2025-07-07 19:49:55 +00:00
13 changed files with 21 additions and 105 deletions
--- a/internal/applicant/applicant.go
+++ b/internal/applicant/applicant.go
@ -26,14 +26,13 @@ import (
 )

 type ApplyResult struct {
-	CSR                  string
 	FullChainCertificate string
 	IssuerCertificate    string
 	PrivateKey           string
 	ACMEAccountUrl       string
 	ACMECertUrl          string
 	ACMECertStableUrl    string
-	ARIReplaced          bool
+	CSR                  string
 }

 type Applicant interface {
@ -110,7 +109,7 @@ func NewWithWorkflowNode(config ApplicantWithWorkflowNodeConfig) (Applicant, err

 	certRepo := repository.NewCertificateRepository()
 	lastCertificate, _ := certRepo.GetByWorkflowNodeId(context.Background(), config.Node.Id)
-	if lastCertificate != nil && !lastCertificate.ACMERenewed {
+	if lastCertificate != nil {
 		newCertSan := slices.Clone(options.Domains)
 		oldCertSan := strings.Split(lastCertificate.SubjectAltNames, ";")
 		slices.Sort(newCertSan)
@ -120,8 +119,8 @@ func NewWithWorkflowNode(config ApplicantWithWorkflowNodeConfig) (Applicant, err
 			lastCertX509, _ := certcrypto.ParsePEMCertificate([]byte(lastCertificate.Certificate))
 			if lastCertX509 != nil {
 				replacedARICertId, _ := certificate.MakeARICertID(lastCertX509)
-				options.ARIReplaceAcct = lastCertificate.ACMEAccountUrl
-				options.ARIReplaceCert = replacedARICertId
+				options.ReplacedARIAcct = lastCertificate.ACMEAccountUrl
+				options.ReplacedARICert = replacedARICertId
 			}
 		}
 	}
@ -236,24 +235,22 @@ func applyUseLego(legoProvider challenge.Provider, options *applicantProviderOpt
 		Domains: options.Domains,
 		Bundle:  true,
 	}
-	if options.ARIReplaceAcct == user.Registration.URI {
-		certRequest.ReplacesCertID = options.ARIReplaceCert
+	if options.ReplacedARIAcct == user.Registration.URI {
+		certRequest.ReplacesCertID = options.ReplacedARICert
 	}
-
 	certResource, err := client.Certificate.Obtain(certRequest)
 	if err != nil {
 		return nil, err
 	}

 	return &ApplyResult{
-		CSR:                  strings.TrimSpace(string(certResource.CSR)),
 		FullChainCertificate: strings.TrimSpace(string(certResource.Certificate)),
 		IssuerCertificate:    strings.TrimSpace(string(certResource.IssuerCertificate)),
 		PrivateKey:           strings.TrimSpace(string(certResource.PrivateKey)),
 		ACMEAccountUrl:       user.Registration.URI,
 		ACMECertUrl:          certResource.CertURL,
 		ACMECertStableUrl:    certResource.CertStableURL,
-		ARIReplaced:          certRequest.ReplacesCertID != "",
+		CSR:                  strings.TrimSpace(string(certResource.CSR)),
 	}, nil
 }

--- a/internal/applicant/providers.go
+++ b/internal/applicant/providers.go
@ -57,8 +57,8 @@ type applicantProviderOptions struct {
 	DnsPropagationTimeout   int32
 	DnsTTL                  int32
 	DisableFollowCNAME      bool
-	ARIReplaceAcct          string
-	ARIReplaceCert          string
+	ReplacedARIAcct         string
+	ReplacedARICert         string
 }

