From 81e1e4a7fffe1a0d5efe97f3388e3ec31bf6c2f9 Mon Sep 17 00:00:00 2001 From: yoan <536464346@qq.com> Date: Mon, 18 Nov 2024 20:03:11 +0800 Subject: [PATCH] validity duration --- internal/domains/deploy.go | 60 +++++++++++++++++++++++--------------- 1 file changed, 36 insertions(+), 24 deletions(-) diff --git a/internal/domains/deploy.go b/internal/domains/deploy.go index 8b24c263..d664ecf3 100644 --- a/internal/domains/deploy.go +++ b/internal/domains/deploy.go @@ -2,13 +2,12 @@ package domains import ( "context" + "crypto/ecdsa" + "crypto/rsa" "fmt" "strings" "time" - "crypto/rsa" - "crypto/ecdsa" - "github.com/pocketbase/pocketbase/models" "golang.org/x/exp/slices" @@ -29,6 +28,8 @@ const ( deployPhase Phase = "deploy" ) +const validityDuration = time.Hour * 24 * 10 + func deploy(ctx context.Context, record *models.Record) error { defer func() { if r := recover(); r != nil { @@ -57,7 +58,7 @@ func deploy(ctx context.Context, record *models.Record) error { // 检查证书是否包含设置的所有域名 changed := isCertChanged(cert, currRecord) - if cert != "" && time.Until(expiredAt) > time.Hour*24*10 && currRecord.GetBool("deployed") && !changed { + if cert != "" && time.Until(expiredAt) > validityDuration && currRecord.GetBool("deployed") && !changed { app.GetApp().Logger().Info("证书在有效期内") history.record(checkPhase, "证书在有效期内且已部署,跳过", &RecordInfo{ Info: []string{fmt.Sprintf("证书有效期至 %s", expiredAt.Format("2006-01-02"))}, @@ -72,7 +73,7 @@ func deploy(ctx context.Context, record *models.Record) error { // ############2.申请证书 history.record(applyPhase, "开始申请", nil) - if cert != "" && time.Until(expiredAt) > time.Hour*24 && !changed { + if cert != "" && time.Until(expiredAt) > validityDuration && !changed { history.record(applyPhase, "证书在有效期内,跳过", &RecordInfo{ Info: []string{fmt.Sprintf("证书有效期至 %s", expiredAt.Format("2006-01-02"))}, }) @@ -158,35 +159,46 @@ func isCertChanged(certificate string, record *models.Record) bool { applyConfig := &domain.ApplyConfig{} record.UnmarshalJSONField("applyConfig", applyConfig) - // 检查证书加密算法是否变更 switch pubkey := cert.PublicKey.(type) { case *rsa.PublicKey: - bitSize := pubkey.N.BitLen() - switch bitSize { + bitSize := pubkey.N.BitLen() + switch bitSize { case 2048: - // RSA2048 - if applyConfig.KeyAlgorithm != "" && applyConfig.KeyAlgorithm != "RSA2048" { return true } + // RSA2048 + if applyConfig.KeyAlgorithm != "" && applyConfig.KeyAlgorithm != "RSA2048" { + return true + } case 3072: - // RSA3072 - if applyConfig.KeyAlgorithm != "RSA3072" { return true } + // RSA3072 + if applyConfig.KeyAlgorithm != "RSA3072" { + return true + } case 4096: - // RSA4096 - if applyConfig.KeyAlgorithm != "RSA4096" { return true } + // RSA4096 + if applyConfig.KeyAlgorithm != "RSA4096" { + return true + } case 8192: - // RSA8192 - if applyConfig.KeyAlgorithm != "RSA8192" { return true } - } + // RSA8192 + if applyConfig.KeyAlgorithm != "RSA8192" { + return true + } + } case *ecdsa.PublicKey: - bitSize := pubkey.Curve.Params().BitSize - switch bitSize { + bitSize := pubkey.Curve.Params().BitSize + switch bitSize { case 256: - // EC256 - if applyConfig.KeyAlgorithm != "EC256" { return true } + // EC256 + if applyConfig.KeyAlgorithm != "EC256" { + return true + } case 384: - // EC384 - if applyConfig.KeyAlgorithm != "EC384" { return true } - } + // EC384 + if applyConfig.KeyAlgorithm != "EC384" { + return true + } + } } return false