feat: add volcengine cdn deployer

2025-10-04 21:44:54 +00:00 · 2024-11-14 13:39:23 +08:00
parent 2bacf76664
commit 9eae8f5077
10 changed files with 309 additions and 4 deletions
--- a/internal/pkg/core/uploader/providers/volcengine-cdn/volcengine_cdn.go
+++ b/internal/pkg/core/uploader/providers/volcengine-cdn/volcengine_cdn.go
@@ -0,0 +1,111 @@
+package volcenginecdn
+
+import (
+	"context"
+	"crypto/sha256"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"time"
+
+	xerrors "github.com/pkg/errors"
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	"github.com/usual2970/certimate/internal/pkg/utils/x509"
+	"github.com/volcengine/volc-sdk-golang/service/cdn"
+)
+
+type VolcengineCDNUploaderConfig struct {
+	AccessKeyId     string `json:"accessKeyId"`
+	AccessKeySecret string `json:"accessKeySecret"`
+}
+
+type VolcengineCDNUploader struct {
+	config    *VolcengineCDNUploaderConfig
+	sdkClient *cdn.CDN
+}
+
+var _ uploader.Uploader = (*VolcengineCDNUploader)(nil)
+
+func New(config *VolcengineCDNUploaderConfig) (*VolcengineCDNUploader, error) {
+	if config == nil {
+		return nil, errors.New("config is nil")
+	}
+
+	instance := cdn.NewInstance()
+	client := instance.Client
+	client.SetAccessKey(config.AccessKeyId)
+	client.SetSecretKey(config.AccessKeySecret)
+
+	return &VolcengineCDNUploader{
+		config:    config,
+		sdkClient: instance,
+	}, nil
+}
+
+func (u *VolcengineCDNUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
+	// 解析证书内容
+	certX509, err := x509.ParseCertificateFromPEM(certPem)
+	if err != nil {
+		return nil, err
+	}
+	// 查询证书列表，避免重复上传
+	// REF: https://www.volcengine.com/docs/6454/125709
+	pageNum := int64(1)
+	pageSize := int64(100)
+	certSource := "volc_cert_center"
+	listCertReq := &cdn.ListCertInfoRequest{
+		PageNum:  &pageNum,
+		PageSize: &pageSize,
+		Source:   certSource,
+	}
+	searchTotal := 0
+	for {
+		listCertResp, err := u.sdkClient.ListCertInfo(listCertReq)
+		if err != nil {
+			return nil, xerrors.Wrap(err, "failed to execute sdk request 'cdn.ListCertInfo'")
+		}
+
+		if listCertResp.Result.CertInfo != nil {
+			for _, certDetail := range listCertResp.Result.CertInfo {
+				hash := sha256.Sum256(certX509.Raw)
+				isSameCert := hex.EncodeToString(hash[:]) == certDetail.CertFingerprint.Sha256
+				// 如果已存在相同证书，直接返回已有的证书信息
+				if isSameCert {
+					return &uploader.UploadResult{
+						CertId:   certDetail.CertId,
+						CertName: certDetail.Desc,
+					}, nil
+				}
+			}
+		}
+
+		searchTotal += len(listCertResp.Result.CertInfo)
+		if int(listCertResp.Result.Total) > searchTotal {
+			pageNum++
+		} else {
+			break
+		}
+
+	}
+	// 生成新证书名（需符合火山引擎命名规则）
+	var certId, certName string
+	certName = fmt.Sprintf("certimate-%d", time.Now().UnixMilli())
+	// 上传新证书
+	// REF: https://www.volcengine.com/docs/6454/1245763
+	addCertificateReq := &cdn.AddCertificateRequest{
+		Certificate: certPem,
+		PrivateKey:  privkeyPem,
+		Source:      &certSource,
+		Desc:        &certName,
+	}
+	createCertResp, err := u.sdkClient.AddCertificate(addCertificateReq)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to execute sdk request 'cdn.AddCertificate'")
+	}
+
+	certId = createCertResp.Result.CertId
+	return &uploader.UploadResult{
+		CertId:   certId,
+		CertName: certName,
+	}, nil
+}