Merge pull request #742 from tailorvii/wangsu

fix: wangsu get certificate list api error #741

README.md

@@ -22,7 +22,7 @@
 
 做个人产品或者在中小企业里负责运维的同学，会遇到要管理多个域名的情况，需要给域名申请证书。但是手动申请证书有以下缺点：
 
-- 😱 麻烦：申请证书并部署到服务的流程虽不复杂，但也挺麻烦的，犹其是你有多个域名需要维护的时候。
+- 😱 麻烦：申请证书并部署到服务的流程虽不复杂，但也挺麻烦的，尤其是你有多个域名需要维护的时候。
 - 😭 易忘：另外当前免费证书的有效期只有 90 天，这就要求你定期的操作，增加了工作量的同时，你也很容易忘掉续期，从而导致网站访问不了。
 
 Certimate 就是为了解决上述问题而产生的，它具有以下优势：

internal/applicant/applicant.go

@@ -53,35 +53,35 @@ func NewWithWorkflowNode(config ApplicantWithWorkflowNodeConfig) (Applicant, err
 		return nil, fmt.Errorf("node type is not '%s'", string(domain.WorkflowNodeTypeApply))
 	}
 
-	nodeConfig := config.Node.GetConfigForApply()
+	nodeCfg := config.Node.GetConfigForApply()
 	options := &applicantProviderOptions{
-		Domains:                 sliceutil.Filter(strings.Split(nodeConfig.Domains, ";"), func(s string) bool { return s != "" }),
+		Domains:                 sliceutil.Filter(strings.Split(nodeCfg.Domains, ";"), func(s string) bool { return s != "" }),
-		ContactEmail:            nodeConfig.ContactEmail,
+		ContactEmail:            nodeCfg.ContactEmail,
-		Provider:                domain.ACMEDns01ProviderType(nodeConfig.Provider),
+		Provider:                domain.ACMEDns01ProviderType(nodeCfg.Provider),
 		ProviderAccessConfig:    make(map[string]any),
-		ProviderServiceConfig:   nodeConfig.ProviderConfig,
+		ProviderServiceConfig:   nodeCfg.ProviderConfig,
-		CAProvider:              domain.CAProviderType(nodeConfig.CAProvider),
+		CAProvider:              domain.CAProviderType(nodeCfg.CAProvider),
 		CAProviderAccessConfig:  make(map[string]any),
-		CAProviderServiceConfig: nodeConfig.CAProviderConfig,
+		CAProviderServiceConfig: nodeCfg.CAProviderConfig,
-		KeyAlgorithm:            nodeConfig.KeyAlgorithm,
+		KeyAlgorithm:            nodeCfg.KeyAlgorithm,
-		Nameservers:             sliceutil.Filter(strings.Split(nodeConfig.Nameservers, ";"), func(s string) bool { return s != "" }),
+		Nameservers:             sliceutil.Filter(strings.Split(nodeCfg.Nameservers, ";"), func(s string) bool { return s != "" }),
-		DnsPropagationWait:      nodeConfig.DnsPropagationWait,
+		DnsPropagationWait:      nodeCfg.DnsPropagationWait,
-		DnsPropagationTimeout:   nodeConfig.DnsPropagationTimeout,
+		DnsPropagationTimeout:   nodeCfg.DnsPropagationTimeout,
-		DnsTTL:                  nodeConfig.DnsTTL,
+		DnsTTL:                  nodeCfg.DnsTTL,
-		DisableFollowCNAME:      nodeConfig.DisableFollowCNAME,
+		DisableFollowCNAME:      nodeCfg.DisableFollowCNAME,
 	}
 
 	accessRepo := repository.NewAccessRepository()
-	if nodeConfig.ProviderAccessId != "" {
+	if nodeCfg.ProviderAccessId != "" {
-		if access, err := accessRepo.GetById(context.Background(), nodeConfig.ProviderAccessId); err != nil {
+		if access, err := accessRepo.GetById(context.Background(), nodeCfg.ProviderAccessId); err != nil {
-			return nil, fmt.Errorf("failed to get access #%s record: %w", nodeConfig.ProviderAccessId, err)
+			return nil, fmt.Errorf("failed to get access #%s record: %w", nodeCfg.ProviderAccessId, err)
 		} else {
 			options.ProviderAccessConfig = access.Config
 		}
 	}
-	if nodeConfig.CAProviderAccessId != "" {
+	if nodeCfg.CAProviderAccessId != "" {
-		if access, err := accessRepo.GetById(context.Background(), nodeConfig.CAProviderAccessId); err != nil {
+		if access, err := accessRepo.GetById(context.Background(), nodeCfg.CAProviderAccessId); err != nil {
-			return nil, fmt.Errorf("failed to get access #%s record: %w", nodeConfig.CAProviderAccessId, err)
+			return nil, fmt.Errorf("failed to get access #%s record: %w", nodeCfg.CAProviderAccessId, err)
 		} else {
 			options.CAProviderAccessId = access.Id
 			options.CAProviderAccessConfig = access.Config

internal/deployer/deployer.go

@@ -29,18 +29,18 @@ func NewWithWorkflowNode(config DeployerWithWorkflowNodeConfig) (Deployer, error
 		return nil, fmt.Errorf("node type is not '%s'", string(domain.WorkflowNodeTypeDeploy))
 	}
 
-	nodeConfig := config.Node.GetConfigForDeploy()
+	nodeCfg := config.Node.GetConfigForDeploy()
 	options := &deployerProviderOptions{
-		Provider:              domain.DeploymentProviderType(nodeConfig.Provider),
+		Provider:              domain.DeploymentProviderType(nodeCfg.Provider),
 		ProviderAccessConfig:  make(map[string]any),
-		ProviderServiceConfig: nodeConfig.ProviderConfig,
+		ProviderServiceConfig: nodeCfg.ProviderConfig,
 	}
 
 	accessRepo := repository.NewAccessRepository()
-	if nodeConfig.ProviderAccessId != "" {
+	if nodeCfg.ProviderAccessId != "" {
-		access, err := accessRepo.GetById(context.Background(), nodeConfig.ProviderAccessId)
+		access, err := accessRepo.GetById(context.Background(), nodeCfg.ProviderAccessId)
 		if err != nil {
-			return nil, fmt.Errorf("failed to get access #%s record: %w", nodeConfig.ProviderAccessId, err)
+			return nil, fmt.Errorf("failed to get access #%s record: %w", nodeCfg.ProviderAccessId, err)
 		} else {
 			options.ProviderAccessConfig = access.Config
 		}

internal/deployer/providers.go

@@ -157,6 +157,7 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer
 				deployer, err := pAliyunALB.NewDeployer(&pAliyunALB.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
+					ResourceGroupId: access.ResourceGroupId,
 					Region:          maputil.GetString(options.ProviderServiceConfig, "region"),
 					ResourceType:    pAliyunALB.ResourceType(maputil.GetString(options.ProviderServiceConfig, "resourceType")),
 					LoadbalancerId:  maputil.GetString(options.ProviderServiceConfig, "loadbalancerId"),
@@ -169,6 +170,7 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer
 				deployer, err := pAliyunAPIGW.NewDeployer(&pAliyunAPIGW.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
+					ResourceGroupId: access.ResourceGroupId,
 					Region:          maputil.GetString(options.ProviderServiceConfig, "region"),
 					ServiceType:     pAliyunAPIGW.ServiceType(maputil.GetString(options.ProviderServiceConfig, "serviceType")),
 					GatewayId:       maputil.GetString(options.ProviderServiceConfig, "gatewayId"),
@@ -181,6 +183,7 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer
 				deployer, err := pAliyunCAS.NewDeployer(&pAliyunCAS.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
+					ResourceGroupId: access.ResourceGroupId,
 					Region:          maputil.GetString(options.ProviderServiceConfig, "region"),
 				})
 				return deployer, err
@@ -189,6 +192,7 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer
 				deployer, err := pAliyunCASDeploy.NewDeployer(&pAliyunCASDeploy.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
+					ResourceGroupId: access.ResourceGroupId,
 					Region:          maputil.GetString(options.ProviderServiceConfig, "region"),
 					ResourceIds:     sliceutil.Filter(strings.Split(maputil.GetString(options.ProviderServiceConfig, "resourceIds"), ";"), func(s string) bool { return s != "" }),
 					ContactIds:      sliceutil.Filter(strings.Split(maputil.GetString(options.ProviderServiceConfig, "contactIds"), ";"), func(s string) bool { return s != "" }),
@@ -199,6 +203,7 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer
 				deployer, err := pAliyunCDN.NewDeployer(&pAliyunCDN.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
+					ResourceGroupId: access.ResourceGroupId,
 					Domain:          maputil.GetString(options.ProviderServiceConfig, "domain"),
 				})
 				return deployer, err
@@ -207,6 +212,7 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer
 				deployer, err := pAliyunCLB.NewDeployer(&pAliyunCLB.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
+					ResourceGroupId: access.ResourceGroupId,
 					Region:          maputil.GetString(options.ProviderServiceConfig, "region"),
 					ResourceType:    pAliyunCLB.ResourceType(maputil.GetString(options.ProviderServiceConfig, "resourceType")),
 					LoadbalancerId:  maputil.GetString(options.ProviderServiceConfig, "loadbalancerId"),
@@ -219,6 +225,7 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer
 				deployer, err := pAliyunDCDN.NewDeployer(&pAliyunDCDN.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
+					ResourceGroupId: access.ResourceGroupId,
 					Domain:          maputil.GetString(options.ProviderServiceConfig, "domain"),
 				})
 				return deployer, err
@@ -227,6 +234,7 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer
 				deployer, err := pAliyunDDoS.NewDeployer(&pAliyunDDoS.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
+					ResourceGroupId: access.ResourceGroupId,
 					Region:          maputil.GetString(options.ProviderServiceConfig, "region"),
 					Domain:          maputil.GetString(options.ProviderServiceConfig, "domain"),
 				})
@@ -245,6 +253,7 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer
 				deployer, err := pAliyunFC.NewDeployer(&pAliyunFC.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
+					ResourceGroupId: access.ResourceGroupId,
 					Region:          maputil.GetString(options.ProviderServiceConfig, "region"),
 					ServiceVersion:  maputil.GetOrDefaultString(options.ProviderServiceConfig, "serviceVersion", "3.0"),
 					Domain:          maputil.GetString(options.ProviderServiceConfig, "domain"),
@@ -255,6 +264,7 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer
 				deployer, err := pAliyunGA.NewDeployer(&pAliyunGA.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
+					ResourceGroupId: access.ResourceGroupId,
 					ResourceType:    pAliyunGA.ResourceType(maputil.GetString(options.ProviderServiceConfig, "resourceType")),
 					AcceleratorId:   maputil.GetString(options.ProviderServiceConfig, "acceleratorId"),
 					ListenerId:      maputil.GetString(options.ProviderServiceConfig, "listenerId"),
@@ -275,6 +285,7 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer
 				deployer, err := pAliyunNLB.NewDeployer(&pAliyunNLB.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
+					ResourceGroupId: access.ResourceGroupId,
 					Region:          maputil.GetString(options.ProviderServiceConfig, "region"),
 					ResourceType:    pAliyunNLB.ResourceType(maputil.GetString(options.ProviderServiceConfig, "resourceType")),
 					LoadbalancerId:  maputil.GetString(options.ProviderServiceConfig, "loadbalancerId"),
@@ -286,6 +297,7 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer
 				deployer, err := pAliyunOSS.NewDeployer(&pAliyunOSS.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
+					ResourceGroupId: access.ResourceGroupId,
 					Region:          maputil.GetString(options.ProviderServiceConfig, "region"),
 					Bucket:          maputil.GetString(options.ProviderServiceConfig, "bucket"),
 					Domain:          maputil.GetString(options.ProviderServiceConfig, "domain"),
@@ -296,6 +308,7 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer
 				deployer, err := pAliyunVOD.NewDeployer(&pAliyunVOD.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
+					ResourceGroupId: access.ResourceGroupId,
 					Region:          maputil.GetString(options.ProviderServiceConfig, "region"),
 					Domain:          maputil.GetString(options.ProviderServiceConfig, "domain"),
 				})
@@ -305,6 +318,7 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer
 				deployer, err := pAliyunWAF.NewDeployer(&pAliyunWAF.DeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
+					ResourceGroupId: access.ResourceGroupId,
 					Region:          maputil.GetString(options.ProviderServiceConfig, "region"),
 					ServiceVersion:  maputil.GetOrDefaultString(options.ProviderServiceConfig, "serviceVersion", "3.0"),
 					InstanceId:      maputil.GetString(options.ProviderServiceConfig, "instanceId"),
@@ -676,40 +690,44 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer
 			switch options.Provider {
 			case domain.DeploymentProviderTypeHuaweiCloudCDN:
 				deployer, err := pHuaweiCloudCDN.NewDeployer(&pHuaweiCloudCDN.DeployerConfig{
-					AccessKeyId:     access.AccessKeyId,
+					AccessKeyId:         access.AccessKeyId,
-					SecretAccessKey: access.SecretAccessKey,
+					SecretAccessKey:     access.SecretAccessKey,
-					Region:          maputil.GetString(options.ProviderServiceConfig, "region"),
+					EnterpriseProjectId: access.EnterpriseProjectId,
-					Domain:          maputil.GetString(options.ProviderServiceConfig, "domain"),
+					Region:              maputil.GetString(options.ProviderServiceConfig, "region"),
+					Domain:              maputil.GetString(options.ProviderServiceConfig, "domain"),
 				})
 				return deployer, err
 
