diff --git a/internal/deployer/deployer.go b/internal/deployer/deployer.go index 38ee209b..31a0c50f 100644 --- a/internal/deployer/deployer.go +++ b/internal/deployer/deployer.go @@ -34,6 +34,7 @@ const ( targetHuaweiCloudCDN = "huaweicloud-cdn" targetHuaweiCloudELB = "huaweicloud-elb" targetQiniuCdn = "qiniu-cdn" + targetDogeCloudCdn = "dogecloud-cdn" targetLocal = "local" targetSSH = "ssh" targetWebhook = "webhook" @@ -136,6 +137,8 @@ func getWithDeployConfig(record *models.Record, cert *applicant.Certificate, dep return NewHuaweiCloudELBDeployer(option) case targetQiniuCdn: return NewQiniuCDNDeployer(option) + case targetDogeCloudCdn: + return NewDogeCloudCDNDeployer(option) case targetLocal: return NewLocalDeployer(option) case targetSSH: diff --git a/internal/deployer/dogecloud_cdn.go b/internal/deployer/dogecloud_cdn.go new file mode 100644 index 00000000..c68cb3ba --- /dev/null +++ b/internal/deployer/dogecloud_cdn.go @@ -0,0 +1,86 @@ +package deployer + +import ( + "context" + "encoding/json" + "fmt" + + xerrors "github.com/pkg/errors" + + "github.com/usual2970/certimate/internal/domain" + "github.com/usual2970/certimate/internal/pkg/core/uploader" + uploaderDoge "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/dogecloud" + doge "github.com/usual2970/certimate/internal/pkg/vendors/dogecloud-sdk" +) + +type DogeCloudCDNDeployer struct { + option *DeployerOption + infos []string + + sdkClient *doge.Client + sslUploader uploader.Uploader +} + +func NewDogeCloudCDNDeployer(option *DeployerOption) (Deployer, error) { + access := &domain.DogeCloudAccess{} + if err := json.Unmarshal([]byte(option.Access), access); err != nil { + return nil, xerrors.Wrap(err, "failed to get access") + } + + client, err := (&DogeCloudCDNDeployer{}).createSdkClient( + access.AccessKey, + access.SecretKey, + ) + if err != nil { + return nil, xerrors.Wrap(err, "failed to create sdk client") + } + + uploader, err := uploaderDoge.New(&uploaderDoge.DogeCloudUploaderConfig{ + AccessKey: access.AccessKey, + SecretKey: access.SecretKey, + }) + if err != nil { + return nil, xerrors.Wrap(err, "failed to create ssl uploader") + } + + return &DogeCloudCDNDeployer{ + option: option, + infos: make([]string, 0), + sdkClient: client, + sslUploader: uploader, + }, nil +} + +func (d *DogeCloudCDNDeployer) GetID() string { + return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id) +} + +func (d *DogeCloudCDNDeployer) GetInfos() []string { + return d.infos +} + +func (d *DogeCloudCDNDeployer) Deploy(ctx context.Context) error { + // 上传证书到 CDN + upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey) + if err != nil { + return err + } + + d.infos = append(d.infos, toStr("已上传证书", upres)) + + // 绑定证书 + // REF: https://docs.dogecloud.com/cdn/api-cert-bind + bindCdnCertResp, err := d.sdkClient.BindCdnCertWithDomain(upres.CertId, d.option.DeployConfig.GetConfigAsString("domain")) + if err != nil { + return xerrors.Wrap(err, "failed to execute sdk request 'cdn.BindCdnCert'") + } + + d.infos = append(d.infos, toStr("已绑定证书", bindCdnCertResp)) + + return nil +} + +func (d *DogeCloudCDNDeployer) createSdkClient(accessKey, secretKey string) (*doge.Client, error) { + client := doge.NewClient(accessKey, secretKey) + return client, nil +} diff --git a/internal/pkg/core/uploader/providers/dogecloud/dogecloud.go b/internal/pkg/core/uploader/providers/dogecloud/dogecloud.go