malhuda/PMail
1
0
Fork 0
mirror of https://github.com/Jinnrry/PMail.git synced 2025-02-20 11:43:09 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

V2.5.2 (#145)

Browse Source 
* 移除自动DNS记录验证方式

* v2.5.2 (#13)

1、重写SSL证书申请逻辑,支持DNS记录验证方式
2、修复无法查看详情的bug
3、优化手动设置证书的逻辑
4、发送失败邮件添加错误提醒
5、补充详情接口的单元测试

Co-authored-by: jinnrry <jinnrry@users.noreply.github.com>
Reviewed-on: http://192.168.123.5/jinnrry/PMail_Github/pulls/13

---------

Co-authored-by: jinnrry <jinnrry@users.noreply.github.com>
Co-authored-by: jinnrry <i@jinnrry.com>
This commit is contained in:
Jinnrry 2024-07-06 12:54:58 +08:00 committed by GitHub
parent 056036e880
commit 4c22035819
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
20 changed files with 440 additions and 371 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Makefile
View File

@ -6,6 +6,7 @@ clean:
build_fe:
cd fe && yarn && yarn build
rm -rf server/http_server/dist
cd server && cp -rf ../fe/dist http_server
build_server:

6
fe/src/i18n/i18n.js
View File

@ -63,7 +63,8 @@ var lang = {
"web_domain": "Web Domain",
"dns_desc": "Please add the following information to your DNS records",
"ssl_auto": "Automatically configure SSL certificates (recommended)",
"wait_desc": "HTTP challenge mode completes in approximately 1 minute.",
"wait_desc": "Please Wait.",
"dns_challenge_wait": "DNS propagation and cache refreshes take a long time, and a wait of 10-30 minutes is possible here.",
"ssl_challenge_type":"Challenge Type",
"ssl_auto_http":"Http Request",
"ssl_auto_dns":"DNS Records",
@ -176,7 +177,8 @@ var zhCN = {
"ssl_challenge_type":"验证方式",
"ssl_manuallyf": "手动配置SSL证书",
"challenge_typ_desc": "如果PMail直接使用80端口建议使用HTTP验证方式。",
"wait_desc": "HTTP验证模式大约1分钟完成",
"wait_desc": "请稍等",
"dns_challenge_wait": "DNS传播和缓存刷新时间较长此处可能等待10-30分钟",
"ssl_key_path": "ssl key文件位置",
"ssl_crt_path": "ssl crt文件位置",
"group_settings": "分组",

8
fe/src/views/ListView.vue
View File

@ -40,6 +40,14 @@
</el-tooltip>
</span>
<span style="font-weight: 900;color: #FF0000;" v-if="scope.row.error != ''">
<el-tooltip effect="dark"
:content="scope.row.error"
placement="top-start">
!
</el-tooltip>
</span>
</div>
</template>
</el-table-column>

