fix conflict

2025-10-04 21:44:54 +00:00 · 2024-10-20 13:26:25 +08:00
parent 499bbe4fa7 1033885c99
commit a9b9be96cb
59 changed files with 1340 additions and 157 deletions
--- a/internal/applicant/applicant.go
+++ b/internal/applicant/applicant.go
@@ -24,11 +24,13 @@ import (
 const (
 	configTypeAliyun      = "aliyun"
 	configTypeTencent     = "tencent"
-	configTypeHuaweicloud = "huaweicloud"
+	configTypeHuaweiCloud = "huaweicloud"
 	configTypeAws         = "aws"
 	configTypeCloudflare  = "cloudflare"
 	configTypeNamesilo    = "namesilo"
 	configTypeGodaddy     = "godaddy"
+	configTypePdns        = "pdns"
+	configTypeHttpreq     = "httpreq"
 )

 const defaultSSLProvider = "letsencrypt"
@@ -126,7 +128,7 @@ func Get(record *models.Record) (Applicant, error) {
 		return NewAliyun(option), nil
 	case configTypeTencent:
 		return NewTencent(option), nil
-	case configTypeHuaweicloud:
+	case configTypeHuaweiCloud:
 		return NewHuaweiCloud(option), nil
 	case configTypeAws:
 		return NewAws(option), nil
@@ -136,6 +138,10 @@ func Get(record *models.Record) (Applicant, error) {
 		return NewNamesilo(option), nil
 	case configTypeGodaddy:
 		return NewGodaddy(option), nil
+	case configTypePdns:
+		return NewPdns(option), nil
+	case configTypeHttpreq:
+		return NewHttpreq(option), nil
 	default:
 		return nil, errors.New("unknown config type")
 	}
--- a/internal/applicant/httpreq.go
+++ b/internal/applicant/httpreq.go
@@ -0,0 +1,38 @@
+package applicant
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+
+	"github.com/go-acme/lego/v4/providers/dns/httpreq"
+
+	"github.com/usual2970/certimate/internal/domain"
+)
+
+type httpReq struct {
+	option *ApplyOption
+}
+
+func NewHttpreq(option *ApplyOption) Applicant {
+	return &httpReq{
+		option: option,
+	}
+}
+
+func (a *httpReq) Apply() (*Certificate, error) {
+	access := &domain.HttpreqAccess{}
+	json.Unmarshal([]byte(a.option.Access), access)
+
+	os.Setenv("HTTPREQ_ENDPOINT", access.Endpoint)
+	os.Setenv("HTTPREQ_MODE", access.Mode)
+	os.Setenv("HTTPREQ_USERNAME", access.Username)
+	os.Setenv("HTTPREQ_PASSWORD", access.Password)
+	os.Setenv("HTTPREQ_HTTP_TIMEOUT", fmt.Sprintf("%d", a.option.Timeout))
+	dnsProvider, err := httpreq.NewDNSProvider()
+	if err != nil {
+		return nil, err
+	}
+
+	return apply(a.option, dnsProvider)
+}
--- a/internal/applicant/pdns.go
+++ b/internal/applicant/pdns.go
@@ -0,0 +1,36 @@
+package applicant
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+
+	"github.com/go-acme/lego/v4/providers/dns/pdns"
+
+	"github.com/usual2970/certimate/internal/domain"
+)
+
+type powerdns struct {
+	option *ApplyOption
+}
+
+func NewPdns(option *ApplyOption) Applicant {
+	return &powerdns{
+		option: option,
+	}
+}
+
+func (a *powerdns) Apply() (*Certificate, error) {
+	access := &domain.PdnsAccess{}
+	json.Unmarshal([]byte(a.option.Access), access)
+
+	os.Setenv("PDNS_API_URL", access.ApiUrl)
+	os.Setenv("PDNS_API_KEY", access.ApiKey)
+	os.Setenv("PDNS_HTTP_TIMEOUT", fmt.Sprintf("%d", a.option.Timeout))
+	dnsProvider, err := pdns.NewDNSProvider()
+	if err != nil {
+		return nil, err
+	}
+
+	return apply(a.option, dnsProvider)
+}
--- a/internal/deployer/aliyun_cdn.go
+++ b/internal/deployer/aliyun_cdn.go
@@ -20,7 +20,7 @@ type AliyunCDNDeployer struct {
 	infos  []string
 }

