feat: support replacing old certificate on deployment to baishan cdn

2025-10-05 05:54:53 +00:00 · 2025-03-27 14:12:42 +08:00
parent a8be2a77cf
commit f302c7fb74
6 changed files with 109 additions and 65 deletions
--- a/internal/pkg/core/deployer/providers/baishan-cdn/baishan_cdn.go
+++ b/internal/pkg/core/deployer/providers/baishan-cdn/baishan_cdn.go
@@ -21,6 +21,9 @@ type DeployerConfig struct {
 	ApiToken string `json:"apiToken"`
 	// 加速域名（支持泛域名）。
 	Domain string `json:"domain"`
+	// 证书 ID。
+	// 选填。
+	CertificateId string `json:"certificateId,omitempty"`
 }

 type DeployerProvider struct {
@@ -62,63 +65,79 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe
 		return nil, errors.New("config `domain` is required")
 	}

-	// 查询域名配置
-	// REF: https://portal.baishancloud.com/track/document/api/1/1065
-	getDomainConfigReq := &bssdk.GetDomainConfigRequest{
-		Domains: d.config.Domain,
-		Config:  []string{"https"},
-	}
-	getDomainConfigResp, err := d.sdkClient.GetDomainConfig(getDomainConfigReq)
-	d.logger.Debug("sdk request 'baishan.GetDomainConfig'", slog.Any("request", getDomainConfigReq), slog.Any("response", getDomainConfigResp))
-	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to execute sdk request 'baishan.GetDomainConfig'")
-	} else if len(getDomainConfigResp.Data) == 0 {
-		return nil, errors.New("domain config not found")
-	}
-
-	// 新增证书
-	// REF: https://portal.baishancloud.com/track/document/downloadPdf/1441
-	certificateId := ""
-	createCertificateReq := &bssdk.CreateCertificateRequest{
-		Certificate: certPem,
-		Key:         privkeyPem,
-		Name:        fmt.Sprintf("certimate_%d", time.Now().UnixMilli()),
-	}
-	createCertificateResp, err := d.sdkClient.CreateCertificate(createCertificateReq)
-	d.logger.Debug("sdk request 'baishan.CreateCertificate'", slog.Any("request", createCertificateReq), slog.Any("response", createCertificateResp))
-	if err != nil {
-		if createCertificateResp != nil {
-			if createCertificateResp.GetCode() == 400699 && strings.Contains(createCertificateResp.GetMessage(), "this certificate is exists") {
-				// 证书已存在，忽略新增证书接口错误
-				re := regexp.MustCompile(`\d+`)
-				certificateId = re.FindString(createCertificateResp.GetMessage())
+	if d.config.CertificateId == "" {
+		// 新增证书
+		// REF: https://portal.baishancloud.com/track/document/downloadPdf/1441
+		certificateId := ""
+		createCertificateReq := &bssdk.CreateCertificateRequest{
+			Certificate: certPem,
+			Key:         privkeyPem,
+			Name:        fmt.Sprintf("certimate_%d", time.Now().UnixMilli()),
+		}
+		createCertificateResp, err := d.sdkClient.CreateCertificate(createCertificateReq)
+		d.logger.Debug("sdk request 'baishan.CreateCertificate'", slog.Any("request", createCertificateReq), slog.Any("response", createCertificateResp))
+		if err != nil {
+			if createCertificateResp != nil {
+				if createCertificateResp.GetCode() == 400699 && strings.Contains(createCertificateResp.GetMessage(), "this certificate is exists") {
+					// 证书已存在，忽略新增证书接口错误
+					re := regexp.MustCompile(`\d+`)
+					certificateId = re.FindString(createCertificateResp.GetMessage())
+				}
 			}
+
+			if certificateId == "" {
+				return nil, xerrors.Wrap(err, "failed to execute sdk request 'baishan.CreateCertificate'")
+			}
+		} else {
+			certificateId = createCertificateResp.Data.CertId.String()
 		}