 func createApplicantProvider(options *applicantProviderOptions) (challenge.Provider, error) {
--- a/internal/domain/certificate.go
+++ b/internal/domain/certificate.go
@ -28,7 +28,6 @@ type Certificate struct {
 	ACMEAccountUrl    string                      `json:"acmeAccountUrl" db:"acmeAccountUrl"`
 	ACMECertUrl       string                      `json:"acmeCertUrl" db:"acmeCertUrl"`
 	ACMECertStableUrl string                      `json:"acmeCertStableUrl" db:"acmeCertStableUrl"`
-	ACMERenewed       bool                        `json:"acmeRenewed" db:"acmeRenewed"`
 	WorkflowId        string                      `json:"workflowId" db:"workflowId"`
 	WorkflowNodeId    string                      `json:"workflowNodeId" db:"workflowNodeId"`
 	WorkflowRunId     string                      `json:"workflowRunId" db:"workflowRunId"`
--- a/internal/pkg/core/deployer/providers/1panel-site/1panel_site.go
+++ b/internal/pkg/core/deployer/providers/1panel-site/1panel_site.go
@ -55,10 +55,9 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 	}

 	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
-		ApiUrl:                   config.ApiUrl,
-		ApiVersion:               config.ApiVersion,
-		ApiKey:                   config.ApiKey,
-		AllowInsecureConnections: config.AllowInsecureConnections,
+		ApiUrl:     config.ApiUrl,
+		ApiVersion: config.ApiVersion,
+		ApiKey:     config.ApiKey,
 	})
 	if err != nil {
 		return nil, fmt.Errorf("failed to create ssl uploader: %w", err)
--- a/internal/pkg/core/uploader/providers/1panel-ssl/1panel_ssl.go
+++ b/internal/pkg/core/uploader/providers/1panel-ssl/1panel_ssl.go
@ -2,7 +2,6 @@ package onepanelssl

 import (
 	"context"
-	"crypto/tls"
 	"errors"
 	"fmt"
 	"log/slog"
@ -21,8 +20,6 @@ type UploaderConfig struct {
 	ApiVersion string `json:"apiVersion"`
 	// 1Panel 接口密钥。
 	ApiKey string `json:"apiKey"`
-	// 是否允许不安全的连接。
-	AllowInsecureConnections bool `json:"allowInsecureConnections,omitempty"`
 }

 type UploaderProvider struct {
@ -38,7 +35,7 @@ func NewUploader(config *UploaderConfig) (*UploaderProvider, error) {
 		panic("config is nil")
 	}

-	client, err := createSdkClient(config.ApiUrl, config.ApiVersion, config.ApiKey, config.AllowInsecureConnections)
+	client, err := createSdkClient(config.ApiUrl, config.ApiVersion, config.ApiKey)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create sdk client: %w", err)
 	}
@ -135,7 +132,7 @@ func (u *UploaderProvider) getCertIfExists(ctx context.Context, certPEM string,
 	return nil, nil
 }

-func createSdkClient(apiUrl, apiVersion, apiKey string, skipTlsVerify bool) (*onepanelsdk.Client, error) {
+func createSdkClient(apiUrl, apiVersion, apiKey string) (*onepanelsdk.Client, error) {
 	if _, err := url.Parse(apiUrl); err != nil {
 		return nil, errors.New("invalid 1panel api url")
 	}
@ -149,9 +146,5 @@ func createSdkClient(apiUrl, apiVersion, apiKey string, skipTlsVerify bool) (*on
 	}

 	client := onepanelsdk.NewClient(apiUrl, apiVersion, apiKey)
-	if skipTlsVerify {
-		client.WithTLSConfig(&tls.Config{InsecureSkipVerify: true})
-	}
-
 	return client, nil
 }
--- a/internal/repository/certificate.go
+++ b/internal/repository/certificate.go
@ -77,25 +77,6 @@ func (r *CertificateRepository) GetByWorkflowNodeId(ctx context.Context, workflo
 	return r.castRecordToModel(records[0])
 }

