diff --git a/internal/deployer/providers.go b/internal/deployer/providers.go index c616e899..6c8cc650 100644 --- a/internal/deployer/providers.go +++ b/internal/deployer/providers.go @@ -81,17 +81,19 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) { switch options.Provider { case domain.DeployProviderType1PanelConsole: deployer, err := p1PanelConsole.NewDeployer(&p1PanelConsole.DeployerConfig{ - ApiUrl: access.ApiUrl, - ApiKey: access.ApiKey, - AutoRestart: maps.GetValueAsBool(options.ProviderDeployConfig, "autoRestart"), + ApiUrl: access.ApiUrl, + ApiKey: access.ApiKey, + AllowInsecureConnections: access.AllowInsecureConnections, + AutoRestart: maps.GetValueAsBool(options.ProviderDeployConfig, "autoRestart"), }) return deployer, err case domain.DeployProviderType1PanelSite: deployer, err := p1PanelSite.NewDeployer(&p1PanelSite.DeployerConfig{ - ApiUrl: access.ApiUrl, - ApiKey: access.ApiKey, - WebsiteId: maps.GetValueAsInt64(options.ProviderDeployConfig, "websiteId"), + ApiUrl: access.ApiUrl, + ApiKey: access.ApiKey, + AllowInsecureConnections: access.AllowInsecureConnections, + WebsiteId: maps.GetValueAsInt64(options.ProviderDeployConfig, "websiteId"), }) return deployer, err @@ -293,19 +295,21 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) { switch options.Provider { case domain.DeployProviderTypeBaotaPanelConsole: deployer, err := pBaotaPanelConsole.NewDeployer(&pBaotaPanelConsole.DeployerConfig{ - ApiUrl: access.ApiUrl, - ApiKey: access.ApiKey, - AutoRestart: maps.GetValueAsBool(options.ProviderDeployConfig, "autoRestart"), + ApiUrl: access.ApiUrl, + ApiKey: access.ApiKey, + AllowInsecureConnections: access.AllowInsecureConnections, + AutoRestart: maps.GetValueAsBool(options.ProviderDeployConfig, "autoRestart"), }) return deployer, err case domain.DeployProviderTypeBaotaPanelSite: deployer, err := pBaotaPanelSite.NewDeployer(&pBaotaPanelSite.DeployerConfig{ - ApiUrl: access.ApiUrl, - ApiKey: access.ApiKey, - SiteType: maps.GetValueOrDefaultAsString(options.ProviderDeployConfig, "siteType", "other"), - SiteName: maps.GetValueAsString(options.ProviderDeployConfig, "siteName"), - SiteNames: slices.Filter(strings.Split(maps.GetValueAsString(options.ProviderDeployConfig, "siteNames"), ";"), func(s string) bool { return s != "" }), + ApiUrl: access.ApiUrl, + ApiKey: access.ApiKey, + AllowInsecureConnections: access.AllowInsecureConnections, + SiteType: maps.GetValueOrDefaultAsString(options.ProviderDeployConfig, "siteType", "other"), + SiteName: maps.GetValueAsString(options.ProviderDeployConfig, "siteName"), + SiteNames: slices.Filter(strings.Split(maps.GetValueAsString(options.ProviderDeployConfig, "siteNames"), ";"), func(s string) bool { return s != "" }), }) return deployer, err @@ -582,10 +586,11 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) { } deployer, err := pSafeLine.NewDeployer(&pSafeLine.DeployerConfig{ - ApiUrl: access.ApiUrl, - ApiToken: access.ApiToken, - ResourceType: pSafeLine.ResourceType(maps.GetValueAsString(options.ProviderDeployConfig, "resourceType")), - CertificateId: maps.GetValueAsInt32(options.ProviderDeployConfig, "certificateId"), + ApiUrl: access.ApiUrl, + ApiToken: access.ApiToken, + AllowInsecureConnections: access.AllowInsecureConnections, + ResourceType: pSafeLine.ResourceType(maps.GetValueAsString(options.ProviderDeployConfig, "resourceType")), + CertificateId: maps.GetValueAsInt32(options.ProviderDeployConfig, "certificateId"), }) return deployer, err } @@ -823,8 +828,9 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) { } deployer, err := pWebhook.NewDeployer(&pWebhook.DeployerConfig{ - WebhookUrl: access.Url, - WebhookData: maps.GetValueAsString(options.ProviderDeployConfig, "webhookData"), + WebhookUrl: access.Url, + WebhookData: maps.GetValueAsString(options.ProviderDeployConfig, "webhookData"), + AllowInsecureConnections: access.AllowInsecureConnections, }) return deployer, err } diff --git a/internal/domain/access.go b/internal/domain/access.go index 47dd5132..fc6a7eb1 100644 --- a/internal/domain/access.go +++ b/internal/domain/access.go @@ -25,8 +25,9 @@ func (a *Access) UnmarshalConfigToMap() (map[string]any, error) { } type AccessConfigFor1Panel struct { - ApiUrl string `json:"apiUrl"` - ApiKey string `json:"apiKey"` + ApiUrl string `json:"apiUrl"` + ApiKey string `json:"apiKey"` + AllowInsecureConnections bool `json:"allowInsecureConnections,omitempty"` } type AccessConfigForACMEHttpReq struct { @@ -63,8 +64,9 @@ type AccessConfigForBaishan struct { } type AccessConfigForBaotaPanel struct { - ApiUrl string `json:"apiUrl"` - ApiKey string `json:"apiKey"` + ApiUrl string `json:"apiUrl"` + ApiKey string `json:"apiKey"` + AllowInsecureConnections bool `json:"allowInsecureConnections,omitempty"` } type AccessConfigForBytePlus struct { @@ -174,8 +176,9 @@ type AccessConfigForRainYun struct { } type AccessConfigForSafeLine struct { - ApiUrl string `json:"apiUrl"` - ApiToken string `json:"apiToken"` + ApiUrl string `json:"apiUrl"` + ApiToken string `json:"apiToken"` + AllowInsecureConnections bool `json:"allowInsecureConnections,omitempty"` } type