web¶
Websites
- This module sends the following signals:
- web/alias
- web/site
Schema Contents
- Tables
- Functions
web.del_aliasweb.del_intermediate_chainweb.del_siteweb.fwd_x509_requestweb.ins_aliasweb.ins_httpsweb.ins_intermediate_certweb.ins_intermediate_chainweb.ins_siteweb.sel_aliasweb.sel_httpsweb.sel_intermediate_certweb.sel_intermediate_chainweb.sel_siteweb.srv_aliasweb.srv_httpsweb.srv_siteweb.upd_httpsweb.upd_site
- Domains
Tables¶
web.alias¶
Aliases
- Primary key
- domain
- site_port
- Foreign keys
reference dns (service)
- Local Columns
- domain
- service
- service_entity_name
- Referenced Columns
Reference subservice entity
- Local Columns
- service_entity_name
- service
- subservice
- Referenced Columns
site
- Local Columns
- site
- service_entity_name
- site_port
- Referenced Columns
dns
- Local Columns
- domain
- service
- service_entity_name
- Referenced Columns
- Columns
domaindns.t_hostnameDomain name
servicecommons.t_keyService
service_entity_namedns.t_hostnameent. name
subservicecommons.t_keySubservice (e.g. account, alias)
backend_statusNULL | backend.t_statusStatus of database entry in backend. NULL: nothing pending, ‘ins’: entry not present on backend client, ‘upd’: update pending on backend client, ‘del’: deletion peding on backend client.
- Default
'ins'
sitedns.t_hostnameSite
site_portcommons.t_portport
- Default
80
web.https¶
stores https information
- Primary key
- identifier
- domain
- port
- Foreign keys
site
- Local Columns
- domain
- port
- Referenced Columns
- Columns
backend_statusNULL | backend.t_statusStatus of database entry in backend. NULL: nothing pending, ‘ins’: entry not present on backend client, ‘upd’: update pending on backend client, ‘del’: deletion peding on backend client.
- Default
'ins'
identifiercommons.t_keyPK
domaindns.t_hostnameDomain
portcommons.t_portPort
x509_requestNULL | web.t_certCertificate request
x509_certificateNULL | web.t_certCertificate
authority_key_identifierNULL | varcharIdentifier of the certificate that has signed this cert. The Authority Key Identifier allows to build the chain of trust. See <http://www.ietf.org/rfc/rfc3280.txt>. Hopefully there exists an entry in web.intermediate_cert or a root certificate with an equal subjectKeyIdentifier.
Is NULL whenever x509_certificate is NULL.
web.intermediate_cert¶
Intermediate certificates
- Primary key
- subject_key_identifier
- Columns
subject_key_identifiervarchar- Identifies this certificate
authority_key_identifiervarchar- Subject key identifier of the cert that has signed this cert. NULL is not allowed, since self signed cert do not belong into intermediate certs.
x509_certificateweb.t_cert- Intermediate certificate
web.intermediate_chain¶
xxx
- Primary key
- domain
- port
- identifier
- subject_key_identifier
- Foreign keys
https cert
- Local Columns
- domain
- port
- identifier
- Referenced Columns
- Columns
domaindns.t_hostnameDomain
portcommons.t_portPort
identifiercommons.t_keyIdentifier
orderintegerOrdering from leaf to root
subject_key_identifiervarcharSubjectKeyIdentifier
References web.intermediate_cert.subject_key_identifier
web.site¶
Website
- Primary key
- domain
- port
- Foreign keys
reference dns (service)
- Local Columns
- domain
- service
- service_entity_name
- Referenced Columns
Reference subservice entity
- Local Columns
- service_entity_name
- service
- subservice
- Referenced Columns
https
- Local Columns
- domain
- port
- https
- Referenced Columns
server_access
- Local Columns
- user
- service_entity_name
- owner
- Referenced Columns
- Columns
domaindns.t_hostnameDomain name
servicecommons.t_keyService
service_entity_namedns.t_hostnameent. name
subservicecommons.t_keySubservice (e.g. account, alias)
backend_statusNULL | backend.t_statusStatus of database entry in backend. NULL: nothing pending, ‘ins’: entry not present on backend client, ‘upd’: update pending on backend client, ‘del’: deletion peding on backend client.
