Added build nginx config from json

Author: 0xJacky

server/api/cert.go

@@ -1,169 +1,164 @@
 package api
 
 import (
-    "encoding/json"
-    "github.com/0xJacky/Nginx-UI/server/settings"
-    "github.com/0xJacky/Nginx-UI/server/tool"
-    "github.com/0xJacky/Nginx-UI/server/tool/nginx"
-    "github.com/gin-gonic/gin"
-    "github.com/gorilla/websocket"
-    "log"
-    "net/http"
-    "os"
+	"encoding/json"
+	"github.com/0xJacky/Nginx-UI/server/settings"
+	"github.com/0xJacky/Nginx-UI/server/tool"
+	"github.com/0xJacky/Nginx-UI/server/tool/nginx"
+	"github.com/gin-gonic/gin"
+	"github.com/gorilla/websocket"
+	"log"
+	"net/http"
+	"os"
 )
 
 func CertInfo(c *gin.Context) {
-    domain := c.Param("domain")
+	domain := c.Param("domain")
 
-    key, err := tool.GetCertInfo(domain)
+	key, err := tool.GetCertInfo(domain)
 
-    if err != nil {
-        ErrHandler(c, err)
-        return
-    }
-
-    c.JSON(http.StatusOK, gin.H{
-        "subject_name": key.Subject.CommonName,
-        "issuer_name":  key.Issuer.CommonName,
-        "not_after":    key.NotAfter,
-        "not_before":   key.NotBefore,
-    })
+	c.JSON(http.StatusOK, gin.H{
+		"error":        err,
+		"subject_name": key.Subject.CommonName,
+		"issuer_name":  key.Issuer.CommonName,
+		"not_after":    key.NotAfter,
+		"not_before":   key.NotBefore,
+	})
 }
 
 func IssueCert(c *gin.Context) {
-    domain := c.Param("domain")
-    var upGrader = websocket.Upgrader{
-        CheckOrigin: func(r *http.Request) bool {
-            return true
-        },
-    }
-
-    // upgrade http to websocket
-    ws, err := upGrader.Upgrade(c.Writer, c.Request, nil)
-    if err != nil {
-        log.Println(err)
-        return
-    }
-
-    defer func(ws *websocket.Conn) {
-        err := ws.Close()
-        if err != nil {
-            log.Println(err)
-            return
-        }
-    }(ws)
-
-    for {
-        // read
-        mt, message, err := ws.ReadMessage()
-        if err != nil {
-            break
-        }
-        if string(message) == "go" {
-            var m []byte
-
-            if settings.ServerSettings.Demo {
-                m, _ = json.Marshal(gin.H{
-                    "status":  "error",
-                    "message": "this feature is not available in demo",
-                })
-                _ = ws.WriteMessage(mt, m)
-                return
-            }
-
-            err = tool.IssueCert(domain)
-
-            if err != nil {
-
-                log.Println(err)
-
-                m, err = json.Marshal(gin.H{
-                    "status":  "error",
-                    "message": err.Error(),
-                })
-
-                if err != nil {
-                    log.Println(err)
-                    return
-                }
-
-                err = ws.WriteMessage(mt, m)
-
-                if err != nil {
-                    log.Println(err)
-                    return
-                }
-
-                return
-            }
-
-            sslCertificatePath := nginx.GetNginxConfPath("ssl/" + domain + "/fullchain.cer")
-            _, err = os.Stat(sslCertificatePath)
-
-            if err != nil {
-                log.Println(err)
-                return
-            }
-
-            log.Println("[found]", "fullchain.cer")
-            m, err = json.Marshal(gin.H{
-                "status":  "success",
-                "message": "[found] fullchain.cer",
-            })
-
-            if err != nil {
-                log.Println(err)
-                return
-            }
-
-            err = ws.WriteMessage(mt, m)
-
-            if err != nil {
-                log.Println(err)
-                return
-            }
-
-            sslCertificateKeyPath := nginx.GetNginxConfPath("ssl/" + domain + "/" + domain + ".key")
-            _, err = os.Stat(sslCertificateKeyPath)
-
-            if err != nil {
-                log.Println(err)
-                return
-            }
-
-            log.Println("[found]", "cert key")
-            m, err = json.Marshal(gin.H{
-                "status":  "success",
-                "message": "[found] cert key",
-            })
-
-            if err != nil {
-                log.Println(err)
-            }
-
-            err = ws.WriteMessage(mt, m)
-
-            if err != nil {
-                log.Println(err)
-            }
-
-            log.Println("申请成功")
-            m, err = json.Marshal(gin.H{
-                "status":              "success",
-                "message":             "申请成功",
-                "ssl_certificate":     sslCertificatePath,
-                "ssl_certificate_key": sslCertificateKeyPath,
-            })
-
-            if err != nil {
-                log.Println(err)
-            }
-
-            err = ws.WriteMessage(mt, m)
-
-            if err != nil {
-                log.Println(err)
-            }
-        }
-    }
+	domain := c.Param("domain")
+	var upGrader = websocket.Upgrader{
+		CheckOrigin: func(r *http.Request) bool {
+			return true
+		},
+	}
+
+	// upgrade http to websocket
+	ws, err := upGrader.Upgrade(c.Writer, c.Request, nil)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	defer func(ws *websocket.Conn) {
+		err := ws.Close()
+		if err != nil {
+			log.Println("defer websocket close err", err)
+		}
+	}(ws)
+
+	for {
+		// read
+		mt, message, err := ws.ReadMessage()
+		if err != nil {
+			break
+		}
+		if string(message) == "go" {
+			var m []byte
+
+			if settings.ServerSettings.Demo {
+				m, _ = json.Marshal(gin.H{
+					"status":  "error",
+					"message": "this feature is not available in demo",
+				})
+				_ = ws.WriteMessage(mt, m)
+				return
+			}
+
+			err = tool.IssueCert(domain)
+
+			if err != nil {
+
+				log.Println(err)
+
+				m, err = json.Marshal(gin.H{
+					"status":  "error",
+					"message": err.Error(),
+				})
+
+				if err != nil {
+					log.Println(err)
+					return
+				}
+
+				err = ws.WriteMessage(mt, m)
+
+				if err != nil {
+					log.Println(err)
+					return
+				}
+
+				return
+			}
+
+			sslCertificatePath := nginx.GetNginxConfPath("ssl/" + domain + "/fullchain.cer")
+			_, err = os.Stat(sslCertificatePath)
+
+			if err != nil {
+				log.Println(err)
+				return
+			}
+
+			log.Println("[found]", "fullchain.cer")
+			m, err = json.Marshal(gin.H{
+				"status":  "success",
+				"message": "[found] fullchain.cer",
+			})
+
+			if err != nil {
+				log.Println(err)
+				return
+			}
+
+			err = ws.WriteMessage(mt, m)
+
+			if err != nil {
+				log.Println(err)
+				return
+			}
+
+			sslCertificateKeyPath := nginx.GetNginxConfPath("ssl/" + domain + "/" + domain + ".key")
+			_, err = os.Stat(sslCertificateKeyPath)
+
+			if err != nil {
+				log.Println(err)
+				return
+			}
+
+			log.Println("[found]", "cert key")
+			m, err = json.Marshal(gin.H{
+				"status":  "success",
+				"message": "[found] cert key",
+			})
+
+			if err != nil {
+				log.Println(err)
+			}
+
+			err = ws.WriteMessage(mt, m)
+
+			if err != nil {
+				log.Println(err)
+			}
+
+			log.Println("申请成功")
+			m, err = json.Marshal(gin.H{
+				"status":              "success",
+				"message":             "申请成功",
+				"ssl_certificate":     sslCertificatePath,
+				"ssl_certificate_key": sslCertificateKeyPath,
+			})
+
+			if err != nil {
+				log.Println(err)
+			}
+
+			err = ws.WriteMessage(mt, m)
+
+			if err != nil {
+				log.Println(err)
+			}
+		}
+	}
 }