-		if certificateId == "" {
-			return nil, xerrors.Wrap(err, "failed to execute sdk request 'baishan.CreateCertificate'")
+		// 查询域名配置
+		// REF: https://portal.baishancloud.com/track/document/api/1/1065
+		getDomainConfigReq := &bssdk.GetDomainConfigRequest{
+			Domains: d.config.Domain,
+			Config:  []string{"https"},
+		}
+		getDomainConfigResp, err := d.sdkClient.GetDomainConfig(getDomainConfigReq)
+		d.logger.Debug("sdk request 'baishan.GetDomainConfig'", slog.Any("request", getDomainConfigReq), slog.Any("response", getDomainConfigResp))
+		if err != nil {
+			return nil, xerrors.Wrap(err, "failed to execute sdk request 'baishan.GetDomainConfig'")
+		} else if len(getDomainConfigResp.Data) == 0 {
+			return nil, errors.New("domain config not found")
+		}
+
+		// 设置域名配置
+		// REF: https://portal.baishancloud.com/track/document/api/1/1045
+		setDomainConfigReq := &bssdk.SetDomainConfigRequest{
+			Domains: d.config.Domain,
+			Config: &bssdk.DomainConfig{
+				Https: &bssdk.DomainConfigHttps{
+					CertId:      json.Number(certificateId),
+					ForceHttps:  getDomainConfigResp.Data[0].Config.Https.ForceHttps,
+					EnableHttp2: getDomainConfigResp.Data[0].Config.Https.EnableHttp2,
+					EnableOcsp:  getDomainConfigResp.Data[0].Config.Https.EnableOcsp,
+				},
+			},
+		}
+		setDomainConfigResp, err := d.sdkClient.SetDomainConfig(setDomainConfigReq)
+		d.logger.Debug("sdk request 'baishan.SetDomainConfig'", slog.Any("request", setDomainConfigReq), slog.Any("response", setDomainConfigResp))
+		if err != nil {
+			return nil, xerrors.Wrap(err, "failed to execute sdk request 'baishan.SetDomainConfig'")
 		}
 	} else {
-		certificateId = createCertificateResp.Data.CertId.String()
-	}
-
-	// 设置域名配置
-	// REF: https://portal.baishancloud.com/track/document/api/1/1045
-	setDomainConfigReq := &bssdk.SetDomainConfigRequest{
-		Domains: d.config.Domain,
-		Config: &bssdk.DomainConfig{
-			Https: &bssdk.DomainConfigHttps{
-				CertId:      json.Number(certificateId),
-				ForceHttps:  getDomainConfigResp.Data[0].Config.Https.ForceHttps,
-				EnableHttp2: getDomainConfigResp.Data[0].Config.Https.EnableHttp2,
-				EnableOcsp:  getDomainConfigResp.Data[0].Config.Https.EnableOcsp,
-			},
-		},
-	}
-	setDomainConfigResp, err := d.sdkClient.SetDomainConfig(setDomainConfigReq)
-	d.logger.Debug("sdk request 'baishan.SetDomainConfig'", slog.Any("request", setDomainConfigReq), slog.Any("response", setDomainConfigResp))
-	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to execute sdk request 'baishan.SetDomainConfig'")
+		// 替换证书
+		// REF: https://portal.baishancloud.com/track/document/downloadPdf/1441
+		createCertificateReq := &bssdk.CreateCertificateRequest{
+			CertificateId: &d.config.CertificateId,
+			Certificate:   certPem,
+			Key:           privkeyPem,
+			Name:          fmt.Sprintf("certimate_%d", time.Now().UnixMilli()),
+		}
+		createCertificateResp, err := d.sdkClient.CreateCertificate(createCertificateReq)
+		d.logger.Debug("sdk request 'baishan.CreateCertificate'", slog.Any("request", createCertificateReq), slog.Any("response", createCertificateResp))
+		if err != nil {
+			return nil, xerrors.Wrap(err, "failed to execute sdk request 'baishan.CreateCertificate'")
+		}
 	}

 	return &deployer.DeployResult{}, nil
--- a/internal/pkg/vendors/baishan-sdk/models.go
+++ b/internal/pkg/vendors/baishan-sdk/models.go
@@ -27,9 +27,10 @@ func (r *baseResponse) GetMessage() string {
 }

 type CreateCertificateRequest struct {
-	Certificate string `json:"certificate"`
-	Key         string `json:"key"`
-	Name        string `json:"name"`
+	CertificateId *string `json:"cert_id,omitempty"`
+	Certificate   string  `json:"certificate"`
+	Key           string  `json:"key"`
+	Name          string  `json:"name"`
 }

 type CreateCertificateResponse struct {