feat: add baiducloud dns-01 applicant

2025-10-05 05:54:53 +00:00 · 2025-02-18 17:31:42 +08:00
parent c451bf5e03
commit 1bac6174ad
13 changed files with 269 additions and 7 deletions
--- a/internal/applicant/providers.go
+++ b/internal/applicant/providers.go
@@ -10,6 +10,7 @@ import (
 	pAliyun "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/aliyun"
 	pAWSRoute53 "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/aws-route53"
 	pAzureDNS "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/azure-dns"
+	pBaiduCloud "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/baiducloud"
 	pCloudflare "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/cloudflare"
 	pClouDNS "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/cloudns"
 	pGcore "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/gcore"
@@ -102,6 +103,22 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
 			return applicant, err
 		}

+	case domain.ApplyDNSProviderTypeBaiduCloud, domain.ApplyDNSProviderTypeBaiduCloudDNS:
+		{
+			access := domain.AccessConfigForBaiduCloud{}
+			if err := maps.Populate(options.ProviderAccessConfig, &access); err != nil {
+				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
+			}
+
+			applicant, err := pBaiduCloud.NewChallengeProvider(&pBaiduCloud.BaiduCloudApplicantConfig{
+				AccessKeyId:           access.AccessKeyId,
+				SecretAccessKey:       access.SecretAccessKey,
+				DnsPropagationTimeout: options.DnsPropagationTimeout,
+				DnsTTL:                options.DnsTTL,
+			})
+			return applicant, err
+		}
+
 	case domain.ApplyDNSProviderTypeCloudflare:
 		{
 			access := domain.AccessConfigForCloudflare{}
--- a/internal/domain/provider.go
+++ b/internal/domain/provider.go
@@ -67,6 +67,8 @@ const (
 	ApplyDNSProviderTypeAWS             = ApplyDNSProviderType("aws") // 兼容旧值，等同于 [ApplyDNSProviderTypeAWSRoute53]
 	ApplyDNSProviderTypeAWSRoute53      = ApplyDNSProviderType("aws-route53")
 	ApplyDNSProviderTypeAzureDNS        = ApplyDNSProviderType("azure-dns")
+	ApplyDNSProviderTypeBaiduCloud      = ApplyDNSProviderType("baiducloud") // 兼容旧值，等同于 [ApplyDNSProviderTypeBaiduCloudDNS]
+	ApplyDNSProviderTypeBaiduCloudDNS   = ApplyDNSProviderType("baiducloud-dns")
 	ApplyDNSProviderTypeCloudflare      = ApplyDNSProviderType("cloudflare")
 	ApplyDNSProviderTypeClouDNS         = ApplyDNSProviderType("cloudns")
 	ApplyDNSProviderTypeGcore           = ApplyDNSProviderType("gcore")
--- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/baiducloud/baiducloud.go
+++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/baiducloud/baiducloud.go
@@ -0,0 +1,39 @@
+package baiducloud
+
+import (
+	"time"
+
+	"github.com/go-acme/lego/v4/challenge"
+
+	internal "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/baiducloud/internal"
+)
+
+type BaiduCloudApplicantConfig struct {
+	AccessKeyId           string `json:"accessKeyId"`
+	SecretAccessKey       string `json:"secretAccessKey"`
+	DnsPropagationTimeout int32  `json:"dnsPropagationTimeout,omitempty"`
+	DnsTTL                int32  `json:"dnsTTL,omitempty"`
+}
+
+func NewChallengeProvider(config *BaiduCloudApplicantConfig) (challenge.Provider, error) {
+	if config == nil {
+		panic("config is nil")
+	}
+
+	providerConfig := internal.NewDefaultConfig()
+	providerConfig.AccessKeyID = config.AccessKeyId
+	providerConfig.SecretAccessKey = config.SecretAccessKey
+	if config.DnsPropagationTimeout != 0 {
+		providerConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second
+	}
+	if config.DnsTTL != 0 {
+		providerConfig.TTL = config.DnsTTL
+	}
+
+	provider, err := internal.NewDNSProviderConfig(providerConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	return provider, nil
+}
--- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/baiducloud/internal/lego.go
+++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/baiducloud/internal/lego.go
@@ -0,0 +1,195 @@
+package lego_baiducloud
+
+import (
+	"errors"
+	"fmt"
+	"strings"
+	"time"
+
+	bceDns "github.com/baidubce/bce-sdk-go/services/dns"
+	"github.com/go-acme/lego/v4/challenge"
+	"github.com/go-acme/lego/v4/challenge/dns01"
+	"github.com/go-acme/lego/v4/platform/config/env"
+	"github.com/google/uuid"
+)
+
+const (
+	envNamespace = "BAIDUCLOUD_"
+
+	EnvAccessKeyID     = envNamespace + "ACCESS_KEY_ID"
+	EnvSecretAccessKey = envNamespace + "SECRET_ACCESS_KEY"
+
+	EnvTTL                = envNamespace + "TTL"
+	EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+	EnvPollingInterval    = envNamespace + "POLLING_INTERVAL"