 			case domain.DeploymentProviderTypeHuaweiCloudELB:
 				deployer, err := pHuaweiCloudELB.NewDeployer(&pHuaweiCloudELB.DeployerConfig{
-					AccessKeyId:     access.AccessKeyId,
+					AccessKeyId:         access.AccessKeyId,
-					SecretAccessKey: access.SecretAccessKey,
+					SecretAccessKey:     access.SecretAccessKey,
-					Region:          maputil.GetString(options.ProviderServiceConfig, "region"),
+					EnterpriseProjectId: access.EnterpriseProjectId,
-					ResourceType:    pHuaweiCloudELB.ResourceType(maputil.GetString(options.ProviderServiceConfig, "resourceType")),
+					Region:              maputil.GetString(options.ProviderServiceConfig, "region"),
-					CertificateId:   maputil.GetString(options.ProviderServiceConfig, "certificateId"),
+					ResourceType:        pHuaweiCloudELB.ResourceType(maputil.GetString(options.ProviderServiceConfig, "resourceType")),
-					LoadbalancerId:  maputil.GetString(options.ProviderServiceConfig, "loadbalancerId"),
+					CertificateId:       maputil.GetString(options.ProviderServiceConfig, "certificateId"),
-					ListenerId:      maputil.GetString(options.ProviderServiceConfig, "listenerId"),
+					LoadbalancerId:      maputil.GetString(options.ProviderServiceConfig, "loadbalancerId"),
+					ListenerId:          maputil.GetString(options.ProviderServiceConfig, "listenerId"),
 				})
 				return deployer, err
 
 			case domain.DeploymentProviderTypeHuaweiCloudSCM:
 				deployer, err := pHuaweiCloudSCM.NewDeployer(&pHuaweiCloudSCM.DeployerConfig{
-					AccessKeyId:     access.AccessKeyId,
+					AccessKeyId:         access.AccessKeyId,
-					SecretAccessKey: access.SecretAccessKey,
+					SecretAccessKey:     access.SecretAccessKey,
+					EnterpriseProjectId: access.EnterpriseProjectId,
 				})
 				return deployer, err
 
 			case domain.DeploymentProviderTypeHuaweiCloudWAF:
 				deployer, err := pHuaweiCloudWAF.NewDeployer(&pHuaweiCloudWAF.DeployerConfig{
-					AccessKeyId:     access.AccessKeyId,
+					AccessKeyId:         access.AccessKeyId,
-					SecretAccessKey: access.SecretAccessKey,
+					SecretAccessKey:     access.SecretAccessKey,
-					Region:          maputil.GetString(options.ProviderServiceConfig, "region"),
+					EnterpriseProjectId: access.EnterpriseProjectId,
-					ResourceType:    pHuaweiCloudWAF.ResourceType(maputil.GetString(options.ProviderServiceConfig, "resourceType")),
+					Region:              maputil.GetString(options.ProviderServiceConfig, "region"),
-					CertificateId:   maputil.GetString(options.ProviderServiceConfig, "certificateId"),
+					ResourceType:        pHuaweiCloudWAF.ResourceType(maputil.GetString(options.ProviderServiceConfig, "resourceType")),
-					Domain:          maputil.GetString(options.ProviderServiceConfig, "domain"),
+					CertificateId:       maputil.GetString(options.ProviderServiceConfig, "certificateId"),
+					Domain:              maputil.GetString(options.ProviderServiceConfig, "domain"),
 				})
 				return deployer, err
 

internal/domain/access.go

@@ -38,6 +38,7 @@ type AccessConfigForACMEHttpReq struct {
 type AccessConfigForAliyun struct {
 	AccessKeyId     string `json:"accessKeyId"`
 	AccessKeySecret string `json:"accessKeySecret"`
+	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 }
 
 type AccessConfigForAWS struct {
@@ -199,8 +200,9 @@ type AccessConfigForHetzner struct {
 }
 
 type AccessConfigForHuaweiCloud struct {
-	AccessKeyId     string `json:"accessKeyId"`
+	AccessKeyId         string `json:"accessKeyId"`
-	SecretAccessKey string `json:"secretAccessKey"`
+	SecretAccessKey     string `json:"secretAccessKey"`
+	EnterpriseProjectId string `json:"enterpriseProjectId,omitempty"`
 }
 
 type AccessConfigForJDCloud struct {
@@ -384,7 +386,7 @@ type AccessConfigForWeComBot struct {
 
 type AccessConfigForWestcn struct {
 	Username    string `json:"username"`
-	ApiPassword string `json:"password"`
+	ApiPassword string `json:"apiPassword"`
 }
 