-func NewAliyunCdnDeployer(option *DeployerOption) (*AliyunCDNDeployer, error) {
+func NewAliyunCDNDeployer(option *DeployerOption) (*AliyunCDNDeployer, error) {
 	access := &domain.AliyunAccess{}
 	json.Unmarshal([]byte(option.Access), access)

@@ -41,7 +41,7 @@ func NewAliyunCdnDeployer(option *DeployerOption) (*AliyunCDNDeployer, error) {
 }

 func (d *AliyunCDNDeployer) GetID() string {
-	return fmt.Sprintf("%s-%s", d.option.AceessRecord.GetString("name"), d.option.AceessRecord.Id)
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
 }

 func (d *AliyunCDNDeployer) GetInfo() []string {
--- a/internal/deployer/aliyun_esa.go
+++ b/internal/deployer/aliyun_esa.go
@@ -25,7 +25,7 @@ type AliyunESADeployer struct {
 	infos  []string
 }

-func NewAliyunEsaDeployer(option *DeployerOption) (*AliyunESADeployer, error) {
+func NewAliyunESADeployer(option *DeployerOption) (*AliyunESADeployer, error) {
 	access := &domain.AliyunAccess{}
 	json.Unmarshal([]byte(option.Access), access)

@@ -46,7 +46,7 @@ func NewAliyunEsaDeployer(option *DeployerOption) (*AliyunESADeployer, error) {
 }

 func (d *AliyunESADeployer) GetID() string {
-	return fmt.Sprintf("%s-%s", d.option.AceessRecord.GetString("name"), d.option.AceessRecord.Id)
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
 }

 func (d *AliyunESADeployer) GetInfo() []string {
--- a/internal/deployer/aliyun_oss.go
+++ b/internal/deployer/aliyun_oss.go
@@ -16,7 +16,7 @@ type AliyunOSSDeployer struct {
 	infos  []string
 }

-func NewAliyunOssDeployer(option *DeployerOption) (Deployer, error) {
+func NewAliyunOSSDeployer(option *DeployerOption) (Deployer, error) {
 	access := &domain.AliyunAccess{}
 	json.Unmarshal([]byte(option.Access), access)

@@ -35,7 +35,7 @@ func NewAliyunOssDeployer(option *DeployerOption) (Deployer, error) {
 }

 func (d *AliyunOSSDeployer) GetID() string {
-	return fmt.Sprintf("%s-%s", d.option.AceessRecord.GetString("name"), d.option.AceessRecord.Id)
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
 }

 func (d *AliyunOSSDeployer) GetInfo() []string {
--- a/internal/deployer/deployer.go
+++ b/internal/deployer/deployer.go
@@ -15,15 +15,16 @@ import (
 )

 const (
-	targetAliyunOSS  = "aliyun-oss"
-	targetAliyunCDN  = "aliyun-cdn"
-	targetAliyunESA  = "aliyun-dcdn"
-	targetTencentCDN = "tencent-cdn"
-	targetQiniuCdn   = "qiniu-cdn"
-	targetLocal      = "local"
-	targetSSH        = "ssh"
-	targetWebhook    = "webhook"
-	targetK8sSecret  = "k8s-secret"
+	targetAliyunOSS      = "aliyun-oss"
+	targetAliyunCDN      = "aliyun-cdn"
+	targetAliyunESA      = "aliyun-dcdn"
+	targetTencentCDN     = "tencent-cdn"
+	targetHuaweiCloudCDN = "huaweicloud-cdn"
+	targetQiniuCdn       = "qiniu-cdn"
+	targetLocal          = "local"
+	targetSSH            = "ssh"
+	targetWebhook        = "webhook"
+	targetK8sSecret      = "k8s-secret"
 )

