GuanM/certimate
1
0
Fork 0
mirror of https://github.com/usual2970/certimate.git synced 2025-06-09 05:59:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #247 from LeoChen98/feat-tencent-clb

Browse Source 
feat: add support for tencent CLB
This commit is contained in:
usual2970 2024-10-24 08:03:28 +08:00 committed by GitHub
commit 92a6b179d4
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
15 changed files with 436 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -74,7 +74,7 @@ make local.run
| 服务商 | 支持申请证书 | 支持部署证书 | 备注 |
| :--------: | :----------: | :----------: | ------------------------------------------------------------ |
| 阿里云 | √ | √ | 可签发在阿里云注册的域名;可部署到阿里云 OSS、CDN |
| 腾讯云 | √ | √ | 可签发在腾讯云注册的域名;可部署到腾讯云 CDN、COS |
| 腾讯云 | √ | √ | 可签发在腾讯云注册的域名;可部署到腾讯云 CDN、COS、CLB |
| 华为云 | √ | √ | 可签发在华为云注册的域名;可部署到华为云 CDN |
| 七牛云 | | √ | 可部署到七牛云 CDN |
| AWS | √ | | 可签发在 AWS Route53 托管的域名 |

2
README_EN.md
View File

@ -73,7 +73,7 @@ password1234567890
| Provider | Registration | Deployment | Remarks |
| :-----------: | :----------: | :--------: | ------------------------------------------------------------------------------------------- |
| Alibaba Cloud | √ | √ | Supports domains registered on Alibaba Cloud; supports deployment to Alibaba Cloud OSS, CDN |
| Tencent Cloud | √ | √ | Supports domains registered on Tencent Cloud; supports deployment to Tencent Cloud CDN, COS |
| Tencent Cloud | √ | √ | Supports domains registered on Tencent Cloud; supports deployment to Tencent Cloud CDN, COS, CLB |
| Huawei Cloud | √ | √ | Supports domains registered on Huawei Cloud; supports deployment to Huawei Cloud CDN |
| Qiniu Cloud | | √ | Supports deployment to Qiniu Cloud CDN |
| AWS | √ | | Supports domains managed on AWS Route53 |

3
internal/deployer/deployer.go
View File

@ -19,6 +19,7 @@ const (
targetAliyunCDN = "aliyun-cdn"
targetAliyunESA = "aliyun-dcdn"
targetTencentCDN = "tencent-cdn"
targetTencentCLB = "tencent-clb"
targetTencentCOS = "tencent-cos"
targetHuaweiCloudCDN = "huaweicloud-cdn"
targetQiniuCdn = "qiniu-cdn"
@ -106,6 +107,8 @@ func getWithDeployConfig(record *models.Record, cert *applicant.Certificate, dep
return NewAliyunESADeployer(option)
case targetTencentCDN:
return NewTencentCDNDeployer(option)
case targetTencentCLB:
return NewTencentCLBDeployer(option)
case targetTencentCOS:
return NewTencentCOSDeployer(option)
case targetHuaweiCloudCDN:

117
internal/deployer/tencent_clb.go Normal file
View File

@ -0,0 +1,117 @@
package deployer
import (
"context"
"encoding/json"
"fmt"
"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common"
"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile"
ssl "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205"
"github.com/usual2970/certimate/internal/domain"
"github.com/usual2970/certimate/internal/utils/rand"
)
type TencentCLBDeployer struct {
option *DeployerOption
credential *common.Credential
infos []string
}
func NewTencentCLBDeployer(option *DeployerOption) (Deployer, error) {
access := &domain.TencentAccess{}
if err := json.Unmarshal([]byte(option.Access), access); err != nil {
return nil, fmt.Errorf("failed to unmarshal tencent access: %w", err)
}
credential := common.NewCredential(
access.SecretId,
access.SecretKey,
)
return &TencentCLBDeployer{
option: option,
credential: credential,
infos: make([]string, 0),
}, nil
}
func (d *TencentCLBDeployer) GetID() string {
return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
}
func (d *TencentCLBDeployer) GetInfo() []string {
return d.infos
}
func (d *TencentCLBDeployer) Deploy(ctx context.Context) error {
// 上传证书
certId, err := d.uploadCert()
if err != nil {
return fmt.Errorf("failed to upload certificate: %w", err)
}
d.infos = append(d.infos, toStr("上传证书", certId))
if err := d.deploy(certId); err != nil {
return fmt.Errorf("failed to deploy: %w", err)
}
return nil
}
func (d *TencentCLBDeployer) uploadCert() (string, error) {
cpf := profile.NewClientProfile()
cpf.HttpProfile.Endpoint = "ssl.tencentcloudapi.com"
client, _ := ssl.NewClient(d.credential, "", cpf)
request := ssl.NewUploadCertificateRequest()
request.CertificatePublicKey = common.StringPtr(d.option.Certificate.Certificate)
request.CertificatePrivateKey = common.StringPtr(d.option.Certificate.PrivateKey)
request.Alias = common.StringPtr(d.option.Domain + "_" + rand.RandStr(6))
request.Repeatable = common.BoolPtr(false)
response, err := client.UploadCertificate(request)
if err != nil {
return "", fmt.Errorf("failed to upload certificate: %w", err)
}
return *response.Response.CertificateId, nil
}
func (d *TencentCLBDeployer) deploy(certId string) error {
cpf := profile.NewClientProfile()
cpf.HttpProfile.Endpoint = "ssl.tencentcloudapi.com"
// 实例化要请求产品的client对象,clientProfile是可选的
client, _ := ssl.NewClient(d.credential, getDeployString(d.option.DeployConfig, "region"), cpf)
// 实例化一个请求对象,每个接口都会对应一个request对象
request := ssl.NewDeployCertificateInstanceRequest()
request.CertificateId = common.StringPtr(certId)
request.ResourceType = common.StringPtr("clb")
request.Status = common.Int64Ptr(1)
clbId := getDeployString(d.option.DeployConfig, "clbId")
lsnId := getDeployString(d.option.DeployConfig, "lsnId")
domain := getDeployString(d.option.DeployConfig, "domain")
if(domain == ""){
// 未开启SNI只需要精确到监听器
request.InstanceIdList = common.StringPtrs([]string{fmt.Sprintf("%s|%s", clbId, lsnId)})
}else{
// 开启SNI需要精确到域名支持泛域名
request.InstanceIdList = common.StringPtrs([]string{fmt.Sprintf("%s|%s|%s", clbId, lsnId, domain)})
}
// 返回的resp是一个DeployCertificateInstanceResponse的实例与请求对象对应
resp, err := client.DeployCertificateInstance(request)
if err != nil {
return fmt.Errorf("failed to deploy certificate: %w", err)
}
d.infos = append(d.infos, toStr("部署证书", resp.Response))
return nil
}

0
internal/deployer/tencent-cos.go → internal/deployer/tencent_cos.go
View File

4
ui/src/components/certimate/DeployEditDialog.tsx
View File

@ -12,6 +12,7 @@ import { Context as DeployEditContext } from "./DeployEdit";
import DeployToAliyunOSS from "./DeployToAliyunOSS";
import DeployToAliyunCDN from "./DeployToAliyunCDN";
import DeployToTencentCDN from "./DeployToTencentCDN";
import DeployToTencentCLB from "./DeployToTencentCLB";
import DeployToTencentCOS from "./DeployToTencentCOS";
import DeployToHuaweiCloudCDN from "./DeployToHuaweiCloudCDN";
import DeployToQiniuCDN from "./DeployToQiniuCDN";
@ -119,6 +120,9 @@ const DeployEditDialog = ({ trigger, deployConfig, onSave }: DeployEditDialogPro
case "tencent-cdn":
childComponent = <DeployToTencentCDN />;
break;
case "tencent-clb":
childComponent = <DeployToTencentCLB />;
break;
case "tencent-cos":
childComponent = <DeployToTencentCOS />;
break;

2
ui/src/components/certimate/DeployToQiniuCDN.tsx
View File

@ -38,7 +38,7 @@ const DeployToQiniuCDN = () => {
return (
<div className="flex flex-col space-y-8">
<div>
<Label>{t("domain.deployment.form.domain.label")}</Label>
<Label>{t("domain.deployment.form.domain.label.wildsupported")}</Label>
<Input
placeholder={t("domain.deployment.form.domain.placeholder")}
className="w-full mt-1"

2
ui/src/components/certimate/DeployToTencentCDN.tsx
View File

@ -38,7 +38,7 @@ const DeployToTencentCDN = () => {
return (
<div className="flex flex-col space-y-8">
<div>
<Label>{t("domain.deployment.form.domain.label")}</Label>
<Label>{t("domain.deployment.form.domain.label.wildsupported")}</Label>
<Input
placeholder={t("domain.deployment.form.domain.placeholder")}
className="w-full mt-1"