 type AccessConfigForZeroSSL struct {

internal/domain/expr/expr.go

@@ -0,0 +1,630 @@
+package expr
+
+import (
+	"encoding/json"
+	"fmt"
+	"strconv"
+)
+
+type (
+	ExprType               string
+	ExprComparisonOperator string
+	ExprLogicalOperator    string
+	ExprValueType          string
+)
+
+const (
+	GreaterThan    ExprComparisonOperator = "gt"
+	GreaterOrEqual ExprComparisonOperator = "gte"
+	LessThan       ExprComparisonOperator = "lt"
+	LessOrEqual    ExprComparisonOperator = "lte"
+	Equal          ExprComparisonOperator = "eq"
+	NotEqual       ExprComparisonOperator = "neq"
+
+	And ExprLogicalOperator = "and"
+	Or  ExprLogicalOperator = "or"
+	Not ExprLogicalOperator = "not"
+
+	Number  ExprValueType = "number"
+	String  ExprValueType = "string"
+	Boolean ExprValueType = "boolean"
+
+	ConstantExprType   ExprType = "const"
+	VariantExprType    ExprType = "var"
+	ComparisonExprType ExprType = "comparison"
+	LogicalExprType    ExprType = "logical"
+	NotExprType        ExprType = "not"
+)
+
+type EvalResult struct {
+	Type  ExprValueType
+	Value any
+}
+
+func (e *EvalResult) GetFloat64() (float64, error) {
+	if e.Type != Number {
+		return 0, fmt.Errorf("type mismatch: %s", e.Type)
+	}
+
+	stringValue, ok := e.Value.(string)
+	if !ok {
+		return 0, fmt.Errorf("value is not a string: %v", e.Value)
+	}
+
+	floatValue, err := strconv.ParseFloat(stringValue, 64)
+	if err != nil {
+		return 0, fmt.Errorf("failed to parse float64: %v", err)
+	}
+	return floatValue, nil
+}
+
+func (e *EvalResult) GetBool() (bool, error) {
+	if e.Type != Boolean {
+		return false, fmt.Errorf("type mismatch: %s", e.Type)
+	}
+
+	strValue, ok := e.Value.(string)
+	if ok {
+		if strValue == "true" {
+			return true, nil
+		} else if strValue == "false" {
+			return false, nil
+		}
+		return false, fmt.Errorf("value is not a boolean: %v", e.Value)
+	}
+
+	boolValue, ok := e.Value.(bool)
+	if !ok {
+		return false, fmt.Errorf("value is not a boolean: %v", e.Value)
+	}
+
+	return boolValue, nil
+}
+
+func (e *EvalResult) GreaterThan(other *EvalResult) (*EvalResult, error) {
+	if e.Type != other.Type {
+		return nil, fmt.Errorf("type mismatch: %s vs %s", e.Type, other.Type)
+	}
+
+	switch e.Type {
+	case String:
+		return &EvalResult{
+			Type:  Boolean,
+			Value: e.Value.(string) > other.Value.(string),
+		}, nil
+
+	case Number:
+		left, err := e.GetFloat64()
+		if err != nil {
+			return nil, err
+		}
+
+		right, err := other.GetFloat64()
+		if err != nil {
+			return nil, err
+		}
+
+		return &EvalResult{
+			Type:  Boolean,
+			Value: left > right,
+		}, nil
+
+	default:
+		return nil, fmt.Errorf("unsupported value type: %s", e.Type)
+	}
+}
+
+func (e *EvalResult) GreaterOrEqual(other *EvalResult) (*EvalResult, error) {
+	if e.Type != other.Type {
+		return nil, fmt.Errorf("type mismatch: %s vs %s", e.Type, other.Type)
+	}
+
+	switch e.Type {
+	case String:
+		return &EvalResult{
+			Type:  Boolean,
+			Value: e.Value.(string) >= other.Value.(string),
+		}, nil
+
+	case Number:
+		left, err := e.GetFloat64()
+		if err != nil {
+			return nil, err
+		}
+
+		right, err := other.GetFloat64()
+		if err != nil {
+			return nil, err
+		}
+
+		return &EvalResult{
+			Type:  Boolean,
+			Value: left >= right,
+		}, nil
+
+	default:
+		return nil, fmt.Errorf("unsupported value type: %s", e.Type)
+	}
+}
+
+func (e *EvalResult) LessThan(other *EvalResult) (*EvalResult, error) {
+	if e.Type != other.Type {
+		return nil, fmt.Errorf("type mismatch: %s vs %s", e.Type, other.Type)
+	}
+
+	switch e.Type {
+	case String:
+		return &EvalResult{
+			Type:  Boolean,
+			Value: e.Value.(string) < other.Value.(string),
+		}, nil
+
+	case Number:
+		left, err := e.GetFloat64()
+		if err != nil {
+			return nil, err
+		}
+
+		right, err := other.GetFloat64()
+		if err != nil {
+			return nil, err
+		}
+
+		return &EvalResult{
+			Type:  Boolean,
+			Value: left < right,
+		}, nil
+
+	default:
+		return nil, fmt.Errorf("unsupported value type: %s", e.Type)
+	}
+}
+
+func (e *EvalResult) LessOrEqual(other *EvalResult) (*EvalResult, error) {
+	if e.Type != other.Type {
+		return nil, fmt.Errorf("type mismatch: %s vs %s", e.Type, other.Type)
+	}
+
+	switch e.Type {
+	case String:
+		return &EvalResult{
+			Type:  Boolean,
+			Value: e.Value.(string) <= other.Value.(string),
+		}, nil
+
+	case Number:
+		left, err := e.GetFloat64()
+		if err != nil {
+			return nil, err
+		}
+
+		right, err := other.GetFloat64()
+		if err != nil {
+			return nil, err
+		}
+
+		return &EvalResult{
+			Type:  Boolean,
+			Value: left <= right,
+		}, nil
+
+	default:
+		return nil, fmt.Errorf("unsupported value type: %s", e.Type)
+	}
+}
+
+func (e *EvalResult) Equal(other *EvalResult) (*EvalResult, error) {
+	if e.Type != other.Type {
+		return nil, fmt.Errorf("type mismatch: %s vs %s", e.Type, other.Type)
+	}
+
+	switch e.Type {
+	case String:
+		return &EvalResult{
+			Type:  Boolean,
+			Value: e.Value.(string) == other.Value.(string),
+		}, nil
+
+	case Number:
+		left, err := e.GetFloat64()
+		if err != nil {
+			return nil, err
+		}
+
+		right, err := other.GetFloat64()
+		if err != nil {
+			return nil, err
+		}
+
+		return &EvalResult{
+			Type:  Boolean,
+			Value: left == right,
+		}, nil
+
+	case Boolean:
+		left, err := e.GetBool()
+		if err != nil {
+			return nil, err
+		}
+
+		right, err := other.GetBool()
+		if err != nil {
+			return nil, err
+		}
+
+		return &EvalResult{
+			Type:  Boolean,
+			Value: left == right,
+		}, nil
+
+	default:
+		return nil, fmt.Errorf("unsupported value type: %s", e.Type)
+	}
+}
+
+func (e *EvalResult) NotEqual(other *EvalResult) (*EvalResult, error) {
+	if e.Type != other.Type {
+		return nil, fmt.Errorf("type mismatch: %s vs %s", e.Type, other.Type)
+	}
+
+	switch e.Type {
+	case String:
+		return &EvalResult{
+			Type:  Boolean,
+			Value: e.Value.(string) != other.Value.(string),
+		}, nil
+
+	case Number:
+		left, err := e.GetFloat64()
+		if err != nil {
+			return nil, err
+		}
+
+		right, err := other.GetFloat64()
+		if err != nil {
+			return nil, err
+		}
+
+		return &EvalResult{
+			Type:  Boolean,
+			Value: left != right,
+		}, nil
+
+	case Boolean:
+		left, err := e.GetBool()
+		if err != nil {
+			return nil, err
+		}
+
+		right, err := other.GetBool()
+		if err != nil {
+			return nil, err
+		}
+
+		return &EvalResult{
+			Type:  Boolean,
+			Value: left != right,
+		}, nil
+
+	default:
+		return nil, fmt.Errorf("unsupported value type: %s", e.Type)
+	}
+}
+
+func (e *EvalResult) And(other *EvalResult) (*EvalResult, error) {
+	if e.Type != other.Type {
+		return nil, fmt.Errorf("type mismatch: %s vs %s", e.Type, other.Type)
+	}
+
+	switch e.Type {
+	case Boolean:
+		left, err := e.GetBool()
+		if err != nil {
+			return nil, err
+		}
+
+		right, err := other.GetBool()
+		if err != nil {
+			return nil, err
+		}
+
+		return &EvalResult{
+			Type:  Boolean,
+			Value: left && right,
+		}, nil
+
+	default:
+		return nil, fmt.Errorf("unsupported value type: %s", e.Type)
+	}
+}
+
+func (e *EvalResult) Or(other *EvalResult) (*EvalResult, error) {
+	if e.Type != other.Type {
+		return nil, fmt.Errorf("type mismatch: %s vs %s", e.Type, other.Type)
+	}
+
+	switch e.Type {
+	case Boolean:
+		left, err := e.GetBool()
+		if err != nil {
+			return nil, err
+		}
+
+		right, err := other.GetBool()
+		if err != nil {
+			return nil, err
+		}
+
+		return &EvalResult{
+			Type:  Boolean,
+			Value: left || right,
+		}, nil
+	default:
+		return nil, fmt.Errorf("unsupported value type: %s", e.Type)
+	}
+}
+
+func (e *EvalResult) Not() (*EvalResult, error) {
+	if e.Type != Boolean {
+		return nil, fmt.Errorf("type mismatch: %s", e.Type)
+	}
+
+	boolValue, err := e.GetBool()
+	if err != nil {
+		return nil, err
+	}
+
+	return &EvalResult{
+		Type:  Boolean,
+		Value: !boolValue,
+	}, nil
+}
+
+type Expr interface {
+	GetType() ExprType
+	Eval(variables map[string]map[string]any) (*EvalResult, error)
+}
+
+type ExprValueSelector struct {
+	Id   string        `json:"id"`
+	Name string        `json:"name"`
+	Type ExprValueType `json:"type"`
+}
+
+type ConstantExpr struct {
+	Type      ExprType      `json:"type"`
+	Value     string        `json:"value"`
+	ValueType ExprValueType `json:"valueType"`
+}
+
+func (c ConstantExpr) GetType() ExprType { return c.Type }
+
+func (c ConstantExpr) Eval(variables map[string]map[string]any) (*EvalResult, error) {
+	return &EvalResult{
+		Type:  c.ValueType,
+		Value: c.Value,
+	}, nil
+}
+
+type VariantExpr struct {
+	Type     ExprType          `json:"type"`
+	Selector ExprValueSelector `json:"selector"`
+}
+
+func (v VariantExpr) GetType() ExprType { return v.Type }
+
+func (v VariantExpr) Eval(variables map[string]map[string]any) (*EvalResult, error) {
+	if v.Selector.Id == "" {
+		return nil, fmt.Errorf("node id is empty")
+	}
+	if v.Selector.Name == "" {
+		return nil, fmt.Errorf("name is empty")
+	}
+
+	if _, ok := variables[v.Selector.Id]; !ok {
+		return nil, fmt.Errorf("node %s not found", v.Selector.Id)
+	}
+
+	if _, ok := variables[v.Selector.Id][v.Selector.Name]; !ok {
+		return nil, fmt.Errorf("variable %s not found in node %s", v.Selector.Name, v.Selector.Id)
+	}
+	return &EvalResult{
+		Type:  v.Selector.Type,
+		Value: variables[v.Selector.Id][v.Selector.Name],
+	}, nil
+}
+
+type ComparisonExpr struct {
+	Type     ExprType               `json:"type"` // compare
+	Operator ExprComparisonOperator `json:"operator"`
+	Left     Expr                   `json:"left"`
+	Right    Expr                   `json:"right"`
+}
+
+func (c ComparisonExpr) GetType() ExprType { return c.Type }
+
+func (c ComparisonExpr) Eval(variables map[string]map[string]any) (*EvalResult, error) {
+	left, err := c.Left.Eval(variables)
+	if err != nil {
+		return nil, err
+	}
+	right, err := c.Right.Eval(variables)
+	if err != nil {
+		return nil, err
+	}
+
+	switch c.Operator {
+	case GreaterThan:
+		return left.GreaterThan(right)
+	case LessThan:
+		return left.LessThan(right)
+	case GreaterOrEqual:
+		return left.GreaterOrEqual(right)
+	case LessOrEqual:
+		return left.LessOrEqual(right)
+	case Equal:
+		return left.Equal(right)
+	case NotEqual:
+		return left.NotEqual(right)
+	default:
+		return nil, fmt.Errorf("unknown expression operator: %s", c.Operator)
+	}
+}
+
+type LogicalExpr struct {
+	Type     ExprType            `json:"type"` // logical
+	Operator ExprLogicalOperator `json:"operator"`
+	Left     Expr                `json:"left"`
+	Right    Expr                `json:"right"`
+}
+
+func (l LogicalExpr) GetType() ExprType { return l.Type }
+
+func (l LogicalExpr) Eval(variables map[string]map[string]any) (*EvalResult, error) {
+	left, err := l.Left.Eval(variables)
+	if err != nil {
+		return nil, err
+	}
+	right, err := l.Right.Eval(variables)
+	if err != nil {
+		return nil, err
+	}
+
+	switch l.Operator {
+	case And:
+		return left.And(right)
+	case Or:
+		return left.Or(right)
+	default:
+		return nil, fmt.Errorf("unknown expression operator: %s", l.Operator)
+	}
+}
+
+type NotExpr struct {
+	Type ExprType `json:"type"` // not
+	Expr Expr     `json:"expr"`
+}
+
+func (n NotExpr) GetType() ExprType { return n.Type }
+
+func (n NotExpr) Eval(variables map[string]map[string]any) (*EvalResult, error) {
+	inner, err := n.Expr.Eval(variables)
+	if err != nil {
+		return nil, err
+	}
+	return inner.Not()
+}
+
+type rawExpr struct {
+	Type ExprType `json:"type"`
+}
+
+func MarshalExpr(e Expr) ([]byte, error) {
+	return json.Marshal(e)
+}
+
+func UnmarshalExpr(data []byte) (Expr, error) {
+	var typ rawExpr
+	if err := json.Unmarshal(data, &typ); err != nil {
+		return nil, err
+	}
+
+	switch typ.Type {
+	case ConstantExprType:
+		var e ConstantExpr
+		if err := json.Unmarshal(data, &e); err != nil {
+			return nil, err
+		}
+		return e, nil
+	case VariantExprType:
+		var e VariantExpr
+		if err := json.Unmarshal(data, &e); err != nil {
+			return nil, err
+		}
+		return e, nil
+	case ComparisonExprType:
+		var e ComparisonExprRaw
+		if err := json.Unmarshal(data, &e); err != nil {
+			return nil, err
+		}
+		return e.ToComparisonExpr()
+	case LogicalExprType:
+		var e LogicalExprRaw
+		if err := json.Unmarshal(data, &e); err != nil {
+			return nil, err
+		}
+		return e.ToLogicalExpr()
+	case NotExprType:
+		var e NotExprRaw
+		if err := json.Unmarshal(data, &e); err != nil {
+			return nil, err
+		}
+		return e.ToNotExpr()
+	default:
+		return nil, fmt.Errorf("unknown expression type: %s", typ.Type)
+	}
+}
+
+type ComparisonExprRaw struct {
+	Type     ExprType               `json:"type"`
+	Operator ExprComparisonOperator `json:"operator"`
+	Left     json.RawMessage        `json:"left"`
+	Right    json.RawMessage        `json:"right"`
+}
+
+func (r ComparisonExprRaw) ToComparisonExpr() (ComparisonExpr, error) {
+	leftExpr, err := UnmarshalExpr(r.Left)
+	if err != nil {
+		return ComparisonExpr{}, err
+	}
+	rightExpr, err := UnmarshalExpr(r.Right)
+	if err != nil {
+		return ComparisonExpr{}, err
+	}
+	return ComparisonExpr{
+		Type:     r.Type,
+		Operator: r.Operator,
+		Left:     leftExpr,
+		Right:    rightExpr,
+	}, nil
+}
+
+type LogicalExprRaw struct {
+	Type     ExprType            `json:"type"`
+	Operator ExprLogicalOperator `json:"operator"`
+	Left     json.RawMessage     `json:"left"`
+	Right    json.RawMessage     `json:"right"`
+}
+
+func (r LogicalExprRaw) ToLogicalExpr() (LogicalExpr, error) {
+	left, err := UnmarshalExpr(r.Left)
+	if err != nil {
+		return LogicalExpr{}, err
+	}
+	right, err := UnmarshalExpr(r.Right)
+	if err != nil {
+		return LogicalExpr{}, err
+	}
+	return LogicalExpr{
+		Type:     r.Type,
+		Operator: r.Operator,
+		Left:     left,
+		Right:    right,
+	}, nil
+}
+
+type NotExprRaw struct {
+	Type ExprType        `json:"type"`
+	Expr json.RawMessage `json:"expr"`
+}
+
+func (r NotExprRaw) ToNotExpr() (NotExpr, error) {
+	inner, err := UnmarshalExpr(r.Expr)
+	if err != nil {
+		return NotExpr{}, err
+	}
+	return NotExpr{
+		Type: r.Type,
+		Expr: inner,
+	}, nil
+}