 type DeployerOption struct {
@@ -31,7 +32,7 @@ type DeployerOption struct {
 	Domain       string                `json:"domain"`
 	Product      string                `json:"product"`
 	Access       string                `json:"access"`
-	AceessRecord *models.Record        `json:"-"`
+	AccessRecord *models.Record        `json:"-"`
 	DeployConfig domain.DeployConfig   `json:"deployConfig"`
 	Certificate  applicant.Certificate `json:"certificate"`
 	Variables    map[string]string     `json:"variables"`
@@ -83,7 +84,7 @@ func getWithDeployConfig(record *models.Record, cert *applicant.Certificate, dep
 		Domain:       record.GetString("domain"),
 		Product:      getProduct(deployConfig.Type),
 		Access:       access.GetString("config"),
-		AceessRecord: access,
+		AccessRecord: access,
 		DeployConfig: deployConfig,
 	}
 	if cert != nil {
@@ -97,13 +98,15 @@ func getWithDeployConfig(record *models.Record, cert *applicant.Certificate, dep

 	switch deployConfig.Type {
 	case targetAliyunOSS:
-		return NewAliyunOssDeployer(option)
+		return NewAliyunOSSDeployer(option)
 	case targetAliyunCDN:
-		return NewAliyunCdnDeployer(option)
+		return NewAliyunCDNDeployer(option)
 	case targetAliyunESA:
-		return NewAliyunEsaDeployer(option)
+		return NewAliyunESADeployer(option)
 	case targetTencentCDN:
 		return NewTencentCDNDeployer(option)
+	case targetHuaweiCloudCDN:
+		return NewHuaweiCloudCDNDeployer(option)
 	case targetQiniuCdn:
 		return NewQiniuCDNDeployer(option)
 	case targetLocal:
--- a/internal/deployer/huaweicloud_cdn.go
+++ b/internal/deployer/huaweicloud_cdn.go
@@ -0,0 +1,150 @@
+package deployer
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+
+	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/global"
+	cdn "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v2"
+	cdnModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v2/model"
+	cdnRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v2/region"
+
+	"github.com/usual2970/certimate/internal/domain"
+	"github.com/usual2970/certimate/internal/utils/rand"
+)
+
+type HuaweiCloudCDNDeployer struct {
+	option *DeployerOption
+	infos  []string
+}
+
+func NewHuaweiCloudCDNDeployer(option *DeployerOption) (Deployer, error) {
+	return &HuaweiCloudCDNDeployer{
+		option: option,
+		infos:  make([]string, 0),
+	}, nil
+}
+
+func (d *HuaweiCloudCDNDeployer) GetID() string {
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
+}
+
+func (d *HuaweiCloudCDNDeployer) GetInfo() []string {
+	return d.infos
+}
+
+func (d *HuaweiCloudCDNDeployer) Deploy(ctx context.Context) error {
+	access := &domain.HuaweiCloudAccess{}
+	if err := json.Unmarshal([]byte(d.option.Access), access); err != nil {
+		return err
+	}
+
+	client, err := d.createClient(access)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("HuaweiCloudCdnClient 创建成功", nil))
+
+	// 查询加速域名配置
+	showDomainFullConfigReq := &cdnModel.ShowDomainFullConfigRequest{
+		DomainName: getDeployString(d.option.DeployConfig, "domain"),
+	}
