diff --git a/app/lib/DeployHelper.php b/app/lib/DeployHelper.php index 9aa5c13..f98099f 100644 --- a/app/lib/DeployHelper.php +++ b/app/lib/DeployHelper.php @@ -677,6 +677,65 @@ class DeployHelper ], ], ], + 'acepanel' => [ + 'name' => 'AcePanel', + 'class' => 1, + 'icon' => 'acepanel.svg', + 'desc' => '支持 AcePanel 3.0+ 版本使用', + 'note' => '支持 AcePanel 3.0+ 版本使用', + 'inputs' => [ + 'url' => [ + 'name' => '面板地址', + 'type' => 'input', + 'placeholder' => 'AcePanel 地址', + 'note' => '填写规则如:https://192.168.1.100:8888/xxxxxx ,带访问入口但不要带其他后缀', + 'required' => true, + ], + 'id' => [ + 'name' => '访问令牌ID', + 'type' => 'input', + 'placeholder' => '1', + 'note' => 'AcePanel 设置->用户->访问令牌', + 'required' => true, + ], + 'token' => [ + 'name' => '访问令牌', + 'type' => 'input', + 'note' => 'AcePanel 设置->用户->访问令牌', + 'placeholder' => '32位字符串', + 'required' => true, + ], + 'proxy' => [ + 'name' => '使用代理服务器', + 'type' => 'radio', + 'options' => [ + '0' => '否', + '1' => '是', + ], + 'value' => '0' + ], + ], + 'taskinputs' => [ + 'type' => [ + 'name' => '部署类型', + 'type' => 'radio', + 'options' => [ + '0' => 'AcePanel 网站的证书', + '1' => 'AcePanel 本身的证书', + ], + 'value' => '0', + 'required' => true, + ], + 'sites' => [ + 'name' => '网站名称列表', + 'type' => 'textarea', + 'placeholder' => '填写要部署证书的网站名称,每行一个', + 'note' => '填写创建网站时设置的网站唯一名称', + 'show' => 'type==0', + 'required' => true, + ], + ], + ], 'ratpanel' => [ 'name' => '耗子面板', 'class' => 1, diff --git a/app/lib/deploy/acepanel.php b/app/lib/deploy/acepanel.php new file mode 100644 index 0000000..78d8252 --- /dev/null +++ b/app/lib/deploy/acepanel.php @@ -0,0 +1,163 @@ +url = rtrim($config['url'], '/'); + $this->id = $config['id']; + $this->token = $config['token']; + $this->proxy = $config['proxy'] == 1; + } + + public function check() + { + if (empty($this->url) || empty($this->id) || empty($this->token)) throw new Exception('请填写完整面板地址和访问令牌'); + + $response = $this->request('/user/info', null, 'GET'); + $result = json_decode($response, true); + if (isset($result['msg']) && $result['msg'] == "success") { + return true; + } else { + throw new Exception($result['msg'] ?? '面板地址无法连接'); + } + } + + public function deploy($fullchain, $privatekey, $config, &$info) + { + if ($config['type'] == '1') { + $this->deployPanel($fullchain, $privatekey); + $this->log("面板证书部署成功"); + return; + } + $sites = explode("\n", $config['sites']); + $success = 0; + $errmsg = null; + foreach ($sites as $site) { + $site = trim($site); + if (empty($site)) continue; + try { + $this->deploySite($site, $fullchain, $privatekey); + $this->log("网站 {$site} 证书部署成功"); + $success++; + } catch (Exception $e) { + $errmsg = $e->getMessage(); + $this->log("网站 {$site} 证书部署失败:" . $errmsg); + } + } + if ($success == 0) { + throw new Exception($errmsg ?: '要部署的网站不存在'); + } + } + + private function deployPanel($fullchain, $privatekey) + { + $data = [ + 'cert' => $fullchain, + 'key' => $privatekey, + ]; + $response = $this->request('/setting/cert', $data); + $result = json_decode($response, true); + if (isset($result['msg']) && $result['msg'] == "success") { + return true; + } elseif (isset($result['msg'])) { + throw new Exception($result['msg']); + } else { + throw new Exception($response ?: '返回数据解析失败'); + } + } + + private function deploySite($name, $fullchain, $privatekey) + { + $data = [ + 'name' => $name, + 'cert' => $fullchain, + 'key' => $privatekey, + ]; + $response = $this->request('/website/cert', $data); + $result = json_decode($response, true); + if (isset($result['msg']) && $result['msg'] == "success") { + return true; + } elseif (isset($result['msg'])) { + throw new Exception($result['msg']); + } else { + throw new Exception($response ?: '返回数据解析失败'); + } + } + + public function setLogger($func) + { + $this->logger = $func; + } + + private function log($txt) + { + if ($this->logger) { + call_user_func($this->logger, $txt); + } + } + + private function request($path, $params, $method = 'POST') + { + $url = $this->url . '/api' . $path; + $body = $method == 'GET' ? null : json_encode($params); + $sign = $this->signRequest($method, $url, $body, $this->id, $this->token); + $response = http_request($url, $body, null, null, [ + 'Content-Type' => 'application/json', + 'X-Timestamp' => $sign['timestamp'], + 'Authorization' => 'HMAC-SHA256 Credential=' . $sign['id'] . ', Signature=' . $sign['signature'] + ], $this->proxy, $method); + return $response['body']; + } + + private function signRequest($method, $url, $body, $id, $token) + { + // 解析URL并获取路径 + $parsedUrl = parse_url($url); + $path = $parsedUrl['path']; + $query = $parsedUrl['query'] ?? ''; + + // 规范化路径 + $canonicalPath = $path; + if (!str_starts_with($path, '/api')) { + $apiPos = strpos($path, '/api'); + if ($apiPos !== false) { + $canonicalPath = substr($path, $apiPos); + } + } + + // 构造规范化请求 + $canonicalRequest = implode("\n", [ + $method, + $canonicalPath, + $query, + hash('sha256', $body ?: '') + ]); + + // 计算签名 + $timestamp = time(); + $stringToSign = implode("\n", [ + 'HMAC-SHA256', + $timestamp, + hash('sha256', $canonicalRequest) + ]); + $signature = hash_hmac('sha256', $stringToSign, $token); + + return [ + 'timestamp' => $timestamp, + 'signature' => $signature, + 'id' => $id + ]; + } +} diff --git a/public/static/images/acepanel.svg b/public/static/images/acepanel.svg new file mode 100644 index 0000000..b3da3f7 --- /dev/null +++ b/public/static/images/acepanel.svg @@ -0,0 +1,6 @@ + + + + + +