237
fe/src/views/SetupView.vue
View File

@ -133,16 +133,17 @@
<div class="form" width="600px">
<el-form label-width="120px">
<el-form-item :label="lang.type">
<el-select :placeholder="lang.ssl_auto" v-model="sslSettings.type">
<el-select :placeholder="lang.ssl_auto" v-model="sslSettings.type" :disabled="dnsChecking">
<el-option :label="lang.ssl_auto" value="0" />
<el-option :label="lang.ssl_manuallyf" value="1" />
</el-select>
</el-form-item>
<el-form-item :label="lang.ssl_challenge_type" v-if="sslSettings.type == '0'">
<el-select :placeholder="lang.ssl_auto_http" v-model="sslSettings.challenge">
<el-select :placeholder="lang.ssl_auto_http" v-model="sslSettings.challenge"
:disabled="dnsChecking">
<el-option :label="lang.ssl_auto_http" value="http" />
<!-- <el-option :label="lang.ssl_auto_dns" value="dns" /> -->
<el-option :label="lang.ssl_auto_dns" value="dns" />
</el-select>
<el-tooltip class="box-item" effect="dark" :content="lang.challenge_typ_desc"
@ -151,153 +152,9 @@
</el-tooltip>
</el-form-item>
<el-form-item :label="lang.oomain_service_provider"
v-if="sslSettings.type == '0' && sslSettings.challenge == 'dns'">
<el-select @change="provide_change" :placeholder="lang.oomain_service_provider"
v-model="sslSettings.provider">
<el-option label="acme-dns" value="acme-dns" />
<el-option label="alidns" value="alidns" />
<el-option label="allinkl" value="allinkl" />
<el-option label="arvancloud" value="arvancloud" />
<el-option label="azure" value="azure" />
<el-option label="azuredns" value="azuredns" />
<el-option label="auroradns" value="auroradns" />
<el-option label="autodns" value="autodns" />
<el-option label="bindman" value="bindman" />
<el-option label="bluecat" value="bluecat" />
<el-option label="brandit" value="brandit" />
<el-option label="bunny" value="bunny" />
<el-option label="checkdomain" value="checkdomain" />
<el-option label="civo" value="civo" />
<el-option label="clouddns" value="clouddns" />
<el-option label="cloudflare" value="cloudflare" />
<el-option label="cloudns" value="cloudns" />
<el-option label="cloudru" value="cloudru" />
<el-option label="cloudxns" value="cloudxns" />
<el-option label="conoha" value="conoha" />
<el-option label="constellix" value="constellix" />
<el-option label="cpanel" value="cpanel" />
<el-option label="derak" value="derak" />
<el-option label="desec" value="desec" />
<el-option label="designate" value="designate" />
<el-option label="digitalocean" value="digitalocean" />
<el-option label="dnshomede" value="dnshomede" />
<el-option label="dnsimple" value="dnsimple" />
<el-option label="dnsmadeeasy" value="dnsmadeeasy" />
<el-option label="dnspod" value="dnspod" />
<el-option label="dode" value="dode" />
<el-option label="domeneshop" value="domeneshop" />
<el-option label="domainnameshop" value="domainnameshop" />
<el-option label="dreamhost" value="dreamhost" />
<el-option label="duckdns" value="duckdns" />
<el-option label="dyn" value="dyn" />
<el-option label="dynu" value="dynu" />
<el-option label="easydns" value="easydns" />
<el-option label="edgedns" value="edgedns" />
<el-option label="fastdns" value="fastdns" />
<el-option label="efficientip" value="efficientip" />
<el-option label="epik" value="epik" />
<el-option label="exec" value="exec" />
<el-option label="exoscale" value="exoscale" />
<el-option label="freemyip" value="freemyip" />
<el-option label="gandi" value="gandi" />
<el-option label="gandiv5" value="gandiv5" />
<el-option label="gcloud" value="gcloud" />
<el-option label="gcore" value="gcore" />
<el-option label="glesys" value="glesys" />
<el-option label="godaddy" value="godaddy" />
<el-option label="googledomains" value="googledomains" />
<el-option label="hetzner" value="hetzner" />
<el-option label="hostingde" value="hostingde" />
<el-option label="hosttech" value="hosttech" />
<el-option label="httpreq" value="httpreq" />
<el-option label="hurricane" value="hurricane" />
<el-option label="hyperone" value="hyperone" />
<el-option label="ibmcloud" value="ibmcloud" />
<el-option label="iij" value="iij" />
<el-option label="iijdpf" value="iijdpf" />
<el-option label="infoblox" value="infoblox" />
<el-option label="infomaniak" value="infomaniak" />
<el-option label="internetbs" value="internetbs" />
<el-option label="inwx" value="inwx" />
<el-option label="ionos" value="ionos" />
<el-option label="ipv64" value="ipv64" />
<el-option label="iwantmyname" value="iwantmyname" />
<el-option label="joker" value="joker" />
<el-option label="liara" value="liara" />
<el-option label="lightsail" value="lightsail" />
<el-option label="linode" value="linode" />
<el-option label="linodev4" value="linodev4" />
<el-option label="liquidweb" value="liquidweb" />
<el-option label="loopia" value="loopia" />
<el-option label="luadns" value="luadns" />
<el-option label="mailinabox" value="mailinabox" />
<el-option label="manual" value="manual" />
<el-option label="metaname" value="metaname" />
<el-option label="mydnsjp" value="mydnsjp" />
<el-option label="mythicbeasts" value="mythicbeasts" />
<el-option label="namecheap" value="namecheap" />
<el-option label="namedotcom" value="namedotcom" />
<el-option label="namesilo" value="namesilo" />
<el-option label="nearlyfreespeech" value="nearlyfreespeech" />
<el-option label="netcup" value="netcup" />
<el-option label="netlify" value="netlify" />
<el-option label="nicmanager" value="nicmanager" />
<el-option label="nifcloud" value="nifcloud" />
<el-option label="njalla" value="njalla" />
<el-option label="nodion" value="nodion" />
<el-option label="ns1" value="ns1" />
<el-option label="oraclecloud" value="oraclecloud" />
<el-option label="otc" value="otc" />
<el-option label="ovh" value="ovh" />
<el-option label="pdns" value="pdns" />
<el-option label="plesk" value="plesk" />
<el-option label="porkbun" value="porkbun" />
<el-option label="rackspace" value="rackspace" />
<el-option label="rcodezero" value="rcodezero" />
<el-option label="regru" value="regru" />
<el-option label="rfc2136" value="rfc2136" />
<el-option label="rimuhosting" value="rimuhosting" />
<el-option label="route53" value="route53" />
<el-option label="safedns" value="safedns" />
<el-option label="sakuracloud" value="sakuracloud" />
<el-option label="scaleway" value="scaleway" />
<el-option label="selectel" value="selectel" />
<el-option label="servercow" value="servercow" />
<el-option label="shellrent" value="shellrent" />
<el-option label="simply" value="simply" />
<el-option label="sonic" value="sonic" />
<el-option label="stackpath" value="stackpath" />
<el-option label="tencentcloud" value="tencentcloud" />
<el-option label="transip" value="transip" />
<el-option label="ultradns" value="ultradns" />
<el-option label="variomedia" value="variomedia" />
<el-option label="vegadns" value="vegadns" />
<el-option label="vercel" value="vercel" />
<el-option label="versio" value="versio" />
<el-option label="vinyldns" value="vinyldns" />
<el-option label="vkcloud" value="vkcloud" />
<el-option label="vscale" value="vscale" />
<el-option label="vultr" value="vultr" />
<el-option label="webnames" value="webnames" />
<el-option label="websupport" value="websupport" />
<el-option label="wedos" value="wedos" />
<el-option label="yandex" value="yandex" />
<el-option label="yandex360" value="yandex360" />
<el-option label="yandexcloud" value="yandexcloud" />
<el-option label="zoneee" value="zoneee" />
<el-option label="zonomi" value="zonomi" />
</el-select>
</el-form-item>
<el-form-item :label="item"
v-if="sslSettings.paramsList.length != 0 && sslSettings.type == 0 && sslSettings.challenge == 'dns'"
v-for="item in sslSettings.paramsList">
<el-input style="width: 240px" :placeholder="item" v-model="dnsApiParams[item]" />
</el-form-item>
<el-form-item :label="lang.ssl_key_path" v-if="sslSettings.type == '1'">
<el-input placeholder="./config/ssl/private.key" v-model="sslSettings.key_path"></el-input>
@ -313,7 +170,30 @@
</div>
<el-button :element-loading-text="lang.wait_desc" v-loading.fullscreen.lock="fullscreenLoading" id="next" style="margin-top: 12px" @click="next">{{
<div v-if="dnsChecking">
<label>{{ lang.dns_desc }}</label>
<el-table :data="sslSettings.paramsList" border v-loading="sslSettings.paramsList.length == 0">
<el-table-column prop="host" label="HOSTNAME" width="110px" />
<el-table-column prop="type" label="TYPE" width="110px" />
<el-table-column prop="value" label="VALUE">
<template #default="scope">
<div style="display: flex; align-items: center">
<el-tooltip :content="scope.row.tips" placement="top" v-if="scope.row.tips != ''">
{{ scope.row.value }}
</el-tooltip>
<span v-else>{{ scope.row.value }}</span>
</div>
</template>
</el-table-column>
<el-table-column prop="ttl" label="TTL" width="110px" />
</el-table>
</div>
<el-button :element-loading-text="waitDesc" v-loading.fullscreen.lock="fullscreenLoading" id="next"
style="margin-top: 12px" @click="next">{{
lang.next }}</el-button>
</div>
@ -324,10 +204,11 @@ import { reactive, ref } from 'vue'
import { ElMessage } from 'element-plus'
import lang from '../i18n/i18n';
import axios from 'axios'
import { getCurrentInstance } from 'vue'
const app = getCurrentInstance()
const $http = app.appContext.config.globalProperties.$http
const waitDesc = ref(lang.wait_desc)
const adminSettings = reactive({
"account": "admin",
@ -349,18 +230,16 @@ const domainSettings = reactive({
const sslSettings = reactive({
"type": "0",
"provider": "",
"challenge": "http",
"key_path": "./config/ssl/private.key",
"crt_path": "./config/ssl/public.crt",
"paramsList": {},
"paramsList": [],
})
const dnsApiParams = reactive({})
const active = ref(0)
const fullscreenLoading = ref(false)
const dnsChecking = ref(false)
const dnsInfos = ref([
])
@ -455,9 +334,9 @@ const getSSLConfig = () => {
ElMessage.error(res.errorMsg)
} else {
sslSettings.type = res.data.type
if (sslSettings.type == "2"){
if (sslSettings.type == "2") {
sslSettings.type = "0"
sslSettings.challenge="dns"
sslSettings.challenge = "dns"
}
@ -475,24 +354,6 @@ const setSSLConfig = () => {
sslType = "2"
}
if (sslType == "2") {
let params = { "action": "setParams", "step": "ssl", };
params = Object.assign(params, dnsApiParams);
// dnsDNS api Key
$http.post("/api/setup", params).then((res) => {
if (res.errorNo != 0) {
fullscreenLoading.value = false;
ElMessage.error(res.errorMsg);
return;
}
})
}
$http.post("/api/setup", {
@ -500,15 +361,18 @@ const setSSLConfig = () => {
"step": "ssl",
"ssl_type": sslType,
"key_path": sslSettings.key_path,
"crt_path": sslSettings.crt_path,
"serviceName": sslSettings.provider
"crt_path": sslSettings.crt_path
}).then((res) => {
if (res.errorNo != 0) {
fullscreenLoading.value = false;
ElMessage.error(res.errorMsg)
} else {
if (sslType == 2) {
fullscreenLoading.value = false;
dnsChecking.value = true;
getSSLDNSParams();
}
checkStatus();
}
})
}
@ -542,16 +406,23 @@ const setDomainConfig = () => {
})
}
const provide_change = () => {
console.log(sslSettings.provider)
$http.post("/api/setup", { "action": "getParams", "step": "ssl", "serverName": sslSettings.provider }).then((res) => {
const getSSLDNSParams = () => {
$http.post("/api/setup", { "action": "getParams", "step": "ssl" }).then((res) => {
if (res.errorNo != 0) {
ElMessage.error(res.errorMsg)
} else {
sslSettings.paramsList = res.data
console.log(sslSettings.paramsList)
}
})
if (sslSettings.paramsList.length == 0) {
setTimeout(function () {
getSSLDNSParams()
}, 1000);
}
}
@ -576,8 +447,12 @@ const next = () => {
active.value++
break
case 5:
setSSLConfig();
active.value++
if (dnsChecking.value) {
fullscreenLoading.value = true;
waitDesc.value = lang.dns_challenge_wait;
} else {
setSSLConfig();
}
break
}

