validity duration

2025-06-08 13:39:53 +00:00 · 2024-11-18 20:03:11 +08:00 · 2024-11-18 20:03:11 +08:00 · 81e1e4a7ff
commit 81e1e4a7ff
parent 9b5256716f
1 changed files with 36 additions and 24 deletions
--- a/internal/domains/deploy.go
+++ b/internal/domains/deploy.go
@ -2,13 +2,12 @@ package domains

 import (
 	"context"
+	"crypto/ecdsa"
+	"crypto/rsa"
 	"fmt"
 	"strings"
 	"time"

-	"crypto/rsa"
-	"crypto/ecdsa"
-
 	"github.com/pocketbase/pocketbase/models"

 	"golang.org/x/exp/slices"
@ -29,6 +28,8 @@ const (
 	deployPhase Phase = "deploy"
 )

+const validityDuration = time.Hour * 24 * 10
+
 func deploy(ctx context.Context, record *models.Record) error {
 	defer func() {
 		if r := recover(); r != nil {
@ -57,7 +58,7 @@ func deploy(ctx context.Context, record *models.Record) error {
 	// 检查证书是否包含设置的所有域名
 	changed := isCertChanged(cert, currRecord)

-	if cert != "" && time.Until(expiredAt) > time.Hour*24*10 && currRecord.GetBool("deployed") && !changed {
+	if cert != "" && time.Until(expiredAt) > validityDuration && currRecord.GetBool("deployed") && !changed {
 		app.GetApp().Logger().Info("证书在有效期内")
 		history.record(checkPhase, "证书在有效期内且已部署，跳过", &RecordInfo{
 			Info: []string{fmt.Sprintf("证书有效期至 %s", expiredAt.Format("2006-01-02"))},
@ -72,7 +73,7 @@ func deploy(ctx context.Context, record *models.Record) error {
 	// ############2.申请证书
 	history.record(applyPhase, "开始申请", nil)

-	if cert != "" && time.Until(expiredAt) > time.Hour*24 && !changed {
+	if cert != "" && time.Until(expiredAt) > validityDuration && !changed {
 		history.record(applyPhase, "证书在有效期内，跳过", &RecordInfo{
 			Info: []string{fmt.Sprintf("证书有效期至 %s", expiredAt.Format("2006-01-02"))},
 		})
@ -158,7 +159,6 @@ func isCertChanged(certificate string, record *models.Record) bool {
 	applyConfig := &domain.ApplyConfig{}
 	record.UnmarshalJSONField("applyConfig", applyConfig)

-	
 	// 检查证书加密算法是否变更
 	switch pubkey := cert.PublicKey.(type) {
 	case *rsa.PublicKey:
@ -166,26 +166,38 @@ func isCertChanged(certificate string, record *models.Record) bool {
 		switch bitSize {
 		case 2048:
 			// RSA2048
-		  if applyConfig.KeyAlgorithm != "" && applyConfig.KeyAlgorithm != "RSA2048" { return true }
+			if applyConfig.KeyAlgorithm != "" && applyConfig.KeyAlgorithm != "RSA2048" {
+				return true
+			}
 		case 3072:
 			// RSA3072
-		  if applyConfig.KeyAlgorithm != "RSA3072" { return true }
+			if applyConfig.KeyAlgorithm != "RSA3072" {
+				return true
+			}
 		case 4096:
 			// RSA4096
-		  if applyConfig.KeyAlgorithm != "RSA4096" { return true }
+			if applyConfig.KeyAlgorithm != "RSA4096" {
+				return true
+			}
 		case 8192:
 			// RSA8192
-		  if applyConfig.KeyAlgorithm != "RSA8192" { return true }
+			if applyConfig.KeyAlgorithm != "RSA8192" {
+				return true
+			}
 		}
 	case *ecdsa.PublicKey:
 		bitSize := pubkey.Curve.Params().BitSize
 		switch bitSize {
 		case 256:
 			// EC256
-		  if applyConfig.KeyAlgorithm != "EC256" { return true }
+			if applyConfig.KeyAlgorithm != "EC256" {
+				return true
+			}
 		case 384:
 			// EC384
-		  if applyConfig.KeyAlgorithm != "EC384" { return true }
+			if applyConfig.KeyAlgorithm != "EC384" {
+				return true
+			}
 		}
 	}