AccessConfigForSSH struct { @@ -204,7 +207,8 @@ type AccessConfigForVolcEngine struct { } type AccessConfigForWebhook struct { - Url string `json:"url"` + Url string `json:"url"` + AllowInsecureConnections bool `json:"allowInsecureConnections,omitempty"` } type AccessConfigForWestcn struct { diff --git a/internal/notify/providers.go b/internal/notify/providers.go index 6e18a84c..9cd27439 100644 --- a/internal/notify/providers.go +++ b/internal/notify/providers.go @@ -63,7 +63,8 @@ func createNotifier(channel domain.NotifyChannelType, channelConfig map[string]a case domain.NotifyChannelTypeWebhook: return pWebhook.NewNotifier(&pWebhook.NotifierConfig{ - Url: maps.GetValueAsString(channelConfig, "url"), + Url: maps.GetValueAsString(channelConfig, "url"), + AllowInsecureConnections: maps.GetValueAsBool(channelConfig, "allowInsecureConnections"), }) case domain.NotifyChannelTypeWeCom: diff --git a/internal/pkg/core/deployer/providers/1panel-console/1panel_console.go b/internal/pkg/core/deployer/providers/1panel-console/1panel_console.go index d6b03b8c..512b5296 100644 --- a/internal/pkg/core/deployer/providers/1panel-console/1panel_console.go +++ b/internal/pkg/core/deployer/providers/1panel-console/1panel_console.go @@ -2,6 +2,7 @@ import ( "context" + "crypto/tls" "errors" "net/url" @@ -17,6 +18,8 @@ type DeployerConfig struct { ApiUrl string `json:"apiUrl"` // 1Panel 接口密钥。 ApiKey string `json:"apiKey"` + // 是否允许不安全的连接。 + AllowInsecureConnections bool `json:"allowInsecureConnections,omitempty"` // 是否自动重启。 AutoRestart bool `json:"autoRestart"` } @@ -34,7 +37,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) { panic("config is nil") } - client, err := createSdkClient(config.ApiUrl, config.ApiKey) + client, err := createSdkClient(config.ApiUrl, config.ApiKey, config.AllowInsecureConnections) if err != nil { return nil, xerrors.Wrap(err, "failed to create sdk client") } @@ -74,7 +77,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe return &deployer.DeployResult{}, nil } -func createSdkClient(apiUrl, apiKey string) (*opsdk.Client, error) { +func createSdkClient(apiUrl, apiKey string, allowInsecure bool) (*opsdk.Client, error) { if _, err := url.Parse(apiUrl); err != nil { return nil, errors.New("invalid 1panel api url") } @@ -84,5 +87,9 @@ func createSdkClient(apiUrl, apiKey string) (*opsdk.Client, error) { } client := opsdk.NewClient(apiUrl, apiKey) + if allowInsecure { + client.WithTLSConfig(&tls.Config{InsecureSkipVerify: true}) + } + return client, nil } diff --git a/internal/pkg/core/deployer/providers/1panel-console/1panel_console_test.go b/internal/pkg/core/deployer/providers/1panel-console/1panel_console_test.go index b2d2e788..d4b7cfa9 100644 --- a/internal/pkg/core/deployer/providers/1panel-console/1panel_console_test.go +++ b/internal/pkg/core/deployer/providers/1panel-console/1panel_console_test.go @@ -49,9 +49,10 @@ func TestDeploy(t *testing.T) { }, "\n")) deployer, err := provider.NewDeployer(&provider.DeployerConfig{ - ApiUrl: fApiUrl, - ApiKey: fApiKey, - AutoRestart: true, + ApiUrl: fApiUrl, + ApiKey: fApiKey, + AllowInsecureConnections: true, + AutoRestart: true, }) if err != nil { t.Errorf("err: %+v", err) diff --git a/internal/pkg/core/deployer/providers/1panel-site/1panel_site.go b/internal/pkg/core/deployer/providers/1panel-site/1panel_site.go index 85fc78c9..cdad354a 100644 --- a/internal/pkg/core/deployer/providers/1panel-site/1panel_site.go +++ b/internal/pkg/core/deployer/providers/1panel-site/1panel_site.go @@ -2,6 +2,7 @@ import ( "context" + "crypto/tls" "errors" "net/url" "strconv" @@ -20,6 +21,8 @@ type DeployerConfig struct { ApiUrl string `json:"apiUrl"` // 1Panel 接口密钥。 ApiKey string `json:"apiKey"` + // 是否允许不安全的连接。 + AllowInsecureConnections bool `json:"allowInsecureConnections,omitempty"` // 网站 ID。 WebsiteId int64 `json:"websiteId"` } @@ -38,7 +41,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) { panic("config is nil") } - client, err := createSdkClient(config.ApiUrl, config.ApiKey) + client, err := createSdkClient(config.ApiUrl, config.ApiKey, config.AllowInsecureConnections) if err != nil { return nil, xerrors.Wrap(err, "failed to create sdk client") } @@ -106,7 +109,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe return &deployer.DeployResult{}, nil } -func createSdkClient(apiUrl, apiKey string) (*opsdk.Client, error) { +func createSdkClient(apiUrl, apiKey string, allowInsecure bool) (*opsdk.Client, error) { if _, err := url.Parse(apiUrl); err != nil { return nil, errors.New("invalid 1panel api url") } @@ -116,5 +119,9 @@ func createSdkClient(apiUrl, apiKey string) (*opsdk.Client, error) { } client := opsdk.NewClient(apiUrl, apiKey) + if allowInsecure { + client.WithTLSConfig(&tls.Config{InsecureSkipVerify: true}) + } + return client, nil } diff --git a/internal/pkg/core/deployer/providers/1panel-site/1panel_site_test.go b/internal/pkg/core/deployer/providers/1panel-site/1panel_site_test.go index 82c3874d..1be2444d 100644 --- a/internal/pkg/core/deployer/providers/1panel-site/1panel_site_test.go +++ b/internal/pkg/core/deployer/providers/1panel-site/1panel_site_test.go @@ -53,9 +53,10 @@ func TestDeploy(t *testing.T) { }, "\n")) deployer, err := provider.NewDeployer(&provider.DeployerConfig{ - ApiUrl: fApiUrl, - ApiKey: fApiKey, - WebsiteId: fWebsiteId, + ApiUrl: fApiUrl, + ApiKey: fApiKey, + WebsiteId: fWebsiteId, + AllowInsecureConnections: true, }) if err != nil { t.Errorf("err: %+v", err) diff --git a/internal/pkg/core/deployer/providers/baotapanel-console/baotapanel_console.go b/internal/pkg/core/deployer/providers/baotapanel-console/baotapanel_console.go index 6343acf7..6e64c4f6 100644 --- a/internal/pkg/core/deployer/providers/baotapanel-console/baotapanel_console.go +++ b/internal/pkg/core/deployer/providers/baotapanel-console/baotapanel_console.go @@ -2,6 +2,7 @@ import ( "context" + "crypto/tls" "errors" "net/url" @@ -17,6 +18,8 @@ type DeployerConfig struct { ApiUrl string `json:"apiUrl"` // 宝塔面板接口密钥。 ApiKey string `json:"apiKey"` + // 是否允许不安全的连接。 + AllowInsecureConnections bool `json:"allowInsecureConnections,omitempty"` // 是否自动重启。 AutoRestart bool `json:"autoRestart"` } @@ -34,7 +37,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) { panic("config is nil") } - client, err := createSdkClient(config.ApiUrl, config.ApiKey) + client, err := createSdkClient(config.ApiUrl, config.ApiKey, config.AllowInsecureConnections) if err != nil { return nil, xerrors.Wrap(err, "failed to create sdk client") } @@ -79,7 +82,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe return &deployer.DeployResult{}, nil } -func createSdkClient(apiUrl, apiKey string) (*btsdk.Client, error) { +func createSdkClient(apiUrl, apiKey string, allowInsecure bool) (*btsdk.Client, error) { if _, err := url.Parse(apiUrl); err != nil { return nil, errors.New("invalid baota api url") } @@ -89,5 +92,9 @@ func createSdkClient(apiUrl, apiKey string) (*btsdk.Client, error) { } client := btsdk.NewClient(apiUrl, apiKey) + if allowInsecure { + client.WithTLSConfig(&tls.Config{InsecureSkipVerify: true}) + } + return client, nil } diff --git a/internal/pkg/core/deployer/providers/baotapanel-console/baotapanel_console_test.go b/internal/pkg/core/deployer/providers/baotapanel-console/baotapanel_console_test.go index 2f6ccb18..a10afb37 100644 --- a/internal/pkg/core/deployer/providers/baotapanel-console/baotapanel_console_test.go +++ b/internal/pkg/core/deployer/providers/baotapanel-console/baotapanel_console_test.go @@ -49,9 +49,10 @@ func TestDeploy(t *testing.T) { }, "\n")) deployer, err := provider.NewDeployer(&provider.DeployerConfig{ - ApiUrl: fApiUrl, - ApiKey: fApiKey, - AutoRestart: true, + ApiUrl: fApiUrl, + ApiKey: fApiKey, + AllowInsecureConnections: true, + AutoRestart: true, }) if err != nil { t.Errorf("err: %+v", err) diff --git a/internal/pkg/core/deployer/providers/baotapanel-site/baotapanel_site.go b/internal/pkg/core/deployer/providers/baotapanel-site/baotapanel_site.go index 62cef9de..c6bf4966 100644 --- a/internal/pkg/core/deployer/providers/baotapanel-site/baotapanel_site.go +++ b/internal/pkg/core/deployer/providers/baotapanel-site/baotapanel_site.go @@ -2,6 +2,7 @@ import ( "context" + "crypto/tls" "errors" "fmt" "net/url" @@ -19,6 +20,8 @@ type DeployerConfig struct { ApiUrl string `json:"apiUrl"` // 宝塔面板接口密钥。 ApiKey string `json:"apiKey"` + // 是否允许不安全的连接。 + AllowInsecureConnections bool `json:"allowInsecureConnections,omitempty"` // 站点类型。 SiteType string `json:"siteType"` // 站点名称(单个)。 @@ -40,7 +43,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) { panic("config is nil") } - client, err := createSdkClient(config.ApiUrl, config.ApiKey) + client, err := createSdkClient(config.ApiUrl, config.ApiKey, config.AllowInsecureConnections) if err != nil { return nil, xerrors.Wrap(err, "failed to create sdk client") } @@ -122,7 +125,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe return &deployer.DeployResult{}, nil } -func createSdkClient(apiUrl, apiKey string) (*btsdk.Client, error) { +func createSdkClient(apiUrl, apiKey string, allowInsecure bool) (*btsdk.Client, error) { if _, err := url.Parse(apiUrl); err != nil { return nil, errors.New("invalid baota api url") } @@ -132,5 +135,9 @@ func createSdkClient(apiUrl, apiKey string) (*btsdk.Client, error) { } client := btsdk.NewClient(apiUrl, apiKey) + if allowInsecure { + client.WithTLSConfig(&tls.Config{InsecureSkipVerify: true}) + } + return client, nil } diff --git a/internal/pkg/core/deployer/providers/baotapanel-site/baotapanel_site_test.go b/internal/pkg/core/deployer/providers/baotapanel-site/baotapanel_site_test.go index 4c31b021..f36605fe 100644 --- a/internal/pkg/core/deployer/providers/baotapanel-site/baotapanel_site_test.go +++ b/internal/pkg/core/deployer/providers/baotapanel-site/baotapanel_site_test.go @@ -57,11 +57,12 @@ func TestDeploy(t *testing.T) { }, "\n")) deployer, err := provider.NewDeployer(&provider.DeployerConfig{ - ApiUrl: fApiUrl, - ApiKey: fApiKey, - SiteType: fSiteType, - SiteName: fSiteName, - SiteNames: []string{fSiteName}, + ApiUrl: fApiUrl, + ApiKey: fApiKey, + AllowInsecureConnections: true, + SiteType: fSiteType, + SiteName: fSiteName, + SiteNames: []string{fSiteName}, }) if err != nil { t.Errorf("err: %+v", err) diff --git a/internal/pkg/core/deployer/providers/safeline/safeline.go b/internal/pkg/core/deployer/providers/safeline/safeline.go index 3b4006c4..4766c364 100644 --- a/internal/pkg/core/deployer/providers/safeline/safeline.go +++ b/internal/pkg/core/deployer/providers/safeline/safeline.go @@ -2,6 +2,7 @@ import ( "context" + "crypto/tls" "errors" "fmt" "net/url" @@ -18,6 +19,8 @@ type DeployerConfig struct { ApiUrl string `json:"apiUrl"` // 雷池 API Token。 