39
server/config/config.go
View File

@ -1,7 +1,12 @@
package config
import (
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"crypto/x509"
"encoding/json"
"encoding/pem"
"os"
)
@ -48,8 +53,8 @@ func (c *Config) SetSetupPort(setupPort int) {
const DBTypeMySQL = "mysql"
const DBTypeSQLite = "sqlite"
const SSLTypeAutoHTTP = "0" //自动生成证书
// const SSLTypeAutoDNS = "2" //自动生成证书DNS api验证
const SSLTypeUser = "1" //用户上传证书
const SSLTypeAutoDNS = "2" //自动生成证书DNS api验证
const SSLTypeUser = "1" //用户上传证书
var DBTypes []string = []string{DBTypeMySQL, DBTypeSQLite}
@ -86,3 +91,33 @@ func Init() {
}
}
func ReadPrivateKey() (*ecdsa.PrivateKey, bool) {
key, err := os.ReadFile("./config/ssl/account_private.pem")
if err != nil {
return createNewPrivateKey(), true
}
block, _ := pem.Decode(key)
x509Encoded := block.Bytes
privateKey, _ := x509.ParseECPrivateKey(x509Encoded)
return privateKey, false
}
func createNewPrivateKey() *ecdsa.PrivateKey {
// Create a user. New accounts need an email and private key to start.
privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {
panic(err)
}
x509Encoded, _ := x509.MarshalECPrivateKey(privateKey)
// 将ec 密钥写入到 pem文件里
keypem, _ := os.OpenFile("./config/ssl/account_private.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0666)
err = pem.Encode(keypem, &pem.Block{Type: "EC PRIVATE KEY", Bytes: x509Encoded})
if err != nil {
panic(err)
}
return privateKey
}

21
server/config/config.json
View File

@ -1,16 +1,17 @@
{
"logLevel": "debug",
"domain": "domain.com",
"webDomain": "mail.domain.com",
"logLevel": "",
"domain": "test.domain",
"domains": null,
"webDomain": "mail.test.domain",
"dkimPrivateKeyPath": "config/dkim/dkim.priv",
"sslType": "0",
"SSLPrivateKeyPath": "config/ssl/private.key",
"SSLPublicKeyPath": "config/ssl/public.crt",
"dbDSN": "./config/pmail.db",
"sslType": "1",
"SSLPrivateKeyPath": "./config/ssl/private.key",
"SSLPublicKeyPath": "./config/ssl/public.crt",
"dbDSN": "./config/pmail_temp.db",
"dbType": "sqlite",
"spamFilterLevel": 1,
"httpsEnabled": 1,
"spamFilterLevel": 0,
"httpPort": 80,
"httpsPort": 443,
"isInit": true,
"httpsEnabled": 1
"isInit": true
}