new file mode 100644 index 00000000..cc2475d5 --- /dev/null +++ b/internal/pkg/core/uploader/providers/dogecloud/dogecloud.go @@ -0,0 +1,61 @@ +package dogecloud + +import ( + "context" + "fmt" + "time" + + xerrors "github.com/pkg/errors" + + "github.com/usual2970/certimate/internal/pkg/core/uploader" + doge "github.com/usual2970/certimate/internal/pkg/vendors/dogecloud-sdk" +) + +type DogeCloudUploaderConfig struct { + AccessKey string `json:"accessKey"` + SecretKey string `json:"secretKey"` +} + +type DogeCloudUploader struct { + config *DogeCloudUploaderConfig + sdkClient *doge.Client +} + +func New(config *DogeCloudUploaderConfig) (*DogeCloudUploader, error) { + client, err := createSdkClient( + config.AccessKey, + config.SecretKey, + ) + if err != nil { + return nil, xerrors.Wrap(err, "failed to create sdk client") + } + + return &DogeCloudUploader{ + config: config, + sdkClient: client, + }, nil +} + +func (u *DogeCloudUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) { + // 生成新证书名(需符合多吉云命名规则) + var certId, certName string + certName = fmt.Sprintf("certimate-%d", time.Now().UnixMilli()) + + // 上传新证书 + // REF: https://docs.dogecloud.com/cdn/api-cert-upload + uploadSslCertResp, err := u.sdkClient.UploadCdnCert(certName, certName, privkeyPem) + if err != nil { + return nil, xerrors.Wrap(err, "failed to execute sdk request 'cdn.UploadCdnCert'") + } + + certId = uploadSslCertResp.Data.Id + return &uploader.UploadResult{ + CertId: certId, + CertName: certName, + }, nil +} + +func createSdkClient(accessKey, secretKey string) (*doge.Client, error) { + client := doge.NewClient(accessKey, secretKey) + return client, nil +} diff --git a/internal/pkg/vendors/dogecloud-sdk/client.go b/internal/pkg/vendors/dogecloud-sdk/client.go new file mode 100644 index 00000000..86a2e80a --- /dev/null +++ b/internal/pkg/vendors/dogecloud-sdk/client.go @@ -0,0 +1,182 @@ +package dogecloudsdk + +import ( + "crypto/hmac" + "crypto/sha1" + "encoding/hex" + "encoding/json" + "fmt" + "io" + "net/http" + "net/url" + "strings" +) + +const dogeHost = "https://api.dogecloud.com" + +type Client struct { + accessKey string + secretKey string +} + +func NewClient(accessKey, secretKey string) *Client { + return &Client{accessKey: accessKey, secretKey: secretKey} +} + +func (c *Client) UploadCdnCert(note, cert, private string) (*UploadCdnCertResponse, error) { + req := &UploadCdnCertRequest{ + Note: note, + Certificate: cert, + PrivateKey: private, + } + + reqBts, err := json.Marshal(req) + if err != nil { + return nil, err + } + + reqMap := make(map[string]interface{}) + err = json.Unmarshal(reqBts, &reqMap) + if err != nil { + return nil, err + } + + respBts, err := c.sendReq(http.MethodPost, "cdn/cert/upload.json", reqMap, true) + if err != nil { + return nil, err + } + + resp := &UploadCdnCertResponse{} + err = json.Unmarshal(respBts, resp) + if err != nil { + return nil, err + } + if resp.Code != nil && *resp.Code != 0 && *resp.Code != 200 { + return nil, fmt.Errorf("dogecloud api error, code: %d, msg: %s", *resp.Code, *resp.Message) + } + + return resp, nil +} + +func (c *Client) BindCdnCertWithDomain(certId string, domain string) (*BindCdnCertResponse, error) { + req := &BindCdnCertRequest{ + CertId: certId, + Domain: &domain, + } + + reqBts, err := json.Marshal(req) + if err != nil { + return nil, err + } + + reqMap := make(map[string]interface{}) + err = json.Unmarshal(reqBts, &reqMap) + if err != nil { + return nil, err + } + + respBts, err := c.sendReq(http.MethodPost, "cdn/cert/bind.json", reqMap, true) + if err != nil { + return nil, err + } + + resp := &BindCdnCertResponse{} + err = json.Unmarshal(respBts, resp) + if err != nil { + return nil, err + } + if resp.Code != nil && *resp.Code != 0 && *resp.Code != 200 { + return nil, fmt.Errorf("dogecloud api error, code: %d, msg: %s", *resp.Code, *resp.Message) + } + + return resp, nil +} + +func (c *Client) BindCdnCertWithDomainId(certId string, domainId int32) (*BindCdnCertResponse, error) { + req := &BindCdnCertRequest{ + CertId: certId, + DomainId: &domainId, + } + + reqBts, err := json.Marshal(req) + if err != nil { + return nil, err + } + + reqMap := make(map[string]interface{}) + err = json.Unmarshal(reqBts, &reqMap) + if err != nil { + return nil, err + } + + respBts, err := c.sendReq(http.MethodPost, "cdn/cert/bind.json", reqMap, true) + if err != nil { + return nil, err + } + + resp := &BindCdnCertResponse{} + err = json.Unmarshal(respBts, resp) + if err != nil { + return nil, err + } + if resp.Code != nil && *resp.Code != 0 && *resp.Code != 200 { + return nil, fmt.Errorf("dogecloud api error, code: %d, msg: %s", *resp.Code, *resp.Message) + } + + return resp, nil +} + +// 调用多吉云的 API。 +// https://docs.dogecloud.com/cdn/api-access-token?id=go +// +// 入参: +// - method:GET 或 POST +// - path:是调用的 API 接口地址,包含 URL 请求参数 QueryString,例如:/console/vfetch/add.json?url=xxx&a=1&b=2 +// - data:POST 的数据,对象,例如 {a: 1, b: 2},传递此参数表示不是 GET 请求而是 POST 请求 +// - jsonMode:数据 data 是否以 JSON 格式请求,默认为 false 则使用表单形式(a=1&b=2) +func (c *Client) sendReq(method string, path string, data map[string]interface{}, jsonMode bool) ([]byte, error) { + body := "" + mime := "" + if jsonMode { + _body, err := json.Marshal(data) + if err != nil { + return nil, err + } + body = string(_body) + mime = "application/json" + } else { + values := url.Values{} + for k, v := range data { + values.Set(k, v.(string)) + } + body = values.Encode() + mime = "application/x-www-form-urlencoded" + } + + signStr := path + "\n" + body + hmacObj := hmac.New(sha1.New, []byte(c.secretKey)) + hmacObj.Write([]byte(signStr)) + sign := hex.EncodeToString(hmacObj.Sum(nil)) + auth := fmt.Sprintf("TOKEN %s:%s", c.accessKey, sign) + + req, err := http.NewRequest(method, fmt.Sprintf("%s/%s", dogeHost, path), strings.NewReader(body)) + if err != nil { + return nil, err + } + req.Header.Add("Content-Type", mime) + req.Header.Add("Authorization", auth) + + client := http.Client{} + resp, err := client.Do(req) + if err != nil { + return nil, err + } + defer resp.Body.Close() + + r, err := io.ReadAll(resp.Body) + if err != nil { + return nil, err + } + + return r, nil +} diff --git a/internal/pkg/vendors/dogecloud-sdk/models.go b/internal/pkg/vendors/dogecloud-sdk/models.go new file mode 100644 index 00000000..b721a00e --- /dev/null +++ b/internal/pkg/vendors/dogecloud-sdk/models.go @@ -0,0 +1,31 @@ +package dogecloudsdk + +type BaseResponse struct { + Code *int `json:"code,omitempty"` + Message *string `json:"msg,omitempty"` +} + +type UploadCdnCertRequest struct { + Note string `json:"note"` + Certificate string `json:"cert"` + PrivateKey string `json:"private"` +} + +type UploadCdnCertResponseData struct { + Id string `json:"id"` +} + +type UploadCdnCertResponse struct { + *BaseResponse + Data *UploadCdnCertResponseData `json:"data,omitempty"` +} + +type BindCdnCertRequest struct { + CertId string `json:"id"` + DomainId *int32 `json:"did,omitempty"` + Domain *string `json:"domain,omitempty"` +} + +type BindCdnCertResponse struct { + *BaseResponse +} diff --git a/internal/pkg/vendors/qiniu-sdk/client.go b/internal/pkg/vendors/qiniu-sdk/client.go index eceff741..2bfbcc12 100644 --- a/internal/pkg/vendors/qiniu-sdk/client.go +++ b/internal/pkg/vendors/qiniu-sdk/client.go @@ -12,7 +12,7 @@ import ( xhttp "github.com/usual2970/certimate/internal/utils/http" ) -const qiniuHost = "http://api.qiniu.com" +const qiniuHost = "https://api.qiniu.com" type Client struct { mac *auth.Credentials @@ -129,7 +129,7 @@ func (c *Client) UploadSslCert(name, commonName, pri, ca string) (*UploadSslCert return nil, err } if resp.Code != nil && *resp.Code != 0 && *resp.Code != 200 { - return nil, fmt.Errorf("code: %d, error: %s", *resp.Code, *resp.Error) + return nil, fmt.Errorf("qiniu api error, code: %d, error: %s", *resp.Code, *resp.Error) } return resp, nil diff --git a/internal/pkg/vendors/qiniu-sdk/models.go b/internal/pkg/vendors/qiniu-sdk/models.go index 433909e1..47eac05d 100644 --- a/internal/pkg/vendors/qiniu-sdk/models.go +++ b/internal/pkg/vendors/qiniu-sdk/models.go @@ -1,5 +1,10 @@ package qiniusdk +type BaseResponse struct { + Code *int `json:"code,omitempty"` + Error *string `json:"error,omitempty"` +} + type UploadSslCertRequest struct { Name string `json:"name"` CommonName string `json:"common_name"` @@ -8,9 +13,8 @@ type UploadSslCertRequest struct { } type UploadSslCertResponse struct { - Code *int `json:"code,omitempty"` - Error *string `json:"error,omitempty"` - CertID string `json:"certID"` + *BaseResponse + CertID string `json:"certID"` } type DomainInfoHttpsData struct { @@ -20,8 +24,7 @@ type DomainInfoHttpsData struct { } type GetDomainInfoResponse struct { - Code *int `json:"code,omitempty"` - Error *string `json:"error,omitempty"` + *BaseResponse Name string `json:"name"` Type string `json:"type"` CName string `json:"cname"` @@ -39,8 +42,7 @@ type ModifyDomainHttpsConfRequest struct { } type ModifyDomainHttpsConfResponse struct { - Code *int `json:"code,omitempty"` - Error *string `json:"error,omitempty"` + *BaseResponse } type EnableDomainHttpsRequest struct { @@ -48,6 +50,5 @@ type EnableDomainHttpsRequest struct { } type EnableDomainHttpsResponse struct { - Code *int `json:"code,omitempty"` - Error *string `json:"error,omitempty"` + *BaseResponse } diff --git a/ui/src/components/certimate/DeployEditDialog.tsx b/ui/src/components/certimate/DeployEditDialog.tsx index 140ca0b0..7256a7fb 100644 --- a/ui/src/components/certimate/DeployEditDialog.tsx +++ b/ui/src/components/certimate/DeployEditDialog.tsx @@ -21,6 +21,7 @@ import DeployToTencentTEO from "./DeployToTencentTEO"; import DeployToHuaweiCloudCDN from "./DeployToHuaweiCloudCDN"; import DeployToHuaweiCloudELB from "./DeployToHuaweiCloudELB"; import DeployToQiniuCDN from "./DeployToQiniuCDN"; +import DeployToDogeCloudCDN from "./DeployToDogeCloudCDN"; import DeployToLocal from "./DeployToLocal"; import DeployToSSH from "./DeployToSSH"; import DeployToWebhook from "./DeployToWebhook"; @@ -154,6 +155,9 @@ const DeployEditDialog = ({ trigger, deployConfig, onSave }: DeployEditDialogPro case "qiniu-cdn": childComponent = ; break; + case "dogecloud-cdn": + childComponent = ; + break; case "local": childComponent = ; break; diff --git a/ui/src/components/certimate/DeployToDogeCloudCDN.tsx b/ui/src/components/certimate/DeployToDogeCloudCDN.tsx new file mode 100644 index 00000000..5b0ff52d --- /dev/null +++ b/ui/src/components/certimate/DeployToDogeCloudCDN.tsx @@ -0,0 +1,68 @@ +import { useEffect } from "react"; +import { useTranslation } from "react-i18next"; +import { z } from "zod"; +import { produce } from "immer"; + +import { Input } from "@/components/ui/input"; +import { Label } from "@/components/ui/label"; +import { useDeployEditContext } from "./DeployEdit"; + +type DeployToDogeCloudCDNConfigParams = { + domain?: string; +}; + +const DeployToDogeCloudCDN = () => { + const { t } = useTranslation(); + + const { config, setConfig, errors, setErrors } = useDeployEditContext(); + + useEffect(() => { + if (!config.id) { + setConfig({ + ...config, + config: {}, + }); + } + }, []); + + useEffect(() => { + setErrors({}); + }, []); + + const formSchema = z.object({ + domain: z.string().regex(/^(?:\*\.)?([a-zA-Z0-9-]+\.)+[a-zA-Z]{2,}$/, { + message: t("common.errmsg.domain_invalid"), + }), + }); + + useEffect(() => { + const res = formSchema.safeParse(config.config); + setErrors({ + ...errors, + domain: res.error?.errors?.find((e) => e.path[0] === "domain")?.message, + }); + }, [config]); + + return ( +
+
+ + { + const nv = produce(config, (draft) => { + draft.config ??= {}; + draft.config.domain = e.target.value?.trim(); + }); + setConfig(nv); + }} + /> +
{errors?.domain}
+
+
+ ); +}; + +export default DeployToDogeCloudCDN; diff --git a/ui/src/domain/domain.ts b/ui/src/domain/domain.ts index 5e4786c4..aefc6677 100644 --- a/ui/src/domain/domain.ts +++ b/ui/src/domain/domain.ts @@ -86,6 +86,7 @@ export const deployTargetsMap: Map = new Map ["huaweicloud-cdn", "common.provider.huaweicloud.cdn", "/imgs/providers/huaweicloud.svg"], ["huaweicloud-elb", "common.provider.huaweicloud.elb", "/imgs/providers/huaweicloud.svg"], ["qiniu-cdn", "common.provider.qiniu.cdn", "/imgs/providers/qiniu.svg"], + ["dogecloud-cdn", "common.provider.dogecloud.cdn", "/imgs/providers/dogecloud.svg"], ["local", "common.provider.local", "/imgs/providers/local.svg"], ["ssh", "common.provider.ssh", "/imgs/providers/ssh.svg"], ["webhook", "common.provider.webhook", "/imgs/providers/webhook.svg"], diff --git a/ui/src/i18n/locales/en/nls.common.json b/ui/src/i18n/locales/en/nls.common.json index 66c63104..b872c7f0 100644 --- a/ui/src/i18n/locales/en/nls.common.json +++ b/ui/src/i18n/locales/en/nls.common.json @@ -71,6 +71,7 @@ "common.provider.qiniu": "Qiniu Cloud", "common.provider.qiniu.cdn": "Qiniu Cloud - CDN", "common.provider.dogecloud": "Doge Cloud", + "common.provider.dogecloud.cdn": "Doge Cloud - CDN", "common.provider.aws": "AWS", "common.provider.cloudflare": "Cloudflare", "common.provider.namesilo": "Namesilo", diff --git a/ui/src/i18n/locales/zh/nls.common.json b/ui/src/i18n/locales/zh/nls.common.json index aec122d2..462a771e 100644 --- a/ui/src/i18n/locales/zh/nls.common.json +++ b/ui/src/i18n/locales/zh/nls.common.json @@ -71,6 +71,7 @@ "common.provider.qiniu": "七牛云", "common.provider.qiniu.cdn": "七牛云 - 内容分发网络 CDN", "common.provider.dogecloud": "多吉云", + "common.provider.dogecloud.cdn": "多吉云 - 内容分发网络 CDN", "common.provider.aws": "AWS", "common.provider.cloudflare": "Cloudflare", "common.provider.namesilo": "Namesilo",