ApiToken string `json:"apiToken"` + // 是否允许不安全的连接。 + AllowInsecureConnections bool `json:"allowInsecureConnections,omitempty"` // 部署资源类型。 ResourceType ResourceType `json:"resourceType"` // 证书 ID。 @@ -38,7 +41,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) { panic("config is nil") } - client, err := createSdkClient(config.ApiUrl, config.ApiToken) + client, err := createSdkClient(config.ApiUrl, config.ApiToken, config.AllowInsecureConnections) if err != nil { return nil, xerrors.Wrap(err, "failed to create sdk clients") } @@ -94,7 +97,7 @@ func (d *DeployerProvider) deployToCertificate(ctx context.Context, certPem stri return nil } -func createSdkClient(apiUrl, apiToken string) (*safelinesdk.Client, error) { +func createSdkClient(apiUrl, apiToken string, allowInsecure bool) (*safelinesdk.Client, error) { if _, err := url.Parse(apiUrl); err != nil { return nil, errors.New("invalid safeline api url") } @@ -104,5 +107,9 @@ func createSdkClient(apiUrl, apiToken string) (*safelinesdk.Client, error) { } client := safelinesdk.NewClient(apiUrl, apiToken) + if allowInsecure { + client.WithTLSConfig(&tls.Config{InsecureSkipVerify: true}) + } + return client, nil } diff --git a/internal/pkg/core/deployer/providers/safeline/safeline_test.go b/internal/pkg/core/deployer/providers/safeline/safeline_test.go index 0d7f2223..42c6313f 100644 --- a/internal/pkg/core/deployer/providers/safeline/safeline_test.go +++ b/internal/pkg/core/deployer/providers/safeline/safeline_test.go @@ -53,10 +53,11 @@ func TestDeploy(t *testing.T) { }, "\n")) deployer, err := provider.NewDeployer(&provider.DeployerConfig{ - ApiUrl: fApiUrl, - ApiToken: fApiToken, - ResourceType: provider.ResourceType("certificate"), - CertificateId: fCertificateId, + ApiUrl: fApiUrl, + ApiToken: fApiToken, + AllowInsecureConnections: true, + ResourceType: provider.ResourceType("certificate"), + CertificateId: int32(fCertificateId), }) if err != nil { t.Errorf("err: %+v", err) diff --git a/internal/pkg/core/deployer/providers/webhook/webhook.go b/internal/pkg/core/deployer/providers/webhook/webhook.go index 7a9edfda..6a1e8a21 100644 --- a/internal/pkg/core/deployer/providers/webhook/webhook.go +++ b/internal/pkg/core/deployer/providers/webhook/webhook.go @@ -2,6 +2,7 @@ package webhook import ( "context" + "crypto/tls" "encoding/json" "strings" "time" @@ -19,6 +20,8 @@ type DeployerConfig struct { WebhookUrl string `json:"webhookUrl"` // Webhook 回调数据(JSON 格式)。 WebhookData string `json:"webhookData,omitempty"` + // 是否允许不安全的连接。 + AllowInsecureConnections bool `json:"allowInsecureConnections,omitempty"` } type DeployerProvider struct { @@ -38,6 +41,9 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) { SetTimeout(30 * time.Second). SetRetryCount(3). SetRetryWaitTime(5 * time.Second) + if config.AllowInsecureConnections { + client.SetTLSClientConfig(&tls.Config{InsecureSkipVerify: true}) + } return &DeployerProvider{ config: config, diff --git a/internal/pkg/core/deployer/providers/webhook/webhook_test.go b/internal/pkg/core/deployer/providers/webhook/webhook_test.go index 7dd6f24a..a31ef913 100644 --- a/internal/pkg/core/deployer/providers/webhook/webhook_test.go +++ b/internal/pkg/core/deployer/providers/webhook/webhook_test.go @@ -49,8 +49,9 @@ func TestDeploy(t *testing.T) { }, "\n")) deployer, err := provider.NewDeployer(&provider.DeployerConfig{ - WebhookUrl: fWebhookUrl, - WebhookData: fWebhookData, + WebhookUrl: fWebhookUrl, + WebhookData: fWebhookData, + AllowInsecureConnections: true, }) if err != nil { t.Errorf("err: %+v", err) diff --git a/internal/pkg/core/notifier/providers/webhook/webhook.go b/internal/pkg/core/notifier/providers/webhook/webhook.go index 55c0e668..f753645a 100644 --- a/internal/pkg/core/notifier/providers/webhook/webhook.go +++ b/internal/pkg/core/notifier/providers/webhook/webhook.go @@ -2,8 +2,10 @@ import ( "context" + "crypto/tls" + "net/http" - "github.com/nikoksr/notify/service/http" + webhook "github.com/nikoksr/notify/service/http" "github.com/usual2970/certimate/internal/pkg/core/notifier" ) @@ -11,6 +13,8 @@ import ( type NotifierConfig struct { // Webhook URL。 Url string `json:"url"` + // 是否允许不安全的连接。 + AllowInsecureConnections bool `json:"allowInsecureConnections,omitempty"` } type NotifierProvider struct { @@ -30,10 +34,16 @@ func NewNotifier(config *NotifierConfig) (*NotifierProvider, error) { } func (n *NotifierProvider) Notify(ctx context.Context, subject string, message string) (res *notifier.NotifyResult, err error) { - srv := http.New() - + srv := webhook.New() srv.AddReceiversURLs(n.config.Url) + if n.config.AllowInsecureConnections { + tlsConfig := &tls.Config{InsecureSkipVerify: true} + transport := &http.Transport{TLSClientConfig: tlsConfig} + client := &http.Client{Transport: transport} + srv.WithClient(client) + } + err = srv.Send(ctx, subject, message) if err != nil { return nil, err diff --git a/internal/pkg/core/notifier/providers/webhook/webhook_test.go b/internal/pkg/core/notifier/providers/webhook/webhook_test.go index 7afe6be4..8210358b 100644 --- a/internal/pkg/core/notifier/providers/webhook/webhook_test.go +++ b/internal/pkg/core/notifier/providers/webhook/webhook_test.go @@ -39,7 +39,8 @@ func TestNotify(t *testing.T) { }, "\n")) notifier, err := provider.NewNotifier(&provider.NotifierConfig{ - Url: fUrl, + Url: fUrl, + AllowInsecureConnections: true, }) if err != nil { t.Errorf("err: %+v", err) diff --git a/internal/pkg/vendors/1panel-sdk/client.go b/internal/pkg/vendors/1panel-sdk/client.go index 629fad01..9c424111 100644 --- a/internal/pkg/vendors/1panel-sdk/client.go +++ b/internal/pkg/vendors/1panel-sdk/client.go @@ -35,7 +35,7 @@ func (c *Client) WithTimeout(timeout time.Duration) *Client { return c } -func (c *Client) WithTlsConfig(config *tls.Config) *Client { +func (c *Client) WithTLSConfig(config *tls.Config) *Client { c.client.SetTLSClientConfig(config) return c } diff --git a/internal/pkg/vendors/btpanel-sdk/client.go b/internal/pkg/vendors/btpanel-sdk/client.go index 54564f0e..847a4387 100644 --- a/internal/pkg/vendors/btpanel-sdk/client.go +++ b/internal/pkg/vendors/btpanel-sdk/client.go @@ -2,6 +2,7 @@ package btpanelsdk import ( "crypto/md5" + "crypto/tls" "encoding/hex" "encoding/json" "fmt" @@ -34,6 +35,11 @@ func (c *Client) WithTimeout(timeout time.Duration) *Client { return c } +func (c *Client) WithTLSConfig(config *tls.Config) *Client { + c.client.SetTLSClientConfig(config) + return c +} + func (c *Client) generateSignature(timestamp string) string { keyMd5 := md5.Sum([]byte(c.apiKey)) keyMd5Hex := strings.ToLower(hex.EncodeToString(keyMd5[:])) diff --git a/internal/pkg/vendors/safeline-sdk/client.go b/internal/pkg/vendors/safeline-sdk/client.go index c6e6caf1..0d47c028 100644 --- a/internal/pkg/vendors/safeline-sdk/client.go +++ b/internal/pkg/vendors/safeline-sdk/client.go @@ -1,6 +1,7 @@ package safelinesdk import ( + "crypto/tls" "encoding/json" "fmt" "strings" @@ -31,6 +32,11 @@ func (c *Client) WithTimeout(timeout time.Duration) *Client { return c } +func (c *Client) WithTLSConfig(config *tls.Config) *Client { + c.client.SetTLSClientConfig(config) + return c +} + func (c *Client) sendRequest(path string, params interface{}) (*resty.Response, error) { url := c.apiHost + path req := c.client.R(). diff --git a/ui/src/components/access/AccessForm1PanelConfig.tsx b/ui/src/components/access/AccessForm1PanelConfig.tsx index 3b765b3e..1dde96b5 100644 --- a/ui/src/components/access/AccessForm1PanelConfig.tsx +++ b/ui/src/components/access/AccessForm1PanelConfig.tsx @@ -1,5 +1,5 @@ import { useTranslation } from "react-i18next"; -import { Form, type FormInstance, Input } from "antd"; +import { Form, type FormInstance, Input, Switch } from "antd"; import { createSchemaFieldRule } from "antd-zod"; import { z } from "zod"; @@ -32,6 +32,7 @@ const AccessForm1PanelConfig = ({ form: formInst, formName, disabled, initialVal .min(1, t("access.form.1panel_api_key.placeholder")) .max(64, t("common.errmsg.string_max", { max: 64 })) .trim(), + allowInsecureConnections: z.boolean().nullish(), }); const formRule = createSchemaFieldRule(formSchema); @@ -65,6 +66,18 @@ const AccessForm1PanelConfig = ({ form: formInst, formName, disabled, initialVal > + + } + > + + ); }; diff --git a/ui/src/components/access/AccessFormBaotaPanelConfig.tsx b/ui/src/components/access/AccessFormBaotaPanelConfig.tsx index 9a47674d..fa9c4723 100644 --- a/ui/src/components/access/AccessFormBaotaPanelConfig.tsx +++ b/ui/src/components/access/AccessFormBaotaPanelConfig.tsx @@ -1,5 +1,5 @@ import { useTranslation } from "react-i18next"; -import { Form, type FormInstance, Input } from "antd"; +import { Form, type FormInstance, Input, Switch } from "antd"; import { createSchemaFieldRule } from "antd-zod"; import { z } from "zod"; @@ -32,6 +32,7 @@ const AccessFormBaotaPanelConfig = ({ form: formInst, formName, disabled, initia .min(1, t("access.form.baotapanel_api_key.placeholder")) .max(64, t("common.errmsg.string_max", { max: 64 })) .trim(), + allowInsecureConnections: z.boolean().nullish(), }); const formRule = createSchemaFieldRule(formSchema); @@ -65,6 +66,18 @@ const AccessFormBaotaPanelConfig = ({ form: formInst, formName, disabled, initia > + + } + > + + ); }; diff --git a/ui/src/components/access/AccessFormSafeLineConfig.tsx b/ui/src/components/access/AccessFormSafeLineConfig.tsx index 44dd77d1..5b16c508 100644 --- a/ui/src/components/access/AccessFormSafeLineConfig.tsx +++ b/ui/src/components/access/AccessFormSafeLineConfig.tsx @@ -1,5 +1,5 @@ import { useTranslation } from "react-i18next"; -import { Form, type FormInstance, Input } from "antd"; +import { Form, type FormInstance, Input, Switch } from "antd"; import { createSchemaFieldRule } from "antd-zod"; import { z } from "zod"; @@ -32,6 +32,7 @@ const AccessFormSafeLineConfig = ({ form: formInst, formName, disabled, initialV .min(1, t("access.form.safeline_api_token.placeholder")) .max(64, t("common.errmsg.string_max", { max: 64 })) .trim(), + allowInsecureConnections: z.boolean().nullish(), }); const formRule = createSchemaFieldRule(formSchema); @@ -65,6 +66,18 @@ const AccessFormSafeLineConfig = ({ form: formInst, formName, disabled, initialV > + + } + > + + ); }; diff --git a/ui/src/components/access/AccessFormWebhookConfig.tsx b/ui/src/components/access/AccessFormWebhookConfig.tsx index 60f55fe6..89280d79 100644 --- a/ui/src/components/access/AccessFormWebhookConfig.tsx +++ b/ui/src/components/access/AccessFormWebhookConfig.tsx @@ -1,5 +1,5 @@ import { useTranslation } from "react-i18next"; -import { Form, type FormInstance, Input } from "antd"; +import { Form, type FormInstance, Input, Switch } from "antd"; import { createSchemaFieldRule } from "antd-zod"; import { z } from "zod"; @@ -26,6 +26,7 @@ const AccessFormWebhookConfig = ({ form: formInst, formName, disabled, initialVa const formSchema = z.object({ url: z.string({ message: t("access.form.webhook_url.placeholder") }).url(t("common.errmsg.url_invalid")), + allowInsecureConnections: z.boolean().nullish(), }); const formRule = createSchemaFieldRule(formSchema); @@ -45,6 +46,18 @@ const AccessFormWebhookConfig = ({ form: formInst, formName, disabled, initialVa + + } + > + + ); }; diff --git a/ui/src/components/notification/NotifyChannels.tsx b/ui/src/components/notification/NotifyChannels.tsx index 8dacecb9..50bc881d 100644 --- a/ui/src/components/notification/NotifyChannels.tsx +++ b/ui/src/components/notification/NotifyChannels.tsx @@ -98,8 +98,8 @@ const NotifyChannels = ({ className, classNames, style, styles }: NotifyChannels handleSwitchChange(channel.type, checked)} /> diff --git a/ui/src/components/workflow/node/DeployNodeConfigForm.tsx b/ui/src/components/workflow/node/DeployNodeConfigForm.tsx index 9fe9943f..eb240de6 100644 --- a/ui/src/components/workflow/node/DeployNodeConfigForm.tsx +++ b/ui/src/components/workflow/node/DeployNodeConfigForm.tsx @@ -433,8 +433,8 @@ const DeployNodeConfigForm = forwardRef{t("workflow_node.deploy.form.skip_on_last_succeeded.prefix")}
{t("workflow_node.deploy.form.skip_on_last_succeeded.suffix")}
diff --git a/ui/src/domain/access.ts b/ui/src/domain/access.ts index ea2586af..1b5adf45 100644 --- a/ui/src/domain/access.ts +++ b/ui/src/domain/access.ts @@ -50,6 +50,7 @@ export interface AccessModel extends BaseModel { export type AccessConfigFor1Panel = { apiUrl: string; apiKey: string; + allowInsecureConnections?: boolean; }; export type AccessConfigForACMEHttpReq = { @@ -88,6 +89,7 @@ export type AccessConfigForBaishan = { export type AccessConfigForBaotaPanel = { apiUrl: string; apiKey: string; + allowInsecureConnections?: boolean; }; export type AccessConfigForBytePlus = { @@ -199,6 +201,7 @@ export type AccessConfigForRainYun = { export type AccessConfigForSafeLine = { apiUrl: string; apiToken: string; + allowInsecureConnections?: boolean; }; export type AccessConfigForSSH = { @@ -228,6 +231,7 @@ export type AccessConfigForVolcEngine = { export type AccessConfigForWebhook = { url: string; + allowInsecureConnections?: boolean; }; export type AccessConfigForWestcn = { diff --git a/ui/src/i18n/locales/en/nls.access.json b/ui/src/i18n/locales/en/nls.access.json index 67dcdef6..b3884dd4 100644 --- a/ui/src/i18n/locales/en/nls.access.json +++ b/ui/src/i18n/locales/en/nls.access.json @@ -29,6 +29,10 @@ "access.form.1panel_api_key.label": "1Panel API key", "access.form.1panel_api_key.placeholder": "Please enter 1Panel API key", "access.form.1panel_api_key.tooltip": "For more information, see https://docs.1panel.pro/dev_manual/api_manual/", + "access.form.1panel_allow_insecure_conns.label": "Insecure SSL/TLS connections", + "access.form.1panel_allow_insecure_conns.tooltip": "Allowing insecure connections may lead to data leak or tampering. Use this option only when under trusted networks.", + "access.form.1panel_allow_insecure_conns.switch.on": "Allow", + "access.form.1panel_allow_insecure_conns.switch.off": "Disallow", "access.form.acmehttpreq_endpoint.label": "Endpoint", "access.form.acmehttpreq_endpoint.placeholder": "Please enter endpoint", "access.form.acmehttpreq_endpoint.tooltip": "For more information, see https://go-acme.github.io/lego/dns/httpreq/", @@ -79,6 +83,10 @@ "access.form.baotapanel_api_key.label": "aaPanel API key", "access.form.baotapanel_api_key.placeholder": "Please enter aaPanel API key", "access.form.baotapanel_api_key.tooltip": "For more information, see https://www.bt.cn/bbs/thread-20376-1-1.html", + "access.form.baotapanel_allow_insecure_conns.label": "Insecure SSL/TLS connections", + "access.form.baotapanel_allow_insecure_conns.tooltip": "Allowing insecure connections may lead to data leak or tampering. Use this option only when under trusted