251
ui/src/components/certimate/DeployToTencentCLB.tsx Normal file
View File

@ -0,0 +1,251 @@
import { useEffect } from "react";
import { useTranslation } from "react-i18next";
import { z } from "zod";
import { produce } from "immer";
import { Input } from "@/components/ui/input";
import { Label } from "@/components/ui/label";
import { useDeployEditContext } from "./DeployEdit";
const DeployToTencentCLB = () => {
const { deploy: data, setDeploy, error, setError } = useDeployEditContext();
const { t } = useTranslation();
useEffect(() => {
setError({});
}, []);
useEffect(() => {
const resp = domainSchema.safeParse(data.config?.domain);
if (!resp.success) {
setError({
...error,
domain: JSON.parse(resp.error.message)[0].message,
});
} else {
setError({
...error,
domain: "",
});
}
}, [data]);
useEffect(() => {
const clbIdresp = clbIdSchema.safeParse(data.config?.clbId);
if (!clbIdresp.success) {
setError({
...error,
clbId: JSON.parse(clbIdresp.error.message)[0].message,
});
} else {
setError({
...error,
clbId: "",
});
}
}, [data]);
useEffect(() => {
const lsnIdresp = lsnIdSchema.safeParse(data.config?.lsnId);
if (!lsnIdresp.success) {
setError({
...error,
lsnId: JSON.parse(lsnIdresp.error.message)[0].message,
});
} else {
setError({
...error,
lsnId: "",
});
}
}, [data]);
useEffect(() => {
const regionResp = regionSchema.safeParse(data.config?.region);
if (!regionResp.success) {
setError({
...error,
region: JSON.parse(regionResp.error.message)[0].message,
});
} else {
setError({
...error,
region: "",
});
}
}, []);
useEffect(() => {
if (!data.id) {
setDeploy({
...data,
config: {
lsnId: "",
clbId: "",
domain: "",
region: "",
},
});
}
}, []);
const regionSchema = z.string().regex(/^ap-[a-z]+$/, {
message: t("domain.deployment.form.clb_region.placeholder"),
});
const domainSchema = z.string().regex(/^$|^(?:\*\.)?([a-zA-Z0-9-]+\.)+[a-zA-Z]{2,}$/, {
message: t("common.errmsg.domain_invalid"),
});
const clbIdSchema = z.string().regex(/^lb-[a-zA-Z0-9]{8}$/, {
message: t("domain.deployment.form.clb_id.placeholder"),
});
const lsnIdSchema = z.string().regex(/^lbl-.{8}$/, {
message: t("domain.deployment.form.clb_listener.placeholder"),
});
return (
<div className="flex flex-col space-y-8">
<div>
<Label>{t("domain.deployment.form.clb_region.label")}</Label>
<Input
placeholder={t("domain.deployment.form.clb_region.placeholder")}
className="w-full mt-1"
value={data?.config?.region}
onChange={(e) => {
const temp = e.target.value;
const resp = regionSchema.safeParse(temp);
if (!resp.success) {
setError({
...error,
region: JSON.parse(resp.error.message)[0].message,
});
} else {
setError({
...error,
region: "",
});
}
const newData = produce(data, (draft) => {
if (!draft.config) {
draft.config = {};
}
draft.config.region = temp;
});
setDeploy(newData);
}}
/>
<div className="text-red-600 text-sm mt-1">{error?.region}</div>
</div>
<div>
<Label>{t("domain.deployment.form.clb_id.label")}</Label>
<Input
placeholder={t("domain.deployment.form.clb_id.placeholder")}
className="w-full mt-1"
value={data?.config?.clbId}
onChange={(e) => {
const temp = e.target.value;
const resp = clbIdSchema.safeParse(temp);
if (!resp.success) {
setError({
...error,
clbId: JSON.parse(resp.error.message)[0].message,
});
} else {
setError({
...error,
clbId: "",
});
}
const newData = produce(data, (draft) => {
if (!draft.config) {
draft.config = {};
}
draft.config.clbId = temp;
});
setDeploy(newData);
}}
/>
<div className="text-red-600 text-sm mt-1">{error?.clbId}</div>
</div>
<div>
<Label>{t("domain.deployment.form.clb_listener.label")}</Label>
<Input
placeholder={t("domain.deployment.form.clb_listener.placeholder")}
className="w-full mt-1"
value={data?.config?.lsnId}
onChange={(e) => {
const temp = e.target.value;
const resp = lsnIdSchema.safeParse(temp);
if (!resp.success) {
setError({
...error,
lsnId: JSON.parse(resp.error.message)[0].message,
});
} else {
setError({
...error,
lsnId: "",
});
}
const newData = produce(data, (draft) => {
if (!draft.config) {
draft.config = {};
}
draft.config.lsnId = temp;
});
setDeploy(newData);
}}
/>
<div className="text-red-600 text-sm mt-1">{error?.lsnId}</div>
</div>
<div>
<Label>{t("domain.deployment.form.clb_domain.label")}</Label>
<Input
placeholder={t("domain.deployment.form.clb_domain.placeholder")}
className="w-full mt-1"
value={data?.config?.domain}
onChange={(e) => {
const temp = e.target.value;
const resp = domainSchema.safeParse(temp);
if (!resp.success) {
setError({
...error,
domain: JSON.parse(resp.error.message)[0].message,
});
} else {
setError({
...error,
domain: "",
});
}
const newData = produce(data, (draft) => {
if (!draft.config) {
draft.config = {};
}
draft.config.domain = temp;
});
setDeploy(newData);
}}
/>
<div className="text-red-600 text-sm mt-1">{error?.domain}</div>
</div>
</div>
);
};
export default DeployToTencentCLB;