-func (r *CertificateRepository) GetByWorkflowRunId(ctx context.Context, workflowRunId string) (*domain.Certificate, error) {
-	records, err := app.GetApp().FindRecordsByFilter(
-		domain.CollectionNameCertificate,
-		"workflowRunId={:workflowRunId} && deleted=null",
-		"-created",
-		1, 0,
-		dbx.Params{"workflowRunId": workflowRunId},
-	)
-	if err != nil {
-		return nil, err
-	}
-
-	if len(records) == 0 {
-		return nil, domain.ErrRecordNotFound
-	}
-
-	return r.castRecordToModel(records[0])
-}
-
 func (r *CertificateRepository) Save(ctx context.Context, certificate *domain.Certificate) (*domain.Certificate, error) {
 	collection, err := app.GetApp().FindCollectionByNameOrId(domain.CollectionNameCertificate)
 	if err != nil {
@ -128,7 +109,6 @@ func (r *CertificateRepository) Save(ctx context.Context, certificate *domain.Ce
 	record.Set("acmeAccountUrl", certificate.ACMEAccountUrl)
 	record.Set("acmeCertUrl", certificate.ACMECertUrl)
 	record.Set("acmeCertStableUrl", certificate.ACMECertStableUrl)
-	record.Set("acmeRenewed", certificate.ACMERenewed)
 	record.Set("workflowId", certificate.WorkflowId)
 	record.Set("workflowRunId", certificate.WorkflowRunId)
 	record.Set("workflowNodeId", certificate.WorkflowNodeId)
@ -190,7 +170,6 @@ func (r *CertificateRepository) castRecordToModel(record *core.Record) (*domain.
 		ACMEAccountUrl:    record.GetString("acmeAccountUrl"),
 		ACMECertUrl:       record.GetString("acmeCertUrl"),
 		ACMECertStableUrl: record.GetString("acmeCertStableUrl"),
-		ACMERenewed:       record.GetBool("acmeRenewed"),
 		WorkflowId:        record.GetString("workflowId"),
 		WorkflowRunId:     record.GetString("workflowRunId"),
 		WorkflowNodeId:    record.GetString("workflowNodeId"),
--- a/internal/workflow/node-processor/apply_node.go
+++ b/internal/workflow/node-processor/apply_node.go
@ -96,15 +96,6 @@ func (n *applyNode) Process(ctx context.Context) error {
 		return err
 	}

-	// 保存 ARI 记录
-	if applyResult.ARIReplaced {
-		lastCertificate, _ := n.certRepo.GetByWorkflowRunId(ctx, lastOutput.RunId)
-		if lastCertificate != nil {
-			lastCertificate.ACMERenewed = true
-			n.certRepo.Save(ctx, lastCertificate)
-		}
-	}
-
 	n.logger.Info("apply completed")

 	return nil
@ -143,7 +134,7 @@ func (n *applyNode) checkCanSkip(ctx context.Context, lastOutput *domain.Workflo
 			return false, "the configuration item 'KeyAlgorithm' changed"
 		}

-		lastCertificate, _ := n.certRepo.GetByWorkflowRunId(ctx, lastOutput.RunId)
+		lastCertificate, _ := n.certRepo.GetByWorkflowNodeId(ctx, n.node.Id)
 		if lastCertificate != nil {
 			renewalInterval := time.Duration(currentNodeConfig.SkipBeforeExpiryDays) * time.Hour * 24
 			expirationTime := time.Until(lastCertificate.ExpireAt)
--- a/internal/workflow/node-processor/processor.go
+++ b/internal/workflow/node-processor/processor.go
@ -34,8 +34,6 @@ func (n *nodeProcessor) SetLogger(logger *slog.Logger) {

 type certificateRepository interface {
 	GetByWorkflowNodeId(ctx context.Context, workflowNodeId string) (*domain.Certificate, error)
-	GetByWorkflowRunId(ctx context.Context, workflowRunId string) (*domain.Certificate, error)
-	Save(ctx context.Context, certificate *domain.Certificate) (*domain.Certificate, error)
 }

 type workflowOutputRepository interface {
--- a/internal/workflow/node-processor/upload_node.go
+++ b/internal/workflow/node-processor/upload_node.go
@ -83,7 +83,7 @@ func (n *uploadNode) checkCanSkip(ctx context.Context, lastOutput *domain.Workfl
 			return false, "the configuration item 'PrivateKey' changed"
 		}