networks.", + "access.form.baotapanel_allow_insecure_conns.switch.on": "Allow", + "access.form.baotapanel_allow_insecure_conns.switch.off": "Disallow", "access.form.byteplus_access_key.label": "BytePlus AccessKey", "access.form.byteplus_access_key.placeholder": "Please enter BytePlus AccessKey", "access.form.byteplus_access_key.tooltip": "For more information, see https://docs.byteplus.com/en/docs/byteplus-platform/docs-managing-keys", @@ -200,6 +208,10 @@ "access.form.safeline_api_token.label": "SafeLine API token", "access.form.safeline_api_token.placeholder": "Please enter SafeLine API token", "access.form.safeline_api_token.tooltip": "For more information, see https://docs.waf.chaitin.com/en/reference/articles/openapi", + "access.form.safeline_allow_insecure_conns.label": "Insecure SSL/TLS connections", + "access.form.safeline_allow_insecure_conns.tooltip": "Allowing insecure connections may lead to data leak or tampering. Use this option only when under trusted networks.", + "access.form.safeline_allow_insecure_conns.switch.on": "Allow", + "access.form.safeline_allow_insecure_conns.switch.off": "Disallow", "access.form.ssh_host.label": "Server host", "access.form.ssh_host.placeholder": "Please enter server host", "access.form.ssh_port.label": "Server port", @@ -239,6 +251,10 @@ "access.form.volcengine_secret_access_key.tooltip": "For more information, see https://www.volcengine.com/docs/6291/216571", "access.form.webhook_url.label": "Webhook URL", "access.form.webhook_url.placeholder": "Please enter Webhook URL", + "access.form.webhook_allow_insecure_conns.label": "Insecure SSL/TLS connections", + "access.form.webhook_allow_insecure_conns.tooltip": "Allowing insecure connections may lead to data leak or tampering. Use this option only when under trusted networks.", + "access.form.webhook_allow_insecure_conns.switch.on": "Allow", + "access.form.webhook_allow_insecure_conns.switch.off": "Disallow", "access.form.westcn_username.label": "West.cn username", "access.form.westcn_username.placeholder": "Please enter West.cn username", "access.form.westcn_username.tooltip": "For more information, see https://www.west.cn/CustomerCenter/doc/apiv2.html", diff --git a/ui/src/i18n/locales/en/nls.settings.json b/ui/src/i18n/locales/en/nls.settings.json index e23c7d97..f4b3c85f 100644 --- a/ui/src/i18n/locales/en/nls.settings.json +++ b/ui/src/i18n/locales/en/nls.settings.json @@ -24,8 +24,8 @@ "settings.notification.template.form.message.placeholder": "Please enter notification message", "settings.notification.template.form.message.extra": "Supported variables (${COUNT}: number of expiring soon. ${DOMAINS}: Domain list)", "settings.notification.channels.card.title": "Channels", - "settings.notification.channel.enabled.on": "On", - "settings.notification.channel.enabled.off": "Off", + "settings.notification.channel.switch.on": "On", + "settings.notification.channel.switch.off": "Off", "settings.notification.push_test.button": "Send test notification", "settings.notification.push_test.pushed": "Sent", "settings.notification.channel.form.bark_server_url.label": "Server URL", @@ -44,7 +44,7 @@ "settings.notification.channel.form.email_smtp_host.placeholder": "Please enter SMTP host", "settings.notification.channel.form.email_smtp_port.label": "SMTP port", "settings.notification.channel.form.email_smtp_port.placeholder": "Please enter SMTP port", - "settings.notification.channel.form.email_smtp_tls.label": "Use TLS/SSL", + "settings.notification.channel.form.email_smtp_tls.label": "Use SSL/TLS", "settings.notification.channel.form.email_username.label": "Username", "settings.notification.channel.form.email_username.placeholder": "please enter username", "settings.notification.channel.form.email_password.label": "Password", diff --git a/ui/src/i18n/locales/en/nls.workflow.nodes.json b/ui/src/i18n/locales/en/nls.workflow.nodes.json index 31b421a7..08eeafcf 100644 --- a/ui/src/i18n/locales/en/nls.workflow.nodes.json +++ b/ui/src/i18n/locales/en/nls.workflow.nodes.json @@ -533,8 +533,8 @@ "workflow_node.deploy.form.skip_on_last_succeeded.label": "Repeated deployment", "workflow_node.deploy.form.skip_on_last_succeeded.prefix": "If the last deployment was successful, ", "workflow_node.deploy.form.skip_on_last_succeeded.suffix": " to re-deploy.", - "workflow_node.deploy.form.skip_on_last_succeeded.enabled.on": "skip", - "workflow_node.deploy.form.skip_on_last_succeeded.enabled.off": "not skip", + "workflow_node.deploy.form.skip_on_last_succeeded.switch.on": "skip", + "workflow_node.deploy.form.skip_on_last_succeeded.switch.off": "not skip", "workflow_node.notify.label": "Notification", "workflow_node.notify.form.subject.label": "Subject", diff --git a/ui/src/i18n/locales/zh/nls.access.json b/ui/src/i18n/locales/zh/nls.access.json index a7b32ba8..d72cd259 100644 --- a/ui/src/i18n/locales/zh/nls.access.json +++ b/ui/src/i18n/locales/zh/nls.access.json @@ -29,6 +29,10 @@ "access.form.1panel_api_key.label": "1Panel 接口密钥", "access.form.1panel_api_key.placeholder": "请输入 1Panel 接口密钥", "access.form.1panel_api_key.tooltip": "这是什么?