- Default
'ins'
optionjsonbFree options in JSON format
- Default
'{}'
owneruser.t_userOwner
References user.user.owner
On Update: CASCADE
portcommons.t_portPort
userserver_access.t_userServer account under which the htdocs reside
httpsNULL | commons.t_keyIf null, HTTPS is deactivated
Functions¶
web.del_alias¶
del
- Parameters
p_domaindns.t_hostnamep_site_portcommons.t_port
- Variables defined for body
v_owneruser.t_user
- Returns
- void
- Execute privilege
-- begin userlogin prelude
v_owner := (SELECT t.act_as FROM "user"._get_login() AS t);
-- end userlogin prelude
UPDATE web.alias AS t
SET backend_status = 'del'
FROM web.site AS s, server_access.user AS u
WHERE
-- JOIN web.site
s.domain = t.site AND
-- JOIN server_access.user
u.service_entity_name = t.service_entity_name AND
u.user = s.user AND
u.owner = v_owner AND
t.domain = p_domain AND
t.site_port = p_site_port;
PERFORM backend._conditional_notify(FOUND, 'web', 'alias', p_domain);
web.del_intermediate_chain¶
sdf
- Parameters
p_domaindns.t_hostnamep_portcommons.t_portp_identifiercommons.t_key
- Variables defined for body
v_owneruser.t_user
- Returns
- void
- Execute privilege
-- begin userlogin prelude
v_owner := (SELECT t.act_as FROM "user"._get_login() AS t);
-- end userlogin prelude
DELETE FROM web.intermediate_chain
WHERE
domain = p_domain AND
port = p_port AND
identifier = p_identifier;
web.del_site¶
del
- Parameters
p_domaindns.t_hostnamep_portcommons.t_port
- Variables defined for body
v_owneruser.t_user
- Returns
- void
- Execute privilege
-- begin userlogin prelude
v_owner := (SELECT t.act_as FROM "user"._get_login() AS t);
-- end userlogin prelude
UPDATE web.site AS t
SET backend_status = 'del'
FROM server_access.user AS s
WHERE
-- JOIN server_access.user
s.user = t.user AND
s.service_entity_name = t.service_entity_name AND
t.domain = p_domain AND
t.port = p_port AND
s.owner = v_owner;
PERFORM backend._conditional_notify(FOUND, 'web', 'site', p_domain);
web.fwd_x509_request¶
x509 request
- Parameters
p_domaindns.t_hostnamep_portcommons.t_portp_identifiercommons.t_keyp_x509_requestweb.t_certp_include_inactiveboolean
- Returns
- void
- Execute privilege
PERFORM backend._get_login();
UPDATE web.https
SET x509_request = p_x509_request
WHERE
domain = p_domain AND
port = p_port AND
identifier = p_identifier;
web.ins_alias¶
Insert alias
- Parameters
p_domaindns.t_hostnamep_sitedns.t_hostnamep_site_portcommons.t_port
- Variables defined for body
v_owneruser.t_user
- Returns
- void
- Execute privilege
-- begin userlogin prelude
v_owner := (SELECT t.act_as FROM "user"._get_login() AS t);
-- end userlogin prelude
PERFORM commons._raise_inaccessible_or_missing(
EXISTS(
SELECT TRUE FROM web.site AS t
JOIN server_access.user AS s
USING ("user", service_entity_name)
WHERE
t.domain = p_site AND
t.port = p_site_port AND
s.owner = v_owner
)
);
INSERT INTO web.alias
(domain, service, subservice, site, site_port, service_entity_name)
VALUES
(
p_domain,
'web',
'alias',
p_site,
p_site_port,
(SELECT service_entity_name FROM web.site WHERE domain = p_site AND port = p_site_port)
);
PERFORM backend._notify_domain('web', 'alias', p_domain);
web.ins_https¶