50
server/config/ssl/private.key
View File

@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAycVukHU+lPXo01d0W8ok0pxfy8/+tHKqd6gd9g1J6EOpf2SU
vR77+URpKNXxMokVX84VHnBGxDMvh5hM8oN5gqbJEwhTqOwZi19MQVfI5a1wrkYe
p1+hcAS/MsLgwqxFp7ABsH2oljQLLYsGZTs/+QooDcmE2K+Nnj2nM5VZ9ouGX2AN
PFMvSm1yuADmP4962xXEN730UfEamRTGsuU9U1g51cAUasblIf2RU9nKdEQsEihp
ApS45X2qayWgo3YJ6BAaqbZKmnekeIWkjlhHNYudNVxIqvp5MzndMPCNjfz/+xEc
Vn3hS5vzJMZQeOPJjSes6E2Cr0X2cvXnQGUfzQIDAQABAoIBAD7sWTyns6qUvdUa
0ujFM5KSvbU72jy//bVvMljHcCME5tkZruEDxqTH1turTJrr8UR9akyhyw/ovovU
zTpcEgrSpKZQ1HY7mwPB5nACRl6KJjfTGkAsLJZYhJ/58koDm31eAEjgBzFAbbP4
RThQr/SkXDVggRNqPAn7RCdsDjA6aR2bQD1Y7HMRfkEaJrTD4jfFHC9HZOtJsFOJ
SahfmL0O5ezdrHLBYaTrTIeIXJ95N3cqPvp/zRjJrsuj0msVG5icQO+KUHAjqQ7b
SLDcr0BsTxZWgHfOfyenS36dHI3D5hNOy6hEIio+LvOJU/NV7Ady2mMpfo7kzHFe
+ukT7IECgYEA5HVV/uggeIjtGZOeB3aiYnL3I4yD5e5h3rfqhQ5uOL9iLZKXDZXk
xncY2AA+2rEQt17y0g3eOJ1l0zx3NsDhopbWjESiGniU1ngZovUo/L57VFtTjWv1
PpFa+G8DBFLVf3jHXFyLQTb8feJHahYIcq7pkfjlrv6xNS8MsT3x8lECgYEA4hh6
3T7qN77YvOoPwI+5+myv+ewKOwwFu1NapAX/zzxCxJfjl8YBQO8fICbtbcXiLWyR
bRxcBUWg2gvzziEdJom3shIRaFeLdeofNFNZbQWpWsfG3HxItJSc5NV12dxHccnm
KJpHeAsy/uVAQLz32xJ2ssV4lvxE8xcgWHRZGr0CgYBiiYV089QFiTGS5Yu0tmOl
yOZ1q8a8JsyJzpPVnfrGeS20cFS8pFlPjNDnYXu6wcJvBQIAvcCKdMEVki/tKtZn
VV3mlDfC6R1xP8327n0mPlZddSKdjeHygalWHDOV6tBxMbvzR2s8zqWq+i1JQYWV
SYIu1sbiarIuOUPlMs2ncQKBgQC/jigCbPx5kGsG23PPHLZf8lfB8fbVAiGVDVD9
KMwL4y1abKl5/FsxjaacUf7VA1PWUmZ/wAhCuzRFqNy+JpYRAZst9lrjQVC57UrU
xU09rg9HB313bqEWxdaLlkLL+vJY+MrUWan1jd99z/N5JeEErYb9fYrmuQMdxdk0
uBaKLQKBgQC5Ot1cGmm2kwYJ4EMnTZKC2Kn9gDxXE0c92GkNhqU2ciuycy3vcl1U
QN+347AP2z5ISblffXhjcDf1Z1JJEQqq8WrfBkEwkIK74++vdVHojtObEiD2EQwA
c9s2jI4r7TCPXbtJ01v4GIaxXRBkhvN/Cg26fSgM5emrvFJmywPEwQ==
MIIEpAIBAAKCAQEA9uf8Kl44pXTgJSzns6SvySW4IRXh+K1Vi9FF4NRk3BysM0kI
ANFU+VmH7eV/Ql1F4Lrwzalset3QIt5qsBFFDA8me42mF2KYXqIVWvcSg+1MPPMk
Upb9jEPJAEOtMVVWKPu7AntCcWcmNESgSNLXDt7Ok7/hQ93jhiUQzrev6O5jNVvs
fiyQncfMuaHi3joRxojFfq454djswNy0DGswaN9qF+6uGgBgdwc7vOA81YzVDli3
3NCjwq/RjYu8fFJSZlWtvgYdCEoOe9qhknLzQAD3wCzdkkmIKZP/igg8dvhz71L+
4NWqDhYe1zmkAXL6Y8CucpiW1FrCRYjpDXtk6wIDAQABAoIBAAa+Y1bM6AMs5Apf
5Zw0fVCjJRpSPK/MHDALcTso0fBpIBLuhbdwAEAnP90xjX5EieoPcRBM9leMw2iQ
Zp2UeyxPJZ/uSIEPAlZjWu33HZxY2OI5Sd6vnRE9sLm/H3XffND1vy/cKf5q8NIw
pagXiiQv1biXXxG5d8NsM79RqQ5Vlsg/ygKb4OtHkGlOFdn/AhvDuOVBsR0ucCdO
qwL8qVI30pCeqAXt/3BdEmqN4LNckhyrEiwLUUgslgfkP3DVKyi3NpNI5sUYTd/i
Ui6eoCbhHSErV+JkFJNWIFy1nWjVNaEmEh9ArYq98xv1Z1Ejn+NHB/LCEhOnIJak
Vg31FRECgYEA++P6YSVTJaXw8NmjLVLiBIWZFK23/3C+m3dkN+Ye8YFMtvvUOLP2
mFCUA6WiST8R4R0djymmN2+0Aobjv2Qxesv9QmuNeiswQ7A+MKdmUuCy3ai22H5c
XDqKSs7JyXDMeBvPsrtCsYKVIMtago7nE/Ut//oHGgOu83e1dZiA1GUCgYEA+u8w
mHKbs720lD4HaSllxDRgAejnlmtyOZUm63dKxYAmwMaw0f1Y0UBn88hBNFcVxba2
CIEuz11MuhPGHh6esricmLryw8IPWzchuSZtxHu6OKggWFoCfGR/TxHqVqSLvSI3
B+GrdMQ2EqdmhzKgWQCazRtRlSrisRbrF5kkdw8CgYAwz/EJOk5ukUWrpsE0W0dp
UOplU3TAj3yga/aDzphYfJH9M7fgdR9oTNUiD8rvHsW8NgQwZgXL4F2lz7X6tNPR
1A3z/RuhfRURSOoES6xMizaeNb+ZHIORa9a4wHHiE3XMILeTDy7Rb1iuzjlv63lk
KLMNU8pkhCo3DA+iBjeQ8QKBgQCTmKUoxiC3NFpG58VMIcFuCrB97xRo8YIaRJTD
40LjsGEa+sN+gFoBmrSKO7u+oYp45ONlVTbHWcWLnZ3mkXQfA194pl2srzSBHoiD
cwsViwEZ2ipMTYUwzZvkUlFX7SkUck+UHzTOVarIhhZUZ37RWv2yruLprnPwXd6h
3r4IGQKBgQCTeZPaMFsuSzBc1twb6NAxEkPhcZXOAFC+xbGM/jcDx5MZqLAi9gVS
ASuZcWLtLsmIkmzBWnZyFm4enSUhTUYW8qpoV+KDM4RH8yBjSvitrr9lToM7nnnX
eauj/AgwH9D6pt3JtyPeqVOLeCo9LWSQBkKJKxdkPPIDaz4OlgRn3A==
-----END RSA PRIVATE KEY-----