40
ui/src/components/certimate/DeployToTencentCOS.tsx
View File

@ -32,7 +32,7 @@ const DeployToTencentCOS = () => {
}, [data]);
useEffect(() => {
const bucketResp = bucketSchema.safeParse(data.config?.domain);
const bucketResp = bucketSchema.safeParse(data.config?.bucket);
if (!bucketResp.success) {
setError({
...error,
@ -46,6 +46,21 @@ const DeployToTencentCOS = () => {
}
}, []);
useEffect(() => {
const regionResp = regionSchema.safeParse(data.config?.region);
if (!regionResp.success) {
setError({
...error,
region: JSON.parse(regionResp.error.message)[0].message,
});
} else {
setError({
...error,
region: "",
});
}
}, []);
useEffect(() => {
if (!data.id) {
setDeploy({
@ -63,10 +78,14 @@ const DeployToTencentCOS = () => {
message: t("common.errmsg.domain_invalid"),
});
const bucketSchema = z.string().min(1, {
const regionSchema = z.string().regex(/^ap-[a-z]+$/, {
message: t("domain.deployment.form.cos_region.placeholder"),
});
const bucketSchema = z.string().regex(/^.+-\d+$/, {
message: t("domain.deployment.form.cos_bucket.placeholder"),
});
return (
<div className="flex flex-col space-y-8">
<div>
@ -78,6 +97,19 @@ const DeployToTencentCOS = () => {
onChange={(e) => {
const temp = e.target.value;
const resp = bucketSchema.safeParse(temp);
if (!resp.success) {
setError({
...error,
region: JSON.parse(resp.error.message)[0].message,
});
} else {
setError({
...error,
region: "",
});
}
const newData = produce(data, (draft) => {
if (!draft.config) {
draft.config = {};
@ -87,7 +119,7 @@ const DeployToTencentCOS = () => {
setDeploy(newData);
}}
/>
<div className="text-red-600 text-sm mt-1">{error?.endpoint}</div>
<div className="text-red-600 text-sm mt-1">{error?.region}</div>
</div>
<div>
@ -127,7 +159,7 @@ const DeployToTencentCOS = () => {
<div>
<Label>{t("domain.deployment.form.domain.label")}</Label>
<Input
placeholder={t("domain.deployment.form.domain.label")}
placeholder={t("domain.deployment.form.domain.placeholder")}
className="w-full mt-1"
value={data?.config?.domain}
onChange={(e) => {

1
ui/src/domain/domain.ts
View File

@ -75,6 +75,7 @@ export const deployTargetsMap: Map<DeployTarget["type"], DeployTarget> = new Map
["aliyun-cdn", "common.provider.aliyun.cdn", "/imgs/providers/aliyun.svg"],
["aliyun-dcdn", "common.provider.aliyun.dcdn", "/imgs/providers/aliyun.svg"],
["tencent-cdn", "common.provider.tencent.cdn", "/imgs/providers/tencent.svg"],
["tencent-clb", "common.provider.tencent.clb", "/imgs/providers/tencent.svg"],
["tencent-cos", "common.provider.tencent.cos", "/imgs/providers/tencent.svg"],
["huaweicloud-cdn", "common.provider.huaweicloud.cdn", "/imgs/providers/huaweicloud.svg"],
["qiniu-cdn", "common.provider.qiniu.cdn", "/imgs/providers/qiniu.svg"],