Create new HTTPS certificate
Todo
Fix missing owner verification (not critical)
- Parameters
p_domaindns.t_hostnamep_portcommons.t_portp_identifiercommons.t_key
- Variables defined for body
v_owneruser.t_user
- Returns
- void
- Execute privilege
-- begin userlogin prelude
v_owner := (SELECT t.act_as FROM "user"._get_login() AS t);
-- end userlogin prelude
INSERT INTO web.https
(domain, port, identifier)
VALUES
(p_domain, p_port, p_identifier);
PERFORM backend._notify_domain('web', 'site', p_domain);
web.ins_intermediate_cert¶
Xxx
- Parameters
p_subject_key_identifiervarcharp_authority_key_identifiervarcharp_x509_certificateweb.t_cert
- Variables defined for body
v_owneruser.t_user
- Returns
- void
- Execute privilege
-- begin userlogin prelude
v_owner := (SELECT t.act_as FROM "user"._get_login() AS t);
-- end userlogin prelude
INSERT INTO web.intermediate_cert
(subject_key_identifier, authority_key_identifier, x509_certificate)
VALUES
(p_subject_key_identifier, p_authority_key_identifier, p_x509_certificate);
web.ins_intermediate_chain¶
sdf
- Parameters
p_domaindns.t_hostnamep_portcommons.t_portp_identifiercommons.t_keyp_orderintegerp_subject_key_identifiervarchar
- Variables defined for body
v_owneruser.t_user
- Returns
- void
- Execute privilege
-- begin userlogin prelude
v_owner := (SELECT t.act_as FROM "user"._get_login() AS t);
-- end userlogin prelude
INSERT INTO web.intermediate_chain
(domain, port, identifier, "order", subject_key_identifier)
VALUES
(p_domain, p_port, p_identifier, p_order, p_subject_key_identifier);
web.ins_site¶
Insert site
Todo
check owner and contingent
- Parameters
p_domaindns.t_hostnamep_portcommons.t_portp_userserver_access.t_userp_service_entity_namedns.t_hostname
- Variables defined for body
v_owneruser.t_user
- Returns
- void
- Execute privilege
-- begin userlogin prelude
v_owner := (SELECT t.act_as FROM "user"._get_login() AS t);
-- end userlogin prelude
PERFORM system._contingent_ensure(
p_owner:=v_owner,
p_domain:=p_domain,
p_service:='web',
p_subservice:='site',
p_current_quantity_total:=
(SELECT COUNT(*) FROM web.site WHERE owner=v_owner)::int,
p_current_quantity_domain:=
(SELECT COUNT(*) FROM web.site WHERE owner=v_owner AND domain = p_domain)::int
);
INSERT INTO web.site
(domain, service, subservice, port, "user", service_entity_name, owner)
VALUES
(p_domain, 'web', 'site', p_port, p_user, p_service_entity_name, v_owner);
PERFORM backend._notify_domain('web', 'site', p_domain);
web.sel_alias¶
Select alias
- Parameters
- None
- Variables defined for body
v_owneruser.t_user
- Returns
- TABLE
- Returned columns
domaindns.t_hostnamesitedns.t_hostnamesite_portcommons.t_portbackend_statusbackend.t_status
- Execute privilege
-- begin userlogin prelude
v_owner := (SELECT t.act_as FROM "user"._get_login() AS t);
-- end userlogin prelude
RETURN QUERY
SELECT
t.domain,
t.site,
t.site_port,
t.backend_status
FROM web.alias AS t
JOIN web.site AS u
ON
u.domain = t.site AND
u.port = t.site_port
JOIN server_access.user AS s
ON
u.user = s.user AND
s.service_entity_name = t.service_entity_name
WHERE s.owner = v_owner
ORDER BY t.backend_status, t.domain;
web.sel_https¶
sel https