internal/domain/expr/expr_test.go

@@ -0,0 +1,127 @@
+package expr
+
+import (
+	"testing"
+)
+
+func TestLogicalEval(t *testing.T) {
+	// 测试逻辑表达式 and
+	logicalExpr := LogicalExpr{
+		Left: ConstantExpr{
+			Type:      "const",
+			Value:     "true",
+			ValueType: "boolean",
+		},
+		Operator: And,
+		Right: ConstantExpr{
+			Type:      "const",
+			Value:     "true",
+			ValueType: "boolean",
+		},
+	}
+	result, err := logicalExpr.Eval(nil)
+	if err != nil {
+		t.Errorf("failed to evaluate logical expression: %v", err)
+	}
+	if result.Value != true {
+		t.Errorf("expected true, got %v", result)
+	}
+
+	// 测试逻辑表达式 or
+	orExpr := LogicalExpr{
+		Left: ConstantExpr{
+			Type:      "const",
+			Value:     "true",
+			ValueType: "boolean",
+		},
+		Operator: Or,
+		Right: ConstantExpr{
+			Type:      "const",
+			Value:     "true",
+			ValueType: "boolean",
+		},
+	}
+	result, err = orExpr.Eval(nil)
+	if err != nil {
+		t.Errorf("failed to evaluate logical expression: %v", err)
+	}
+	if result.Value != true {
+		t.Errorf("expected true, got %v", result)
+	}
+}
+
+func TestUnmarshalExpr(t *testing.T) {
+	type args struct {
+		data []byte
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    Expr
+		wantErr bool
+	}{
+		{
+			name: "test1",
+			args: args{
+				data: []byte(`{"left":{"left":{"selector":{"id":"ODnYSOXB6HQP2_vz6JcZE","name":"certificate.validity","type":"boolean"},"type":"var"},"operator":"is","right":{"type":"const","value":true,"valueType":"boolean"},"type":"comparison"},"operator":"and","right":{"left":{"selector":{"id":"ODnYSOXB6HQP2_vz6JcZE","name":"certificate.daysLeft","type":"number"},"type":"var"},"operator":"eq","right":{"type":"const","value":2,"valueType":"number"},"type":"comparison"},"type":"logical"}`),
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := UnmarshalExpr(tt.args.data)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("UnmarshalExpr() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if got == nil {
+				t.Errorf("UnmarshalExpr() got = nil, want %v", tt.want)
+				return
+			}
+		})
+	}
+}
+
+func TestExpr_Eval(t *testing.T) {
+	type args struct {
+		variables map[string]map[string]any
+		data      []byte
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *EvalResult
+		wantErr bool
+	}{
+		{
+			name: "test1",
+			args: args{
+				variables: map[string]map[string]any{
+					"ODnYSOXB6HQP2_vz6JcZE": {
+						"certificate.validity": true,
+						"certificate.daysLeft": 2,
+					},
+				},
+				data: []byte(`{"left":{"left":{"selector":{"id":"ODnYSOXB6HQP2_vz6JcZE","name":"certificate.validity","type":"boolean"},"type":"var"},"operator":"is","right":{"type":"const","value":true,"valueType":"boolean"},"type":"comparison"},"operator":"and","right":{"left":{"selector":{"id":"ODnYSOXB6HQP2_vz6JcZE","name":"certificate.daysLeft","type":"number"},"type":"var"},"operator":"eq","right":{"type":"const","value":2,"valueType":"number"},"type":"comparison"},"type":"logical"}`),
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			c, err := UnmarshalExpr(tt.args.data)
+			if err != nil {
+				t.Errorf("UnmarshalExpr() error = %v", err)
+				return
+			}
+			got, err := c.Eval(tt.args.variables)
+			t.Log("got:", got)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("ConstExpr.Eval() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if got.Value != true {
+				t.Errorf("ConstExpr.Eval() got = %v, want %v", got.Value, true)
+			}
+		})
+	}
+}

internal/domain/workflow.go

@@ -1,8 +1,10 @@
 package domain
 
 import (
+	"encoding/json"
 	"time"
 
+	"github.com/usual2970/certimate/internal/domain/expr"
 	maputil "github.com/usual2970/certimate/internal/pkg/utils/map"
 )
 
@@ -30,6 +32,7 @@ const (
 	WorkflowNodeTypeEnd                 = WorkflowNodeType("end")
 	WorkflowNodeTypeApply               = WorkflowNodeType("apply")
 	WorkflowNodeTypeUpload              = WorkflowNodeType("upload")
+	WorkflowNodeTypeMonitor             = WorkflowNodeType("monitor")
 	WorkflowNodeTypeDeploy              = WorkflowNodeType("deploy")
 	WorkflowNodeTypeNotify              = WorkflowNodeType("notify")
 	WorkflowNodeTypeBranch              = WorkflowNodeType("branch")
@@ -68,23 +71,30 @@ type WorkflowNodeConfigForApply struct {
 	Provider              string         `json:"provider"`                        // DNS 提供商
 	ProviderAccessId      string         `json:"providerAccessId"`                // DNS 提供商授权记录 ID
 	ProviderConfig        map[string]any `json:"providerConfig"`                  // DNS 提供商额外配置
-	CAProvider            string         `json:"caProvider,omitempty"`            // CA 提供商（零值将使用全局配置）
+	CAProvider            string         `json:"caProvider,omitempty"`            // CA 提供商（零值时使用全局配置）
 	CAProviderAccessId    string         `json:"caProviderAccessId,omitempty"`    // CA 提供商授权记录 ID
 	CAProviderConfig      map[string]any `json:"caProviderConfig,omitempty"`      // CA 提供商额外配置
 	KeyAlgorithm          string         `json:"keyAlgorithm"`                    // 证书算法
 	Nameservers           string         `json:"nameservers,omitempty"`           // DNS 服务器列表，以半角分号分隔
 	DnsPropagationWait    int32          `json:"dnsPropagationWait,omitempty"`    // DNS 传播等待时间，等同于 lego 的 `--dns-propagation-wait` 参数
-	DnsPropagationTimeout int32          `json:"dnsPropagationTimeout,omitempty"` // DNS 传播检查超时时间（零值取决于提供商的默认值）
+	DnsPropagationTimeout int32          `json:"dnsPropagationTimeout,omitempty"` // DNS 传播检查超时时间（零值时使用提供商的默认值）
-	DnsTTL                int32          `json:"dnsTTL,omitempty"`                // DNS 解析记录 TTL（零值取决于提供商的默认值）
+	DnsTTL                int32          `json:"dnsTTL,omitempty"`                // DNS 解析记录 TTL（零值时使用提供商的默认值）
 	DisableFollowCNAME    bool           `json:"disableFollowCNAME,omitempty"`    // 是否关闭 CNAME 跟随
 	DisableARI            bool           `json:"disableARI,omitempty"`            // 是否关闭 ARI
-	SkipBeforeExpiryDays  int32          `json:"skipBeforeExpiryDays,omitempty"`  // 证书到期前多少天前跳过续期（零值将使用默认值 30）
+	SkipBeforeExpiryDays  int32          `json:"skipBeforeExpiryDays,omitempty"`  // 证书到期前多少天前跳过续期（零值时默认值 30）
 }
 
 type WorkflowNodeConfigForUpload struct {
-	Certificate string `json:"certificate"`
+	Certificate string `json:"certificate"` // 证书 PEM 内容
-	PrivateKey  string `json:"privateKey"`
+	PrivateKey  string `json:"privateKey"`  // 私钥 PEM 内容
-	Domains     string `json:"domains"`
+	Domains     string `json:"domains,omitempty"`
+}
+
+type WorkflowNodeConfigForMonitor struct {
+	Host        string `json:"host"`                  // 主机地址
+	Port        int32  `json:"port,omitempty"`        // 端口（零值时默认值 443）
+	Domain      string `json:"domain,omitempty"`      // 域名（零值时默认值 [Host]）
+	RequestPath string `json:"requestPath,omitempty"` // 请求路径
 }
 
 type WorkflowNodeConfigForDeploy struct {
@@ -104,6 +114,10 @@ type WorkflowNodeConfigForNotify struct {
 	Message          string         `json:"message"`                  // 通知内容
 }
 
+type WorkflowNodeConfigForCondition struct {
+	Expression expr.Expr `json:"expression"` // 条件表达式
+}
+
 func (n *WorkflowNode) GetConfigForApply() WorkflowNodeConfigForApply {
 	return WorkflowNodeConfigForApply{
 		Domains:               maputil.GetString(n.Config, "domains"),
@@ -133,6 +147,16 @@ func (n *WorkflowNode) GetConfigForUpload() WorkflowNodeConfigForUpload {
 	}
 }
 
+func (n *WorkflowNode) GetConfigForMonitor() WorkflowNodeConfigForMonitor {
+	host := maputil.GetString(n.Config, "host")
+	return WorkflowNodeConfigForMonitor{
+		Host:        host,
+		Port:        maputil.GetOrDefaultInt32(n.Config, "port", 443),
+		Domain:      maputil.GetOrDefaultString(n.Config, "domain", host),
+		RequestPath: maputil.GetString(n.Config, "path"),
+	}
+}
+
 func (n *WorkflowNode) GetConfigForDeploy() WorkflowNodeConfigForDeploy {
 	return WorkflowNodeConfigForDeploy{
 		Certificate:         maputil.GetString(n.Config, "certificate"),
@@ -154,6 +178,23 @@ func (n *WorkflowNode) GetConfigForNotify() WorkflowNodeConfigForNotify {
 	}
 }
 
+func (n *WorkflowNode) GetConfigForCondition() WorkflowNodeConfigForCondition {
+	expression := n.Config["expression"]
+	if expression == nil {
+		return WorkflowNodeConfigForCondition{}
+	}
+
+	exprRaw, _ := json.Marshal(expression)
+	expr, err := expr.UnmarshalExpr([]byte(exprRaw))
+	if err != nil {
+		return WorkflowNodeConfigForCondition{}
+	}
+
+	return WorkflowNodeConfigForCondition{
+		Expression: expr,
+	}
+}
+
 type WorkflowNodeIO struct {
 	Label         string                      `json:"label"`
 	Name          string                      `json:"name"`
@@ -163,9 +204,6 @@ type WorkflowNodeIO struct {
 	ValueSelector WorkflowNodeIOValueSelector `json:"valueSelector"`
 }
 
-type WorkflowNodeIOValueSelector struct {
+type WorkflowNodeIOValueSelector = expr.ExprValueSelector
-	Id   string `json:"id"`
-	Name string `json:"name"`
-}
 
 const WorkflowNodeIONameCertificate string = "certificate"

internal/notify/notifier.go

@@ -29,18 +29,18 @@ func NewWithWorkflowNode(config NotifierWithWorkflowNodeConfig) (Notifier, error
 		return nil, fmt.Errorf("node type is not '%s'", string(domain.WorkflowNodeTypeNotify))
 	}
 
-	nodeConfig := config.Node.GetConfigForNotify()
+	nodeCfg := config.Node.GetConfigForNotify()
 	options := &notifierProviderOptions{
-		Provider:              domain.NotificationProviderType(nodeConfig.Provider),
+		Provider:              domain.NotificationProviderType(nodeCfg.Provider),
 		ProviderAccessConfig:  make(map[string]any),
-		ProviderServiceConfig: nodeConfig.ProviderConfig,
+		ProviderServiceConfig: nodeCfg.ProviderConfig,
 	}
 
 	accessRepo := repository.NewAccessRepository()
-	if nodeConfig.ProviderAccessId != "" {
+	if nodeCfg.ProviderAccessId != "" {
-		access, err := accessRepo.GetById(context.Background(), nodeConfig.ProviderAccessId)
+		access, err := accessRepo.GetById(context.Background(), nodeCfg.ProviderAccessId)
 		if err != nil {
-			return nil, fmt.Errorf("failed to get access #%s record: %w", nodeConfig.ProviderAccessId, err)
+			return nil, fmt.Errorf("failed to get access #%s record: %w", nodeCfg.ProviderAccessId, err)
 		} else {
 			options.ProviderAccessConfig = access.Config
 		}

internal/pkg/core/applicant/acme-dns-01/lego-providers/powerdns/powerdns.go

@@ -29,6 +29,7 @@ func NewChallengeProvider(config *ChallengeProviderConfig) (challenge.Provider,
 	providerConfig.APIKey = config.ApiKey
 	if config.AllowInsecureConnections {
 		providerConfig.HTTPClient.Transport = &http.Transport{
+			Proxy: http.ProxyFromEnvironment,
 			TLSClientConfig: &tls.Config{
 				InsecureSkipVerify: true,
 			},

internal/pkg/core/deployer/deployer.go

@@ -20,7 +20,7 @@ type Deployer interface {
 	// 出参：
 	//   - res：部署结果。
 	//   - err: 错误。
-	Deploy(ctx context.Context, certPEM string, privkeyPEM string) (res *DeployResult, err error)
+	Deploy(ctx context.Context, certPEM string, privkeyPEM string) (_res *DeployResult, _err error)
 }
 
 // 表示证书部署结果的数据结构。

internal/pkg/core/deployer/providers/1panel-console/1panel_console.go

@@ -53,7 +53,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/1panel-site/1panel_site.go

@@ -74,7 +74,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/aliyun-alb/aliyun_alb.go

@@ -25,6 +25,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
+	// 阿里云资源组 ID。
+	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 阿里云地域。
 	Region string `json:"region"`
 	// 部署资源类型。
@@ -64,7 +66,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 		return nil, fmt.Errorf("failed to create sdk clients: %w", err)
 	}
 
