feat: implement manual CDN sync for CA certificates and establish master AI rules

2026-01-26 13:22:05 +07:00 · 2026-01-06 12:01:00 +07:00
parent 3ccbf334fc
commit 875b037a63
5 changed files with 96 additions and 24 deletions
--- a/app/Http/Controllers/Api/RootCaApiController.php
+++ b/app/Http/Controllers/Api/RootCaApiController.php
@@ -60,6 +60,32 @@ class RootCaApiController extends Controller
        }
    }

+    public function syncToCdn()
+    {
+        $this->authorizeAdminOrOwner();
+
+        try {
+            $certificates = CaCertificate::all();
+            $count = 0;
+
+            foreach ($certificates as $cert) {
+                if ($this->sslService->uploadToCdn($cert)) {
+                    $count++;
+                }
+            }
+
+            return response()->json([
+                'status' => 'success',
+                'message' => "Successfully synced {$count} certificates to CDN."
+            ]);
+        } catch (\Exception $e) {
+            return response()->json([
+                'status' => 'error',
+                'message' => 'Sync failed: ' . $e->getMessage()
+            ], 500);
+        }
+    }
+
    protected function authorizeAdminOrOwner()
    {
        if (!auth()->user()->isAdminOrOwner()) {
--- a/app/Services/OpenSslService.php
+++ b/app/Services/OpenSslService.php
@@ -4,6 +4,7 @@ namespace App\Services;

 use App\Models\CaCertificate;
 use Illuminate\Support\Facades\Config;
+use Illuminate\Support\Facades\Storage;
 use Illuminate\Support\Str;

 class OpenSslService
@@ -58,7 +59,7 @@ class OpenSslService
                ? $this->formatHex($rootDetails['serialNumberHex'])
                : $this->formatSerialToHex($rootDetails['serialNumber']);

-            CaCertificate::create([
+            $ca = CaCertificate::create([
                'ca_type' => 'root',
                'cert_content' => $rootCertPem,
                'key_content' => $rootKeyPem,
@@ -69,6 +70,8 @@ class OpenSslService
                'valid_to' => date('Y-m-d H:i:s', $rootDetails['validTo_time_t']),
            ]);

+            $this->uploadToCdn($ca);
+
            // Intermediate CA 4096-bit
            $int4096Key = openssl_pkey_new([
                'private_key_bits' => 4096,
@@ -95,7 +98,7 @@ class OpenSslService
                ? $this->formatHex($int4096Details['serialNumberHex'])
                : $this->formatSerialToHex($int4096Details['serialNumber']);

-            CaCertificate::create([
+            $ca4096 = CaCertificate::create([
                'ca_type' => 'intermediate_4096', 
                'cert_content' => $int4096CertPem, 
                'key_content' => $int4096KeyPem,
@@ -106,6 +109,8 @@ class OpenSslService
                'valid_to' => date('Y-m-d H:i:s', $int4096Details['validTo_time_t']),
            ]);

+            $this->uploadToCdn($ca4096);
+
            // Intermediate CA 2048-bit
            $int2048Key = openssl_pkey_new([
                'private_key_bits' => 2048,
@@ -132,7 +137,7 @@ class OpenSslService
                ? $this->formatHex($int2048Details['serialNumberHex'])
                : $this->formatSerialToHex($int2048Details['serialNumber']);

-            CaCertificate::create([
+            $ca2048 = CaCertificate::create([
                'ca_type' => 'intermediate_2048', 
                'cert_content' => $int2048CertPem, 
                'key_content' => $int2048KeyPem,
@@ -143,6 +148,8 @@ class OpenSslService
                'valid_to' => date('Y-m-d H:i:s', $int2048Details['validTo_time_t']),
            ]);

+            $this->uploadToCdn($ca2048);
+
            return true;
        } finally {
            if (file_exists($configFile)) unlink($configFile);
@@ -404,4 +411,28 @@ class OpenSslService
            if ($configFile && file_exists($configFile)) unlink($configFile);
        }
    }
+    /**
+     * Upload CA certificate (public) to R2 CDN.
+     */
+    public function uploadToCdn(CaCertificate $cert)
+    {
+        try {
+            $filename = 'ca/' . Str::slug($cert->common_name) . '-' . $cert->uuid . '.crt';
+            
+            Storage::disk('r2-public')->put($filename, $cert->cert_content, [
+                'visibility' => 'public',
+                'ContentType' => 'application/x-x509-ca-cert'
+            ]);
+
+            $cert->update([
+                'cert_path' => $filename,
+                'last_synced_at' => now()
+            ]);
+
+            return true;
+        } catch (\Exception $e) {
+            \Log::error("Failed to upload CA to R2: " . $e->getMessage());
+            return false;
+        }
+    }
 }