feat: new acme dns-01 provider: digitalocean

2025-06-07 21:19:51 +00:00 · 2025-05-26 13:29:48 +08:00 · 2025-05-26 13:29:48 +08:00 · 40f4488009
commit 40f4488009
parent 4c13a3e86a
13 changed files with 135 additions and 0 deletions
--- a/internal/applicant/providers.go
+++ b/internal/applicant/providers.go
@ -17,6 +17,7 @@ import (
 	pClouDNS "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/cloudns"
 	pCMCCCloud "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/cmcccloud"
 	pDeSEC "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/desec"
+	pDigitalOcean "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/digitalocean"
 	pDNSLA "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/dnsla"
 	pDynv6 "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/dynv6"
 	pGcore "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/gcore"
@ -247,6 +248,21 @@ func createApplicantProvider(options *applicantProviderOptions) (challenge.Provi
 			return applicant, err
 		}

+	case domain.ACMEDns01ProviderTypeDigitalOcean:
+		{
+			access := domain.AccessConfigForDigitalOcean{}
+			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
+				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
+			}
+
+			applicant, err := pDigitalOcean.NewChallengeProvider(&pDigitalOcean.ChallengeProviderConfig{
+				AccessToken:           access.AccessToken,
+				DnsPropagationTimeout: options.DnsPropagationTimeout,
+				DnsTTL:                options.DnsTTL,
+			})
+			return applicant, err
+		}
+
 	case domain.ACMEDns01ProviderTypeDNSLA:
 		{
 			access := domain.AccessConfigForDNSLA{}
--- a/internal/domain/access.go
+++ b/internal/domain/access.go
@ -112,6 +112,10 @@ type AccessConfigForDeSEC struct {
 	Token string `json:"token"`
 }

+type AccessConfigForDigitalOcean struct {
+	AccessToken string `json:"accessToken"`
+}
+
 type AccessConfigForDingTalkBot struct {
 	WebhookUrl string `json:"webhookUrl"`
 	Secret     string `json:"secret"`
--- a/internal/domain/provider.go
+++ b/internal/domain/provider.go
@ -31,6 +31,7 @@ const (
 	AccessProviderTypeCTCCCloud           = AccessProviderType("ctcccloud") // 天翼云（预留）
 	AccessProviderTypeCUCCCloud           = AccessProviderType("cucccloud") // 联通云（预留）
 	AccessProviderTypeDeSEC               = AccessProviderType("desec")
+	AccessProviderTypeDigitalOcean        = AccessProviderType("digitalocean")
 	AccessProviderTypeDingTalkBot         = AccessProviderType("dingtalkbot")
 	AccessProviderTypeDNSLA               = AccessProviderType("dnsla")
 	AccessProviderTypeDogeCloud           = AccessProviderType("dogecloud")
@ -127,6 +128,7 @@ const (
 	ACMEDns01ProviderTypeClouDNS         = ACMEDns01ProviderType(AccessProviderTypeClouDNS)
 	ACMEDns01ProviderTypeCMCCCloud       = ACMEDns01ProviderType(AccessProviderTypeCMCCCloud)
 	ACMEDns01ProviderTypeDeSEC           = ACMEDns01ProviderType(AccessProviderTypeDeSEC)
+	ACMEDns01ProviderTypeDigitalOcean    = ACMEDns01ProviderType(AccessProviderTypeDigitalOcean)
 	ACMEDns01ProviderTypeDNSLA           = ACMEDns01ProviderType(AccessProviderTypeDNSLA)
 	ACMEDns01ProviderTypeDynv6           = ACMEDns01ProviderType(AccessProviderTypeDynv6)
 	ACMEDns01ProviderTypeGcore           = ACMEDns01ProviderType(AccessProviderTypeGcore)
--- a/internal/pkg/core/applicant/acme-dns-01/lego-providers/digitalocean/digitalocean.go
+++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/digitalocean/digitalocean.go
@ -0,0 +1,36 @@
+package namedotcom
+
+import (
+	"time"
+
+	"github.com/go-acme/lego/v4/challenge"
+	"github.com/go-acme/lego/v4/providers/dns/digitalocean"
+)
+