-	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.Region)
+	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.ResourceGroupId, config.Region)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create ssl uploader: %w", err)
 	}
@@ -79,7 +81,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}
@@ -423,7 +425,7 @@ func createSdkClients(accessKeyId, accessKeySecret, region string) (*wSdkClients
 	// 接入点一览 https://api.aliyun.com/product/Alb
 	var albEndpoint string
 	switch region {
-	case "cn-hangzhou-finance":
+	case "", "cn-hangzhou-finance":
 		albEndpoint = "alb.cn-hangzhou.aliyuncs.com"
 	default:
 		albEndpoint = fmt.Sprintf("alb.%s.aliyuncs.com", region)
@@ -463,7 +465,7 @@ func createSdkClients(accessKeyId, accessKeySecret, region string) (*wSdkClients
 	}, nil
 }
 
-func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Uploader, error) {
+func createSslUploader(accessKeyId, accessKeySecret, resourceGroupId, region string) (uploader.Uploader, error) {
 	casRegion := region
 	if casRegion != "" {
 		// 阿里云 CAS 服务接入点是独立于 ALB 服务的
@@ -479,6 +481,7 @@ func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Up
 	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
 		AccessKeyId:     accessKeyId,
 		AccessKeySecret: accessKeySecret,
+		ResourceGroupId: resourceGroupId,
 		Region:          casRegion,
 	})
 	return uploader, err

internal/pkg/core/deployer/providers/aliyun-apigw/aliyun_apigw.go

@@ -16,6 +16,7 @@ import (
 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
 	uploadersp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/aliyun-cas"
+	typeutil "github.com/usual2970/certimate/internal/pkg/utils/type"
 )
 
 type DeployerConfig struct {
@@ -23,6 +24,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
+	// 阿里云资源组 ID。
+	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 阿里云地域。
 	Region string `json:"region"`
 	// 服务类型。
@@ -61,7 +64,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 		return nil, fmt.Errorf("failed to create sdk clients: %w", err)
 	}
 
-	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.Region)
+	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.ResourceGroupId, config.Region)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create ssl uploader: %w", err)
 	}
@@ -76,7 +79,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}
@@ -149,10 +152,11 @@ func (d *DeployerProvider) deployToCloudNative(ctx context.Context, certPEM stri
 		}
 
 		listDomainsReq := &aliapig.ListDomainsRequest{
-			GatewayId:  tea.String(d.config.GatewayId),
+			ResourceGroupId: typeutil.ToPtrOrZeroNil(d.config.ResourceGroupId),
-			NameLike:   tea.String(d.config.Domain),
+			GatewayId:       tea.String(d.config.GatewayId),
-			PageNumber: tea.Int32(listDomainsPageNumber),
+			NameLike:        tea.String(d.config.Domain),
-			PageSize:   tea.Int32(listDomainsPageSize),
+			PageNumber:      tea.Int32(listDomainsPageNumber),
+			PageSize:        tea.Int32(listDomainsPageSize),
 		}
 		listDomainsResp, err := d.sdkClients.CloudNativeAPIGateway.ListDomains(listDomainsReq)
 		d.logger.Debug("sdk request 'apig.ListDomains'", slog.Any("request", listDomainsReq), slog.Any("response", listDomainsResp))
@@ -223,7 +227,7 @@ func (d *DeployerProvider) deployToCloudNative(ctx context.Context, certPEM stri
 
 func createSdkClients(accessKeyId, accessKeySecret, region string) (*wSdkClients, error) {
 	// 接入点一览 https://api.aliyun.com/product/APIG
-	cloudNativeAPIGEndpoint := fmt.Sprintf("apig.%s.aliyuncs.com", region)
+	cloudNativeAPIGEndpoint := strings.ReplaceAll(fmt.Sprintf("apig.%s.aliyuncs.com", region), "..", ".")
 	cloudNativeAPIGConfig := &aliopen.Config{
 		AccessKeyId:     tea.String(accessKeyId),
 		AccessKeySecret: tea.String(accessKeySecret),
@@ -235,7 +239,7 @@ func createSdkClients(accessKeyId, accessKeySecret, region string) (*wSdkClients
 	}
 
 	// 接入点一览 https://api.aliyun.com/product/CloudAPI
-	traditionalAPIGEndpoint := fmt.Sprintf("apigateway.%s.aliyuncs.com", region)
+	traditionalAPIGEndpoint := strings.ReplaceAll(fmt.Sprintf("apigateway.%s.aliyuncs.com", region), "..", ".")
 	traditionalAPIGConfig := &aliopen.Config{
 		AccessKeyId:     tea.String(accessKeyId),
 		AccessKeySecret: tea.String(accessKeySecret),
@@ -252,7 +256,7 @@ func createSdkClients(accessKeyId, accessKeySecret, region string) (*wSdkClients
 	}, nil
 }
 
-func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Uploader, error) {
+func createSslUploader(accessKeyId, accessKeySecret, resourceGroupId, region string) (uploader.Uploader, error) {
 	casRegion := region
 	if casRegion != "" {
 		// 阿里云 CAS 服务接入点是独立于 APIGateway 服务的
@@ -268,6 +272,7 @@ func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Up
 	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
 		AccessKeyId:     accessKeyId,
 		AccessKeySecret: accessKeySecret,
+		ResourceGroupId: resourceGroupId,
 		Region:          casRegion,
 	})
 	return uploader, err

internal/pkg/core/deployer/providers/aliyun-cas-deploy/aliyun_cas_deploy.go

@@ -22,12 +22,14 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
+	// 阿里云资源组 ID。
+	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 阿里云地域。
 	Region string `json:"region"`
 	// 阿里云云产品资源 ID 数组。
 	ResourceIds []string `json:"resourceIds"`
 	// 阿里云云联系人 ID 数组。
-	// 零值时默认使用账号下第一个联系人。
+	// 零值时使用账号下第一个联系人。
 	ContactIds []string `json:"contactIds"`
 }
 
@@ -50,11 +52,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 		return nil, fmt.Errorf("failed to create sdk client: %w", err)
 	}
 
-	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
+	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.ResourceGroupId, config.Region)
-		AccessKeyId:     config.AccessKeyId,
-		AccessKeySecret: config.AccessKeySecret,
-		Region:          config.Region,
-	})
 	if err != nil {
 		return nil, fmt.Errorf("failed to create ssl uploader: %w", err)
 	}
@@ -69,7 +67,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}
@@ -94,9 +92,10 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 	if len(contactIds) == 0 {
 		// 获取联系人列表
 		// REF: https://help.aliyun.com/zh/ssl-certificate/developer-reference/api-cas-2020-04-07-listcontact
-		listContactReq := &alicas.ListContactRequest{}
+		listContactReq := &alicas.ListContactRequest{
-		listContactReq.ShowSize = tea.Int32(1)
+			ShowSize:    tea.Int32(1),
-		listContactReq.CurrentPage = tea.Int32(1)
+			CurrentPage: tea.Int32(1),
+		}
 		listContactResp, err := d.sdkClient.ListContact(listContactReq)
 		d.logger.Debug("sdk request 'cas.ListContact'", slog.Any("request", listContactReq), slog.Any("response", listContactResp))
 		if err != nil {
@@ -157,14 +156,10 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 }
 
 func createSdkClient(accessKeyId, accessKeySecret, region string) (*alicas.Client, error) {
-	if region == "" {
-		region = "cn-hangzhou" // CAS 服务默认区域：华东一杭州
-	}
-
 	// 接入点一览 https://api.aliyun.com/product/cas
 	var endpoint string
 	switch region {
-	case "cn-hangzhou":
+	case "", "cn-hangzhou":
 		endpoint = "cas.aliyuncs.com"
 	default:
 		endpoint = fmt.Sprintf("cas.%s.aliyuncs.com", region)
@@ -183,3 +178,25 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*alicas.Clien
 
 	return client, nil
 }
+
+func createSslUploader(accessKeyId, accessKeySecret, resourceGroupId, region string) (uploader.Uploader, error) {
+	casRegion := region
+	if casRegion != "" {
+		// 阿里云 CAS 服务接入点是独立于其他服务的
+		// 国内版固定接入点：华东一杭州
+		// 国际版固定接入点：亚太东南一新加坡
+		if !strings.HasPrefix(casRegion, "cn-") {
+			casRegion = "ap-southeast-1"
+		} else {
+			casRegion = "cn-hangzhou"
+		}
+	}
+
+	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
+		AccessKeyId:     accessKeyId,
+		AccessKeySecret: accessKeySecret,
+		ResourceGroupId: resourceGroupId,
+		Region:          casRegion,
+	})
+	return uploader, err
+}

internal/pkg/core/deployer/providers/aliyun-cas/aliyun_cas.go

@@ -15,6 +15,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
+	// 阿里云资源组 ID。
+	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 阿里云地域。
 	Region string `json:"region"`
 }
@@ -35,6 +37,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
 		AccessKeyId:     config.AccessKeyId,
 		AccessKeySecret: config.AccessKeySecret,
+		ResourceGroupId: config.ResourceGroupId,
 		Region:          config.Region,
 	})
 	if err != nil {
@@ -50,7 +53,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/aliyun-cdn/aliyun_cdn.go

@@ -19,6 +19,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
+	// 阿里云资源组 ID。
+	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 加速域名（支持泛域名）。
 	Domain string `json:"domain"`
 }
@@ -50,7 +52,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/aliyun-clb/aliyun_clb.go

@@ -20,6 +20,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
+	// 阿里云资源组 ID。
+	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 阿里云地域。
 	Region string `json:"region"`
 	// 部署资源类型。
@@ -54,7 +56,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 		return nil, fmt.Errorf("failed to create sdk client: %w", err)
 	}
 
-	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.Region)
+	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.ResourceGroupId, config.Region)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create ssl uploader: %w", err)
 	}
@@ -69,7 +71,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}
@@ -283,7 +285,7 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*alislb.Clien
 	// 接入点一览 https://api.aliyun.com/product/Slb
 	var endpoint string
 	switch region {
-	case
+	case "",
 		"cn-hangzhou",
 		"cn-hangzhou-finance",
 		"cn-shanghai-finance-1",
@@ -307,10 +309,11 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*alislb.Clien
 	return client, nil
 }
 
-func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Uploader, error) {
+func createSslUploader(accessKeyId, accessKeySecret, resourceGroupId, region string) (uploader.Uploader, error) {
 	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
 		AccessKeyId:     accessKeyId,
 		AccessKeySecret: accessKeySecret,
+		ResourceGroupId: resourceGroupId,
 		Region:          region,
 	})
 	return uploader, err

internal/pkg/core/deployer/providers/aliyun-dcdn/aliyun_dcdn.go

@@ -19,6 +19,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
+	// 阿里云资源组 ID。
+	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 加速域名（支持泛域名）。
 	Domain string `json:"domain"`
 }
@@ -50,7 +52,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/aliyun-ddos/aliyun_ddos.go

@@ -22,6 +22,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
+	// 阿里云资源组 ID。
+	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 阿里云地域。
 	Region string `json:"region"`
 	// 网站域名（支持泛域名）。
@@ -47,7 +49,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 		return nil, fmt.Errorf("failed to create sdk client: %w", err)
 	}
 
-	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.Region)
+	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.ResourceGroupId, config.Region)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create ssl uploader: %w", err)
 	}
@@ -62,7 +64,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}
@@ -104,7 +106,7 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliddos.Clie
 	config := &aliopen.Config{
 		AccessKeyId:     tea.String(accessKeyId),
 		AccessKeySecret: tea.String(accessKeySecret),
-		Endpoint:        tea.String(fmt.Sprintf("ddoscoo.%s.aliyuncs.com", region)),
+		Endpoint:        tea.String(strings.ReplaceAll(fmt.Sprintf("ddoscoo.%s.aliyuncs.com", region), "..", ".")),
 	}
 
 	client, err := aliddos.NewClient(config)
@@ -115,7 +117,7 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliddos.Clie
 	return client, nil
 }
 
-func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Uploader, error) {
+func createSslUploader(accessKeyId, accessKeySecret, resourceGroupId, region string) (uploader.Uploader, error) {
 	casRegion := region
 	if casRegion != "" {
 		// 阿里云 CAS 服务接入点是独立于 Anti-DDoS 服务的
@@ -131,6 +133,7 @@ func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Up
 	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
 		AccessKeyId:     accessKeyId,
 		AccessKeySecret: accessKeySecret,
+		ResourceGroupId: resourceGroupId,
 		Region:          casRegion,
 	})
 	return uploader, err

internal/pkg/core/deployer/providers/aliyun-esa/aliyun_esa.go

@@ -22,6 +22,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
+	// 阿里云资源组 ID。
+	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 阿里云地域。
 	Region string `json:"region"`
 	// 阿里云 ESA 站点 ID。
@@ -47,7 +49,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 		return nil, fmt.Errorf("failed to create sdk client: %w", err)
 	}
 
