feat: Add AI-enhanced configuration (#7870)

Author: zhengkunwang223

backend/app/api/v1/ai_tool.go

@@ -134,3 +134,64 @@ func (b *BaseApi) LoadGpuInfo(c *gin.Context) {
 	}
 	helper.SuccessWithData(c, &common.GpuInfo{})
 }
+
+// @Tags AITools
+// @Summary Bind domain
+// @Accept json
+// @Param request body dto.WebsiteConfig true "request"
+// @Success 200
+// @Security ApiKeyAuth
+// @Security Timestamp
+// @Router /aitool/domain/bind [post]
+func (b *BaseApi) BindDomain(c *gin.Context) {
+	var req dto.OllamaBindDomain
+	if err := helper.CheckBindAndValidate(&req, c); err != nil {
+		return
+	}
+	if err := AIToolService.BindDomain(req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+	helper.SuccessWithOutData(c)
+}
+
+// @Tags AITools
+// @Summary Get bind domain
+// @Accept json
+// @Param request body dto.OllamaBindDomainReq true "request"
+// @Success 200 {object} dto.OllamaBindDomainRes
+// @Security ApiKeyAuth
+// @Security Timestamp
+// @Router /aitool/domain/get [post]
+func (b *BaseApi) GetBindDomain(c *gin.Context) {
+	var req dto.OllamaBindDomainReq
+	if err := helper.CheckBindAndValidate(&req, c); err != nil {
+		return
+	}
+	res, err := AIToolService.GetBindDomain(req)
+	if err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+	helper.SuccessWithData(c, res)
+}
+
+// Tags AITools
+// Summary Update bind domain
+// Accept json
+// Param request body dto.OllamaBindDomain true "request"
+// Success 200
+// Security ApiKeyAuth
+// Security Timestamp
+// Router /aitool/domain/update [post]
+func (b *BaseApi) UpdateBindDomain(c *gin.Context) {
+	var req dto.OllamaBindDomain
+	if err := helper.CheckBindAndValidate(&req, c); err != nil {
+		return
+	}
+	if err := AIToolService.UpdateBindDomain(req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+	helper.SuccessWithOutData(c)
+}

backend/app/dto/ai_tool.go

@@ -9,3 +9,22 @@ type OllamaModelInfo struct {
 type OllamaModelName struct {
 	Name string `json:"name"`
 }
+
+type OllamaBindDomain struct {
+	Domain       string   `json:"domain" validate:"required"`
+	AppInstallID uint     `json:"appInstallID" validate:"required"`
+	SSLID        uint     `json:"sslID"`
+	AllowIPs     []string `json:"allowIPs"`
+	WebsiteID    uint     `json:"websiteID"`
+}
+
+type OllamaBindDomainReq struct {
+	AppInstallID uint `json:"appInstallID" validate:"required"`
+}
+
+type OllamaBindDomainRes struct {
+	Domain    string   `json:"domain"`
+	SSLID     uint     `json:"sslID"`
+	AllowIPs  []string `json:"allowIPs"`
+	WebsiteID uint     `json:"websiteID"`
+}

backend/app/service/ai_tool.go

@@ -1,7 +1,9 @@
 package service
 
 import (
+	"context"
 	"fmt"
+	"github.com/1Panel-dev/1Panel/backend/app/dto/request"
 	"io"
 	"os"
 	"os/exec"
@@ -22,6 +24,9 @@ type IAIToolService interface {
 	Create(name string) error
 	Delete(name string) error
 	LoadDetail(name string) (string, error)
+	BindDomain(req dto.OllamaBindDomain) error
+	GetBindDomain(req dto.OllamaBindDomainReq) (*dto.OllamaBindDomainRes, error)
+	UpdateBindDomain(req dto.OllamaBindDomain) error
 }
 