79
server/config/ssl/public.crt
View File

@ -1,61 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISBNoMwrAFQkkwJmbpDuLTLHLiMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yNDA0MTUwNTQ3MzlaFw0yNDA3MTQwNTQ3MzhaMBwxGjAYBgNVBAMT
EXNtdHAuamlhbmd3ZWkub25lMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAycVukHU+lPXo01d0W8ok0pxfy8/+tHKqd6gd9g1J6EOpf2SUvR77+URpKNXx
MokVX84VHnBGxDMvh5hM8oN5gqbJEwhTqOwZi19MQVfI5a1wrkYep1+hcAS/MsLg
wqxFp7ABsH2oljQLLYsGZTs/+QooDcmE2K+Nnj2nM5VZ9ouGX2ANPFMvSm1yuADm
P4962xXEN730UfEamRTGsuU9U1g51cAUasblIf2RU9nKdEQsEihpApS45X2qayWg
o3YJ6BAaqbZKmnekeIWkjlhHNYudNVxIqvp5MzndMPCNjfz/+xEcVn3hS5vzJMZQ
eOPJjSes6E2Cr0X2cvXnQGUfzQIDAQABo4ICODCCAjQwDgYDVR0PAQH/BAQDAgWg
MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0G
A1UdDgQWBBS+FIEsLeo9FCo2y2tOmFUfhiv/LzAfBgNVHSMEGDAWgBQULrMXt1hW
y65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6
Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iu
b3JnLzBBBgNVHREEOjA4ghFtYWlsLmppYW5nd2VpLm9uZYIQcG9wLmppYW5nd2Vp
Lm9uZYIRc210cC5qaWFuZ3dlaS5vbmUwEwYDVR0gBAwwCjAIBgZngQwBAgEwggEE
BgorBgEEAdZ5AgQCBIH1BIHyAPAAdgAZmBBxCfDWUi4wgNKeP2S7g24ozPkPUo7u
385KPxa0ygAAAY7ggunqAAAEAwBHMEUCIFEMkK6C5zyorCJEM2nZqH75nkl6KQjI
RUiwLpcoupL0AiEAtKRWHmGBfL+AtLkurTurZlFURZIsrTqrreOFzThnSHoAdgBI
sONr2qZHNA/lagL6nTDrHFIBy1bdLIHZu7+rOdiEcwAAAY7ggunmAAAEAwBHMEUC
IGqaf3PAFZnvoKac1ASRb9eRpaGp7m+x/+Z1siJYegCnAiEAsLQJO7QvX/dXe+Bq
oCH1QhEqDFNhQLCavqrUyTi1wQ0wDQYJKoZIhvcNAQELBQADggEBABlSBbOwICT5
zE+U4vyaeU0ufVSyjT7ZbohpMAJh8WK7zG7xj/XgAA0EX2LB62NVk3/3u/GF3uz6
HsuCYUTsKY3MmwWttmwqWIxkMJk57j18J5vsJXW/YwqOz+v6h3QcUhUZW7c8Kl9I
t9t20uTssCWJ2OLe3TtumjxKX9iqeQ5CD3GDLTJlKP3UJ6eFGN5E42JjnIxk9GH5
yvqcPd9OHwDXbrA13Q6Xn7tdV8rzerGi/gGo18QvCtvH8wda/T+AUxRxXM9Ggit8
ITBsP3PWuIDvECTdQ+Zbft9Ut6PxOBLSH3Gqtghe+Fn7XQpchODw+0LbLi1fOgrW
8O+lguPxZ9w=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
MIIDmTCCAoECFH0cnkhiRVka2ZAWxpjtD+JgCv2GMA0GCSqGSIb3DQEBCwUAMIGI
MQswCQYDVQQGEwJDTjETMBEGA1UECAwKU29tZS1TdGF0ZTELMAkGA1UEBwwCQkox
DjAMBgNVBAoMBVBNYWlsMQ4wDAYDVQQLDAVQTWFpbDEWMBQGA1UEAwwNKi50ZXN0
LmRvbWFpbjEfMB0GCSqGSIb3DQEJARYQdGVzdEB0ZXN0LmRvbWFpbjAeFw0yNDA3
MDUwODA5MTVaFw0zNDA3MDMwODA5MTVaMIGIMQswCQYDVQQGEwJDTjETMBEGA1UE
CAwKU29tZS1TdGF0ZTELMAkGA1UEBwwCQkoxDjAMBgNVBAoMBVBNYWlsMQ4wDAYD
VQQLDAVQTWFpbDEWMBQGA1UEAwwNKi50ZXN0LmRvbWFpbjEfMB0GCSqGSIb3DQEJ
ARYQdGVzdEB0ZXN0LmRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPbn/CpeOKV04CUs57Okr8kluCEV4fitVYvRReDUZNwcrDNJCADRVPlZh+3l
f0JdReC68M2pbHrd0CLearARRQwPJnuNphdimF6iFVr3EoPtTDzzJFKW/YxDyQBD
rTFVVij7uwJ7QnFnJjREoEjS1w7ezpO/4UPd44YlEM63r+juYzVb7H4skJ3HzLmh
4t46EcaIxX6uOeHY7MDctAxrMGjfahfurhoAYHcHO7zgPNWM1Q5Yt9zQo8Kv0Y2L
vHxSUmZVrb4GHQhKDnvaoZJy80AA98As3ZJJiCmT/4oIPHb4c+9S/uDVqg4WHtc5
pAFy+mPArnKYltRawkWI6Q17ZOsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAIl8L
nL+wICckIRTfO4K4+F+7UHgLI2iTYRic6Hsy3K0aPvZAdVJiOlz0qaEcce+bFzj7
BZiHQWDgiPF4vNFqcmas4oFV+Au2K8AoYQFJrq+3dtiUaMStT7JkjNjci3C2NhPO
U7Gjq2OJx6IrJr7ECr2SFW4Sstw/h+s/mBfNl2BbE7kmT1xu/lyxpIiT7bYgSk/l
A3cJFE1JIoa7eUPpV4Kh0titwJnDYVfQmEeBNYivyeNwe4hiHtiZDamI6H7Wu95b
ldRRiFELoVs0GCn/ttIaSFvGUPeahn9rTNUUkjp4Un0RxuQFx8umQYl50zt1GZ1X
DICmWUwYYejqdXrrww==
-----END CERTIFICATE-----

18
server/config/ssl/server.csr Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICzjCCAbYCAQAwgYgxCzAJBgNVBAYTAkNOMRMwEQYDVQQIDApTb21lLVN0YXRl
MQswCQYDVQQHDAJCSjEOMAwGA1UECgwFUE1haWwxDjAMBgNVBAsMBVBNYWlsMRYw
FAYDVQQDDA0qLnRlc3QuZG9tYWluMR8wHQYJKoZIhvcNAQkBFhB0ZXN0QHRlc3Qu
ZG9tYWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9uf8Kl44pXTg
JSzns6SvySW4IRXh+K1Vi9FF4NRk3BysM0kIANFU+VmH7eV/Ql1F4Lrwzalset3Q
It5qsBFFDA8me42mF2KYXqIVWvcSg+1MPPMkUpb9jEPJAEOtMVVWKPu7AntCcWcm
NESgSNLXDt7Ok7/hQ93jhiUQzrev6O5jNVvsfiyQncfMuaHi3joRxojFfq454djs
wNy0DGswaN9qF+6uGgBgdwc7vOA81YzVDli33NCjwq/RjYu8fFJSZlWtvgYdCEoO
e9qhknLzQAD3wCzdkkmIKZP/igg8dvhz71L+4NWqDhYe1zmkAXL6Y8CucpiW1FrC
RYjpDXtk6wIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAPSNiDkAGFhMWFzQns+a
6+ujoI8Lf7baN/LklEEMRV2xq5sonj72ZU4PJDAyNFVj+pCKDOH5mb0r5ceRKYx/
HOlXxYvDhvk3t9mAGrRwG3UhzbCSbIIcvdKbU4FDGaRIzrSsvcv9fUDnw5fKTL61
IRDNewABlCncsUYfHrXeuMtqdiWyZMfYjiHDunCCo/FbrG70q9LjMHT4zHl9LV8T
jnrQzX0UaxBgLYDPEJX+2fqaXObv1HHSWlgZ6Ov9eRRKN2oRkb+KIbaTnlQ7Z7Y9
kzwla/WOKJDL5FA7275tVpC553+rglq/0Jy9Hiq71Sis9gnG8eTYsghN5FHZSMFT
a1s=
-----END CERTIFICATE REQUEST-----