+type ChallengeProviderConfig struct {
+	AccessToken           string `json:"accessToken"`
+	DnsPropagationTimeout int32  `json:"dnsPropagationTimeout,omitempty"`
+	DnsTTL                int32  `json:"dnsTTL,omitempty"`
+}
+
+func NewChallengeProvider(config *ChallengeProviderConfig) (challenge.Provider, error) {
+	if config == nil {
+		panic("config is nil")
+	}
+
+	providerConfig := digitalocean.NewDefaultConfig()
+	providerConfig.AuthToken = config.AccessToken
+	if config.DnsPropagationTimeout != 0 {
+		providerConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second
+	}
+	if config.DnsTTL != 0 {
+		providerConfig.TTL = int(config.DnsTTL)
+	}
+
+	provider, err := digitalocean.NewDNSProviderConfig(providerConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	return provider, nil
+}
--- a/ui/public/imgs/providers/digitalocean.svg
+++ b/ui/public/imgs/providers/digitalocean.svg
@ -0,0 +1 @@
+<svg version="1.2" xmlns="http://www.w3.org/2000/svg" viewBox="-16 -16 1600 1600" width="200" height="200"><path fill-rule="evenodd" fill="#0069ff" d="m784.5 1562v-302.5c322.4 0 570.3-317.3 447.3-655-44.7-124.3-145.4-224.5-270.2-269-339.2-122.5-657.8 126.1-657.8 445.3h-303.8c0-510.3 495.7-909.2 1032.4-742.2 234.8 72.3 421.2 259.7 495.7 493.6 167.7 536.2-231.1 1029.8-743.6 1029.8zm-301.9-601.2h301.9v300.6h-301.9zm-232.9 300.6h232.9v231.9h-232.9zm-195.6 0.1v-193h193.8v193z"/></svg>
--- a/ui/src/components/access/AccessForm.tsx
+++ b/ui/src/components/access/AccessForm.tsx
@ -29,6 +29,7 @@ import AccessFormCloudflareConfig from "./AccessFormCloudflareConfig";
 import AccessFormClouDNSConfig from "./AccessFormClouDNSConfig";
 import AccessFormCMCCCloudConfig from "./AccessFormCMCCCloudConfig";
 import AccessFormDeSECConfig from "./AccessFormDeSECConfig";
+import AccessFormDigitalOceanConfig from "./AccessFormDigitalOceanConfig";
 import AccessFormDingTalkBotConfig from "./AccessFormDingTalkBotConfig";
 import AccessFormDNSLAConfig from "./AccessFormDNSLAConfig";
 import AccessFormDogeCloudConfig from "./AccessFormDogeCloudConfig";
@ -216,6 +217,8 @@ const AccessForm = forwardRef<AccessFormInstance, AccessFormProps>(({ className,
        return <AccessFormCMCCCloudConfig {...nestedFormProps} />;
      case ACCESS_PROVIDERS.DESEC:
        return <AccessFormDeSECConfig {...nestedFormProps} />;
+      case ACCESS_PROVIDERS.DIGITALOCEAN:
+        return <AccessFormDigitalOceanConfig {...nestedFormProps} />;
      case ACCESS_PROVIDERS.DINGTALKBOT:
        return <AccessFormDingTalkBotConfig {...nestedFormProps} />;
      case ACCESS_PROVIDERS.DNSLA:
--- a/ui/src/components/access/AccessFormDigitalOceanConfig.tsx
+++ b/ui/src/components/access/AccessFormDigitalOceanConfig.tsx
@ -0,0 +1,57 @@
+import { useTranslation } from "react-i18next";
+import { Form, type FormInstance, Input } from "antd";
+import { createSchemaFieldRule } from "antd-zod";
+import { z } from "zod";
+
+import { type AccessConfigForDigitalOcean } from "@/domain/access";
+
+type AccessFormDigitalOceanConfigFieldValues = Nullish<AccessConfigForDigitalOcean>;
+
+export type AccessFormDigitalOceanConfigProps = {
+  form: FormInstance;
+  formName: string;
+  disabled?: boolean;
+  initialValues?: AccessFormDigitalOceanConfigFieldValues;
+  onValuesChange?: (values: AccessFormDigitalOceanConfigFieldValues) => void;
+};
+
+const initFormModel = (): AccessFormDigitalOceanConfigFieldValues => {
+  return {
+    accessToken: "",
+  };
+};
+
+const AccessFormDigitalOceanConfig = ({ form: formInst, formName, disabled, initialValues, onValuesChange }: AccessFormDigitalOceanConfigProps) => {