-		lastCertificate, _ := n.certRepo.GetByWorkflowRunId(ctx, lastOutput.RunId)
+		lastCertificate, _ := n.certRepo.GetByWorkflowNodeId(ctx, n.node.Id)
 		if lastCertificate != nil {
 			return true, "the certificate has already been uploaded"
 		}
--- a/migrations/1748228400_upgrade.go
+++ b/migrations/1748228400_upgrade.go
@ -1,39 +0,0 @@
-package migrations
-
-import (
-	"github.com/pocketbase/pocketbase/core"
-	m "github.com/pocketbase/pocketbase/migrations"
-)
-
-func init() {
-	m.Register(func(app core.App) error {
-		// update collection `certificate`
-		{
-			collection, err := app.FindCollectionByNameOrId("4szxr9x43tpj6np")
-			if err != nil {
-				return err
-			}
-
-			// add field
-			if err := collection.Fields.AddMarshaledJSONAt(14, []byte(`{
-				"hidden": false,
-				"id": "bool810050391",
-				"name": "acmeRenewed",
-				"presentable": false,
-				"required": false,
-				"system": false,
-				"type": "bool"
-			}`)); err != nil {
-				return err
-			}
-
-			if err := app.Save(collection); err != nil {
-				return err
-			}
-		}
-
-		return nil
-	}, func(app core.App) error {
-		return nil
-	})
-}
--- a/ui/src/components/access/AccessEditModal.tsx
+++ b/ui/src/components/access/AccessEditModal.tsx
@ -100,7 +100,6 @@ const AccessEditModal = ({ data, loading, trigger, scene, usage, afterSubmit, ..
        }}
        afterClose={() => setOpen(false)}
        cancelButtonProps={{ disabled: formPending }}
-        cancelText={t("common.button.cancel")}
        closable
        confirmLoading={formPending}
        destroyOnHidden
--- a/ui/src/i18n/locales/en/nls.workflow.nodes.json
+++ b/ui/src/i18n/locales/en/nls.workflow.nodes.json
@ -109,7 +109,7 @@
  "workflow_node.deploy.form.certificate.placeholder": "Please select certificate",
  "workflow_node.deploy.form.certificate.tooltip": "The certificate to be deployed comes from the previous nodes of application or upload.",
  "workflow_node.deploy.form.params_config.label": "Parameter settings",
-  "workflow_node.deploy.form.1panel_console_auto_restart.label": "Auto restart 1Panel after deployment",
+  "workflow_node.deploy.form.1panel_console_auto_restart.label": "Auto restart after deployment",
  "workflow_node.deploy.form.1panel_site_resource_type.label": "Resource type",
  "workflow_node.deploy.form.1panel_site_resource_type.placeholder": "Please select resource type",
  "workflow_node.deploy.form.1panel_site_resource_type.option.website.label": "Website",
@ -331,7 +331,7 @@
  "workflow_node.deploy.form.baishan_cdn_certificate_id.label": "Baishan Cloud CDN certificate ID (Optional)",
  "workflow_node.deploy.form.baishan_cdn_certificate_id.placeholder": "Please enter Baishan Cloud CDN certificate ID",
  "workflow_node.deploy.form.baishan_cdn_certificate_id.tooltip": "For more information, see <a href=\"https://cdnx.console.baishan.com/#/cdn/cert\" target=\"_blank\">https://cdnx.console.baishan.com/#/cdn/cert</a>",
-  "workflow_node.deploy.form.baotapanel_console_auto_restart.label": "Auto restart aaPanel after deployment",