 func NewIAIToolService() IAIToolService {
@@ -192,3 +197,98 @@ func (u *AIToolService) Delete(name string) error {
 	}
 	return nil
 }
+
+func (u *AIToolService) BindDomain(req dto.OllamaBindDomain) error {
+	nginxInstall, _ := getAppInstallByKey(constant.AppOpenresty)
+	if nginxInstall.ID == 0 {
+		return buserr.New("ErrOpenrestyInstall")
+	}
+	createWebsiteReq := request.WebsiteCreate{
+		PrimaryDomain: req.Domain,
+		Alias:         strings.ToLower(req.Domain),
+		Type:          constant.Deployment,
+		AppType:       constant.InstalledApp,
+		AppInstallID:  req.AppInstallID,
+	}
+	websiteService := NewIWebsiteService()
+	if err := websiteService.CreateWebsite(createWebsiteReq); err != nil {
+		return err
+	}
+	website, err := websiteRepo.GetFirst(websiteRepo.WithAlias(strings.ToLower(req.Domain)))
+	if err != nil {
+		return err
+	}
+	if err = ConfigAllowIPs(req.AllowIPs, website); err != nil {
+		return err
+	}
+	if req.SSLID > 0 {
+		sslReq := request.WebsiteHTTPSOp{
+			WebsiteID:    website.ID,
+			Enable:       true,
+			Type:         "existed",
+			WebsiteSSLID: req.SSLID,
+			HttpConfig:   "HTTPSOnly",
+		}
+		if _, err = websiteService.OpWebsiteHTTPS(context.Background(), sslReq); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (u *AIToolService) GetBindDomain(req dto.OllamaBindDomainReq) (*dto.OllamaBindDomainRes, error) {
+	install, err := appInstallRepo.GetFirst(commonRepo.WithByID(req.AppInstallID))
+	if err != nil {
+		return nil, err
+	}
+	res := &dto.OllamaBindDomainRes{}
+	website, _ := websiteRepo.GetFirst(websiteRepo.WithAppInstallId(install.ID))
+	if website.ID == 0 {
+		return res, nil
+	}
+	res.WebsiteID = website.ID
+	res.Domain = website.PrimaryDomain
+	if website.WebsiteSSLID > 0 {
+		res.SSLID = website.WebsiteSSLID
+	}
+	res.AllowIPs = GetAllowIps(website)
+	return res, nil
+}
+
+func (u *AIToolService) UpdateBindDomain(req dto.OllamaBindDomain) error {
+	nginxInstall, _ := getAppInstallByKey(constant.AppOpenresty)
+	if nginxInstall.ID == 0 {
+		return buserr.New("ErrOpenrestyInstall")
+	}
+	websiteService := NewIWebsiteService()
+	website, err := websiteRepo.GetFirst(commonRepo.WithByID(req.WebsiteID))
+	if err != nil {
+		return err
+	}
+	if err = ConfigAllowIPs(req.AllowIPs, website); err != nil {
+		return err
+	}
+	if req.SSLID > 0 {
+		sslReq := request.WebsiteHTTPSOp{
+			WebsiteID:    website.ID,
+			Enable:       true,
+			Type:         "existed",
+			WebsiteSSLID: req.SSLID,
+			HttpConfig:   "HTTPSOnly",
+		}
+		if _, err = websiteService.OpWebsiteHTTPS(context.Background(), sslReq); err != nil {
+			return err
+		}
+		return nil
+	}
+	if website.WebsiteSSLID > 0 && req.SSLID == 0 {
+		sslReq := request.WebsiteHTTPSOp{
+			WebsiteID: website.ID,
+			Enable:    false,
+		}
+		if _, err = websiteService.OpWebsiteHTTPS(context.Background(), sslReq); err != nil {
+			return err
+		}
+	}
+	return nil
+}