server/api/domain.go

@@ -71,15 +71,9 @@ func GetDomain(c *gin.Context) {
 		enabled = false
 	}
 
-	content, err := ioutil.ReadFile(path)
+	config, err := nginx.ParseNgxConfig(path)
 
 	if err != nil {
-		if os.IsNotExist(err) {
-			c.JSON(http.StatusNotFound, gin.H{
-				"message": err.Error(),
-			})
-			return
-		}
 		ErrHandler(c, err)
 		return
 	}
@@ -89,8 +83,8 @@ func GetDomain(c *gin.Context) {
 	c.JSON(http.StatusOK, gin.H{
 		"enabled":   enabled,
 		"name":      name,
-		"config":    string(content),
-		"auto_cert": err == nil,
+		"config":    config.BuildConfig(),
+		"tokenized": config,
 	})
 
 }
@@ -150,7 +144,7 @@ func EnableDomain(c *gin.Context) {
 		return
 	}
 
-	// 测试配置文件，不通过则撤回启用
+	// Test nginx config, if not pass then rollback.
 	err = nginx.TestNginxConf()
 	if err != nil {
 		_ = os.Remove(enabledConfigFilePath)

server/test/nextcloud_ngx.conf

@@ -17,6 +17,10 @@ server {
 
     fastcgi_hide_header X-Powered-By;  # Remove X-Powered-By, which is an information leak
 
+    if ($invalid_referer) {
+        return 403;
+    }
+
     location = /robots.txt {
         allow all;
         log_not_found off;
@@ -54,13 +58,13 @@ server {
     fastcgi_buffers 64 4K;
 
     # Enable gzip but do not remove ETag headers
-    gzip on; gzip_vary on; location /x/ {} gzip_comp_level 4;
+    gzip on; gzip_vary on; location /x/ {}gzip_comp_level 4;
     gzip_min_length 256;gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
     gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
 
     # Uncomment if your server is build with the ngx_pagespeed module
     # This module is currently not supported.
-    #pagespeed off;
+    # pagespeed off;
     location / {
         if ( $http_user_agent ~ ^DavClnt ) {
             return 302 /remote.php/webdav/$is_args$args;