- Parameters
- None
- Variables defined for body
v_owneruser.t_user
- Returns
- TABLE
- Returned columns
identifiercommons.t_keydomaindns.t_hostnameportcommons.t_portx509_requestweb.t_certx509_certificateweb.t_certauthority_key_identifiervarcharbackend_statusbackend.t_status
- Execute privilege
-- begin userlogin prelude
v_owner := (SELECT t.act_as FROM "user"._get_login() AS t);
-- end userlogin prelude
RETURN QUERY
SELECT
t.identifier,
t.domain,
t.port,
t.x509_request,
t.x509_certificate,
t.authority_key_identifier,
t.backend_status
FROM web.https AS t
ORDER BY t.backend_status, t.identifier;
web.sel_intermediate_cert¶
int
- Parameters
p_subject_key_identifiervarchar
- Variables defined for body
v_owneruser.t_user
- Returns
- TABLE
- Returned columns
subject_key_identifiervarcharauthority_key_identifiervarcharx509_certificateweb.t_cert
- Execute privilege
-- begin userlogin prelude
v_owner := (SELECT t.act_as FROM "user"._get_login() AS t);
-- end userlogin prelude
RETURN QUERY
SELECT
t.subject_key_identifier,
t.authority_key_identifier,
t.x509_certificate
FROM web.intermediate_cert AS t
WHERE
t.subject_key_identifier = p_subject_key_identifier;
web.sel_intermediate_chain¶
sel
- Parameters
- None
- Variables defined for body
v_owneruser.t_user
- Returns
- TABLE
- Returned columns
domaindns.t_hostnameportcommons.t_portidentifiercommons.t_keysubject_key_identifiervarcharx509_certificateweb.t_certorderinteger
- Execute privilege
-- begin userlogin prelude
v_owner := (SELECT t.act_as FROM "user"._get_login() AS t);
-- end userlogin prelude
RETURN QUERY
SELECT
t.domain,
t.port,
t.identifier,
t.subject_key_identifier,
s.x509_certificate,
t.order
FROM web.intermediate_chain AS t
JOIN web.intermediate_cert AS s
USING (subject_key_identifier)
ORDER BY t.order;
web.sel_site¶
Owner defined via server_access
- Parameters
- None
- Variables defined for body
v_owneruser.t_user
- Returns
- TABLE
- Returned columns
servicecommons.t_keysubservicecommons.t_keydomaindns.t_hostnameportcommons.t_portuserserver_access.t_userservice_entity_namedns.t_hostnamehttpscommons.t_keybackend_statusbackend.t_statusoptionjsonb
- Execute privilege
-- begin userlogin prelude
v_owner := (SELECT t.act_as FROM "user"._get_login() AS t);
-- end userlogin prelude
RETURN QUERY
SELECT
t.service,
t.subservice,
t.domain,
t.port,
t.user,
t.service_entity_name,
t.https,
t.backend_status,
t.option
FROM web.site AS t
JOIN server_access.user AS s
USING ("user", service_entity_name)
WHERE
s.owner = v_owner
ORDER BY t.backend_status, t.domain, t.port;
web.srv_alias¶
backend web.alias
- Parameters
p_include_inactiveboolean
- Returns
- TABLE
- Returned columns
domaindns.t_hostnamesitedns.t_hostnamesite_portcommons.t_portbackend_statusbackend.t_status
- Execute privilege
PERFORM backend._get_login();
RETURN QUERY
WITH
-- DELETE
d AS (
DELETE FROM web.alias AS t
WHERE
backend._deleted(t.backend_status) AND
backend._machine_priviledged(t.service, t.domain)
),
-- UPDATE
s AS (
UPDATE web.alias AS t
SET backend_status = NULL
WHERE
backend._machine_priviledged(t.service, t.domain) AND
backend._active(t.backend_status)
)
-- SELECT
SELECT
t.domain,
t.site,
t.site_port,
