||||
challenge.reload
|
||||
end
|
||||
|
||||
unless challenge.status == "valid"
|
||||
logger.info "Status was not valid (was: #{challenge.status})"
|
||||
return false
|
||||
end
|
||||
|
||||
csr = OpenSSL::X509::Request.new
|
||||
csr.subject = OpenSSL::X509::Name.new([['CN', self.domain, OpenSSL::ASN1::UTF8STRING]])
|
||||
private_key = OpenSSL::PKey::RSA.new(self.key)
|
||||
csr.public_key = private_key.public_key
|
||||
csr.sign(private_key, OpenSSL::Digest::SHA256.new)
|
||||
logger.info "Getting certificate for #{self.domain}"
|
||||
order.finalize(:csr => csr)
|
||||
|
||||
sleep(1) while order.status == 'processing'
|
||||
https_cert = order.certificate # => PEM-formatted certificate
|
||||
cert, chain = https_cert.split(/\r?\n\r?\n/, 2)
|
||||
|
||||
self.certificate = cert
|
||||
self.intermediaries = chain
|
||||
self.expires_at = certificate_object.not_after
|
||||
self.renew_after = (self.expires_at - 1.month) + rand(10).days
|
||||
self.save!
|
||||
logger.info "Certificate issued (expires on #{self.expires_at}, will renew after #{self.renew_after})"
|
||||
return true
|
||||
|
||||
rescue Acme::Client::Error => e
|
||||
@retries = 0
|
||||
if e.is_a?(Acme::Client::Error::BadNonce) && @retries < 5
|
||||
@retries += 1
|
||||
logger.info "Bad nounce encountered. Retrying (#{@retries} of 5 attempts)"
|
||||
sleep 1
|
||||
verify
|
||||
else
|
||||
logger.info "Error: #{e.class} (#{e.message})"
|
||||
return false
|
||||
end
|
||||
end
|
||||
|
||||
def certificate_object
|
||||
OpenSSL::X509::Certificate.new(self.certificate)
|
||||
end
|
||||
|
||||
def intermediaries_array
|
||||
self.intermediaries.to_s.scan(/-----BEGIN CERTIFICATE-----.+?-----END CERTIFICATE-----/m).map{|c| OpenSSL::X509::Certificate.new(c)}
|
||||
end
|
||||
|
||||
def key_object
|
||||
OpenSSL::PKey::RSA.new(self.key)
|
||||
end
|
||||
|
||||
def logger
|
||||
Postal::LetsEncrypt.logger
|
||||
end
|
||||
|
||||
end
|
||||
@@ -34,8 +34,6 @@ class TrackDomain < ApplicationRecord
|
||||
scope :ok, -> { where(:dns_status => 'OK')}
|
||||
|
||||
after_create :check_dns, :unless => :dns_status
|
||||
after_create :create_ssl_certificate_if_missing
|
||||
after_destroy :delete_ssl_certificate_when_not_in_use
|
||||
|
||||
before_validation do
|
||||
self.server = self.domain.server if self.domain && self.server.nil?
|
||||
@@ -73,16 +71,8 @@ class TrackDomain < ApplicationRecord
|
||||
dns_ok?
|
||||
end
|
||||
|
||||
def has_ssl?
|
||||
ssl_certificate && ssl_certificate.active?
|
||||
end
|
||||
|
||||
def use_ssl?
|
||||
ssl_enabled? && has_ssl?
|
||||
end
|
||||
|
||||
def ssl_certificate
|
||||
@ssl_certificate ||= TrackCertificate.where(:domain => self.full_name).first
|
||||
ssl_enabled?
|
||||
end
|
||||
|
||||
def validate_domain_belongs_to_server
|
||||
@@ -91,17 +81,4 @@ class TrackDomain < ApplicationRecord
|
||||
end
|
||||
end
|
||||
|
||||
def create_ssl_certificate_if_missing
|
||||
unless TrackCertificate.where(:domain => self.full_name).exists?
|
||||
TrackCertificate.create!(:domain => self.full_name)
|
||||
end
|
||||
end
|
||||
|
||||
def delete_ssl_certificate_when_not_in_use
|
||||
others = TrackDomain.includes(:domain).where(:name => self.name, :domains => {:name => self.domain.name})
|
||||
if others.empty?
|
||||
TrackCertificate.where(:domain => self.full_name).destroy_all
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
.navBar.navBar--secondary
|
||||
%ul
|
||||
%li.navBar__item= link_to "Domains", organization_server_domains_path(organization, @server), :class => ['navBar__link', active_nav == :domains ? 'is-active' : '']
|
||||
- if Postal.tracking_available?
|
||||
%li.navBar__item= link_to "Tracking Domains", organization_server_track_domains_path(organization, @server), :class => ['navBar__link', active_nav == :track_domains ? 'is-active' : '']
|
||||
%li.navBar__item= link_to "Tracking Domains", organization_server_track_domains_path(organization, @server), :class => ['navBar__link', active_nav == :track_domains ? 'is-active' : '']
|
||||
|
||||
@@ -31,10 +31,7 @@
|
||||
%li.domainList__check.domainList__check--warning{:title => track_domain.dns_error} CNAME not configured correctly
|
||||
|
||||
- if track_domain.ssl_enabled?
|
||||
- if track_domain.has_ssl?
|
||||
%li.domainList__check.domainList__check--ok= link_to "SSL enabled", [:toggle_ssl, organization, @server, track_domain], :remote => true, :method => :post
|
||||
- else
|
||||
%li.domainList__check.domainList__check--neutral= link_to "SSL setup in progress", [:toggle_ssl, organization, @server, track_domain], :remote => true, :method => :post
|
||||
%li.domainList__check.domainList__check--neutral= link_to "SSL enabled", [:toggle_ssl, organization, @server, track_domain], :remote => true, :method => :post
|
||||
- else
|
||||
%li.domainList__check.domainList__check--neutral-cross= link_to "SSL disabled", [:toggle_ssl, organization, @server, track_domain], :remote => true, :method => :post
|
||||
|
||||
|
||||
المرجع في مشكلة جديدة
حظر مستخدم