+  const { t } = useTranslation();
+
+  const formSchema = z.object({
+    accessToken: z.string().nonempty(t("access.form.digitalocean_access_token.placeholder")).trim(),
+  });
+  const formRule = createSchemaFieldRule(formSchema);
+
+  const handleFormChange = (_: unknown, values: z.infer<typeof formSchema>) => {
+    onValuesChange?.(values);
+  };
+
+  return (
+    <Form
+      form={formInst}
+      disabled={disabled}
+      initialValues={initialValues ?? initFormModel()}
+      layout="vertical"
+      name={formName}
+      onValuesChange={handleFormChange}
+    >
+      <Form.Item
+        name="accessToken"
+        label={t("access.form.digitalocean_access_token.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.digitalocean_access_token.tooltip") }}></span>}
+      >
+        <Input.Password autoComplete="new-password" placeholder={t("access.form.digitalocean_access_token.placeholder")} />
+      </Form.Item>
+    </Form>
+  );
+};
+
+export default AccessFormDigitalOceanConfig;
--- a/ui/src/domain/access.ts
+++ b/ui/src/domain/access.ts
@ -170,6 +170,10 @@ export type AccessConfigForDeSEC = {
  token: string;
 };

+export type AccessConfigForDigitalOcean = {
+  accessToken: string;
+};
+
 export type AccessConfigForDingTalkBot = {
  webhookUrl: string;
  secret?: string;
--- a/ui/src/domain/provider.ts
+++ b/ui/src/domain/provider.ts
@ -23,6 +23,7 @@ export const ACCESS_PROVIDERS = Object.freeze({
  CLOUDNS: "cloudns",
  CMCCCLOUD: "cmcccloud",
  DESEC: "desec",
+  DIGITALOCEAN: "digitalocean",
  DINGTALKBOT: "dingtalkbot",
  DNSLA: "dnsla",
  DOGECLOUD: "dogecloud",
@ -139,6 +140,7 @@ export const accessProvidersMap: Map<AccessProvider["type"] | string, AccessProv
    [ACCESS_PROVIDERS.CLOUDFLARE, "provider.cloudflare", "/imgs/providers/cloudflare.svg", [ACCESS_USAGES.DNS]],
    [ACCESS_PROVIDERS.CLOUDNS, "provider.cloudns", "/imgs/providers/cloudns.png", [ACCESS_USAGES.DNS]],
    [ACCESS_PROVIDERS.DESEC, "provider.desec", "/imgs/providers/desec.svg", [ACCESS_USAGES.DNS]],
+    [ACCESS_PROVIDERS.DIGITALOCEAN, "provider.digitalocean", "/imgs/providers/digitalocean.svg", [ACCESS_USAGES.DNS]],
    [ACCESS_PROVIDERS.DNSLA, "provider.dnsla", "/imgs/providers/dnsla.svg", [ACCESS_USAGES.DNS]],
    [ACCESS_PROVIDERS.DYNV6, "provider.dynv6", "/imgs/providers/dynv6.svg", [ACCESS_USAGES.DNS]],
    [ACCESS_PROVIDERS.GNAME, "provider.gname", "/imgs/providers/gname.png", [ACCESS_USAGES.DNS]],
@ -255,6 +257,7 @@ export const ACME_DNS01_PROVIDERS = Object.freeze({
  CLOUDNS: `${ACCESS_PROVIDERS.CLOUDNS}`,
  CMCCCLOUD: `${ACCESS_PROVIDERS.CMCCCLOUD}`,
  DESEC: `${ACCESS_PROVIDERS.DESEC}`,
+  DIGITALOCEAN: `${ACCESS_PROVIDERS.DIGITALOCEAN}`,
  DNSLA: `${ACCESS_PROVIDERS.DNSLA}`,
  DYNV6: `${ACCESS_PROVIDERS.DYNV6}`,
  GCORE: `${ACCESS_PROVIDERS.GCORE}`,
@ -312,6 +315,7 @@ export const acmeDns01ProvidersMap: Map<ACMEDns01Provider["type"] | string, ACME
    [ACME_DNS01_PROVIDERS.CLOUDFLARE, "provider.cloudflare"],
    [ACME_DNS01_PROVIDERS.CLOUDNS, "provider.cloudns"],
    [ACME_DNS01_PROVIDERS.DESEC, "provider.desec"],
+    [ACME_DNS01_PROVIDERS.DIGITALOCEAN, "provider.digitalocean"],
    [ACME_DNS01_PROVIDERS.DNSLA, "provider.dnsla"],
    [ACME_DNS01_PROVIDERS.DYNV6, "provider.dynv6"],
    [ACME_DNS01_PROVIDERS.GCORE, "provider.gcore"],
--- a/ui/src/i18n/locales/en/nls.access.json
+++ b/ui/src/i18n/locales/en/nls.access.json
@ -152,6 +152,9 @@
  "access.form.desec_token.label": "deSEC token",
  "access.form.desec_token.placeholder": "Please enter deSEC token",
