fixed: not reapply when domain list changed

fixed #334
2025-06-19 10:50:13 +00:00 · 2024-11-13 18:52:29 +08:00 · 2024-11-13 18:52:29 +08:00 · 41bd321a4f
commit 41bd321a4f
parent 952e9687d0
1 changed files with 41 additions and 2 deletions
--- a/internal/domains/deploy.go
+++ b/internal/domains/deploy.go
@ -3,13 +3,18 @@ package domains
 import (
 	"context"
 	"fmt"
+	"strings"
 	"time"

 	"github.com/pocketbase/pocketbase/models"

+	"golang.org/x/exp/slices"
+
 	"github.com/usual2970/certimate/internal/applicant"
 	"github.com/usual2970/certimate/internal/deployer"
 	"github.com/usual2970/certimate/internal/utils/app"
+
+	"github.com/usual2970/certimate/internal/pkg/utils/x509"
 )

 type Phase string
@ -45,7 +50,10 @@ func deploy(ctx context.Context, record *models.Record) error {
 	cert := currRecord.GetString("certificate")
 	expiredAt := currRecord.GetDateTime("expiredAt").Time()

-	if cert != "" && time.Until(expiredAt) > time.Hour*24*10 && currRecord.GetBool("deployed") {
+	// 检查证书是否包含设置的所有域名
+	included := isAllDomainsIncludedInCert(cert, currRecord.GetString("domain"))
+
+	if cert != "" && time.Until(expiredAt) > time.Hour*24*10 && currRecord.GetBool("deployed") && included {
 		app.GetApp().Logger().Info("证书在有效期内")
 		history.record(checkPhase, "证书在有效期内且已部署，跳过", &RecordInfo{
 			Info: []string{fmt.Sprintf("证书有效期至 %s", expiredAt.Format("2006-01-02"))},
@ -60,7 +68,7 @@ func deploy(ctx context.Context, record *models.Record) error {
 	// ############2.申请证书
 	history.record(applyPhase, "开始申请", nil)

-	if cert != "" && time.Until(expiredAt) > time.Hour*24 {
+	if cert != "" && time.Until(expiredAt) > time.Hour*24 && included {
 		history.record(applyPhase, "证书在有效期内，跳过", &RecordInfo{
 			Info: []string{fmt.Sprintf("证书有效期至 %s", expiredAt.Format("2006-01-02"))},
 		})
@ -121,3 +129,34 @@ func deploy(ctx context.Context, record *models.Record) error {

 	return nil
 }
+
+func isAllDomainsIncludedInCert(certificate, domains string) bool {
+	// 如果证书为空，直接返回false
+	if certificate == "" {
+		return false
+	}
+
+	// 解析证书
+	cert, err := x509.ParseCertificateFromPEM(certificate)
+	if err != nil {
+		app.GetApp().Logger().Error("解析证书失败", "err", err)
+		return false
+	}
+
+	// 遍历域名列表，检查是否都在证书中，找到第一个不存在证书中域名时提前返回false
+	for _, domain := range strings.Split(domains, ";") {
+		if !slices.Contains(cert.DNSNames, domain) && !slices.Contains(cert.DNSNames, "*."+removeLastSubdomain(domain)) {
+			return false
+		}
+	}
+
+	return true
+}
+
+func removeLastSubdomain(domain string) string {
+	parts := strings.Split(domain, ".")
+	if len(parts) > 1 {
+		return strings.Join(parts[1:], ".")
+	}
+	return domain
+}