def install_ssl_for_bucket_domain():
domain = request.values.get("domain")
if not domain:
return abort(404, "no domain set to install SSL")
bucket = get_logined_bucket()
if not bucket:
return abort(404, "need login first")
domain_bucket = get_bucket_from_domain(domain)
if bucket != domain_bucket:
return abort(404, "logined bucket is not matched to this domain")
cert_doc = get_ssl_cert_for_domain(domain)
ssl_key = request.values.get("ssl_key")
ssl_cert = request.values.get("ssl_cert")
if cert_doc.get("by_user"):
ssl_key = ssl_key or cert_doc.get("ssl_key") or ""
ssl_cert = ssl_cert or cert_doc.get("ssl_cert") or ""
data_obj = dict(ssl_key=ssl_key, ssl_cert=ssl_cert)
info = ""
if request.method == "POST":
info = set_ssl_cert_for_domain_by_user(domain=domain,
ssl_key=ssl_key,
ssl_cert=ssl_cert)
if not info: # ssl 安装成功了
return p_redirect("/admin")
return render_api_template_as_response("page_user_install_ssl.jade",
info=info,
data_obj=data_obj)
def get_bucket_from_request(try_referrer=True, hit_admin_bucket=True):
if DEBUG and TMP_BUCKET_FOR_DEBUG: # for debug
return TMP_BUCKET_FOR_DEBUG
domain = request.host
if ':' in domain:
domain = domain.split(':')[0]
bucket = get_bucket_from_domain(domain)
if not bucket and request.referrer:
bucket_c = re.search(r'/bucket/([^/]+)/', request.referrer)
if bucket_c:
bucket_from_referrer = bucket_c.group(1)
if is_valid_bucket_name(bucket_from_referrer):
bucket = bucket_from_referrer
if not bucket and hit_admin_bucket:
# at last, check the ADMIN_BUCKET
admin_bucket = get_admin_bucket()
if admin_bucket:
if domain in WEBSITE_DOMAINS: # the website for platform, return the ADMIN_BUCKET directly
return admin_bucket
elif domain in ['localhost'] or domain.startswith(
"192.168.100."
): # for debug, domain should not be 127.0.0.1
return admin_bucket
elif get_buckets_size() == 1:
# 当前只有一个 bucket
return admin_bucket
if try_referrer and not bucket and request.referrer and request.referrer.startswith(
request.url_root):
bucket = get_bucket_from_url(request.referrer)
return bucket
def show_bucket_status_for_system_admin():
if not get_logined_admin_bucket():
abort(404, "not admin")
bucket = request.args.get("bucket")
if not bucket:
abort(404, "bucket is empty")
if "." in bucket: # is domain
bucket = get_bucket_from_domain(bucket)
bucket_usage = get_bucket_usage(bucket)
domains = get_bucket_domains(bucket)
es_status = get_es_status_for_bucket(bucket)
return render_api_template_as_response("page_admin_bucket_usage.jade",
usage=bucket_usage,
domains=domains,
es_status=es_status)
def set_ssl_cert_for_domain_by_user(domain, ssl_key, ssl_cert):
# return None or error_info
# 需要确定 domain 对应到 bucket
bucket = get_bucket_from_domain(domain)
if not bucket:
return "the domain can not match bucket"
if not ssl_key:
return 'SSL Certificate Key is error'
try:
load_key_content(ssl_key)
except:
return 'SSL Certificate Key is error'
if not ssl_cert:
return 'SSL Certificate is error'
try:
load_cert_contents(ssl_cert)
except:
return 'SSL Certificate is error'
set_ssl_cert_for_domain(domain, ssl_key, ssl_cert, by_user=True, bucket=bucket)
def install_ssl(domain=''):
set_not_cache_current_request()
domain = domain or request.values.get('domain', '').lower().strip()
if ':' in domain:
domain = domain.split(':')[0]
if not request.host.startswith('127.0.0.1'):
abort(404, 'should be localhost')
if request.remote_addr and request.remote_addr != '127.0.0.1':
abort(404, 'outside error')
bucket = get_bucket_from_domain(domain)
if not bucket:
abort(404, 'bucket is not found')
cert_doc = get_ssl_cert_for_domain(domain)
ssl_key = cert_doc.get('ssl_key')
ssl_cert = cert_doc.get('ssl_cert')
if ssl_key and ssl_cert:
return send_plain_text('%s,%s' % (ssl_key, ssl_cert))
else:
return ','