2
server/controllers/email/list.go
View File

@ -27,6 +27,7 @@ type emilItem struct {
IsRead bool `json:"is_read"`
Sender User `json:"sender"`
Dangerous bool `json:"dangerous"`
Error string `json:"error"`
}
type User struct {
@ -83,6 +84,7 @@ func EmailList(ctx *context.Context, w http.ResponseWriter, req *http.Request) {
IsRead: email.IsRead == 1,
Sender: sender,
Dangerous: email.SPFCheck == 0 && email.DKIMCheck == 0,
Error: email.Error.String,
})
}

17
server/controllers/email/send.go
View File

@ -213,11 +213,28 @@ func Send(ctx *context.Context, w http.ResponseWriter, req *http.Request) {
if err != nil {
log.WithContext(ctx).Errorf("sql Error :%+v", err)
}
ue := models.UserEmail{
UserID: ctx.UserID,
EmailID: modelEmail.Id,
Status: 2,
IsRead: 1,
}
db.Instance.Insert(&ue)
} else {
_, err := db.Instance.Exec(db.WithContext(ctx, "update email set status =1 where id = ? "), modelEmail.Id)
if err != nil {
log.WithContext(ctx).Errorf("sql Error :%+v", err)
}
ue := models.UserEmail{
UserID: ctx.UserID,
EmailID: modelEmail.Id,
Status: 1,
IsRead: 1,
}
db.Instance.Insert(&ue)
}
}, nil)

2
server/controllers/group.go
View File

@ -31,7 +31,7 @@ func GetUserGroup(ctx *context.Context, w http.ResponseWriter, req *http.Request
},
{
Label: i18n.GetText(ctx.Lang, "outbox"),
Tag: dto.SearchTag{Type: 1, Status: 1}.ToString(),
Tag: dto.SearchTag{Type: 1, Status: -1}.ToString(),
},
{
Label: i18n.GetText(ctx.Lang, "sketch"),

47
server/controllers/setup.go
View File

@ -5,6 +5,7 @@ import (
log "github.com/sirupsen/logrus"
"io"
"net/http"
"os"
"pmail/config"
"pmail/dto/response"
"pmail/services/setup"
@ -134,40 +135,36 @@ func Setup(ctx *context.Context, w http.ResponseWriter, req *http.Request) {
return
}
//if reqData["step"] == "ssl" && reqData["action"] == "getParams" {
// params, err := ssl.GetServerParamsList(reqData["serverName"])
// if err != nil {
// response.NewErrorResponse(response.ServerError, err.Error(), "").FPrint(w)
// return
// }
// response.NewSuccessResponse(params).FPrint(w)
// return
//}
if reqData["step"] == "ssl" && reqData["action"] == "getParams" {
dnsChallenge := ssl.GetDnsChallengeInstance()
//if reqData["step"] == "ssl" && reqData["action"] == "setParams" {
// for key, v := range reqData {
// if key != "step" && key != "action" {
// ssl.SetDomainServerParams(key, v)
// }
// }
// response.NewSuccessResponse("Succ").FPrint(w)
// return
//}
response.NewSuccessResponse(dnsChallenge.GetDNSSettings(ctx)).FPrint(w)
return
}
if reqData["step"] == "ssl" && reqData["action"] == "set" {
keyPath := reqData["key_path"]
crtPath := reqData["crt_path"]
serviceName, ok := reqData["serviceName"]
if !ok {
serviceName = ""
}
err := ssl.SetSSL(reqData["ssl_type"], reqData["key_path"], reqData["crt_path"], serviceName)
_, err := os.Stat(keyPath)
if err != nil {
response.NewErrorResponse(response.ServerError, err.Error(), "").FPrint(w)
return
}
//if reqData["ssl_type"] == config.SSLTypeAutoHTTP || reqData["ssl_type"] == config.SSLTypeAutoDNS {
if reqData["ssl_type"] == config.SSLTypeAutoHTTP {
_, err = os.Stat(crtPath)
if err != nil {
response.NewErrorResponse(response.ServerError, err.Error(), "").FPrint(w)
return
}
err = ssl.SetSSL(reqData["ssl_type"], reqData["key_path"], reqData["crt_path"])
if err != nil {
response.NewErrorResponse(response.ServerError, err.Error(), "").FPrint(w)
return
}
if reqData["ssl_type"] == config.SSLTypeAutoHTTP || reqData["ssl_type"] == config.SSLTypeAutoDNS {
err = ssl.GenSSL(false)
if err != nil {
response.NewErrorResponse(response.ServerError, err.Error(), "").FPrint(w)

3
server/cron_server/ssl_update.go
View File

@ -22,7 +22,7 @@ func Start() {
}
}
if config.Instance.SSLType == "0" {
if config.Instance.SSLType == config.SSLTypeAutoHTTP || config.Instance.SSLType == config.SSLTypeAutoDNS {
go sslUpdateLoop()
} else {
go sslCheck()
@ -45,6 +45,7 @@ func sslCheck() {
log.Errorf("SSL Check Error! %+v", err)
}
if newExpTime != expiredTime {
expiredTime = newExpTime
log.Infoln("SSL certificate had update! restarting")
signal.RestartChan <- true
}

22
server/main_test.go
View File

@ -72,6 +72,7 @@ func TestMaster(t *testing.T) {
t.Run("testSendEmail", testSendEmail)
time.Sleep(8 * time.Second)
t.Run("testEmailList", testEmailList)
t.Run("testGetDetail", testGetEmailDetail)
t.Run("testDelEmail", testDelEmail)
t.Run("testSendEmail2User1", testSendEmail2User1)
@ -108,6 +109,23 @@ func testCheckRule(t *testing.T) {
}
}
func testGetEmailDetail(t *testing.T) {
ret, err := httpClient.Post(TestHost+"/api/email/detail", "application/json", strings.NewReader(`{
"id":1
}`))
if err != nil {
t.Error(err)
}
data, err := readResponse(ret.Body)
if err != nil {
t.Error(err)
}
if data.ErrorNo != 0 {
t.Error("GetEmailDetail Error! ", data)
}
}
func testCreateRule(t *testing.T) {
ret, err := httpClient.Post(TestHost+"/api/rule/add", "application/json", strings.NewReader(`{
"name":"Move Group",
@ -703,6 +721,7 @@ func testSendEmail2User3(t *testing.T) {
t.Logf("testSendEmail2User3 Success! Response: %+v", data)
}
func testEmailList(t *testing.T) {
ret, err := httpClient.Post(TestHost+"/api/email/list", "application/json", strings.NewReader(`{}`))
if err != nil {
@ -716,8 +735,9 @@ func testEmailList(t *testing.T) {
t.Error("Get Email List Api Error!")
}
dt := data.Data.(map[string]interface{})
if len(dt["list"].([]interface{})) == 0 {
if dt["list"] == nil || len(dt["list"].([]interface{})) == 0 {
t.Error("Email List Is Empty!")
return
}
lst := dt["list"].([]interface{})