+	showDomainFullConfigResp, err := client.ShowDomainFullConfig(showDomainFullConfigReq)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已查询到加速域名配置", showDomainFullConfigResp))
+
+	// 更新加速域名配置
+	certName := fmt.Sprintf("%s-%s", d.option.DomainId, rand.RandStr(12))
+	updateDomainMultiCertificatesReq := &cdnModel.UpdateDomainMultiCertificatesRequest{
+		Body: &cdnModel.UpdateDomainMultiCertificatesRequestBody{
+			Https: mergeHuaweiCloudCDNConfig(showDomainFullConfigResp.Configs, &cdnModel.UpdateDomainMultiCertificatesRequestBodyContent{
+				DomainName:  getDeployString(d.option.DeployConfig, "domain"),
+				HttpsSwitch: 1,
+				CertName:    &certName,
+				Certificate: &d.option.Certificate.Certificate,
+				PrivateKey:  &d.option.Certificate.PrivateKey,
+			}),
+		},
+	}
+	updateDomainMultiCertificatesResp, err := client.UpdateDomainMultiCertificates(updateDomainMultiCertificatesReq)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已更新加速域名配置", updateDomainMultiCertificatesResp))
+
+	return nil
+}
+
+func (d *HuaweiCloudCDNDeployer) createClient(access *domain.HuaweiCloudAccess) (*cdn.CdnClient, error) {
+	auth, err := global.NewCredentialsBuilder().
+		WithAk(access.AccessKeyId).
+		WithSk(access.SecretAccessKey).
+		SafeBuild()
+	if err != nil {
+		return nil, err
+	}
+
+	region, err := cdnRegion.SafeValueOf(access.Region)
+	if err != nil {
+		return nil, err
+	}
+
+	hcClient, err := cdn.CdnClientBuilder().
+		WithRegion(region).
+		WithCredential(auth).
+		SafeBuild()
+	if err != nil {
+		return nil, err
+	}
+
+	client := cdn.NewCdnClient(hcClient)
+	return client, nil
+}
+
+func mergeHuaweiCloudCDNConfig(src *cdnModel.ConfigsGetBody, dest *cdnModel.UpdateDomainMultiCertificatesRequestBodyContent) *cdnModel.UpdateDomainMultiCertificatesRequestBodyContent {
+	if src == nil {
+		return dest
+	}
+
+	// 华为云 API 中不传的字段表示使用默认值、而非保留原值，因此这里需要把原配置中的参数重新赋值回去
+	// 而且蛋疼的是查询接口返回的数据结构和更新接口传入的参数结构不一致，需要做很多转化
+	// REF: https://support.huaweicloud.com/api-cdn/ShowDomainFullConfig.html
+	// REF: https://support.huaweicloud.com/api-cdn/UpdateDomainMultiCertificates.html
+
+	if *src.OriginProtocol == "follow" {
+		accessOriginWay := int32(1)
+		dest.AccessOriginWay = &accessOriginWay
+	} else if *src.OriginProtocol == "http" {
+		accessOriginWay := int32(2)
+		dest.AccessOriginWay = &accessOriginWay
+	} else if *src.OriginProtocol == "https" {
+		accessOriginWay := int32(3)
+		dest.AccessOriginWay = &accessOriginWay
+	}
+
+	if src.ForceRedirect != nil {
+		dest.ForceRedirectConfig = &cdnModel.ForceRedirect{}
+
+		if src.ForceRedirect.Status == "on" {
+			dest.ForceRedirectConfig.Switch = 1
+			dest.ForceRedirectConfig.RedirectType = src.ForceRedirect.Type
+		} else {
+			dest.ForceRedirectConfig.Switch = 0
+		}
+	}
+
+	if src.Https != nil {
+		if *src.Https.Http2Status == "on" {
+			http2 := int32(1)
+			dest.Http2 = &http2
+		}
+	}
+
+	return dest
+}
--- a/internal/deployer/k8s_secret.go
+++ b/internal/deployer/k8s_secret.go
@@ -8,11 +8,9 @@ import (
 	k8sMetaV1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/tools/clientcmd"
-)