-	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.Region)
+	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.ResourceGroupId, config.Region)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create ssl uploader: %w", err)
 	}
@@ -62,7 +64,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}
@@ -105,7 +107,7 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliesa.Clien
 	config := &aliopen.Config{
 		AccessKeyId:     tea.String(accessKeyId),
 		AccessKeySecret: tea.String(accessKeySecret),
-		Endpoint:        tea.String(fmt.Sprintf("esa.%s.aliyuncs.com", region)),
+		Endpoint:        tea.String(strings.ReplaceAll(fmt.Sprintf("esa.%s.aliyuncs.com", region), "..", ".")),
 	}
 
 	client, err := aliesa.NewClient(config)
@@ -116,7 +118,7 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliesa.Clien
 	return client, nil
 }
 
-func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Uploader, error) {
+func createSslUploader(accessKeyId, accessKeySecret, resourceGroupId, region string) (uploader.Uploader, error) {
 	casRegion := region
 	if casRegion != "" {
 		// 阿里云 CAS 服务接入点是独立于 ESA 服务的
@@ -132,6 +134,7 @@ func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Up
 	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
 		AccessKeyId:     accessKeyId,
 		AccessKeySecret: accessKeySecret,
+		ResourceGroupId: resourceGroupId,
 		Region:          casRegion,
 	})
 	return uploader, err

internal/pkg/core/deployer/providers/aliyun-fc/aliyun_fc.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"log/slog"
+	"strings"
 	"time"
 
 	aliopen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
@@ -19,6 +20,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
+	// 阿里云资源组 ID。
+	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 阿里云地域。
 	Region string `json:"region"`
 	// 服务版本。
@@ -60,7 +63,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}
@@ -108,6 +111,9 @@ func (d *DeployerProvider) deployToFC3(ctx context.Context, certPEM string, priv
 			TlsConfig: getCustomDomainResp.Body.TlsConfig,
 		},
 	}
+	if tea.StringValue(updateCustomDomainReq.Body.Protocol) == "HTTP" {
+		updateCustomDomainReq.Body.Protocol = tea.String("HTTP,HTTPS")
+	}
 	updateCustomDomainResp, err := d.sdkClients.FC3.UpdateCustomDomain(tea.String(d.config.Domain), updateCustomDomainReq)
 	d.logger.Debug("sdk request 'fc.UpdateCustomDomain'", slog.Any("request", updateCustomDomainReq), slog.Any("response", updateCustomDomainResp))
 	if err != nil {
@@ -137,6 +143,9 @@ func (d *DeployerProvider) deployToFC2(ctx context.Context, certPEM string, priv
 		Protocol:  getCustomDomainResp.Body.Protocol,
 		TlsConfig: getCustomDomainResp.Body.TlsConfig,
 	}
+	if tea.StringValue(updateCustomDomainReq.Protocol) == "HTTP" {
+		updateCustomDomainReq.Protocol = tea.String("HTTP,HTTPS")
+	}
 	updateCustomDomainResp, err := d.sdkClients.FC2.UpdateCustomDomain(tea.String(d.config.Domain), updateCustomDomainReq)
 	d.logger.Debug("sdk request 'fc.UpdateCustomDomain'", slog.Any("request", updateCustomDomainReq), slog.Any("response", updateCustomDomainResp))
 	if err != nil {
@@ -150,6 +159,8 @@ func createSdkClients(accessKeyId, accessKeySecret, region string) (*wSdkClients
 	// 接入点一览 https://api.aliyun.com/product/FC-Open
 	var fc2Endpoint string
 	switch region {
+	case "":
+		fc2Endpoint = "fc.aliyuncs.com"
 	case "cn-hangzhou-finance":
 		fc2Endpoint = fmt.Sprintf("%s.fc.aliyuncs.com", region)
 	default:
@@ -167,7 +178,7 @@ func createSdkClients(accessKeyId, accessKeySecret, region string) (*wSdkClients
 	}
 
 	// 接入点一览 https://api.aliyun.com/product/FC-Open
-	fc3Endpoint := fmt.Sprintf("fcv3.%s.aliyuncs.com", region)
+	fc3Endpoint := strings.ReplaceAll(fmt.Sprintf("fcv3.%s.aliyuncs.com", region), "..", ".")
 	fc3Config := &aliopen.Config{
 		AccessKeyId:     tea.String(accessKeyId),
 		AccessKeySecret: tea.String(accessKeySecret),

internal/pkg/core/deployer/providers/aliyun-ga/aliyun_ga.go

@@ -22,6 +22,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
+	// 阿里云资源组 ID。
+	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 部署资源类型。
 	ResourceType ResourceType `json:"resourceType"`
 	// 全球加速实例 ID。
@@ -53,7 +55,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 		return nil, fmt.Errorf("failed to create sdk client: %w", err)
 	}
 
-	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret)
+	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.ResourceGroupId)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create ssl uploader: %w", err)
 	}
@@ -68,7 +70,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}
@@ -312,10 +314,11 @@ func createSdkClient(accessKeyId, accessKeySecret string) (*aliga.Client, error)
 	return client, nil
 }
 
-func createSslUploader(accessKeyId, accessKeySecret string) (uploader.Uploader, error) {
+func createSslUploader(accessKeyId, accessKeySecret, resourceGroupId string) (uploader.Uploader, error) {
 	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
 		AccessKeyId:     accessKeyId,
 		AccessKeySecret: accessKeySecret,
+		ResourceGroupId: resourceGroupId,
 		Region:          "cn-hangzhou",
 	})
 	return uploader, err

internal/pkg/core/deployer/providers/aliyun-live/aliyun_live.go

@@ -19,6 +19,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
+	// 阿里云资源组 ID。
+	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 阿里云地域。
 	Region string `json:"region"`
 	// 直播流域名（支持泛域名）。
@@ -52,7 +54,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}
@@ -86,7 +88,7 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*alilive.Clie
 	// 接入点一览 https://api.aliyun.com/product/live
 	var endpoint string
 	switch region {
-	case
+	case "",
 		"cn-qingdao",
 		"cn-beijing",
 		"cn-shanghai",

internal/pkg/core/deployer/providers/aliyun-nlb/aliyun_nlb.go

@@ -21,6 +21,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
+	// 阿里云资源组 ID。
+	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 阿里云地域。
 	Region string `json:"region"`
 	// 部署资源类型。
@@ -52,7 +54,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 		return nil, fmt.Errorf("failed to create sdk client: %w", err)
 	}
 
-	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.Region)
+	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.ResourceGroupId, config.Region)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create ssl uploader: %w", err)
 	}
@@ -67,7 +69,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}
@@ -224,12 +226,7 @@ func (d *DeployerProvider) updateListenerCertificate(ctx context.Context, cloudL
 
 func createSdkClient(accessKeyId, accessKeySecret, region string) (*alinlb.Client, error) {
 	// 接入点一览 https://api.aliyun.com/product/Nlb
-	var endpoint string
+	endpoint := strings.ReplaceAll(fmt.Sprintf("nlb.%s.aliyuncs.com", region), "..", ".")
-	switch region {
-	default:
-		endpoint = fmt.Sprintf("nlb.%s.aliyuncs.com", region)
-	}
-
 	config := &aliopen.Config{
 		AccessKeyId:     tea.String(accessKeyId),
 		AccessKeySecret: tea.String(accessKeySecret),
@@ -244,7 +241,7 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*alinlb.Clien
 	return client, nil
 }
 
-func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Uploader, error) {
+func createSslUploader(accessKeyId, accessKeySecret, resourceGroupId, region string) (uploader.Uploader, error) {
 	casRegion := region
 	if casRegion != "" {
 		// 阿里云 CAS 服务接入点是独立于 NLB 服务的
@@ -260,6 +257,7 @@ func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Up
 	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
 		AccessKeyId:     accessKeyId,
 		AccessKeySecret: accessKeySecret,
+		ResourceGroupId: resourceGroupId,
 		Region:          casRegion,
 	})
 	return uploader, err

internal/pkg/core/deployer/providers/aliyun-oss/aliyun_oss.go

@@ -16,6 +16,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
+	// 阿里云资源组 ID。
+	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 阿里云地域。
 	Region string `json:"region"`
 	// 存储桶名。
@@ -51,7 +53,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/aliyun-vod/aliyun_vod.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"log/slog"
+	"strings"
 	"time"
 
 	aliopen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
@@ -18,6 +19,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
+	// 阿里云资源组 ID。
+	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 阿里云地域。
 	Region string `json:"region"`
 	// 点播加速域名（不支持泛域名）。
@@ -51,7 +54,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}
@@ -80,8 +83,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 
 func createSdkClient(accessKeyId, accessKeySecret, region string) (*alivod.Client, error) {
 	// 接入点一览 https://api.aliyun.com/product/vod
-	endpoint := fmt.Sprintf("vod.%s.aliyuncs.com", region)
+	endpoint := strings.ReplaceAll(fmt.Sprintf("vod.%s.aliyuncs.com", region), "..", ".")
-
 	config := &aliopen.Config{
 		AccessKeyId:     tea.String(accessKeyId),
 		AccessKeySecret: tea.String(accessKeySecret),

internal/pkg/core/deployer/providers/aliyun-waf/aliyun_waf.go

@@ -15,6 +15,7 @@ import (
 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
 	uploadersp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/aliyun-cas"
 	sliceutil "github.com/usual2970/certimate/internal/pkg/utils/slice"
+	typeutil "github.com/usual2970/certimate/internal/pkg/utils/type"
 )
 
 type DeployerConfig struct {
@@ -22,6 +23,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 阿里云 AccessKeySecret。
 	AccessKeySecret string `json:"accessKeySecret"`
+	// 阿里云资源组 ID。
+	ResourceGroupId string `json:"resourceGroupId,omitempty"`
 	// 阿里云地域。
 	Region string `json:"region"`
 	// 服务版本。
@@ -51,7 +54,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 		return nil, fmt.Errorf("failed to create sdk client: %w", err)
 	}
 
-	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.Region)
+	uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.ResourceGroupId, config.Region)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create ssl uploader: %w", err)
 	}
@@ -66,7 +69,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}
@@ -107,8 +110,9 @@ func (d *DeployerProvider) deployToWAF3(ctx context.Context, certPEM string, pri
 		// 查询默认 SSL/TLS 设置
 		// REF: https://help.aliyun.com/zh/waf/web-application-firewall-3-0/developer-reference/api-waf-openapi-2021-10-01-describedefaulthttps
 		describeDefaultHttpsReq := &aliwaf.DescribeDefaultHttpsRequest{
-			InstanceId: tea.String(d.config.InstanceId),
+			ResourceManagerResourceGroupId: typeutil.ToPtrOrZeroNil(d.config.ResourceGroupId),
-			RegionId:   tea.String(d.config.Region),
+			InstanceId:                     tea.String(d.config.InstanceId),
+			RegionId:                       tea.String(d.config.Region),
 		}
 		describeDefaultHttpsResp, err := d.sdkClient.DescribeDefaultHttps(describeDefaultHttpsReq)
 		d.logger.Debug("sdk request 'waf.DescribeDefaultHttps'", slog.Any("request", describeDefaultHttpsReq), slog.Any("response", describeDefaultHttpsResp))
@@ -119,11 +123,12 @@ func (d *DeployerProvider) deployToWAF3(ctx context.Context, certPEM string, pri
 		// 修改默认 SSL/TLS 设置
 		// REF: https://help.aliyun.com/zh/waf/web-application-firewall-3-0/developer-reference/api-waf-openapi-2021-10-01-modifydefaulthttps
 		modifyDefaultHttpsReq := &aliwaf.ModifyDefaultHttpsRequest{
-			InstanceId:  tea.String(d.config.InstanceId),
+			ResourceManagerResourceGroupId: typeutil.ToPtrOrZeroNil(d.config.ResourceGroupId),
-			RegionId:    tea.String(d.config.Region),
+			InstanceId:                     tea.String(d.config.InstanceId),
-			CertId:      tea.String(upres.CertId),
+			RegionId:                       tea.String(d.config.Region),
-			TLSVersion:  tea.String("tlsv1"),
+			CertId:                         tea.String(upres.CertId),
-			EnableTLSv3: tea.Bool(false),
+			TLSVersion:                     tea.String("tlsv1"),
+			EnableTLSv3:                    tea.Bool(false),
 		}
 		if describeDefaultHttpsResp.Body != nil && describeDefaultHttpsResp.Body.DefaultHttps != nil {
 			modifyDefaultHttpsReq.TLSVersion = describeDefaultHttpsResp.Body.DefaultHttps.TLSVersion
@@ -172,10 +177,11 @@ func (d *DeployerProvider) deployToWAF3(ctx context.Context, certPEM string, pri
 
 func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliwaf.Client, error) {
 	// 接入点一览：https://api.aliyun.com/product/waf-openapi
+	endpoint := strings.ReplaceAll(fmt.Sprintf("wafopenapi.%s.aliyuncs.com", region), "..", ".")
 	config := &aliopen.Config{
 		AccessKeyId:     tea.String(accessKeyId),
 		AccessKeySecret: tea.String(accessKeySecret),
-		Endpoint:        tea.String(fmt.Sprintf("wafopenapi.%s.aliyuncs.com", region)),
+		Endpoint:        tea.String(endpoint),
 	}
 
 	client, err := aliwaf.NewClient(config)
@@ -186,7 +192,7 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliwaf.Clien
 	return client, nil
 }
 