4
server/models/user_email.go
View File

@ -2,8 +2,8 @@ package models
type UserEmail struct {
ID int `xorm:"id int unsigned not null pk autoincr"`
UserID int `xorm:"user_id int not null unique('uid_eid') index comment('用户id')"`
EmailID int `xorm:"email_id not null unique('uid_eid') index comment('信件id')"`
UserID int `xorm:"user_id int not null index('idx_eid') index comment('用户id')"`
EmailID int `xorm:"email_id not null index('idx_eid') index comment('信件id')"`
IsRead int8 `xorm:"is_read tinyint(1) comment('是否已读')" json:"is_read"`
GroupId int `xorm:"group_id int notnull default(0) comment('分组id')'" json:"group_id"`
Status int8 `xorm:"status tinyint(4) notnull default(0) comment('0未发送1已发送2发送失败3删除')" json:"status"` // 0未发送1已发送2发送失败 3删除

4
server/services/detail/detail.go
View File

@ -27,7 +27,7 @@ func GetEmailDetail(ctx *context.Context, id int, markRead bool) (*response.Emai
//获取邮件内容
var email response.EmailResponseData
_, err = db.Instance.ID(id).Get(&email)
_, err = db.Instance.Select("*,1 as is_read").Table("email").Where("id=?", id).Get(&email)
if err != nil {
log.WithContext(ctx).Errorf("SQL error:%+v", err)
return nil, err
@ -37,7 +37,7 @@ func GetEmailDetail(ctx *context.Context, id int, markRead bool) (*response.Emai
if markRead && ue.IsRead == 0 {
ue.IsRead = 1
_, err = db.Instance.Update(&ue)
_, err = db.Instance.Where("id=?", ue.ID).Update(&ue)
if err != nil {
log.WithContext(ctx).Errorf("SQL error:%+v", err)
}

65
server/services/setup/ssl/challenge.go
View File

@ -1,5 +1,12 @@
package ssl
import (
"github.com/go-acme/lego/v4/challenge/dns01"
log "github.com/sirupsen/logrus"
"pmail/utils/context"
"time"
)
type authInfo struct {
Domain string
Token string
@ -35,3 +42,61 @@ func GetHttpChallengeInstance() *HttpChallenge {
}
return instance
}
type DNSChallenge struct {
AuthInfo map[string]*authInfo
}
var dnsInstance *DNSChallenge
func GetDnsChallengeInstance() *DNSChallenge {
if dnsInstance == nil {
dnsInstance = &DNSChallenge{
AuthInfo: map[string]*authInfo{},
}
}
return dnsInstance
}
func (h *DNSChallenge) Present(domain, token, keyAuth string) error {
info := dns01.GetChallengeInfo(domain, keyAuth)
log.Infof("Presenting challenge Info : %+v", info)
h.AuthInfo[token] = &authInfo{
Domain: info.FQDN,
Token: token,
KeyAuth: info.Value,
}
log.Infof("SSL Log:%s %s %s", domain, token, keyAuth)
return nil
}
func (h *DNSChallenge) CleanUp(domain, token, keyAuth string) error {
delete(h.AuthInfo, token)
return nil
}
func (h *DNSChallenge) Timeout() (timeout, interval time.Duration) {
return 60 * time.Minute, 5 * time.Second
}
type DNSItem struct {
Type string `json:"type"`
Host string `json:"host"`
Value string `json:"value"`
TTL int `json:"ttl"`
Tips string `json:"tips"`
}
func (h *DNSChallenge) GetDNSSettings(ctx *context.Context) []*DNSItem {
ret := []*DNSItem{}
for _, info := range h.AuthInfo {
ret = append(ret, &DNSItem{
Type: "TXT",
Host: info.Domain,
Value: info.KeyAuth,
TTL: 3600,
})
}
return ret
}

