مراية لـ
https://github.com/postalserver/postal.git
تم المزامنة 2026-01-19 22:29:47 +00:00
refactor: remove the fast server
هذا الالتزام موجود في:
Adam Cooke
@@ -1,108 +0,0 @@
|
||||
# == Schema Information
|
||||
#
|
||||
# Table name: track_certificates
|
||||
#
|
||||
# id :integer not null, primary key
|
||||
# domain :string(255)
|
||||
# certificate :text(65535)
|
||||
# intermediaries :text(65535)
|
||||
# key :text(65535)
|
||||
# expires_at :datetime
|
||||
# renew_after :datetime
|
||||
# verification_path :string(255)
|
||||
# verification_string :string(255)
|
||||
# created_at :datetime not null
|
||||
# updated_at :datetime not null
|
||||
#
|
||||
# Indexes
|
||||
#
|
||||
# index_track_certificates_on_domain (domain)
|
||||
#
|
||||
|
||||
class TrackCertificate < ApplicationRecord
|
||||
|
||||
validates :domain, :presence => true, :uniqueness => true
|
||||
|
||||
default_value :key, -> { OpenSSL::PKey::RSA.new(2048).to_s }
|
||||
|
||||
scope :active, -> { where("certificate IS NOT NULL AND expires_at > ?", Time.now) }
|
||||
|
||||
def active?
|
||||
certificate.present?
|
||||
end
|
||||
|
||||
def get
|
||||
order = Postal::LetsEncrypt.client.new_order(identifiers: [self.domain])
|
||||
authorization = order.authorizations.first
|
||||
challenge = authorization.http
|
||||
self.verification_path = challenge.filename
|
||||
self.verification_string = challenge.file_content
|
||||
self.save!
|
||||
logger.info "Attempting verification of #{self.domain}"
|
||||
challenge.request_validation
|
||||
checks = 0
|
||||
until challenge.status != "pending"
|
||||
checks += 1
|
||||
if checks > 30
|
||||
logger.info "Status remained at pending for 30 checks"
|
||||
return false
|
||||
end
|
||||
sleep 1
|
||||
challenge.reload
|
||||
end
|
||||
|
||||
unless challenge.status == "valid"
|
||||
logger.info "Status was not valid (was: #{challenge.status})"
|
||||
return false
|
||||
end
|
||||
|
||||
csr = OpenSSL::X509::Request.new
|
||||
csr.subject = OpenSSL::X509::Name.new([['CN', self.domain, OpenSSL::ASN1::UTF8STRING]])
|
||||
private_key = OpenSSL::PKey::RSA.new(self.key)
|
||||
csr.public_key = private_key.public_key
|
||||
csr.sign(private_key, OpenSSL::Digest::SHA256.new)
|
||||
logger.info "Getting certificate for #{self.domain}"
|
||||
order.finalize(:csr => csr)
|
||||
|
||||
sleep(1) while order.status == 'processing'
|
||||
https_cert = order.certificate # => PEM-formatted certificate
|
||||
cert, chain = https_cert.split(/\r?\n\r?\n/, 2)
|
||||
|
||||
self.certificate = cert
|
||||
self.intermediaries = chain
|
||||
self.expires_at = certificate_object.not_after
|
||||
self.renew_after = (self.expires_at - 1.month) + rand(10).days
|
||||
self.save!
|
||||
logger.info "Certificate issued (expires on #{self.expires_at}, will renew after #{self.renew_after})"
|
||||
return true
|
||||
|
||||
rescue Acme::Client::Error => e
|
||||
@retries = 0
|
||||
if e.is_a?(Acme::Client::Error::BadNonce) && @retries < 5
|
||||
@retries += 1
|
||||
logger.info "Bad nounce encountered. Retrying (#{@retries} of 5 attempts)"
|
||||
sleep 1
|
||||
verify
|
||||
else
|
||||
logger.info "Error: #{e.class} (#{e.message})"
|
||||
return false
|
||||
end
|
||||
end
|
||||
|
||||
def certificate_object
|
||||
OpenSSL::X509::Certificate.new(self.certificate)
|
||||
end
|
||||
|
||||
def intermediaries_array
|
||||
self.intermediaries.to_s.scan(/-----BEGIN CERTIFICATE-----.+?-----END CERTIFICATE-----/m).map{|c| OpenSSL::X509::Certificate.new(c)}
|
||||
end
|
||||
|
||||
def key_object
|
||||
OpenSSL::PKey::RSA.new(self.key)
|
||||
end
|
||||
|
||||
def logger
|
||||
Postal::LetsEncrypt.logger
|
||||
end
|
||||
|
||||
end
|
||||
@@ -34,8 +34,6 @@ class TrackDomain < ApplicationRecord
|
||||
scope :ok, -> { where(:dns_status => 'OK')}
|
||||
|
||||
after_create :check_dns, :unless => :dns_status
|
||||
after_create :create_ssl_certificate_if_missing
|
||||
after_destroy :delete_ssl_certificate_when_not_in_use
|
||||
|
||||
before_validation do
|
||||
self.server = self.domain.server if self.domain && self.server.nil?
|
||||
@@ -73,16 +71,8 @@ class TrackDomain < ApplicationRecord
|
||||
dns_ok?
|
||||
end
|
||||
|
||||
def has_ssl?
|
||||
ssl_certificate && ssl_certificate.active?
|
||||
end
|
||||
|
||||
def use_ssl?
|
||||
ssl_enabled? && has_ssl?
|
||||
end
|
||||
|
||||
def ssl_certificate
|
||||
@ssl_certificate ||= TrackCertificate.where(:domain => self.full_name).first
|
||||
ssl_enabled?
|
||||
end
|
||||
|
||||
def validate_domain_belongs_to_server
|
||||
@@ -91,17 +81,4 @@ class TrackDomain < ApplicationRecord
|
||||
end
|
||||
end
|
||||
|
||||
def create_ssl_certificate_if_missing
|
||||
unless TrackCertificate.where(:domain => self.full_name).exists?
|
||||
TrackCertificate.create!(:domain => self.full_name)
|
||||
end
|
||||
end
|
||||
|
||||
def delete_ssl_certificate_when_not_in_use
|
||||
others = TrackDomain.includes(:domain).where(:name => self.name, :domains => {:name => self.domain.name})
|
||||
if others.empty?
|
||||
TrackCertificate.where(:domain => self.full_name).destroy_all
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
المرجع في مشكلة جديدة
حظر مستخدم