1
ui/src/i18n/locales/en/nls.common.json
View File

@ -58,6 +58,7 @@
"common.provider.aliyun.dcdn": "Alibaba Cloud - DCDN",
"common.provider.tencent": "Tencent",
"common.provider.tencent.cdn": "Tencent - CDN",
"common.provider.tencent.clb": "Tencent - CLB",
"common.provider.tencent.cos": "Tencent - COS",
"common.provider.huaweicloud": "Huawei Cloud",
"common.provider.huaweicloud.cdn": "Huawei Cloud - CDN",

9
ui/src/i18n/locales/en/nls.domain.json
View File

@ -58,7 +58,16 @@
"domain.deployment.form.cos_region.placeholder": "Please enter region, e.g. ap-guangzhou",
"domain.deployment.form.cos_bucket.label": "Bucket",
"domain.deployment.form.cos_bucket.placeholder": "Please enter bucket, e.g. example-1250000000",
"domain.deployment.form.clb_region.label": "region(please distinguish between region and availability zone)",
"domain.deployment.form.clb_region.placeholder": "Please enter region, e.g. ap-guangzhou",
"domain.deployment.form.clb_id.label": "CLB id",
"domain.deployment.form.clb_id.placeholder": "Please enter CLB id, e.g. lb-xxxxxxxx",
"domain.deployment.form.clb_listener.label": "Listener id",
"domain.deployment.form.clb_listener.placeholder": "Please enter listener id, e.g. lbl-xxxxxxxx. The specific listener should have set the corresponding domain HTTPS forwarding, and the original certificate domain should be consistent with the certificate to be deployed.",
"domain.deployment.form.clb_domain.label": "Deploy to domain (Wildcard domain is also supported)",
"domain.deployment.form.clb_domain.placeholder": "Please enter domain to be deployed. If SNI is not enabled, you can leave it blank.",
"domain.deployment.form.domain.label": "Deploy to domain (Single domain only, not wildcard domain)",
"domain.deployment.form.domain.label.wildsupported": "Deploy to domain (Wildcard domain is also supported)",
"domain.deployment.form.domain.placeholder": "Please enter domain to be deployed",
"domain.deployment.form.ssh_key_path.label": "Private Key Save Path",
"domain.deployment.form.ssh_key_path.placeholder": "Please enter private key save path",

1
ui/src/i18n/locales/zh/nls.common.json
View File

@ -54,6 +54,7 @@
"common.provider.tencent": "腾讯云",
"common.provider.tencent.cdn": "腾讯云 - CDN",
"common.provider.tencent.clb": "腾讯云 - CLB",
"common.provider.tencent.cos": "腾讯云 - COS",
"common.provider.aliyun": "阿里云",
"common.provider.aliyun.oss": "阿里云 - OSS",

9
ui/src/i18n/locales/zh/nls.domain.json
View File

@ -58,7 +58,16 @@
"domain.deployment.form.cos_region.placeholder": "请输入 region, 如 ap-guangzhou",
"domain.deployment.form.cos_bucket.label": "存储桶",
"domain.deployment.form.cos_bucket.placeholder": "请输入存储桶名, 如 example-1250000000",
"domain.deployment.form.clb_region.label": "region(地域, 请准确区分地域和可用区)",
"domain.deployment.form.clb_region.placeholder": "请输入 region, 如 ap-guangzhou",
"domain.deployment.form.clb_id.label": "CLB id",
"domain.deployment.form.clb_id.placeholder": "请输入CLB实例id, 如 lb-xxxxxxxx",
"domain.deployment.form.clb_listener.label": "监听器 id(对应监听器应已设置对应域名HTTPS转发, 且原证书对应域名应与待部署证书的一致)",
"domain.deployment.form.clb_listener.placeholder": "请输入监听器id, 如 lbl-xxxxxxxx",
"domain.deployment.form.clb_domain.label": "部署到域名(支持泛域名)",
"domain.deployment.form.clb_domain.placeholder": "请输入部署到的域名, 如未开启SNI, 可置空忽略此项",
"domain.deployment.form.domain.label": "部署到域名(仅支持单个域名;不支持泛域名)",
"domain.deployment.form.domain.label.wildsupported": "部署到域名(支持泛域名)",
"domain.deployment.form.domain.placeholder": "请输入部署到的域名",
"domain.deployment.form.ssh_key_path.label": "私钥保存路径",
"domain.deployment.form.ssh_key_path.placeholder": "请输入私钥保存路径",