153
server/services/setup/ssl/ssl.go
View File

@ -3,11 +3,10 @@ package ssl
import (
"crypto"
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"crypto/tls"
"crypto/x509"
"github.com/go-acme/lego/v4/certificate"
"github.com/go-acme/lego/v4/challenge/dns01"
log "github.com/sirupsen/logrus"
"github.com/spf13/cast"
"os"
@ -51,15 +50,13 @@ func GetSSL() string {
return cfg.SSLType
}
func SetSSL(sslType, priKey, crtKey, serviceName string) error {
func SetSSL(sslType, priKey, crtKey string) error {
cfg, err := setup.ReadConfig()
if err != nil {
panic(err)
}
//if sslType == config.SSLTypeAutoHTTP || sslType == config.SSLTypeUser || sslType == config.SSLTypeAutoDNS {
if sslType == config.SSLTypeAutoHTTP || sslType == config.SSLTypeUser {
if sslType == config.SSLTypeAutoHTTP || sslType == config.SSLTypeUser || sslType == config.SSLTypeAutoDNS {
cfg.SSLType = sslType
//cfg.DomainServiceName = serviceName
} else {
return errors.New("SSL Type Error!")
}
@ -67,6 +64,8 @@ func SetSSL(sslType, priKey, crtKey, serviceName string) error {
if cfg.SSLType == config.SSLTypeUser {
cfg.SSLPrivateKeyPath = priKey
cfg.SSLPublicKeyPath = crtKey
// 手动设置证书的情况下后台地址默认不启用https
cfg.HttpsEnabled = 2
}
err = setup.WriteConfig(cfg)
@ -77,27 +76,7 @@ func SetSSL(sslType, priKey, crtKey, serviceName string) error {
return nil
}
func GenSSL(update bool) error {
cfg, err := setup.ReadConfig()
if err != nil {
panic(err)
}
if !update {
privateFile, errpi := os.ReadFile(cfg.SSLPrivateKeyPath)
public, errpu := os.ReadFile(cfg.SSLPublicKeyPath)
// 当前存在证书数据,就不生成了
if errpi == nil && errpu == nil && len(privateFile) > 0 && len(public) > 0 {
return nil
}
}
// Create a user. New accounts need an email and private key to start.
privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {
return errors.Wrap(err)
}
func renewCertificate(privateKey *ecdsa.PrivateKey, cfg *config.Config) error {
myUser := MyUser{
Email: "i@" + cfg.Domain,
@ -114,31 +93,86 @@ func GenSSL(update bool) error {
return errors.Wrap(err)
}
if cfg.SSLType == "0" {
var reg *registration.Resource
reg, err = client.Registration.ResolveAccountByKey()
if err != nil {
return errors.Wrap(err)
}
myUser.Registration = reg
request := certificate.ObtainRequest{
Domains: []string{"smtp." + cfg.Domain, cfg.WebDomain, "pop." + cfg.Domain},
Bundle: true,
}
log.Infof("wait ssl renew")
certificates, err := client.Certificate.Obtain(request)
if err != nil {
panic(err)
}
err = os.WriteFile("./config/ssl/private.key", certificates.PrivateKey, 0666)
if err != nil {
panic(err)
}
err = os.WriteFile("./config/ssl/public.crt", certificates.Certificate, 0666)
if err != nil {
panic(err)
}
err = os.WriteFile("./config/ssl/issuerCert.crt", certificates.IssuerCertificate, 0666)
if err != nil {
panic(err)
}
return nil
}
func generateCertificate(privateKey *ecdsa.PrivateKey, cfg *config.Config, newAccount bool) error {
myUser := MyUser{
Email: "i@" + cfg.Domain,
key: privateKey,
}
conf := lego.NewConfig(&myUser)
conf.UserAgent = "PMail"
conf.Certificate.KeyType = certcrypto.RSA2048
// A client facilitates communication with the CA server.
client, err := lego.NewClient(conf)
if err != nil {
return errors.Wrap(err)
}
if cfg.SSLType == config.SSLTypeAutoHTTP {
err = client.Challenge.SetHTTP01Provider(GetHttpChallengeInstance())
if err != nil {
return errors.Wrap(err)
}
} else if cfg.SSLType == config.SSLTypeAutoDNS {
err = client.Challenge.SetDNS01Provider(GetDnsChallengeInstance(), dns01.AddDNSTimeout(60*time.Minute))
if err != nil {
return errors.Wrap(err)
}
}
//else if cfg.SSLType == "2" {
// err = os.Setenv(strings.ToUpper(cfg.DomainServiceName)+"_PROPAGATION_TIMEOUT", "900")
// if err != nil {
// log.Errorf("Set ENV Variable Error: %s", err.Error())
// }
// dnspodProvider, err := dns.NewDNSChallengeProviderByName(cfg.DomainServiceName)
// if err != nil {
// return errors.Wrap(err)
// }
// err = client.Challenge.SetDNS01Provider(dnspodProvider, dns01.AddDNSTimeout(15*time.Minute))
// if err != nil {
// return errors.Wrap(err)
// }
//}
reg, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
if err != nil {
return errors.Wrap(err)
var reg *registration.Resource
if newAccount {
reg, err = client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
if err != nil {
return errors.Wrap(err)
}
} else {
reg, err = client.Registration.ResolveAccountByKey()
if err != nil {
return errors.Wrap(err)
}
}
myUser.Registration = reg
request := certificate.ObtainRequest{
@ -154,7 +188,7 @@ func GenSSL(update bool) error {
if err != nil {
panic(err)
}
log.Infof("证书校验通过!")
err = os.WriteFile("./config/ssl/private.key", certificates.PrivateKey, 0666)
if err != nil {
panic(err)
@ -177,6 +211,31 @@ func GenSSL(update bool) error {
return nil
}
func GenSSL(update bool) error {
cfg, err := setup.ReadConfig()
if err != nil {
panic(err)
}
if !update {
privateFile, errpi := os.ReadFile(cfg.SSLPrivateKeyPath)
public, errpu := os.ReadFile(cfg.SSLPublicKeyPath)
// 当前存在证书数据,就不生成了
if errpi == nil && errpu == nil && len(privateFile) > 0 && len(public) > 0 {
return nil
}
}
privateKey, newAccount := config.ReadPrivateKey()
if !update {
return generateCertificate(privateKey, cfg, newAccount)
}
return renewCertificate(privateKey, cfg)
}
// CheckSSLCrtInfo 返回证书过期剩余天数
func CheckSSLCrtInfo() (int, time.Time, error) {
@ -207,7 +266,7 @@ func CheckSSLCrtInfo() (int, time.Time, error) {
}
func Update(needRestart bool) {
if config.Instance != nil && config.Instance.IsInit && config.Instance.SSLType == "0" {
if config.Instance != nil && config.Instance.IsInit && (config.Instance.SSLType == config.SSLTypeAutoHTTP || config.Instance.SSLType == config.SSLTypeAutoDNS) {
days, _, err := CheckSSLCrtInfo()
if days < 30 || err != nil {
if err != nil {

33
server/utils/send/send.go
View File

@ -76,24 +76,28 @@ func Forward(ctx *context.Context, e *parsemail.Email, forwardAddress string) er
tos := tos
as.WaitProcess(func(p any) {
err := smtp.SendMail("", domain.mxHost+":25", nil, e.From.EmailAddress, buildAddress(tos), b)
if err != nil {
log.WithContext(ctx).Warnf("SMTP Send Error! Error:%+v", err)
} else {
log.WithContext(ctx).Infof("SMTP Send Success !")
}
// 重新选取证书域名
// 使用其他方式发送
if err != nil {
// EOF 表示未知错误此时降级为非tls连接发送目前仅139邮箱有这个问题
if errors.Is(err, smtp.NoSupportSTARTTLSError) || err.Error() == "EOF" {
err = smtp.SendMailWithTls("", domain.mxHost+":465", nil, e.From.EmailAddress, buildAddress(tos), b)
if err != nil {
log.WithContext(ctx).Warnf("Unsafe! %s Server Not Support SMTPS & STARTTLS", domain.domain)
err = smtp.SendMailUnsafe("", domain.mxHost+":25", nil, e.From.EmailAddress, buildAddress(tos), b)
}
}
// 证书错误,从新选取证书发送
if certificateErr, ok := err.(*tls.CertificateVerificationError); ok {
if hostnameErr, is := certificateErr.Err.(x509.HostnameError); is {
// 单测使用
if domain.domain == "localhost" {
err = smtp.SendMailUnsafe("", domain.mxHost+":25", nil, e.From.EmailAddress, buildAddress(tos), b)
} else if hostnameErr, is := certificateErr.Err.(x509.HostnameError); is {
if hostnameErr.Certificate != nil {
certificateHostName := hostnameErr.Certificate.DNSNames
// 重新选取证书发送
err = smtp.SendMail(domainMatch(domain.domain, certificateHostName), domain.mxHost+":25", nil, e.From.EmailAddress, buildAddress(tos), b)
if err != nil {
log.WithContext(ctx).Warnf("SMTP Send Error! Error:%+v", err)
} else {
log.WithContext(ctx).Infof("SMTP Send Success !")
}
}
}
}
@ -185,7 +189,10 @@ func Send(ctx *context.Context, e *parsemail.Email) (error, map[string]error) {
// 证书错误,从新选取证书发送
if certificateErr, ok := err.(*tls.CertificateVerificationError); ok {
if hostnameErr, is := certificateErr.Err.(x509.HostnameError); is {
// 单测使用
if domain.domain == "localhost" {
err = smtp.SendMailUnsafe("", domain.mxHost+":25", nil, e.From.EmailAddress, buildAddress(tos), b)
} else if hostnameErr, is := certificateErr.Err.(x509.HostnameError); is {
if hostnameErr.Certificate != nil {
certificateHostName := hostnameErr.Certificate.DNSNames
// 重新选取证书发送