-func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Uploader, error) {
+func createSslUploader(accessKeyId, accessKeySecret, resourceGroupId, region string) (uploader.Uploader, error) {
 	casRegion := region
 	if casRegion != "" {
 		// 阿里云 CAS 服务接入点是独立于 WAF 服务的
@@ -202,6 +208,7 @@ func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Up
 	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
 		AccessKeyId:     accessKeyId,
 		AccessKeySecret: accessKeySecret,
+		ResourceGroupId: resourceGroupId,
 		Region:          casRegion,
 	})
 	return uploader, err

internal/pkg/core/deployer/providers/aws-acm/aws_acm.go

@@ -66,7 +66,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/aws-cloudfront/aws_cloudfront.go

@@ -66,7 +66,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/azure-keyvault/azure_keyvault.go

@@ -76,7 +76,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/baiducloud-appblb/baiducloud_appblb.go

@@ -74,7 +74,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/baiducloud-blb/baiducloud_blb.go

@@ -74,7 +74,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/baiducloud-cdn/baiducloud_cdn.go

@@ -48,7 +48,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/baiducloud-cert/baiducloud_cert.go

@@ -47,7 +47,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/baishan-cdn/baishan_cdn.go

@@ -51,7 +51,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/baotapanel-console/baotapanel_console.go

@@ -50,7 +50,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/baotapanel-site/baotapanel_site.go

@@ -55,7 +55,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/baotawaf-console/baotawaf_console.go

@@ -48,7 +48,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/baotawaf-site/baotawaf_site.go

@@ -23,7 +23,7 @@ type DeployerConfig struct {
 	// 网站名称。
 	SiteName string `json:"siteName"`
 	// 网站 SSL 端口。
-	// 零值时默认为 443。
+	// 零值时默认值 443。
 	SitePort int32 `json:"sitePort,omitempty"`
 }
 
@@ -54,7 +54,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}
@@ -116,7 +116,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 		SiteId: siteId,
 		Type:   typeutil.ToPtr("openCert"),
 		Server: &btsdk.SiteServerInfo{
-			ListenSSLPort: typeutil.ToPtr(d.config.SitePort),
+			ListenSSLPorts: typeutil.ToPtr([]int32{d.config.SitePort}),
 			SSL: &btsdk.SiteServerSSLInfo{
 				IsSSL:      typeutil.ToPtr(int32(1)),
 				FullChain:  typeutil.ToPtr(certPEM),

internal/pkg/core/deployer/providers/baotawaf-site/baotawaf_site_test.go

@@ -39,7 +39,7 @@ Shell command to run this test:
 	--CERTIMATE_DEPLOYER_BAOTAWAFSITE_INPUTKEYPATH="/path/to/your-input-key.pem" \
 	--CERTIMATE_DEPLOYER_BAOTAWAFSITE_SERVERURL="http://127.0.0.1:8888" \
 	--CERTIMATE_DEPLOYER_BAOTAWAFSITE_APIKEY="your-api-key" \
-	--CERTIMATE_DEPLOYER_BAOTAWAFSITE_SITENAME="your-site-name"\
+	--CERTIMATE_DEPLOYER_BAOTAWAFSITE_SITENAME="your-site-name" \
 	--CERTIMATE_DEPLOYER_BAOTAWAFSITE_SITEPORT=443
 */
 func TestDeploy(t *testing.T) {

internal/pkg/core/deployer/providers/bunny-cdn/bunny_cdn.go

@@ -41,7 +41,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/byteplus-cdn/byteplus_cdn.go

@@ -59,7 +59,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/cachefly/cachefly.go

@@ -42,7 +42,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/cdnfly/cdnfly.go

@@ -60,7 +60,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/dogecloud-cdn/dogecloud_cdn.go

@@ -55,7 +55,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/edgio-applications/edgio_applications.go

@@ -48,7 +48,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/flexcdn/flexcdn.go

@@ -61,7 +61,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/gcore-cdn/gcore_cdn.go

@@ -69,7 +69,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/goedge/goedge.go

@@ -61,7 +61,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/huaweicloud-cdn/huaweicloud_cdn.go

@@ -21,6 +21,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 华为云 SecretAccessKey。
 	SecretAccessKey string `json:"secretAccessKey"`
+	// 华为云企业项目 ID。
+	EnterpriseProjectId string `json:"enterpriseProjectId,omitempty"`
 	// 华为云区域。
 	Region string `json:"region"`
 	// 加速域名（不支持泛域名）。
@@ -51,8 +53,9 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 	}
 
 	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
-		AccessKeyId:     config.AccessKeyId,
+		AccessKeyId:         config.AccessKeyId,
-		SecretAccessKey: config.SecretAccessKey,
+		SecretAccessKey:     config.SecretAccessKey,
+		EnterpriseProjectId: config.EnterpriseProjectId,
 	})
 	if err != nil {
 		return nil, fmt.Errorf("failed to create ssl uploader: %w", err)
@@ -68,7 +71,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}
@@ -88,7 +91,8 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 	// 查询加速域名配置
 	// REF: https://support.huaweicloud.com/api-cdn/ShowDomainFullConfig.html
 	showDomainFullConfigReq := &hccdnmodel.ShowDomainFullConfigRequest{
-		DomainName: d.config.Domain,
+		EnterpriseProjectId: typeutil.ToPtrOrZeroNil(d.config.EnterpriseProjectId),
+		DomainName:          d.config.Domain,
 	}
 	showDomainFullConfigResp, err := d.sdkClient.ShowDomainFullConfig(showDomainFullConfigReq)
 	d.logger.Debug("sdk request 'cdn.ShowDomainFullConfig'", slog.Any("request", showDomainFullConfigReq), slog.Any("response", showDomainFullConfigResp))
@@ -107,6 +111,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 	updateDomainMultiCertificatesReqBodyContent.CertName = typeutil.ToPtr(upres.CertName)
 	updateDomainMultiCertificatesReqBodyContent = assign(updateDomainMultiCertificatesReqBodyContent, showDomainFullConfigResp.Configs)
 	updateDomainMultiCertificatesReq := &hccdnmodel.UpdateDomainMultiCertificatesRequest{
+		EnterpriseProjectId: typeutil.ToPtrOrZeroNil(d.config.EnterpriseProjectId),
 		Body: &hccdnmodel.UpdateDomainMultiCertificatesRequestBody{
 			Https: updateDomainMultiCertificatesReqBodyContent,
 		},

internal/pkg/core/deployer/providers/huaweicloud-elb/huaweicloud_elb.go

@@ -27,6 +27,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 华为云 SecretAccessKey。
 	SecretAccessKey string `json:"secretAccessKey"`
+	// 华为云企业项目 ID。
+	EnterpriseProjectId string `json:"enterpriseProjectId,omitempty"`
 	// 华为云区域。
 	Region string `json:"region"`
 	// 部署资源类型。
@@ -62,9 +64,10 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 	}
 
 	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
-		AccessKeyId:     config.AccessKeyId,
+		AccessKeyId:         config.AccessKeyId,
-		SecretAccessKey: config.SecretAccessKey,
+		SecretAccessKey:     config.SecretAccessKey,
-		Region:          config.Region,
+		EnterpriseProjectId: config.EnterpriseProjectId,
+		Region:              config.Region,
 	})
 	if err != nil {
 		return nil, fmt.Errorf("failed to create ssl uploader: %w", err)
@@ -80,7 +83,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}
@@ -172,6 +175,9 @@ func (d *DeployerProvider) deployToLoadbalancer(ctx context.Context, certPEM str
 			Protocol:       &[]string{"HTTPS", "TERMINATED_HTTPS"},
 			LoadbalancerId: &[]string{showLoadBalancerResp.Loadbalancer.Id},
 		}
+		if d.config.EnterpriseProjectId != "" {
+			listListenersReq.EnterpriseProjectId = typeutil.ToPtr([]string{d.config.EnterpriseProjectId})
+		}
 		listListenersResp, err := d.sdkClient.ListListeners(listListenersReq)
 		d.logger.Debug("sdk request 'elb.ListListeners'", slog.Any("request", listListenersReq), slog.Any("response", listListenersResp))
 		if err != nil {

internal/pkg/core/deployer/providers/huaweicloud-scm/huaweicloud_scm.go

@@ -15,6 +15,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 华为云 SecretAccessKey。
 	SecretAccessKey string `json:"secretAccessKey"`
+	// 华为云企业项目 ID。
+	EnterpriseProjectId string `json:"enterpriseProjectId,omitempty"`
 }
 
 type DeployerProvider struct {
@@ -31,8 +33,9 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 	}
 
 	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
-		AccessKeyId:     config.AccessKeyId,
+		AccessKeyId:         config.AccessKeyId,
-		SecretAccessKey: config.SecretAccessKey,
+		SecretAccessKey:     config.SecretAccessKey,
+		EnterpriseProjectId: config.EnterpriseProjectId,
 	})
 	if err != nil {
 		return nil, fmt.Errorf("failed to create ssl uploader: %w", err)
@@ -47,7 +50,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/huaweicloud-waf/huaweicloud_waf.go

@@ -27,6 +27,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 华为云 SecretAccessKey。
 	SecretAccessKey string `json:"secretAccessKey"`
+	// 华为云企业项目 ID。
+	EnterpriseProjectId string `json:"enterpriseProjectId,omitempty"`
 	// 华为云区域。
 	Region string `json:"region"`
 	// 部署资源类型。
@@ -59,9 +61,10 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 	}
 
