feat: add dns propagation wait configuration to application node in workflows

2025-10-04 13:34:52 +00:00 · 2025-05-07 11:56:35 +08:00
parent fc064aa9f8
commit 1946a4e68a
6 changed files with 84 additions and 29 deletions
--- a/internal/applicant/applicant.go
+++ b/internal/applicant/applicant.go
@@ -9,6 +9,7 @@ import (
 	"strconv"
 	"strings"
 	"sync"
+	"time"

 	"github.com/go-acme/lego/v4/certcrypto"
 	"github.com/go-acme/lego/v4/certificate"
@@ -62,6 +63,7 @@ func NewWithWorkflowNode(config ApplicantWithWorkflowNodeConfig) (Applicant, err
 		CAProviderExtendedConfig: nodeConfig.CAProviderConfig,
 		KeyAlgorithm:             nodeConfig.KeyAlgorithm,
 		Nameservers:              sliceutil.Filter(strings.Split(nodeConfig.Nameservers, ";"), func(s string) bool { return s != "" }),
+		DnsPropagationWait:       nodeConfig.DnsPropagationWait,
 		DnsPropagationTimeout:    nodeConfig.DnsPropagationTimeout,
 		DnsTTL:                   nodeConfig.DnsTTL,
 		DisableFollowCNAME:       nodeConfig.DisableFollowCNAME,
@@ -189,12 +191,20 @@ func applyUseLego(legoProvider challenge.Provider, options *applicantProviderOpt
 	}

 	// Set the DNS01 challenge provider
-	challengeOptions := make([]dns01.ChallengeOption, 0)
-	if len(options.Nameservers) > 0 {
-		challengeOptions = append(challengeOptions, dns01.AddRecursiveNameservers(dns01.ParseNameservers(options.Nameservers)))
-		challengeOptions = append(challengeOptions, dns01.DisableAuthoritativeNssPropagationRequirement())
-	}
-	client.Challenge.SetDNS01Provider(legoProvider, challengeOptions...)
+	client.Challenge.SetDNS01Provider(legoProvider,
+		dns01.CondOption(
+			len(options.Nameservers) > 0,
+			dns01.AddRecursiveNameservers(dns01.ParseNameservers(options.Nameservers)),
+		),
+		dns01.CondOption(
+			options.DnsPropagationWait > 0,
+			dns01.PropagationWait(time.Duration(options.DnsPropagationWait)*time.Second, true),
+		),
+		dns01.CondOption(
+			len(options.Nameservers) > 0 || options.DnsPropagationWait > 0,
+			dns01.DisableAuthoritativeNssPropagationRequirement(),
+		),
+	)

 	// New users need to register first
 	if !user.hasRegistration() {
--- a/internal/applicant/providers.go
+++ b/internal/applicant/providers.go
@@ -49,6 +49,7 @@ type applicantProviderOptions struct {
 	CAProviderExtendedConfig map[string]any
 	KeyAlgorithm             string
 	Nameservers              []string
+	DnsPropagationWait       int32
 	DnsPropagationTimeout    int32
 	DnsTTL                   int32
 	DisableFollowCNAME       bool
--- a/internal/domain/workflow.go
+++ b/internal/domain/workflow.go
@@ -73,8 +73,9 @@ type WorkflowNodeConfigForApply struct {
 	CAProviderConfig      map[string]any `json:"caProviderConfig,omitempty"`      // CA 提供商额外配置
 	KeyAlgorithm          string         `json:"keyAlgorithm"`                    // 证书算法
 	Nameservers           string         `json:"nameservers,omitempty"`           // DNS 服务器列表，以半角分号分隔
-	DnsPropagationTimeout int32          `json:"dnsPropagationTimeout,omitempty"` // DNS 传播超时时间（零值取决于提供商的默认值）
-	DnsTTL                int32          `json:"dnsTTL,omitempty"`                // DNS TTL（零值取决于提供商的默认值）
+	DnsPropagationWait    int32          `json:"dnsPropagationWait,omitempty"`    // DNS 传播等待时间，等同于 lego 的 `--dns-propagation-wait` 参数
+	DnsPropagationTimeout int32          `json:"dnsPropagationTimeout,omitempty"` // DNS 传播检查超时时间（零值取决于提供商的默认值）
+	DnsTTL                int32          `json:"dnsTTL,omitempty"`                // DNS 解析记录 TTL（零值取决于提供商的默认值）
 	DisableFollowCNAME    bool           `json:"disableFollowCNAME,omitempty"`    // 是否关闭 CNAME 跟随
 	DisableARI            bool           `json:"disableARI,omitempty"`            // 是否关闭 ARI
 	SkipBeforeExpiryDays  int32          `json:"skipBeforeExpiryDays,omitempty"`  // 证书到期前多少天前跳过续期（零值将使用默认值 30）
@@ -120,6 +121,7 @@ func (n *WorkflowNode) GetConfigForApply() WorkflowNodeConfigForApply {
 		CAProviderConfig:      maputil.GetKVMapAny(n.Config, "caProviderConfig"),
 		KeyAlgorithm:          maputil.GetString(n.Config, "keyAlgorithm"),
 		Nameservers:           maputil.GetString(n.Config, "nameservers"),
+		DnsPropagationWait:    maputil.GetInt32(n.Config, "dnsPropagationWait"),
 		DnsPropagationTimeout: maputil.GetInt32(n.Config, "dnsPropagationTimeout"),
 		DnsTTL:                maputil.GetInt32(n.Config, "dnsTTL"),
 		DisableFollowCNAME:    maputil.GetBool(n.Config, "disableFollowCNAME"),