-type KubernetesAccess struct {
-	KubeConfig string `json:"kubeConfig"`
-}
+	"github.com/usual2970/certimate/internal/domain"
+)

 type K8sSecretDeployer struct {
 	option *DeployerOption
@@ -27,7 +25,7 @@ func NewK8sSecretDeployer(option *DeployerOption) (Deployer, error) {
 }

 func (d *K8sSecretDeployer) GetID() string {
-	return fmt.Sprintf("%s-%s", d.option.AceessRecord.GetString("name"), d.option.AceessRecord.Id)
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
 }

 func (d *K8sSecretDeployer) GetInfo() []string {
@@ -35,7 +33,7 @@ func (d *K8sSecretDeployer) GetInfo() []string {
 }

 func (d *K8sSecretDeployer) Deploy(ctx context.Context) error {
-	access := &KubernetesAccess{}
+	access := &domain.KubernetesAccess{}
 	if err := json.Unmarshal([]byte(d.option.Access), access); err != nil {
 		return err
 	}
@@ -86,7 +84,7 @@ func (d *K8sSecretDeployer) Deploy(ctx context.Context) error {
 	return nil
 }

-func (d *K8sSecretDeployer) createClient(access *KubernetesAccess) (*kubernetes.Clientset, error) {
+func (d *K8sSecretDeployer) createClient(access *domain.KubernetesAccess) (*kubernetes.Clientset, error) {
 	kubeConfig, err := clientcmd.Load([]byte(access.KubeConfig))
 	if err != nil {
 		return nil, err
--- a/internal/deployer/local.go
+++ b/internal/deployer/local.go
@@ -8,9 +8,9 @@ import (
 	"os/exec"
 	"path/filepath"
 	"runtime"
-)

-type LocalAccess struct{}
+	"github.com/usual2970/certimate/internal/domain"
+)

 type LocalDeployer struct {
 	option *DeployerOption
@@ -25,7 +25,7 @@ func NewLocalDeployer(option *DeployerOption) (Deployer, error) {
 }

 func (d *LocalDeployer) GetID() string {
-	return fmt.Sprintf("%s-%s", d.option.AceessRecord.GetString("name"), d.option.AceessRecord.Id)
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
 }

 func (d *LocalDeployer) GetInfo() []string {
@@ -33,7 +33,7 @@ func (d *LocalDeployer) GetInfo() []string {
 }

 func (d *LocalDeployer) Deploy(ctx context.Context) error {
-	access := &LocalAccess{}
+	access := &domain.LocalAccess{}
 	if err := json.Unmarshal([]byte(d.option.Access), access); err != nil {
 		return err
 	}
--- a/internal/deployer/qiniu_cdn.go
+++ b/internal/deployer/qiniu_cdn.go
@@ -35,7 +35,7 @@ func NewQiniuCDNDeployer(option *DeployerOption) (*QiniuCDNDeployer, error) {
 }

 func (d *QiniuCDNDeployer) GetID() string {
-	return fmt.Sprintf("%s-%s", d.option.AceessRecord.GetString("name"), d.option.AceessRecord.Id)
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
 }

 func (d *QiniuCDNDeployer) GetInfo() []string {
--- a/internal/deployer/ssh.go
+++ b/internal/deployer/ssh.go
@@ -10,16 +10,9 @@ import (

 	"github.com/pkg/sftp"
 	sshPkg "golang.org/x/crypto/ssh"
-)