 	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
-		AccessKeyId:     config.AccessKeyId,
+		AccessKeyId:         config.AccessKeyId,
-		SecretAccessKey: config.SecretAccessKey,
+		SecretAccessKey:     config.SecretAccessKey,
-		Region:          config.Region,
+		EnterpriseProjectId: config.EnterpriseProjectId,
+		Region:              config.Region,
 	})
 	if err != nil {
 		return nil, fmt.Errorf("failed to create ssl uploader: %w", err)
@@ -77,7 +80,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}
@@ -126,7 +129,8 @@ func (d *DeployerProvider) deployToCertificate(ctx context.Context, certPEM stri
 	// 查询证书
 	// REF: https://support.huaweicloud.com/api-waf/ShowCertificate.html
 	showCertificateReq := &hcwafmodel.ShowCertificateRequest{
-		CertificateId: d.config.CertificateId,
+		EnterpriseProjectId: typeutil.ToPtrOrZeroNil(d.config.EnterpriseProjectId),
+		CertificateId:       d.config.CertificateId,
 	}
 	showCertificateResp, err := d.sdkClient.ShowCertificate(showCertificateReq)
 	d.logger.Debug("sdk request 'waf.ShowCertificate'", slog.Any("request", showCertificateReq), slog.Any("response", showCertificateResp))
@@ -137,7 +141,8 @@ func (d *DeployerProvider) deployToCertificate(ctx context.Context, certPEM stri
 	// 更新证书
 	// REF: https://support.huaweicloud.com/api-waf/UpdateCertificate.html
 	updateCertificateReq := &hcwafmodel.UpdateCertificateRequest{
-		CertificateId: d.config.CertificateId,
+		EnterpriseProjectId: typeutil.ToPtrOrZeroNil(d.config.EnterpriseProjectId),
+		CertificateId:       d.config.CertificateId,
 		Body: &hcwafmodel.UpdateCertificateRequestBody{
 			Name:    *showCertificateResp.Name,
 			Content: typeutil.ToPtr(certPEM),
@@ -179,9 +184,10 @@ func (d *DeployerProvider) deployToCloudServer(ctx context.Context, certPEM stri
 		}
 
 		listHostReq := &hcwafmodel.ListHostRequest{
-			Hostname: typeutil.ToPtr(strings.TrimPrefix(d.config.Domain, "*")),
+			EnterpriseProjectId: typeutil.ToPtrOrZeroNil(d.config.EnterpriseProjectId),
-			Page:     typeutil.ToPtr(listHostPage),
+			Hostname:            typeutil.ToPtr(strings.TrimPrefix(d.config.Domain, "*")),
-			Pagesize: typeutil.ToPtr(listHostPageSize),
+			Page:                typeutil.ToPtr(listHostPage),
+			Pagesize:            typeutil.ToPtr(listHostPageSize),
 		}
 		listHostResp, err := d.sdkClient.ListHost(listHostReq)
 		d.logger.Debug("sdk request 'waf.ListHost'", slog.Any("request", listHostReq), slog.Any("response", listHostResp))
@@ -211,7 +217,8 @@ func (d *DeployerProvider) deployToCloudServer(ctx context.Context, certPEM stri
 	// 更新云模式防护域名的配置
 	// REF: https://support.huaweicloud.com/api-waf/UpdateHost.html
 	updateHostReq := &hcwafmodel.UpdateHostRequest{
-		InstanceId: hostId,
+		EnterpriseProjectId: typeutil.ToPtrOrZeroNil(d.config.EnterpriseProjectId),
+		InstanceId:          hostId,
 		Body: &hcwafmodel.UpdateHostRequestBody{
 			Certificateid:   typeutil.ToPtr(upres.CertId),
 			Certificatename: typeutil.ToPtr(upres.CertName),
@@ -252,9 +259,10 @@ func (d *DeployerProvider) deployToPremiumHost(ctx context.Context, certPEM stri
 		}
 
 		listPremiumHostReq := &hcwafmodel.ListPremiumHostRequest{
-			Hostname: typeutil.ToPtr(strings.TrimPrefix(d.config.Domain, "*")),
+			EnterpriseProjectId: typeutil.ToPtrOrZeroNil(d.config.EnterpriseProjectId),
-			Page:     typeutil.ToPtr(fmt.Sprintf("%d", listPremiumHostPage)),
+			Hostname:            typeutil.ToPtr(strings.TrimPrefix(d.config.Domain, "*")),
-			Pagesize: typeutil.ToPtr(fmt.Sprintf("%d", listPremiumHostPageSize)),
+			Page:                typeutil.ToPtr(fmt.Sprintf("%d", listPremiumHostPage)),
+			Pagesize:            typeutil.ToPtr(fmt.Sprintf("%d", listPremiumHostPageSize)),
 		}
 		listPremiumHostResp, err := d.sdkClient.ListPremiumHost(listPremiumHostReq)
 		d.logger.Debug("sdk request 'waf.ListPremiumHost'", slog.Any("request", listPremiumHostReq), slog.Any("response", listPremiumHostResp))
@@ -284,7 +292,8 @@ func (d *DeployerProvider) deployToPremiumHost(ctx context.Context, certPEM stri
 	// 修改独享模式域名配置
 	// REF: https://support.huaweicloud.com/api-waf/UpdatePremiumHost.html
 	updatePremiumHostReq := &hcwafmodel.UpdatePremiumHostRequest{
-		HostId: hostId,
+		EnterpriseProjectId: typeutil.ToPtrOrZeroNil(d.config.EnterpriseProjectId),
+		HostId:              hostId,
 		Body: &hcwafmodel.UpdatePremiumHostRequestBody{
 			Certificateid:   typeutil.ToPtr(upres.CertId),
 			Certificatename: typeutil.ToPtr(upres.CertName),

internal/pkg/core/deployer/providers/jdcloud-alb/jdcloud_alb.go

@@ -76,7 +76,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/jdcloud-cdn/jdcloud_cdn.go

@@ -60,7 +60,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/jdcloud-live/jdcloud_live.go

@@ -48,7 +48,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/jdcloud-vod/jdcloud_vod.go

@@ -51,7 +51,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/k8s-secret/k8s_secret.go

@@ -52,7 +52,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/lecdn/lecdn.go

@@ -73,7 +73,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/local/local.go

@@ -15,7 +15,7 @@ import (
 
 type DeployerConfig struct {
 	// Shell 执行环境。
-	// 零值时默认根据操作系统决定。
+	// 零值时根据操作系统决定。
 	ShellEnv ShellEnvType `json:"shellEnv,omitempty"`
 	// 前置命令。
 	PreCommand string `json:"preCommand,omitempty"`
@@ -67,7 +67,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/netlify-site/netlify_site.go

@@ -45,7 +45,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/proxmoxve/proxmoxve.go

@@ -13,6 +13,7 @@ import (
 	"github.com/luthermonson/go-proxmox"
 
 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
+	httputil "github.com/usual2970/certimate/internal/pkg/utils/http"
 )
 
 type DeployerConfig struct {
@@ -57,7 +58,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}
@@ -101,15 +102,16 @@ func createSdkClient(serverUrl, apiToken, apiTokenSecret string, skipTlsVerify b
 	}
 
 	httpClient := &http.Client{
-		Transport: http.DefaultTransport,
+		Transport: httputil.NewDefaultTransport(),
 		Timeout:   http.DefaultClient.Timeout,
 	}
 	if skipTlsVerify {
-		httpClient.Transport = &http.Transport{
+		transport := httputil.NewDefaultTransport()
-			TLSClientConfig: &tls.Config{
+		if transport.TLSClientConfig == nil {
-				InsecureSkipVerify: true,
+			transport.TLSClientConfig = &tls.Config{}
-			},
 		}
+		transport.TLSClientConfig.InsecureSkipVerify = true
+		httpClient.Transport = transport
 	}
 	client := proxmox.NewClient(
 		strings.TrimRight(serverUrl, "/")+"/api2/json",

internal/pkg/core/deployer/providers/qiniu-cdn/qiniu_cdn.go

@@ -57,7 +57,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/qiniu-pili/qiniu_pili.go

@@ -57,7 +57,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/rainyun-rcdn/rainyun_rcdn.go

@@ -58,7 +58,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/ratpanel-console/ratpanel_console.go

@@ -50,7 +50,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/ratpanel-site/ratpanel_site.go

@@ -52,7 +52,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/safeline/safeline.go

@@ -53,7 +53,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/ssh/ssh.go

@@ -19,10 +19,10 @@ import (
 
 type JumpServerConfig struct {
 	// SSH 主机。
-	// 零值时默认为 "localhost"。
+	// 零值时默认值 "localhost"。
 	SshHost string `json:"sshHost,omitempty"`
 	// SSH 端口。
-	// 零值时默认为 22。
+	// 零值时默认值 22。
 	SshPort int32 `json:"sshPort,omitempty"`
 	// SSH 登录用户名。
 	SshUsername string `json:"sshUsername,omitempty"`
@@ -36,10 +36,10 @@ type JumpServerConfig struct {
 
 type DeployerConfig struct {
 	// SSH 主机。
-	// 零值时默认为 "localhost"。
+	// 零值时默认值 "localhost"。
 	SshHost string `json:"sshHost,omitempty"`
 	// SSH 端口。
-	// 零值时默认为 22。
+	// 零值时默认值 22。
 	SshPort int32 `json:"sshPort,omitempty"`
 	// SSH 登录用户名。
 	SshUsername string `json:"sshUsername,omitempty"`
@@ -103,7 +103,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/tencentcloud-cdn/tencentcloud_cdn.go

@@ -70,7 +70,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/tencentcloud-clb/tencentcloud_clb.go

@@ -79,7 +79,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/tencentcloud-cos/tencentcloud_cos.go

@@ -66,7 +66,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/tencentcloud-css/tencentcloud_css.go

@@ -60,7 +60,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/tencentcloud-ecdn/tencentcloud_ecdn.go

@@ -69,7 +69,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/tencentcloud-eo/tencentcloud_eo.go

@@ -69,7 +69,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/tencentcloud-scf/tencentcloud_scf.go

@@ -62,7 +62,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/tencentcloud-ssl-deploy/tencentcloud_ssl_deploy.go

@@ -66,7 +66,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/tencentcloud-ssl/tencentcloud_ssl.go

@@ -47,7 +47,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/tencentcloud-vod/tencentcloud_vod.go

@@ -62,7 +62,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/tencentcloud-waf/tencentcloud_waf.go

@@ -67,7 +67,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/ucloud-ucdn/ucloud_ucdn.go

@@ -65,7 +65,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/ucloud-us3/ucloud_us3.go

@@ -67,7 +67,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/unicloud-webhost/unicloud_webhost.go

@@ -52,7 +52,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/upyun-cdn/upyun_cdn.go

@@ -60,7 +60,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/volcengine-alb/volcengine_alb.go

@@ -74,7 +74,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/volcengine-cdn/volcengine_cdn.go

@@ -59,7 +59,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/volcengine-certcenter/volcengine_certcenter.go

@@ -50,7 +50,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/volcengine-clb/volcengine_clb.go

@@ -70,7 +70,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/volcengine-dcdn/volcengine_dcdn.go

@@ -64,7 +64,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/volcengine-imagex/volcengine_imagex.go

@@ -65,7 +65,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/volcengine-live/volcengine_live.go

@@ -60,7 +60,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/volcengine-tos/volcengine_tos.go

@@ -64,7 +64,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/wangsu-cdn/wangsu_cdn.go

@@ -59,7 +59,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro.go

@@ -68,7 +68,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/wangsu-certificate/wangsu_certificate.go

@@ -61,7 +61,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/deployer/providers/webhook/webhook.go

@@ -23,7 +23,7 @@ type DeployerConfig struct {
 	// Webhook 回调数据（application/json 或 application/x-www-form-urlencoded 格式）。
 	WebhookData string `json:"webhookData,omitempty"`
 	// 请求谓词。
-	// 零值时默认为 "POST"。
+	// 零值时默认值 "POST"。
 	Method string `json:"method,omitempty"`
 	// 请求标头。
 	Headers map[string]string `json:"headers,omitempty"`
@@ -61,7 +61,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 
 func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
 	if logger == nil {
-		d.logger = slog.Default()
+		d.logger = slog.New(slog.DiscardHandler)
 	} else {
 		d.logger = logger
 	}

internal/pkg/core/notifier/notifier.go

@@ -19,7 +19,7 @@ type Notifier interface {
 	// 出参：
 	//   - res：发送结果。
 	//   - err: 错误。
-	Notify(ctx context.Context, subject string, message string) (res *NotifyResult, err error)
+	Notify(ctx context.Context, subject string, message string) (_res *NotifyResult, _err error)
 }
 
 // 表示通知发送结果的数据结构。

internal/pkg/core/notifier/providers/bark/bark.go

@@ -12,7 +12,7 @@ import (
 
 type NotifierConfig struct {
 	// Bark 服务地址。
-	// 零值时默认使用官方服务器。
+	// 零值时使用官方服务器。
 	ServerUrl string `json:"serverUrl"`
 	// Bark 设备密钥。
 	DeviceKey string `json:"deviceKey"`
@@ -42,14 +42,14 @@ func NewNotifier(config *NotifierConfig) (*NotifierProvider, error) {
 
 func (n *NotifierProvider) WithLogger(logger *slog.Logger) notifier.Notifier {
 	if logger == nil {
-		n.logger = slog.Default()
+		n.logger = slog.New(slog.DiscardHandler)
 	} else {
 		n.logger = logger
 	}
 	return n
 }
 
-func (n *NotifierProvider) Notify(ctx context.Context, subject string, message string) (res *notifier.NotifyResult, err error) {
+func (n *NotifierProvider) Notify(ctx context.Context, subject string, message string) (*notifier.NotifyResult, error) {
 	const defaultServerURL = "https://api.day.app/"
 	serverUrl := defaultServerURL
 	if n.config.ServerUrl != "" {