backend/app/service/website_utils.go

@@ -642,9 +642,15 @@ func applySSL(website model.Website, websiteSSL model.WebsiteSSL, req request.We
 		}
 		if param.Name == "ssl_protocols" {
 			nginxParams[i].Params = req.SSLProtocol
+			if len(req.SSLProtocol) == 0 {
+				nginxParams[i].Params = []string{"TLSv1.3", "TLSv1.2", "TLSv1.1", "TLSv1"}
+			}
 		}
 		if param.Name == "ssl_ciphers" {
 			nginxParams[i].Params = []string{req.Algorithm}
+			if len(req.Algorithm) == 0 {
+				nginxParams[i].Params = []string{"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!EXPORT:!DSS:!DES:!RC4:!3DES:!MD5:!PSK:!KRB5:!SRP:!CAMELLIA:!SEED"}
+			}
 		}
 	}
 	if req.Hsts {
@@ -1106,3 +1112,55 @@ func getResourceContent(fileOp files.FileOp, resourcePath string) (string, error
 	}
 	return "", nil
 }
+
+func ConfigAllowIPs(ips []string, website model.Website) error {
+	nginxFull, err := getNginxFull(&website)
+	if err != nil {
+		return err
+	}
+	nginxConfig := nginxFull.SiteConfig
+	config := nginxFull.SiteConfig.Config
+	server := config.FindServers()[0]
+	server.RemoveDirective("allow", nil)
+	server.RemoveDirective("deny", nil)
+	if len(ips) > 0 {
+		server.UpdateAllowIPs(ips)
+	}
+	if err := nginx.WriteConfig(config, nginx.IndentedStyle); err != nil {
+		return err
+	}
+	return nginxCheckAndReload(nginxConfig.OldContent, config.FilePath, nginxFull.Install.ContainerName)
+}
+
+func GetAllowIps(website model.Website) []string {
+	nginxFull, err := getNginxFull(&website)
+	if err != nil {
+		return nil
+	}
+	config := nginxFull.SiteConfig.Config
+	server := config.FindServers()[0]
+	dirs := server.GetDirectives()
+	var ips []string
+	for _, dir := range dirs {
+		if dir.GetName() == "allow" {
+			ips = append(ips, dir.GetParameters()...)
+		}
+	}
+	return ips
+}
+
+func ConfigAIProxy(website model.Website) error {
+	nginxFull, err := getNginxFull(&website)
+	if err != nil {
+		return nil
+	}
+	config := nginxFull.SiteConfig.Config
+	server := config.FindServers()[0]
+	dirs := server.GetDirectives()
+	for _, dir := range dirs {
+		if dir.GetName() == "location" && dir.GetParameters()[0] == "/" {
+			server.UpdateRootProxy()
+		}
+	}
+	return nil
+}

backend/i18n/lang/en.yaml

@@ -284,3 +284,6 @@ UserInfoPassHelp: "Tip: To change the password, you can execute the command: "
 DBConnErr: "Error: Failed to initialize database connection, {{ .err }}"
 SystemVersion: "version: "
 SystemMode: "mode: "
+
+#ai-tool
+ErrOpenrestyInstall: 'Please install Openresty first'

backend/i18n/lang/ja.yaml

@@ -281,3 +281,6 @@ UserInfoPassHelp: "ヒント：パスワードを変更するには、コマン
 DBConnErr: "エラー：データベース接続の初期化に失敗しました、{{.err}}"
 SystemVersion: "バージョン："
 SystemMode: "モード："
+
+#ai-tool
+ErrOpenrestyInstall: 'まず Openresty をインストールしてください'

backend/i18n/lang/ko.yaml

@@ -284,3 +284,6 @@ UserInfoPassHelp: "팁: 비밀번호를 변경하려면 다음 명령어를 실
 DBConnErr: "오류: 데이터베이스 연결 초기화 실패 {{ .err }}"
 SystemVersion: "버전: "
 SystemMode: "모드: "
+
+#ai-tool
+ErrOpenrestyInstall: '먼저 Openresty를 설치하세요'

backend/i18n/lang/ms.yml

@@ -283,3 +283,6 @@ UserInfoPassHelp: "Petua: Untuk menukar kata laluan, anda boleh menjalankan arah
 DBConnErr: "Ralat: Gagal memulakan sambungan pangkalan data, {{ .err }}"
 SystemVersion: "Versi: "
 SystemMode: "Mod: "
+
+#ai-tool
+ErrOpenrestyInstall: 'Sila pasang Openresty terlebih dahulu'

backend/i18n/lang/pt-BR.yaml

@@ -280,4 +280,7 @@ UserInfoAddr: "Endereço do painel: "
 UserInfoPassHelp: "Dica: Para alterar a senha, você pode executar o comando: "
 DBConnErr: "Erro: Falha ao inicializar a conexão com o banco de dados, {{ .err }}"
 SystemVersion: "versão: "
-SystemMode: "modo: "
+SystemMode: "modo: "
+
+#ai-tool
+ErrOpenrestyInstall: 'Por favor, instale o Openresty primeiro'

backend/i18n/lang/pt.yaml

@@ -284,3 +284,6 @@ UserInfoPassHelp: "Подсказка: чтобы изменить пароль,
 DBConnErr: "Ошибка: не удалось инициализировать подключение к базе данных, {{ .err }}"
 SystemVersion: "версия: "
 SystemMode: "режим: "
+
+#ai-tool  
+"ErrOpenrestyInstall": "Пожалуйста, установите Openresty сначала"