1Panel-dev/1Panel
1
1
Fork 0
mirror of https://github.com/1Panel-dev/1Panel.git synced 2026-02-27 08:45:10 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

feat: Add validation when applying wildcard domain certificates in HTTP mode (#8112)

Browse source
This commit is contained in:
zhengkunwang 2025-03-10 18:29:06 +08:00 committed by GitHub
parent f4685b2831
commit 63631b1118
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 21 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
agent/app/service/website_ssl.go
View file

@ -154,6 +154,16 @@ func (w WebsiteSSLService) Create(create request.WebsiteSSLCreate) (request.Webs
domains = append(domains, domain)
}
}
if create.Provider == constant.Http {
if strings.Contains(create.PrimaryDomain, "*") {
return res, buserr.New("ErrWildcardDomain")
}
for _, domain := range domains {
if strings.Contains(domain, "*") {
return res, buserr.New("ErrWildcardDomain")
}
}
}
websiteSSL.Domains = strings.Join(domains, ",")
if create.Provider == constant.DNSAccount || create.Provider == constant.Http {
@ -234,6 +244,11 @@ func (w WebsiteSSLService) ObtainSSL(apply request.WebsiteSSLApply) error {
return err
}
domains := []string{websiteSSL.PrimaryDomain}
if websiteSSL.Domains != "" {
domains = append(domains, strings.Split(websiteSSL.Domains, ",")...)
}
switch websiteSSL.Provider {
case constant.DNSAccount:
dnsAccount, err = websiteDnsRepo.GetFirst(repo.WithByID(websiteSSL.DnsAccountID))
@ -251,6 +266,11 @@ func (w WebsiteSSLService) ObtainSSL(apply request.WebsiteSSLApply) error {
}
return err
}
for _, domain := range domains {
if strings.Contains(domain, "*") {
return buserr.New("ErrWildcardDomain")
}
}
if err := client.UseHTTP(path.Join(appInstall.GetPath(), "root")); err != nil {
return err
}
@ -260,11 +280,6 @@ func (w WebsiteSSLService) ObtainSSL(apply request.WebsiteSSLApply) error {
}
}
domains := []string{websiteSSL.PrimaryDomain}
if websiteSSL.Domains != "" {
domains = append(domains, strings.Split(websiteSSL.Domains, ",")...)
}
var privateKey crypto.PrivateKey
if websiteSSL.PrivateKey == "" {
privateKey, err = certcrypto.GeneratePrivateKey(ssl.KeyType(websiteSSL.KeyType))

1
agent/i18n/lang/zh.yaml
View file

@ -157,6 +157,7 @@ ExecShellStart: "开始执行脚本"
ExecShellSuccess: "脚本执行成功"
StartUpdateSystemSSL: "开始更新系统证书"
UpdateSystemSSLSuccess: "更新系统证书成功"
ErrWildcardDomain: "HTTP 模式无法申请泛域名证书"
#mysql
ErrUserIsExist: "当前用户已存在,请重新输入"