+	EnvHTTPTimeout        = envNamespace + "HTTP_TIMEOUT"
+)
+
+var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
+
+type Config struct {
+	AccessKeyID     string
+	SecretAccessKey string
+
+	PropagationTimeout time.Duration
+	PollingInterval    time.Duration
+	TTL                int32
+	HTTPTimeout        time.Duration
+}
+
+type DNSProvider struct {
+	client *bceDns.Client
+	config *Config
+}
+
+func NewDefaultConfig() *Config {
+	return &Config{
+		TTL:                int32(env.GetOrDefaultInt(EnvTTL, 300)),
+		PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 2*time.Minute),
+		PollingInterval:    env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
+		HTTPTimeout:        env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+	}
+}
+
+func NewDNSProvider() (*DNSProvider, error) {
+	values, err := env.Get(EnvAccessKeyID, EnvSecretAccessKey)
+	if err != nil {
+		return nil, fmt.Errorf("baiducloud: %w", err)
+	}
+
+	config := NewDefaultConfig()
+	config.AccessKeyID = values[EnvAccessKeyID]
+	config.SecretAccessKey = values[EnvSecretAccessKey]
+
+	return NewDNSProviderConfig(config)
+}
+
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+	if config == nil {
+		return nil, errors.New("baiducloud: the configuration of the DNS provider is nil")
+	}
+
+	client, err := bceDns.NewClient(config.AccessKeyID, config.SecretAccessKey, "")
+	if err != nil {
+		return nil, err
+	} else {
+		if client.Config != nil {
+			client.Config.ConnectionTimeoutInMillis = int(config.HTTPTimeout.Milliseconds())
+		}
+	}
+
+	return &DNSProvider{
+		client: client,
+		config: config,
+	}, nil
+}
+
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+	info := dns01.GetChallengeInfo(domain, keyAuth)
+
+	zoneName, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+	if err != nil {
+		return fmt.Errorf("baiducloud: %w", err)
+	}
+
+	subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, zoneName)
+	if err != nil {
+		return fmt.Errorf("baiducloud: %w", err)
+	}
+
+	if err := d.addOrUpdateDNSRecord(domain, subDomain, info.Value); err != nil {
+		return fmt.Errorf("baiducloud: %w", err)
+	}
+
+	return nil
+}
+
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+	fqdn, value := dns01.GetRecord(domain, keyAuth)
+	subDomain := dns01.UnFqdn(fqdn)
+
+	if err := d.removeDNSRecord(domain, subDomain, value); err != nil {
+		return fmt.Errorf("baiducloud: %w", err)
+	}
+
+	return nil
+}
+
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+	return d.config.PropagationTimeout, d.config.PollingInterval
+}
+
+func (d *DNSProvider) getDNSRecord(domain, subDomain string) (*bceDns.Record, error) {
+	pageMarker := ""
+	pageSize := 1000
+	for {
+		request := &bceDns.ListRecordRequest{}
+		request.Rr = domain
+		request.Marker = pageMarker
+		request.MaxKeys = pageSize
+
+		response, err := d.client.ListRecord(domain, request)
+		if err != nil {
+			return nil, err
+		}
+
+		for _, record := range response.Records {
+			if record.Type == "TXT" && record.Rr == subDomain {
+				return &record, nil
+			}
+		}
+
+		if len(response.Records) < pageSize {
+			break
+		}
+
+		pageMarker = response.NextMarker
+	}
+
+	return nil, nil
+}
+
+func (d *DNSProvider) addOrUpdateDNSRecord(domain, subDomain, value string) error {
+	record, err := d.getDNSRecord(domain, subDomain)
+	if err != nil {
+		return err
+	}
+
+	if record == nil {
+		request := &bceDns.CreateRecordRequest{
+			Type:  "TXT",
+			Rr:    subDomain,
+			Value: value,
+			Ttl:   &d.config.TTL,
+		}
+		err := d.client.CreateRecord(domain, request, d.generateClientToken())
+		return err
+	} else {
+		request := &bceDns.UpdateRecordRequest{
+			Type:  "TXT",
+			Rr:    subDomain,
+			Value: value,
+			Ttl:   &d.config.TTL,
+		}
+		err := d.client.UpdateRecord(domain, record.Id, request, d.generateClientToken())
+		return err
+	}
+}
+
+func (d *DNSProvider) removeDNSRecord(domain, subDomain, value string) error {
+	record, err := d.getDNSRecord(domain, subDomain)
+	if err != nil {
+		return err
+	}
+
+	if record == nil {
+		return nil
+	}
+
+	err = d.client.DeleteRecord(domain, record.Id, d.generateClientToken())
+	return err
+}
+
+func (d *DNSProvider) generateClientToken() string {
+	return strings.ReplaceAll(uuid.New().String(), "-", "")
+}
--- a/internal/pkg/utils/maps/maps.go
+++ b/internal/pkg/utils/maps/maps.go
@@ -207,8 +207,3 @@ func Populate(dict map[string]any, output any) error {

 	return decoder.Decode(dict)
 }
-
-// Deprecated: Use [Populate] instead.
-func Decode(dict map[string]any, output any) error {
-	return Populate(dict, output)
-}