请参阅 https://1panel.cn/docs/dev_manual/api_manual/", + "access.form.1panel_allow_insecure_conns.label": "忽略 SSL/TLS 证书错误", + "access.form.1panel_allow_insecure_conns.tooltip": "忽略 SSL/TLS 证书错误可能导致数据泄露或被篡改。建议仅在可信网络下启用。", + "access.form.1panel_allow_insecure_conns.switch.on": "允许", + "access.form.1panel_allow_insecure_conns.switch.off": "不允许", "access.form.acmehttpreq_endpoint.label": "服务端点", "access.form.acmehttpreq_endpoint.placeholder": "请输入服务端点", "access.form.acmehttpreq_endpoint.tooltip": "这是什么?请参阅 https://go-acme.github.io/lego/dns/httpreq/", @@ -79,6 +83,10 @@ "access.form.baotapanel_api_key.label": "宝塔面板接口密钥", "access.form.baotapanel_api_key.placeholder": "请输入宝塔面板接口密钥", "access.form.baotapanel_api_key.tooltip": "这是什么?请参阅 https://www.bt.cn/bbs/thread-113890-1-1.html", + "access.form.baotapanel_allow_insecure_conns.label": "忽略 SSL/TLS 证书错误", + "access.form.baotapanel_allow_insecure_conns.tooltip": "忽略 SSL/TLS 证书错误可能导致数据泄露或被篡改。建议仅在可信网络下启用。", + "access.form.baotapanel_allow_insecure_conns.switch.on": "允许", + "access.form.baotapanel_allow_insecure_conns.switch.off": "不允许", "access.form.byteplus_access_key.label": "BytePlus AccessKey", "access.form.byteplus_access_key.placeholder": "请输入 BytePlus AccessKey", "access.form.byteplus_access_key.tooltip": "这是什么?请参阅 https://docs.byteplus.com/zh-CN/docs/byteplus-platform/docs-managing-keys", @@ -200,6 +208,10 @@ "access.form.safeline_api_token.label": "雷池 API Token", "access.form.safeline_api_token.placeholder": "请输入雷池 API Token", "access.form.safeline_api_token.tooltip": "这是什么?请参阅 https://docs.waf-ce.chaitin.cn/zh/更多技术文档/OPENAPI", + "access.form.safeline_allow_insecure_conns.label": "忽略 SSL/TLS 证书错误", + "access.form.safeline_allow_insecure_conns.tooltip": "忽略 SSL/TLS 证书错误可能导致数据泄露或被篡改。建议仅在可信网络下启用。", + "access.form.safeline_allow_insecure_conns.switch.on": "允许", + "access.form.safeline_allow_insecure_conns.switch.off": "不允许", "access.form.ssh_host.label": "服务器地址", "access.form.ssh_host.placeholder": "请输入服务器地址", "access.form.ssh_port.label": "服务器端口", @@ -239,6 +251,10 @@ "access.form.volcengine_secret_access_key.tooltip": "这是什么?请参阅 https://www.volcengine.com/docs/6291/216571", "access.form.webhook_url.label": "Webhook 回调地址", "access.form.webhook_url.placeholder": "请输入 Webhook 回调地址", + "access.form.webhook_allow_insecure_conns.label": "忽略 SSL/TLS 证书错误", + "access.form.webhook_allow_insecure_conns.tooltip": "忽略 SSL/TLS 证书错误可能导致数据泄露或被篡改。建议仅在可信网络下启用。", + "access.form.webhook_allow_insecure_conns.switch.on": "允许", + "access.form.webhook_allow_insecure_conns.switch.off": "不允许", "access.form.westcn_username.label": "西部数码用户名", "access.form.westcn_username.placeholder": "请输入西部数码用户名", "access.form.westcn_username.tooltip": "这是什么?请参阅 https://www.west.cn/CustomerCenter/doc/apiv2.html", diff --git a/ui/src/i18n/locales/zh/nls.settings.json b/ui/src/i18n/locales/zh/nls.settings.json index 7b0de81e..1fcec35d 100644 --- a/ui/src/i18n/locales/zh/nls.settings.json +++ b/ui/src/i18n/locales/zh/nls.settings.json @@ -24,8 +24,8 @@ "settings.notification.template.form.message.placeholder": "请输入通知内容", "settings.notification.template.form.message.extra": "过期前 20 天发送通知。支持的变量(${COUNT}: 即将过期张数;${DOMAINS}: 域名列表)", "settings.notification.channels.card.title": "通知渠道", - "settings.notification.channel.enabled.on": "启用", - "settings.notification.channel.enabled.off": "停用", + "settings.notification.channel.switch.on": "启用", + "settings.notification.channel.switch.off": "停用", "settings.notification.push_test.button": "推送测试消息", "settings.notification.push_test.pushed": "已推送", "settings.notification.channel.form.bark_server_url.label": "服务器地址", @@ -44,7 +44,7 @@ "settings.notification.channel.form.email_smtp_host.placeholder": "请输入 SMTP 服务器地址", "settings.notification.channel.form.email_smtp_port.label": "SMTP 服务器端口", "settings.notification.channel.form.email_smtp_port.placeholder": "请输入 SMTP 服务器端口", - "settings.notification.channel.form.email_smtp_tls.label": "TLS/SSL 连接", + "settings.notification.channel.form.email_smtp_tls.label": "SSL/TLS 连接", "settings.notification.channel.form.email_username.label": "用户名", "settings.notification.channel.form.email_username.placeholder": "请输入用户名", "settings.notification.channel.form.email_password.label": "密码", diff --git a/ui/src/i18n/locales/zh/nls.workflow.nodes.json b/ui/src/i18n/locales/zh/nls.workflow.nodes.json index 8f060adf..f2d8c130 100644 --- a/ui/src/i18n/locales/zh/nls.workflow.nodes.json +++ b/ui/src/i18n/locales/zh/nls.workflow.nodes.json @@ -533,8 +533,8 @@ "workflow_node.deploy.form.skip_on_last_succeeded.label": "重复部署", "workflow_node.deploy.form.skip_on_last_succeeded.prefix": "当上次部署已成功时", "workflow_node.deploy.form.skip_on_last_succeeded.suffix": "重新部署。", - "workflow_node.deploy.form.skip_on_last_succeeded.enabled.on": "跳过", - "workflow_node.deploy.form.skip_on_last_succeeded.enabled.off": "不跳过", + "workflow_node.deploy.form.skip_on_last_succeeded.switch.on": "跳过", + "workflow_node.deploy.form.skip_on_last_succeeded.switch.off": "不跳过", "workflow_node.notify.label": "通知", "workflow_node.notify.form.subject.label": "通知主题",