+  "workflow_node.deploy.form.baotapanel_console_auto_restart.label": "Auto restart after deployment",
  "workflow_node.deploy.form.baotapanel_site_type.label": "aaPanel site type",
  "workflow_node.deploy.form.baotapanel_site_type.placeholder": "Please select aaPanel site type",
  "workflow_node.deploy.form.baotapanel_site_type.option.php.label": "PHP sites",
@ -530,7 +530,7 @@
  "workflow_node.deploy.form.netlify_site_id.tooltip": "For more information, see <a href=\"https://docs.netlify.com/api/get-started/#get-site\" target=\"_blank\">https://docs.netlify.com/api/get-started/#get-site</a>",
  "workflow_node.deploy.form.proxmoxve_node_name.label": "Proxmox VE cluster node name",
  "workflow_node.deploy.form.proxmoxve_node_name.placeholder": "Please enter Proxmox VE cluster node name",
-  "workflow_node.deploy.form.proxmoxve_auto_restart.label": "Auto restart Proxmox VE after deployment",
+  "workflow_node.deploy.form.proxmoxve_auto_restart.label": "Auto restart after deployment",
  "workflow_node.deploy.form.qiniu_cdn_domain.label": "Qiniu CDN domain",
  "workflow_node.deploy.form.qiniu_cdn_domain.placeholder": "Please enter Qiniu CDN domain name",
  "workflow_node.deploy.form.qiniu_cdn_domain.tooltip": "For more information, see <a href=\"https://portal.qiniu.com/cdn\" target=\"_blank\">https://portal.qiniu.com/cdn</a>",
--- a/ui/src/i18n/locales/zh/nls.workflow.nodes.json
+++ b/ui/src/i18n/locales/zh/nls.workflow.nodes.json
@ -108,7 +108,7 @@
  "workflow_node.deploy.form.certificate.placeholder": "请选择待部署证书",
  "workflow_node.deploy.form.certificate.tooltip": "待部署证书来自之前的申请或上传节点。如果选项为空请先确保前序节点配置正确。",
  "workflow_node.deploy.form.params_config.label": "参数设置",
-  "workflow_node.deploy.form.1panel_console_auto_restart.label": "部署后自动重启 1Panel 服务",
+  "workflow_node.deploy.form.1panel_console_auto_restart.label": "部署后自动重启宝塔面板服务",
  "workflow_node.deploy.form.1panel_site_resource_type.label": "证书部署方式",
  "workflow_node.deploy.form.1panel_site_resource_type.placeholder": "请选择证书部署方式",
  "workflow_node.deploy.form.1panel_site_resource_type.option.website.label": "替换指定网站的证书",
@ -330,7 +330,7 @@
  "workflow_node.deploy.form.baishan_cdn_certificate_id.label": "白山云 CDN 原证书 ID（可选）",
  "workflow_node.deploy.form.baishan_cdn_certificate_id.placeholder": "请输入白山云 CDN 原证书 ID",
  "workflow_node.deploy.form.baishan_cdn_certificate_id.tooltip": "这是什么？请参阅 <a href=\"https://cdnx.console.baishan.com/#/cdn/cert\" target=\"_blank\">https://cdnx.console.baishan.com/#/cdn/cert</a><br><br>不填写时，将上传新证书；否则，将替换原证书。",
-  "workflow_node.deploy.form.baotapanel_console_auto_restart.label": "部署后自动重启宝塔面板服务",
+  "workflow_node.deploy.form.baotapanel_console_auto_restart.label": "部署后自动重启 1Panel 服务",
  "workflow_node.deploy.form.baotapanel_site_type.label": "宝塔面板网站类型",
  "workflow_node.deploy.form.baotapanel_site_type.placeholder": "请选择宝塔面板网站类型",
  "workflow_node.deploy.form.baotapanel_site_type.option.php.label": "PHP",