  "access.form.desec_token.tooltip": "For more information, see <a href=\"https://desec.readthedocs.io/en/latest/auth/tokens.html#manage-tokens\" target=\"_blank\">https://desec.readthedocs.io/en/latest/auth/tokens.html</a>",
+  "access.form.digitalocean_access_token.label": "DigitalOcean access token",
+  "access.form.digitalocean_access_token.placeholder": "Please enter DigitalOcean access token",
+  "access.form.digitalocean_access_token.tooltip": "For more information, see <a href=\"https://docs.digitalocean.com/reference/api/create-personal-access-token/\" target=\"_blank\">https://docs.digitalocean.com/reference/api/create-personal-access-token/</a>",
  "access.form.dingtalkbot_webhook_url.label": "DingTalk bot Webhook URL",
  "access.form.dingtalkbot_webhook_url.placeholder": "Please enter DingTalk bot Webhook URL",
  "access.form.dingtalkbot_webhook_url.tooltip": "For more information, see <a href=\"https://open.dingtalk.com/document/orgapp/obtain-the-webhook-address-of-a-custom-robot\" target=\"_blank\">https://open.dingtalk.com/document/orgapp/obtain-the-webhook-address-of-a-custom-robot</a>",
--- a/ui/src/i18n/locales/en/nls.provider.json
+++ b/ui/src/i18n/locales/en/nls.provider.json
@ -58,6 +58,7 @@
  "provider.ctcccloud": "China Telecom Cloud (State Cloud)",
  "provider.cucccloud": "China Unicom Cloud",
  "provider.desec": "deSEC",
+  "provider.digitalocean": "DigitalOcean",
  "provider.dingtalkbot": "DingTalk Bot",
  "provider.dnsla": "DNS.LA",
  "provider.dogecloud": "Doge Cloud",
--- a/ui/src/i18n/locales/zh/nls.access.json
+++ b/ui/src/i18n/locales/zh/nls.access.json
@ -146,6 +146,9 @@
  "access.form.desec_token.label": "deSEC Token",
  "access.form.desec_token.placeholder": "请输入 deSEC Token",
  "access.form.desec_token.tooltip": "这是什么？请参阅 <a href=\"https://desec.readthedocs.io/en/latest/auth/tokens.html#manage-tokens\" target=\"_blank\">https://desec.readthedocs.io/en/latest/auth/tokens.html</a>",
+  "access.form.digitalocean_access_token.label": "DigitalOcean Access Token",
+  "access.form.digitalocean_access_token.placeholder": "请输入 DigitalOcean Access Token",
+  "access.form.digitalocean_access_token.tooltip": "这是什么？请参阅 <a href=\"https://docs.digitalocean.com/reference/api/create-personal-access-token/\" target=\"_blank\">https://docs.digitalocean.com/reference/api/create-personal-access-token/</a>",
  "access.form.dingtalkbot_webhook_url.label": "钉钉群机器人 Webhook 地址",
  "access.form.dingtalkbot_webhook_url.placeholder": "请输入钉钉群机器人 Webhook 地址",
  "access.form.dingtalkbot_webhook_url.tooltip": "这是什么？请参阅 <a href=\"https://open.dingtalk.com/document/orgapp/obtain-the-webhook-address-of-a-custom-robot\" target=\"_blank\">https://open.dingtalk.com/document/orgapp/obtain-the-webhook-address-of-a-custom-robot</a>",
--- a/ui/src/i18n/locales/zh/nls.provider.json
+++ b/ui/src/i18n/locales/zh/nls.provider.json
@ -58,6 +58,7 @@
  "provider.ctcccloud": "联通云",
  "provider.cucccloud": "天翼云",
  "provider.desec": "deSEC",
+  "provider.digitalocean": "DigitalOcean",
  "provider.dingtalkbot": "钉钉群机器人",
  "provider.dnsla": "DNS.LA",
  "provider.dogecloud": "多吉云",
				`@ -0,0 +1 @@`
				`<svg version="1.2" xmlns="http://www.w3.org/2000/svg" viewBox="-16 -16 1600 1600" width="200" height="200"><path fill-rule="evenodd" fill="#0069ff" d="m784.5 1562v-302.5c322.4 0 570.3-317.3 447.3-655-44.7-124.3-145.4-224.5-270.2-269-339.2-122.5-657.8 126.1-657.8 445.3h-303.8c0-510.3 495.7-909.2 1032.4-742.2 234.8 72.3 421.2 259.7 495.7 493.6 167.7 536.2-231.1 1029.8-743.6 1029.8zm-301.9-601.2h301.9v300.6h-301.9zm-232.9 300.6h232.9v231.9h-232.9zm-195.6 0.1v-193h193.8v193z"/></svg>`