-type SSHAccess struct {
-	Host          string `json:"host"`
-	Port          string `json:"port"`
-	Username      string `json:"username"`
-	Password      string `json:"password"`
-	Key           string `json:"key"`
-	KeyPassphrase string `json:"keyPassphrase"`
-}
+	"github.com/usual2970/certimate/internal/domain"
+)

 type SSHDeployer struct {
 	option *DeployerOption
@@ -34,7 +27,7 @@ func NewSSHDeployer(option *DeployerOption) (Deployer, error) {
 }

 func (d *SSHDeployer) GetID() string {
-	return fmt.Sprintf("%s-%s", d.option.AceessRecord.GetString("name"), d.option.AceessRecord.Id)
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
 }

 func (d *SSHDeployer) GetInfo() []string {
@@ -42,7 +35,7 @@ func (d *SSHDeployer) GetInfo() []string {
 }

 func (d *SSHDeployer) Deploy(ctx context.Context) error {
-	access := &SSHAccess{}
+	access := &domain.SSHAccess{}
 	if err := json.Unmarshal([]byte(d.option.Access), access); err != nil {
 		return err
 	}
@@ -130,7 +123,7 @@ func (d *SSHDeployer) upload(client *sshPkg.Client, content, path string) error
 	return nil
 }

-func (d *SSHDeployer) createClient(access *SSHAccess) (*sshPkg.Client, error) {
+func (d *SSHDeployer) createClient(access *domain.SSHAccess) (*sshPkg.Client, error) {
 	var authMethod sshPkg.AuthMethod

 	if access.Key != "" {
--- a/internal/deployer/tencent_cdn.go
+++ b/internal/deployer/tencent_cdn.go
@@ -41,7 +41,7 @@ func NewTencentCDNDeployer(option *DeployerOption) (Deployer, error) {
 }

 func (d *TencentCDNDeployer) GetID() string {
-	return fmt.Sprintf("%s-%s", d.option.AceessRecord.GetString("name"), d.option.AceessRecord.Id)
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
 }

 func (d *TencentCDNDeployer) GetInfo() []string {
--- a/internal/deployer/webhook.go
+++ b/internal/deployer/webhook.go
@@ -7,13 +7,10 @@ import (
 	"fmt"
 	"net/http"

+	"github.com/usual2970/certimate/internal/domain"
 	xhttp "github.com/usual2970/certimate/internal/utils/http"
 )

-type WebhookAccess struct {
-	Url string `json:"url"`
-}
-
 type WebhookDeployer struct {
 	option *DeployerOption
 	infos  []string
@@ -27,7 +24,7 @@ func NewWebhookDeployer(option *DeployerOption) (Deployer, error) {
 }

 func (d *WebhookDeployer) GetID() string {
-	return fmt.Sprintf("%s-%s", d.option.AceessRecord.GetString("name"), d.option.AceessRecord.Id)
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
 }

 func (d *WebhookDeployer) GetInfo() []string {
@@ -42,7 +39,7 @@ type webhookData struct {
 }

 func (d *WebhookDeployer) Deploy(ctx context.Context) error {
-	access := &WebhookAccess{}
+	access := &domain.WebhookAccess{}
 	if err := json.Unmarshal([]byte(d.option.Access), access); err != nil {
 		return fmt.Errorf("failed to parse hook access config: %w", err)
 	}
--- a/internal/domain/access.go
+++ b/internal/domain/access.go
@@ -40,3 +40,34 @@ type GodaddyAccess struct {
 	ApiKey    string `json:"apiKey"`
 	ApiSecret string `json:"apiSecret"`
 }
+
+type PdnsAccess struct {
+	ApiUrl string `json:"apiUrl"`
+	ApiKey string `json:"apiKey"`
+}
+
+type HttpreqAccess struct {
+	Endpoint string `json:"endpoint"`
+	Mode     string `json:"mode"`
+	Username string `json:"username"`
+	Password string `json:"password"`
+}
+
+type LocalAccess struct{}
+
+type SSHAccess struct {
+	Host          string `json:"host"`
+	Port          string `json:"port"`
+	Username      string `json:"username"`
+	Password      string `json:"password"`
+	Key           string `json:"key"`
+	KeyPassphrase string `json:"keyPassphrase"`
+}
+
+type WebhookAccess struct {
+	Url string `json:"url"`
+}
+
+type KubernetesAccess struct {
+	KubeConfig string `json:"kubeConfig"`
+}