t.backend_status
FROM web.alias AS t
WHERE
backend._machine_priviledged(t.service, t.domain) AND
(backend._active(t.backend_status) OR p_include_inactive);
web.srv_https¶
Certs
- Parameters
p_include_inactiveboolean
- Returns
- TABLE
- Returned columns
identifiercommons.t_keydomaindns.t_hostnameportcommons.t_portx509_requestweb.t_certx509_certificateweb.t_certx509_chainvarchar[]backend_statusbackend.t_status
- Execute privilege
PERFORM backend._get_login();
RETURN QUERY
WITH
-- NO DELETE OPTION
-- UPDATE
s AS (
UPDATE web.https AS t
SET backend_status = NULL
WHERE
backend._machine_priviledged('web', t.domain) AND
backend._active(t.backend_status)
)
-- SELECT
SELECT
t.identifier,
t.domain,
t.port,
t.x509_request,
t.x509_certificate,
ARRAY(
SELECT s.x509_certificate::varchar
FROM web.intermediate_chain AS u
JOIN web.intermediate_cert AS s
USING (subject_key_identifier)
WHERE
u.domain = t.domain AND
u.port = t.port AND
u.identifier = t.identifier
ORDER by "order"
),
t.backend_status
FROM web.https AS t
WHERE
backend._machine_priviledged('web', t.domain) AND
(backend._active(t.backend_status) OR p_include_inactive);
web.srv_site¶
backend web.site
- Parameters
p_include_inactiveboolean
- Returns
- TABLE
- Returned columns
domaindns.t_hostnameportcommons.t_portuserserver_access.t_userservice_entity_namedns.t_hostnamehttpscommons.t_keysubservicecommons.t_keyoptionjsonbbackend_statusbackend.t_status
- Execute privilege
PERFORM backend._get_login();
RETURN QUERY
WITH
-- DELETE
d AS (
DELETE FROM web.site AS t
WHERE
backend._deleted(t.backend_status) AND
backend._machine_priviledged(t.service, t.domain)
),
-- UPDATE
s AS (
UPDATE web.site AS t
SET backend_status = NULL
WHERE
backend._machine_priviledged(t.service, t.domain) AND
backend._active(t.backend_status)
)
-- SELECT
SELECT
t.domain,
t.port,
t.user,
t.service_entity_name,
t.https,
t.subservice,
t.option,
t.backend_status
FROM web.site AS t
WHERE
backend._machine_priviledged(t.service, t.domain) AND
(backend._active(t.backend_status) OR p_include_inactive);
web.upd_https¶
upd https
- Parameters
p_domaindns.t_hostnamep_portcommons.t_portp_identifiercommons.t_keyp_x509_certificateweb.t_certp_authority_key_identifiervarchar
- Variables defined for body
v_owneruser.t_user
- Returns
- void
- Execute privilege
-- begin userlogin prelude
v_owner := (SELECT t.act_as FROM "user"._get_login() AS t);
-- end userlogin prelude
UPDATE web.https
SET
x509_certificate = p_x509_certificate,
authority_key_identifier = p_authority_key_identifier
WHERE
domain = p_domain AND
port = p_port AND
identifier = p_identifier;
PERFORM backend._conditional_notify(FOUND, 'web', 'site', p_domain);
web.upd_site¶
set https identif.
- Parameters
p_domaindns.t_hostnamep_portcommons.t_portp_identifiercommons.t_key
- Variables defined for body
v_owneruser.t_user
- Returns
- void
- Execute privilege
-- begin userlogin prelude
v_owner := (SELECT t.act_as FROM "user"._get_login() AS t);
-- end userlogin prelude
UPDATE web.site AS s
SET https = p_identifier
WHERE
s.owner = v_owner AND
s.domain = p_domain AND
s.port = p_port;
PERFORM backend._conditional_notify(FOUND, 'web', 'site', p_domain);